• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

 Subscribe

There Must Be a Fix? Sorry. Nope.

This essay is the work of a dinobaby. Unlike some folks, no smart software improved my native ineptness.

I enjoy stories like “Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says.” It combines a number of fascinating elements; for example, corporate green, Russia, a whistleblower, and the security of the United States. Figuring out who did what to whom when and under what circumstances is not something a dinobaby at my pay grade of zero can do. However, I can highlight some of the moving parts asserted in the write up and pose a handful of questions. Will these make you feel warm and fuzzy? I hope not. I get a thrill capturing the ideas as they manifest in my very aged brain.

The capture officer proudly explains to the giant corporation, “You have won the money?” Can money buy security happiness? Answer: Nope. Thanks, MSFT Copilot. Good enough, the new standard of excellence.

First, what is the primum movens for this exposé? I think that for this story, one candidate is Microsoft. The company has to decide to do what slays the evil competitors, remains the leader in all things smart, and generates what Wall Street and most stakeholders crave: Money. Security is neither sexy nor a massive revenue producer when measured in terms of fixing up the vulnerabilities in legacy code, the previous fixes, and the new vulnerabilities cranked out with gay abandon. Recall any recent MSFT service which may create a small security risk or two? Despite this somewhat questionable approach to security, Microsoft has convinced the US government that core software like PowerPoint definitely requires the full panoply of MSFT software, services, features, and apps. Unfortunately articles like “Microsoft Chose Profit Over Security” converts the drudgery of cyber security into a snazzy story. A hard worker finds the MSFT flaw, reports it, and departs for a more salubrious work life. The write up says:

U.S. officials confirmed reports that a state-sponsored team of Russian hackers had carried out SolarWinds, one of the largest cyberattacks in U.S. history. They used the flaw Harris had identified to vacuum up sensitive data from a number of federal agencies, including, ProPublica has learned, the National Nuclear Security Administration, which maintains the United States’ nuclear weapons stockpile, and the National Institutes of Health, which at the time was engaged in COVID-19 research and vaccine distribution. The Russians also used the weakness to compromise dozens of email accounts in the Treasury Department, including those of its highest-ranking officials. One federal official described the breach as “an espionage campaign designed for long-term intelligence collection.”

Cute. SolarWinds, big-money deals, and hand-waving about security. What has changed? Nothing. A report criticized MSFT; the company issued appropriate slick-talking, lawyer-vetted, PR-crafted assurances that security is Job One. What has changed? Nothing.

The write up asserts about MSFT’s priorities:

the race to dominate the market for new and high-growth areas like the cloud drove the decisions of Microsoft’s product teams. “That is always like, ‘Do whatever it frickin’ takes to win because you have to win.’ Because if you don’t win, it’s much harder to win it back in the future. Customers tend to buy that product forever.”

I understand. I am not sure corporations and government agencies do. That PowerPoint software is the go-to tool for many agencies. One high-ranking military professional told me: “The PowerPoints have to be slick.” Yep, slick. But reports are written in PowerPoints. Congress is briefed with PowerPoints. Secret operations are mapped out in PowerPoints. Therefore, buy whatever it takes to make, save, and distribute the PowerPoints.

The appropriate response is, “Yes, sir.”

So what’s the fix? There is no fix. The Microsoft legacy security, cloud, AI “conglomeration” is entrenched. The Certified Partners will do patch ups. The whistleblowers will toot, but their tune will be downed out in the post-contract-capture party at the Old Ebbitt Grill.

Observations:

1. Third-party solutions are going to have to step up. Microsoft does not fix; it creates.
2. More serious breaches are coming. Too many nation-states view the US as a problem and want to take it down and put it out.
3. Existing staff in the government and at third-party specialist firms are in “knee jerk mode.” The idea of pro-actively getting ahead of the numerous bad actors is an interesting thought experiment. But like most thought experiments, it can morph into becoming a BFF of Don Quixote and going after those windmills.

Net net: Folks, we have some cyber challenges on our hands, in our systems, and in the cloud. I wish reality were different, but it is what it is. (Didn’t President Clinton define “is”?)

Stephen E Arnold, June 20, 2024

Google and Microsoft: The Twinning Is Evident

This essay is the work of a dinobaby. Unlike some folks, no smart software improved my native ineptness.

Google and Microsoft have some interesting similarities. Both companies wish they could emulate one another’s most successful products. Microsoft wants search and advertising revenue. Google wants a chokehold on the corporate market for software and services. The senior executives have similar high school academic training. Both companies have oodles of legal processes with more on the horizo9n. Both companies are terminating with extreme prejudice employees. Both companies seem to have some trust issues. You get the idea.

