Change Is Coming But What about Un-Change?

September 8, 2021

My research team is working on a short DarkCyber video about automating work processes related to smart software. The idea is that one smart software system can generate an output to update another smart output system. The trend was evident more than a decade ago in the work of Dr. Zbigniew Michalewicz, his son, and collaborators. He is the author of How to Solve It: Modern Heuristics. There were predecessors and today many others following smart approaches to operations for artificial intelligence or what is called by thumbtypers AIOps. The DarkCyber video will become available on October 5, 2021. We’ll try to keep the video peppy because smart software methods are definitely exciting and mostly invisible. And like other embedded components, some of these “modules” will become components, commoditized, and just used “as is.” That’s important because who worries about a component in a larger system? Do you wonder if the microwave is operating at peak efficiency with every component chugging along up to spec? Nope and nope.

I read a wonderful example of Silicon Valley MBA thinking called “It’s Time to Say “Ok, Boomer!” to Old School Change Management.” At first glance, the ideas about efficiency and keeping pace with technical updates make sense. The write up states:

There are a variety of dated methods when it comes to change management. Tl;dr it’s lots of paper and lots of meetings. These practices are widely regarded as effective across the industry, but research shows this is a common delusion and change management itself needs to change.

Hasta la vista Messrs. Drucker and the McKinsey framework.

The write up points out that a solution is at hand:

DevOps teams push lots of changes and this is creating a bottleneck as manual change management processes struggle to keep up. But, the great thing about DevOps is that it solves the problem it creates. One of the key aspects where DevOps can be of great help in change management is in the implementation of compliance. If the old school ways of managing change are too slow why not automate them like everything else? We already do this for building, testing and qualifying, so why not change? We can use the same automation to record change events in real time and implement release controls in the pipelines instead of gluing them on at the end.

Does this seem like circular reasoning?

I want to point out that if one of the automation components operates using probability and the thresholds are incorrect, the data poisoned (corrupted by intent or chance) or the “averaging” which is a feature of some systems triggers a butterfly effect, excitement may ensue. The idea is that a small change may have a large impact downstream; for example, a wing flap in Biloxi could create a flood in the 28th Street Flatiron stop.

Several observations:

  • AIOps are already in operation at outfits like the Google and will be componentized in an AWS-style package
  • Embedded stuff, like popular libraries, are just used and not thought about. The practice brings joy to bad actors who corrupt some library offerings
  • Once a component is up and running and assumed to be okay, those modules themselves resist change. When 20 somethings encounter mainframe code, their surprise is consistent. Are we gonna change this puppy or slap on a wrapper? What’s your answer, gentle reader?

Net net: AIOps sets the stage for more Timnit Gebru shoot outs about bias and discrimination as well as the type of cautions produced by Cathy O’Neil in Weapons of Math Destruction: How Big Data Increases Inequality and Threatens Democracy.

Okay, thumbtyper.

Stephen E Arnold, September 8, 2021

Rethinking the Work Week

September 3, 2021

I read the “real” news and analysis piece about how long one should work. You may have time to check this essay for yourself as long as you can disconnect work from “real” life in the WFH and hybrid work environment.

The article is “This Is the Optimal Number of Hours You Should Work Every Day.” I want to point out that the title is misleading. There is the parental “should” and the failure to define “work.”

Here’s the key assertion in the article:

…aim for a 7.6 hour work day. That would equate to a 38-hour work week.

Let me identify a few organizations who might struggle with a 38 hour workweek:

  • The Légion étrangère
  • Lawyers gunning for partner in a Big Time law firm in Manhattan
  • Consulting firms like Bain, BCG, McKinsey, etc. (Mid-tier outfits may be stuck in the undifferentiated swamp of “experts” because the “get the job done” mentality is not part of the culture.)
  • First responders when crises become the norm in Lake Tahoe.

These are “exceptions”. However, the article makes it clear that the “modern” worker conceptualized by Fast Company does not want that organization man-approach to work.

However, there are some cultural forces putting their invisible hand on the Fast Company approach:

  • Reduced control by those who pay one’s salary
  • Escape from cultural norms
  • A perception that workers are entitled and have the right to work to get the job done within the workers’ guidelines.

When I worked at Booz, Allen & Hamilton, one of the Type As was known for spouting this aphorism:

Nothing worthwhile comes easy.

The goal of this type of write up, in my opinion, is to weaken the methods refined over the centuries to direct workers in such a way that specific tasks can be accomplished. Efficiency requires that waste be eliminated.

The redefinition of the work week is just one signal that change is occurring in real time.

How are the new approaches to working out?

Stephen E Arnold, September 3, 2021

Quote to Note: An Open Source Developer Speaks Truth

August 10, 2021

Navigate to “Lessons Learned from 15 Years of SumatraPDF, an Open Source Windows App.” Please, read the article. It is excellent and applicable to commercial software as well.

