Spies, Intelligence, and Publisher Motives
December 31, 2019
We are getting close to a new decade. This morning DarkCyber’s newsfeed contained two stories. These were different from the Year in Review and the What’s Ahead write ups that clog the info pipes as a year twists in the wind.
Even more interesting is the fact that the stories come from sources usually associated with recycled news releases and topics about innovations in look alike mobile phones, the antics of the Silicon Valley wizards, and gadgets rivaling the Popeil Pocket Fisherman in usefulness.
The first story is about Microsoft cracking down on a nation state which appears to have a desire to compromise US interests. “Microsoft Takes Down 50 Domains Operated by North Korean Hackers” states that:
Microsoft takes control of 50 domains operated by Thallium (APT37), a North Korean cyber-espionage group.
The write up added:
The domains were used to send phishing emails and host phishing pages. Thallium hackers would lure victims on these sites, steal their credentials, and then gain access to internal networks, from where they’d escalate their attacks even further.
DarkCyber finds this interesting. Specialist firms in the US and Israel pay attention to certain types of online activity. Now the outfit that brings the wonky Windows 10 updates and the hugely complex Azure cloud construct is taking action, with the blessing of a court. Prudent is Microsoft.
The second write up is “‘Shattered’: Inside the Secret Battle to Save America’s Undercover Spies in the Digital Age.” The write up appears to be the original work of Yahoo, a unit of Verizon. The article explains a breach and notes:
Whether the U.S. intelligence agencies will be able to make these radical changes is unclear, but without a fundamental transformation, officials warn, the nation faces an unprecedented crisis in its ability to collect human intelligence. While some believe that a return to tried and true tradecraft will be sufficient to protect undercover officers, others fear the business of human spying is in mortal peril and that the crisis will ultimately force the U.S. intelligence community to rethink its entire enterprise.
Note that the Yahoo original news story runs about 6,000 words. Buy a hot chocolate, grab a bagel, and chill as you work through the compilation of government efforts to deal with security, bad actors, bureaucratic procedures, and assorted dangers, clear, unclear, present, and missing in action. On the other hand, you can wait for the podcast because the write up seems to have some pot boiler characteristics woven through the “news.”
Read the original stories.
DarkCyber formulated several observations. Here they are:
- Will 2020 be the year of intelligence, cyber crime, and government missteps related to security?
- Why are ZDNet and Yahoo (both outfits with a history of wobbling from news release to news release) getting into what seems to be popularization of topics once ignored. Clicks? Ad dollars? Awards for journalism?
- What will stories like these trigger? One idea is that bad actors may become sufficiently unhappy to respond. Will these responses be a letter to the editor? Maybe. Maybe not. Unintended consequences may await.
This new interest of ZDNet and Yahoo may be a story in itself. Perhaps there is useful information tucked into the Yahoo Groups which Verizon will be removing from public access in a couple of weeks. And what about that Microsoft activity?
Stephen E Arnold, December 31, 2019
Open Source: A Good to Be Exploited?
December 25, 2019
Is Amazon Web Services taking undue advantage of open source software, or is it simply giving its users what they want (or perhaps both)? It seems to be a matter of perspective. ZDNet reports, “AWS Hits Back at Open-Source Software Critics: Claims that AWS is Strip-Mining Open-Source Software is ‘Silly and Off-Base,’ Says Exec.” The defense is in response to a piece (paywalled) in the New York Times in which open-source creators complained the company takes the liberty of freely integrating their work into its profitable platform. Writer Liam Tung specifies:
“According to the New York Times report, several rivals have discussed bringing antitrust complaints against AWS. Bloomberg reported this month that the Federal Trade Commission has asked software companies about AWS. Cloudflare CEO Matthew Prince told the NYT that ‘people are afraid that Amazon’s ambitions are endless’. Cloudflare operates a large content distribution network, which competes with a subsection of AWS.”
We also learn that open-source firms are shifting their licensing terms in response to such cloudy business practices from IBM and others, as well as Amazon. MongoDB’s Server Side Public License is one example. Elastic, maker of Elasticsearch, has also placed limits on how cloud companies may use its software.