Some neural malfunctions occur when one get too big and enjoys the finer things in life like not working on management tasks with diligence. Thanks, MSFT Copilot. Good enough

Google and Microsoft are essentially morphing into mirrors of one another. Is that a positive? From an MBA / bean counter point of view, absolutely. There are some disadvantages, but they are minor ones; for example, interesting quasi-monopoly pricing options, sucking the air from the room for certain types of start ups, and having the power of a couple of nation-states. What could go wrong? (Just check out everyday life. Clues are abundant.)

How about management methods which do not work very well. I want to cite two examples.

Google is scaling back its AI search plans after the summary feature told people to eat glue. How do I, recently dubbed scary grandpa cyber by an officer at the TechnoSecurity & Digital Forensics Conference in Wilmington, North Carolina, last week? The answer is that I read “Google Is Scaling Back Its AI Search Plans after the Summary Feature Told People to Eat Glue.” This is a good example of the minimum viable product not be minimal enough and certainly not viable. The write up says:

Reid [a Google wizard] wrote that the company already had systems in place to not show AI-generated news or health-related results. She said harmful results that encouraged people to smoke while pregnant or leave their dogs in cars were “faked screenshots.” The list of changes is the latest example of the Big Tech giant launching an AI product and circling back with restrictions after things get messy.

What a remarkable tactic. Blame the “users” and reducing the exposure of the online ad giant’s technological prowess. I think these two tactics illustrate the growing gulf between “leadership” and the poorly managed lower level geniuses who toil at Googzilla’s side.

I noted a weird parallel with Microsoft illustrating a similar disconnect between the Microsoft’s carpetland dwellers and those working in the weird disconnected buildings on the Campus. This disaster of a minimum viable product or MVP was rolled out with much fanfare at one of Microsoft’s many, hard-to-differentiate conferences. The idea was one I heard about decades ago. The individual with whom I associate the idea once worked at Bellcore (one of the spin offs of Bell Labs after Judge Green created the telecommunications wonderland we enjoy today. The idea is a surveillance dream come true — at least for law enforcement and intelligence professionals. MSFT software captures images of a users screen, converts the bitmap to text, and helpfully makes it searchable. The brilliant Softie allegedly suggested in “When Asked about Windows Recall Privacy Concerns, Microsoft Researcher Gives Non-Answer

Microsoft’s Recall feature is being universally slammed for the privacy implications that come from screenshotting everything you do on a computer. However, at least one person seems to think the concerns are overblown. Unsurprisingly, it’s Microsoft Research’s chief scientist, who didn’t really give an answer when asked about Recall’s negative points.

Then what did a senior super manager do? Answer: Back track like crazy. Here’s the passage:

Even before making Recall available to customers, we have heard a clear signal that we can make it easier for people to choose to enable Recall on their Copilot+ PC and improve privacy and security safeguards. With that in mind we are announcing updates that will go into effect before Recall (preview) ships to customers on June 18.

The decision could have been made by a member of the Google leadership team. Heck, may the two companies’ senior leadership are on a mystical brain wave and think the same thoughts. Which is the evil twin? I will leave that to you to ponder.

Several observations are warranted:

• For large, world-affecting companies, senior managers are simply out of touch with [a] their product development teams and [b] their “users.”
• The outfits may be Wall Street darlings, but are their other considerations to weigh?The companies have been sufficiently large their communication neurons are no longer reliable. The messages they emit are double speak at best and PR speak at their worst.
• The management controls are not working. One can delegate when one knows those in other parts of the organization make good decisions. What’s evident is that a lack of control, commitment to on point research, and good judgment illustrate a breakdown of the nervous system of these companies.

Net net: What’s ahead? More of the same dysfunction perhaps?

Stephen E Arnold, June 14, 2024

Telegram: No Longer Just Mailing It In

This essay is the work of a dinobaby. Unlike some folks, no smart software improved my native ineptness.

Allegedly about 900 million people “use” Telegram. More are going to learn about the platform as the company comes under more European Union scrutiny, kicks the tires for next-generation obfuscation technology, and become a best friend of Microsoft… for now. “Telegram Gets an In-App Copilot Bot” reports:

Microsoft has added an official Copilot bot within the messaging app Telegram, which lets users search, ask questions, and converse with the AI chatbot. Copilot for Telegram is currently in beta but is free for Telegram users on mobile or desktop. People can chat with Copilot for Telegram like a regular conversation on the messaging app. Copilot for Telegram is an official Microsoft bot (make sure it’s the one with the checkmark and the username @CopilotOfficialBot).

You can “try it now.” Just navigate to Microsoft “Copilot for Telegram.” At this location, you can:

Meet your new everyday AI companion: Copilot, powered by GPT, now on Telegram. Engage in seamless conversations, access information, and enjoy a smarter chat experience, all within Telegram.

A dinobaby lecturer explains the Telegram APIs and its bot function for automating certain operations within the Telegram platform. Some in the class are looking at TikTok, scrolling Instagram, or reading about a breakthrough in counting large numbers of objects using a unique numerical recipe. But Telegram? WhatsApp and Signal are where the action is, right? Thanks, MSFT Copilot. You are into security and now Telegram. Keep your focus, please.

