Teams Tracking: Are You Working at Triple Peak?
April 14, 2022
I installed a new version of Microsoft Office. I had to spend some time disabling the Microsoft Cloud, Outlook, and Teams, plus a number of other odds and ends. Who in my office uses Publisher? Sorry, not me. In fact, I knew only one client who used Publisher and that was years ago. We converted that lucky person to an easier to use and more stable product.
We have tried to participate in Teams meetings. Unfortunately the system crashes on my Mac Mini, my Intel workstation, and my AMD workstation. I know the problem is obviously the fault of Apple, Intel, and AMD, but it would be nice if the Teams software would allow me to participate in a meeting. The workaround in my office is to use Zoom. It plays nice with my machines, my mostly secure set up, and the clumsy finger of my 77 year old self.
I provide the context so that you will understand my reaction to “Microsoft Discovers Triple Peak Work Day for Its Remote Employees.” As you may know, Microsoft has been adding features to Teams since the pandemic lit a fire under what was once a software service reserved for financial meetings and some companies that wanted everyone no matter what to be in a digital face to face meeting. Those were super. I did some work for an early video conferencing player. I think it was called Databeam. Yep, perfect for kids who wanted to take a virtual class, not a presentation about the turbine problems at Lockheed Martin.
Microsoft’s featuritis has embraced surveillance. I won’t run down the tools available to an “administrator” with appropriate access to a Teams’ set up for a company. I want to highlight the fact that Microsoft shared with ExtremeTech some information I find fascinating; to wit:
… when employees were in the office, it found “knowledge workers” usually had two periods of peak productivity: before lunch and after lunch. However, with everyone working from home there’s now a third period: late at night, right before bedtime.
My workday has for years begun about 6 am. I chug along until lunch. I then chug along until dinner. Then I chug along until I go to sleep at 10 pm. I like to think that my peak times are from 6 am to 9 am, from 10 am to noon, from 1 30 pm to 3 pm, and from 330 to 6 pm. I have been working for more than 50 years, and I am happy to admit that I am an old fashioned Type A person. Obviously Microsoft does not have many people like me in its sample. The morning, as I recall from my Booz, Allen & Hamilton days, the productive in the morning crowd was a large cohort, thousands in fact. But not in the MSFT sample. These are lazy dogs its seems.
Let’s imagine your are a Type A manager. You have some employees who work from home or from a remote location like a client’s office in Transnistia which you may know as the Pridnestrovian Moldavian Republic. How do you know your remotes are working at their peak times? You monitor the wily creatures: Before lunch, after lunch, and before bed or maybe to a disco in downtown Tiraspol.
How does this finding connect with Teams? With everyone plugged in from morning to night, the Type A manager can look at meeting attendance, participation, side talks, and other detritus sucked up by Teams’ log files. Match up the work with the times. Check to see if there are three ringing bells for each employee. Bingo. Another HR metric to use to reward or marginalize a human personnel asset.
I will just use Zoom and forget about people who do not work when I do.
Stephen E Arnold, April 14, 2022
Microsoft Search: Getting Better and Better
March 30, 2022
In early versions of Windows operating systems, the search function stank worse than rotting garbage in summer. Since the initial Windows deploy, Microsoft has improved the search function and as technology advances there are still upgrades to be made says Make Use Of in: “Microsoft Is Making Windows 11’s Search Function Better Than Ever.” In a refreshing take on its past mistakes, Microsoft admits that its former search tools were not the best. When it comes to Windows 11, Microsoft revamped the search into a quality tool and does not plan to rest on its laurels.
One of the best upgrades with the newest Windows 11 patch is the that search will be streamlined between work/business accounts. The search function will locate items on all accounts. Microsoft is also adding lifestyle widgets to make the OS more entertaining, such as a “word of the day” and altering users to Microsoft Reward offerings. Search will also take the place of Facebook and inform users of important dates, such as birthdays, anniversaries, and holidays. Whenever Microsoft releases a new Windows version, they do their best to get users to adopt the new OS:
“When Microsoft releases a new operating system, it always faces the same challenge. Users and businesses are comfortable with their operating system of choice, and now the Redmond tech giant has to convince them to upgrade to the newer one. The best way to do that is to make an operating system that improves upon the old one’s formula. As such, Microsoft’s touch-ups to Windows 11’s Search tool may be an effort to convince people to leave Windows 10 behind and adopt the newer, shinier system.”
Microsoft has a poor track record when it comes to system upgrades. They have a pattern of every other OS being a bad. Windows users might want to stick with Windows 10 a little longer and wait until Windows 12. It would be nice if Microsoft also added database search options like specific date, file name, Boolean, etc.
Whitney Grace, March 30, 2022
Microsoft Help Files: Truly Helpful?
March 28, 2022
We are approaching April Fools’ Day. One company reliably provides a clever way to make me laugh. CHM? Do you know what the acronym means? No. It is a short hand way to say Compiled HTML Help file. CHH becomes CHM. Makes perfect sense to a Softie.
The tickled ribs result from bad actors using the CHM files to deliver malware. You can read the explanation and inspiration for bad actors in “Microsoft Help Files Disguise Vidar Malware.”
The write up states:
… the .ISO file contains a .CHM file named “pss10r.chm.” Towards the end of the file’s code is a snippet of HTML application (HTA) code containing JavaScript that covertly triggers a second file, “app.exe.” This is, in fact, Vidar malware. “One of the objects unpacked from the .CHM is the HTML file ‘PSSXMicrosoftSupportServices_HP05221271.htm’ — the primary object that gets loaded once the CHM pss10r.chm is opened,” according to the Trustwave writeup. “This HTML has a button object which automatically triggers the silent re-execution of the .CHM “pss10r.chm” with mshta.” Mshta is a Windows binary used for executing HTA files.
With the preliminaries out of the way the malware payload downloads, does some house cleaning, and phones home.
Microsoft, the go to solution for compromising security? Maybe. And what about Defender? What about the super smart cyber security systems from big name vendors. Yeah, how about those defenses?
Now we know there is one thing worse than the informational content of Microsoft help files.
Want to guess?
The Register reports that “Microsoft Azure developers targeted by 200 data stealing npm packages.” Not familiar with npm? NPM is a software registry and contains more than 750,000 code packages. Some open source developers use npm to share software. What if an npm code package has been modified so that malicious actions are included?
Yeah.
Stephen E Arnold, March 28, 2022
Google and Microsoft: Are Your Wizards Really Innovating Again?
March 23, 2022
I scanned my headlines this morning and noted two different companies which have revealed their latest innovations. These are big outfits, and one expects each company to come up with big plays. Little plays won’t move the revenue needle, and money is important to these estimable enterprises.
What’s Google’s most recent innovation? I think it is ad supported video streaming of 4,000 old TV shows and about 1,500 old movies. “YouTube Makes Thousands of TV Show Episodes Available to Stream for Free” reports:
For the first time, YouTube is letting users in the US stream thousands of free, ad-supported TV shows like Hell’s Kitchen, Heartland and Unsolved Mysteries, it announced. That will put it into competition with OTA (over-the-air) TV and streaming services with ad tiers including Peacock, the Roku Channel, Tubi and others.
To me, Google’s “play” is a me too, not a “first time.”
What’s Microsoft’s most recent Eureka! moment? “Microsoft Looks Poised to Dominate the Quantum Computing Industry” states:
Microsoft Azure recently announced that its quantum computing research teams had invented “a new kind of qubit” based on elusive, never-before-demonstrated properties of physics. According to the Redmond company, this will allow it to build scalable quantum computers capable of solving the hardest problems facing humanity.
Hopefully Microsoft’s quantum efforts have not pulled resources from the company’s security initiatives.
For me, the Google announcement is another step in a long, somewhat confused video journey. The channeling of Peacock and Roku is interesting. Instead of confronting TikTok, Google wants to take on incumbents recycling old content. YouTube’s new content initiatives did not achieve orbital velocity in my opinion. There’s content on YouTube, but it is non directed. TikTok takes a different approach. Old TV shows are not a response to a competitive challenge.
The Microsoft quantum play is another attempt to demonstrate that Microsoft has something really big up its sleeve. Years ago, Microsoft was into search and contact lenses that worked like Google Glass. Now the future is quantum computing, and it is like general artificial intelligence going to be the next big thing after Teams I suppose.
Stepping back, these two “innovations” illustrate the me-too approach to generating excitement, appeasing stakeholders, and capturing mindshare. Am I quivering with excitement yet? Nope. Marketing and PR are bummers for me.
Stephen E Arnold, March 23, 2022
Microsoft Security: Time for the Softies to Release Windows 12, a Phone, or a Bid to Buy Tesla?
March 22, 2022
I find the headline amusing. I don’t find the story “Lapsus$ Hackers leak 37GB of Microsoft’s Alleged Source Code” particularly amusing. The Softies have become the outfit with a bright laser dot on the company’s logo. The write up reports:
The Lapsus$ hacking group claims to have leaked the source code for Bing, Cortana, and other projects stolen from Microsoft’s internal Azure DevOps server.
Okay, let’s assume that the story is mostly accurate or meeting a higher standard than that set by the New York Times for its coverage of a certain president’s son and his non-functioning laptop.
The article points out:
Furthermore, we are told that some of the leaked projects contain emails and documentation that were clearly used internally by Microsoft engineers to publish mobile apps. The projects appear to be for web-based infrastructure, websites, or mobile apps, with no source code for Microsoft desktop software released, including Windows, Windows Server, and Microsoft Office. When we contacted Microsoft about tonight’s source code leak, they continued to tell BleepingComputer that they are aware of the claims and are investigating.
Ho ho ho. Perhaps Microsoft’s security, including Defender, lacks some capabilities?
How many breaches are necessary before stakeholders make clear that the brittleness, flaws, and questionable engineering be remediated?
Is some wizard at Microsoft suggesting a re-run of plays which have worked in the past; for example, just put out a news release of Windows or splash cash and PR for a big acquisition? Just imagine a Tesla with Windows File Explorer ads displayed on that great big center display.
Stephen E Arnold, March 22, 2022
Microsoft Defender Is On the Job
March 22, 2022
I don’t know if this write up is an early April Fool thing or actual factual. “Microsoft Defender Goofed Up As It Flagged Its Own Office Updates As Malware” states:
…the company’s Defender for Endpoint security started detecting updates for its own Office app as ransomware. The antivirus program was misidentifying the “OfficeSvcMgr.exe” as malicious software.
Let’s assume there is some truth in the statement OfficeSvcMgr.exe is malicious. My ideas are:
- Careless Microsoft coding was part of OfficeSvcMgr.exe and less flawed coding by another Microsoft technical group spotted the “flaw”
- Microsoft’s quality assurance for its “security” systems remains questionable and the business process flaws have not yet been remediated
- Microsoft is busy adding features to Teams and ads to File Manager so there’s no time or resources to deal with the outstanding Defender service.
Which is closer to the pin? I am into the flawed business processes. But the appeal of putting ads into an operating system is a close second.
Stephen E Arnold, March 22, 2022
Insider Threat News: Two Interesting Situations at Two Sophisticated Companies
March 21, 2022
As you may know, I enjoy pointing out that some big buck cyber security systems struggle with insider threats. Isn’t it easier to put the words “detect and prevent insider threats” on a marketing slide deck than implement the service?
Two events may serve to remind those who wonder about the risks insider threat pose.
First, “Microsoft Investigating Claim of Breach by Extortion Gang” explains that a bad actor entity advertised for insiders. This quote is from the cited article:
We recruit employees/insider at the following!!!! Apple, IBM, and Microsoft. TO NOTE: WE ARE NOT LOOKING FOR DATA, WE ARE LOOKING FOR THE EMPLOYEE TO PROVIDE US A VPN OR CITRIX TO THE NETWORK, or some anydesk.
If accurate, this group (LKAPSUS$) is clear about the why and what it wants. The article alleges that Microsoft is beavering away to determine if its systems have been breached. Don’t the Softies use Defender and other MSFT cyber defense services? Yeah, well.
Second, Apple made headlines because an insider spoofed Apple’s security to the tune of an alleged $10 million. “Former Apple Employee Charged with $10M Fraud” reports:
… Prosecutors allege that while Prasad negotiated with suppliers and entered invoices into the purchasing system, he was conspiring to take kickbacks, using false repair orders to steal parts, and paying for goods and services never received using Apple’s money. The charges go on to allege tax evasion, wire and mail fraud, defrauding the United States, and money laundering, noting that Prasad was fired from Apple in December 2018 after a decade of employment.
How about those internal security and auditing business processes? Apple cares about privacy and security is the firm’s assertion. Again: Marketing is easier than preventing an insider threat.
Why am I bringing up a subject which is not discussed in the specific context of expensive cyber security systems? I offer these examples to make clear that what a cyber outfit says and what its products and services do are less reliable than a decade AvtoVAZ LADA. If you are not familiar with these vehicles, try to find one to drive on a long road trip through the Rocky Mountains. No LADA? Go for a Renault.
Stephen E Arnold, March 21, 2022
Microsoft: Fun Search
March 17, 2022
We have censorship. We have discriminatory spidering. We have sites which are no longer indexed. And now if ZDNet’s “real” news team is on the money, we have search fun or fun search. You pick.
“Microsoft Is About to Add More Fun to Your Windows Search” reports:
… the Windows 10’s taskbar search box and search home pane will now feature content “including fun illustrations, which help you discover more, be connected, and stay productive. Search highlights will present notable and interesting moments of what’s special about each day – like holidays, anniversaries, and other educational moments in time both globally and in your region.
Great. How about that Windows search. Do you have a Drobo or similar storage device. I bet that Windows search will make that “fun.” What about a desire to locate an actual file on the C: or boot drive? I bet Microsoft will make that fun too. And I could go on? For example, don’t you love Microsoft search syntax? And let’s not forget “unfindable” files. Yeah, that’s a winner too!
How about search that just works, includes Boolean, and provides one click access to sample syntax? That would be fun too.
Stephen E Arnold, March 17, 2022
Microsoft: The Security Supremo Cloud Pitch
February 28, 2022
I read “Microsoft’s New Security Chief Says It Is Time to Take Shelter in the Cloud.” The write up reports:
Microsoft has been hit by a series of high-profile cyber intrusions in recent years. In December 2020, the company said it had been compromised by the hackers behind the cyberattack on SolarWinds Corp.—a group that U.S. officials have linked to the Russian government. Months later, Microsoft’s widely used email product, Exchange, was targeted by a cyberattack that was eventually linked to the Chinese government.
I know. So now Microsoft wants me to trust their cloud service because it is more secure?
What’s interesting is that a former Amazon AWS executive is in charge. Apparently he has addressed assorted security concerns. He is, if true, a fast worker or a faster PR content generator.
The write up points to February 22, 2022, as the day it asserted it would repurpose the Microsoft security products for the Google cloud. Keep in mind that Microsoft security is compatible with Amazon’s cloud.
The write up includes this statement:
In addition to the SolarWinds and Exchange cyberattacks, the company in August had to repair a flaw in the Azure cloud—strategically Microsoft’s most-critical business—after a cybersecurity company found a bug that left customer data exposed. The Azure bug, which was discovered by the cybersecurity company Wiz Inc., rattled some Microsoft customers because it showed how hackers could steal data from thousands of customers by targeting one part of Microsoft’s cloud.
Saying security is different from delivering security. In some ways, Microsoft’s penchant for distraction with the wonky Windows 11 release and then the super spectacular metaverse game type thing have worked.
Now security is back in the spotlight. Oh, just move everything to the cloud. Lock in? Yep. More expensive? For some yes. Put all the eggs in one basket with some security issues? Sure, that makes perfect sense.
If you are doubtful about the cloud, navigate to “Report: 76% of IT Pros Say That Cloud Has Hit a Wall.” The main idea of that write up is that
multicloud, multitool environments have outgrown the tools and platforms that IT leaders currently rely on.
That’s what’s interesting about the Microsoft security PR. Flawed software? Seems possible.
Remember SolarWinds? Remember Exchange Server?
Stephen E Arnold, February 28, 2022
MSFT Insemination Algorithm: Too Much Herbe Matte and Twisted Bolos?
February 28, 2022
Microsoft, what were you thinking? Wired describes “The Case of the Creepy Algorithm that ‘Predicted’ Teen Pregnancy.” Creepy is right. The setting is 2018 Argentina, as legislators were debating whether to decriminalize abortion. (It did finally become legal there in 2020.) We learn:
“The Ministry of Early Childhood in the northern province of Salta and the American tech giant Microsoft presented an algorithmic system to predict teenage pregnancy. They called it the Technology Platform for Social Intervention. … The stated goal was to use the algorithm to predict which girls from low-income areas would become pregnant in the next five years. It was never made clear what would happen once a girl or young woman was labeled as ‘predestined’ for motherhood or how this information would help prevent adolescent pregnancy. The social theories informing the AI system, like its algorithms, were opaque. The system was based on data—including age, ethnicity, country of origin, disability, and whether the subject’s home had hot water in the bathroom—from 200,000 residents in the city of Salta, including 12,000 women and girls between the ages of 10 and 19. Though there is no official documentation, from reviewing media articles and two technical reviews, we know that ‘territorial agents’ visited the houses of the girls and women in question, asked survey questions, took photos, and recorded GPS locations.”
The targets of these intrusions were all poor, and many are members of immigrants or indigenous peoples. Such overbearing treatment is nothing new for those communities, nor is it unusual for Argentina’s women and girls in general. While the government positioned the technology as a way to combat teen pregnancy, it never described how that would work. Critics insist it was actually a way to blame girls and women for their situations with no consideration for context. Like the high rate of sexual violence, for example. In theory, the subjects could have declined to participate, but that would mean defying the ministry that provides them with free vaccinations and milk. A collaboration of journalist Diego Jemio, anthropologist Alexa Hagerty, and Argentine feminist activist and researcher Florencia Aranda, the article provides a detailed historical backdrop against which this affront should be viewed. Navigate to the article for that compelling, and at times enraging, account.
Argentina is eager to become a leader in the AI field. However, unlike the US or the EU, Argentina has no process to determine the impact of AI systems on citizens, never mind adequate regulations. As a result, no formal review of the Technology Platform for Social Intervention’s impact on women and girls was ever produced nor data on its accuracy or outcomes ever published. The authors could not even determine whether the program is still in operation. We suppose transparency is too much to ask from Argentina’s Ministry of Early Childhood. Microsoft, what do you have to say?
Cynthia Murrell, February 28, 2022
-
- Subscribe to Beyond Search
Feature archive
News archive
-
