Palantir Technologies: On the Runway for a Trillion Dollar Take Off?
November 29, 2021
Palantir Technologies is an interesting company. Its technology is a combination of 2003 legacy innovations, some open source goodness, and 18 years of working hard to put a fence around policeware, intelware, financial fraud, and a handful of other markets. It sure seems to me that The Motley Fool, who is neither motley nor a fool, believes that this financial benchmark is a possibility; otherwise, why write the story? PR, stock churn, controversy, to catch the attention of observers and sideline sitters like myself? I don’t know, but with Apple putting the PR in PRivacy, who knows?
The premise is interesting. I noted this passage in the Motley and Fool write up called “Will Palantir Be a Trillion Dollar Stock by 2042“:
Palantir is valued at $41.3 billion, or 27 times this year’s sales.
Good but with unicorns being birthed with Malthusian energy, there may be some boundaries on Palantir’s ambitions. (I will mention a couple of them at the close of this blog post.)
The write up also states:
The company expects that growth to be driven by its new and expanded contracts with government agencies, as well as the growth of its Foundry platform for large commercial customers. The accelerating growth of its commercial business over the past year, which notably outpaced the growth of its government business last quarter, supports that thesis.
I noted this statement, which I find somewhat amusing:
The company has gained a firm foothold with the U.S. government, but it still faces competition from internally developed systems. Immigration and Customs Enforcement (ICE), for example, has been developing its own platform to replace Palantir’s Falcon. If other agencies follow ICE’s lead, the company’s dream of becoming the “default operating system for data across the U.S. government” could abruptly end.
I assume that Messrs. Motley and Fool know something about government procurement, why US and EU agencies license multiple systems, and stimulate internal innovation. Yep, I am thinking about DoD incubation centers and 18f. To Motley’s and Fool’s analysis, I tip my fake fur hat to the mention of Amazon as a competitor. Many don’t understand the scope of Amazon’s government services, and probably if told, still wouldn’t grasp the online bookstore as provider of streaming business data and slick AWS blockchain tools.
Let me share some of the hurdles that the galloping stallion has to clear after 18 years on the track:
- The NSO Group dust up has changed the table stakes for policeware and intelware outfits which seek to expand into commercial markets. The impact of NSO Group has been biting Israeli firms, but who knows what will happen tomorrow. The past is not a reliable predictor in today’s flash mob environment.
- The newer methods developed since Palantir opened for “business” are impressive. Many are more capable than Palantir because many tasks with which a trained Palantir forward deployed engineer must engage are point-and-click. Check out Datawalk, Sphinx 12, or a few of the Tel Aviv based outfits’ methods. (A ton of Voyager insider information has been dumped online courtesy of FOIA and the LAPD.)
- Crime is rising, but cyber crime in its multiferous manisfestations is sky rocketing. That means that the vendors pitching solutions could face buyer remorse. What will some of those who find that nifty smart software is not too much of a barrier to novel exploits engendered by the good enough software approaches of Google-Android type coding or Microsoft cloud-type engineering? Maybe some big time litigation?
Net net: From my perspective Palantir Technologies is an intelware and policeware outfit which has to deal with upstart competitors, tough to predict regulation and trade controls, and the looming shadow of buyer remorse which will fall across the cyber intelligence sector and hit vendors indiscriminately.
A trillion dollar outfit? Is there an NFT for Seeing Stones yet?
Stephen E Arnold, November 29, 2021
Enterprise Search: What Did Shakespeare Allegedly Write?
November 15, 2021
The statement, according to my ratty copy of Shakespeare’s plays edited by one of the professors who tried to get me out of the university’s computer “room” in 1964, presents the Bard’s original, super authentic words this way:
The play is Hamlet. The queen, looking queenly, says to the fellow Thespian: “The lady doth protest too much, methinks.”
Ironic? You decide. I just wanted to regurgitate what the professor wanted. Irony played no part in getting and A and getting back to the IBM mainframe and the beloved punch card machine.
I thought about “protesting too much” after I read “Making a Business Case for Enterprise Search.”
I noted this statement:
In effect you have to develop a Fourth Dimension costing model to account for the full range of potential costs.
Okay, the 4th dimension. Experts (real and self anointed) have been yammering about enterprise search for decades.
Why does an organization snap at the marketing line deployed by vendors of search and retrieval technology? The answer is obvious, at least to me. Someone believes that finding information is needed for some organizational instrumentality. Examples include finding an email so it can be deleted before litigation begins. Another is to locate the PowerPoint which contains the price the now terminated sales professional presented to close a very big contract. How about pinpoint who in the organization had access to the chemical composition of a new anti viral? Another? A shipment went walkabout. Some person making minimum wage has to locate products to be able to send out another shipment.
The laughable part of “enterprise search” is that there is no single system, including the craziness pitched by Amazon, Microsoft, Google, start ups with AI centric systems, or small outfits which have been making minimal revenue headway for a very long time from a small city in Austria or a suburb of the delightful metropolis of Moscow.
The cost of failing to find information cannot be reduced to the made up data about how long a person spends hunting for information. I believe a mid tier consulting outfit and a librarian cooked up this info-confection. Nor is any accountant going to be able to back out the “cost” of search in a cloud database service provided by one of the regulators’ favorite monopolies. No system manager I know keeps track of what time and effort goes into making it possible for a 23 year old art history major locate the specific technical innovation in an autonomous drone. Information of this type requires features not included in Everything, X1, Solr, or the exciting Amazon knock off of Elastic’s follow on to Compass.
Enterprise information retrieval has been a thing for about 50 years. Where has the industry gone? Well, one search executive did a year in prison. Another is fighting extradition for financial fancy dancing. Dozens have just failed. Remember Groxis? And many others have gone to the search-doesn’t-work section of the dead software cemetery.
I find it interesting that people have to explain search in the midst of smart software, blockchain, and a shift to containerized development.
Oh, well. There’s the Sinequa calculator thing.
Stephen E Arnold, November 15, 2021
Elastic CEO on New Products and AWS Battle
November 10, 2021
Here is an interesting piece from InfoWorld about a company we have been following for years. Elastic is the primary developer behind the open source Elasticsearch and made its money vending managed services for the platform. Lately, though, the company has been expanding into new markets—application performance management (APM), observability, and security information event management (SIEM). The company’s CEO discusses this expansion as well as its struggle with Amazon over the use of Elasticsearch in, “Elastic’s Shay Banon: Why We Went Beyond our Search Roots—and Stood Up to ‘Bully’ AWS.”
First, reporter Scott Carey asks about the move into security. Banon admits Elastic was late to the SEIM game, but that timing gave the CEO a unique perspective. He makes this observation:
“When I got into security, I really didn’t understand why the market is so fragmented. I think a big part of it is top-down selling. It’s not like CISOs [Chief Information Security Officers] aren’t smart, but they’re not practitioners, so you can go in and more easily communicate to them that they need certain protection. I could see that there was tension between the security team and developers, operations, devops teams. Security didn’t trust them, and it was the same story as before with operators and developers. This is where I think our biggest opportunity is in the security market. To be one of the companies that brings the trends that caused dev and ops to come together and bring it to security.”
See the write-up for more of Banon’s observations on security, APM, and observability. As for the licensing battle with Amazon, that began in 2015 when AWS implemented its own managed Elasticsearch service without collaborating with Elastic. Carey notes both MongoDB and Cloudflare had similar issues with the mammoth cloud-services vendor. Elastic ultimately took a controversial step to deal with the problem. We learn:
“In a January blog post, Banon outlined how the company was changing its license for Elasticsearch from Apache 2.0 to a dual Elastic License and Server Side Public License (SSPL), a change ‘aimed at preventing companies from taking our Elasticsearch and Kibana products and providing them directly as a service without collaborating with us.’ AWS has since renamed its now-forked service as OpenSearch.”
Banon states he did not really want to change the license but felt he had to take a stand against AWS, which he compared to a schoolyard bully. The CEO has some sympathy for those who feel the decision was unfair to developers outside Elastic who had contributed to Elasticsearch. However, he notes, his company did develop 99% of the software. See the article for more of his reasoning, his perspective on Elasticsearch’s “very open and very simple” new license, and where he sees the company going in the future.
Cynthia Murrell November 10, 2021
Encouragement for Bad Actors: Plenty of Targets Guaranteed
November 2, 2021
If the information in the Silicon Valley-esque business news service Venture Beat is accurate, 2022 is going to be a good year for bad actors. “Report: 55% of Execs Say That SolarWinds Hack Hasn’t Affected Software Purchases.” Now “purchase” is a misleading word. Vendors like users to subscribe, so the revenue projections are less fraught. Subscriptions can be tough to terminate, and paying that bill is like a bad habit, easy to fall into, tough to get out of.
The article states:
According to a recent study by Venalfi, more than half of executives (55%) with responsibility for both security and software development reported that the SolarWinds hack has had little or no impact on the concerns they consider when purchasing software products for their company. Additionally, 69% say their company has not increased the number of security questions they are asking software providers about the processes used to assure software security and verify code.
This statement translates to status quo-ism.
The Microsoft products are targets because Microsoft’s yummy software is widely used and is like a 1980s Toys-R-Us filled with new Teddy bears, battery powered trucks, and role-model dolls.
What’s the fix for escalating cyber attacks? Different business policies and more rigorous security procedures.
To sum up, a potentially big year for bad actors, some of whom practice their craft from prison with a contraband smartphone. The Fancy Bear types will be dancing and some of the APT kids will be wallowing in endless chocolate cake.
Digitally speaking, of course.
Stephen E Arnold, November 2, 2021
Can Waze Foreshadow AI Innovations at Google?
November 1, 2021
Yep. The article “Waze CEO Admits That Its Algorithm Is Sending Users Awry” triggered a thought on this cloudy and cold Monday morning: What other misdirections are Google smart software delivering. Confidence in one’s smart engineering is one thing; marketing is another.
The write up states:
According to media reports out of Israel where Waze was founded, the navigation app has been giving travelers incorrect directions and has accidentally sent some of its 1 million Israeli users directly into the heart of a traffic jam.
Didn’t Waymo send its smart cars to a dead end street in San Francisco? (See Dead-End SF Street Plagued with Confused Waymo Cars Trying to Turn Around Every 5 Minutes.”
The Phonearena article I read reported:
Waze CEO Guy Berkowitz admitted that “We have a problem with the algorithm. The more people we serve, the more it’s affected. The coronavirus has put us in a situation where we have to reinvent our algorithm.”
But I thought Snorkel type innovations allowed fast learning and other “almost smarter than a temp worker” type adaptations?
Nope. I learned:
A change in traffic patterns in Israel has screwed up Waze’s algorithm leading to incorrect directions.
The article suggests that the issue is Israel specific. Nice assertion, but I don’t believe it. Fancy Dan systems can drift. Let’s hope those “smart decisions” don’t demonstrate the flawed design of the snorkels needed when a Waymo drives off the Bay bridge into the chilly water.
Stephen E Arnold, November 1, 2021
Are Threat Detection and Cyber Security Systems Working?
October 26, 2021
I read “Microsoft: Russian SVR Hacked at Least 14 IT Supply Chain Firms Since May.” The write up states:
Microsoft says the Russian-backed Nobelium threat group behind last year’s SolarWinds hack is still targeting the global IT supply chain, with 140 managed service providers (MSPs) and cloud service providers attacked and at least 14 breached since May 2021. This campaign shares all the signs of Nobelium’s approach to compromising a significant list of targets by breaching their service provider.
That’s interesting. At first glance, it seems as if a small number of targets succumbed.
On the other hand, it raises some questions:
- What cyber security and threat detection systems were in use at the 14 outfits breached?
- What caused the failure of the cyber security systems? Human error, lousy cyber security methods, or super crafty bad actors like insiders?
- Is a 10 percent failure rate acceptable? Microsoft seems agitated, but why didn’t Microsoft’s security protect 10 percent of the targets?
Each week I am invited to webinars to learn about advanced security systems. Am I to assume that if I receive 10 invites, one invite will be from an outfit whose technology cannot protect me?
The reports of breaches, the powers of giant software outfits, and the success of most companies in protecting themselves is somewhat cheering.
On the other hand, a known group operating for more than a year is still bedeviling some organizations. Why?
Stephen E Arnold, October 26, 2021
Rogue in Vogue: What Can Happen When Specialized Software Becomes Available
October 25, 2021
I read “New York Times Journalist Ben Hubbard Hacked with Pegasus after Reporting on Previous Hacking Attempts.” I have no idea if the story is true or recounted accurately. The main point strikes me that a person or group allegedly used the NSO Group tools to compromise the mobile of a journalist.
The article concludes:
Hubbard was repeatedly subjected to targeted hacking with NSO Group’s Pegasus spyware. The hacking took place after the very public reporting in 2020 by Hubbard and the Citizen Lab that he had been a target. The case starkly illustrates the dissonance between NSO Group’s stated concerns for human rights and oversight, and the reality: it appears that no effective steps were taken by the company to prevent the repeated targeting of a prominent American journalist’s phone.
The write up makes clear one point I have commented upon in the past; that is, making specialized software and systems available without meaningful controls creates opportunities for problematic activity.
When specialized technology is developed using expertise and sometimes money and staff of nation states, making these tools widely available means a loss of control.
As access and knowledge of specialized tool systems and methods diffuses, it becomes easier and easier to use specialized technology for purposes for which the innovations were not intended.
Now bad actors, introductory programming classes in many countries, individuals with agendas different from those of their employer, disgruntled software engineers, and probably a couple of old time programmers with a laptop in an elder care facility can:
- Engage in Crime as a Service
- Use a bot to poison data sources
- Access a target’s mobile device
- Conduct surveillance operations
- Embed obfuscated code in open source software components.
If the cited article is not accurate, it provides sufficient information to surface and publicize interesting ideas. If the write up is accurate, the control mechanisms in the countries actively developing and licensing specialized software are not effective in preventing misuse. For cloud services, the controls should be easier to apply.
Is every company, every nation, and every technology savvy individual a rogue? I hope not.
Stephen E Arnold, October 25, 2021
Registering Dismay: Microsoft Azure Blues
October 20, 2021
The Beyond Search team loves Microsoft. Totally.
Some are not thrilled with automated customer service. Talk to smart software. Skip the human thing. Microsoft’s customer service has been setting a high standard for decades. . Despite the company getting bigger and more powerful, Microsoft sparked a story in The Register called “WTF? Microsoft Makes Fixing Deadly OOMIGOD Flaws On Azure Your Job.”
Azure is Microsoft’s cloud platform and users using Linux VMs are susceptible to four “OMIGOD” in the Open Management Infrastructure (OMI). Linux Azure users are forced to fend for themselves with the OMIGOD bugs, because Microsoft will not assist them. What is even worse for the Linux users is that they do no want to run OMIs on their virtual machines. OMIs are automatically deployed when the VM is installed when some Azure features are enabled. Without a patch, hackers can access root code and upload malware.
The write up points out that Microsoft did some repairs:
“The Windows giant publicly fixed the holes in its OMI source in mid-August, released it last week, and only now is advising customers. Researchers quickly found unpatched instances of OMI. Security vendor Censys, for example, wrote that it discovered ’56 known exposed services worldwide that are likely vulnerable to this issue, including a major health organization and two major entertainment companies.…In other words, there may not be that many vulnerable machines facing the public internet, or not many that are easily found.”
Linux VM users on Azure are unknowingly exposed and a determined hacker could access the systems.
Is it possible Windows 11 is a red herring. OMIGOD, no.
Whitney Grace, October 20, 2021
Data Slupring Gluttons: Guess Who, Please?
October 19, 2021
Apple’s iOS enjoys a reputation of being more respectful of users’ privacy than Google’s Android. However, announces Tom’s Guide, “New Study Reveals iPhones Aren’t as Private as You Think.” The recent paper was published by Trinity College’s School of Computer Science & Statistics. Unlike the many studies that have covered what kind of data apps collect, this research focusses on data reaped by core operating systems.
The researchers found Android does collect a higher volume of data, but iPhones collect more types of information. This includes data about other devices that could allow Apple to make a relationship graph of all devices in a local network, whether a home, office, or public space like a café. Creepy. Not only that, both operating systems collect telemetry and other data even when users explicitly opt out. Much of this collection happens when the phone is powered up. The rest occurs the whole time the device is on, even when sitting idle. Writer Paul Wegenseil specifies:
“Both the iPhone and Android phone called home to Apple and Google servers every 4 or 5 minutes while the phones were left idle and unused for several days. The phones were powered on and plugged in, but the users had not yet logged into Apple or Google accounts. Even when the iPhone user stayed logged out of their Apple account, the iPhone still sent identifying cookies to iCloud, Siri, the iTunes Store and Apple’s analytics servers while the iPhone was idle. It also sent information about nearby devices sharing the same Wi-Fi network. When location services were enabled on the iPhone, its latitude and longitude were transmitted to Apple servers. On Android, data is sent to Google Play servers every 10 to 20 minutes even when the user is not logged in. Certain Google apps also send data, including Chrome, Docs, Messaging, Search and YouTube, although only YouTube sends unique device identifiers. Even when the iPhone user stayed logged out of their Apple account, the iPhone still sent identifying cookies to iCloud, Siri, the iTunes Store and Apple’s analytics servers while the iPhone was idle. It also sent information about nearby devices sharing the same Wi-Fi network.”
Unfortunately, researchers concluded, there is not much one can do to prevent this data from being harvested. The best Android users can do is to start their phone with network connections disabled. The study found disabling Google Play Services and the Google Play and YouTube apps before connecting to a network prevented the vast majority of data sharing. But then, users would have to visit other app stores to download apps, each of which has its own privacy issues. Apple users do not even have that option, as their device must connect to a network to activate.
See the article for a summary of the researchers’ process. They reached out to both companies for comment. Google responded by comparing its data collection to the statistics modern vehicles send back to manufacturers—they just want to make sure everything is working properly. Apple’s spokesperson quibbled with the researchers findings and insisted users’ personal data was safe and could not be traced to individuals. I suppose we will just have to take their word for it.
Cynthia Murrell October 19, 2021
Amazon and Google: Another Management Challenge
October 18, 2021
There’s nothing like two very large companies struggling with a common issue. I read “Nearly 400 Google and Amazon Employees Called for the Companies to End a $1.2 Billion Contract with the Israeli Military.” Is the story true or a bit wide of the mark? I don’t know. It is interesting from an intellectual point of view.
The challenge is a management to do, a trivial one at that.
According to the write up:
Hundreds of Google and Amazon employees signed an open letter published in The Guardian on Tuesday [presumably October 12, 2021] condemning Project Nimbus, a $1.2 billion contract signed by the two companies to sell cloud services to the Israeli military and government.
Now what?
According to the precepts on the high school science club management method, someone screwed up hiring individuals who don’t fit in. The solution is to change the rules of employment; that is, let these individuals work from home on projects that would drive an intern insane.
Next up for these two giants will be a close look at the hiring process. Why can’t everyone be like those who lived in the dorm with Sergey and Larry or those who worked with Jeff Bezos when he was a simple Wall Street ethicist?
I will have to wait and see how these giant firms swizzle a solution or two.
Stephen E Arnold, October 18, 2021
-
- Subscribe to Beyond Search
Feature archive
News archive
-
