Elastic: Making Improvements

August 27, 2020

Elasticsearch is one of the most popular open-source enterprise search platforms. While Elasticsearch is free for developers to download, Elastic offers subscriptions for customer support and enhanced software. Now the company offers some new capabilities and features, HostReview reveals in, “Elastic Announces a Single, Unified Agent and New Integrations to Bring Speed, Scale, and Simplicity to Users Everywhere.” The press release tells us:

“With this launch, portions of Elastic Workplace Search, part of the Elastic Enterprise Search solution, have been made available as part of the free Basic distribution tier, enabling organizations to build an intuitive internal search experience without impacting their bottom line. Customers can access additional enterprise features, such as single sign-on capabilities and enhanced support, through a paid subscription tier, or can deploy as a managed service on Elastic Cloud. This launch also marks the first major beta milestone for Elastic in delivering comprehensive endpoint security fully integrated into the Elastic Stack, under a unified agent. This includes malware prevention that is provided under the free distribution tier. Elastic users gain third-party validated malware prevention on-premises or in the cloud, on Windows and macOS systems, centrally managed and enabled with one click.”

The upgrades are available across the company’s enterprise search, observability, and security solutions as well as Elastic Stack and Elastic Cloud. (We noted Elastic’s welcome new emphasis on security last year.) See the write-up for the specific updates and features in each area. Elasticsearch underpins operations in thousands of organizations around the world, including the likes of Microsoft, the Mayo Clinic, NASA, and Wikipedia. Founded in 2012, Elastic is based in Silicon Valley. They also happen to be hiring for many locations as of this writing, with quite a few remote (“distributed”) positions available.

Cynthia Murrell, August 27, 2020

Twitch: Semantic Search Stream to Lure Gamers, Trolls, and Gals?

July 31, 2020

Amazon Twitch may be more versatile than providing the young at heart with hours of sophisticated content. There are electronic games, trolls (lots of trolls armed with weird icons), and what appear to be females.

Now Twitch will be moving along the content spectrum with the addition of a stream about semgrep. If you are not on a first name basis, semgrep is a semantic search thing. You can join in for free, no waiting rooms, and no big technical hurdles. I suppose one could create a lecture about semantic methods in TikTok 30-second videos which might be a first for the non-invasive, controversial app. Nah, go for Twitch. Skip YouTube and Facebook. Go Bezos bulldozer.

Navigate to https://twitch.tv and go to the jeanqasaur stream. The time on July 31, 2020? The show begins at 4 pm US Eastern time.

The program is definitely perceived by some as super important. A motivated semantic wizard posted a message on the TweetedTimes.com semantic page. Here’s what the message looks like:


DarkCyber’s suggestions:

  • Do not become distracted by Raj recruiting, Bad Bunny, or Celestial Fitness. Keep your eye on the grep as it were.
  • Sign up because Amazon wants you to be part of the family. Prime members may receive extra Bezos bucks somewhere down the line
  • Exercise good grammar, be respectful, and keep your clothes on. Twitch banned SweetSaltyPeach who reinvented herself as RachelKay, Web developer, fashion model, and gamer icon. You may have to reincarnate yourself too.
  • Avoid the lure of Animal Crossing Arabia II.

Stephen E Arnold, July 31, 2020

Messaging: Pushing the Envelope

July 31, 2020

In my lectures for the 2020 National Cyber Crime Conference, I discussed messaging as a rapidly evolving mechanism. Simple text has morphed into a viable alternative to a traditional Dark Web site. Via encrypted messaging services, individuals can join groups, locate products and services, and pay for them often with bitcoin or other digital currency. Although it is possible to compromise encrypted messages, the volume poses a significant problem for law enforcement. I pointed out that the developers of Telegram reached an agreement with Russia in order to prevent their messaging service from being blocked.

Another messaging service warrants some attention. The service is called Element. Element was formerly known as Riot and Vector, according to some individuals. The system is based on Matrix; that is, an open source protocol for real time communication. Element, like other modern messaging systems, encrypts data.

In an email from an individual who wishes to remain anonymous, the Element messaging service can interact with with other services, including the aforementioned Telegram. Is Element an alternative to Slack and similar programs like Microsoft Teams?

The answer is, “Could be.”

Slack and Teams are widely known and engaged in what may become an interesting legal tussle. Facebook, however, continues to push toward a unified messaging platform, offering features that make finding, buying, selling, and communicating a mostly one click process.

Element has the potential to become an open source alternative to encrypted messaging solutions from vendors like Facebook and Telegram.

In light of the capabilities of the US National Security Agency and the continuing efforts of the European Union to force providers to allow instream decryption, the resolution is likely to be political.

Until users of encrypted messaging services demand government respect for privacy, which is a Fourth Amendment issue in the US, governments will continue to pressure and possibly resort to what some may characterize as blackmail. The pressure may be unconstitutional in some countries and unwarranted in others.

Encrypted messaging has become the “new” Dark Web if the DarkCyber research team’s analysis is accurate. The issue is yet another one to add to the pile of contentious services for ubiquitous mobile devices.

For more information about the chat service, navigate to the Element information page.

Stephen E Arnold, July 31, 2020

Funding Open Source: Saddle Up, Don Quixotes

July 30, 2020

I read “A New Funding Model for Open Source Software.” The main idea is that the current approach to financial “support” of open source software is broken. I agree, particularly if one looks at the problem from the developer or developers in the “community.”

The fix, according to the write  up, is “sponsor pools.” Here are the details:

Every month, you donate some amount into a “wallet”. Your funds are then distributed to the projects in your “sponsor pool”. Your sponsor pool is just the set of open-source projects you want to support. Adding new projects to your pool should require one click — as easy as starring the repo on GitHub. That’s it. It’s hardly ingenious, which is why it’s surprising that no major player in OSS has implemented it for facilitating open source donations.

The comments to the post at this link are interesting and raise a number of points, both pro and con.

I noticed that none of the comments pointed out that open source has become the hunting ground for certain large technology companies. Github is owned by Microsoft; Amazon is ferrying open source code into its proprietary AWS walled garden; Google is “contributing to the community” and then using the community as a recruiting supply line. Other techniques are in play as well.

Also, open source is more attractive to large established companies. These firms have the staff and financial resources to make chunks of open source play nicely together. The goal is to eliminate dependence on proprietary solutions, restrictive license agreements, and those necessary maintenance and engineering services deals. Smaller outfits often find Microsoft a convenient way to solve a database problem. Why? It’s available and semi-reliable. Keep in mind that Microsoft bought Github for control and revenue opportunities.

Finally, a number of the comments suggest, “Let Github do it.” Yeah, I really think Microsoft has open source software love as a business motivation. But that’s just my view.

My view is that open source, like other nifty things associated with the “old days” of the Internet may be facing some challenges and not just from Rona.

Stephen E Arnold, July 30, 2020

Linux Developer Is Unhappy with Amazon

June 17, 2020

Who doesn’t love Amazon? Maybe the person credited with developing Linux? That would be Linus Torvalds, developer of note.

No one pays attention to insults on the Internet unless someone with clout says them. The IT community definitely paid attention to the head of the Linux kernelLinus Torvalds when he said, “Linus Torvalds Rejects ‘Beyond Stupid’ AWS-Made Linux Patch For Intel CPU Snoop Attack” reports ZDNet.

In early 2020, Snoop launched attacks on Intel andCore CPUs and AWS discovered it. The attack causes CPUs to leak data from its L1D cache via bus snooping—a cache-updating operation that happens when the L1D modifies data. AWS developed a patch for the Linux kernel that would allow applications to opt in to flush the L1D cache when a task is switched out. Torvalds thinks the patch would degrade performance in other applications. Torvalds said:

“ ‘Because it looks to me like this basically exports cache flushing instructions to user space, and gives processes a way to just say ‘slow down anybody else I schedule with too’…‘In other words, from what I can tell, this takes the crazy ‘Intel ships buggy CPU’s and it causes problems for virtualization’ code (which I didn’t much care about), and turns it into ‘anybody can opt in to this disease, and now it affects even people and CPU’s that don’t need it and configurations where it’s completely pointless’.