Next week, I will deliver a talk about Telegram and some related information about obfuscated messaging at the TechnoSecurity & Digital Forensics Conference. I no longer do too many lectures because I am an 80 year old dinobaby, and I hate flying and standing around talking to people 50 years younger than I. However, my team’s research into end-to-end encrypted messaging yielded some interesting findings. At the 2024 US National Cyber Crime Conference about 260 investigators listened to my 75 minute talk, and a number of them said, “We did not know that.” I will also do a Telegram-centric lecture at another US government event in September. But in this short post, I want to cover what the “deal” with Microsoft suggests.

Let’s get to it.

Telegram operates out of Dubai. The distributed team of engineers has been adding features and functions to what began as a messaging app in Russia. The “legend” of Telegram is an interesting story, but I remain skeptical about the company, its links with a certain country, and the direction in which the firm is headed. If you are not familiar with the service, it has morphed into a platform with numerous interesting capabilities. For some actors, Telegram can and has replaced the Dark Web with Telegram’s services. Note: Messages on Telegram are not encrypted by default as they are on some other E2EE messaging applications. Examples include contraband, “personal” services, and streaming video to thousands of people. Some Telegram users pay to get “special” programs. (Please, use your imagination.)

Why is Telegram undergoing this shift from humble messaging app to a platform? Our research suggests that there are three reasons. I want to point out that Pavel Durov does not have a public profile on the scale of a luminary like Elon Musk or Sam AI-Man, but he is out an about. He conducted an “exclusive” and possibly red-herring discussion with Tucker Carlson in April 2024. After the interview, Mr. Pavlov took direct action to block certain message flows from Ukraine into Russia. That may be one reason: Telegram is actively steering information about Ukraine’s view of Mr. Putin’s special operation. Yep, freedom.

Are there others? Let me highlight three:

1. Mr. Pavlov and his brother who allegedly is like a person with two PhDs see an opportunity to make money. The Pavlovs, however, are not hurting for cash.
2. American messaging apps have been fat and lazy. Mr. Pavlov is an innovator, and he wants to make darned sure that he rungs rings around Signal, WhatsApp, and a number of other outfits. Ego? My team thinks that is part of Mr. Pavlov’s motivation.
3. Telegram is expanding because it may not be an independent, free-wheeling outfit. Several on my team think that Mr. Pavlov answers to a higher authority. Is that authority aligned with the US? Probably not.

Now the Microsoft deal?

Several questions may get you synapses in gear:

1. Where are the data flowing through Telegram located / stored geographically? The service can regenerate some useful information for a user with a new device.
2. Why tout freedom and free speech in April 2024 and several weeks later apply restrictions on data flow? Does this suggest a capability to monitor by user, by content type, and by other metadata?
3. Why is Telegram exploring additional network enhancements? My team thinks that Mr. Pavlov has some innovations in obfuscation planned. If the company does implement certain technologies freely disclosed in US patents, what will that mean for analysts and investigators?
4. Why a tie up with Microsoft? Whose idea was this? Who benefits from the metadata? What happens if Telegram has some clever ideas about smart software and the Telegram bot function?

Net net: Not too many people in Europe’s regulatory entities have paid much attention to Telegram. The entities of interest have been bigger fish. Now Telegram is growing faster than a Chernobyl boar stuffed on radioactive mushrooms. The EU is recalibrating for Telegram at this time. In the US, the “I did not know” reaction provides some insight into general knowledge about Telegram’s more interesting functions. Think pay-to-view streaming video about certain controversial subjects. Free storage and data transfer is provided by Telegram, a company which does not embrace the Netflix approach to entertainment. Telegram is, as I explain in my lectures, interesting, very interesting.

Stephen E Arnold, May 29, 2024

Copilot: I Have Control Now, Captain. Relax, Chill

This essay is the work of a dinobaby. Unlike some folks, no smart software improved my native ineptness.

Appearing unbidden on Windows devices, Copilot is spreading its tendrils through businesses around the world. Like a network of fungal mycorrhizae, the AI integrates itself with the roots of Windows computing systems. The longer it is allowed to intrude, the more any attempt to dislodge it will harm the entire ecosystem. VentureBeat warns, “Ceding Control: How Copilot+ and PCs Could Make Enterprises Beholden to Microsoft.”

Writer James Thomason traces a gradual transition: The wide-open potential of the early Internet gave way to walled gardens, the loss of repair rights, and a shift to outside servers controlled by cloud providers. We have gradually ceded control of both software and hardware as well as governance of our data. All while tech companies make it harder to explore alternative products and even filter our news, information, and Web exploration.

