Fizzle disruption

Since the whole, Original and profound, concept of Creative Destruction was latter-day transformed into something much devolved [using that in a most pejorative way; ed.] called ‘disruption’ and applied in even worse ways to outright illegal stuff that had to be allowed still for … well, for no valid reason at all, certainly not morally or ethically improving society in any way only making things worse or much, much worse for all but the 0,1%,
it deserves some attention that the major true disruptions over the past two decades… either weren’t recognised as such but were straighforward Innovations, rightly so characterised (‘Internet’, anyone ..?) or have yet to come to full fruition, in a balanced new future (profitability of ‘Amazon’, anyone ..?).

Where, also, quite some of the announced disruptions have withered into oblivion. Upstart protagonists, most certainly. But also where complete industries have either resisted the ‘attacks’ or transformed themselves just enough to withstand the onslaught, the Barbarians At The Gate.
My point being: Can the latter variants be characterised, and show predictive value, through the outset sort-of situations not only qua industry (culture) but also qua country culture that the industries were pointed-of-gravity ..? The prediction part of course being the most interesting …

Would love to receive your pointers to the stacks of scientific research done already …
And:

[Art, of old but disruption-resistant: The old stays, the new attempts but is accepted and encapsulated…; Paleis het Loo]

Shadow IT – no problem

In the upheaval of the last decade or so on the rush to the cloud (no, not that cloud though rush-related), a similar development preceded it – and still runs on. It is the spectre not only hunting Europe (and certainly the deviant [all manners? ed.] off the coast, splitting but not drifting away like an Iceberg would. should…), but everywhere else as well, the spectre depending on who you ask of Shadow IT.

Which is facilitated through XaaS (SaaS/PaaS/IaaS/…) availability. But which hardly ever is allowed… — allowed through being compliant with organisational standards. From anyone’s perspective but the IT club’s, it is not about breaking the in-house IT vendor lock-in barriers. That were breached becaused the bounds were straight-jackets. Don’t try to break those, just sneak out the back door. But it’s about the latter, seeking what wasn’t provided in-house on one’s own account, previously not having been ‘allowed’ but it was IF the solutions sourced, complied with the security (mostly) requirements set at the organisation-wide level, and set from the business side of the organisation.
Controls in or out of IT, required by IT to be implemented elsewhere, are about the particular IT solutions chosen. Solutions to the problems identified in control objectives and controls, always having alternatives in the latter. So, when through these IT-dictated controls, your preferred solution cannot be made to fit (or only near-unusably awkwardly so), they do allow you, even in a sense require you, to go for shadow IT.

Which, hence, is permitted If ad only if being (security) controlled at at least the same level of control objectives achieved. So, some department might have to re-build all of the IT department’s load of overhead qua systems management, all of ITIL or even CObIT, all of … wait, not ISO 2700x – that is an organisation-wide thing already or it is of fact a crappily implemented thing. So covers the shadow IT as well, fitting in the latter under the umbrella of the former. That’s where the battle would need to be fought, if at all since the shadow runners may very well have done a good job at running an outsourced-portfolio coordination team, neatly sheltering under the umbrella already. Showing the IT department how that’s done.
Possibly [hey I’m over-using the em-tag or what; ed.] doing it both proper and cheaper. Usually doing not the former, hardly the latter and certainly not the latter if the former is corrected. But sometimes, showing how; when IT told them that was impossible, they just did it. As good / better, and cheaper. Yes you can, to paraphrase some sorely missed leader.

In the interest of the organisation, sometimes shadow IT should be the preferred solution direction…
I’ll stop now before angering too many. And:

[The (black) details, are they essential? In a way, but could they be different or would you have chosen these in the first place …!? Prague]

Neo is right

When it is about the way The Neo-Generalist, Kenneth Mikkelsen and Richard Martin, is:

The Neo-Generalist is both specialist and generalist, often able to master multiple disciplines. We all carry within us the potential to specialise and generalise. Many of us are unwittingly eclectic, innately curious. There is a continuum between the extremes of specialism and generalism, a spectrum of possibilities. …
Since the advent of the Industrial Revolution, our society has remained in the thrall of the notion of hyperspecialism. This places constraints on the way weare educated, the work we do, how we are recruited, how our career progression [say what? ed.] is managed [not; ed.], how we label ourselves for the benefit of others’ understanding. …
Our workplaces, governments, intelligence agencies and other communities and institutions constantly complain of silos, but that is an inevitable consequence of our promotion of hyperspecialism. So too the myopia of expertise that prevents us from seeing properly what is right in front of us, or connecting it in meaningful [sic; ed.] ways with other information, other people.
[Preface, almost completely]

The institutionalisation of the label, and the constraints it demarcates, both physical and psychological, is an unfortunate legacy of the Industrial Revolution and its effects on society. The scientific management practices popularised at the turn of the twentieth century retain an insidious hold on how people think and organise themselves for manufacturing and knowledge work, even extending into Healthcare and education. It is a dehumanised and mechanical approach that views individuals not as people with unique charcteristics, knowldge and expertise but as replaceable parts. Their very humanity is occluded by the labels they are forced to bear. We remove this welder and replace them with that welder. When this accountant leaves, we will hire another accountant. Our project managers, nurses, teachers, bus drivers, are considered entirely interchangeable.

In the meantime, however, we have set up a conveyor belt of humanity that is geared towards squeezing people into the correctly shaped holes, ensuring that the label fits. Hyperspecialism is the end goal. … Educational choices made during our impressionalble teen years can have a lasting effect. To select is also to exclude. Opting for certain academic disciplines during high school limits what can be pursued at university or as a trade. For those who aspire to it, a higher-education specialism then narrows workplace possibilities. Qualifications lead to employment, whcih in turn leads to the constraints of a role and job description, the path towards increasing functional expertise. Measurement and performance assessments impel us to sharpen our skill set within the restricted field. The myopia of the expert sets in. The boundaries within which the specialist operates get narrower still.

The funneling has an inevitable consequence: it fosters silo-based practices and behaviours. Corporations, government departments, intelligence agencies and a host of other types of organisations bemoan the disjointness of their departments, the lack of interoperability between IT systems, the hoarding and protection of knowledge. Yet this is the end result of a system that encourages hyperspecialism and narrow, deep expertise. [pp. 24-25]

And so it goes on, with relevance. We may interject a full Book by Quote later, but for now leave it at this and encourage you to Study the work. To weep and learn, how you should not do it. I mean, tag along. Resist!

Oh, plus:

[Cordoníu the Beautiful (~ design by Puig i Cadafalch), San Sadurní d’Anoia Catalunya]

Where art thou, APT ..?

In line with some previous posts, about e.g., the Maker Movement, I’d like to ask if anyone knows the whereabouts of all those pesky APTs that were around a couple of years ago. Oh, yes I do know they’re in your infra everywhere all the time, but qua publicity, qua countermeasures ..?
I would like to hope that in this case, more contrary to its nature you can’t get, it would indeed bebecause (sic) of having been dealt with sufficiently in the past. Or the whole APT thing turned out to be a [any country’s] TLA move – of a side with ample publicity-suppressive powers everywhere.
But that would be day-dreaming. So, I’d like to ask your insights…

And:

[[Fuzzyfied] Oh, just some storage room in my house. Or, somewhat more, at the Royal palace, Dam, Amsterdam]

Tech-brittle society

Anyone already studied the brittleness of society re technology ..? Of course, we all do know there’s a lot of ‘critical infrastructure’ out there. But do we realise enough, that it’s not only those somewhat-well-defined (not) industries that might suffer from any form of e-attack (incl EMP; what was it with those old low-band radars that the Russian had stacked behind the Ural and were found to be very effective in picking up F-117s because the latter had never been back-tested so far ..? Same, here ..?), and society as a whole might be blown into disfunctionality when some, not critical-industry-confined but ‘class break’-like attack were to be attempted ..?
I’d think not. The more complex society becomes and (hence !) the more interdependencies there are that already work with ever slimming margins, the more brittle our society becomes, the more it is like a giant house of cards, ever more critically stable before one wind collapses the whole shazam. And the less people there will be, that remember from long times ago how one would run a society in a much less complex way… If anyone still uses ‘shazam’.

Plus:

[Even those were, are complex machines to operate. And what if your coal is delivered just-in-time by some networked drone delivery in the ‘chain cloud or so and none of that still exists ..? Utrecht]

Dubbeltestje

Ubent nu onderdeel van een testje. Niet statistisch verantwoord, maar dat is sowieso vrijwel nergens te vinden; dát zijn pas unicorns …
Anyway, without further ado, let’s see how many (huh) hits this post will get when it’s half-Dutch. When you’d interpret that as half-baked, you’re correct…(?)

Terwijl er tegenwoordig héél wat luipaarden zijn, die nu dus voor de foute partijen kiezen contra het vage clubje, “ze”, die de leeuwen zijn in dezen. De welpjes, die hebben nergens benul van noch hebben ze ooit iets fout gedaan (?). Etc.; het is allemaal nog heel relevant vandaag de dag.
And, on a lighter note:

Indexing the socmed skew

Hi y’all (or variants), would any of you have some form of Hirschman-Herfindahl index for the concentration in users/followers profiles on various socmed platforms ..?
And/or, even better, some index that takes into account every profile its geo- and other spreads which may be much more limited than all living in one global community you know.

Have pointers, will blog. Plus:
[Medium-class IIb for no good reason; Rotterdam]

Too late for GDPR compliance ..? Click here to pay up

It seems like everyone’s finally waking up to the fact that ‘GDPR D-day’ is less than 283 days ahead.
Yes I checked. And I didn’t discount for weekends – minus 80 days, more of less –, holidays – either the normal kind, at some three weeks in this period, or the sanctified ‘bank holidays’ for those that say they don’t believe in holidays, or say they do but still are too awkward sheep to actually go on normal holidays, maybe a week in total – and the year-end curfew on all IT changes because business is doing things they have done for years, decades, and still haven’t mastered apparently.
So, we’re more in the area of 100-150 business days left.

Before what …!?

GDPR has power of law per … 20 days after its publication in the EU Official Journal, on 4 May 2016 … !!!

It’s just that officially, it’s not enforceable.
And would one be able to challenge organisations already today, e.g., with the letters from hell just not from the duds?
[To the latter: The Dutch DPA was sanctioned in court four times recently for not having acted sufficiently in spirit and to the letter of their tasks. Suggest to estimate what percentage this constitutes to the actual number of cases they didn’t act sufficiently where legally, they were and are forced to; refusal to obey instructions…]

No really: ‘Civil’ law is other than administrative law, right? Enforcement is postponed, but is the requirement to comply as well ..?

Will ask legal advice. And:
[The Classics, may stay even when at an angle; NY-NY]

Forever young, immature infosec

Sometimes one feels like one’s in a partial Gourndhog Day or 2:22 …
When 7 december 2006, there was this meet about the maturity of infosec, as a field. Which was compared, by Yours Truly, to the then (and now!) equally immature IS audit world – which had a couple of decades more under its development belt but was is still quite immature still.

Then there’s the first paragraph of this. ’nuff said..?

And:
[This, still fresh which is a different thing …; Barça of course]

Diving under, almost, everything

Dindn’t we feel it coming, if not in the air tonight than at least, after we signalled that BIOSes had been targeted… that there’s always a layer deeper one has to be on guard for infosec leakage and backdoors… How did this ‘surface’? Bypassing all the O/S features …

Just putting in down here. E.g., which, how many, platforms would be vulnerable to this; how much and what sorts of traffic could you send around through this …? Would one be able, when in so deep, to pick up system/sysadmin/root rights/credentials when browsing around ..?

And here we (not) are, all fleeing to the End User Is Stupid mantra, away from our own failings in tech but hey, users are the weakest link so we shove tons of hard protocol i.e., stupidity, on them. And burying them in awareness smotherlectures, instead of creating real behavioural change.

Oh well. And:
[Buried under the tons of network traffic, there’s a pay(ing)load you see? Nyagra]

Maverisk / Étoiles du Nord