Modern Behavior
July 17, 2020
I read “The Modern Day Mind Killer.” The write up contained an interesting factoid. In a Rona world, the good old buffet line may become problematic. Nevertheless, here’s the item:
I recently came across a study of the behavior of people in a buffet line. The results blew me away. At the average breakfast buffet, the first item was taken by 75% of the diners (even when the order of the items was reversed). Two-thirds of all the food taken came from the first three items, regardless of how long the buffet was.
The author points out:
We are less in control of our actions and decisions than we think we are.
This seems like a useful observation.
Stephen E Arnold, July 17, 2020
Digital Fire hoses: Destructive and Must Be Controlled by Gatekeepers
July 16, 2020
Let’s see how many individualistic thinkers I have offended with my headline. I apologize, but I am thinking about the blast of stories about the most recent Twitter “glitch”: “Apple, Biden, Musk and Other High-Profile Twitter Accounts Hacked in Crypto Scam.”
Are you among the individuals whom I am offending in this essay?
First, we have the individuals who did not believe my observations made in my ASIS Eagleton Lecture 40 years ago. Flows of digital information are destructive. The flows erode structures like societal norms, logical constructs, and organizational systems. Yep, these are things. Unfettered flows of information cut them down, efficiently and steadily. In some cases, the datum can set up something like this:
Those nuclear reactions are energetic in some cases.
Second, individuals who want to do any darn thing they want. These individuals form a cohort—either real or virtual—and have at it. I have characterized this behavior in my metaphor of the high school science club. The idea is that anyone “smart” thinks that his or her approach to a problem is an intelligent one. Sufficiently intelligent individuals will recognize the wisdom of the idea and jump aboard. High school science clubs can be a useful metaphor for understanding the cute and orthogonal behavior of some high technology firms. It also describes the behavior of a group of high school students who use social media to poke fun or “frame” a target. Some nation states direct their energies at buttons which will ignite social unrest or create confusion. Thus, successful small science clubs can grow larger and be governed — if that’s the right word — by high school science club management methods. That’s why students at MIT put weird objects on buildings or perform cool pranks. Really cool, right?
Third, individuals who do not want gatekeepers. I use the phrase “adulting” to refer to individuals able to act in an informed, responsible, and ethical manner when deciding what content becomes widely available and what does not. I used to work for an outfit which published newspapers, ran TV stations, and built commercial databases. The company at that time had the “adulting” approach well in hand. Individuals who decry informed human controls. It is time to put thumbs in digital dikes.
And Microsoft Wants Its Partners to Support Government Entities?
July 16, 2020
The article “Hack of 251 Law Enforcement Web Sites Exposes Personal Data of 700,000 Cops” troubles me for two reasons.
First, the loss of the data increases risk for the professionals listed in the data files. Not good.
Second, the write up asserts as “real” news:
All of the hacked websites were hosted and built by the Texas web development firm Netsential on Windows servers located in Houston. They were all running the same custom (and insecure) content management system, developed using Microsoft’s ASP.NET framework in the programming language VBScript, using Microsoft Access databases. Because they all run the same software, if a hacker could find a vulnerability in one of the websites that allowed them to download all the data from it, they could use that vulnerability to hack the rest of the websites without much additional effort.
DarkCyber believes that much of the 21st century cyber software jabber is marketing speak.
If the statement about Microsoft’s infrastructure and software is accurate, there are some questions to answer:
- How did the Microsoft partner program allow “experts” certified by Microsoft to create a system with some interesting security issues?
- Where did the Netsential Web site go? Why did its content disappear?
- What does this incident mean in the context of the Department of Defense JEDI contract?
DarkCyber is concerned when a giant corporation cannot update its own Windows 10 operating system and fail to ensure that its partners are qualified to perform sensitive work in a careful manner.
Is there some useful code on Microsoft Github? Snap. Github fell over again just as I was looking.
Another troubling US technology lapse it seems for a company wanting to provide cloud services to the US government and law enforcement.
Stephen E Arnold, July 16, 2020
What Is the Work Around When a Huawei Ban Gets Traction?
