Google and Details: Hey, Work? What?

August 24, 2019

DarkCyber noted several “real news” items related to what we call “the chill mentality”, one aspect of Google’s management methods.

Example 1: The Next Web reported “Google listed the wrong number for its product hotline, nobody noticed.” That’s one way to be efficient with regard to customer support costs.

Example 2: The Next Web reported “Open-source spyware bypasses Google Play defenses — twice.” Yep, security is Job One.

Example 3: Ars Technica noted: “85 Google Play apps with 8 million downloads forced full screen ads on users.” A paltry eight million downloads. Chill, folks.

Example 4: Slashgear pointed out that “Google just gave Hangouts a temporary stay of execution.” From the death sentence in January 2019 to August 2019, Google is just being flexible. Relax.

Be flexible.

Stephen E Arnold, August 24, 2019

Tradition: New Methods Gummed Up by Back and Forthing

August 19, 2019

DarkCyber spotted a post called “The Arc of Collaboration.” At first glance, the article points out that “messaging” may be a:

better center of gravity than documents.

That makes sense. People send texts from their mobile devices. Lots of text messages. Phone calls are okay if prearranged with a text. Email is okay, but despite Fancy Dan smart in boxes and folders, email still requires some grunting around to find the message with the needed attachment.

Here’s a key point in the write up:

Slack is not air traffic control that coordinates everything. It’s 911 for when everything falls apart.

The write up points out:

Slack is ubiquitous at most companies in tech (and in many other industries as well), but it doesn’t feel like it is becoming the central nervous system undergirding all the apps and workflows of its customers. A new generation of functional apps have risen, with messaging and collaboration built directly into them as first parties. And with them it becomes increasingly clear that Slack isn’t air traffic control for every app, it’s 911 for when they fail.

DarkCyber agrees.

Quick blast from the past: Remember Lotus Notes? Hmmm.

Here’s an insight from the write up:

Productivity and Collaboration are two sides of the same coin for any team with more than one person. Work is just the iterated output of individuals creating and coordinating together. But the two have been distinct and isolated segments historically, due to how long the feedback loops of both were.

The emphasis on latency is an important point. Time is the one thing that is difficult to manufacture.

Quick blast from the past: In 1972, I worked at a nuclear services company. We had to prepare a 400 page document in less than 10 days. One scientist said, “Just hire 400 people and each types one page.” Right. But the time required to locate 400 typewriters with identical government accepted type balls and 400 people who could type simultaneously and the people needed to proofread those 400 pages was more than one day.

DarkCyber noted this passage:

The dream of Slack is that they become the central nervous system for all of a company’s employees and apps. This is the view of a clean *separation* of productivity and collaboration. Have all your apps for productivity and then have a single app for coordinating everyone, with your apps also feeding notifications into this system. In this way, Slack would become a star. With every app revolving around it. Employees would work out of Slack, periodically moving to whichever app they were needed in, before returning to Slack. But productivity *isn’t* separate from collaboration. They are the two parts of the same loop of producing work. And if anything collaboration is in *service* of team productivity.

The problem is “meta coordination”; that is:

Discord is the best analog for what should exist. For a while Slack and Discord were compared to each other as competitors. As Discord has focused squarely in gaming, and Slack in companies this comparison has been used less and less. But this misses the main distinction between Slack and Discord. Discord is actually two products bundled into one. It *is* a messaging app that looks akin to Slack. But it is *also* a meta-layer that runs across all games. … Discord has functionality like a social graph, seeing what games your friends are playing, voice chat, etc. These have been misunderstood by the market. They aren’t random small features. They are the backbone of a central nervous system.

There are more valuable insights in this Kwokchain essay. But these points resonate with DarkCyber.

Stephen E Arnold, August 19, 2019

CafePress: Just 23 Million Customer Details May Have Slipped Away

August 6, 2019

I read “CafePress Hacked, 23M Accounts Compromised. Is Yours One Of Them?” Several years ago I participated in a meeting at which a senior officer of CafePress was in the group. The topic was a conference at which I was going to deliver a lecture about cyber security. I recall that the quite confident CafePress C suite executive pointed out to me that the firm had first rate security. Interesting, right?

The write up in the capitalist tool said:

According to that HIBP notification, the breach itself took place on Feb 20 and compromised a total of 23,205,290 accounts. The data was provided to Troy Hunt at HIBP from a source attributed as JimScott.Sec@protonmail.com.

I thought that an outfit with first rate security would not fall to a bad actor. I also assumed that the company would have reported the issue to customers promptly. It seems as though the breach took placed more than five months ago. (February 2019 and today is August 5, 2019.)

What’s DarkCyber’s take on this?

  1. The attitude of a CafePress executive makes clear that confidence and arrogance are poor substitutes for knowledge.
  2. The company looks like it needs a security and management health check.
  3. A failure to act more quickly suggests significant governance issues.

How about a T shirt with the CafePress logo and the phrase “First Rate Security” printed on the front?

Stephen E Arnold, August 6, 2019

 

 

Department of Defense: Procurement and Management in the Spotlight

July 30, 2019

There’s more chatter about Oracle’s attempt to remain relevant at the Pentagon. Almost overlooked is the report by the Department of Defense’s Inspector General. The IG had the delightful task of auditing contractor networks. The idea was that maybe some processes could be improved.

ExecutiveGov noted:

DoD OIG found that the agency’s contracting offices have not developed approaches that will help validate contractual requirements, send contractor notifications, mark CUI documents and confirm implementation of CUI security controls. In addition, the report confirmed that the Defense Threat Reduction Agency did not take prompt action to mitigate the leak of information from a DoD contracting office.

FedScoop pointed out:

The report also cites some communication failures. A failure to properly mark controlled but unclassified information, for example, blinded contractors to what steps they needed to take to ensure information security. DOD contracting offices “inconsistently tracked” which contractors had what type of information, leaving both sides of the contracting process in the dark, the report states.

Interesting reading because the report may be helpful to different DoD centric entities. There are some redactions, but the main points are clear. DarkCyber found the comments about “no oversight” interesting. Without oversight, is cost control possible? Can scope creep be limited?

Stephen E Arnold, July 30, 2019

Google: Being Responsible

July 29, 2019

Individual states have been legalizing or decriminalizing marijuana left and right, but the federal government still considers it an illegal substance. That is why, according to 9to5Google, “Google Immediately Bars All Marijuana Delivery Apps from the Play Store.” Google wouldn’t want to run afoul of the Feds, now would it? Reporter Damien Wilde writes:

“The updated policy now states that applications that help users buy or allow users to order marijuana products will now be removed. Here is the updated marijuana policy, as per the Play Store developer guidelines:

‘Here are some examples of common violations:

‘Allowing users to order marijuana through an in-app shopping cart feature.

‘Assisting users in arranging delivery or pick up of marijuana.

‘Facilitating the sale of products containing THC.’

“In a statement to Android Police, Google stated that applications like the popular Eaze and Weedmaps will only need to remove the shopping cart flow from within their applications to comply with the new rules. These apps simply need to move the shopping cart flow outside of the app itself to be compliant with this new policy. We’ve been in contact with many of the developers and are working with them to answer any technical questions and help them implement the changes without customer disruption.”

An update to the article reports Eaze has complied, requiring users to navigate to its own website to make a purchase. We imagine Weedmaps will soon follow, reducing both apps to window-shopping platforms. What, then, is the point? Perhaps they anticipate a time when federal law catches up to states’ decisions.

Cynthia Murrell, July 29, 2019

Facebook: Running Out of Users? No, Just Nibbling on Its Foot

July 25, 2019

About that Facebook growth? The US may be saturated, and FBF or Facebook fatigue may be kicking. Rumors about “phantom” Facebookers in far flung countries won’t die. The regulators are flocking with legal eagles, and some countries see Facebook as a piggy bank filled with easy money.

What else could go wrong?

According to Information (no, that’s the name of an online publication), quite a bit. “Facebook Secret Research Warned of ‘Tipping Point’ Threat to Core App” discloses allegedly confidential information that doom approaches with a Like icon. (We will take a look at secrets let loose in our August 6, 2019, “DarkCyber” video program.)

What’s the Facebook secret?

…if enough users started posting on Instagram or WhatsApp instead of Facebook, the blue app could enter a self-sustaining decline in usage that would be difficult to undo. Although such “tipping points” are difficult to predict…

Here’s a Venn diagram (remember those you algebra lovers?) to prove this “secret”:

app overlap fixed

These could be Facebook’s five circles of social hell. Source: Information (that’s a great name when searching!)