Here’s the quote I circled and enhanced with an exclamation point:

… changing things takes effort and the path of least resistance is to do nothing.

Keep this statement in mind when Microsoft says it has enhanced the security of its updating method or when Google explains that it has improved its search algorithm.

The author of “Lessons Learned…” quotes Jeff Bezos (the cowboy hat wearing multi billionaire who sent interesting images which were stunning I have heard) as saying:

There will never be a time when users want bloated and slow apps so being small and fast is a permanent advantage.

I would add that moving data rapidly out of an AWS module  evokes an Arnold corollary:

Speed costs more, often a lot more.

The essay is a good one, and I recommend that you read it, not just the quotes I reproduced in this positive comment about the content.

Stephen E Arnold, August 10, 2021

Deteching: Not Possible, Muchachos

August 6, 2021

Don’t become an Enterprise/IT Architect…” contains a small truth and a Brobdingnagian baby.

The small truth is, according to the article:

there are two speeds in IT: change is slow, growth is fast(-ish). Even if upper management (and many others, but the focus of this post is directed at the gap between ‘top’ and ‘bottom’) thinks they understand the complexity and effects, in reality, most of the time they have no clue as to the actual scale of the problem…

The idea is that there is a permanent break in the cable linking the suits with the people who have desks littered with usb keys, scraps of paper, and technical flotsam and jetsam.

Now for the Big Boy truth:

The frustration is that it will become harder to explain the ‘top’ what is going on and it will be particularly difficult to convince. This is especially true if that top has no interest in actually paying attention, because then it will be even harder as the first difficult step is to get them to hear you out.

What’s this mean for little problems like the SolarWinds’ misstep? What’s this mean for making informed decisions about cloud versus on premises or hybrid versus cloud, etc.? What’s this mean for making deteriorating systems actually work; for example, monopoly provided services which experience continuous and apparently unfixable flaws?

Big and small appear to be forcing a shift to a detech world; that is, one in which users (people or entities) have no choice but to go back to the methods which can be understood and which work. A good example is a paper calendar, not a zippy do, automated kitchen sink solution which is useless when one of the niggling issues causes problems.

As I said, SolarWinds: A misstep. Cyber security solutions that don’t secure anything. Printing modules which don’t print.

Detech. No choice, muchachos.

Stephen E Arnold, August 6, 2021

NSO Group: Talking and Not Talking Is Quite a Trick

July 30, 2021

I read “A Tech Firm Has Blocked Some Governments from Using Its Spyware over Misuse Claims.” First, let’s consider the headline. If the headline is factual, the message I get is that NSO Group operates one or more servers through which Pegasus traffic flows. Thus, the Pegasus system includes one or more servers which have log files, uptime monitoring, and administrative tools which permit operations like filtering, updating, and the like. Thus, a systems administrator with authorized access to one or a fleet of NSO Group servers supporting Pegasus can do what some system administrators do: Check out what’s shakin’ with the distributed system. Is the headline accurate? I sure don’t know, but the implication of the headline (assuming it is not a Google SEO ploy to snag traffic) is that NSO Group is in a position to know — perhaps in real time via a nifty AWS-type dashboard — who is doing what, when, where, for how long, and other helpful details about which a curious observer finds interesting, noteworthy, or suitable for assessing an upcharge. Money is important in zippy modern online systems in my experience.

My goodness. That headline was inspirational.

What about the write up itself from the real news outfit National Public Radio or NPR, once home to Bob Edwards, who was from Louisville, not far from the shack next to a mine run off pond outside my door. Ah, Louisville, mine drainage, and a person who finds this passage suggestive:

“There is an investigation into some clients. Some of those clients have been temporarily suspended,” said the source in the company, who spoke to NPR on condition of anonymity because company policy states that NSO “will no longer be responding to media inquiries on this matter and it will not play along with the vicious and slanderous campaign.”

So the company won’t talk to the media, but does talk to the media, specifically NPR. What do I think about that? Gee, I just don’t know. Perhaps I don’t understand the logic of NSO Group. But I don’t grasp what “unlimited” means when a US wireless provider assures customers that they have unlimited bandwidth. I am just stupid.

Next, I noted:

NSO says it has 60 customers in 40 countries, all of them intelligence agencies, law enforcement bodies and militaries. It says in recent years, before the media reports, it blocked its software from five governmental agencies, including two in the past year, after finding evidence of misuse. The Washington Post reported the clients suspended include Saudi Arabia, Dubai in the United Arab Emirates and some public agencies in Mexico. The company says it only sells its spyware to countries for the purpose of fighting terrorism and crime, but the recent reports claim NSO dealt with countries known to engage in surveillance of their citizens and that dozens of smartphones were found to be infected with its spyware.

Okay, if the headline is on the beam, then NSO Group, maybe some unnamed Israeli government agencies like the unit issuing export licenses for NSO Group-type software, and possibly some “trusted” third parties are going to prowl through the data about the usage of Pegasus by entities. Some of these agencies may be quite secretive. Imagine the meetings going on in which those in these secret agencies. What will the top dogs in these secret outfits about the risks of having NSO Group’s data sifted, filtered, and processed by Fancy Dan analytics’ systems tell their bosses? Yeah, that will test the efficacy of advanced degrees, political acumen, and possible fear.

And what’s NSO Group’s position. The information does not come from an NSO Group professional who does not talk to the media but sort of does. Here’s the word from the NSO Group’s lawyer:

Shmuel Sunray, who serves as general counsel to NSO Group, said the intense scrutiny facing the company was unfair considering its own vetting efforts.

“What we are doing is, what I think today is, the best standard that can be done,” Sunray told NPR. “We’re on the one hand, I think, the world leaders in our human rights compliance, and the other hand we’re the poster child of human rights abuse.”

I like this. We have the notion of NSO Group doing what it can do to the “best standard.” How many times has this situation faced an outfit in the intelware game, based in Herliya, and under the scrutiny of an Israeli agency which says yes or no to an export license for a Pegasus type system. Is this a new situation? Might be. If true, what NSO Group does will define the trajectory of intelware going forward, won’t it?

Next, I like the “world leaders” and “Human rights compliance.” This line creates opportunities for some what I would call Comedy Central comments. I will refrain and just ask you to consider the phrase in the context of the core functions and instrumentality of intelware. (If you want to talk in detail, write benkent2020 at yahoo dot com and one of my team will get back to you with terms and fees. If not, I am retired, so I don’t care.)

Exciting stuff and the NSO Group ice cream melt is getting stickier by the day. And in Herzliya, the temperature is 29 C. “C” is the grade I would assign to this  allegedly accurate statement from the article that NSO Group does not talk to the media. Get that story straight is my advice.

And, gentle NPR news professional, why not ask the lawyer about log file retention and access to data in Pegasus by an NSO system administrator?

Stephen E Arnold, July 30, 2021

Is a New Wave of Disintermediation Gaining Momentum

July 9, 2021

Hacker News pointed to “We Replaced Rental Brokers with Software and Filled 200+ Vacant Apartments.” That real estate write up provides a good case example for using software to chop out the useless humanoids. Sound like an Amazon thing? I think so. Corporate special librarians were among the first to be allowed to find their future elsewhere. Other professions are finding ways to de-humanoid their business processes. How does that Ford Bronco get painted? Not by people with spray guns. Those made-for-TV car shows use humans. Real car makers don’t unless there is some compelling reason.

Now a start up is going to try and de-people Amazon AWS development and programming. Amazon is trying to train people to think Amazon for new t shirts and super duper online cloud services. But the company’s efforts are mostly free education plays and zippy presentations at Amazon-sponsored events.

The disintermediation of the Amazon developer is now a start up’s goal. says:

Digger automatically generates infrastructure for your code in your cloud account. So you can build on AWS without having to learn it.

Disenchanted with the Lyft and Uber thing? Tired of collecting unemployment? Bored with your lawyering gig? Now you can become an entrepreneur:

Deploy anything. Containers, Serverless Lambda functions, webapps, databases, queues, load balancers, autoscaling – Digger supports it all.

If is successful, the certified Amazon professional may be looking for a new career. COBOL programmer maybe?

Stephen E Arnold, July 9, 2021

Amusing Confusing Wizards

July 7, 2021

More from the Redmond wizards’ humor generating machines.

Microsoft has found a way to deflect attention from yet another security issue. Do you print over the Internet? “Microsoft Acknowledges PrintNightmare Remote Code Execution Vulnerability Affecting Windows Pint Spooler Service” says:

IT Admins are also invited to disable the Print Spooler service via Powershell commands, though this will disable the ability to print both locally and remotely. Another workaround is to disable inbound remote printing through Group Policy, which will block the remote attack vector while allowing local printing.

So what distracts one from a print nightmare? That’s easy. Just try to figure out if your PC can run Windows 11? TPM, you say? Intel what?

PrintNightmare aptly characterizes Microsoft’s organizational acumen perhaps?

Stephen E Arnold, July 7, 2021

Has Google Smart Software Become the Sad Clown for AI?

April 20, 2021

“Is Google’s AI Research about to Implode?” raises an interesting question. The answer depends on whom one asks. For the high profile ethical AI Googlers who are now Xooglers (former Google employees), the answer is probably along the lines of “About. Okay, boomer, it has imploded.” Ask a Googler who still has a job at the GOOG and received a bonus for his or her work in smart software and the answer is probably more like, “Dude, we are AI.” With matters Googley, I am not sure where the truth exists.