AWS VP Andi Gutmans, however, insists this is much ado about nothing. Tung quotes the executive:
“‘The [Times] story is largely talking about open source software projects and companies who’ve tried to build businesses around commercializing that open-source software. These open-source projects enable any company to utilize this software on-premises or in the cloud, and build services around it. AWS customers have repeatedly asked AWS to build managed services around open source,’ Gutmans said. He noted that AWS contributes to open-source projects such as Linux, Java, Kubernetes, Xen, KVM, Chromium, Robot Operating System, Apache Lucene, Redis, s2n, FreeRTOS and Elasticsearch.
“‘A number of maintainers of open-source projects build commercial companies around the open-source project. A small set of outliers see it as a zero-sum game and want to be the only ones able to freely monetize managed services around these open-source projects,’ he added.”
And the remediation process? Lawyers are standing by.
Cynthia Murrell, December 25, 2019
Do Four Peas Make a Useful Digital Pod?
December 24, 2019
The Four P’s of Information
This has the problem with data since at least the turn of this century—Forbes posts a “Reality Check: Still Spending More Time Gathering Instead of Analyzing.” Writer and Keeeb CTO Sid Probstein reminds us:
“Numerous studies of ‘knowledge worker’ productivity have shown that we spend too much time gathering information instead of analyzing it. In 2001, IDC published its venerable white paper, ‘The High Cost of Not Finding Information,’ noting that knowledge workers were spending two and a half hours a day searching for information. Since then, we have seen the rise of the cloud, ubiquitous computing, connectivity and everything else that was science fiction when we were kids becoming a reality — including the imminent emergence of AI. Yet in 2012, a decade after the IDC report, a study conducted by McKinsey found that knowledge workers still spend 19% of their time searching for and gathering information, and a 2018 IDC study found that ‘data professionals are losing 50% of their time every week’ — 30% searching for, governing and preparing data plus 20% duplicating work. Clearly, all the technology advances have not flipped the productivity paradigm; it seems like we still spend more time searching for information that exists rather than analyzing and creating new knowledge.”
Probstein believes much of the problem lies in data silos. There are four subsets of the data silo issue, we’re told, but most proposed solutions fail to address all of them. They are the “four P’s” of information: Public Data (info that is searchable across the World Wide Web), Private Data (information behind login pages or firewalls), Paid Data (like industry research, datasets, and professional information), and Personal Data (our own notes, bookmarks, and saved references). See the article for more about each of these areas. Bridging these silos remains a challenge for knowledge workers, but it seems businesses may be taking the issue more seriously. Will we soon be making better use of all that data? Do four peas make a pod? Not yet.
Cynthia Murrell, December 24, 2019
Microsoft Matches the Amazon AWS Security Certification
December 21, 2019
DarkCyber wants to point out that the JEDI deal has not closed. But one of Microsoft’s weaknesses has been remediated. The news is probably not going to make Amazon’s AWS government professionals smile. In fact, the news could ruin the New Year for the Bezos bulldozer.
Stars and Stripes explained in “With New Pentagon IT Certification, Microsoft Narrows the Cloud Security Gap with Amazon” that:
on December 12 Microsoft became the second company to hold the Pentagon’s highest-level IT security certification, called Impact Level 6, Defense Information Systems Agency spokesman Russ Goemaere told The Washington Post in an email. The temporary certification lasts three months, after which a longer one will be considered, Goemaere said. The news of Microsoft’s certification was reported earlier by the Washington Business Journal. The certification means that, for the first time, Microsoft will be able to store classified data in the cloud. Defense and intelligence agencies typically use air-gapped, local computer networks to store sensitive data rather than the cloud-based systems that most companies now use to harness far-off data centers. Previously, Amazon was the only cloud provider trusted with secret data.
The Grinch may want to contact Amazon customer service and ask for an explanation. DarkCyber is not sure if certification is the same as “real” security, but checklists matter. When billions are at stake, one small item can have significant impact. For more detail, see “How the Grinch Stole Christmas.” The book is just $9.00 on Amazon. The 1957 book is classified as inspirational and religious poetry.
Yep, categories are important too.
