VPNs May Become a Problem for Bargain Hunters
February 7, 2025
Do you love online shopping? What am I talking about, you’re on the Internet, so, of course, you do. If you’re in the mood to shop and you use a VPN, I have some bad news to you via PC Mag: “Holiday Shopping? These Sites May Block VPN Users, Cancel Purchases.” The holiday season is over and everyone is recovering from their credit card bills, but that doesn’t stop you from buying groceries and other essentials online.
Valentine’s Day is almost upon us. Will VPN blocking kill Cupid’s ardor for clicking?
What else are you going to do during a snowy day? Your beloved VPN that protects your IP and allows you to watch shows unavailable on Netflix, Hulu, and other streaming Web sites could prevent you from buying more stuff.
Why?
Kate Irwin investigated this issue when she was in the market for a new laptop case. She purchased one over her VPN using her Proton Mail account from Corsair. Proton Mail allows users to have an alias, which is what Irwin used during her first attempt. The order was canceled. She used her real account, but her order was canceled a second and third time. Her attempts ended with:
"Corsair may be blocking VPNs because scammers use them when attempting credit card fraud. They might also cancel orders that don’t get text confirmations from the buyer (though using text verification isn’t all that secure because of SIM-swapping attacks). Corsair also said in its automated email that trying to send an order to a shipping company’s address could get it cancelled, but I hadn’t done that (and I reached out to Corsair for comment).”
Amazon, eBay, and other popular Web sites might be blocking VPNs. Many of these Web sites don’t prohibit using a VPN, but they block them because of security reasons. Bad actors use multiple accounts and VPNS to engage in fraudulent activity, such as scams, fake listings, and fake purchases.
The VPNs are blocked because you’re using a “dirty” IP. There are a limited number of IPs and the one you’ve selected is tied to malicious activities. You can get around the issue with a dedicated IP, using an IP within your country, or turn it on and off while you’re shopping. That’s probably the easiest method.
VPNs may be viewed as a problem which must be solved by a mysterious online intermediary blocking and filtering to make life better for shoppers everywhere. And the merchants? Oh, the merchants will benefit too.
Whitney Grace, February 7, 2025
Acquiring AWS Credentials—Let Us Count the Ways
February 7, 2025
Will bad actors interested in poking around Amazon Web Services find the Wiz’s write up interesting? The answer is that the end of this blog post.
Cloud security firm Wiz shares an informative blog post: "The Many Ways to Obtain Credentials in AWS." It is a write-up that helps everyone: customers, Amazon, developers, cybersecurity workers, and even bad actors. We have not seen a similar write up about Telegram, however. Why publish such a guide to gaining IAM role and other AWS credentials? Why, to help guard against would- be hackers who might use these methods, of course.
Writer Scott Piper describes several services and features one might use to gain access: Certain AWS SDK credential providers; the Default Host Management Configuration; Systems Manager hybrid activation; the Internet of Things credentials provider; IAM Roles Anywhere; Cognito’s API, GetCredentialsForIdentity; and good old Datasync. The post concludes:
"There are many ways that compute services on AWS obtain their credentials and there are many features and services that have special credentials. This can result in a single EC2 having multiple IAM principals accessible from it. In order to detect attackers, we need to know the various ways they might attempt to obtain these credentials. This article has shown how this is not a simple problem and requires defenders to have just as much, if not more, expertise as attackers in credential access."
So true. Especially with handy cheat sheets like this one available online. Based in New York, New York, Wiz was founded in 2020.
Will bad actors find the Wiz’s post interesting? Answer: Yes but probably less interesting than a certain companion of Mr. Bezos’ fashion sense. But not by much.
Cynthia Murrell, February 7, 2025
China Smart, US Dumb: The Deepseek Foray into Destabilization of AI Investment
February 6, 2025
Yep, a dinobaby wrote this blog post. Replace me with a subscription service or a contract worker from Fiverr. See if I care.
I have published a few blog posts about the Chinese information warfare directed at the US. Examples have included videos of a farm girl with primitive tools repairing complex machinery, the carpeting of ArXiv with papers about Deepseek’s AI innovations, and the stories in the South China Morning Post about assorted US technology issues.
Thanks You.com. Pretty good illustration.
Now the Deepseek foray is delivering fungible results. Numerous articles appeared on January 27, 2025, pegged to the impact of the Deepseek smart software on the US AI sector. A representative article is “China’s Deepseek Sparks AI Market Rout.”
The trusted real news outfit said:
Technology shares around the world slid on Monday as a surge in popularity of a Chinese discount artificial intelligence model shook investors’ faith in the AI sector’s voracious demand for high-tech chips. Startup Deepseek has rolled out a free assistant it says uses lower-cost chips and less data, seemingly challenging a widespread bet in financial markets that AI will drive demand along a supply chain from chipmakers to data centres.
Facebook ripped a page from the Google leadership team’s playbook. According to “Meta Scrambles After Chinese AI Equals Its Own, Upending Silicon Valley,” the Zuckerberg outfit assembled four “war rooms” to figure out how a Chinese open source AI could become such a big problem from out of the blue.
I find it difficult to believe that big US outfits were unaware of China’s interest in smart software. Furthermore, the Deepseek team made quite clear by listing dozens upon dozens of AI experts who contributed to the Deepseek effort. But who in US AI land has time to cross correlate the names of the researchers in the ArXiv essays to ask, “What are these folks doing to output cheaper AI models?”
Several observations are warranted:
- The effect of this foray has been to cause an immediate and direct concern about US AI firms’ ability to reduce costs. China allegedly has rolled out a good model at a lower price. Price competition comes in many forms. In this case, China can use less modern components to produce more modern AI. If you want to see how this works for basic equipment navigate to “Genius Girl Builds Amazing Hydroelectric Power Station For An Elderly Living Alone in the Mountains.” Deepseek is this information warfare tactic in the smart software space.
- The mechanism for the foray was open source. I have heard many times from some very smart people that open source is the future. Maybe that’s true. We now have an example of open source creating a credibility problem for established US big technology outfits who use open source to publicize how smart and good they are, prove they can do great work, and appear to be “community” minded. Deepseek just posted software that showed a small venture firm was able to do what US big technology has done at a fraction of the cost. Chinese business understands price and cost centric methods. This is the cost angle driven through the heart of scaling up solutions. Like giant US trucks, the approach is expensive and at some point will collapses of its own bloated framework.
- The foray has been broken into four parts: [a] The arXiv thrust, [b] the free and open source software thrust which begs the question, “What’s next from this venture firm?”, [c] the social media play with posts ballooning on BlueSky, Telegram, and Twitter, [d] the real journalism outfits like Bloomberg and Reuters yapping about AI innovation. The four-part thrust is effective.
China’s made the US approach to smart software look incredibly stupid. I don’t believe that a small group of hard workers at a venture firm cooked up the Deepseek method. The number of authors on the arXiv Deepseek papers make that clear.
With one deft, non kinetic, non militaristic foray, China has amplified doubt about US AI methods. The action has chopped big bucks from outfits like Nvidia. Plus China has combined its playbook for lower costs and better prices with information warfare. I am not sure that Silicon Valley type outfits have a response to roll out quickly. The foray has returned useful intelligence to China.
Net net: More AI will be coming to destabilize the Silicon Valley way.
Stephen E Arnold, February 6, 2025
Several Security Pitfalls to Avoid in Software Design
February 6, 2025
Developers concerned about security should check out "Seven Types of Security Issues in Software Design" at InsBug. The article does leave out a few points we would have included. Using Microsoft software, for example, or paying for cyber security solutions that don’t work as licensees believe. And don’t forget engineering for security rather than expediency and cost savings. Nevertheless, the post makes some good points. It begins:
"Software is gradually defining everything, and its forms are becoming increasingly diverse. Software is no longer limited to the applications or apps we see on computers or smartphones. It is now an integral part of hardware devices and many unseen areas, such as cars, televisions, airplanes, warehouses, cash registers, and more. Besides sensors and other electronic components, the actions and data of hardware often rely on software, whether in small amounts of code or in hidden or visible forms. Regardless of the type of software, the development process inevitably encounters bugs that need to be identified and fixed. While major bugs are often detected and resolved before release or deployment by developers or testers, security vulnerabilities don’t always receive the same attention."
