LinkedIn: Social Media Excitement from the Softies

March 10, 2021

Microsoft is reportedly embracing the gig work mentality via LinkedIn, which it purchased in 2016. What could go wrong? Social Barrel tells us, “LinkedIn to Rival Fiverr and Upwork with Marketplaces.” The pandemic has greatly increased demand for independent workers, and it sounds like Microsoft refuses to cede the increased freelance-connection business to Upwork and Fiverr. Writer Ola Ric reveals:

“If true, the Microsoft-owned professional network service is all set to rival Fiverr and Upwork. Without a doubt, LinkedIn stands a big chance of rivaling Fiverr and Upwork considering its massive user base said to be around 740 million. The service is called Marketplaces according to The Information, and is already being developed. Apparently LinkedIn wants to explore a market, though small, but with potential for growth.”

Of course, many besides the self-employed are working remotely now, and many predict the trend will continue after the pandemic is in our rear view. This new reality means many new challenges for HR, and several employee management applications are being used to cope. Microsoft is also moving into this territory with its Viva platform, we learn from “The Arrival of ‘Enterprise Social’” at India’s BusinessWorld. Reporter Pradeep Kar elaborates:

“The opportunity is so big that Microsoft’s Chief Executive Satya Nadella went public, saying that the COVID-19 crisis would result in employee management applications that would outlast the pandemic. His company has quickly unveiled a new category of technology solutions called employee experience platforms (EXP) with Viva that ‘provides a single-entry point for employee engagement and internal communications.’ Microsoft calls Viva a gateway to the digital workplace. It includes human resource functions like payroll, tools to track employee performance, career development initiatives, etc. We know these employee engagement applications are not just good-to-have. They are critical. They allow organizations to keep employees connected, binding them to company goals and culture, improving productivity and loyalty.”

Microsoft’s Viva is not the only option, Par informs us. He lists Darwinbox, ADP Workforce Now, ZohoPeople, and PeopleStrong as just a few of the many alternatives.

We note Microsoft continues to explore its options as new things come along, a practice that has kept it in business since 1975. We wonder, though: Could this timing be a way to distract from the company’s part in the SolarWinds fiasco?

Cynthia Murrell, March 10, 2021

Encomium for Google AI: But What about the Ethics Issue?

March 9, 2021

The comments attached to a 2020 essay “Paths to the Future: A Year at Google Brain” are effusive. I noticed that there was no reference to the personnel issues roiling Google. The word “ethics” does not appear in the write up. Several statements caught my attention. Here these are with my question or comment in italics.

  • “Brain was a magnet for Google’s celebrity employees.” Two tier system? Yep, the celebrities and the others. For the author, this celebrity thing is exciting. For the others, it may be the root of discontent among the non-celebrity employees. Remarkable revelation from a young employee with little work experience in the Google environment.
  • “Google is an “AI-first” company, with the company seeking to implement machine learning in nearly everything do.” Smart software is important. It seems obvious to me that anyone questioning the fairness of such smart software is not going to fit into the celebrity category. Thus, a researcher with data suggesting systemic bias is a no-go. Hasta la vista, Dr. Gibru. The message is get with the program or get gone.
  • “The culture of Google Brain reminded me of what I’ve read about Xerox PARC.” Yep, the Xerox. The famous PARC. Ethernet, the mouse, bouncy visualizations. Just zero common sense when commercialization was required. Mr. Jobs paid a visit. The wizard showed off. Mr. Jobs created a reasonably successful company; Xerox PARC. A legend, just no Apple like commercial success with the graphical interface and the zippy Alto.

These three statements appear in the introduction to the essay. They are important for several reasons:

First, Google’s class system is evident and one of the first things the young wizard noticed. The two tier structure enshrines the high school science club approach to managing the firm.

Second, AI is a big deal at Google. Anyone not getting in line is headed for the door.

Third, the PARC touchstone makes it clear that inventing the future and doing cool things is the real work of the celebrity engineers.

What’s this mean for the lesser folk at Google? Unionization, push back, insubordination, and scorn for rah rah essays that make the Googleplex and the GOOG into just the most special company.