Stephen E Arnold, December 22, 2019
Google May Lose the Gaming Wars
December 20, 2019
Gaming used to be a cottage industry, but things have changed to the tune of billions of dollars and the existence of professional gamer as an occupation. Gamers have evolved into sophisticated consumers (arguably) and they are particular about what they play. The industry is dominated by Nintendo, Sony, Microsoft, and Google wants a piece of the action. Slash Gear shares that, “Google Stadia’s Rocky Roll-Out Continues With Free Fame Refunds.”
Gamers are not embracing Google Stadia and reports are streaming in about negative experiences. Two of the Stadia’s first releases was Tomb Raider: Definitive Edition and Farming Simulator 19 for purchase, but then they were released for free with the Stadia Pro membership. Gamers were unhappy with that development and Stadia has offered refunds. New developments in gaming are always rocky:
“Teething problems for any new service, never mind one as ambitious as Stadia, are to be expected. Still, Google’s track record with its cloud gaming platform doesn’t exactly inspire confidence. The company’s inability to keep its earliest-adopters happy is a testament to how not to successfully launch, and its handling of things like Stadia Pro titles also leaves much to be desired.”
Stadia is a great idea in theory, but execution is more complicated. Low latency gaming with HD graphics is not plausible with current technology, but as technology continues to improve it will be.
Reality and real people are different from demonstrations under controlled conditions. The real world includes humans, Microsoft Mixer, Amazon Twitch, and other non lab things.
Whitney Grace, December 20, 2019
Google: We Can Be Avis, National Car Rental or an Off Airport Outfit Too
December 18, 2019
Quite a goal. Google wants to beat Amazon and Microsoft in the cloud. Err, isn’t Google a cloud centric outfit, or at least since it morphed from the cutesy Backrub into the behemoth it is today? What if Google doesn’t think it is a cloud business? Hmm.
The answer, of course, is Googley. Google has waffled a bit. The phones, the home helpers, and the mouse pads. But the company operates “out there”, from data centers in regular buildings to wonky containers which can be towed to a location where power is cheap and skills are hard to come by.
A series of stories is zipping around about Google’s new desire to become the big dog in cloud computing. Just like the PR program featuring Jeff Dean, the Google is starting to realize that it may have more in common with the low rent business of scalping tickets than with high technology outfits changing the way business does business.
That’s an interesting thought because it runs counter to the received wisdom that Google is the font of technology. Like the fountains in Rome, lots of work is needed to keep the fountains spouting water. Tourists don’t see Rome’s plumbing, and for good reasons.
The goal of knocking off Amazon and / or Microsoft (love that lawyer conjunction, don’t you?) will be achieved by 2023. That works out to 24 months. Microsoft’s NT project turned into a death march, and I think this goal is likely to follow the same trajectory.
First, Amazon and Microsoft are not standing still. Good old Microsoft is working overtime to make Azure stable and semi-coherent. How many search engines does one desktop software company need? How many analytics solutions? How many servers? These are questions Microsoft engineers are rushing to answer. The airplane is aloft, and making adjustments to an engine when the plane in in flight can be difficult when it has to operate in a hybrid mode and the ground stations can be crashed by a software update. Cool?
Plus, Amazon is moving along a different trajectory. The company is engaged in a multi front war, and it is less and less a cloud company. That bookstore in Nashville and the undoing of FedEx make clear that not even a mid tier state like Tennessee is exempt from the Bezos bulldozer.
Second, Google has not been particularly adept at sticking with projects over time. Examples range from the social media attempts, to the Alon Halevy semantic tools, and to some as simple as messaging services. The culture of incompleteness is a hurdle. Managers can fiddle with incentives and tweak the hiring processes. But the company is a bit like a flotilla of sailboats generally heading toward port when a bad storm presents itself. Everyone knows where to go, but there may be some delays. Delays when trying to knock off Amazon and Microsoft may not be desirable.
Third, there are lots of other companies which want to be the Avis and National to the Uber business. Oracle, down but not out. IBM, a bit of a clueless geriatric but still capable of surprises like its sales success in India, and dozens upon dozens of other companies.
Net net: The write up “Google Brass Set 2023 as Deadline to Beat Amazon, Microsoft in Cloud” is useful, but it contains one telling statement:
Google shifted headcount growth to its cloud platform sales and engineering teams.
What’s going to be the Google equivalent of Windows 10 updates which don’t work, arrive late, and kill some data? If it is ad systems, Amazon is going to get the best location in the airport to serve rental car customers.
Stephen E Arnold, December 18, 2019
Omni Content: Big CMS Deal? Nope, SOP for OCCP
December 17, 2019
The struggles of content management continue. Like analytics platforms and enterprise search, vendors of certain types of enterprise software have struggled in the last five years.
The reasons are not far to seek:
- CMS, search, and analytics offer silver bullet solutions, but more frequently turn out to be blanks
- Zippier, more CxO grabbing technologies sweep up utility functions. There’s AI, quantum computing, the cloud, and umbrella solutions like Salesforce’s hybrid of sales management, marketing, and content
- Old wine in new bottles works until the corks are popped at a festive occasion. The stylish bottle and label cannot change vinegar back to Bordeaux.
“The Rise of Omni-Channel Content Platforms” is a rebottling effort. I urge you to read it and consider these questions:
- Why is CMS scrambling to be more than software originally designed to generate Web pages going back to the gym, signing up for yoga classes, and buying Pelotons? Answer: CMS does not work very well.
- What content is not included in the omni channel content platforms? Answer: Streaming data, engineering diagrams with attached data sets, and those lovely chemical structures which are much loved by the pharmaceutical industry, to name just three omissions.
- How are the New Age CMS systems dealing with specialized access controls required for some classified projects, legal eDiscovery data, and data regulated by various government entities? Answer: Not very well.
Can CMS vendors and consultants stage a revival? Will the jazz band attract paying customers to classics from the 2000s before Billie Eilish was making When We All Fall Asleep, Where Do We Go?
The frightening, no, terrifying answer, may be, “Yes.” Like enterprise search, CMS stakeholders have more to lose to reinvent themselves. New labels, plastic corks, and high-style bottles are a much easier, cheaper, and simpler solution.
In short, CMS cheerleaders are buying new sweaters and sneakers. Game on.
Stephen E Arnold, December 17, 2019
Azure Is Better at Hybrid Computing Because AWS Is an Orchid
December 12, 2019
There’s an interesting explanation of the DoD’s JEDI award in “Opinion: Microsoft Fairly and Squarely Beat Amazon in $10 Billion Pentagon Cloud Contract.” The reason is:
In 2017, Microsoft designed Azure Stack to meet hybrid cloud computing needs, a distinction from AWS, which was designed for cloud-only computing needs without the flexibility of leveraging on-premise servers. That has led Amazon to chase Microsoft with hybrid-cloud offerings such as AWS Outposts, which launched in November of 2018 — well after the Pentagon bid had been opened. As of the first half of 2019, Microsoft was the only company among the top three cloud providers that has a generally available hybrid cloud. Microsoft’s Windows operating system has run on servers for decades, and it was a natural extension to offer Azure Cloud to run on-premise. Microsoft’s hybrid strategy has resulted in 95% of Fortune 500 companies using Azure today. That is a staggering statistic, which shows the superiority of hybrid cloud compared with traditional cloud computing. As J.B. Hunt, one of Azure’s Fortune 500 customers, said: “Microsoft didn’t ask us to bend to their vision of a cloud.”
Amazon is unlikely to agree. Amazon’s lawyers definitely will view this explanation as insufficiently developed to justify dropping the lawsuit.
The problem is that “one throat to choke” seems like a great idea. But the reality is that there usually are many throats to choke regardless of who is the contract winner.
The idea of a common platform or framework, data harmonization, and smooth access control are easy to talk about.
Reality is a little more chaotic. Read the original write up and decide. Then consider how likely it is that a single individual or a small business has a single throat to choke when something goes wrong. Throat choking is preceded by finger pointing, and none of the technology giants deliver reliability, ease of use, and fantasy land solutions.
Reality. Messy. Azure is a hybrid. AWS is an orchid. Neither is guaranteed a long, healthy existence if the gardener forgets to water the plants, the insects decide to chow down, or a road grader grind ouy a new information highway.
Lawyers? Guaranteed money. Other parties? Not guaranteed much.
