Microsoft: Technical Excellence Translates to More Excellencerness

February 18, 2021

I found the Microsoft explanation of the SolarWinds’ misstep interesting. CBS circulated some of the information in the interview in “SolarWinds: How Russian Spies Hacked the Justice, State, Treasury, Energy and Commerce Departments.” The point that Windows’ security systems did not detect the spoofing, modifying, and running of Microsoft software was skipped over in my opinion. I loved this statement by Brad Smith, one of the senior executives at the Redmond giant:

When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000.

Then failing to detect the breach which seems to have exploited the fascinating Microsoft software update methods:

I think that when you look at the sophistication of this attacker there’s an asymmetric advantage for somebody playing offense.

Okay, “certainly.” Okay, 1,000.

What if SolarWinds’ misstep was not the largest and most sophisticated hack? Is it possible that an insider or a contractor working from home in another country provided the credentials? What if piggybacking on the wild and wonderful Windows’ update system and method was a cottage industry among some bad actors? What if the idea for the malware was a result of carelessness and assumptions about the “security” of how Microsoft and its partners conducted routine business? What if the bad actors used open source software and some commercial reverse engineering tools, information on hacker forums, and trial and error? Does one need a 1,000 engineers? Microsoft may need that many engineers, but in my experience gained in rural Kentucky, a handful of clever individuals could have made the solar fires burn more brightly. Who can manage 1,000 hackers? I am not sure nation states can get 1,000 cyber warriors to a single conference center at one time or get most to read their email, file reports, and coordinate their code. Some may suggest Russia, China, North Korea, or Iran can do these managerial things in a successful way. Not I. The simplest explanation is often the correct one. Insider, opportunism, and a small team makes more sense to me.

Let me shift gears.

What about the spoofing, modifying, and running of Microsoft software for months, maybe a year, maybe more without detecting the intrusion?

I noted “A Vulnerability in Windows Defender Went Unnoticed for 12 Years.” That write up asserts:

A critical bug in Windows Defender went undetected by both attackers and defenders for some 12 years, before finally being patched last fall. The vulnerability in Microsoft’s built-in antivirus software could have allowed hackers to overwrite files or execute malicious code—if the bug had been found. Let’s be clear—12 years is a long time when it comes to the life cycle of a mainstream operating system, and it’s a heck of a long time for such a critical vulnerability to hide.

Sure, let’s be clear. Microsoft talks security. It issues techno-marketing posts like its late January explanation of the SolarWinds’ misstep which I reported on in the DarkCyber video news program on February 9, 2021.

But perhaps more pointed questions should be asked. I don’t want to know about Team featuritis. I don’t want to know why I should not install certain Windows 10 updates or accept updates like the mandatory update KB4023057. I don’t want to know about folding mobile phones. Nope. None of those things.

I want TV interviewers, CBS “real news” writers, and Microsoft to move beyond marketing chatter, hollow assurances, and techno-babble. Oh, I forgot. The election, Covid, and the Azure cloud JEDI thing. I, like others, need their priorities readjusted.

How many employees and partners told Brad Smith, “You were great in the 60 Minutes interview? Lots I would wager.

Stephen E Arnold, February 18, 2021

Microsoft and the Covid: Microsoft 0. The Covid. 1.

February 16, 2021

I believe that everything on Yahoo is true. The write up “Microsoft System Blamed for N.J. Vaccine-Booking Glitches” must be viewed as providing direct insight into the excellence of Microsoft’s engineering. In this week’s DarkCyber, I gave my interpretation of Microsoft’s explanation of the SolarWinds’ affair, and I am delighted to have a different topic about the Redmond behemoth. (I am aware that the odd folding phone has been discounted and that Microsoft thinks Australia’s approach to the Google is the best thing since Windows 3.11.

The New Jersey story is that Microsoft software does not allow the state to schedule Covid injections. I noted:

Five weeks of stumbles by Microsoft Corp. on New Jersey’s Covid-19 vaccine-booking software have left the state pushing for daily fixes on almost every part of the system and doubting it will ever operate as intended…

The write up points out that New Jersey’s love affair with Microsoft was in bloom in May 2021:

“To everyone at Microsoft, who has been a vital partner to our information technology team, New Jersey thanks you,” Murphy [Governor of the great state] said at a May 9 virus briefing in Trenton.