Autographed pictures? Probably coming in the near future as Google works to generate non-ad revenue. And ethics? Sure, the celebrity engineers ponder that issue 24×7.

Stephen E Arnold, March 9, 2021

GenX Indexing: Newgen Designs ID Info Extraction Software

March 9, 2021

As vaccines for COVID-19 rollout, countries are discussing vaccination documentation and how to include that with other identification paperwork. The World Health Organization does have some standards for vaccination documentation, but they are not universally applied.  Adding yet another document for international travel makes things even more confusing.  News Patrolling has a headline about new software that could make extracting ID information easier: “Newgen Launches AI And ML-Based Identity Document Extraction And Redaction Software.”

Newgen Software provides low code digital automation platforms developed a new ID extraction software: Intelligent IDXtract.  Intelligent IDXtract extracts required information from identity documents and allows organizations to use the information for multiple reasons across industries.  These include KYC verification, customer onboarding, and employee information management.

Intelligent IDXtract works by:

“Intelligent IDXtract uses a computer vision-based cognitive model to identify the presence, location, and type of one or more entities on a given identity document. The entities can include a person’s name, date of birth, unique ID number, and address, among others. The software leverages artificial intelligence and machine learning, powered by computer vision techniques and rule-based capabilities, to extract and redact entities per business requirements.”
The key features in the software will be seamless integration with business applications, entity recognition and localization, language independent localization and redaction of entity, trainable machine learning for customized models, automatic recognition, interpretation, location, and support for image capture variations.

Hopefully Intelligent IDXtract will streamline processes that require identity documentation as well as vaccine documentation.

Whitney Grace, March 9, 2021

Differences Between Deep And Machine Learning: A Picture Is Worth a 1000 White Papers

March 9, 2021

It is difficult to explain how AI and deep learning networks work, unless you have a background in IT or are actually designing them.  Humans, however, are visual learners and Data Science Central shared a nifty graphic that sums up the concepts quite nicely: “Deep Learning Versus Machine Learning In One Picture.”

Machine learning networks are complex, in-depth algorithms that are designed to learn from data.  When compared to deep learning networks, machine learning networks are like basic input/output commands,  Machine learning networks are unique within their contained, local environment, but deep learning networks extend beyond uniqueness.  They can operate in more than one dimension, communicate with more than environment, process data from many sources, and learn at a greater and faster rate.

Despite the differences, the image fails to answer basic questions about the networks.  These questions include: which is cheaper to implement?  Is one type of network better for certain situations or are they applicable to everything?  How can they be altered if not applicable?   

Complexity does not mean better, but keeping things simpler does not mean that either.  The image does a great job at summing up the basics, but it does not do anything to answer practical application questions.

Whitney Grace, March 9, 2021

AI Continues To Fail At Reading Emotions

March 9, 2021

Once computers can finally and correctly read emotions, its applications will be endless and its inventors will be as rich as Bill Gates.  AI still has a long way to go before technology accurately reads emotions.  Medium OneZero explains, “The Shoddy Science Behind Emotional Recognition Tech.”

Companies around the world are already touting emotion recognition technology for real world use, but most of the science behind the technology is bunk.  Senior Principal Researcher at Microsoft Researcher and co-founder of the AI Now Institute stressed how emotion recognition science is not conclusive.

Most emotion recognition software is built around psychologist Paul Ekman’s “seven universal emotions” theory.

“A meta-review of 1,000 studies found that the science tying our facial expressions to our emotions isn’t entirely universal. People make the expected facial expression to match their emotional state only 20% to 30% of the time, the researchers said.

But this technology is still being pushed on those who don’t have the power to refuse it. Children in virtual classrooms, job candidates performing virtual interviews, Amazon workers with cameras on them while they deliver packages, and even on people being questioned by police.”

It sounds like emotion recognition software could become the new lie detector.  Lie detectors use pseudo-science, even its inventor regretted the machine, to determine if a person tells falsehoods.  Thankfully lie detector results are not admissible in court, but law enforcement officials and lawyers still rely on them.  Emotion recognition software could be admissible in court until the science is proven wrong.  How many innocent people, students, job candidates, etc., will be effected?

Whitney Grace, March 9, 2021

DarkCyber for March 9, 2021, Now Available

March 9, 2021

This week’s DarkCyber is available on YouTube. The program includes two stories. The first is a summary of our SolarWinds’ research project. An investment firm commissioned a report to answer this question, “What are some companies that will benefit from the breach of SolarWinds’ Orion enterprise software?” The second story describes a loitering drone which has seen action in a recent hot fire skirmish.

The SolarWinds’ story comes at the breach of SolarWinds’ Orion product from a different angle. Most of the existing studies focus on what happened and what organizations are affected. Those reports fall into several broad categories: [1] Technobabble. These are explanations ignoring the obvious fact that non of the installed cyber security systems spotted the SolarWinds’ malware for more than six months, maybe more. [2] After action reports identifying issues with how SolarWinds and many other organizations software are assembled; for example, the use of open source libraries without making sure these libraries do not contain malware and managing basic security processes. [3] Academic / technical discussions of the specific types of malware used in the breach. (The reality is that the malware was based on existing exploits and used methods frequently discussed on hacker forums.)

In the course of our exploration of the hack, we learned that the existing, easily findable information provided a road map for the bad actors. Instead of lightning flashes of genius, the bad actors learned from a range of sources. We mention some of these in this video summary of portions of our research. Then we looked at SolarWinds itself. In this video summary, we provide a snapshot of the distraction factors at SolarWinds in the months leading up to the discovery of the breach. We identify the numerous balls SolarWinds’ executives were juggling. Obviously the firm’s security ball was fumbled by the juggler. The video summary identifies the types of commercial and open source software enabling the breach. One interesting finding is that Microsoft GitHub is the “home” for many useful tools. Some of these were likely to have facilitated certain functions added to existing malware. The final part of the video summary reveals the major findings of our research and analysis process.  A more comprehensive and detailed version of this summary will be presented to units of the US government in March. Some of the information will be provided to the attendees at the US 2021 National Cyber Crime Conference. The DarkCyber video summary, we believe, is useful.

There is no written report available to the public. However, if you want a comprehensive briefing about the report, please, write us at darkcyber333 at yandex dot com. There is a charge for the one hour Zoom briefing and a 30 minute question-and-answer session following the formal presentation.

The second story documents the steady advance of artificial intelligence deployed in autonomous kamikaze drones.

Kenny Toth, March 9, 2021

Microsoft Outlook Users: Maybe Proton Mail?

March 8, 2021

I spotted another write up about the security issues with the Azure, Defender, and Office365 services. Wow, nation states and groups of allegedly China-aligned hackers are making Microsoft look worse than Jackie Smith when he dropped a game winner for the Dallas Cowboys years ago. It seems as if bad actors are trying to out do one another in exposing the vulnerabilities of the Redmond construct. Wowza.

I read “White House Warns of Active Threat Following Microsoft Outlook Breach.” The write up states:

“We can’t stress enough that patching and mitigation is not remediation if the servers have already been compromised, and it is essential that any organization with a vulnerable server take measures to determine if they were already targeted,” the White House official said.

Several observations:

  1. If I were involved in the JEDI procurement, I would not be too enthusiastic about Microsoft technology being the plumbing for the Department of Defense. Hey, I know PowerPoint is the go to tool in many DoD units, but it appears that there may be some bad actors able to get their digital paws on the PPTX attachments to Outlook email.
  2. Microsoft is fighting an after action situation. The bad actors are forcing Microsoft to rush code fixes to large, already compromised organizations. If the bad actors are indeed “inside” certain entities, the bad actors are likely to have access to these speedy fixes and be able to exploit them. Why not substitute a “real” MSFT fix with a certified malware infused fix. Sounds like something bad actors might consider.
  3. In my lecture to a group of US government cyber security professionals in 48 hours, I use the analogy of radiation poisoning for the SolarWinds’ and Microsoft Exchange breaches. Once the polonium is in the target, the fix is neither quick, simple, or ultimately likely to work.

Net net: Other bad actors will learn from these breaches and launch their own initiatives. That’s not good because there are quite a few bad actors eagers to make a mockery of US technology. I think one might characterize the Microsoft “repair after the barn burns down” as bad optics.

It’s bad something, for sure. Remember. It is the White House sounding the alarm, not an alphabet soup agency.

Stephen E Arnold, March 9, 2021

Ah, Google: Does Confusion Signal a Mental Health Issue?

March 8, 2021

Upon rising this morning, I noted this item in “The New Google Pay Repeats All the Same Mistakes of Google Allo.” The idea is that Google management has reinvented an application, changed the fee method, and named the “new” Google Pay app “Google Pay.” According to the write up:

Google is killing one perfectly fine service and replacing it with a worse, less functional service.

Slashdot’s item about this remarkable “innovation” includes this comment:

The worst part of it all is that, like the move from Google Music to YouTube Music, there is no reward at the end of this transition.

I have to admit that I don’t remember much about my college psych course, but I seem to recall something called Schizoaffective Disorder. Shrinks revel in such behaviors as sometimes strange beliefs that the person refuses to give up, even when they get the facts; problems with speech and communication, only giving partial answers to questions or giving answers that are unrelated; and problems with speech and communication, only giving partial answers to questions, or giving answers that are unrelated, and trouble at work, school, or in social settings. (Yep, I had to get some help from the ever reliable Webmd.com.)

More intriguing was the news item “Google Advised Mental Health Care When Workers Complained about Racism and Sexism.” That article asserted:

In early 2020, a Black woman attended a Google meeting about supporting women at the company where data was presented that showed the rate that underrepresented minority employees were leaving the company. When she said that Black, Latina and Native American women have vastly different experiences than their white female colleagues and advised that Google address the issue internally, her manager brusquely responded, telling her that her suggestion was not relevant, the woman said. The woman then complained to human resources, who advised her to coach the manager about her problematic response or take medical leave to tend to her own mental health, she said. The woman also spoke on the condition of anonymity because she’s still an employee and not permitted to speak to reporters.

Does this mean that the women who worked in ethical artificial intelligent were “mentally unfit” for the Google?

Stepping back, the problem may not be with the Google Pay app or the people reported as mental health concerns. The problem appears to reside in the culture and explicit and implicit “rules of the road” for Alphabet Google.

Several observations may be warranted:

  • The legal attention Google is drawing should result in lower profile or significant efforts to avoid personnel related issues becoming news. Google’s behavior appears to generate significant attention and spark outrage, including increased employee annoyance.
  • The financial pressures on Google should be sparking wizards to craft well conceived, highly desirable ways to monetize billions of users who make use of “free” Google services. It certainly seems that Google is taking steps which seem to be irrational to those outside Google whilst appearing to be logical to those steeped in the Google milieu. The Google culture could be a form of milieu therapy which feeds to possible Schizoaffective Disorder.
  • Google’s management behaviors are interesting. On one hand, naming services underscores the problems the firm has with speech and communication. On the other hand, mashing racial, social, and ethical hot buttons seems to escalate the stakes in the personnel game.

Net net: I think these behaviors are interesting. What these actions really mean must be left to user, employees, lawyers, and probably psychiatrists. These actions are further evidence of the weaknesses of the high school science club approach to management. Here in rural Kentucky, one of my research team said, “Crazy.”

That’s quite an observation about a big, informed, powerful company.

Stephen E Arnold, March 8, 2021

Microsoft: Yeah, about Those Distributed Systems and the Wonderful Exchange Systems

March 8, 2021

I found the information about the most recently disclosed Microsoft Exchange breaches troubling. The “1,000 bad actors” comment from the Softies seemed to say:

Hey, how can a company like Microsoft defend itself against a 1,000 programmers focused on undermining out approach to building, deploying, and servicing our software?

Yep, 1,000 bad actors were allegedly needed to create the issues associated with SolarWinds and the assorted silly names attached to malware available via certain “dark” channels?

