SolarWinds: In the News
June 2, 2021
Here’s the good news in “SolarWinds Hackers Are Back with a New Mass Campaign, Microsoft Says.” Microsoft and other firms are taking actions to cope with the SolarWinds’ misstep. That’s the gaffe which compromised who knows how many servers, caught the news cycle, and left the real time cyber security threat detection systems enjoying a McDo burger with crow.
I circled this positive statement:
Microsoft security researchers assess that the Nobelium’s spear-phishing operations are recurring and have increased in frequency and scope,” the MSTC post concluded. “It is anticipated that additional activity may be carried out by the group using an evolving set of tactics.
The good news is the word “evolving.” That means that whatever the cyber security wizards are doing is having some impact.
However, the bulk of the write up makes clear that the bad actors (Russian again) are recycling known methods and exploiting certain “characteristics” of what sure seem to be Microsoft-related engineering.
There are some clues about who at Microsoft are tracking this stubbed toe; for example, a vice president of cust0omer security and trust. (I like that word “trust.”)
Several observations:
- Phishing
- Surfing on Microsoft-like methods; for example, hidden DLLs, which are usually really fun
- A reactive approach.
What’s my take away from the explanation of the security stubbed toe: No solution. Bad actors are on the offensive and vendors and users have to sit back and wait for the next really-no-big-deal breach. Minimization of an “issue” and explaining how someone else spilled the milk will be news again. I think the perpetual motion machine has been discovered in terms of security.
Stephen E Arnold, June 2, 2021
What Is Cloud Computing? It May Be Timesharing REbranded
June 1, 2021
I have been around long enough to watch hot trends come and go. Then years or decades later the “old” new thing returns. “Nvidia Is Renting Out Its A.I. Superpod Platform for $90K a Month” states:
Nvidia is looking to make work and development in artificial intelligence more accessible, giving researchers an easy way to access its DGX 2 supercomputer. The company announced that it will launch a subscription service for its DGX Superpod as an affordable way to gain entry into the world of supercomputers.
Does this sound like timesharing to you? It does to me. And what about those automatic upticks in charges? It is too early to tell, but my hunch is that there will be “peak times,” data transfer thresholds, and a taxi meter method applied to some user actions. I hope I am wrong, but, hey, timesharing business models have been around since — what? — the 1950s. That is long enough for those thrilling moments after opening a timesharing invoice to become one of the benefits of this “new” but “old” approach to computing.
Will the Nvidia supercomputing deals include a white coat? One tip: If you tour the superpod data facility, take a sweater.
Stephen E Arnold, June 1, 2021
Data Federation: Sure, Works Perfectly
June 1, 2021
How easy is it to snag a dozen sets of data, normalize them, parse them, and extract useful index terms, assign classifications, and other useful hooks? “Automated Data Wrangling” provides an answer sharply different from what marketers assert.
A former space explorer, now marooned on a beautiful dying world explains that the marketing assurances of dozens upon dozens of companies are baloney. Here’s a passage I noted:
Most public data is a mess. The knowledge required to clean it up exists. Cloud based computational infrastructure is pretty easily available and cost effective. But currently there seems to be a gap in the open source tooling. We can keep hacking away at it with custom rule-based processes informed by our modest domain expertise, and we’ll make progress, but as the leading researchers in the field point out, this doesn’t scale very well. If these kinds of powerful automated data wrangling tools are only really available for commercial purposes, I’m afraid that the current gap in data accessibility will not only persist, but grow over time. More commercial data producers and consumers will learn how to make use of them, and dedicate financial resources to doing so, knowing that they’ll be reap financial rewards. While folks working in the public interest trying to create universal public goods with public data and open source software will be left behind struggling with messy data forever.
Marketing is just easier than telling the truth about what’s needed in order to generate information which can be processed by a downstream procedure.
Stephen E Arnold, June xx, 2021
Google: More Personnel Excitement
June 1, 2021
I am not too keen on what used to be called human resources. I am not sure I liked being a “resource” like sand or lignite. I once wrote a report about “sherm”. Was I surprised. The “word” was the way personnel professionals pronounced the estimable trade association Society for Human Resource Management. SHRM became sherm to those in the know. I did the report; got paid; and decided to not think about personnel again. Until I read “Over 10,000 Women Are Suing Google over Gender Pay Disparity.” Now that’s a personnel story which is almost up to the level of the Timnit Gebru matter.
According to the write up:
Four women who worked at Google have won class-action status to proceed with their gender pay disparity lawsuit, reports Bloomberg. The latest ruling in the protracted legal battle means the suit can now apply to 10,800 women who held various positions at the tech giant since 2013. Those affected represent a broad cross-section of vocations including engineers, program managers, salespeople and at least one preschool teacher. The women, who are seeking more than $600 million in damages, allege Google violated the California Equal Pay Act by paying them less than their male counterparts, promoting them slowly and less frequently.
I have used the phrase “high school science club management methods” or HSSCMM or H2SC2M to capture the approach some Google managers take to the personnel thing. If the information in the article is accurate, it would appear that Google had institutionalized pay disparity. That’s something my high school science club would have done for sure.
My thought is that Alphabet Google may want to check out the information on the SHRM Web site. I clicked on the Compensation tab and spotted a number of articles about employee pay. There’s an entry for “Using AI in Comp Decisions? Here’s How to Build Trust.” That write up seems germane. It mentions artificial intelligence, and based on the recent Google conference, smart software is a big deal at the Google. The write up mentions “trust.” That’s important when visiting via Google’s Zoom clone with prospective female hires at big time universities.
Perhaps Google should pull up roots and relocate to a country which does not fiddle around with the equality notion? Can a high school science club just pick up and head to such a place? Sure. High school science thinkers (regardless of age) can come up with absolutely brilliant solutions that seem logical to them. Example: Buying Motorola, Orkut, solving death, etc.
It’s sherm. Remember when you sign up for an online equality in compensation course. Sherm and 657175616c697479.
Stephen E Arnold, May 28, 2021
Facebook Reputation Glitch: Just a Misunderstanding or a Warning Signal?
June 1, 2021
I read “Facebook Battles Reputation Crisis in the Middle East.” Interesting but narrow. Why? I think the write up identifies an issue—a serious one at that. However the “crisis” extends beyond the Middle East. The write up has a narrow focus, but it identifies a critical weak spot for the Zuck machine.
Here’s a passage I noted:
Facebook is grappling with a reputation crisis in the Middle East, with plummeting approval rates and advertising sales in Arab countries, according to leaked documents obtained by NBC News. The shift corresponds with the widespread belief by pro-Palestinian and free speech activists that the social media company has been disproportionately silencing Palestinian voices on its apps – which include Facebook, Instagram and WhatsApp – during this month’s Israel-Hamas conflict.
As US monopolies wrestle with the challenges of unfettered content flowing from equally free spirit users, Facebook cannot be friends with everyone. Don’t hit that like button automatically.
Facebook, however, is a monopolistic-type of operation which is a digital nation. The collision of the datasphere and the real world is going to test the precepts of Zuckland.
Are there real world consequences from this reputation glitch? Yes, and among them is the very significant risk that the ripples will spread. Can one contain ripples in a pond or the wave in a digital ocean? Maybe.
Stephen E Arnold, June 1, 2021
DarkCyber for June 1, 2021, Now Available
June 1, 2021
DarkCyber is a video news program about the Dark Web, cyber crime, and lesser known Internet services. This edition’s story line up includes a bad actor promoting on the regular Internet, a look at Europol’s business process analysis for industrialized cyber crime, a University of Washington research project for a do-it-yourself IMSI sniffer, two free reports about phishing, the go-to method for compromising users’ computer security, and a look at the Gaza, a new drone designed to strike at those who would wrongfully act toward certain groups. DarkCyber is produced by Stephen E Arnold with assistance from the DarkCyber research team. The programs appear twice each month. The videos are available on YouTube. You can view the video via the player on the Beyond Search blog or at https://youtu.be/f1ym19l2Y0I. No ads, no vendor supported posts, nothing but Mr. Arnold commenting on important news stories. How is this possible? No one who thumb typers knows.
Kenny Toth, June 1, 2021
-
- Subscribe to Beyond Search
Feature archive
News archive
-