July 16, 2020
DarkCyber noticed a news item in IT Online. “Counterfeit Cisco Devices Open Backdoors into Organizations’ Systems” states:
The counterfeits were discovered by an IT company after a software update stopped them from working, which is a common reaction of forged/modified hardware to new software.
Years ago, I learned that a Chinese manufacturer of telecommunications devices was running two lines. One line handled the US product. The other line generated “special” versions of the US product? I was unable to verify this interesting comment.
Some manufacturers in countries what was quaintly called “the Far East” may have decided to produce the equivalent of knock off watches.
If the IT Online report is accurate, these devices may be good enough to capture data from an organization of interest.
Supply chain security? Some US companies may say, “Yep, we will jump on that… right away.”
Stephen E Arnold, July 16, 2020
Google Alerts: Lost in Cyber Space?
July 16, 2020
Check out these headlines from my Google Alert for the phrase “enterprise search”.
The Covid angle is back. Who publishes this type of news? An outfit called Daily Research Chronicles. An outstanding SEO outfit? Maybe?
And how about these high relevance links to my enterprise search alert?
Silicon steel, analog cameras, and dental film.
Sure, the alerts are a free service. Sure, an item every week or three points to something relevant.
But the spoofiness of the service from outfits like Daily Research Chronicles begs me to ask?
What about those quality and relevance algorithms, dearest Google?
Stephen E Arnold, July 16, 2020
Once Again: NSO Group Becomes a Magnet for Real Journalists
July 16, 2020
We spotted one of those “We don’t have or can’t tell you where we got this information” write ups. The article is “Source: Spain Is a Customer of NSO Group.” The main idea of the article is that a government licensed software developed for … wait for it … governments. According to the “source” with some inputs from other real news outfits like The Guardian and El Pais, the NSO Group’s specialized software was used to obtain information about … wait for it … politicians in Spain.
The write up states:
The cell phones of several politicians in Spain, including that of the president of one of the countries’ autonomous regional parliaments, were targeted with spyware made by NSO Group, an Israeli company that sells surveillance and hacking tools to governments around the world, according to The Guardian and El Pais . Motherboard confirmed the specifics with security researchers who investigated the attempted hack and a Facebook employee who has knowledge of the case.
Interesting. But a couple of questions come to mind:
- Was the alleged use of the software a complement to an investigation; for example, inciting civil unrest?
- Was the alleged use of the software gathering data on matter one and obtained information on a collateral or unrelated matter two?
- Why aren’t the sources identified? Policy or some special rules of “real” journalism that elude me?
The disclaimer “We cannot confirm whether these specific attempted hacks” does nothing to alter my perception of the article; to wit: The article wants to draw attention to a particular specialized software developer and connect that company to the alleged use of the software by a licensee of the software. How’s that work? Consider the manufacturer of a knife. The purchaser of the knife uses it to kill an intruder. Is the knife manufacturer responsible? What applies to companies which are in the business of developing specialized software tools is different from the knife manufacturer.
I want to point out the Bank Info Security reported that an Israeli court dismissed a complaint against the NSO Group. Amnesty International accused the NSO group of violating human rights. On the surface, it seems that the allegations of Amnesty International were found to be without much heft.
The real question is, “Why are outfits like Vice and Amnesty International chasing NSO Group?”
DarkCyber has some hunches about the “why”? For example:
- Companies which develop specialized services and operate in a classified or community environment populated by government customers are somehow offensive to the “real” journalists. Is this a factor? Sensibilities are activated.
- The “real” journalists are just now realizing that those charged with enforcing the laws of countries are using specialized tools for investigations or addressing challenges which in the opinion of the government customers threaten civil order. This “sudden discovery” is like a child’s getting a new toy for her birthday. By golly, that toy is going to get some attention because it is novel to the childish mind.
- The “real” journalists are trying to come up with “news” which is stale, routine, and institutionalized in government entities throughout the world. The focus, however, is one the producer of specialized software, not on the specific government entity licensing the software.