Now the love birds are pecking at one another:

Eight months later, though, on Jan. 6, Persichilli [New Jersey Health Commissioner]called out Microsoft by name in one of the governor’s press briefings. She said “enormous interest in receiving the vaccine” caused “capacity challenges” with the state’s Microsoft-run system.

Some questions crossed my mind:

  1. Has Microsoft shifted from delivering stable solutions to talking about solutions which require additional work to make licensees bubble with enthusiasm?
  2. Are the issues with the Covid system similar to those which allowed Windows Defender and its Azure complement to overlook the SolarWinds’ breach for more than a six months, a year, maybe more?
  3. What are the implications of the Covid system hiccup and the JEDI solution which Microsoft has captured from the Bezos bulldozer and other outfits jockeying for a chunk of the multi-billion dollar US government contract?

If anyone from Microsoft is reading this essay, please, push back using the comments function of the blog. At age 77, I really don’t want to engage with thumbtypers in a text message, email, or phone call joust.

Giblets! Goose feathers! What does New Jersey get for dinner on the Jersey shore sitting fix feet apart and wearing a really nifty MSFT mask?

Stephen E Arnold, February 16, 2021

The SolarWinds Misstep: Who Else Walked Off the Cliff?

February 2, 2021

Hack Said to Extend Beyond SolarWinds” is a troubling “real” news story. The idea that bad actors may have gained access to commercial and government servers for more than a year was troubling. According to the write up, the data breach has another dimension:

Close to a third of the victims didn’t run the SolarWinds Corp. software initially considered the main avenue of attack for the hackers…

What was the shared point of vulnerability?

The write up dances around the topic, but DarkCyber believes that Microsoft software is the common factor for the breaches, a fact presented at the end of the article:

Mr. Wales [US government cyber security wizard] said his [Cyber Security and Infrastructure] agency isn’t aware of cloud software other than Microsoft’s targeted in the attack.

The Wall Street Journal article reporting a government official’s public statement is located behind a paywall.

Is Microsoft capable of providing cloud and desktop services which are secure. Will a rock band craft a TikTok video based on a remake of the Platters’ hit song the Great Pretender modified to the Great Defender?

Yes I’m the great defender
Just laughin’ and gay like a clown
I seem to be what I’m not, you see
I’m showing my code like a crown
Pretending that JEDI’s still around.

Apologies to Buck Ram.

Stephen E Arnold, February 2, 2021

Microsoft Security: Perhaps Revenue Does Not Correlate with Providing Security?

February 1, 2021

I want to keep this brief. Microsoft makes money from the sale of security services. “Microsoft CEO Satya Nadella: There Is a Big Crisis Right Now for cybersecurity” reports:

For the first time on Tuesday, Microsoft disclosed revenue from its various security offerings as part of its quarterly earnings — $10 billion over the last 12 months. That amounts to a 40% year-over-year jump in the growing security business, making up roughly 7% of the company’s total revenue for the previous year.

Here’s a fascinating passage:

Microsoft itself was also hacked, though no customer data was breached. A Reuters report indicated that, as part of the hack of the National Telecommunications and Information Agency, Microsoft’s Office 365 software was attacked, allowing the intruders to monitor agency emails for months. Microsoft, however, said at the time that it has identified no vulnerabilities in its cloud or Office software.

Er, what?

I don’t want to rain on this financial parade but The Register, a UK online information service, published “Unsecured Azure Blob Exposed 500,000+ Highly confidential Docs from UK Firm’s CRM Customers.” Furthermore, the Microsoft security services did not spot the SolarWinds’ misstep, which appears to have relied upon Microsoft’s much-loved streaming update service. The euphemism of “supply chain” strikes me as a way to short circuit criticism of a series of technologies which are easily exploited by at least one bad actor involved in the more than 12 month undetected breach of core systems at trivial outfits like US government agencies.

Net net: Generating revenue from security does not correlate with delivering securing or engineering core services to prevent breaches. And what about the failure to detect? Nifty, eh?