How many bad actors does it take to create issues for what is it? 20,000 or more organizations. One news service based in India did its level best to maintain an even tone in “Over 20,000 U.S. Organizations Compromised through Microsoft Flaw.” See the number? 20,000. Maybe India does not buy into a larger number; for example, Krebs on Security states: “At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software.”

Just a delta of 10,000? Hey, no big deal.

Now who pulled off this hack in the midst of the SolarWinds’ misstep? China. The country is larger than Russia which managed an estimated 18,000 compromised systems.

Okay, it is time to face up to reality:

  1. The oh-so-nifty distributed systems which rely on libraries which may or may not be secure is a big, fat sitting duck
  2. There is no quick fix. Microsoft’s rush rush patches don’t seem to be working if the sources I have reviewed are on the money
  3. Microsoft’s method of shoving software to licensees creates problems; for example, check out KIR, a tool that undoes updates which kill or impair licensees’ systems.

Who spotted the breach? Microsoft Defender, the Azure security system, Microsoft’s own security teams? Nope, allegedly an outfit call Volexity.

Exactly what was being monitored by the hundreds of super duper security sleuthers who sell threat intelligence, AI infused cyber security systems, and special entities which perform checks on crucial systems?

Pretty much checking out YouTube, sending text messages about pizza, and posting to Twitter about the perils of Facebook and Google.

The scale of the Exchange misstep is interesting.

What happens if one of the groups undermining the computer systems of the US decide to terminate the systems for finance, travel, and mobile communications?

Here’s my answer: Find a donkey and a cart. Life will change quickly and no quick patch for deeply flawed Microsoft technical processes will arrive to make everything better again.

Microsoft’s methods are the problem. And what about the 1,000 programmers? That’s Microsoft speak for flaws which a small group of focused bad actors can achieve. The only coding that takes a 1,000 people is Microsoft’s Teams unit. Those folks are adding features while core functions are stripped bare, exploited, and turned into weapons.

It will be interesting to learn what Microsoft apologists involved in the JEDI program say about this misstep.

Keep in mind. No one knows exactly how many systems have been and remain compromised by by the SolarWinds’ and the most recently revealed Exchange fumble.

What will Brad Smith say? I can hardly wait assuming that my systems are not zapped by bad actors who are surfing on shoddy solutions.

Stephen E Arnold, March 8, 2021

India and Amazon Tie Contrived Knots

March 8, 2021

Small businesses in India have been accusing Amazon of shady business practices for some time. Now, a report from Reuters has exposed the company’s strategy to circumvent Indian regulators. Fossbytes discusses the report in, “The Great Amazon India Document Leak: All You Need to Know.” We’re told one internal presentation obtained by Reuters blatantly urged workers to “test the boundaries of what is allowed by law.” Not a good look, Amazon. Journalist Manik Berry writes:

“According to the report by Reuters, Amazon has been bending rules just enough to not get into legal trouble in India. For instance, the Indian FDI (foreign direct investment) rules prevent Amazon or other e-commerce retailers to control inventory in India. This means Amazon can be the platform where buyers meet sellers but it cannot control how the sellers sell things. However, the report says Amazon found a way to control the inventory. …
“Amazon’s internal documents reveal the creation of a ‘Special Merchant (SM)’ in 2014. This special merchant, namely Cloudtail, is one of the biggest sellers on Amazon, accounting for over 40% of the platform’s sales. Cloudtail was created as a collaboration between Amazon and the Infosys founder, N.R. Narayana Murthy. Amazon wanted it to control more than 40% of sales on Amazon India. This would’ve made it a $1 billion business, whose profit would, indirectly, go to Amazon. What’s alarming is that Cloudtail is created and controlled by Amazon, which means it directly flouted the Indian FDI rules.”

The report also reveals that about a third of Amazon India’s sales come from only 33 sellers. It seems the company has been providing those select few with support and promotion, giving them an unfair advantage. The leaked docs suggest this practice is resulting in losses for the other 66%. For more details, we direct readers to the extensive Reuters article.

Amazon is still the Bezos bulldozer. Perhaps the new driver is a streak of cleverness lacking when Mr. Bezos pulled the levers?

Cynthia Murrell, March 8, 2021

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta