June 9, 2021
Yep, now it is a “new” Windows. And Teams, the feature rich Word software which struggles to number stuff and keep text and images where the author put them. Plus the security system that will prevent SolarWinds’ missteps and Exchange Server from becoming the lap dog of bad actors. “How Microsoft Fumbled Skype – and Let Zoom Flourish” is an interesting article. The implicit messages in the document are intriguing: Microsoft is big but not really able to handle opportunities like Skype in a way that avoids head shaking and hand wringing.
I marked this passage in the source document:
Although Skype, launched in 2003, has been available nine years longer than Zoom and is owned by tech titan Microsoft, Zoom has effectively left it in its dust. People don’t say “I’ll Skype you” as often as they say “I’ll Zoom you” anymore.
The write up provides some historical color but nailed the reason for Microsoft’s Skype fumble:
In 2011, when Microsoft acquired Skype for US$8.5-billion, Zoom had just launched and Skype already had 100 million users. By 2014, Skype was popular enough to merit inclusion as a verb in the Oxford English Dictionary. And by 2015, it had 300 million users. But Skype’s technology wasn’t well-suited to mobile devices. When Microsoft set about to address that problem, it introduced a host of reliability nightmares for users. It gave them further headaches by redesigning Skype frequently and haphazardly while integrating messaging and video functions.
My experience with the new Skype is that the Teams’ environment is pretty darned confusing. This comment illustrates what happens when management guard rails are not in place for programmers who may have good ideas but cannot cope with the outstanding Microsoft operating systems:
When Microsoft set about to address that problem, it introduced a host of reliability nightmares for users. It gave them further headaches by redesigning Skype frequently and haphazardly while integrating messaging and video functions.
Could this Skype example provide some insight into the security issues Microsoft’s core systems face. I know which company will win the prize for most loved software from a coalition of Eastern European bad actors. Do you? Let’s ask a JEDI knight.
Stephen E Arnold, June 9, 2021
June 9, 2021
I got a kick out of “Microsoft Blames Human Error Amid Suspicion It Censored Bing Results for Tiananmen Square Tank Man.” The tank man reference refers to an individual who stood in front of a tank. Generally this is not a good idea because visibility within tanks is similar to that from a Honda CR-Z. Hold that. The tank has better visibility. Said tank continued forward, probably without noticing a slight impediment.
The story talks not about visibility; its focus is on Microsoft (yep, the SolarWinds’ and new Windows’ outfit). I read:
Throughout Friday afternoon, using the image search function on Microsoft-operated Bing using the words “Tank Man” returned the message, “There are no results for tank man / Check your spelling or try different keywords.” (According to Motherboard, the same is true in other countries outside the U.S., including France and Switzerland.)
DuckDuck and Yahoo search presented a similar no results message. These are metasearch systems eager to portray themselves as much, much more.
Why? The article reports:
Microsoft has done business in China for decades, and Bing is accessible there. Like competitors such as Apple, the company has long complied with the whims of Chinese censors to maintain access to the country’s massive market, and it purges Bing results within China of information its government deems sensitive. However, the company said that blocking image results for “Tank Man” in the U.S. was not intentional and the issue was being addressed. “This is due to an accidental human error and we are actively working to resolve this…”
Could a similar error been responsible for recent security lapses at the Redmond Defender office?
And no smart software, no rules-based instruction, and no filters involved in this curious search result?
Nope. I believe everything I read online about Microsoft. Call me silly.
Stephen E Arnold, June 9, 2021
June 7, 2021
Are there security gaps in new cyber solutions? No one knows. “Expel for Microsoft Automates Security Operations across the Microsoft Tech Stack” states:
Expel for Microsoft automates security operations across the Microsoft tech stack, including Active Directory, AD Identity Protection, Azure, MCAS, Microsoft Defender for Endpoint, Office 365 and Sentinel. Expel connects via APIs and ingests security signals from Microsoft’s products into Expel Workbench, along with other third-party signals you have in place. Expel then applies its own detection engine along with threat intelligence gathered from across its broad customer base to quickly find activity that doesn’t look right – like suspicious logins, data exfiltration, suspicious RDP activity or unusual inbox rules. Specific context and business rules that are unique to your environment enhance these built-in detections as Expel’s detection engine learns what “normal” looks like for your organization.
A third party – Expel in this case – has developed a smart software wrapper with “rules” able to bring order to the rich and somewhat interesting Microsoft security solutions. Think of this as wrapping five or six Radio Shack kits in a single box, affixing appropriate wrapping paper, and delivering it to the lucky person.
With breaches seemingly on the rise, will this solution stem the tide? But what if the kits within the wrapped box have their own issues?
Worth watching because if bad actors come up with new angles, cyber security firms are in the uncomfortable position of reacting and spending more on marketing. Marketing is, as most know, more difficult than creating cyber security solutions which work.
Stephen E Arnold, June 7, 2021
June 2, 2021
Here’s the good news in “SolarWinds Hackers Are Back with a New Mass Campaign, Microsoft Says.” Microsoft and other firms are taking actions to cope with the SolarWinds’ misstep. That’s the gaffe which compromised who knows how many servers, caught the news cycle, and left the real time cyber security threat detection systems enjoying a McDo burger with crow.
I circled this positive statement:
Microsoft security researchers assess that the Nobelium’s spear-phishing operations are recurring and have increased in frequency and scope,” the MSTC post concluded. “It is anticipated that additional activity may be carried out by the group using an evolving set of tactics.
The good news is the word “evolving.” That means that whatever the cyber security wizards are doing is having some impact.
However, the bulk of the write up makes clear that the bad actors (Russian again) are recycling known methods and exploiting certain “characteristics” of what sure seem to be Microsoft-related engineering.
There are some clues about who at Microsoft are tracking this stubbed toe; for example, a vice president of cust0omer security and trust. (I like that word “trust.”)
Several observations:
What’s my take away from the explanation of the security stubbed toe: No solution. Bad actors are on the offensive and vendors and users have to sit back and wait for the next really-no-big-deal breach. Minimization of an “issue” and explaining how someone else spilled the milk will be news again. I think the perpetual motion machine has been discovered in terms of security.
Stephen E Arnold, June 2, 2021
May 28, 2021
The article “How to Disable Telemetry and Data Collection in Windows 10” reveals an important fact. Most Windows telemetry is turned on by default. But the write up does not explain what analyses occur for data on the company’s cloud services or for the Outlook email program. I find this amusing, but Microsoft — despite the SolarWinds and Exchange Server missteps — is perceived as the good outfit among the collection of ethical exemplars of US big technology firms.
I read “Three Years Until We’re in Orwell’s 1984 AI Surveillance Panopticon, Warns Microsoft Boss.” Do the sentiments presented as those allegedly representing the actual factual views of the Microsoft executive Brad Smith reference the Windows 10 telemetry and data collection article mentioned above? Keep in mind that Mr. Smith believed at one time than 1,000 bad actors went after Microsoft and created the minor security lapses which affected a few minor US government agencies and sparked the low profile US law enforcement entities into pre-emptive action on third party computers to help address certain persistent threats.
I chortled when I read this passage:
Brad Smith warns the science fiction of a government knowing where we are at all times, and even what we’re feeling, is becoming reality in parts of the world. Smith says it’s “difficult to catch up” with ever-advancing AI, which was revealed is being used to scan prisoners’ emotions in China.
Now about the Microsoft telemetry and other interesting processes? What about the emotions of a Windows 10 user when the printer does not work after an update? Yeah.
Stephen E Arnold, May 28, 2021
May 26, 2021
How easy will it be for frisky developers and programmers to surf on Microsoft GitHub’s new video feature? My hunch is that it will be pretty easy. The news of this Amazon and YouTube type innovation appears in “Video Uploads Now Available across GitHub.”
The write up states:
At GitHub, we’ve utilized video to more concisely detail complex workflows, show our teammates where we’re blocked, and inspire our colleagues with the next big idea. Today, we’re announcing that the ability to upload video is generally available for everyone across GitHub. Now you can upload
.mp4and.movfiles in issues, pull requests, discussions, and more.
A number of video sites present fascinating technical information. Some of those videos include helpful pointers to even more interesting content. Here’s an example of a screenshot I made from a YouTube video:
The video’s title is “How to Get Sony Vegas Prog 18 for Free *2021* Permanent Activation Pack.” Other services offer similar technical work flow videos.
GitHub is a go to resource for a wide range of content, including penetration testing software similar to that used by some bad actors.
But video is hot, and Microsoft is going for it.
Stephen E Arnold, May 26, 2021
May 20, 2021
I don’t know if the information in “Horrible New Windows 10 Bug Sounds Like the Most Annoying Glitch Ever” is accurate. I find it amusing, particularly for a sophisticated, user centric software company like Microsoft. The write up reports:
According to Microsoft, some Windows users have suddenly been hit by an error that leaves their devices making a highly irritating squeaking sound… After installing KB5000842 or later updates, 5.1 Dolby Digital audio may play containing a high-pitched noise or squeak in certain apps when using certain audio devices and Windows settings.
Squeaking. Like a dog toy, like a rusty hinge, like a criminal explaining who his or her accomplices were, where these individuals live, and their modus operandi? Like the sound of a programmer who gets away with flawed code do he or she could do a Teams call?
Amusing just like the toothless Defender.
Stephen E Arnold, May 20, 2021
May 13, 2021
I noted “Microsoft Partners with Darktrace to Help Customers Combat Cyber Threats with AI.” You may know that Microsoft has been the subject of some attention. No, I am not talking about Windows 10 updates which cause printers to become doorstops. Nope. I am not talking about the fate of a leaner, meaner version of Windows. Yep, I am making a reference to the SolarWinds’ misstep and the alleged manipulation of Microsoft Exchange Server to create a reprise of “waiting on line for fuel.” This was a popular side show in the Washington, DC, area in the mid-1970s.
How does Microsoft address its security PR challenge? There are white papers from Microsoft threat experts. There are meetings in DC ostensibly about JEDI but which may — just by happenstance — bring up the issue of security. No big deal, of course. And Microsoft forms new security-centric partnerships.
The partner mentioned in the write up is Darktrace. The company relies on technology somewhat related to the systems and methods packaged in the Autonomy content processing system. That technology included Bayesian methods, was at one time owned by Cambridge Neurodynamics, and licensed to Autonomy. (A summary of Autonomy is available at this link. The write up points out that Bayesian methods are centuries old and often criticized because humans have to set thresholds for some applications of the numerical recipes. Thus, outputs are not “objective” and can vary as the method iterates.) Darktrace’s origins are in Cambridge and some of the firm’s funding came from Michael Lynch-affiliated Invoke Capital. The firm’s Web page states:
Founded by celebrated technologist and entrepreneur, Dr Mike Lynch OBE, Invoke Capital founds, invests in and advises fast-growing fundamental technology companies in Europe. With deep expertise in identifying and commercializing artificial intelligence research and a close relationship with the University of Cambridge, Invoke exists to realize the commercial possibilities of Britain’s extraordinary science and deep technology base. Since 2012, Invoke has been instrumental in founding, creating and developing prominent technologies, and then finding the right teams to scale them into global businesses. Invoke’s companies include Darktrace, a world-leading cyber AI company that employs more than 1,500 people globally, Luminance, an award-winning machine learning platform for the legal industry, and AI fraud-detection engine, Featurespace. Invoke exited data-driven medicine experts, Sophia Genetics, in 2020.
{The Register provides a run down of some of the legal activity associated with Mr. Lynch at this link. )
The item presenting the tie up of Microsoft and Darktrace states:
Microsoft announced today a new partnership with Darktrace, a UK-based cyber security AI firm that works with customers to address threats using what it describes as “self-learning artificial intelligence”. Darktrace’s threat response system is designed to counter insider threats, espionage, supply chain attacks, phishing, and ransomware. The partnership between Microsoft and Darktrace is meant to give organizations an automated way of investigating threats across multiple platforms. Darktrace’s system works by learning the data within a specific environment as well as how users behave. The goal is to tell which activity is benign or malicious.
For more information about Darktrace, one can consult the firm’s Web site. For a different view, an entity with the handle OneWithCommonSense provides his/her assessment of the system. You can find that document (verified online on May 13, 2021) at this link.
Why is this interesting?
As a side note, Microsoft acquired the Fast Search & Transfer company after there were legal inquiries into the company. That was a company based in Norway. With the Darktrace deal, Microsoft is again looking offshore for solution to what on the surface seems to be the Achilles’ heel of the company’s product portfolio: Its operating system and related services.
Will Darktrace’s technology address the debilitating foot injury Microsoft has suffered? Worth watching because bad actors are having a field day with free ice cream as a result of the revelations related to Microsoft’s security engineering. Windows Defender may get an injection of a technology that caught Dr. Lynch’s eye. Quick is better in my opinion.
Stephen E Arnold, May 13, 2021
May 13, 2021
If I use my imagination, I can hear the comments in the TV room of a fraternity house near the Chambana campus of the University of Illinois. “Dudes, we can make the losers at Sigma Nu look really stupid.” Then the snort, snort, snort of perceived victory over lesser beings.
I thought about this hypothetical bro-moment when I read two stories this morning.
The first is “Microsoft Edge Blocks Firefox Installer, Says It’ll Hurt Your PC.” Firefox has had its share of challenges. There’s the money thing, the management thing, and the number of users thing. Microsoft, the all-time leader in security, has determined that Firefox is allegedly a danger. The write up reports:
“Firefox Installer.exe was blocked because it could harm your device,” the warning read, with users only able to click through to see more details rather than continue the download. Techdows says that all versions of the Firefox Installer, including release, beta, dev, and nightly, appear to be affected, with multiple Reddit threads detailing download issues. Some users were able to download and install Firefox using Edge after disabling Microsoft Defender SmartScreen, a program.
That seems like a predictable response from those who have witnessed commentary in the hypothetical frat house.
The second is “Google: We Put YouTube TV in the Main YouTube App. What Now, Roku?” The idea is that Roku, the hardworking salary man of online video, is going to be reminded that the Google is the top dog. The write up states:
Google announced in a blog post that it was just going to run an end-around on Roku and stick the YouTube TV app in the YouTube app.
No one fools around with Mother Google.
What do these frat mentality actions by two large companies tell us? Perhaps these are routine business practices in the regulation and consequence free datasphere of 2021? Could these actions indicate that fraternity type thinking remains a core part of the technology world in the US? Or is there a darker implication; for instance, these actions are perceived as just what has to be done to ensure that big outfits get larger?
From my point of view, I find the frat-style a reminder that what characterizes those in extended adolescence appears to be the warp and woof of high technology: Competitive products are harmful or too stupid to cope with Googley reality.
Stephen E Arnold, May 13, 2021
May 10, 2021
Just a small item from “Huawei Calls for Closer Public-Private Sector Action to Restore Trust in Technology” in New Zealand. The focus of the write up was on a call by Huawei (yep, the Chinese technology giant viewed with suspicion by some in the US, delivered a message about trust. Here’s the quote from the Huawei professional explaining trust:
As more devices feature connectivity, more services go online, and more critical infrastructures rely on real-time data exchanges, so must governments worldwide ensure that everyone is protected by the highest security standards… We must build strong trust in technology, enabled by a common set of rules, innovations, and progress. Only then can we commit to the sustainable and trustworthy use of technology.
Okay. But the item of information in the article which struck me as important was this passage:
Other speakers from the private sector include Roche board of directors chairman, Christophe Franz, Daimler chairman of the board of management, Ola Källenius, Microsoft chief executive officer, Satya Nadella, and HCL Corporation’s chief executive officer, Roshni Nadar Malhotra. [Emphasis added]
I found it interesting that Microsoft’s CEO shared a podium at a conference about trust. As you may recall, Microsoft experienced a misstep with Exchange Server and has struggled with Windows updates which bedevil some users.
The write up emphasized that “that trust is inherently built on openness and transparency.” Sounds tasty. Trust.
Stephen E Arnold, May 10, 2021