Where does that put us now? AI has ushered in a whole new level of dominion for Microsoft in particular. Thomason writes:

“Microsoft’s recently announced ‘Copilot+ PCs’ represent the company’s most aggressive push yet towards an AI-driven, cloud-dependent computing model. These machines feature dedicated AI processors, or ‘NPUs’ (neural processing units), capable of over 40 trillion operations per second. This hardware, Microsoft claims, will enable ‘the fastest, most intelligent Windows PC ever built.’ But there’s a catch: the advanced capabilities of these NPUs are tightly tethered to Microsoft’s cloud ecosystem. Features like ‘Recall,’ which continuously monitors your activity to allow you to quickly retrieve any piece of information you’ve seen on your PC, and ‘Cocreator,’ which uses the NPU to aid with creative tasks like image editing and generation, are deeply integrated with Microsoft’s servers. Even the new ‘Copilot’ key on the keyboard, which summons the AI assistant, requires an active internet connection. In effect, these PCs are designed from the ground up to funnel users into Microsoft’s walled garden, where the company can monitor, influence and ultimately control the user experience to an unprecedented degree. This split-brain model, with core functionality divided between local hardware and remote servers, means you never truly own your PC. Purchasing one of these AI-driven machines equals irrevocable subjugation to Microsoft’s digital fiefdom. The competition, user choice and ability to opt out that defined the PC era are disappearing before our eyes.”

So what does this mean for the majority businesses that rely on Microsoft products? Productivity gains, yes, but at the price of a vendor stranglehold, security and compliance risks, and opaque AI decision-making. See the article for details on each of these.

For anyone who doubts Microsoft would be so unethical, the write-up reminds us of the company’s monopolistic tendencies. Thomason insists we cannot count on the government to intervene again, considering Big Tech’s herculean lobbying efforts. So if the regulators are not coming to save us, how can we defy Microsoft dominance? One can expend the effort to find and utilize open hardware and software alternatives, of course. Linux is a good example. But a real difference will only be made with action on a larger scale. There is an organization for that: FUTO (the Fund for Universal Technology Openness). We learn:

“One of FUTO’s key strategies is to fund open-source versions of important technical building blocks like AI accelerators, ensuring they remain accessible to a wide range of actors. They’re also working to make decentralized software as user-friendly and feature-rich as the offerings of the tech giants, to reduce the appeal of convenience-for-control tradeoffs.”

Even if and when those building blocks are available, resistance will be a challenge. It will take mindfulness about technology choices while Microsoft dangles shiny, easier options. But digital freedom, Thomason asserts, is well worth the effort.

Cynthia Murrell, May 29, 2024

Apple Fan Misses the Obvious: MSFT Marketing Is Tasty

This essay is the work of a dinobaby. Unlike some folks, no smart software improved my native ineptness.

I love anecdotes seasoned investigators offer at law enforcement and intelligence conferences. Statements like “I did nothing wrong” are accompanied by a weapon in a waistband. Or, “You can take my drugs.” Yep, those are not informed remarks in some situations. But what happens when poohbahs and would-be experts explain in 2,600 words how addled Microsoft’s announcements were at its Build conference. “Microsoft’s Copilot PC and the M3 Mac Killer Myth” is an interesting argumentative essay making absolutely clear as fresh, just pressed apple cider in New Hampshire. (Have you ever seen the stuff?)

The Apple Cider judge does not look happy. Has the innovation factory failed with filtration? Thanks, MSFT Copilot. How is that security initiative today?

The write up provides a version of “tortured poet” writing infused with techno-talk. The object of the write up is to make as clear as the aforementioned apple cider several points to which people are not directing attention; to wit:

• Microsoft has many failures; for example, the Windows Phone, Web search, and, of course, crappy Windows in many versions
• Microsoft follows what Apple does; for example, smart software like facial recognition on a user’s device
• Microsoft fouled up with its Slate PC and assorted Windows on Arm efforts.

So there.

Now Microsoft is, according to the write up:

Today, Microsoft is doing the exact same lazy thing to again try to garner some excitement about legacy Windows PCs, this time by tacking an AI chat bot. And specifically, the Bing Chat bot nobody cared about before Microsoft rebranded it as Copilot. Counting the Surface tablet and Windows RT, and the time Microsoft pretended to "design" its own advanced SoC just like Apple by putting RAM on a Snapdragon, this must be Microsoft’s third major attempt to ditch Intel and deliver something that could compete with Apple’s iPad, or M-powered Macs, or even both.

The article provides a quick review of the technical innovations in Apple’s proprietary silicon. The purpose of the technology information is to make as clear as that New Hampshire, just-pressed juice that Microsoft will continue its track record of fouling up. The essay concludes with this “core” statement flavored with the pungency of hard cider:

Things incrementally change rapidly in the tech industry, except for Microsoft and its photocopy culture.

Interesting. However, I want to point out that Microsoft created a bit of a problem for Google in January 2023. Microsoft’s president announced its push into AI. Google, an ageing beastie, was caught with its claws retracted. The online advertising giant’s response was the Sundar & Prabhakar Comedy Show. It featured smart software which made factual errors, launched the Code Red or whatever odd ball name Googlers assigned to the problem Microsoft created.

Remember. The problem was not AI. Google “invented” some of the intestines of OpenAI’s and Microsoft’s services. The kick in the stomach was marketing. Microsoft’s announcement captured attention and made — much to the chagrin of the online advertising service — look old and slow, not smooth and fast like those mythical US Navy Seals of technology. Google dropped the inflatable raft and appears to be struggling against a rather weak rip tide.

What Microsoft did at Build with its semi-wonky and largely unsupported AI PC announcement was marketing. The Apple essay ignores the interest in a new type of PC form factor that includes the allegedly magical smart software. Mastery of smart software means work, better grades, efficiency, and a Cybertruck filled with buckets of hog wash.

But that may not matter.

Apple, like Google, finds itself struggling to get its cider press hooked up and producing product. One can criticize the Softies for technology. But I have to admit that Microsoft is reasonably adept at marketing its AI efforts. The angst in the cited article is misdirected. Apple insiders should focus on the Microsoft marketing approach. With its AI messaging, Microsoft has avoided the craziness of the iPad’s squashing creativity.

Will the AI PC work? Probably in an okay way. Has Microsoft’s AI marketing worked? It sure looks like it.

Stephen E Arnold, May 28, 2024

Google Dings MSFT: Marketing Motivated by Opportunism

This essay is the work of a dinobaby. Unlike some folks, no smart software improved my native ineptness.

While not as exciting as Jake Paul versus Mike Tyson, but the dust up is interesting. The developments leading up to this report about Google criticizing Microsoft’s security methods have a bit of history:

1. Microsoft embraced OpenAI, Mistral, and other smart software because regulators are in meetings about regulating
2. Google learned that after tire kicking, Apple found OpenAI (Microsoft’s pal) more suitable to the now innovation challenged iPhone. Google became a wallflower, a cute one, but a wallflower nevertheless
3. Google faces trouble on three fronts: [a] Its own management of technology and its human resources; [b] threats to its online advertising and brokering business; and [c] challenges in cost control. (Employees get fired, and CFOs leave for a reason.)

Google is not a marketing outfit nor is it one that automatically evokes images associated with trust, data privacy, and people sensitivity. Google seized an opportunity to improve Web search. When forced to monetize, the company found inspiration in the online advertising “pay to play” ideas of Yahoo (Overture and GoTo). There was a legal dust up and Google paid up for that Eureka! moment. Then Google rode the demand for matching ads to queries. After 25 years, Google remains dependent on its semi-automated ad business. Now that business must be supplemented with enterprise cloud revenue.

Two white collar victims of legal witch hunts discuss “trust”. Good enough, MSFT Copilot.

How does the company market while the Red Alert klaxon blares into the cubicles, Google Meet sessions, and the Foosball game areas.?

The information in “Google Attacks Microsoft Cyber Failures in Effort to Steal Customers.” I wonder if Foundem and the French taxation authority might find the Google bandying about the word “steal”? I don’t know the answer to this question. The title indicates that Microsoft’s security woes, recently publicized by the US government, provide a marketing opportunity.

The article reports Google’s grand idea this way:

Government agencies that switch 500 or more users to Google Workspace Enterprise Plus for three years will get one year free and be eligible for a “significant discount” for the rest of the contract, said Andy Wen, the senior director of product management for Workspace. The Alphabet Inc. division is offering 18 months free to corporate customers that sign a three-year contract, a hefty discount after that and incident response services from Google’s Mandiant security business. All customers will receive free consulting services to help them make the switch.

The idea that Google is marketing is an interesting one. Like Telegram, Google has not been a long-time advocate of Madison Avenue advertising, marketing, and salesmanship. I was once retained by a US government agency to make a phone call to one of my “interaction points” at Google so that the director of the agency could ask a question about the quite pricey row of yellow Google Search Appliances. I made the call and obtained the required information. I also got paid. That’s some marketing in my opinion. An old person from rural Kentucky intermediating between a senior government official and a manager in one of Google’s mind boggling puzzle palace.

I want to point out that Google’s assertions about security may be overstated. One recent example is the Register’s report “Google Cloud Shows It Can Break Things for Lots of Customers – Not Just One at a Time.” Is this a security issue? My hunch is that whenever something breaks, security becomes an issue. Why? Rushed fixes may introduce additional vulnerabilities on top of the “good enough” engineering approach implemented by many high-flying, boastful, high-technology outfits. The Register says:

In the week after its astounding deletion of Australian pension fund UniSuper’s entire account, you might think Google Cloud would be on its very best behavior. Nope.

So what? When one operates at Google scale, the “what” is little more than users of 33 Google Cloud services were needful of some of that YouTube TV Zen moment stuff.

