This of course being the right message. If you can read it when I Send it you. And, for your viewing pleasure:
[Anonymous but blurry and far from privacy-complete, this physical cloud exchange…; NY Grand Central]
Tag: poignant
M, and A, and G, D, P and R
Now that you have finally got something going qua GDPR compliance – way short of what you’d want but still, at least something, better than the Nothing to which you were limited so far – there is a new twist to the requirements…
To be clear; by now you should at least have the requirements clear, and also possibly have some upsides lined up (if not, go shop with some vendor consultancy (and others); they’ll tell you about the benefits of data minimisation, the unstress of having your house on order, etc.). And have something going qua reconnaissance, though not armed recce or recattack.
But now, you may have to rethink. A bit. About what you’d have to have prepared when you land in M&A territory, or even in Chapter 7/11/13- (and 9-!) or any glocal receivership. Because … well, the idea sprang from this thing with de-anonymising data from sperm banks (in NL); until now most highly classified secrets (qua donorship). Turns out that not all clinics have the old data, still, because previously the secret was to be eternal hence best secured by throwing away the data.
But more seriously, not all clinincs exist anymore and there is no way to know where the data went, if anywhere.
And that’s where you organisation comes in. Not qua LoB but qua existence, now and in the future. Will you buy, take over, integrate some other org, or be on the receiving (uh…) end of the turmoil? You may want to make sure that the “GDPR” record of the other party is impeccable… Or end up with a mixed compliance bag which is equal to no compliance…
Possibly, you may have to prepare for some form of end-of-organisational-life where there is no body to take over your data and you might have to prepare for that ..?
Well, we’ll see what WG29 comes up with. At least, it will be additional stuff.
Plus:
[In a weird twist of interpretation, this complex of buildings could have housed a private bank of said kind…; Sevilla BTW]
Yup, called, confirmed
Always pleasant, to read one’s (almost…) correct, on off-off-Broadway analysis and postpredictions. Like this one, corroberated here, in a way.
Yes, I kno. I almost got that correct. Enough to confirm the line of reasoning, if you read it / both correctly, they turn out correct. I’ll stop now. And:
[Check, for Dutch ad viewers; Valencia]
Ten reasons quantum crypto will not
There may be more reasons that quantum crypto will not protect you against those evil villains out there, as suggested here (in Dutch) but quod non!!! (as I said; in Dutch ;-| ), for the not ten but one single reason:
When ‘hackers’ will not be able to access your comms when you will be using quantum crypto, so governments will also not so forget about it you will be jailed for life for using quantum crypto in the first place and also you are the most suspect of all and if still you’d try to use it, you will be whacked off-line … and your house raided, etc.etc. Because this.
And because, however clever you might think you are, obviously in vein, there will always be the ‘endpoint-to-you gap’ where parties may intervene.
Or they put a gun to your head. Good luck refusing.
And governments will restrict to their own comms; the most powerful one grabbing the scene and leaving all of the rest in the dust. And IF you believe their beneficial ethics, well you just removed yourself from serious discussion.
Anyway:
[Drone with too much tilt shift, or ’70s display scanned from an (actual, physical) slide..? (mine; ed.); <undisclosed location>]
The Legend of Knuth the Agile
Once upon a time in a land far, far off-shore to today’s centers of economic, political of civilised-society gravity, before DevOps was a thing even, there was a great algorithm champion warrior named Knuth. Unlike his fellow programmer clansman, that coded for fun and profit deep innovation and peer recognition [f&p came only decades i.e. ‘centuries’ later; ed.], in a world that was barren of bad code but still inhospitable to what later would become hero geeks and nerds (for whom this was still obvious), Knuth was just that little bit less quickly-footed in his subject matter, earning him the nickname The Agile, just to deride his profound work.
Because, you see, he was a man of honour and clean algorithms, two things that in his days were nearly the same. And he was in favour of solving things with fundamental parts. Not ‘process steps’ or so – how would he laugh at those that propose that, these days. Nor happenstantially bundled ‘sprints’ of fast (hacked, in its profound meaning) coding – though extreme coders live on here and there, not given the honour and credit they deserve.
But real, standardised, tried and tested (even in a semi- or fully mathematical way) logically consistent actual process steps. But then, he understands that the real warrior body (brains) belong only to those that have honed the warrior spirit, have grinded and polished their skills over decades to shine like blank sheet metal of the finest alloys. So, not like ‘hey I had this one-year (??, mostly one-week or so ..!) course in agile programming now I’m a l33t h@x0r’ kind of pre-puerile nonsense.
Well, dear readers, you know how times can fly and how reputations can change overnight. So it happens that his nickname suddenly meant something else. No more poetic escapes of sparse code and clean, logic-based algorithm library linking and calling/returning at the side of the waterfall. development method. No more re-use of the tried and tested. No more frozen waterfalls at all, due to scope creep leading to progress-temperature drops to zero and below, leading to icy atmospheres where nothing works anymore. No more basic weapons training of even knowing how to deploy re-usable code and algorithms…
All we have now, in these days with no more heroes (but the baddies are still out there, everywhere), is/was faint attempts at “patterns”, being of course the latter-day devolution of the very algorithms that made Knuth the hero he was. Is.
And then, DevOps came to the scene. If only Knuth were still in his prime, he would know what to do…
Plus:
[Only in such art is extremely precisely applied sloppiness a virtue …! Gemeentemuseum Den Haag]
Panoptic business
Recently, I heard the gross error of thinking again “When people use their business IT for private purposes, they have no right to privacy” – rightly countered from the room that standing European law most clearly has the opposite: Employer has zero rights to see anything unless there’s prior evidence of some malfeasance or malfunctioning (e.g., performance problems – of the employee, not of the infra…). So, blanket or categorical surveillance (or blocking, which presupposes monitoring how the heck else would you detect the to-be-blocked URLs..!?): No sir.
What about the recent spat where a bank blocked Netflix because employees’ use of it at home, using company laptops that Citrixed back to the bank and from there onward, overloaded networks of sad (typo not said, intended to characterise the) bank? Well, a. how dumb can you be to Netflix over Citrix etc, or is one so incredibly cheap (hey, works at bank; apart from the exceptions you know, go figure) that bandwidth cost is an issue? Then maybe you’re too scroogy to be allowed to wok at a bank in the first place; monumental failure of ethics wise, b. in this case, clearly there are performance issues – when it’s noticable on the company network level, certainly it goes for a number of individuals, even if only by disturbing the performance (bandwidth availability) of others. c. there’s no absolutes in what employers cannot do.
But clearly, in just about every case considered today where categorical blocking by blacklisting would be attempted because managers sideways involved in HR stuff would understand what the URL is about, i.e., not-business-related entertainment however SFW or N-, skipping the blacklisting of the really to be blacklisted sites (torrents, malware shops and other rogue tooling),
we have again the panopticon argument of “observation changes behaviour” – and in these times of clueless managers (the less they know that of themselves, the worse cases they are!), you need in particular those ‘users’/employees that go beyond monkey typing away to be creative in their work and find new revenu / cost reduction directions. Which means that when you observe, or only log to be able to observe, you squelch productivity and profitability… Way to go!
Oh, and:
[Not the one mentioned above; HypoVereins München on a heat-hazy day]
2FA is illegal!
Just when you thought the solutions to your eternal (not) pwd problems were getting mature enough to deploy – nudged to annoyance by all the vendor FUD – and you forgot the solution is totally easy and already in your infra everywhere, you will find … 2FA is declared illegal …
Oh …, it turns out to concern the party drug kind only, not 2FA but 4-FA. Like, here. Phew!
But stil, kids, don’t rely on 2FA either; help users reduce complexity not hinder ’em!
Oh, and:
[When all sober and straight would have been Boring; Lille]
Bringing back symmetry/-ia
Some issues, aspects of interest, collided a couple of weeks ago.
Macron’s team with their skillful double-cross deceit in the ‘leakage’ of election-sensitive info (!read the linked and weep over your capabilities re that, or click here for (partial?) solutions or others or devise your own). One down, many to go; Win a battle, not win a war yet.
In unrelated (not) news, what are the tactics used IRL to actively engage in pre-battle tactics? Can we plant our own systems with scar (?) tissue i.e. fake immunised (for us!) / unused information that is weaponised with trail collecting (or only source-revealing) capabilities, like shops and private persons can get “DNA” spray paint thus called because it’s uniquely coded so is identifiable and traceable? Can we harbour ‘hidden sleeper (?) cells’, pathogens i.e. malware, that doesn’t affect us but when ‘leaked’ to an adversary’s environment / stolen, oh boy does it become virulently active and destruct? (Silent) tripwires, boobytraps where are you?
How far behind the curve are the general public (us, I) with intel on developments in these areas? If the French used some of this stuff (using is revealing, qua tactics, unfortunately) certainly others would have considered the methodologies involved. Raises questions indeed, as were around, about whether or not the cyrillic traces were planted into WannaCry1.0 or left there in error. [There’s no such thing as perfect Opsec but this would severely hurt some involved at the source / would’ve cared better, probably.]
Just so we can get a better view on the balance being shaken up so vehemently, between asymmetric simpleton hacks [the majority you know (like, you actually can learn about; the real majority you may not hear about) of big organisations with their huge attack surfaces and attackers only needing one pinhole] and more-or-less regaining-symmetric nation-state attacks against each other (all against all) where the arms’ race of tooling now is so out of balance.
Would like to know, for research purposes only of course, really.
We’ll see. And:
[Yes that’s real gold dust on the façade hiding in plain sight, but you wouldn’t be able to scrape it off. Would you? Toronto]
No Dutch AI
How far behind is the Dutch (startup) scene with AI ..?
That may seem kurt, but …
Really there is no sign of Dutch AI industry or even industriousness.
Unbefitting the Dutch, is it not? ‘We’ should have all the brains needed, the industriousness, the venturing spirit, the openness to things-new.
But apparently, ‘we’re still stuck in collectivist ideals, where rocking the boat is only allowed when for some naïve progress [Uhm this is no sligh to Boyan Slat; on the contrary I and everyone likes his ideas and heart and soul he puts into it]. When searching for ‘Dutch AI scene, hardly anything turns up. This among the hardly search results; ominously.
So, it’s a Shame. And Why ..!?
Yes I did list some why’s but they don’t cut it, against the Aye’s. We need a new élan! How to get such a thing going!?
And:
[If that is the neo-modernistest that you build / apparently want to spend your money on, then well you may be doomed indeed; Zuid-As Ams]
Appetite for destruction ..?
Not even referring to the Masterpiece. On the contrary, we have here: … Well, what?
Interested as we all are in the subject, since it is defined still so sloppily, we all look for progress, I started. But stopped, when it turned out … risk appetite is defined in hindsight, with a survived disaster being the appetite threshold. Nice. So you’ll know what your appetite is when it hit you and were lucky enough to survive. If you didn’t survive, you now know you passed the threshold. Same [?] with projects: Only if it fails, do you have to write off the investment. The idea of sunk costs may be an enlightenment..?
Etc.
I believe the CRISC curriculum has other, actually somewhat useful, information on this, and on risk tolerance ..?
Your comments, please.
Plus:
[For 20 points, evaluate the risks, e.g., qua privacy, bird strikes, value development; Barça]
