people – Page 4 – Maverisk / Étoiles du Nord

3D of the nudging to simplest infosec behaviour

Before you’re put off by the title its complexity … [Oh. You clicked. Wave function collapsed long before; ed.] This post is about improving the People part of infosec. Beyond the mere ‘awareness’ that begets you … a couple of days’ attention, then slippage into muchlessofthesame.

Two roads away from the dead end you were in, open up:

Nudging. Which is about small, inobtrusive and non too brainwashing incentives and disincentives, rewarding and penalising the good and bad so that ‘users’/people choose to do right without having to rationalise through all sorts of intricate, overly (sic) complex lines of reason why some shimmy is better than another twist. Just gently guide, don’t Law and Forbid. [Edited to add: This post was drafted and schedules for release weeks ago, before that Nobel Laureate was awarded his medal for this very method…]
Secure simplest option. Like the great many traffic controls; no traffic lights but roundabouts – the former, can be run through at high speeds in the middle of the night (and other times); the latter, require slowdown or you’re thrown off the road. The secure solution being the obviously simplest – the simplest solution being the secure one. People will take the simple road in stead of the difficult one. Better make the simplest one the safest. Not require the user to jump all sorts of complex hoops for safe behaviour! Like password complexity rules: The more you make them ever more difficult, the harder it is for users to resist finding loopholes and escape vents like writing them up (which isn’t a bad solution per se, but …). And in the end, you’ll loose the arms’ race against skillful attackers anyway; at the point where their smartness is hardly less than benign users need to get into your systems, you’ll have to revert to some other way anyway (re: dead end roads).
Ah, I’m not one for counting all that simple…
Smart trickery. This of course being a perfect example … a 3D zebra (road-crossing). Many great, very-marketable other such solutions may exist, to your (image’s!) advantage.

Now that you’ve read the above, how would you change your infosec ‘controls’ throughout …? Like, filling out the last matrix of this, in a smart way and changed to general infosec …?
For an additional bonus, outline how you apply this to your GDPR-compliance efforts… And:
[Advertising the trust you can have in this Insurance co.; Madrid]

Top 2000++ of 2017 – before the herd

Because all sorts of hoi polloi pundits are out there, ‘polling’ (quod non, just repeating the meh mediocrity) for the Top 2000 of 2017 on the ray-the-ohw and elsewhere, herewith the real deal Top 2000.
Which of course isn’t; it’s the Top 2276 for one thing and Definitive is slightly understating it. If you hadn’t guessed, #14 is about me.
And yes, it is downloadable in plain Excel, for your own tinker and play, in this file; checked and clean (no subversive content).
Next, a few little notes (repeated from last year):

“That’s odd! The usual numbers 1 to 50 aren’t where they’re ‘supposed’ to be by common standards!” Correct. Because I‘m ‘Rekt. The list is mine; why put the Mehhh songs high up there? They’re in there somewhere, but its my list, my preferences..! yes I do like some almost-forgotten songs better, sometimes much, much better, than the expired old hands.
Especially.. see the notes, when the clip (much) enhances the song(s). Wouldn’t that mean the song in itself isn’t fully complete ..? No, it means in (since) the age of video, songs with clips (‘integrated’) can much surpass mere songs by themselves, for a cubed sensory experience.
There’s more than 2000 yes. Because, already after the first 500 or so, determining the relative rankings becomes awkward. Hence, the cut-off would be random …! (why not 2048, that would make more sense in this digital (i.e., binary) age). The result is quite random in the end, too, indeed; some of the last songs ‘should’ be up much higher…
If you would still have some (preferably wacky) songs you miss, please do comment them to me. I’ll see whether I’d want to include them still, or not. Hey, it’s my list so I decide, geddid?
The actual end result order is far from definitive (sic). It depends heavily on one’s momentary temper and the memories that spring to mind like Proustian madeleines. And on one’s ability to hear quality. Such is life.
When dabbling with the Excel file yourself, feel free to play around with the ranking mechanism. What worked for me, was to first split the songs into bins of about 250 size (designate some song to be in the first bin that will end up being ranks 1-250, another song to bin 5, which is around the 1000-1250 mark, etc.), then sizing down bin 1 etc. to 8 smaller bins. Then, numbers 1-50 get a personal treatment one by one to their end rank, the rest gets (got) a random allocation within their bracket. After this, sort and re-apply number 1-whatever. Through this, actual intermediate bin sizes aren’t too important.