My reaction is that these giant outfits which are making clear that single points of failure are the norm in today’s online environment may not do the “fail over” or “graceful recovery” processes with the elegance of Mikhail Baryshnikov’s tuning point solo move. Google is obviously still struggling with the after effects of Microsoft’s OpenAI announcement and the flops like the Sundar & Prabhakar Comedy Show in Paris and the “smart software” producing images orthogonal to historical fact.

Online advertising expertise may not correlate with marketing finesse.

Stephen E Arnold, May 21, 2024

Germany Has Had It with Some Microsoft Products

This essay is the work of a dinobaby. Unlike some folks, no smart software improved my native ineptness.

Can Schleswig-Holstein succeed where Munich and Lower Saxony failed? Those two German states tried switching their official IT systems from Microsoft to open source software but were forced to reverse course. Emboldened by Microsoft’s shove to adopt Windows 11 and Office 365, informed by its neighbors’ defeats, and armed with three years of planning, Germany’s northernmost state is forging ahead. The Register frames the initiative as an epic battle in, “Open Source Versus Microsoft: The New Rebellion Begins.”

With cries of “Digital Sovereignty,” Schleswig-Holstein shakes its fist at its corporate overlord. Beginning with the aptly named LibreOffice suite, these IT warriors plan to replace Microsoft products top to bottom with open source alternatives. Writer Rupert Goodwins notes open source software has improved since Munich and Lower Saxony were forced to retreat, but will that be enough? He considers:

“Microsoft has a lot of cards to play here. Schleswig-Holstein will have to maintain compatibility with Windows within its own borders, with the German federation, with Europe, and the rest of the world. If a change to Windows happens to break that compatibility, guess who picks up the pain and the bills. Microsoft wouldn’t dream of doing that deliberately, no matter how high the stakes, yet these things happen. Freedom to innovate, don’t you know. If in five years the transition is a success, the benefits to the state, the people, and open source will be immeasurable. As well as bringing data protection back to those charged with providing it, it will give European laws new teeth. It will increase expertise, funding, and opportunities for open source. Schleswig-Holstein itself will become a new hub of technical excellence in an area that intensely interests the rest of the world, in public and private organizations. Microsoft cannot afford to let this happen. Schleswig-Holstein cannot back down, now it’s made it a battle for independence.”

See the write-up for more warfare language as well as Goodwins’ likening of user agreements to the classic suzerain-vassal relationship. Will Schleswig-Holstein emerge victorious, or will mighty Microsoft prevail? Governments depend on Microsoft. The US is now putting pressure on the Softies to do something more than making Windows 11 more annoying and creating a Six Flags Over Cyber Crime with their security methods. Will anything change? Nah.

Cynthia Murrell, May 22, 2024

Microsoft and Its Customers: Out of Phase, Orthogonal, and Confused

This essay is the work of a dinobaby. Unlike some folks, no smart software improved my native ineptness.

I am writing this post using something called Open LiveWriter. I switched when Microsoft updated our Windows machines and killed printing, a mouse linked via a KVM, and the 2012 version of its blog word processing software. I use a number of software products, and I keep old programs in order to compare them to modern options available to a user. The operative point is that a Windows update rendered the 2012 version of LiveWriter lost in the wonderland of Windows’ Byzantine code.

A young leader of an important project does not want to hear too much from her followers. In fact, she wishes they would shut up and get with the program. Thank, MSFT Copilot. How’s the Job One of security coming today?

There are reports, which I am not sure I believe, that Windows 11 is a modern version of Windows Vista. The idea is that users are switching to Windows 10. Well, maybe. But the point is that users are not happy with Microsoft’s alleged changes to Windows; for instance:

1. Notifications (advertising) in the Windows 11 start menu
2. Alleged telemetry which provides a stream of user action and activity data to Microsoft for analysis (maybe marketing purposes?)
3. Gratuitous interface changes which range from moving control items from a control panel to a settings panel to fiddling with task manager
4. Wonky updates like the printer issue, driver wonkiness, and smart help which usually returns nothing of much help.

I read “This Third-Party App Blocks Integrated Windows 11 Advertising.” You can read the original article  to track down this customization tool. My hunch is that its functions will be intentionally blocked by some bonus centric Softie or a change to the basic Windows 11 control panel will cause the software to perform like LiveWriter 2012.

I want to focus on a comment to the cited article written by seeprime:

Microsoft has seriously degraded File Explorer over the years. They should stop prolonging the Gates culture of rewarding software development, of new and shiny things, at the expense of fixing what’s not working optimally.

