• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

 Subscribe

Google Play Store Content Curation Flop, Well, Thousands of Flops

Google does collect user personal information for targeted ads, but more than 19000 apps in the Google Play Store could violate user privacy. The Daily Hunt shares the warning in the article: “Alert! More Than 19000 Apps On Google Play Store Could Leak Your Personal Data-Check Details.”

Digital security company Avast discovered that over 19000 apps hosted on the Google Play Store could leak user data and risk the phone’s security. Avast said the apps leak information, because there is a misconfiguration in the Firebase data. Android developers use Firebase to store user data. Avast reported the problem to Google, so it can notify app developers.

Most of the apps affected are:

“The apps that could be facing the issue are mostly related to lifestyle, gaming, food delivery and email, among others, the firm said, adding that users in Europe, South-East Asia and Latin America region are likely to have been impacted by it. More than 10 percent of 180,300 publicly available Firebase instances were found to be open by researchers at the Avast Threat Labs, which means that apps users’ data in those cases have been exposed to the public.”

User information is waiting to be stolen. Hopefully Google and Android app developers will fix the Firebase misconfiguration quickly so information is stolen by bad actors.

Whitney Grace, September 20, 2021

Change Is Coming But What about Un-Change?

My research team is working on a short DarkCyber video about automating work processes related to smart software. The idea is that one smart software system can generate an output to update another smart output system. The trend was evident more than a decade ago in the work of Dr. Zbigniew Michalewicz, his son, and collaborators. He is the author of How to Solve It: Modern Heuristics. There were predecessors and today many others following smart approaches to operations for artificial intelligence or what is called by thumbtypers AIOps. The DarkCyber video will become available on October 5, 2021. We’ll try to keep the video peppy because smart software methods are definitely exciting and mostly invisible. And like other embedded components, some of these “modules” will become components, commoditized, and just used “as is.” That’s important because who worries about a component in a larger system? Do you wonder if the microwave is operating at peak efficiency with every component chugging along up to spec? Nope and nope.

I read a wonderful example of Silicon Valley MBA thinking called “It’s Time to Say “Ok, Boomer!” to Old School Change Management.” At first glance, the ideas about efficiency and keeping pace with technical updates make sense. The write up states:

There are a variety of dated methods when it comes to change management. Tl;dr it’s lots of paper and lots of meetings. These practices are widely regarded as effective across the industry, but research shows this is a common delusion and change management itself needs to change.

Hasta la vista Messrs. Drucker and the McKinsey framework.

The write up points out that a solution is at hand:

DevOps teams push lots of changes and this is creating a bottleneck as manual change management processes struggle to keep up. But, the great thing about DevOps is that it solves the problem it creates. One of the key aspects where DevOps can be of great help in change management is in the implementation of compliance. If the old school ways of managing change are too slow why not automate them like everything else? We already do this for building, testing and qualifying, so why not change? We can use the same automation to record change events in real time and implement release controls in the pipelines instead of gluing them on at the end.

Does this seem like circular reasoning?

I want to point out that if one of the automation components operates using probability and the thresholds are incorrect, the data poisoned (corrupted by intent or chance) or the “averaging” which is a feature of some systems triggers a butterfly effect, excitement may ensue. The idea is that a small change may have a large impact downstream; for example, a wing flap in Biloxi could create a flood in the 28th Street Flatiron stop.

Several observations:

• AIOps are already in operation at outfits like the Google and will be componentized in an AWS-style package
• Embedded stuff, like popular libraries, are just used and not thought about. The practice brings joy to bad actors who corrupt some library offerings
• Once a component is up and running and assumed to be okay, those modules themselves resist change. When 20 somethings encounter mainframe code, their surprise is consistent. Are we gonna change this puppy or slap on a wrapper? What’s your answer, gentle reader?

Net net: AIOps sets the stage for more Timnit Gebru shoot outs about bias and discrimination as well as the type of cautions produced by Cathy O’Neil in Weapons of Math Destruction: How Big Data Increases Inequality and Threatens Democracy.

Okay, thumbtyper.

Stephen E Arnold, September 8, 2021

Rethinking the Work Week

I read the “real” news and analysis piece about how long one should work. You may have time to check this essay for yourself as long as you can disconnect work from “real” life in the WFH and hybrid work environment.

The article is “This Is the Optimal Number of Hours You Should Work Every Day.” I want to point out that the title is misleading. There is the parental “should” and the failure to define “work.”

Here’s the key assertion in the article:

…aim for a 7.6 hour work day. That would equate to a 38-hour work week.