Sad but true. The seven categories include: Misunderstanding of Security Protection Technologies; Component Integration and Hidden Security Designs; Ignoring Security in System Design; Security Risks from Poor Exception Handling; Discontinuous or Inconsistent Trust Relationships; Over-Reliance on Single-Point Security Measures; and Insufficient Assessment of Scenarios or Environments. See the write-up for details on each point. We note a common thread—a lack of foresight. The post concludes:
"To minimize security risks and vulnerabilities in software design and development, one must possess solid technical expertise and a robust background in security offense and defense. Developing secure software is akin to crafting fine art — it requires meticulous thought, constant consideration of potential threats, and thoughtful design solutions. This makes upfront security design critically important."
Security should not be an afterthought. But after a breach, it is going to be fixed. Oh, the check is in the mail.
Cynthia Murrell, February 6, 2025
Online Generates Fans and Only Fans
February 6, 2025
Ah, the World Wide Web—virtual land of opportunity! For example, as Canada’s CBC reports, "Olympians Are Turning to OnlyFans to Fund Dreams as they Face a ‘Broken’ Finance System." Because paying athletes to compete tarnishes the Olympic ideal, obviously. Never mind the big bucks raked in by the Olympic Committee. It’s the principle of the thing. We learn:
"Dire financial straits are leading droves of Olympic athletes to sell images of their bodies to subscribers on OnlyFans — known for sexually explicit content — to sustain their dreams of gold at the Games. As they struggle to make ends meet, a spotlight is being cast on an Olympics funding system that watchdog groups condemn as ‘broken,’ claiming most athletes ‘can barely pay their rent.’ The Olympics, the world’s biggest sporting stage, bring in billions of dollars in TV rights, ticket sales and sponsorship, but most athletes must fend for themselves financially."
But wait, what about those Olympians like Michael Phelps and Simone Biles who make millions? Success stories like theirs are few. The article shares anecdotes of athletes who have taken the Only Fans route. They are now able to pay their bills, including thousands of dollars in expenses like coaching, physical therapy, and equipment. However, in doing so they face social stigma. None are doing this because they want to, opines Mexican diver Diego Balleza Isaias, but because they have to.
Why are the world’s top athletes selling (images of) their finely honed bodies to pay the bills? The write-up cites comments from the director of Global Athlete, an athlete-founded organization addressing the power imbalance in sports:
"’The entire funding model for Olympic sport is broken. The IOC generates now over $1.7 billion US per year and they refuse to pay athletes who attend the Olympics,’ said Rob Koehler, Global Athlete’s director general. He criticized the IOC for forcing athletes to sign away their image rights. ‘The majority of athletes can barely pay their rent, yet the IOC, national Olympic committees and national federations that oversee the sport have employees making over six figures. They all are making money off the backs of athletes."
Will this trend prompt the Olympic Committee to change its ways? Or will it just make a rule against the practice and try to sweep this whole chapter under the mat? The corroding Olympic medals complement this story too.
Cynthia Murrell, February 6, 2025
Telegram Speed Dates a Bad Actor: Pavel Durov and Judgment or Lack Thereof
February 5, 2025
Another non smart software write up from a real, authentic dinobaby.
Pavel Durov has had a rocky start to 2025. He may have about 100 loving children. He has his brother Nikolai’s support. He has pals from his days at VKontakte. And he has new friends from the French judiciary urging him to embrace some opportunities for freedom. That private jet is waiting. The sunny skies of Dubai beckon.
But another decision may come to haunt him. Telegram and the TON Foundation’s BFF has been busted. According to the US Attorney for the Southern District of New York, one of the outfits shepherding the Ku Group and its KuCoin operations said, “Yep, we are guilty of unlicensed money transmitting business.”
As a dinobaby, I think the statement in “KuCoin Pleads Guilty to Unlicensed Money Transmission Charge and Agres to Pay Penalties Totaling Nearly $300 Million” means in rural Kentucky speak something like “money laundering.” The official news release explains:
U.S. Attorney Danielle R. Sassoon said: “For years, KuCoin avoided implementing required anti-money laundering policies designed to identify criminal actors and prevent illicit transactions. As a result, KuCoin was used to facilitate billions of dollars’ worth of suspicious transactions and to transmit potentially criminal proceeds, including proceeds from darknet markets and malware, ransomware, and fraud schemes. Today’s guilty plea and penalties show the cost of refusing to follow these laws and allowing unlawful activity to continue.”
Pavel Durov’s proxy outfit the Open Network Foundation showcased Ku Group at the November 2024 Gateway Conference in Dubai. Ku Group’s then-CEO (apparently not called out in the official statement issued on January 27, 2025, by the southern district) sparkled with optimism about the tie up between the owner of the Messenger mini app and the Peken Global Limited / Ku Group operation.
The news release points out:
KuCoin was founded in or about September 2017. Since its founding in 2017, KuCoin has become one of the largest global cryptocurrency exchange platforms, with more than 30 million customers and billions of dollars’ worth of cryptocurrency in daily trading volume. Between in or about September 2017 and in or about March 2024, the date of the Indictment, KuCoin served approximately 1.5 million registered users who were located in the U.S., and earned at least approximately $184.5 million in fees from those U.S. registered users.
Some of Ku Group’s services included, according to the official AG statement placing:
orders for spot trades in cryptocurrencies, including Bitcoin, Ethereum, and others, and orders for derivative products, including futures contracts, tied to the value of Bitcoin and other cryptocurrencies. As a result of its operation of this business, KuCoin has, at all relevant times, been a money transmitting business required to register with FinCEN and reported suspicious transactions.
The November BFF moments between Ku Group and Telegram’s proxy organization make clear that the Messenger app is a clever and versatile technology system. It is also now clear that the intent of some of Telegram’s announcements is possibly going against the established financial systems methods of serving their customers.
For now, Chun (Michael) Gan and Ke (Eric) Tang have suffered a set back. Will the Peken Global and Ku Group disappear? Possibly. However, the Ku Group’s and Telegram’s vision of a Web3 financial services entity is likely to thrive. Will the French judiciary amp up their discussions with Pavel Durov? Will the United Arab Emirates take a closer look at the Telegram operation which has a nominal headquarters in Dubai? Will the Swiss authorities pay a visit to the TON Foundation’s office in Zug, Switzerland? Will bad actors change their ways of hiding money in digital form?
Good questions. I think the French are on the job. The other entities may be reluctant to rock the good ship Telegram too much more. Could those folks have a vision for a financial system cut loose from traditional ways to do money business?
My thought is that BRICS, Russia, China, and some influential people have a goal. Telegram and the Ku Group were players, not leaders.
Stephen E Arnold, January 5, 2025
Amazon Twitch: Losing Social Traction of the Bezos Bulldozer
February 5, 2025
Twitch is an online streaming platform primarily used by gamers to stream their play seasons and interact with their fanbase. There hasn’t been much news about Twitch in recent months and it could be die to declining viewership. Tube Filter dives into the details with “Is Twitch Viewership At Its Lowest Point In Four Years?”
The article explains that Twitch had a total of 1.58 billion watch time hours in December 2024. This was its lowest month in four years according to Stream Charts. Twitch, however, did have a small increase in new streamers joining the platform and the amount of channels live at one time. Stream Charts did mention that December is a slow month due to the holiday season. Twitch is dealing with dire financial straits and made users upset when it used AI to make emotes.