Then, as a long, very long list. With a Moar tag otherwise it would be ridiculous… [i.e., for the complete list in the post, follow the link:]

1	Hustle	Vann McCoy	Yes, the original
2	Easy Livin’	Uriah Heep	To power it up
3	Heart Of Gold	Neil Young	Hits the heart
4	Hide and Seek	Howard Jones	Same, if you listen well
5	Peter Gunn	Emerson Lake & Palmer	Just for the intro alone
6	She	Elvis Costello	Personal nostaliga
7	White Room	Cream	Nicely powerful, doesn’t wear out too easily
8	74-’75 (+Video)	Connells	The video sublimates the message
9	Windowlicker (+Video)	Aphex Twins	Incomplete, as a work of art, without the video
10	Nice ‘n Slow	Jesse Green	Calm down again
11	One Of These Days	Pink Floyd	Hidden pearl
12	Smoke On The Water	Deep Purple	Of course
13	The Man With The Red Face (+Video)	Laurent Garnier	Incomplete, as a work of art, without the video
14	You’re So Vain	Carly Simon	I think this song is about me!
15	Dancing Barefoot	Patti Smith	Hidden treasure
16	Right Here Right Now	Fatboy Slim	Oft forgotten, defined an era
17	The Great Gig In The Sky	Pink Floyd	Appealing complexity
18	All I Need	Air	Mindfulness in musical form
19	Dream On	Aerosmith	Heartburn
20	You Got To Fight For Your Right to Party	Beastie Boys	Appealing. Simply that.

Continue reading “Top 2000++ of 2017 – before the herd”

The state of ad ML

A sad state it is, when WordPress continues to Always (there you go) capitalise Always (yup) automatically. There was some other words as well, that get capitalised like it’s a product ad. Except that I’m quite 100% male so have no business nor advertising value for the A product range…
Stop it! You annoy me. Which is bad, very bad.

Plus:
[The exact spot of origin of Oh Say Can You See … for no apparent reason. Hint: O!]

Losing your trade’s virginity

I‘m referring more to dull trades, like auditing, than what your first thoughts were about…
It seems hard for some people to get their heads around the still persisting problem with AI introduction into regular trades, that when deploying AI to take over the rote grunt work at the lower rungs (which is, by definition (?), all that’s just behind your heels) and leaving the more intricate, ‘difficult’ and ‘intelligent’ work like decision making and risk weighing to seasoned, experienced professionals (to which you belong of course), that there will be no more seasoned, experienced professionals since the seasoning and experience is in years and decades of the rote grunt work that no longer exists for humans.
The ‘difficult’ decisions will all the more speedily be taken over by exponentially self-improving-on-the-intelligence-parts AI, as humans fail ever more quickly at those tasks. The excuse that the lower rungs failed in providing proper intel, will not work; higher-up humans would need to get a grip on the lower stuff, and to be able to determine the effectiveness of what goes around there… again you’ll need the extensive experience, maybe even more…

[Don’t get me started on how current ‘leadership’ (those that fell upwards by lack of weight, not the real leaders) already fails comprehensively at the intelligence part…]

Quite a vicious circle. And:
[Museum of what lies ahead for humanity, in total surveillance states, and AI futures; Riga]

Self-driving my a..uto mode

What was it; that car company we’ll call ‘T’ as we don’t want their lawyers’ badgering, claimed the EULA on the self-driving of their cars required the auto-mode to only to be allowed when on reasonably straight roads in reasonably light traffic with full oversight always.

Apart from that being no driving fun whatsoever, and no help whatsoever in ‘normal’ (other) conditions, I have a question: Why use the system at all, then, when already I have cruise control and Mk.1 eyeballs for such circumstances and do nothing but steer lightly ..!? What improvement from ‘steer lightly’ to ‘not steer at all but always be ready and alert to’..? You’ll never be allowed to text while driving or binge-watch ‘flix while in traffic jams anyway. Is that worth all the trouble, hassle, and hype ..?

No it isn’t. It’s more like ‘cybercrime insurance’ (#ditchcyber) – when you apply all rules, you don’t need cover (and have none for the risks accepted or new in the first place) / don’t get any help from auto-mode; if you don’t, you lose all cover period

So, better get better auto-mode, without the circumstances-requirements and without the EULA extortions. Or, drop the whole idea and get on a bus.

Which may also beget auto-mode… ;-|

Oh, and:
[“Look mummy no hands!” would really take out all the fun…; Baltimore thank you sir for not jumping on the green light to enable me to take this pic]

Are you scared of perfectionism ..?

Not of but to.
This dawned on me, suddenly – as dawning of this better kind is unenforceable – a lot of people list ‘perfectionism’ as their default weakness-read-humblebragged-strongpoint. But it’s a weakness indeed because any such feeling will be rootcaused by insecurity, of the angst kind.
When taken forward, from the latter, one sees: Fear of the unknown, uncontrollable impact on the edges (first), will lead to overzealous focus on those edges, the rougher parts, to prevent even the tiniest deviation from the all-of-the-world’s-plan that totally deterministically was supposed to be followed to not introduce Uncertainty of any kind. No quantum collapse of the wave function allowed; no wave function allowed – that’s all heretical deviation from a supposed Plan from up high (where ?); der Herrgott würfelt nicht in the least! Quantum entanglement is that each and every quantum particle was predestined to be and behave / move as it does. No Uncertainty!

Or else … bad things may happen to you, e.g., your career.
You may get fired, for not perfectly achieving your Personal Year Plan. You may get fired anyway but that’s Bad, the devil’s work, or the shareholders’ (his rep’s..!) wish for slashing by the FTE numbers. To prevent this, just be perfect. Or, more practically, (say to, only!) strive for perfection. Bossed might want to believe then, that you’ll do your utmost and give your life, to make that happen. So bosses’ year plans are achieved. Or bosses, just to be sure, revert to the inhumane micro-management practices … so very common still today…

Let’s hope that proper risk management wins out in the end. If only since the more Chaos, the universe’s drive to entropy, is suppressed, the more gigantic will be the outburst of the Uncontrolled energy because it will burst out. Better to be able to control that through not letting the pressure build so high, by allowing steam to blow off in much more benign, possibly profitable, ways long before.

So, embrace entropy! Embrace balance ..! Just don’t be ‘perfectionist’ like everyone else and then be found out to be the very average sloppy that one reads so much too much of, even in trivial non-control of basic writing skills. If you write without care for proper spelling, etc., and don’t proofread, you’re waaay off to the wrong side of the balance ..!
Plus:
[Discuss, progress to the dialectic third way – which is NOT in the middle by definition; study Aristoteles on that..! Ottawa, BTW]

Spelling test compliancy

Where of course the post title in itself gives away the clue of this little Friday’s short post, which is: If you spell it as compliancY (with some rule or regulation), you failed the test. And you’ll be earmarked as n00b, however long you are in the industry already. Since you don’t seem to know that it’s actually ‘compliance’ with an ‘e’ only, nothing overcorrected.
Just because it hindered me again, last week, when I discussed matters with someone who had the silly idea that using an ‘y’ would impress, would seem to make their point hover at ‘GRC’ levels as if that’s not an emperor’s clothes exposé already. And it’s just incorrect language period

Whatev’, I’ll leave you with:
[Yeah, it’s a bit of an old skyline (pic) isn’t it ..? Toronto, ON for no apparent reason and the horizon isn’t even straightened yes I’m that picky]

New nav skills

Was reading this article about how some people (men, much, too) just can’t get their brains to ~~function normally~~ decently function in the navigation area. I.e., some just can’t ‘automatically’ find their way around familiar streets and areas of their home town/city, wrestle with maps (you know, the real deal, on paper, by definition: the easiest/best way to re-fold them is differently), and get lost.

Which is (not!) funny in its own right, as it is funny to laugh about people with less capabilities in other mental areas – not. Why do such people positively pride themselves, often, in their failures? Essay question for ten points, in 100 words or less: explain why that sollicits and causes the ridicule.

But here (sic; know where…), my question is: Does such variance in spatial capabilities translate to variance in navigational capabilities on-line..? And how would you measure that; how to a. translate spatial, Euclidian sense of direction and place to the virtual 0D world and b. measure it in the virtual world ..?

Awaiting your answers, I’ll surf to better turf and enjoy not be lost ..! Plus:

[Mock transparency; Barça]

No news is not good news

Anyone know why we haven’t heard too much about Bellingcat lately ..? You know, the so ultimately objective that all sides may have gripes against and uses for them and their analysis ..?
I wondered because there’s so much going on around the world where their analysis would give better insights – and there is all sorts of new stuff on their site – that it is surprising to see no news channels pick that up.

Or is the world so full of itself and of fake news that the masses are utterly numbed ..?

Plus:

[For a calm life, go here; Toronto]

AI Blue-on-Blue

We keep on hearing these great things about how AI will help us in the battle against no-gooders qua information security. Like, in hunting for bugs in software (as asked for here, borne out in various much more recent cases or rather, news items hinting at pilot prototype vapourware) or hunting for fraudsters, possibly hiding in plain sight (superrrintelligent anomaly detection; unsure how false positives / false negatives are handled…).
Where on the Other side, great strides are also feared to be made. Deploying AI to improve (better fuzzify) attack vectors, and help with improvements in evasion and intelligence gathering in various other ways.

Pitted against each other …
When you know what Blue On Blue stands for (first of this), you will now see it coming, inevitably. What if autonomous (for speed of response!) retaliation kicks in …?

Never mind. I’ll like the fireworks show. Plus:

[Yeah, yeah, ships are safe in harbour but that’s not what they’re made for – I’ll just enjoy this view from a truly excellent restaurant; Marzamemi Sicily]