• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

 Subscribe

Quote to Note: An Open Source Developer Speaks Truth

Navigate to “Lessons Learned from 15 Years of SumatraPDF, an Open Source Windows App.” Please, read the article. It is excellent and applicable to commercial software as well.

Here’s the quote I circled and enhanced with an exclamation point:

… changing things takes effort and the path of least resistance is to do nothing.

Keep this statement in mind when Microsoft says it has enhanced the security of its updating method or when Google explains that it has improved its search algorithm.

The author of “Lessons Learned…” quotes Jeff Bezos (the cowboy hat wearing multi billionaire who sent interesting images which were stunning I have heard) as saying:

There will never be a time when users want bloated and slow apps so being small and fast is a permanent advantage.

I would add that moving data rapidly out of an AWS module  evokes an Arnold corollary:

Speed costs more, often a lot more.

The essay is a good one, and I recommend that you read it, not just the quotes I reproduced in this positive comment about the content.

Stephen E Arnold, August 10, 2021

Deteching: Not Possible, Muchachos

“Don’t become an Enterprise/IT Architect…” contains a small truth and a Brobdingnagian baby.

The small truth is, according to the article:

…there are two speeds in IT: change is slow, growth is fast(-ish). Even if upper management (and many others, but the focus of this post is directed at the gap between ‘top’ and ‘bottom’) thinks they understand the complexity and effects, in reality, most of the time they have no clue as to the actual scale of the problem…

The idea is that there is a permanent break in the cable linking the suits with the people who have desks littered with usb keys, scraps of paper, and technical flotsam and jetsam.

Now for the Big Boy truth:

The frustration is that it will become harder to explain the ‘top’ what is going on and it will be particularly difficult to convince. This is especially true if that top has no interest in actually paying attention, because then it will be even harder as the first difficult step is to get them to hear you out.

What’s this mean for little problems like the SolarWinds’ misstep? What’s this mean for making informed decisions about cloud versus on premises or hybrid versus cloud, etc.? What’s this mean for making deteriorating systems actually work; for example, monopoly provided services which experience continuous and apparently unfixable flaws?

Big and small appear to be forcing a shift to a detech world; that is, one in which users (people or entities) have no choice but to go back to the methods which can be understood and which work. A good example is a paper calendar, not a zippy do, automated kitchen sink solution which is useless when one of the niggling issues causes problems.

As I said, SolarWinds: A misstep. Cyber security solutions that don’t secure anything. Printing modules which don’t print.

Detech. No choice, muchachos.

Stephen E Arnold, August 6, 2021

NSO Group: Talking and Not Talking Is Quite a Trick

I read “A Tech Firm Has Blocked Some Governments from Using Its Spyware over Misuse Claims.” First, let’s consider the headline. If the headline is factual, the message I get is that NSO Group operates one or more servers through which Pegasus traffic flows. Thus, the Pegasus system includes one or more servers which have log files, uptime monitoring, and administrative tools which permit operations like filtering, updating, and the like. Thus, a systems administrator with authorized access to one or a fleet of NSO Group servers supporting Pegasus can do what some system administrators do: Check out what’s shakin’ with the distributed system. Is the headline accurate? I sure don’t know, but the implication of the headline (assuming it is not a Google SEO ploy to snag traffic) is that NSO Group is in a position to know — perhaps in real time via a nifty AWS-type dashboard — who is doing what, when, where, for how long, and other helpful details about which a curious observer finds interesting, noteworthy, or suitable for assessing an upcharge. Money is important in zippy modern online systems in my experience.

My goodness. That headline was inspirational.

What about the write up itself from the real news outfit National Public Radio or NPR, once home to Bob Edwards, who was from Louisville, not far from the shack next to a mine run off pond outside my door. Ah, Louisville, mine drainage, and a person who finds this passage suggestive:

“There is an investigation into some clients. Some of those clients have been temporarily suspended,” said the source in the company, who spoke to NPR on condition of anonymity because company policy states that NSO “will no longer be responding to media inquiries on this matter and it will not play along with the vicious and slanderous campaign.”

So the company won’t talk to the media, but does talk to the media, specifically NPR. What do I think about that? Gee, I just don’t know. Perhaps I don’t understand the logic of NSO Group. But I don’t grasp what “unlimited” means when a US wireless provider assures customers that they have unlimited bandwidth. I am just stupid.

Next, I noted:

NSO says it has 60 customers in 40 countries, all of them intelligence agencies, law enforcement bodies and militaries. It says in recent years, before the media reports, it blocked its software from five governmental agencies, including two in the past year, after finding evidence of misuse. The Washington Post reported the clients suspended include Saudi Arabia, Dubai in the United Arab Emirates and some public agencies in Mexico. The company says it only sells its spyware to countries for the purpose of fighting terrorism and crime, but the recent reports claim NSO dealt with countries known to engage in surveillance of their citizens and that dozens of smartphones were found to be infected with its spyware.

Okay, if the headline is on the beam, then NSO Group, maybe some unnamed Israeli government agencies like the unit issuing export licenses for NSO Group-type software, and possibly some “trusted” third parties are going to prowl through the data about the usage of Pegasus by entities. Some of these agencies may be quite secretive. Imagine the meetings going on in which those in these secret agencies. What will the top dogs in these secret outfits about the risks of having NSO Group’s data sifted, filtered, and processed by Fancy Dan analytics’ systems tell their bosses? Yeah, that will test the efficacy of advanced degrees, political acumen, and possible fear.

And what’s NSO Group’s position. The information does not come from an NSO Group professional who does not talk to the media but sort of does. Here’s the word from the NSO Group’s lawyer:

Shmuel Sunray, who serves as general counsel to NSO Group, said the intense scrutiny facing the company was unfair considering its own vetting efforts.

“What we are doing is, what I think today is, the best standard that can be done,” Sunray told NPR. “We’re on the one hand, I think, the world leaders in our human rights compliance, and the other hand we’re the poster child of human rights abuse.”

I like this. We have the notion of NSO Group doing what it can do to the “best standard.” How many times has this situation faced an outfit in the intelware game, based in Herliya, and under the scrutiny of an Israeli agency which says yes or no to an export license for a Pegasus type system. Is this a new situation? Might be. If true, what NSO Group does will define the trajectory of intelware going forward, won’t it?

Next, I like the “world leaders” and “Human rights compliance.” This line creates opportunities for some what I would call Comedy Central comments. I will refrain and just ask you to consider the phrase in the context of the core functions and instrumentality of intelware. (If you want to talk in detail, write benkent2020 at yahoo dot com and one of my team will get back to you with terms and fees. If not, I am retired, so I don’t care.)

Exciting stuff and the NSO Group ice cream melt is getting stickier by the day. And in Herzliya, the temperature is 29 C. “C” is the grade I would assign to this  allegedly accurate statement from the article that NSO Group does not talk to the media. Get that story straight is my advice.

And, gentle NPR news professional, why not ask the lawyer about log file retention and access to data in Pegasus by an NSO system administrator?

Stephen E Arnold, July 30, 2021

Is a New Wave of Disintermediation Gaining Momentum

Hacker News pointed to “We Replaced Rental Brokers with Software and Filled 200+ Vacant Apartments.” That real estate write up provides a good case example for using software to chop out the useless humanoids. Sound like an Amazon thing? I think so. Corporate special librarians were among the first to be allowed to find their future elsewhere. Other professions are finding ways to de-humanoid their business processes. How does that Ford Bronco get painted? Not by people with spray guns. Those made-for-TV car shows use humans. Real car makers don’t unless there is some compelling reason.

Now a start up is going to try and de-people Amazon AWS development and programming. Amazon is trying to train people to think Amazon for new t shirts and super duper online cloud services. But the company’s efforts are mostly free education plays and zippy presentations at Amazon-sponsored events.

The disintermediation of the Amazon developer is now a start up’s goal. Digger.dev says:

Digger automatically generates infrastructure for your code in your cloud account. So you can build on AWS without having to learn it.

Disenchanted with the Lyft and Uber thing? Tired of collecting unemployment? Bored with your lawyering gig? Now you can become an entrepreneur:

Deploy anything. Containers, Serverless Lambda functions, webapps, databases, queues, load balancers, autoscaling – Digger supports it all.

If Digger.dev is successful, the certified Amazon professional may be looking for a new career. COBOL programmer maybe?

Stephen E Arnold, July 9, 2021

Amusing Confusing Wizards

More from the Redmond wizards’ humor generating machines.

Microsoft has found a way to deflect attention from yet another security issue. Do you print over the Internet? “Microsoft Acknowledges PrintNightmare Remote Code Execution Vulnerability Affecting Windows Pint Spooler Service” says:

IT Admins are also invited to disable the Print Spooler service via Powershell commands, though this will disable the ability to print both locally and remotely. Another workaround is to disable inbound remote printing through Group Policy, which will block the remote attack vector while allowing local printing.

So what distracts one from a print nightmare? That’s easy. Just try to figure out if your PC can run Windows 11? TPM, you say? Intel what?

PrintNightmare aptly characterizes Microsoft’s organizational acumen perhaps?

Stephen E Arnold, July 7, 2021

Has Google Smart Software Become the Sad Clown for AI?

“Is Google’s AI Research about to Implode?” raises an interesting question. The answer depends on whom one asks. For the high profile ethical AI Googlers who are now Xooglers (former Google employees), the answer is probably along the lines of “About. Okay, boomer, it has imploded.” Ask a Googler who still has a job at the GOOG and received a bonus for his or her work in smart software and the answer is probably more like, “Dude, we are AI.” With matters Googley, I am not sure where the truth exists.

The write up states:

in making certain “corrections” to large datasets, for example removing references to sex, the voices of LGBTQ people will be given less prominence. The lack of transparency and accountability in the data makes these models useless for anything other than generating amusing Guardian articles (my words, not the authors). But they have substantial negative consequences: in producing reams of factually incorrect texts and requiring computing resources that can have a major environmental impact.

Ah, ha, the roots of bias.

Google has not made enough progress is making its models neutral. Thus, human fiddling is required. And where there are humans fiddling, there are discordant notes.

The write up concludes with this statement:

What concerns me is that when Google’s own researchers start to produce novel ideas then the company perceives these as a threat. So much of a threat that they fire their most innovative researcher and shut down the groups that are doing truly novel work.

Right now, I think the Google wants to squelch talk about algorithmic “issues.”  Smart software appears to be related maximizing efficiency. The idea is that efficiency yields lower costs. Lower costs provide more cash to incentivize employees to find ways to improve, for example, ad auction efficiency. Ethics are not an emergent phenomenon of this type of system. The result is algorithmic road kill, a major PR problem, a glimpse of the inner Google, and writers who are skeptical about the world’s largest online ad vendor’s use of “smart” technology.

Stephen E Arnold, April 20, 2021

Software Development: Big Is the One True Way

I read an essay called “Everyone Is Still Terrible At Creating Software At Scale.” I am often skeptical about categorical affirmatives. Sometimes a sweeping statement captures an essential truth. This essay in Marginally Interesting has illuminated software development in a useful way.

I found this passage thought provoking:

I’ve seen a few e-commerce companies from the inside, and while their systems are marvel of technologies able to handle thousands of transactions per second, it does not feel like this, but things like the app and the website are very deeply entangled with the rest. Even if you wanted, you couldn’t create a completely new app or website.

After I read this, I thought about rotational velocity. I also thought about the idea of how easy it is to break something. Users want a software component to work and be usable. Software often appears fluid. What’s clear is that outages at big vendors and security lapses are seemingly the stuff of daily headlines. Big outfits deliver one thing; users get another.

Here’s another statement I circled:

My recommendation is to look at structures and ask yourself, how hard is it for any one “unit” in your “system” to get stuff done. Everything that cuts across areas of responsibility adds complexity.

Complexity is an interesting idea. Does Google “change” how the Page Rank method is implemented, or is Google in the software wrapper business? Can Microsoft plug security gaps when those gaps are the fabric of core Azure and Windows 10 processes? Can Facebook actually change feedback loops which feed its content processes? Is it possible for an outfit like Honda to change how it makes automobiles? In theory, a Honda-type operation can change, but the enemies are time, Tesla-like disruptions, Covid, and money.

Like the big ship which managed to get stuck in the Suez Canal, altering a method once underway is tricky.

The essay ends with this observation:

Unless you take care everyone has different understanding of the problem, and there is no focus on information gathering and constructive creativity.

But big is the way, right?

Stephen E Arnold, April 14, 2021

Business Process Management Is The New Buzzword

How does one “fix” the SolarWinds’ misstep? BPM. GovWizely will present a webinar addressing remediation of SolarWinds’ issues on March 25, 2021. You can sign up at this url: https://www.govwizely.com/contact/. The program is free and pre-registration is required.

If you never heard about business process management (BPM) it means the practice of discovering and controlling an organization’s processes so they will align with business goals as the company evolves.  BPM software is the next phase of business intelligence software for enterprises.  CIO explains what to expect from BPM software in the article: “What Is Business Process Management? The Key To Enterprise Agility.”

BPM software maps definitions to existing processes, defines steps to carry out tasks, and tips for streamlining/improving practices.  Organizations are constantly shifting to meet their goals and BPM is software is advertised as the best way to refine and control changing environments.  All good BPM software should have the following: alignment of the firm’s resources, increase discipline in daily operations, and clarify on strategic direction.  While most organizations want flexibility they lack it:

“A company can only be as flexible, efficient, and agile as the interaction of its business processes allow. Here’s the problem: Many companies develop business processes in isolation from other processes they interact with, or worse, they don’t “develop” business processes at all. In many cases, processes simply come into existence as “the way things have always been done,” or because software systems dictate them. As a result, many companies are hampered by their processes, and will continue to be so until those processes are optimized.”

When selecting a BPM software it should be capable of integrations, analytics, collaboration, form generation, have a business rules engine, and workflow managements.

BPM sounds like the next phase of big data, where hidden insights are uncovered in unstructured data.  BPM takes these insights, then merges them with an organization’s goals.  Business intelligence improves business processes, big data discovers insights, and BPM organizes all of it.

Whitney Grace, March 21, 2021

The Microsoft Supply Chain Works Even Better Going Backwards

Do you remember the character KIR-mit.  He once allegedly said:

Yeah, well, I’ve got a dream too, but it’s about singing and dancing and making people happy. That’s the kind of dream that gets better the more people you share it with.

I am not talking about Jim Henson’s memorable character. That frog spelled its name Kermit. This is KIR-mit, an evil doppelgänger from another universe called Redmonium.

This KIR-mit is described in “Microsoft Is Using Known Issue Rollback (KIR) to Fix Problems Caused by Windows 10 Updates.” I learned that KIR

enables Microsoft to rollback changes introduced by problematic patches rolled out through Windows Update. KIR only applies to non-security updates.

Does the method expand the attack service for bad actors? Will weird calls to senior citizens increase with offers to assist with KIR-mit modifications? Will questionable types provide links to download KIRs which are malware? Yes, yes, and yes.

The article points out:

Known Issue Rollback is an important Windows servicing improvement to support non-security bug fixes, enabling us to quickly revert a single, targeted fix to a previously released behavior if a critical regression is discovered.

KIR is something users have said they wanted. Plus Microsoft has had this capability for a long time. I recall reading that Microsoft had a method for verifying the “digital birth certificate” of software in order to identify and deal with the SolarWinds-type of supply chain hack. I point this out in my upcoming lecture for a law enforcement entity. Will my audience find the statement and link interesting? I have a hunch the cyber officers will perk up their ears. Even the JEDI fans will catch my drift.

Just regular users may become woozy from too much KIR in the system. Plus, enterprise users will be “in charge of things.” Wonderful. Users at home are one class of customers; enterprise users are another. In between, attack surface the size of the moon.

Several questions:

• Why not improve the pre release quality checks?
• Why not adopt the type of practices spelled out by In Toto and other business method purveyors?
• Why not knock off the crazy featuritis and deliver stable software in a way that does not obfuscate, mask, and disguise what’s going on?

And the answers to these questions is, “The cloud is more secure.”

Got it. By the way a “kir” is a French cocktail. Some Microsoft customers may need a couple of these to celebrate Microsoft’s continuous improvement of its outstanding processes.

As KIR-mit said, “It’s about making people happy.” That includes bad actors, malefactors, enemies of the US, criminals, and Microsoft professionals like Eric Vernon and Vatsan Madhava, the lucky explainers of KIR-mit’s latest adventure.

Stephen E Arnold, March 4, 2021

Facebook Found Lax in Enforcement of Own Privacy Rules. Surprised?

Facebook is refining its filtering AI for app data after investigators at New York’s Department of Financial Services found the company was receiving sensitive information it should not have received. The Jakarta Post reports, “Facebook Blocks Medical Data Shared by Apps.” Facebook regularly accepts app-user information and feeds it to an analysis tool that helps developers improve their apps. It never really wanted responsibility for safeguarding medical and other sensitive data, but did little to block it until now. The write-up quotes state financial services superintendent Linda Lacewell:

“Facebook instructed app developers and websites not to share medical, financial, and other sensitive personal consumer data but took no steps to police this rule. By continuing to do business with app developers that broke the rule, Facebook put itself in a position to profit from sensitive data that it was never supposed to receive in the first place.”

Facebook is now stepping up its efforts to block sensitive information from reaching its databases. We learn:

“Facebook created a list of terms blocked by its systems and has been refining artificial intelligence to more adaptively filter sensitive data not welcomed in the analytics tool, according to the report. The block list contains more than 70,000 terms, including diseases, bodily functions, medical conditions, and real-world locations such as mental health centers, the report said.”

A spokesperson says the company is also “doing more to educate advertisers on how to set-up and use our business tools.” We shall see whether these efforts will be enough to satisfy investigators next time around.

Cynthia Murrell, March 4, 2021

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • Google AdWords in Russia?
  • Modern Life: Advertising Is the Future
  • Bots Have Invaded The World…On The Internet
  • Thinking about AI Doom: Cheerful, Right?
  • A Windows Expert Realizes Suddenly Last Outage Is a Rerun

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org