Probably not.
Stephen E Arnold, December 12, 2019
Countries Want Technological Backdoors
December 11, 2019
“Think of the children” is usually a weak claim people use to justify questionable actions, but law enforcement officials across the world are protecting children the correct way by teaming together to prevent child exploitation on the Internet. Ars Technica shares the story in the article, “Think Of The Children: FBI Sought Interpol Statement Against End-To-End Crypto.” Law enforcement officials, including the US Department of Justice, want there to be backdoors in technology for warranted search and surveillance.
US Attorney General William Barr and his UK and Australian peers asked Facebook to delay its plan to use end-to-end encrypt for all its company’s messaging tools. The FBI and the Department of Justice are encouraged other international law enforcement organizations to join their plea at the International Criminal Police Organization’s 37th Meeting of the Interpol Specialists Groups Group on Crimes Against Children. Delaying end-to-end encryption would find child sexual exploitation. Interpol has not officially supported the delay plea yet.
“The draft resolution went on to lay responsibility for child exploitation upon the tech industry: ‘The current path towards default end-to-end encryption, with no provision for lawful access, does not allow for the protection of the world’s children from sexual exploitation. Technology providers must act and design their services in a way that protects user privacy, on the one hand, while providing user safety, on the other hand. Failure to allow for Lawful Access on their platforms and products, provides a safe haven to offenders utilizing these to sexually exploit children, and inhibits our global law enforcement efforts to protect children.’”
Barr and his peers want technology experts should to agree with them about backdoors. Facebook and other social media companies already comply by terms in the CLOUD Act, a law to provide law officials with data no matter in the world it is located. Barr claims that if Facebook and other companies do not comply, they are allowing children to be exploited further. Research has shown, however, that encryption has had little effect on impeding law officials.
Facebook and other companies state there is not a backdoor skeleton key to any technology and if they did design one it would put people at risk.
Law enforcement officials have the right mindset, but they are missing the essential purpose of encryption and how a backdoor could be exploited by bad actors, including those who harm children.
Whitney Grace, December 11, 2019
AWS Storage Is Evolving
December 8, 2019
This is not your mom’s Simple Storage Service. An article at SiliconAngle describes how “Amazon’s New Storage Chapter Eyes NFS Support, Integrates from the Top-Down.” Writer Betsy Amy-Vogt explores details revealed at the recent AWS Storage Day event in Boston. She embeds some video coverage by theCUBE, her publication’s live streaming studio; see the write-up to view those excerpts.
Demand for easily accessible online storage is growing thanks to the rise of machine learning and edge computing. AWS is adding features to its S3 Glacier and EBS storage solutions, expanding support for file formats like NFS (Network File System), and beefing up security and management tools. Amy-Vogt writes:
“When a customer chooses to move to the AWS Cloud, Amazon takes care of administration, provisioning and maintenance. ‘You literally click three or four buttons to create a file system, and you no longer have to worry about it ever again,’ [AWS’s Wayne Duso] stated. Amazon also promises to maintain data in a secure environment. ‘Security is job number one for us,’ Duso stated. ‘We take care of all the security elements.’ Ease of integration is also a major benefit, especially to companies wanting to take advantage of new intelligent technologies, Duso pointed out. The wide range of AWS’ products means that advanced tools for building and deploying machine-learning models, such as AWS SageMaker, can be integrated with file storage services, such as FSx for Lustre and EFS, bringing even more simplicity to the process. ‘Customers don’t have to worry about storage; they don’t have to worry about sharing; they don’t have to worry about scaling. It’s all there for them,’ Duso said. Cloud brings global scale, but data must remain close to the user to avoid issues with availability and latency. AWS addresses this by creating regions where data is available in multiple locations. ‘Our regions are built to have, at minimum, three availability zones,’ Duso explained.”
Besides reducing latency, storage in multiple locations also serves as a backup. You can see Duso explain the AWS storage strategy at length in one of those videos embedded in the source article. He pledges that customers who use the AWS platform to manage their storage workload free up plenty of time to focus on other parts of their business.
Cynthia Murrell, December 8, 2019
-
- Subscribe to Beyond Search
Feature archive
News archive
-