To simplify, Facebook is cannibalizing itself. Without a flow of “real,” honest to goodness users of “old” Facebook, it’s possible for the core service to shrink and maybe die.

No, no, no, howls one group of FB Likers. Yes, yes, yes, shout another group which collectively dislikes Facebook.

Several observations:

  1. Monopolies do what they do, steered by the invisible hand of digital leprosy
  2. Reversing the cannibalism is going to take more than high school science club management methods, apologies, and writing checks to assorted nation states
  3. A weakened Facebook can fall prey to the MySpace disease, the digital pneumonia which thrives in poorly managed social spaces.

Net net: Worth watching. Get your popcorn, kick back, and think how certain government agencies will obtain high value information from a weakened Facebook.

Stephen E Arnold, July 25, 2019

Google: Some Interesting News Regarding an Interesting Company?

July 9, 2019

DarkCyber noted a handful of interesting Google news items. We assume that each of these is true, or in the words of one podcast, “actual factual” information.

First, Digital Journal reports that Google is working on cold fusion. The write up explains:

Cold fusion is a hypothesized type of nuclear reaction taking place at room temperature (hence the reference to ‘cold and contrasting to the “hot” fusion which papers within stars or as part of hydrogen bombs). There is currently no accepted theoretical model that would allow cold fusion to occur, and when attempted results have not been reproducible.

Nevertheless, Digital Journal reports via Physics World:

Google together with several research institutes in the U.S. is reported to have reopened what they call the “cold case” of cold fusion. Despite the many failures to observe cold fusion, the scientists contend that the case is not yet closed, and that cold fusion energy is indeed achievable. Google are investing $10 million into the project and there are thirty scientists involved.

Second, “YouTube Software Engineer Injures 8 in Drug-Induced Fourth of July Rampage, Police Say” reports that a person allegedly a Google YouTuber, ingested LSD and behaved in an manner which caused Sonoma county officers to shoot him.

The news story summarized these actions by the alleged Googler:

  • To get past his friends trying to stop him, Koffi choked one, stabbed one with a pencil and punched two in the chest, side and face.
  • While trying to get away in his rental car, he hit the car parked behind him and lodged the sedan into the house’s garage.
  • Koffi ran down the street before a security guard began questioning him. He stabbed the guard’s chest with the metal stake end of a landscape light, then sped away in the guard’s running and unlocked truck.
  • On the road, he hit two pedestrians. He then struck a woman walking on a bluff.  After hitting a wall, he drove through the side yard of a home and got back on the road in time for two patrol cars to pull up.
  • Koffi accelerated toward the officers, ramming into one patrol car as a deputy fired a gun. He didn’t stop until he was shot at least three times through the windshield.

Third, Google researchers allegedly discovered a way to brick (disable) Apple iPhones with an iMessage. According to BGR (Boy Genius Report):

The only fix is a factory reset and there’s no way to recover lost data that wasn’t backed up….The good news is that Apple patched this issue in iOS 12.3, which means that you’re safe as long as you’ve updated to the latest stable iOS release, or if you’re on an iOS 13 beta.

Cold fusion, LSD, and bricking iPhones — linked with a single threat: The Google. Dare I use the acronym: HSSCMM? No, not even high school science clubs could pull off these three events in a week or so.

Stephen E Arnold, July 9, 2019

Google to Kiwis: You Are Flightless Birds, Not Us

July 5, 2019

I read “Google Suspends Trends Email Alerts in New Zealand after Breaching Court Order.” The headline caught my attention. New Zealand? Home of Kim Dotcom. Get away spot for some Silicon Valley Lord of the Rings admirers? A handy place to experience earth tremors.

The write up reminded me:

Google has backed down in a spat with the New Zealand government after its email alert system Trends breached a court order suppressing details of a high-profile murder case. According to Reuters and AFP, Google has suspended its Trends feature in the country following outcry from the New Zealand government.

I can understand Google’s point of view. New Zealand is a mere country and a small one at that. It is far away, and it does not click as much as an important country’s residents.

The hassle surfaced because an automated Google alert named the person who killed another. Stating the alleged killer’s name was a no no. Google ignored that court order.

Google said, “Yo, we’re sorry.” However, Google was not too keen on making changes to its systems because a mere country wanted the US firm to follow the laws of that lesser nation state.

Here’s the nifty part. The write up reported:

New Zealand politicians reacted strongly to this reply, with justice minister Andrew Little accusing Google of “flipping the bird” at the country’s legal system.

What’s the problem with Google (a big virtual country) doing what’s good for itself. Plus, little countries have to be careful because Google has digital firepower and could use it to send a message. Oil embargo? Forget that? How about no email and no Web traffic?

The write up included this statement:

In the UK, for example, politicians have argued that Facebook is incapable of policing “harmful” content on its platform, and needs to be overseen by domestic regulators. In France, Google has been fined millions of dollars for failing to meet EU data privacy laws. And in New Zealand, Facebook was strongly criticized by prime minister Jacinda Ardern for failing to stop the spread of videos of the Christchurch terrorist attacks. “They are the publisher not just the postman,” said Arden in March. “There cannot be a case of all profit no responsibility.”

Get real. This is the Google politicians and officials are irritating. What about removing New Zealand and the UK from Google Maps?

If you are not on Google, you don’t exist. Understand?

Stephen E Arnold, July 5, 2019

YouTube: About Face

July 5, 2019

DarkCyber noted another example of high school science club management methods. “YouTube Reinstates Yanked Ethical Hacking Videos” reports:

YouTube’s clear as mud moderation rules were once again confused this week as the site pulled a bunch of ethical hacking videos, only to reinstate them shortly afterwards.

The UK news source reports that Google allegedly said to another online information service:

“With the massive volume of videos on our site, sometimes we make the wrong call,” a Google spokesperson told The Verge after the videos were restored. “We have an appeals process in place for users, and when it’s brought to our attention that a video has been removed mistakenly, we act quickly to reinstate it.”

The Inquirer.net writes:

Iffy moderation on YouTube. Surely not.

DarkCyber wants to point out that “iffy” is a standard operating procedure when implementing high school science club management methods. The science club is, by definition, correct. There is a corollary about consistency; that is, “What the science club does is, by definition, consistent.

You have to be in the science club to appreciate the truth of this statement.

Stephen E Arnold, July 5, 2019

Google: The Deciders Decide and Damage Some Security Data Flows

July 4, 2019

I read “YouTube Strikes Infosec Channels for Instructional Hacking Content.” DarkCyber view is that some information which routinely makes its way into open source should not be there. But, hey, we’ve been accused of being dinosaurs before. DarkCyber’s beloved leader, Stephen E Arnold, coined the term “Googzilla” and its reptilian connotations definitely applies to some of the DarkCyber team.

The point of the write up strikes DarkCyber as:

‘Youtube banning security disclosures doesn’t make products more secure, nor will it prevent attackers from exploiting defects – but it will mean that users will be the last to know that they’ve been trusting the wrong companies, and that developers will keep on making the same stupid mistakes…forever.’

Several observations:

ITEM 1: DarkCyber’s sparkling fountains of fire describes the management of some Silicon Valley firms as following the management precepts of “high school science clubs.” This means that bright, arrogant, confident, and generally mathy type people create an us-them dichotomy. Then the “us” people create a tidy little world which allows pranks, outstanding decisions, and numerous snide comments to pass for intelligence. Apply the HSSC method and you get…

High School Science Club Management Methods

A good example is a decision which is short sighted, difficult to explain, and probably as practical as driving a US Fourth of July parade war fighting vehicle to a party at the local Burger King.

ITEM 2: Figuring out what is positive information versus negative information is subjective. This means that one person will see the dress as one color and another person will see the garment as another color. Which is it? Don’t ask me, just ask the people at the search company. I know I can’t figure out what people will “perceive.” Obviously, the HSSCMM allows this type of decision making. The science club is, by definition, right. Plus, now member of the science club have lots of money.

ITEM 3: When making the Loon balloon into a commercial company or insisting that search results are relevant, Silicon Valley type companies are delightful. When these firms decide what information is technically permissible or not allowed demonstrates their decision making capabilities. If there were viable MBA programs, perhaps this type of deciderism would become a case study. Oh, right, MBA programs are facing some headwinds now.

Net net: The deciders decide. The followers follow. Medieval methods are good. The punishment? Banishment. DarkCyber assumes this is preferable to a dungeon in Mountain View or a ban on Philz coffee.

Stephen E Arnold, July 4, 2019

Next Page »

  • Archives

  • Recent Posts

  • Meta