‘I don’t want some application to go ‘Oh, I’m _soo_ special and pretty and such a delicate flower, that I want to flush the L1D on every task switch, regardless of what CPU I am on, and regardless of whether there are errata or not. Because that app isn’t just slowing down itself, it’s slowing down others too.’’

Torvalds also think the patch is crazy because a hack could inhabit another core within the CPU and attack the L1 cache before its flushed. Another fun word he used was pseudo-security.

Usually “pseudo” is reserved for science, but this works too.

Whitney Grace, June 17, 2020

Degoogling: Yes, It Is a Thing

June 8, 2020

Can free and open source software “degoogle”? Probably not easily or quickly. Nevertheless Reddit user TheEvilSkely wants to try. You can dig through the details, explore the GitHub information, and follow the links at this link. The challenge is that most of the whippersnappers are just okay with the Google. Like Amazon, the service is just wonderful. Why make a change if everything is A-Okay?

News flash: Open source is not just tangled with Googzilla’s feathers (dinosaurs, according to modern research by thumbtypers, had feathers, bright ones too). The Redmond contingent is into open source. Imagine Linux in the really easy to update Windows environment. Amazon is driving its Bezos bulldozer through the thicket of new growth saplings like Elastic as I type this post. If you listen closely, you can hear the bulldozer shift into a lower gear to push annoying old growth software into the dirt. One doesn’t need to have an oracle to understand the earth moving concept.

Open source is a target for these reasons:

  • Community software lowers certain coding costs and has enough bugs to make proprietary fixes a money maker
  • Young developers learn open sourcey ways in college and arrive ready to earn and burn in their virtual frat and sorority duds when they become WFHers and on prem contractors
  • Big companies love open source because they can devote resources to tweaking the software and have enough money to pay legions of certified advisers help out, license open source optimized cloud environments, and pay for proprietary widgets that don’t change the “no handcuffs” idea of non proprietary plumbing.

Worth monitoring, of course.

Stephen E Arnold, June 8, 2020

Oracle: We Do Open Source Just Like Amazon, Google, and Microsoft… Mostly

May 27, 2020

Silicon Angle published the PR-ish “Oracle’s Open Source Alter Ego Behind Some of Its Most Popular Products.” Oracle is creeping up to the half century mark. In Internet years or dog years, Oracle has been around so long that it is like comfortable shoes. The shine may be gone, but, by golly, those slippers work well indoors.

Oracle has its fans, and it has some detractors. Among its fans are the procurement officials in the US government who keep on renewing those contracts for the company’s flagship database. Among its detractors are some Googlers, licensees who struggle with integrating some of the company’s products into zippy new environments like NoSQL, and firms offering unauthorized Oracle training.

None of these considerations sully the Oracle open source article. We learn:

Oracle’s paid products and services are actually loaded with ingredients from open-source communities, including Linux, to which it is also a contributor. This circular ecosystem of contributing and borrowing back enables some of the versatility and cross-environment compatibility in the company’s latest database and hybrid-cloud offerings.

Why is Oracle into open source? Why are Amazon, Google, Microsoft, and other commercial proprietary software vendors embracing open source? DarkCyber finds this statement in the article interesting:

The use of Linux across Oracle’s portfolio, and as the underlying OS for its products and services, enhances end users’ experience.

The article includes a testimonial from the Oracle wizard of open source, who says:

When its contributions improve both the larger Linux community and its own products, a circular flow of innovation develops that helps everyone that uses Linux, according to Coekaerts. “It’s not so much about making my own world better and having Linux be better and Ksplice and so forth, which is important, but that becoming part of the bigger picture — that’s the exciting part.” — Wim Coekaerts, senior vice president of software development at Oracle Corp.

DarkCyber was under the obviously false impression that proprietary software vendors were embracing open source for these reasons:

  1. Shift some development costs to the community
  2. Link proprietary systems and methods to open source to provide a runway to commercial licenses
  3. Prevent other companies from capturing open source technologies and preventing others from using those technologies
  4. Respond to enterprise customers who view open source as a way to avoid the handcuffs of proprietary software by implementing a “wolf in sheep’s clothing” strategy
  5. Gain insight into individuals who might be good hires.

Obviously DarkCyber was incorrect. We acknowledge our error.

Stephen E Arnold, May 27, 2020

What Happens When MBAs Embrace Open Source?

February 24, 2020

Paul Stovell, founder of the open source product-deployment platform Octopus Deploy, explains in a blog post, “Why We Terminated Our Partnership with Microsoft—Re: Next Decade of Open Source.” Microsoft tends to adopt ideas from other projects and incorporate them into its behemoth software ecosystem. Not surprisingly, it does not make the effort to inform consumers where their ideas came from. In fact, such developments tend to eclipse the original product. We’re told:

“There’s a saying in business that if you want to displace a competitor, you need to build a product that’s at least 10x better. It’s not enough to be ‘just as good’. Customers will say ‘why should I use you, we’ve been successful with ‘. You need a really good reason to overcome that. However, in the .NET ecosystem, if you’re Microsoft, that’s not generally true. If Microsoft wants to make a document database, a messaging framework, a unit test framework or a deployment automation tool, it only needs to be 1/10th as good before the conversation immediately becomes ‘why should we use you over the Microsoft thing?’ Microsoft become the default option, even if they’re the last to the game.”

The post notes some ways Microsoft could play more fairly, but also describes why they are unlikely to do so. Octopus Deploy had maintained a healthy working relationship with Microsoft’s Azure team—until Azure Pipelines came out looking remarkably similar to Octopus. It was bundled with Visual Studio and promoted heavily. Stovell writes:

“We suddenly found ourselves competing with a product from Microsoft that looked similar, that was being given away (perception, at least), that was integrated with VS, and that was being pushed in every Azure keynote. Overnight it became the default. We were exhibiting at Build 2016 at the time much of this was announced, and I remember people coming to our booth asking ‘so why should we use you over the Microsoft thing?’. The ‘Microsoft thing’ was announced only 5 minutes prior!”

Is this the future of open source—is it doomed to be co-opted by companies? Maybe it is too late?

Cynthia Murrell, February 24, 2020

Amazon and Open Source: A Wee Bit Sensitive

January 31, 2020

Amazon Web Services (AWS) is one of the nation’s leading cloud computing services and its dominance increases every day. Computer Weekly commented on how AWS might be taking advantage of open source technology in the article, “AWS Hits Back At Open Source Theft Allegations.” Throughout 2019, AWS undermined open source software companies by “stealing” the free version of their software, then hosting it on their cloud computing service.

The actuations were so bad that The New York Times picked up the story and stated that in 2015 AWS integrated Elasticsearch from Elastic into their offerings, now Elastic and AWS are now rivals for customers. MongoDB and Redis have had to alter their open source software and licensed software so their customers know the difference. For example, the free version of MongoDB is integrated into AWS, but the licensed version is not, so it lacks certain features.

AWS responded with:

“In October 2018, Eliot Horowitz, chief technology officer and founder of MongoDB, changed the open source licensing used for MongoDB to reflect the risk of the company’s service revenue being gobbled up by public cloud providers. In response, AWS introduced a MongoDB-compatible service, DocumentDB, in January 2019.”

While open source technology is free, developers behind such offerings usually offer a licensed version with more bells and whistles. These include customer support, free upgrades, patches, and specific features.

AWS is strip mining the open source technology’s source code, then reconfiguring it their services. AWS Vice President of Analytics and ElastiCache states that AWS is only responding to their clients’ demands and their clients want open source software in AWS. He also said that AWS does give back to the open source community:

“AWS contributes mightily to open source projects such as Linux, Java, Kubernetes, Xen, KVM, Chromium, Robot Operating System, Apache Lucene, Redis, s2n, FreeRTOS, AWS Amplify, Apache MXNet, AWS SageMaker NEO, Firecracker, the OpenJDK with Corretto, Elasticsearch, and Open Distro for Elasticsearch. AWS has not copied anybody’s software or services.”