Let me identify a few organizations who might struggle with a 38 hour workweek:

• The Légion étrangère
• Lawyers gunning for partner in a Big Time law firm in Manhattan
• Consulting firms like Bain, BCG, McKinsey, etc. (Mid-tier outfits may be stuck in the undifferentiated swamp of “experts” because the “get the job done” mentality is not part of the culture.)
• First responders when crises become the norm in Lake Tahoe.

These are “exceptions”. However, the article makes it clear that the “modern” worker conceptualized by Fast Company does not want that organization man-approach to work.

However, there are some cultural forces putting their invisible hand on the Fast Company approach:

• Reduced control by those who pay one’s salary
• Escape from cultural norms
• A perception that workers are entitled and have the right to work to get the job done within the workers’ guidelines.

When I worked at Booz, Allen & Hamilton, one of the Type As was known for spouting this aphorism:

Nothing worthwhile comes easy.

The goal of this type of write up, in my opinion, is to weaken the methods refined over the centuries to direct workers in such a way that specific tasks can be accomplished. Efficiency requires that waste be eliminated.

The redefinition of the work week is just one signal that change is occurring in real time.

How are the new approaches to working out?

Stephen E Arnold, September 3, 2021

Quote to Note: An Open Source Developer Speaks Truth

Navigate to “Lessons Learned from 15 Years of SumatraPDF, an Open Source Windows App.” Please, read the article. It is excellent and applicable to commercial software as well.

Here’s the quote I circled and enhanced with an exclamation point:

… changing things takes effort and the path of least resistance is to do nothing.

Keep this statement in mind when Microsoft says it has enhanced the security of its updating method or when Google explains that it has improved its search algorithm.

The author of “Lessons Learned…” quotes Jeff Bezos (the cowboy hat wearing multi billionaire who sent interesting images which were stunning I have heard) as saying:

There will never be a time when users want bloated and slow apps so being small and fast is a permanent advantage.

I would add that moving data rapidly out of an AWS module  evokes an Arnold corollary:

Speed costs more, often a lot more.

The essay is a good one, and I recommend that you read it, not just the quotes I reproduced in this positive comment about the content.

Stephen E Arnold, August 10, 2021

Deteching: Not Possible, Muchachos

“Don’t become an Enterprise/IT Architect…” contains a small truth and a Brobdingnagian baby.

The small truth is, according to the article:

…there are two speeds in IT: change is slow, growth is fast(-ish). Even if upper management (and many others, but the focus of this post is directed at the gap between ‘top’ and ‘bottom’) thinks they understand the complexity and effects, in reality, most of the time they have no clue as to the actual scale of the problem…

The idea is that there is a permanent break in the cable linking the suits with the people who have desks littered with usb keys, scraps of paper, and technical flotsam and jetsam.

Now for the Big Boy truth:

The frustration is that it will become harder to explain the ‘top’ what is going on and it will be particularly difficult to convince. This is especially true if that top has no interest in actually paying attention, because then it will be even harder as the first difficult step is to get them to hear you out.

What’s this mean for little problems like the SolarWinds’ misstep? What’s this mean for making informed decisions about cloud versus on premises or hybrid versus cloud, etc.? What’s this mean for making deteriorating systems actually work; for example, monopoly provided services which experience continuous and apparently unfixable flaws?

Big and small appear to be forcing a shift to a detech world; that is, one in which users (people or entities) have no choice but to go back to the methods which can be understood and which work. A good example is a paper calendar, not a zippy do, automated kitchen sink solution which is useless when one of the niggling issues causes problems.

As I said, SolarWinds: A misstep. Cyber security solutions that don’t secure anything. Printing modules which don’t print.

Detech. No choice, muchachos.

Stephen E Arnold, August 6, 2021

NSO Group: Talking and Not Talking Is Quite a Trick

I read “A Tech Firm Has Blocked Some Governments from Using Its Spyware over Misuse Claims.” First, let’s consider the headline. If the headline is factual, the message I get is that NSO Group operates one or more servers through which Pegasus traffic flows. Thus, the Pegasus system includes one or more servers which have log files, uptime monitoring, and administrative tools which permit operations like filtering, updating, and the like. Thus, a systems administrator with authorized access to one or a fleet of NSO Group servers supporting Pegasus can do what some system administrators do: Check out what’s shakin’ with the distributed system. Is the headline accurate? I sure don’t know, but the implication of the headline (assuming it is not a Google SEO ploy to snag traffic) is that NSO Group is in a position to know — perhaps in real time via a nifty AWS-type dashboard — who is doing what, when, where, for how long, and other helpful details about which a curious observer finds interesting, noteworthy, or suitable for assessing an upcharge. Money is important in zippy modern online systems in my experience.

My goodness. That headline was inspirational.

What about the write up itself from the real news outfit National Public Radio or NPR, once home to Bob Edwards, who was from Louisville, not far from the shack next to a mine run off pond outside my door. Ah, Louisville, mine drainage, and a person who finds this passage suggestive:

“There is an investigation into some clients. Some of those clients have been temporarily suspended,” said the source in the company, who spoke to NPR on condition of anonymity because company policy states that NSO “will no longer be responding to media inquiries on this matter and it will not play along with the vicious and slanderous campaign.”

So the company won’t talk to the media, but does talk to the media, specifically NPR. What do I think about that? Gee, I just don’t know. Perhaps I don’t understand the logic of NSO Group. But I don’t grasp what “unlimited” means when a US wireless provider assures customers that they have unlimited bandwidth. I am just stupid.

Next, I noted:

NSO says it has 60 customers in 40 countries, all of them intelligence agencies, law enforcement bodies and militaries. It says in recent years, before the media reports, it blocked its software from five governmental agencies, including two in the past year, after finding evidence of misuse. The Washington Post reported the clients suspended include Saudi Arabia, Dubai in the United Arab Emirates and some public agencies in Mexico. The company says it only sells its spyware to countries for the purpose of fighting terrorism and crime, but the recent reports claim NSO dealt with countries known to engage in surveillance of their citizens and that dozens of smartphones were found to be infected with its spyware.

Okay, if the headline is on the beam, then NSO Group, maybe some unnamed Israeli government agencies like the unit issuing export licenses for NSO Group-type software, and possibly some “trusted” third parties are going to prowl through the data about the usage of Pegasus by entities. Some of these agencies may be quite secretive. Imagine the meetings going on in which those in these secret agencies. What will the top dogs in these secret outfits about the risks of having NSO Group’s data sifted, filtered, and processed by Fancy Dan analytics’ systems tell their bosses? Yeah, that will test the efficacy of advanced degrees, political acumen, and possible fear.

And what’s NSO Group’s position. The information does not come from an NSO Group professional who does not talk to the media but sort of does. Here’s the word from the NSO Group’s lawyer:

Shmuel Sunray, who serves as general counsel to NSO Group, said the intense scrutiny facing the company was unfair considering its own vetting efforts.

“What we are doing is, what I think today is, the best standard that can be done,” Sunray told NPR. “We’re on the one hand, I think, the world leaders in our human rights compliance, and the other hand we’re the poster child of human rights abuse.”

I like this. We have the notion of NSO Group doing what it can do to the “best standard.” How many times has this situation faced an outfit in the intelware game, based in Herliya, and under the scrutiny of an Israeli agency which says yes or no to an export license for a Pegasus type system. Is this a new situation? Might be. If true, what NSO Group does will define the trajectory of intelware going forward, won’t it?

Next, I like the “world leaders” and “Human rights compliance.” This line creates opportunities for some what I would call Comedy Central comments. I will refrain and just ask you to consider the phrase in the context of the core functions and instrumentality of intelware. (If you want to talk in detail, write benkent2020 at yahoo dot com and one of my team will get back to you with terms and fees. If not, I am retired, so I don’t care.)

Exciting stuff and the NSO Group ice cream melt is getting stickier by the day. And in Herzliya, the temperature is 29 C. “C” is the grade I would assign to this  allegedly accurate statement from the article that NSO Group does not talk to the media. Get that story straight is my advice.

And, gentle NPR news professional, why not ask the lawyer about log file retention and access to data in Pegasus by an NSO system administrator?

Stephen E Arnold, July 30, 2021

Is a New Wave of Disintermediation Gaining Momentum

Hacker News pointed to “We Replaced Rental Brokers with Software and Filled 200+ Vacant Apartments.” That real estate write up provides a good case example for using software to chop out the useless humanoids. Sound like an Amazon thing? I think so. Corporate special librarians were among the first to be allowed to find their future elsewhere. Other professions are finding ways to de-humanoid their business processes. How does that Ford Bronco get painted? Not by people with spray guns. Those made-for-TV car shows use humans. Real car makers don’t unless there is some compelling reason.

Now a start up is going to try and de-people Amazon AWS development and programming. Amazon is trying to train people to think Amazon for new t shirts and super duper online cloud services. But the company’s efforts are mostly free education plays and zippy presentations at Amazon-sponsored events.

The disintermediation of the Amazon developer is now a start up’s goal. Digger.dev says:

Digger automatically generates infrastructure for your code in your cloud account. So you can build on AWS without having to learn it.

Disenchanted with the Lyft and Uber thing? Tired of collecting unemployment? Bored with your lawyering gig? Now you can become an entrepreneur:

Deploy anything. Containers, Serverless Lambda functions, webapps, databases, queues, load balancers, autoscaling – Digger supports it all.

If Digger.dev is successful, the certified Amazon professional may be looking for a new career. COBOL programmer maybe?

Stephen E Arnold, July 9, 2021

Amusing Confusing Wizards

More from the Redmond wizards’ humor generating machines.

Microsoft has found a way to deflect attention from yet another security issue. Do you print over the Internet? “Microsoft Acknowledges PrintNightmare Remote Code Execution Vulnerability Affecting Windows Pint Spooler Service” says:

IT Admins are also invited to disable the Print Spooler service via Powershell commands, though this will disable the ability to print both locally and remotely. Another workaround is to disable inbound remote printing through Group Policy, which will block the remote attack vector while allowing local printing.

So what distracts one from a print nightmare? That’s easy. Just try to figure out if your PC can run Windows 11? TPM, you say? Intel what?

PrintNightmare aptly characterizes Microsoft’s organizational acumen perhaps?

Stephen E Arnold, July 7, 2021

Has Google Smart Software Become the Sad Clown for AI?

“Is Google’s AI Research about to Implode?” raises an interesting question. The answer depends on whom one asks. For the high profile ethical AI Googlers who are now Xooglers (former Google employees), the answer is probably along the lines of “About. Okay, boomer, it has imploded.” Ask a Googler who still has a job at the GOOG and received a bonus for his or her work in smart software and the answer is probably more like, “Dude, we are AI.” With matters Googley, I am not sure where the truth exists.

The write up states:

in making certain “corrections” to large datasets, for example removing references to sex, the voices of LGBTQ people will be given less prominence. The lack of transparency and accountability in the data makes these models useless for anything other than generating amusing Guardian articles (my words, not the authors). But they have substantial negative consequences: in producing reams of factually incorrect texts and requiring computing resources that can have a major environmental impact.

Ah, ha, the roots of bias.

Google has not made enough progress is making its models neutral. Thus, human fiddling is required. And where there are humans fiddling, there are discordant notes.

The write up concludes with this statement:

What concerns me is that when Google’s own researchers start to produce novel ideas then the company perceives these as a threat. So much of a threat that they fire their most innovative researcher and shut down the groups that are doing truly novel work.

Right now, I think the Google wants to squelch talk about algorithmic “issues.”  Smart software appears to be related maximizing efficiency. The idea is that efficiency yields lower costs. Lower costs provide more cash to incentivize employees to find ways to improve, for example, ad auction efficiency. Ethics are not an emergent phenomenon of this type of system. The result is algorithmic road kill, a major PR problem, a glimpse of the inner Google, and writers who are skeptical about the world’s largest online ad vendor’s use of “smart” technology.

Stephen E Arnold, April 20, 2021

Software Development: Big Is the One True Way

I read an essay called “Everyone Is Still Terrible At Creating Software At Scale.” I am often skeptical about categorical affirmatives. Sometimes a sweeping statement captures an essential truth. This essay in Marginally Interesting has illuminated software development in a useful way.

I found this passage thought provoking:

I’ve seen a few e-commerce companies from the inside, and while their systems are marvel of technologies able to handle thousands of transactions per second, it does not feel like this, but things like the app and the website are very deeply entangled with the rest. Even if you wanted, you couldn’t create a completely new app or website.

After I read this, I thought about rotational velocity. I also thought about the idea of how easy it is to break something. Users want a software component to work and be usable. Software often appears fluid. What’s clear is that outages at big vendors and security lapses are seemingly the stuff of daily headlines. Big outfits deliver one thing; users get another.

Here’s another statement I circled:

My recommendation is to look at structures and ask yourself, how hard is it for any one “unit” in your “system” to get stuff done. Everything that cuts across areas of responsibility adds complexity.

Complexity is an interesting idea. Does Google “change” how the Page Rank method is implemented, or is Google in the software wrapper business? Can Microsoft plug security gaps when those gaps are the fabric of core Azure and Windows 10 processes? Can Facebook actually change feedback loops which feed its content processes? Is it possible for an outfit like Honda to change how it makes automobiles? In theory, a Honda-type operation can change, but the enemies are time, Tesla-like disruptions, Covid, and money.

Like the big ship which managed to get stuck in the Suez Canal, altering a method once underway is tricky.

The essay ends with this observation:

Unless you take care everyone has different understanding of the problem, and there is no focus on information gathering and constructive creativity.

But big is the way, right?

Stephen E Arnold, April 14, 2021

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Fogint
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month April 2025 March 2025 February 2025 January 2025 December 2024 November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • Google Is Just Like Santa with Free Goodies: Get “High” Grades, of Course
  • Google Gemini 2.5: A Somewhat Interesting Content Marketing Write Up
  • YouTube Click Count Floors Creators
  • Why Is Meta Experimenting With AI To Write Comments?
  • Google: Keep a Stiff Upper Lip and Bring Fiat Currency Other Than Dollars

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org