Here are some numbers:
“In both October and November 2024, around 89,000 channels on average would be live on Twitch at any one time. In December, that figure pushed up to 92,392. Twitch also saw a bump in the overall number of active channels from 4,490,725 in November to 4,777,395 in December—a 6% increase. Streams Charts notes that all these streamers broadcasted a more diverse range of content of content than usual. “[I]t’s important to note that other key metrics for both viewer and streamer activity remain strong,” it wrote in a report about December’s viewership. “A positive takeaway from December was the variety of content on offer. Streamers broadcasted in 43,200 different categories, the highest figure of the year, second only to March.”
Twitch is also courting TikTok creators in case the US federal government bans the short video streaming platform. The platform has offerings that streamers want, but it needs to do more to attract more viewers. Changes have caused some viewers to pine for the days of Amouranth in her inflated kiddie pool, the extremely sensitive Kira, and the good old days of iBabyRainbow. Some even miss the live streaming gambling at home events.
Now what Amazon? Longer pre-roll advertisements? More opaque content guidelines? A restriction on fashion shows?
Whitney Grace, February 5, 2025
eGames Were Supposed to Spin Cash Forever
February 5, 2025
Videogames are still a young medium, but they’re over fifty years old. The gaming industry has seen ups and downs with the first (and still legendary) being the 1983 crash. Arcade games were all the rage back then, but these days consoles and computers have the action. At least, they should.
Wired writes that “2024 Was The Year The Bottom Fell Out Of The Games Industry” due to multiple reasons. There was massive layoffs in 2023 with over 10,000 game developers losing their jobs. Some of this was attributed to AI slowly replacing developers. The gaming industry’s job loss in 2024 was forty percent higher than the prior year. Yikes!
DEI (diversity, equity, and inclusion) combined with woke mantra was also blamed for the failure of many games, including Suicide Squad: Kill the Justice League. The phrase “go woke, go broke” echoed throughout the industry as it is in Hollywood, Silicon Valley, and other fields.
“According to Matthew Ball, an adviser and producer in the games and TV space…says that the blame for all of this can’t be pinned to a single thing, like capitalism, mismanagement, Covid-19, or even interest rates. It also involves development costs, how studios are staffed, consumers’ spending habits, and game pricing. “This storm is so brutal,” he says, ‘because it is all of these things at once, and none have really alleviated since the layoffs began.’”
Many indie studios were shuttered and large tech leaders such as Microsoft and Sony shut down parts of their gaming division. Also a chain of events influenced by the hatred of DEI and its associated mindsets that is being called a second GamerGate.
The gaming industry will continue through the beginnings of 2025 with business as usual. The industry will bounce back, but it will be different than the past.
Whitney Grace, February 5, 2025
Google and Job Security? What a Hoot
February 4, 2025
We have smart software, but the dinobaby continues to do what 80 year olds do: Write the old-fashioned human way. We did give up clay tablets for a quill pen. Works okay.
Yesterday (January 30, 2025), one of the group mentioned that Google employees were circulating a YAP. I was not familiar with the word “yap”, so I asked, “What’s a yap?” The answer: It is yet another petition.
Here’s what I learned and then verified by a source no less pristine than NBC news. About a 1,000 employees want Google to assure the workers that they have “job security.” Yo, Googlers, when lawyers at the Department of Justice and other Federal workers lose their jobs between sips of their really lousy DoJ coffee, there is not much job security. Imagine professionals with sinecures now forced to offer some version of reality on LinkedIn. Get real.
The “real” news outfit reported:
Google employees have begun a petition for “job security” as they expect more layoffs by the company. The petition calls on Google CEO Sundar Pichai to offer buyouts before conducting layoffs and to guarantee severance to employees that do get laid off. The petition comes after new CFO Anat Ashkenazi said one of her top priorities would be to drive more cost cutting as Google expands its spending on artificial intelligence infrastructure in 2025.
I remember when Googlers talked about the rigorous screening process required to get a job. This was the unicorn like Google Labs Aptitude Test or GLAT. At one point, years ago, someone in the know gave me before a meeting the “test.” Here’s the first page of the document. (I think I received this from a Googler in 2004 or 2005 five:
If you can’t read this, here’s question 6:
One your first day at Google, you discover that your cubicle mate wrote the textbook you used as a primary resource in your first year of graduate school. Do you:
a) Fawn obsequiously and ask if you can have an aut0ograph
b) Sit perfectly still and use only soft keystrokes to avoid disturbing her concentration
c) Leave her daily offerings of granola and English toffee from the food bins
d) Quote your favorite formula from the text book and explain how it’s now your mantra
e) Show her how example 17b could have been solved with 34 fewer lines of code?
I have the full GLAT if you want to see it. Just write benkent2020 at yahoo dot com and we will find a way to provide the allegedly real document to you.
The good old days of Googley fun and self confidence are, it seems, gone. As a proxy for the old Google one has employees we have words like this:
“We, the undersigned Google workers from offices across the US and Canada, are concerned about instability at Google that impacts our ability to do high quality, impactful work,” the petition says. “Ongoing rounds of layoffs make us feel insecure about our jobs. The company is clearly in a strong financial position, making the loss of so many valuable colleagues without explanation hurt even more.”
I would suggest that the petition won’t change Google’s RIF. The company faces several challenges. One of the major ones is the near impossibility of paying for [a] indexing and updating the wonderful Google index, [b] spending money in order to beat the pants off the outfits which used Google’s transformer tricks, and [c] buy, hire, or coerce the really big time AI wizards to join the online advertising company instead of starting an outfit to create a wrapper for Deepseek and getting money from whoever will offer it.
Sorry, petitions are unlikely to move a former McKinsey big time blue chip consultant. Get real, Googler. By the way, you will soon be a proud Xoogler. Enjoy that distinction.
Stephen E Arnold, February 4, 2025
Google AI Product Names: Worse Than the Cheese Fixation
February 4, 2025
This blog post is the work of a real-live dinobaby. No smart software involved.
If you are Googley, you intuitively and instantly know what these products are:
Gemini Advanced 2.0 Flash
Gemini Advanced 2.0 Flash Thinking Experimental
2.0 Flash Thinking Experimental with apps
2.0 Pro Experimental
1.5 Pro
1.5 Flash
If you don’t get it, you write articles like this one: “You Only Need to See This Screenshot Once to Realize Why Gemini Needs to Follow ChatGPT in Making Its AI Products Less Confusing.” Follow ChatGPT, from the outfit OpenAI which is an open source and a non profit with a Chief Wizard who was fired and rehired more quickly than I can locate hallucinations in ChatGPT whatever. (With Google hallucinations, particularly in the cheese department, I know it is just a Sundar & Prabhakar joke.) With OpenAI, I am not quite sure of anything other than a successful (so far) end run around the masterful leader of X.com.
The write up says:
What we want is AI that just works, with simple naming conventions. If you look at the way Apple brands its products, it normally has up to three versions of a product with a simple name indicating the differences. It has two versions of its MacBook – the MacBook Air and MacBook Pro – and its latest iPhone – iPhone 16 and iPhone 16 Pro – that’s nice and simple.
Yeah, sure, Apple is the touchstone with indistinguishable iPhones, the M1, M2, M3, and M4 which are exactly understood as different by what percentage of the black turtleneck crowd?
Here’s a tip: These outfits are into marketing. Whether it is Apple designers influencing engineers or Google engineers influencing art history majors, neither company wants to do what courses in branding suggest; for example, consistency in naming and messaging and community engagement. I suppose confusion in social media and bafflement when trying to figure out what each black box large language model delivers other than acceptable high school essays and made up information is no big deal.
Word prediction is okay. Just a tip: Use the free services and read authoritative sources. Do some critical thinking. You may not be Googley, but you will be recognized as an individual who makes an honest effort to formulate useful outputs. Oh, you can label them experimental and flash to add some mystery to your old fashioned work, not “flash” work which is inconsistent, confusing, and sort of dumb in my opinion.
Stephen E Arnold, March 4, 2025
-
- Subscribe to Beyond Search
Feature archive
News archive
-
