Amazing PR with an IBM Spin
March 24, 2020
Who made the supercomputer? Give up.
IBM did.
What software did the scientists at ORNL use?
IBM’s.
Did IBM pump out the crowning glory of a story itself?
Nope, allegedly ORNL professionals did.
This is a summit of sorts. PR for IBM and a news story to circulate among the appropriation committee at budget time.
Opportunistic? Of course not. Just keeping those competitors like LANL at bay.
Stephen E Arnold, March 24, 2020
DarkCyber for March 24, 2020, Now Available
March 24, 2020
DarkCyber for March 24, 2020, covers four stories. You can view the video on YouTube or on Vimeo.
The first story explains that phishing is a contentious issue in many organizations. Managers see phishing one way; information and security professionals often have a different view. The divide can create more vulnerabilities for organizations ignoring the escalating risk from weaponized email.
The second story provides some information about Banjo (a US firm engaged in providing specialized services to law enforcement) and BlueDot (a Canadian company applying advanced analysis to open source and limited access medical information). The story makes clear that the methods of these firms provide excellent insight into how some specialized software systems deliver high value intelligence to law enforcement and intelligence professionals worldwide.
The third story provides information about a Department of Justice report aimed at Dark Web researchers. The document is available without charge from the url provided in the program. Failure to follow the guidelines in the document can convert a researcher into a bad actor.
The final story reviews recent steps taken by the Russian government to exert tighter control over Internet applications. The affected software includes Tor and the Telegram Open Network. Mr. Putin has become Russia’s first digital tsar.
Kenny Toth, March 24, 2020
NASA: Bad Math for Data Return
March 23, 2020
DarkCyber continues to monitor the Amazon Web Services drive train for the Bezos bulldozer. “NASA to Launch 247 Petabytes of Data into AWS – But Forgot about Eye-watering Cloudy Egress Costs before Lift-Off” reports that it is easy to get into the AWS orbit but the payload return may incur some interesting costs.
The Register article states:
“Specifically, the agency faces the possibility of substantial cost increases for data egress from the cloud,” the Inspector General’s Office wrote, explaining that today NASA doesn’t incur extra costs when users access data from its DAACs. “However, when end users download data from Earth data Cloud, the agency, not the user, will be charged every time data is egressed. “That means EDSIS wearing cloud egress costs. Ultimately, ESDIS will be responsible for both cloud costs, including egress charges, and the costs to operate the 12 DAACS.”
Simplifying: Easy in, expensive out.
The Register did some math, which apparently is unfamiliar to certain NASA professionals and consultants. The Register reports:
The Register used Amazon’s cloudy cost calculator to tot up the cost of storing 247PB in the cloud giant’s S3 service. The promised pay-as-you-go price for us on the street was a staggering $5,439,526.92 per month, not taking into account the free tier discount of 12 cents. The audit, meanwhile, suggests an increased cloud spend of around $30m a year by 2025, on top of NASA’s $65m-per-year deal with AWS. The existence of data egress costs are not obscure nor arcane knowledge. Which left The Register wondering how an agency capable of sending stuff into orbit or making marvelously long-lived Mars rovers could also make such a dumb mistake.
Net net: The Bezos bulldozer grinds forward with some clever cost wiring; that is, a 21st century variant of the IBM lock in strategy.
Stephen E Arnold, March 23, 2020
JSTOR: Some Free Info
March 23, 2020
Navigate to this link. Enter a query like “Kolmogorov Arnold” and you will see:
No registration, no begging for dollars. Why? Building goodwill?
What’s JSTOR? Wikipedia says:
JSTOR originally was conceived as a solution to one of the problems faced by libraries, especially research and university libraries, due to the increasing number of academic journals in existence. Most libraries found it prohibitively expensive in terms of cost and space to maintain a comprehensive collection of journals. By digitizing many journal titles, JSTOR allowed libraries to outsource the storage of journals with the confidence that they would remain available long-term. Online access and full-text search ability improved access dramatically.
JSTOR has an interesting history. DarkCyber will leave that research up to you, gentle reader. You have JSTOR to use for the research. Tip: The good stuff about JSTOR is not available from JSTOR.
The article about my relative’s math is available to you. “Quantum analogue of the Kolmogorov-Arnold-Moser Transition in Field Induced Barrier Penetration in a Quartic Potential” is much more interesting than battles with STM publishers, Aaron Swartz, and outflanking Ebsco.
Stephen E Arnold, March 23, 2020
NR2 Search
March 23, 2020
DarkCyber noted that NR2 made a public version of its innovation search engine available. This information and investment startup was founded about a year ago. NR2 won the K Startup Grand Challenge in 2019, beating 176 other startups from 95 countries.
The company says:
Powered by big data and artificial intelligence, we deliver insights that predict trends in innovation before they sweep the globe. We sit at the heart of China and Europe’s innovation hubs, enabling us to seamlessly link global investment to local innovation, accelerating growth and returns for both.
The company’s headquarters are in Paris. The founders are Maxim Parr, a graduate of HEC Paris (a business school with an eight percent acceptance rate),and Jordan Monnet, a PhD who is proficient in Mandarin.
The founders told the HEC publication:
We can learn so much about how innovation thrives by understanding data on start-ups. Our algorithms have found many characteristics present in disruptive companies and we use them to help our users identify the next generation of revolutionary companies. We started with Chinese start ups, but we are building out our search engine to capture innovation everywhere.
A query for analytics returned a list of companies shown below:
The companies listed were Chinese.
Clicking on the company Hesaitech returned a useful summary of the firm:
The icon allows the user to copy the link to the NR2.io entry.
Observations:
- Extremely useful resource in its present form. DarkCyber anticipates enhancements
- There are a number of monetization options available to this company
- Content valuable to investment firms and organizations looking for companies to explore deals or partnerships
- Data appear to be of high value because obtaining current information about venture funded firms in China and elsewhere can be time consuming.
We ran our standard queries for surveillance technology, facial recognition, and investigative software and did not immediately locate useful information. We think that this is a result of the search terms we tested.
DarkCyber will add this resource to our list of useful resources. Worth a look.
Stephen E Arnold, March 23, 2020
Semantic Sci-Fi: Search Is Great
March 23, 2020
I read “Keyword Search is DEAD; Semantic Search Is Smart.” I assume the folks at Medium consider each article, weigh its value, and then release only the highest value content.
Semantic search is better than any other type of search in the galaxy.
Let’s assume that the write up is correct and keyword search is dead. Further, we shall ignore the syntax of SQL queries, the dependence of policeware and intelware systems on users’ looking for named entities, and overlook the interaction of people using an automobile’s navigation service by saying, “Home.” These are examples of keyword search, and I decided to give a few examples, skipping how keyword search functions in desktop search, chemical structure systems, medical research, and good old, bandwidth trimming YouTube.
Okay, what’s the write up say beyond “keyword search is dead.”
Here are some points I extracted as I worked my way through the write up. I required more than three minutes (the Medium estimate) because my blood pressure was spiking, and I was hyper ventilating.
Factoid 1 from the write up :
If you do semantic search, you can get all information as per your intent.
What’s with this “all.” Content domains, no matter what the clueless believe, are incomplete. There is no “all” when it comes online information which is indexed.
Factoid 2 from the write up:
semantic search seeks to understand natural language the way a human would.
Yep, natural language queries are possible within certain types of content domains. However, the systems I have worked with and have an opportunity to use in controlled situations exhibit a number of persistent problems. These range from computational constraints. One system could support four simultaneous users on a corpus of fewer than 100,000 text documents. Others simply output “good enough” results. Not surprisingly when a physician needs an antitoxin to save a child’s life, keywords work better than “good enough” in my experience. NLP has been getting better, but the idea that systems can integrate widely different data which may be incomplete, incorrect, or stale and return a useful output is a big hurdle. So far no one has gotten over it on a consistent, affordable basis. Short cuts to reduce index look ups can be packaged as semantics and NLP but mostly these are clever ways to improve “efficiency.” Understanding sometimes. Precision and recall? Not yet.
Poisoning Smart Software: More Than Sparkley Sunglasses
March 22, 2020
DarkCyber noted “FYI: You Can Trick Image-Recog AI into, Say, Mixing Up Cats and Dogs – by Abusing Scaling Code to Poison Training Data.” The article provides some information about a method “to subvert neural network frameworks so they misidentify images without any telltale signs of tampering.”
Kudos to the Register for providing links to the papers referenced in the article: “Adversarial Preprocessing: Understanding and preventing Image Scaling Attacks in Machine Learning” and “Backdooring and Poisoning Neural Networks with Image Scaling Attacks.”
The Register article points out:
Their key insight is that algorithms used by AI frameworks for image scaling – a common preprocessing step to resize images in a dataset so they all have the same dimensions – do not treat every pixel equally. Instead, these algorithms, in the imaging libraries of Caffe’s OpenCV, TensorFlow’s tf.image, and PyTorch’s Pillow, specifically, consider only a third of the pixels to compute scaling.
DarkCyber wants to point out:
- The method can be implemented by bad actors seeking to reduce precision of certain types of specialized software. Example: Compromising Anduril’s system
- Smart software is vulnerable to training data procedures. Some companies train once and forget it. Smart software can drift even with well crafted training data.
- Information which may have national security implications finds its way into what seems to be a dry, academic analysis. If one does not read these papers, is it possible for one to be unaware of impending or actual issues.
Net net: Cutting corners on training or failing to retrain systems is a problem. However, failing to apply rigor to the entire training process does more than reduce the precision of outputs. Systems simply fail to deliver what users assume a system provides.
Stephen E Arnold, March 22, 2020
Artificial Intelligence: Delivering But Not Yet Arrived
March 22, 2020
Artificial intelligence is the basis for most technology currently in development, because it is capable of handling complex actions and is designed to learn. AI is the most advanced algorithms invented to this day, but what does that mean in reference to business and industry? Forbes published the, “Levels And Limits Of AI” to provide perspective on AI’s capabilities, while Andreessen Horowitz takes a similar yet differing approach in, “The New Business Of AI (And How It’s Different From Traditional Software).”
One thing both articles agree on is that AI is here to stay until something more advanced is designed. Andreessen Horowitz agrees humans will be involved with AI beyond creating the algorithms, but there is more required to get AI working correctly for a company. AI, according to Forbes, is designed to do three things:
“There are several “levels” of artificial intelligence. A few years ago my friends John Frank and Jason Briggs, who run Diffeo, suggested breaking artificial intelligence into 3 levels of service: Acceleration, Augmentation, and Automation. Acceleration is taking an existing human process and helping humans do it faster. For example, the current versions of textual auto-complete that Google offers are acceleration AI. They offer a completed version of what the user might already say. The next level, augmentation, takes what a human is doing and augments it. In addition to speeding up what the human is doing (like acceleration), it makes the human’s product better. An example of this is what Grammarly does with improving the grammar of text. The final level is automation. In the previous two levels there are still “humans in the loop.” Automation achieves a task with no human in the loop. The aspiration here is Level 5 autonomous driving like Aurora and Waymo are pursuing.”
Andreessen Horowitz breaks down the obstacles businesses will encounter with AI deployment. In short, there will be some, most of which are SOP when implementing any new technology. The only difference is that AI is smarter, but there is this consolation for humans:
“The need for human intervention will likely decline as the performance of AI models improves. It’s unlikely, though, that humans will be cut out of the loop entirely. Many problems – like self-driving cars – are too complex to be fully automated with current-generation AI techniques. Issues of safety, fairness, and trust also demand meaningful human oversight – a fact likely to be enshrined in AI regulations currently under development in the US, EU, and elsewhere.”
AI is a tool meant to simplify and advance society, essentially it is not meant to replace humanity. Common sense weighs in on deploying AI-based technology. The ROI is a big factor, but also consider the phrase, “if it is not broken, do not fix it.”
Whitney Grace, March 22, 2020
Facebook: Another Innovation and Maybe Unforeseen Consequences
March 21, 2020
DarkCyber heard that Google was indexing then not indexing WhatsApp group information. Are other indexing outfits (some we know and love like Bing and others of which few know)?
The purpose of Facebook is for people to share information about themselves publicly or privately. One pull for Facebook is the group chat application WhatsApp that similarly allows users to make groups public or private. If you are a skilled Google searcher, however, some of the private WhatsApp groups are discoverable and joinable says Vice in the article, “Google Is Letting People Find Invites To Some Private WhatsApp Groups.”
To be the best and most competitive search engine, Google crawls the Web and indexes information it finds. Among the information Google is indexing are invite links to WhatsApp group chats. The WhatsApp administrators for those chats probably does not want them publicly shared. There are currently 470,000 results for a Google search of “chat.whatsapp.com.” Most of the private groups are innocuous and/or are for people sharing porn. One link did yield a WhatsApp group for accredited United Nations NGOs and their contact information.
The problem is when WhatsApp users publicly share a private group:
“A WhatsApp spokesperson said in a statement, ‘Group admins in WhatsApp groups are able to invite any WhatsApp user to join that group by sharing a link that they have generated. Like all content that is shared in searchable, public channels, invite links that are posted publicly on the internet can be found by other WhatsApp users. Links that users wish to share privately with people they know and trust should not be posted on a publicly accessible website.’”
DarkCyber thinks there is a fix because Facebook is an interesting company. Governments, including the US government, is nudging forward legislation for backdoors. China and Russia have adopted quite specific tactics to try to make sure that when information is needed, access to those data is available without hurdles, hassles, and techno-bluster.
“Whatsapp Could Soon Get Self-Destructing Messages” may or may not be accurate. The write up articulates an interesting “idea” for Facebook:
Whatsapp has been experimenting with a ‘Delete messages’ feature that allows users to set a self-destructing timer for all of their individual chats and have them removed automatically.
A government cannot request access to data which no longer “exist.”
Some Whatsapp users are likely to greet this “idea” with enthusiasm. Some of that enthusiasm may not influence government officials.
What are some hypothetical unintended consequences of this “idea” set forth in the cited article? Here are three:
- Criminals step up their usage of Whatsapp
- Intercept methods expand
- Controls over what is collected may be relaxed.
Net net: Changes may be upon some sectors.
Stephen E Arnold, March 21, 2020
Secret No More: An Alternative to VPNs
March 20, 2020
Dor Knafo founded Axis Security. (The name may create some confusion for those familiar with an event planning outfit.) The company seeks to deliver what Tech.eu reported as:
a single managed solution for access, security, control, and scalability without the complexity…. Built on a zero trust approach, the startup’s Axis Application Access Cloud offers an agentless model that connects users on any device to private apps, without touching the network or the applications. This separation shrinks the attack surface, or reduces the chances of a cyber attack.
Don’t VPNs deliver this?
Nope.
The Axis approach is an SaaS solution. Here’s the explanation in “Israeli startup Axis Security emerges from stealth mode with $17 million Series A.”
Built on a zero trust approach, the startup’s Axis Application Access Cloud offers an agentless model that connects users on any device to private apps, without touching the network or the applications. This separation shrinks the attack surface, or reduces the chances of a cyber attack.
The funding comes from, according to the write up:
Ten Eleven Ventures’ Alex Doll led the round, joined by Cyberstarts, Palo Alto Networks, Check Point, Imperva, among others. Angel investors include Dan Amiga, founder of Fireglass, and board of director member Michael Fey, former president of Symantec and Blue Coat.
Note that Mr. Knafo previously Symantec.
Net net: The solution has been rumored for more than a year. With its more public approach, the company is likely to signal a flow of related start up innovations for cyber security markets.
Stephen E Arnold, March 20, 2020
-
- Subscribe to Beyond Search
Feature archive
News archive
-