The February 9, 2021, DarkCyber video program takes a look at another of Microsoft’s remarkable dance steps related to the SolarWinds’ misstep. Do si do, promenade, and roll away to a half sashay! Ouch. Better watch where you put that expensive shoe.

Stephen E Arnold, February 1, 2021

Microsoft: Maybe Quantum Computing Can Help Out Defender?

February 1, 2021

The February 9, DarkCyber video news program contains a short item about Microsoft’s January 20, 2021, explanation of the SolarWinds’ misstep. Spoiler: Hey, Microsoft was not responsible. If you are interested in the MSFT explanation with some remarkable self promotion for its security prowess, navigate to this link. But to the matter at hand. Microsoft security will no doubt benefit from its latest technical innovation. “Microsoft Claims Breakthrough in Quantum Computing” reports:

This [MSFT and University of Sydney] team has developed a cryogenic quantum control platform that uses specialized CMOS circuits to take digital inputs and generate many parallel qubit control signals. The chip that powers this control platform is called Gooseberry.

Does this beg the inclusion of the Intel Horse Feathers — no, strike that — Intel Horse Ridge technology?

The write up continues:

There’s no doubt that both Gooseberry and the cryo-compute core represent big steps forward for quantum computing, and having these concepts peer-reviewed and validated by other scientists is another leap ahead.

I hope the technology innovators surge ahead to apply the “breakthrough” to the Redmond giant’s security for Azure and Windows 10, which of course were not the SolarWinds’ problem. The gilded lily language “supply chain” was maybe, a little, sort of tangentially involved.

Supply chain? Gooseberries and horse feathers perhaps?

Stephen E Arnold, February

High School Science Club Management: The Microsoft GitHub Example

January 18, 2021

Anyone who reads Beyond Search knows that I eschew the old saws of management consulting. No Druckerisms here. I go for more evocative terminology such as HSSCMM or high school science club management methods. The high school science club was the last refuge for those who were not “into” the flow of athletes, elected school representatives, and doing just enough to pass a class in home economics. Nope, the HSSC was THE place for those who knew better than anyone else what was important, knew better how to accomplish a task, and knew better than anyone the wonderfulness of such an esteemed organization.

Thus, a HSSCMM is a rare thing.

I believe I have spotted an example ably described in “GitHub Admits Significant Error of Judgment…”  I would point out that GitHub is a Microsoft property and has been since late 2018, sufficient time for the outstanding culture of the Redmond giant to diffuse into the code repository/publishing entity.

The “error” concerns a knee jerk response to a person’s post using a forbidden word. After the employee was terminated, others in the science club management team decided that the dismissal was a misstep. Bigger or smaller than the SolarWinds’ modest toe bump? Who knows.

But, by golly, the Microsoft-GitHub science club alums convened and took a decision: Fire the personnel manager (sometimes called a people manager or a human resources leader).

The management precepts I derive from this fascinating chain of events are:

  • Be deciders. Don’t dally. Then without too much hand waving reverse course. The science club precept is that lesser entities will not recall the change of direction.
  • Seek scapegoats. Use the Teflon approach so that that which is thrown slides upon the lesser entity, in this case, the amusing people manager function.
  • Avoid linking the actions of one part of the science club to the larger science club of which the smaller is merely a decorative ornament; that is, omit the fact that GitHub is owned by Microsoft.

I may have these precepts in a poorly formed state, but I think this GitHub admits article provides a provocative case example. I wonder if Mr. Drucker would agree.

Stephen E Arnold, January 18, 2021

Microsoft Teams: More, More, More

January 12, 2021

Last week I was on a Zoom video call. Zoom is pretty easy to use. What’s interesting is that the cyber security organizer of the meeting could not figure out how to allow a participant to share a screen. Now how easy is it to use Microsoft Teams compared to Zoom? In my opinion, Microsoft Teams is a baffler. The last thing Teams needs is another dose of featuritis. Teams and Zoom both need to deal with the craziness of the existing features and functions.