The write up states:

in making certain “corrections” to large datasets, for example removing references to sex, the voices of LGBTQ people will be given less prominence. The lack of transparency and accountability in the data makes these models useless for anything other than generating amusing Guardian articles (my words, not the authors). But they have substantial negative consequences: in producing reams of factually incorrect texts and requiring computing resources that can have a major environmental impact.

Ah, ha, the roots of bias.

Google has not made enough progress is making its models neutral. Thus, human fiddling is required. And where there are humans fiddling, there are discordant notes.

The write up concludes with this statement:

What concerns me is that when Google’s own researchers start to produce novel ideas then the company perceives these as a threat. So much of a threat that they fire their most innovative researcher and shut down the groups that are doing truly novel work.

Right now, I think the Google wants to squelch talk about algorithmic “issues.”  Smart software appears to be related maximizing efficiency. The idea is that efficiency yields lower costs. Lower costs provide more cash to incentivize employees to find ways to improve, for example, ad auction efficiency. Ethics are not an emergent phenomenon of this type of system. The result is algorithmic road kill, a major PR problem, a glimpse of the inner Google, and writers who are skeptical about the world’s largest online ad vendor’s use of “smart” technology.

Stephen E Arnold, April 20, 2021

Software Development: Big Is the One True Way

April 13, 2021

I read an essay called “Everyone Is Still Terrible At Creating Software At Scale.” I am often skeptical about categorical affirmatives. Sometimes a sweeping statement captures an essential truth. This essay in Marginally Interesting has illuminated software development in a useful way.

I found this passage thought provoking:

I’ve seen a few e-commerce companies from the inside, and while their systems are marvel of technologies able to handle thousands of transactions per second, it does not feel like this, but things like the app and the website are very deeply entangled with the rest. Even if you wanted, you couldn’t create a completely new app or website.

After I read this, I thought about rotational velocity. I also thought about the idea of how easy it is to break something. Users want a software component to work and be usable. Software often appears fluid. What’s clear is that outages at big vendors and security lapses are seemingly the stuff of daily headlines. Big outfits deliver one thing; users get another.

Here’s another statement I circled:

My recommendation is to look at structures and ask yourself, how hard is it for any one “unit” in your “system” to get stuff done. Everything that cuts across areas of responsibility adds complexity.

Complexity is an interesting idea. Does Google “change” how the Page Rank method is implemented, or is Google in the software wrapper business? Can Microsoft plug security gaps when those gaps are the fabric of core Azure and Windows 10 processes? Can Facebook actually change feedback loops which feed its content processes? Is it possible for an outfit like Honda to change how it makes automobiles? In theory, a Honda-type operation can change, but the enemies are time, Tesla-like disruptions, Covid, and money.

Like the big ship which managed to get stuck in the Suez Canal, altering a method once underway is tricky.

The essay ends with this observation:

Unless you take care everyone has different understanding of the problem, and there is no focus on information gathering and constructive creativity.

But big is the way, right?

Stephen E Arnold, April 14, 2021

Business Process Management Is The New Buzzword

March 21, 2021

How does one “fix” the SolarWinds’ misstep? BPM. GovWizely will present a webinar addressing remediation of SolarWinds’ issues on March 25, 2021. You can sign up at this url: The program is free and pre-registration is required.

If you never heard about business process management (BPM) it means the practice of discovering and controlling an organization’s processes so they will align with business goals as the company evolves.  BPM software is the next phase of business intelligence software for enterprises.  CIO explains what to expect from BPM software in the article: “What Is Business Process Management? The Key To Enterprise Agility.”

BPM software maps definitions to existing processes, defines steps to carry out tasks, and tips for streamlining/improving practices.  Organizations are constantly shifting to meet their goals and BPM is software is advertised as the best way to refine and control changing environments.  All good BPM software should have the following: alignment of the firm’s resources, increase discipline in daily operations, and clarify on strategic direction.  While most organizations want flexibility they lack it:

“A company can only be as flexible, efficient, and agile as the interaction of its business processes allow. Here’s the problem: Many companies develop business processes in isolation from other processes they interact with, or worse, they don’t “develop” business processes at all. In many cases, processes simply come into existence as “the way things have always been done,” or because software systems dictate them. As a result, many companies are hampered by their processes, and will continue to be so until those processes are optimized.”

When selecting a BPM software it should be capable of integrations, analytics, collaboration, form generation, have a business rules engine, and workflow managements.

BPM sounds like the next phase of big data, where hidden insights are uncovered in unstructured data.  BPM takes these insights, then merges them with an organization’s goals.  Business intelligence improves business processes, big data discovers insights, and BPM organizes all of it.

Whitney Grace, March 21, 2021

Next Page »

  • Archives

  • Recent Posts

  • Meta