DarkCyber believes the truth is closer to the child’s fascination with what the child with its immature perception sees as mesmerizing.
News flash for the “real” journalists: Chasing vendors of specialized software may not be the revenue and attention magnet for which the publications hunger. Plus, there may be some unintended consequences of speculative writing about topics presented without context.
Stick with facts and identified sources. Could the NSO Group articles be converted into a Quibi program? Advance the “real” agenda with short video. Worth a shot? Sources may not be needed for a short form Quibi thing.
Stephen E Arnold, July 16, 2020
Google, TikTok, and Seriousness
July 15, 2020
Short form video is in the news. TikTok captivates millions of eyeballs. Many of these eyeballs belong to Americans. Most of these Americans choose not to understand several nuances of “free” 30 second videos created, transmitted, viewed, and forwarded via a mobile device; to wit:
- Software for mobile phones can covertly or overtly suck up data and send those data to a control node
- Those data can be cross correlated in order to yield useful insights about the activities, preferences, and information flowing into and out of a mobile device equipped with an application. Maybe TikTok does this too?
- Those digital data can be made available to third parties; for example, advertising analytics vendors and possibly, just maybe, a country’s intelligence services.
The Information published one of those “we can’t tell you where we got these data but by golly this stuff is rock solid” stories. This one is called “TikTok Agreed to Buy More Than $800 Million in Cloud Services From Google.” Let’s assume that this story about the Google TikTok deal is indeed accurate. We learn:
Last week, though, word surfaced of a buzzy new customer for Google Cloud—TikTok, the app for sharing short videos that is the year’s runaway social media hit. The deal is a lucrative one for Google Cloud, The Information has learned. In a three-year agreement signed in May 2019, TikTok committed to buying more than $800 million of cloud services from Google over that period…
What’s with the Google? Great or lousy business judgment? Does Google’s approach to a juicy deal include substantial discounts in order to get cash in the door? Is the deal another attempt by the Google to get at least some of the China market which it masterfully mishandled by advising the Chinese government to change its ways?
Nope. The new Google wants to grow by locking down multi year contracts. The belief is that these “big deals” will give the Google Cloud the protein shake muscles needed to deal with the Microsofties and the Bezos bulldozer.
New management, new thinking at the GOOG, and there will be more of the newness revealed with each tweak of a two decades old “system.”
At the same time as the Information “real” news story arrived in the DarkCyber news center, a pundit published MBA type write up popped into our “real news” folder. This write up is “The TikTok War.”
Unlike the Information’s story, the Stratechery essay is MBA consultant speak, which is different from “real news.” The point of the 3,900 word consultant report is:
I believe it is time to take China seriously and literally…
There you go: An MBA consulting revelation. One should take China seriously and literally.
Okay. Insight. Timely. Incisive.
From this conclusion, TikTok’s service is no longer appropriate in the US. Banning is probably a super duper idea if I understand the TikTok War. (How does one fight a war by banning digital information? Oh, well, irrelevant question. What’s that truism about ostriches putting their heads in the sand? Also irrelevant.)
Let’s step back and put these two different TikTok articles in a larger context.
The Information wants everyone to know that a mysterious “source” has said that Google has a three year deal with TikTok. This is a surprise? Nope. Google is on the hunt for cash because after Google’s own missteps, it is faced with hard to control costs and some real live “just like Google” competitors; namely, Amazon, Apple, Facebook, and Netflix. There’s also the mounting challenges of political and social annoyances to add some spice to the Googlers’ day.
The MBA consultant analysis points out that China has to be taken seriously. Prior to TikTok, China was not taken seriously? I suppose TikTok is the catalyst for seriousness. More likely, the TikTok thing evokes MBA consultant outputs to confirm what many people sort of intuit but have not been able to sum up with a “now is the time” utterance.
In my lecture yesterday for the National Cyber Crime Conference, I presented a diagram of how Chinese telecommunications and software systems can exfiltrate information with or without TikTok.
Banning an app is another one of those “Wow, the barn burned and Alibaba built a giant data center where the Milking Shorthorns once stood” moments.
Sourceless revelations about Google’s willingness to offer a deal to a China centric TikTok and MBA consultant revelations that one should take China seriously warrants one response: The ship sailed, returned, built a giant digital port, and has refueled for a return journey. Ban away.
Stephen E Arnold, July 15, 2020
Google, the EU, and a Tap on the Nose
July 15, 2020
One of the DarkCyber research team spotted this article: “Google Fined $684,000 over Right to Be Forgotten Failure.” The idea is that an individual in the EU can ask Google to remove links. The write up reports that the Google was not playing “Right to Be Forgotten” by the rules. The failure to ignore the EU citizen’s request was allegedly “particularly negligent.” The Google will have an “obfuscation” of legal eagles (too bad crows have the “murder” collective noun and the stupid lark has “exaltation”).
Not surprisingly, according to the write up, the Google has been working hard. Good to know.
Stephen E Arnold, July 15, 2020
Muffing the Bunny: The Skype Animal
July 15, 2020
Sad news. One of the founding Skype engineers has died. We crossed paths at a conference in 2009. The news appeared in “Estonian Engineer Who Helped Develop Skype Passes Away at 48.”
The write up contained this summary of the trajectory of Skype:
eBay acquired Skype in 2005 for $2.6 billion…Skype became a part of Microsoft in 2012. Microsoft has said it would continue to invest in Skype that has crossed 40 million daily active users. Purchased for $8.5 billion, Skype communication tool has failed to keep up with other messaging rivals to date, while Microsoft Teams has seen a meteoric rise as millions of people work from home.
eBay had the service and accidentally ran over the Skype bunny with a riding mower. The three legged Skype was acquired by Microsoft, a company which has managed to make the interface particularly interesting. Someone like a day laborer for the Spanish Inquisition would add it to a collection in which an Iron Maiden plays a prominent part.
Now in 2020 it is teams.
Any thoughts about the trajectory of Skype and eBay’s and Microsoft’s strategic vision regarding video chat via the Internet?
How much longer will the bunny live? Beyond 15 years?
Stephen E Arnold, July 15, 2020
Visual Search Engines Provide Different POV Than the Google
July 15, 2020
Google image search is the standard visual search tool people use. It does not, however, provide the extra kick needed for deeper dives, especially with all the Pinterest results. Tech Funnel addresses how visual search engines are an advantage for businesses as well as points out nine great ones in: “Popular 9 Visual Search Engines To Know.”
There are many benefits to using visual search, such as it that it connects with younger generations because they connect with images when they use social media and apps. They are far more likely to purchase an item through these platforms than a Web site. Visual search also allows people to emotionally connect with a brand than standard text and it boosts revenue as it will be the next way people search for items along with voice search.
Popular visual search engines include Pinterest Lens that allows users to take photos of items and they can find, save, or shop for them. Fashion retailers are already using it, so Pinterest users can find clothing their models wear. Google Lens is similar to Pinterest Lens, except its applications are more diverse. It can be used for translation, searching for items, places, people, etc.
Amazon Rekognitio, Instagram Shopping, Snapchat Camera Search, and eBay powered by Cassini search engine have visual search engines dedicated to searching and locating items from photos. They each have different aspects, but all perform the same function. Bing appears to be different:
“From the viewpoint of a user, the experience gotten from Bing Visual Search is similar to other various visual search platforms. However, its feature of an extensive developer platform makes it preferable by a lot of developers.
With Bing Visual Search, developers are enabled to instruct the search engine on the particular data people can get from a specific photo. This means that if Bing Visual Search directs an individual to a certain product on your website, the developer has the ability to determine what information should be provided to the visitor.”
CamFind and EasyJet are the most original engines, because they are not associated with shopping nor Google. CamFind is the first successful mobile visual engine that uses image detection. EasyJet allows people to book flights based off photos, so now you can finally discover where you screen wallpaper is located.
Whitney Grace, July 15, 2020
-
- Subscribe to Beyond Search
Feature archive
News archive
-