Many of the projects aim to make it easier for developers to build on top of AWS services. SageMaker is its machine learning cloud service; Greengrass extends the AWS cloud to the internet of things (IoT) edge and Firecracker is its kernel virtual machine. However, the s2n project is an open source implementation of the TLS encryption protocol, which AWS made publicly available under the terms of the Apache Software License 2.0.”

While AWS might be a singular provider for multiple services and products, organizations do not want to be locked into one supplier.

Whitney Grace, January 31, 2020

A Call for Openness in Search

January 24, 2020

DarkCyber understands that if one cannot “find” something, that something does not exist for most people who look for the “something.” This is not a statement from Grasshopper or a tablet unearthed outside of Athens. Finding is required in order to do work or — as a matter of fact — anything in a digital environment.

Opening Up Search Is an Ethical Imperative” presents an argument for opening up search. “Opening up” appears to mean that Google’s grip on ad supported search and retrieval is broken. The write up states:

This is a shocking state of affairs given search’s ubiquitous impact on human well-being. And no I don’t think I’m overreaching. Search might mean a doctor diagnosing a patient with tricky symptoms. Bad search results might have life or death consequences. E-Commerce isn’t about buying pointless frivolities. It’s increasingly society’s economic glue. We no longer call on someone in sales to describe our needs verbally. Instead we request via the e-commerce search bar. Add job search, dating search, enterprise search, food delivery, grocery, legal, real estate, and so on, and you get a picture where search is indeed eating the world. What human activity will exist that won’t involve a search bar?

The statement is accurate. In the context of the article, search also means looking for information on a public facing Web site, not just locating a pizza restaurant or checking the weather. Here’s another statement we noted:

As users are reaching more-and-more for search, supporting the community collectively helps ensure positive outcomes for society as a whole. We’ll collectively help doctors find the right diagnosis for a suffering patient; support a purchasing agent find the right parts for an airplane they’re manufacturing; uplift lawyers seeking to hold the powerful accountable by helping them find solid legal precedent for their arguments.

Again, an accurate observation.

The article includes a list of suggestions for companies and others; for example, Do open source correctly and create search talent.

Several observations:

  • For most people, including those in organizations, search occurs on mobile devices. Either form factor or the location in which the user runs the search is not conducive to the “library style” of information retrieval and review. The habituation to mobile and on the fly searching is going to be difficult to change. As my eighth grade teacher said, “Habits are like a soft bed: Easy to get into and hard to get out of.” Her grammar may have been questionable, but her comment applies to search today.
  • You can learn more about the “open everything” initiative in the DarkCyber video news program which will become available on January 28, 2020. A former CIA professional reveals his commitment to “open everything.” The remarks may spark some fresh thinking.
  • The introduction of the word “ethical” into the article raises some interesting questions; namely, “In today’s environment, what does ‘ethical’ mean? This is a surprisingly difficult word to define across contexts.

To sum up:

  • There are different search and retrieval systems. Some are ignored like Qwant; others are misunderstood because they are metasearch systems; still others are proprietary systems swathed in buzzwords like artificial intelligence and machine learning; and even more are “sort of” open source like Amazon’s search system which was influenced by defectors from Lucid Imagination, now LucidWorks. Plus there are other variations. Search remains confusing and tangled in the shoe laces of worn out sneakers.
  • The dominance of Google means that Google is in charge of presenting information to people using computing devices. The market penetration in some countries is over 95 percent which is the reason that most estimates of search share beat the drum for marginal players like Bing, Qwant, and DuckDuckGo. The thinking is, “A percent or two of share means some money. But the money is not Google scale.”
  • Google is not about to change unless the search business is regulated, Google implodes which is possible but not in the next year or two, or billions of people change their “habits.”

Advertisers go where the eyeballs are. Money can alter the meaning of ethics. And that money issue may be the reason Web sites are not indexed comprehensively, US government Web sites are indexed infrequently and superficially, and why Google ignores certain types of content.

Stephen E Arnold, January 24, 2020


Next Page »

  • Archives

  • Recent Posts

  • Meta