Now that security, not AI and not Windows 11, are the top priority at Microsoft, will the company remediate the grouses users have about the product? My answer is, “No.” Here’s why:

1. Fixing, as seeprime, suggests is less important that coming up with some that seems “new.” The approach is dangerous because the “new” thing may be developed by someone uninformed about the hidden dependencies within what is code as convoluted as Google’s search plumbing. “New” just breaks the old or the change is something that seems “new” to an intern or an older Softie who just does not care. Good enough is the high bar to clear.
2. Details are not Microsoft’s core competency. Indeed, unlike Google, Microsoft has many revenue streams, and the attention goes to cooking up new big-money services like a version of Copilot which is not exposed to the Internet for its government customers. The cloud, not Windows, is the future.
3. Microsoft whether it knows it or not is on the path to virtualize desktop and mobile software. The idea means that Microsoft does not have to put up with developers who make changes Microsoft does not want to work. Putting Windows in the cloud might give Microsoft the total control it desires.
4. Windows is a security challenge. The thinking may be: “Let’s put Windows in the cloud and lock down security, updates, domain look ups, etc. I would suggest that creating one giant target might introduce some new challenges to the Softie vision.

Speculation aside, Microsoft may be at a point when users become increasingly unhappy. The mobile model, virtualization, and smart interfaces might create tasty options for users in the near future. Microsoft cannot make up its mind about AI. It has the OpenAI deal; it has the Mistral deal; it has its own internal development; and it has Inflection and probably others I don’t know about.

Microsoft cannot make up its mind. Now Microsoft is doing an about face and saying, “Security is Job One.” But there’s the need to make the Azure Cloud grow. Okay, okay, which is it? The answer, I think, is, “We want to do it all. We want everything.”

This might be difficult. Users might just pile up and remain out of phase, orthogonal, and confused. Perhaps I could add angry? Just like LiveWriter: Tossed into the bit trash can.

Stephen E Arnold, May 9. 2024

Microsoft Security Messaging: Which Is What?

This essay is the work of a dinobaby. Unlike some folks, no smart software improved my native ineptness.

I am a dinobaby. I am easily confused. I read two “real” news items and came away confused. The first story is “Microsoft Overhaul Treats Security As Top Priority after a Series of Failures.” The subtitle is interesting too because it links “security” to monetary compensation. That’s an incentive, but why isn’t security just part of work at an alleged monopoly’s products and services? I surmise the answer is, “Because security costs money, a lot of money.” That article asserts:

After a scathing report from the US Cyber Safety Review Board recently concluded that “Microsoft’s security culture was inadequate and requires an overhaul,” it’s doing just that by outlining a set of security principles and goals that are tied to compensation packages for Microsoft’s senior leadership team.

Okay. But security emerges from basic engineering decisions; for instance, does a developer spend time figuring out and resolving security when dependencies are unknown or documented only by a grousing user in a comment posted on a technical forum? Or, does the developer include a new feature and moves on to the next task, assuming that someone else or an automated process will make sure everything works without opening the door to the curious bad actor? I think that Microsoft assumes it deploys secure systems and that its customers have the responsibility to ensure their systems’ security.

The cyber racoons found the secure picnic basket was easily opened. The well-fed, previously content humans seem dismayed that their goodies were stolen. Thanks, MSFT Copilot. Definitely good enough.

The write up adds that Microsoft has three security principles and six security pillars. I won’t list these because the words chosen strike me like those produced by a lawyer, an MBA, and a large language model. Remember. I am a dinobaby. Six plus three is nine things. Some car executive said a long time ago, “Two objectives is no objective.” I would add nine generalizations are not a culture of security. Nine is like Microsoft Word features. No one can keep track of them because most users use Word to produce Words. The other stuff is usually confusing, in the way, or presented in a way that finding a specific feature is an exercise in frustration. Is Word secure? Sure, just download some nifty documents from a frisky Telegram group or the Dark Web.

The write up concludes with a weird statement. Let me quote it:

I reported last month that inside Microsoft there is concern that the recent security attacks could seriously undermine trust in the company. “Ultimately, Microsoft runs on trust and this trust must be earned and maintained,” says Bell. “As a global provider of software, infrastructure and cloud services, we feel a deep responsibility to do our part to keep the world safe and secure. Our promise is to continually improve and adapt to the evolving needs of cybersecurity. This is job #1 for us.”

First, there is the notion of trust. Perhaps Edge’s persistence and advertising in the start menu, SolarWinds, and the legions of Chinese and Russian bad actors undermine whatever trust exists. Most users are clueless about security issues baked into certain systems. They assume; they don’t trust. Cyber security professionals buy third party security solutions like shopping at a grocery store. Big companies’ senior executive don’t understand why the problem exists. Lawyers and accountants understand many things. Digital security is often not a core competency. “Let the cloud handle it,” sounds pretty good when the fourth IT manager or the third security officer quit this year.

Now the second write up. “Microsoft’s Responsible AI Chief Worries about the Open Web.” First, recall that Microsoft owns GitHub, a very convenient source for individuals looking to perform interesting tasks. Some are good tasks like snagging a script to perform a specific function for a church’s database. Other software does interesting things in order to help a user shore up security. Rapid 7 metasploit-framework is an interesting example. Almost anyone can find quite a bit of useful software on GitHub. When I lectured in a central European country’s main technical university, the students were familiar with GitHub. Oh, boy, were they.

In this second write up I learned that Microsoft has released a 39 page “report” which looks a lot like a PowerPoint presentation created by a blue-chip consulting firm. You can download the document at this link, at least you could as of May 6, 2024. “Security” appears 78 times in the document. There are “security reviews.” There is “cybersecurity development” and a reference to something called “Our Aether Security Engineering Guidance.” There is “red teaming” for biosecurity and cybersecurity. There is security in Azure AI. There are security reviews. There is the use of Copilot for security. There is something called PyRIT which “enables security professionals and machine learning engineers to proactively find risks in their generative applications.” There is partnering with MITRE for security guidance. And there are four footnotes to the document about security.

What strikes me is that security is definitely a popular concept in the document. But the principles and pillars apparently require AI context. As I worked through the PowerPoint, I formed the opinion that a committee worked with a small group of wordsmiths and crafted a rather elaborate word salad about going all in with Microsoft AI. Then the group added “security” the way my mother would chop up a red pepper and put it in a salad for color.

I want to offer several observations:

1. Both documents suggest to me that Microsoft is now pushing “security” as Job One, a slogan used by the Ford Motor Co. (How are those Fords fairing in the reliability ratings?) Saying words and doing are two different things.
2. The rhetoric of the two documents remind me of Gertrude’s statement, “The lady doth protest too much, methinks.” (Hamlet? Remember?)
3. The US government, most large organizations, and many individuals “assume” that Microsoft has taken security seriously for decades. The jargon-and-blather PowerPoint make clear that Microsoft is trying to find a nice way to say, “We are saying we will do better already. Just listen, people.”

Net net: Bandying about the word trust or the word security puts everyone on notice that Microsoft knows it has a security problem. But the key point is that bad actors know it, exploit the security issues, and believe that Microsoft software and services will be a reliable source of opportunity of mischief. Ransomware? Absolutely. Exposed data? You bet your life. Free hacking tools? Let’s go. Does Microsoft have a security problem? The word form is incorrect. Does Microsoft have security problems? You know the answer. Aether.

Stephen E Arnold, May 6, 2024

Microsoft: Security Debt and a Cooked Goose

This essay is the work of a dinobaby. Unlike some folks, no smart software improved my native ineptness.

Microsoft has a deputy security officer. Who is it? For reasons of security, I don’t know. What I do know is that our test VPNs no longer work. That’s a good way to enforce reduced security: Just break Windows 11. (Oh, the pushed messages work just fine.)

Is Microsoft’s security goose cooked? Thanks, MSFT Copilot. Keep following your security recipe.

I read “At Microsoft, Years of Security Debt Come Crashing Down.” The idea is that technical debt has little hidden chambers, in this case, security debt. The write up says:

…negligence, misguided investments and hubris have left the enterprise giant on its back foot.

How has Microsoft responded? Great financial report and this type of news:

… in early April, the federal Cyber Safety Review Board released a long-anticipated report which showed the company failed to prevent a massive 2023 hack of its Microsoft Exchange Online environment. The hack by a People’s Republic of China-linked espionage actor led to the theft of 60,000 State Department emails and gained access to other high-profile officials.

Bad? Not as bad as this reminder that there are some concerning issues

What is interesting is that big outfits, government agencies, and start ups just use Windows. It’s ubiquitous, relatively cheap, and good enough. Apple’s software is fine, but it is different. Linux has its fans, but it is work. Therefore, hello Windows and Microsoft.

The article states:

Just weeks ago, the Cybersecurity and Infrastructure Security Agency issued an emergency directive, which orders federal civilian agencies to mitigate vulnerabilities in their networks, analyze the content of stolen emails, reset credentials and take additional steps to secure Microsoft Azure accounts.

The problem is that Microsoft has been successful in becoming for many government and commercial entities the only game in town. This warrants several observations:

1. The Microsoft software ecosystem may be impossible to secure due to its size and complexity
2. Government entities from America to Zimbabwe find the software “good enough”
3. Security — despite the chit chat — is expensive and often given cursory attention by system architects, programmers, and clients.

The hope is that smart software will identify, mitigate, and choke off the cyber threats. At cyber security conferences, I wonder if the attendees are paying attention to Emily Dickinson (the sporty nun of Amherst), who wrote:

Hope is the thing with feathers
That perches in the soul
And sings the tune without the words
And never stops at all.

My thought is that more than hope may be necessary. Hope in AI is the cute security trick of the day. Instead of a happy bird, we may end up with a cooked goose.

Stephen E Arnold, May 3, 2024

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Fogint
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month February 2025 January 2025 December 2024 November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • Google and Job Security? What a Hoot
  • The Thought Process May Be a Problem: Microsoft and Copilot Fees
  • Microsoft and Bob Think for Bing
  • Another Bad Apple? Is It This Shipment or a Degraded Orchard?
  • A Failure Retrospective

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org