I have given up on Zoom improving its interface. The tiny gear icon, one of the most used components, is tough for some people to spot. Teams has a couple of donkeys laden with wackiness; for example, how about those access controls? Working great for new users, right? But Microsoft who is busy reinventing itself from Word and SharePoint wants to be the super Slack of our Rona-ized world. Sounds good? Yep, ads within Office 10 are truly an uplifting experience for individuals who use Windows 10 to sort of attempt work. Plus, Teams adds Channel calendars. Great! More calendars! Many Outlooks, many search systems, and now calendars! In Teams!

I noted this BBC write up: “Pupils in Scotland Struggle to Get Online Amid Microsoft Issue.” I thought teachers, parents were there to help. The Beeb states:

A number of schools, pupils and parents have reported the technology running slowly or not at all.

What’s Microsoft say? According to the Beeb:

A Microsoft spokesperson said: “Our engineers are working to resolve difficulties accessing Microsoft Teams that some customers are experiencing.” When pressed on whether demand as a result of home schooling was causing the issue, Microsoft declined to comment.

Just like the SolarWinds’ misstep? Nope, just working to make Teams more interesting. Navigate to “Microsoft Teams Is Getting a More Engaging Experience for Meetings Soon.” If the write up is accurate, that’s exactly what Microsoft has planned for its Zoom killer. The write up reports an item from the future:

Microsoft is working on making Teams meetings more engaging using AI and a “Dynamic View” to give more control over meeting presentations.

And what, pray tell, is a more engaging enhancement or two? I learned that in the future (not yet determined):

The Dynamic view is said to let you see what’s being shared and other people on the call at the same time. With the call being automatically optimized in a way that lets participants both see the important information that’s being shared and the people presenting it in a satisfying way.

News flash. The features appear to add controls (hooray, more controls) and the presentation seems just fine for those high-resolution displays measured in feet, not inches.

Bulletin. Just in. More people are using mobile devices than desktop computers. How is Teams on a mobile device with a screen measured in inches, not feet?

Oh, right. Featuritis and tiny displays. Winners. Maybe not for someone over the age of 45, but that’s an irrelevant demographic, right?

Stephen E Arnold, January 12, 2021

Microsoft: Information Released Like a Gentle Solar Wind

December 31, 2020

I read the New Year’s Eve missive from Microsoft, a company which tries to be “transparent, “Microsoft Internal Solorigate Investigation Update.” I am not sure, but I think the Microsoft Word spell checker does not know that SolarWinds is not spelled Solarigate. Maybe Microsoft is writing about some other security breach or prefers a neologism to end the fine year 2020?

Here’s a passage I found interesting:

Our investigation has, however, revealed attempted activities beyond just the presence of malicious SolarWinds code in our environment. This activity has not put at risk the security of our services or any customer data, but we want to be transparent and share what we’re learning as we combat what we believe is a very sophisticated nation-state actor. We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated. [Bold added to highlight intriguing statements]

To me, an old person who lives in rural Kentucky, it sure sounds as if Microsoft is downplaying:

  • Malicious code within Microsoft’s systems
  • The code performed “unusual activity” whatever this actually means I don’t know
  • The malicious code made it to MSFT source code repositories
  • Whatever happened has allegedly been fixed up.

What’s that unknown unknowns idea? Microsoft may be writing as if there are no unknown unknowns related to the SolarWinds misstep.

If you want more timely Solarigate misstep info, here’s what Microsoft suggests as a New Year’s Eve diversion:

For the up-to-date information and guidance, please visit our resource center at https://aka.ms/solorigate.

Stephen E Arnold, December 31, 2020

Score Your Business Meetings: I Usually Award Fs

December 10, 2020

COVID-19 made Zoom a necessary tool. YouTube and TikTok are filled with Zoom call mistakes from students pranking classes, pets interrupting calls, and people forgetting to wear pants. While Zoom inadvertently changed the way business meetings are conducted, it has not changed how boring they are. TechSpot reports that emotions might change when it comes to meetings because “Microsoft Patents Technology That Can ‘Score’ Meetings Based On Facial Expressions And Body Language.”

Technologists are already obsessed with sympathetic metadata, AI mining the Internet for emotional content, while YouTubers and other streamers are equally obsessed with positive feedback and gaining subscribers. Microsoft has combined both these trends into an “insight computer system” that relies on AI to interpret meeting participants and scores them. The scoring system takes body language, facial expressions, room temperature, time of day, and attendance numbers into consideration.

Business meetings are boring and usually do not augment productivity. Remote working has changed the game, because attendees can goof off more than when they are physically present. Microsoft designed the sentimental conference rating system to analyze participants and help businesses determine if a meeting was successful. It sounds more like a Orwellian monitoring tool:

“GeekWire notes that the company was criticized for enabling what appears to be workplace surveillance when it rolled out its “Productivity Score” feature in October. Wolfie Christl of the independent Cracked Labs digital research institute in Vienna, Austria, writes that it allows managers to see the “number of days an employee has been sending emails, using the chat, using ‘mentions’ in emails etc,” turning Microsoft 365 into a full-fledged workplace surveillance tool. Microsoft, of course, insists that Productivity Score does not spy on workers.”

Microsoft has reversed course, after asserting that its tools are not used to spy on people. Good to know. I score my most recent meeting an F.

Whitney Grace, December 10, 2020

Teams: Its Future Seems to Be Emulating the Feature-itis of MSFT Word

December 10, 2020

Someone asked me to test Zoom in 2016, maybe earlier. It was a lot more useful than Freeconference.com’s IBM video service which was available to me at the time. Zoom is getting more cluttered. I have to deal with automated calendar, endless updates, icon litter, and weird controls scattered across the Web site, the app for my Mac Mini, and the Web browser implementation. I can record and probably acquire a Zoom brain implant add in.

But Microsoft Teams makes Zoom’s accretion of wonkiness look very 16th century. I read “Features Added to Microsoft Teams in November 2020 Update.” My reaction was a question, “Has Microsoft discovered its next Microsoft Office?” (I was tempted to mention Microsoft Bob and Microsoft SharePoint, but I de-enthusiasmed myself.)

What’s Teams do? For starters, you can check out Microsoft’s explanation of “more ways to be a team.” Typical of thumbtypers’ marketing woo woo, Teams is linked to Microsoft 365. Okay, I get it a subscription and/or volume licensing with a dollop of lock in. Imagine. meet, chat, call, and collaborate in just one place. Also, one can:

  • Instantly go from group chat to video call with the touch of a button.
  • Securely connect, access, share, and coauthor files in real time.
  • Stay organized by keeping notes, documents, and your calendar together.

However, Teams is an application environment too. The November 2020 write up points out:

Microsoft now made the new Power Apps app for Teams generally available. It allows you to create and deploy custom apps without leaving Teams. With the straightforward , embedded graphical app studio, it’s never been easier to create low code apps for Teams. you’ll also harness immediate value from inbuilt templates just like the Great Ideas or Inspections apps, which may be deployed in one click and customized easily. The new Power Apps app for Teams are often backed by a replacement relational datastore – Dataverse for Teams.

The “dataverse.” That’s similar to my term “datasphere,” but the datasphere exists and includes the dataverse in my opinion.

Yep, the “world” of Microsoft. What’s interesting is that Salesforce understands that Microsoft’s response to Zoom may be the start of a new bit thing. Even Amazon has joined the party with its mostly ignored Chime thing. (Amazon AWS provides the zoom for Zoom, so for now, the Bezos bulldozer is carving new revenue paths in other markets.) And Google is active in this sector as well, but for the life of me, I cannot recall the name of the conference/messaging service du jour. Google sells ads and will probably get serious when a US government Department of Energy conference call can be enhanced with an advertisement from Duke Energy or Exxon).

One thing is clear in my opinion: Microsoft Teams has the feature-itis affliction. I was at a Microsoft meeting years ago when one of the Softies pointed out that 95 percent of Word users relied on fewer than 10 functions.

What do I do when I use Zoom? Participate in a video call. If I need to take notes, I use a pencil and paper. If I need to add an event to my calendar, I write it in my monthly planner. If I want to zone out, I post a background that shows me looking at the camera and nodding.

Keep it simple? Not likely.

Stephen E Arnold, December 10, 2020

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta