A Meta-Coincidence? Absolutely. Pure Chance from the Zucksters

August 15, 2022

I noted to separate news items about Meta (formerly Zuckbook).

The first item “WhatsApp Boss Says No to AI Filters Policing Encrypted Chat” reports:

Will Cathcart, who has been at parent company Meta for more than 12 years and head of WhatsApp since 2019, told the BBC that the popular communications service wouldn’t downgrade or bypass its end-to-end encryption (EE2E) just for British snoops, saying it would be “foolish” to do so and that WhatsApp needs to offer a consistent set of standards around the globe. “If we had to lower security for the world, to accommodate the requirement in one country, that … would be very foolish for us to accept, making our product less desirable to 98 percent of our users because of the requirements from 2 percent,” Cathcart told the broadcaster. “What’s being proposed is that we – either directly or indirectly through software – read everyone’s messages. I don’t think people want that.”

Okay, customer centricity, clear talk, and sincere. Remember this is the Zuck outfit talking. With regulations making visible functions that some believe have been running on certain high-traffic nodes for some time, the principled stand of the Zuck’s WhatsApp is interesting. Keep in mind that the comments, according to the cited article were made on the BBC and referenced a desire to have child porn monitoring implemented. Yep, the Brexit outfit rejected by the Zuck outfit.

The second item with a bigly, Google-ized headline “Nick Clegg Joins Exodus of Silicon Valley Execs in Return to London: Ex-Deputy PM Will Split Time between UK and California to Spend More Time with Elderly Parents – After Instagram Boss Also Moved to the Capital” states:

In its results last week, Meta’s total costs and expenses increased 22 per cent year on year in the first quarter, while headcount was up 32 per cent. Net income plunged by 36 percent compared to the previous quarter, to $6.7 billion.

Coincidence? Nope, revenue crash, Kardashian pushback on Instagram changes, EU and UK government scrutiny, and job opportunities for the next prime minister. Just chance. These coincidences say to me, “Yo, big trouble ahead because who wants to move in today’s travel unfriendly, Covid and Monkeypox ravaged environment?.” Obviously the Zucksters do.

Stephen E Arnold, August 15, 2022

NSO Group-Like Software: Where Did It Originate?

August 15, 2022

I noted another story related to the NSO Group Pegasus coverage. This report was “Israel Police’s Pegasus Spyware Prototype Revealed” talks about what may be an ur-NSO Group type software. Like literature majors who puzzle over an urHamlet, the mystery is, “Where does the idea originate?” Like Shakespeare, one of the most notable recyclers, the article suggests that:

Details and screenshots of a prototype version of the Pegasus spyware designed for Israeli police back in 2014 reveal the tools and far-reaching capabilities of a system that was slated to be deployed in everyday police work.

That suggests that the intelware was mostly functio0nal eight years ago. I learned:

… the [Pegasus] spyware was operationally deployed as early as 2016

That was six years ago.

The article points out:

Pegasus could read WhatsApp messages.

The article asserts:

Another capability … mentioned in the presentation is the interception of incoming and outgoing phone calls. Besides this ability, which seems to be relatively routine in the world of intelligence surveillance, there is another one known in the professional parlance as “volume listening” and is considered much more intrusive. In simple terms it means real time wiretapping to a device’s surrounding through the remote activation of the device’s microphone.

Another interesting alleged functionality is:

With the spyware, the police can gain full access to all the files stored on the phone, including those that are end-to-end encrypted. This encryption technology prevents access to a device’s content through cellular antennae or other infrastructures. Even if a file is intercepted, it cannot be decoded. However, on a device that has been infected with the spyware, all the files become visible.

My recollection is that the “origin” of the Pegasus tool was a person who worked in a mobile phone store. Perhaps this is true, but the functionality of the “prototype” almost a decade ago begs a question I find interesting:

“Where did the idea for Pegasus originate? Who came up with the requirements for a mobile phone capability like this?

I don’t have an answer to this question, but I will raise it in the context of the remarkable similarity among other types of intelware developed by individuals with some experience in the armed forces whose offices are in relatively close proximity in one country with reasonably close ties to the US. My lecture to a US government entity will be in mid-September. Perhaps other “real news” outfits will pursue the history of Pegasus. But whose idea was it in the first place? Maybe like the ur-Hamlet the question may not be answered. But those requirements! Spot on.

Stephen E Arnold, August xx, 2022

Pirate Library Illegally Preserves Terabytes of Text

August 15, 2022

Call it the Robin Hood of written material. (The legendary outlaw, not the brokerage outfit.) The Next Web tells us about an effort to preserve over seven terabytes of texts in, “The Pirate Library Mirror Wants to Preserve All Human Knowledge … Illegally.” Delighted writer Callum Booth explains:

“The Pirate Library Mirror is what it says on the tin: a mirror of existing libraries of pirated content. The project focuses specifically on books — although this may be expanded in the future. The project’s first goal is mirroring Z-Library, an illegal repository of journal articles, academic texts, and general-interest books. The site enforces a free download limit — 10 free books a day — and then charges users when they go above this. Z-Library originally branched off another site serving illegal books, Library Genesis. The former began its life by taking the latter site’s data, but making it easier to search. Since then, the people running Z-Library have built a collection that includes many books not available on its predecessor. This is important because, while Library Genesis is easily mirrorable, Z-Library is not — and that’s where the Pirate Library Mirror comes in. Those behind the new project cross-referenced Z-Library with Library Genesis, keeping what was only on the former, as that hasn’t been backed up. This amounts to over 7TB of books, articles, and journals.”

Instead of engaging in the labor-intensive process of transferring those newer Z-Library files to Genesis, those behind the Pirate Library simply bundle it all across multiple torrents. Because this is more about preservation than creating widespread access, the collection is not easily searchable and can only be reached via TOR. Still, it is illegal and could be shut down at any time. Booth acknowledges the complex tension between information access and the rights of content creators, but he is also downright giddy about the project. It reminds him of the “old school” internet, a wonderland of knowledge for the sake of knowledge. Ah, those were the days.

Cynthia Murrell, August 15, 2022

Google: Oh, Oh, Another Example of a Government Not Being Googley

August 12, 2022

I read “Google LLC to Pay $60 Million for Misleading Representations.” The write up reports, if the information is spot on:

The Federal Court [of Australia] has ordered Google LLC to pay $60 million in penalties for making misleading representations to consumers about the collection and use of their personal location data on Android phones between January 2017 and December 2018, following court action by the ACCC. The Court previously found that Google LLC and Google Australia Pty Ltd (together, Google) had breached the Australian Consumer Law by representing to some Android users that the setting titled “Location History” was the only Google account setting that affected whether Google collected, kept and used personally identifiable data about their location. In fact, another Google account setting titled “Web & App Activity” also enabled Google to collect, store and use personally identifiable location data when it was turned on, and that setting was turned on by default.

What did this decision tell me? The Australian Court is not Googley. Ah, lawyers.

Stephen E Arnold, August , 2022

Microsoft Outlook: Excellence in Action?

August 12, 2022

I spotted “Microsoft Confirms a New Outlook Bug.” If the information in the cited article is accurate, some lucky Teams users will not be able to use the Microsoft Outlook email application. (Which of the many features is malfunctioning?)

I noted one statement, allegedly offered by a real Microsoftie.

“We do not know why the EmailAddress key is not being set properly.

Now that’s interesting: An open admission of a lack of knowledge, information, and insight. I was disappointed not to see:

  1. Blame shifted to some of the 1,000 Russian engineers who crated a stir with the SolarWinds’ misstep
  2. Responsibility aimed at state sponsored actors in such countries as Iran, North Korea, et al
  3. Mistakes made by an overworked, under skilled intern who was told to use the “good enough for horseshoes approach”
  4. Google because… well, just Google.

Stephen E Arnold, August 12, 2022

Cisco Systems: Security? Well, the Ads Say So

August 12, 2022

I read a mildly amusing article which revealed a flaw in Cisco Systems’ security. The write up was “Cisco Hacked by Yanluowang Ransomware Gang, 2.8GB Allegedly Stolen.”

Why did I chuckle?

I noted these ads in a recent Google search about — you guessed it — network security.

The first ad is for networking solutions and Cisco’s secure firewall. Gander at this:

image

The second ad popped up when I searched for Cisco and its super expert Talos unit. Talos, an acquisition from Israel, is supposed to be one of the Fancy Dan threat intelligence outfits. The idea you know before there is trouble. Peek at this:

image

You can download the report from this link.

What did the article report as spot on information? Here’s a passage I noted:

The Yanluowang threat actors gained access to Cisco’s network using an employee’s stolen credentials after hijacking the employee’s personal Google account containing credentials synced from their browser. The attacker convinced the Cisco employee to accept multi-factor authentication (MFA) push notifications through MFA fatigue and a series of sophisticated voice phishing attacks initiated by the Yanluowang gang that impersonated trusted support organizations. The threat actors finally tricked the victim into accepting one of the MFA notifications and gained access to the VPN in the context of the targeted user. Once they gained a foothold on the company’s corporate network, Yanluowang operators spread laterally to Citrix servers and domain controllers.

Several observations:

  1. Cisco identified the bad actors as a group which sure seems to be from a specific country. Russia? No, that nation state has demonstrated that some of its tactical expertise falls short of a high water mark probably captured in a PowerPoint deck. Tanks? Remember?
  2. The security breach was something the vaunted Cisco security systems could not handle. An insider. Interesting because if this is indeed accurate, no organization can protect itself from an insider who is intentionally or unintentionally compromised. Is this useful information for a bad actor?
  3. If the Cisco security systems and its flow of threat intelligence were working, why is the company after the fact able to enhance or improve its own security. Wasn’t there a fairy tale about shoemaker’s children not having a snappy new paid of collectible shoes?

Net net: The buzz about a group of companies banding together to share security related information is interesting. What this story about the Cisco breach tells me is that teaming up is a way of circling the wagons. Maybe PowerPoints and ads not completely accurate? Nah, impossible.

Stephen E Arnold, August 12, 2022

Intel: Optane Offline

August 12, 2022

I group Optane in the Intel “horse feathers” category. There is another point of view, and I want to highlight because different ideas are useful. The none-horse feather angle is expressed in “Why the End of Optane Is Bad News for All IT. The Biggest New Idea in Computing for Half a Century Was Just Scrapped.” (I will not point out the “all” word. I will not remind you, gentle reader, that quantum computer is also one of the big ideas in computing in the last half century. I want to, but I will be restrained.)

The article romps through the history of no file systems, sort of file systems, clunky methods of moving zeros and ones to and fro, and related milestones. Here’s the main point of Intel Optane:

No more installing OSes, no more booting up. No more apps. The OS sits in memory all the time, and so do your apps. And if you have a terabyte or two of nonvolatile memory in your computer, what do you need SSDs for? It’s all just memory. One small section is fast and infinitely rewritable, but its contents disappear when the power goes. The other 95 per cent holds its contents forever.

I understand. I think that the technical idea was darned good. However, the flaw in the Intel method is stated clearly in the write up, just more delicately than my sweeping the Intel method into the pile of horse feathers I favor. Here’s the sentence I think nails it:

But Intel made it work, produced this stuff, put it on the market… and not enough people were interested, and now it is giving up, too.

“Giving up.” Intel has substituted finding a way to make it work for PR and marketing. With the CHIPS coming, Intel will have a chance to deliver, if not at Apple nanoscale.

What makes me nervous about technology outfits today is that “good enough” is now defined as “excellence.”

“Giving up” is working hard to make good business decisions. Intel must demonstrate that it can deliver old fashioned excellence and persistence. You know just not “giving up.”

Stephen E Arnold, August 121, 2022

Thank Goodness SAIL Disses LAME-DUH. Sorry, LaMDA

August 12, 2022

Google hired a wizard. The wizard then suggested, believed, hallucinated that the software was sentient. Yeah. Big news for UFO spotters, venture capitalists, and itinerant shamans. The truth is now official, and it comes from a veritable hot bed of smart software: Stanford University. “Stanford AI Experts Call BS on Claims That Google’s LaMDA Chatbot Is Sentient” states:

“LaMDA is not sentient for the simple reason that it does not have the physiology to have sensations and feelings,” said John Etchemendy, the co-director of the Stanford Institute for Human-centered AI (HAI). “It is a software program designed to produce sentences in response to sentence prompts.” Yoav Shoham, the former director of the Stanford AI Lab, agreed that LaMDA isn’t sentient. He described The Washington Post article “pure clickbait.”

There you go. No references to Snorkel. No comments about the origin of clickbait. (Factoid: It was developed as soon as Backrub became available.) But there is this concern:

The hype may generate clicks and market products, but researchers fear it’s distracting us from more pressing issues. LLMs are causing particular alarm. While the models have become adept at generating humanlike text, excitement about their “intelligence” can mask their shortcomings. Research shows systems can have enormous carbon footprints, amplify discriminatory language, and pose real dangers.

In my opinion, some of the challenges Big Tech presents are manifestations of beliefs, insights, and learnings acquired at Stanford University. In a way, I feel sorry for the Stanford graduates who now face some interesting challenges. Oracle is RIFfing some SU alums. Facebook has told some unmotivated and less wizard-like Stanford grads to quit. Even the Stanford extension known as The Google says, “Work harder.”

I also worry a bit about Mr. Lemoine, the Google person, who said LaMDA was alive. Imagine having to explain that to an executive recruiter for a gravel company or a screener working for the UK’s National Crime Agency.

But life is so much better now that we have Stanford-infused services, isn’t it? Yep, LaME-DA. Sorry, I meant LaMDA. Darn, no wonder I was not admitted to SU.

Stephen E Arnold, August 12, 2022

Brave Tells Truth About DuckDuckGo Privacy

August 12, 2022

DuckDuckGo advertises itself as the only search engine that protects users’ privacy. While that used to be true, unfortunately it is no longer the case. The Register explains the details in, “Brave Roasts DuckDuckGo Over Bing Privacy Exception.” Brendan Eich is the CEO of Brave, an Internet browser that blocks trackers, cookies, creepy ads, and simplifies privacy. Brave even boasts it can outmaneuver Mozilla Firefox, describing its services as limited. Eich stated that DuckDuckGo allows Microsoft Bing and LinkedIn trackers accessibility in its Android, macOS, and iOs browsers.

Eich pointed out that DuckDuckGo’s contract with Microsoft exempted LinkedIn and Bing from being blocked. DuckDuckGo claims to Eich exaggerated the claim and he was referring to ad clicks. The search engine said its ads remain private. Privacytests.org tested Brave’s assertion and they could only test the Android versions. Brave did block more ads and link tracking than DuckDuckGo. Arthur Edelstein runs privacytests.org and works for Brave. He claimed that he created privacytests.org before his Brave employment and that his tests are objective.

While the tests about Brave and DuckDuckGo might be biased, Big Tech can circumnavigate privacy blockers:

“In other words, here’s how you route around privacy protections to measure your ads, whether people want this or not. Back in 2012, when Google agreed to pay a $22.5 million civil penalty to settle Federal Trade Commission charges that it misled Apple Safari users by stating it would not place tracking cookies or serve them targeted ads, the issue was the gap between what Google said and did.

Here we have Microsoft Bing Ads counseling customers how its technology facilitates tracking without third-party cookies, regardless of whether users have expressed the desire not to be tracked by adopting a privacy-oriented browser.”

Currently, there are laws to protect users’ privacy, but are only enforceable if the tracking is deemed deceptive. Google was fined for dropping cookies on Safari, but only when the search engine said it would not. California has a new regiment of privacy laws, which could set the standard for the US if someone in the state complains. Until then be aware you are being tracked and your history is sold.

And how did DuckDuckGo respond? Waddled backwards.

Whitney Grace, August 12, 2022

The New Yorker Magazine Gets Close to a Key Precept of Google Senior Management

August 11, 2022

I suggest that anyone interested in the bizarre personnel decisions which have become as notable as Google’s amazing announcements about its technology read “Google’s Caste-Bias Problem: A Talk about Bigotry Was Cancelled Amid Accusations of Reverse Discrimination. Whom Was the Company Trying to Protect?” The article did not appear to be behind a paywall, but you may be asked to spit out some cash to read the interview.

I am not going to discuss the ins and outs of the interview, its factoids, or the motivation for the comments.

I have several observations:

  1. The New Yorker has identified and made visible behaviors which have been ignored by other “real” news outfits; for example, Yahoo News. (Yahoooooo!) The question is, “Why?”
  2. The consequences of certain decisions have been fascinating. Dr. Timnit Gebru departed and set out to do the Don Quixote thing? Blake Lemoine, the fellow who thought software was alive, is now free to share his insights on podcasts. By doing this, he highlights some of the thought process of Google professionals. Then there was the cult. I don’t want to think about that.
  3. The high school science management methods of the Google have certain deep roots. I am not sure if these are cultural, bro-behaviors, or some other protein firing in the carpetland crew. What’s clear is that only Meta’s management methods are in what I would call the Sergey-Larry league. Maybe it’s the water in Silicon Valley.

Net net: The New Yorker’s Delphic soothsayers are definitely on to something that business school gurus have been skirting for years.

Stephen E Arnold, August 11, 2022

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta