Microsoft: Information Released Like a Gentle Solar Wind
December 31, 2020
I read the New Year’s Eve missive from Microsoft, a company which tries to be “transparent, “Microsoft Internal Solorigate Investigation Update.” I am not sure, but I think the Microsoft Word spell checker does not know that SolarWinds is not spelled Solarigate. Maybe Microsoft is writing about some other security breach or prefers a neologism to end the fine year 2020?
Here’s a passage I found interesting:
Our investigation has, however, revealed attempted activities beyond just the presence of malicious SolarWinds code in our environment. This activity has not put at risk the security of our services or any customer data, but we want to be transparent and share what we’re learning as we combat what we believe is a very sophisticated nation-state actor. We detected unusual activity with a small number of internal accounts and upon review, we discovered one account had been used to view source code in a number of source code repositories. The account did not have permissions to modify any code or engineering systems and our investigation further confirmed no changes were made. These accounts were investigated and remediated. [Bold added to highlight intriguing statements]
To me, an old person who lives in rural Kentucky, it sure sounds as if Microsoft is downplaying:
- Malicious code within Microsoft’s systems
- The code performed “unusual activity” whatever this actually means I don’t know
- The malicious code made it to MSFT source code repositories
- Whatever happened has allegedly been fixed up.
What’s that unknown unknowns idea? Microsoft may be writing as if there are no unknown unknowns related to the SolarWinds misstep.
If you want more timely Solarigate misstep info, here’s what Microsoft suggests as a New Year’s Eve diversion:
For the up-to-date information and guidance, please visit our resource center at https://aka.ms/solorigate.
Stephen E Arnold, December 31, 2020
A Beefed Up Elasticsearch Presages an Interesting Future
December 31, 2020
The write up “Elasticsearch New Features: 2020 Year in Review” makes several “enterprise search” issues clear:
- Key word retrieval is not enough
- Additions to basic search signals that Elasticsearch is following the Entopia, FAST Search & Transfer, and other proprietary systems down the path of exponential complexity
- Specialists in the time series and geospatial sector have cause to rejoice and be worried.
The article provides a summary of the feature landscape for Elasticsearch. It is worth pointing out that many commercial vendors rely on Elasticsearch or its cousin Lucene for information retrieval functions.
The article illustrates why. A single firm lacks the resources to build, enhance, and support what now is a retrieval and analysis platform. What’s interesting is how few vendors report their open source roots. Most prefer to concentrate on their proprietary add ons. These are the differentiators, but I must admit that most of these commercial vendors appear to me like an iguanas in a Caribbean iguana farm pen. I can no longer tell them apart. When I encounter a “new” enterprise or specialized search system positioned as a problem solver for the enterprise, I see iguanas. I suppose each iguana has a quite distinct personality, but I am not smart enough to perceive the difference.
Net net: Enterprise search is a utility. As an information service accretes features and functions, the basics become less important. At some point, the enterprise search systems, whether free or proprietary, bangs straight into the accounting department’s Zoom meeting.
The results are not pretty. Complexity, triage costs, customization costs, and special add ons set the stage for more Delphes, Fulcrums, SMARTs and STAIRS. Will vendors of enterprise search figure out how to get off this pathway to a Dante-like digital netherworld?
My prediction for 2021? Nah.
Stephen E Arnold, December 31, 2020
Tweet This! Real News Discovers the Concept of Hidden in Plain Sight
December 31, 2020
Remember the Purloined Letter? No, that’s okay. Thumbtypers don’t either. I read “Just How Bad Was This Year? These Professors Found Answers on Twitter.” I noted this passage:
Since 2008, the duo [professors at a school in Vermont] has taken a random 10 percent of everything tweeted each day, seeking truths hidden in plain sight. (Whileacknowledging, as Danforth put it, that “Twitter is a nonuniform subsample of utterances made by a nonuniform subsample of humans whoare on the Internet.”) They’ve used it, for example, to explore fame, finding that DonaldTrump and K-pop band BTS are mentioned as commonly as some regular words (think: “after,” “would.”). As Dodds put it, “The word‘Trump’ has been in the top 300 words all year this year, which he’s never done before. That’s more common than the word ‘God.’ ”
The sampling is done by the Hedonometer, possible a reference to either a town in England or a unit of pleasure used to theoretically weigh people’s happiness. I like the latter candidate, split infinitive, and the weird idea of “weighing” happiness. I often say to the grocery clerk in Harrod’s Creek, Kentucky, “I will take a pound of happiness and a half pound of ricotta, please.”
The big find seems to be:
Some trends have emerged through the years. All else being equal,Saturday is the week’s happiest day on Twitter, Tuesday the saddest.National holidays cause huge spikes in happiness, with Christmas beingthe most cheerful. Major sporting events and birthdays of pop stars,particularly K-pop stars, tend to make for gleeful days. On the flipside, natural disasters and mass shootings tend to spark more unhappydays.
What’s the analysis reveal?
“In the last five years, we’ve seen the usual weekly cycle justget busted,” Dodds added. “It’s sort of all over the place now.Events are happening any day of the week. It’s much more what Iwould call emotional turbulence.”
Remarkable in a way, a modest way.
Stephen E Arnold, December 31, 2020
Tape for Back Ups: What about Restore and a Few Other Trivial Questions?
December 31, 2020
I read “Fujifilm Created a Magnetic Tape That Can Restore 580 Terabytes.” Amazing. Remarkable. Incredible. Tape!
The write up reports:
The breakthrough, developed jointly with IBM Research, uses a new magnetic particle called Strontium Ferrite (SrFe), commonly used as a raw material for making motor magnets. Fujifilm has been investigating Strontium Ferrite as a possible successor to Barium Ferrite (BaFe), which is the leading material today.
Yep, strontium. Definitely a favorite among some laboring at LANL, Oak Ridge, and Argonne as well as among home experimenters with highly chemical reactive substances. Plus, there’s IBM in the mix. Yep, the Watson folk. Greetings, Blue folk.
I learned:
To put 580 terabytes in perspective, it’s roughly the equivalent of 120,000 DVDs or 786,977 CDs — IBM notes that stacking that many CDs would result in a tower 3,097 feet (944m) tall, or taller than Burj Kalifa, the world’s tallest building. All that data can now fit in a tape cartridge in the palm of your hand.
And how long will this wonder persist as usable media? 30 years.
I do have a couple of questions:
- Write speed?
- Read speed?
- Actual restore speed for 500 terabytes (there is overhead on these puppies, right?)?
- Mechanism to locate the specific blocks required for the restore?
- In use error rate?
- Storage environment required? (Faraday room, cavern in Kansas, in a pile on a metal rack in the junk closet?)
- What’s the cost in fully loaded dollars for the software, device, and staff time for write and restore?
- What’s the tensile strength of the medium in 29 years?
Ah, but there are no answers in the write up.
There you go. Let’s ask Watson or someone who has reported to a client, “Your tape backups are unreadable.” Ever heard that before? I sure have.
Stephen E Arnold, December 31, 2020
The Apple Covid Party App: One Minor and Probably Irrelevant Question
December 31, 2020
I am not into Apple or any other Sillycon Valley outfit. I am aware of the yip yap about curation policies, editorial control, and delivering a good experience. Yadda yadda or as the overtalkers on Pivot say, “yoga babble.”
I read “Apple Pulls App That Promoted Secret Parties During Ongoing Pandemic.” The write explains that Apple removed the app from the lucrative App Store.
But there is one minor and probably irrelevant question which arises:
With all the effort Apple puts into curation, how did the app make it to the App Store?
My hunch is that talk, handwaving, and posturing are more important than evaluating, checking, and considering apps. But that’s just a hunch. Reality is probably different.
Stephen E Arnold, December 31, 2020
Finding Google Maps: Sundar Pichai, I Presume?
December 31, 2020
The Google is not getting the respect it once assumed was its droit du seigneur. A recent example is this comment from “Google Maps’ Moat is Evaporating”:
I suspect we’re at the tail end of the golden era for Google Maps. They appear, to me, to be acting from a place of fear and conservatism rather than innovation.
The Google service under the microscope is Google’s ever-so-helpful implementation of a former Sun Microsystems’ observation that when one drives a car with zippy map technology, the map will show you where a gas station is.
That seems quaint now with maps everywhere, even when one does not want them; for example, in a Google search result for certain types of information like C-UAS methods or FPAAs.
The write up strikes me as gleeful in a way. Hey, Google, you are losing it.
Here’s an example:
The trouble is, Google isn’t the only game in town anymore. If they keep alienating their customers and pursuing a proprietary data strategy at all costs, they’re going to continue to lose ground to competition while spending more than ever just to tread water.
Yikes, competition, once thought to be extinct at the GOOG.
Then the cow analogy, an animal some view as sacred:
If Google doesn’t start taking the Google Maps Platform seriously, they’ll slowly but surely find themselves alone on an island of inferior, less frequently updated, and expensive-to-maintain proprietary data. A new generation of innovative apps built on top of OSM will feast like piranhas on a cow treading water.
What’s the cost of digital maps lost in the corporate wilderness? Navigate to “Google Maps Changes a Route after the Drama of Young People Lost on a Ghost Road.” With no local businesses buying ads, resources are better directed elsewhere. Sounds plausible to me, but I am not young, lost, or on a ghost road.
The author may want to make sure the Google cow does not have swim fins.
Stephen E Arnold, December 30, 2020
Oracle: An Interesting Take on the Outfit Once Occupying Dolphin Way
December 30, 2020
The Sea World thing off 101 is history. The weird “aquatorium” has been replaced with glass structures which look like black oat meal boxes on my grandmother’s pantry shelf. Now more insight into the Coddish (not codfish) style database company has been revealed in “When You Can’t Innovate, You Litigate: Oracle Gleefully Takes Credit For Attacks On Section 230 And Google.” The write up explains that Oracle has shifted from technology to litigation and included the catch phrase “When you cannot innovate, litigate.” I like the phrase.
This passage is particularly interesting:
For a while now, people in Silicon Valley have been well aware of Oracle’s reputation as the anti-innovation behemoth, especially following its attack on APIs, interfaces, and how software is developed with the case against Google’s reimplementation of the Java API.
Adding:
The thing is, Oracle more or less admits that it’s doing this purely out of spite and the fact that it has failed to innovate and keep up with more nimble and innovative competitors. Oracle and Larry Ellison made some big bets early on that flopped. And rather than correct course and innovate, it has focused on what we’ve referred to as political entrepreneurship: lobbying and using the powers of government to shut down competitors, rather than innovate.
There are, however, several other facets of Oracle which can explain the company’s behavior; for instance:
- The firm’s investment approach using special purpose entities off shore
- The company’s policy of acquiring companies and allowing them to drift. (I am not sure if this was Oracle’s “invention” or its version of the OpenText approach to gaining revenue and prospects for upselling.)
- The drift down systemic problem affecting HP, IBM, Intel, and SAP. Oracle is just responding in a “path of least resistance” manner.
Interesting write up, but there’s quite a bit of corporate activity beyond the “let’s litigate” mantra.
Stephen E Arnold, December 30, 2020
Class Central: Learning in the Time of the Rona
December 30, 2020
Before the COVID-19 pandemic, educators speculated that schools would eventually transition to online learning. Most universities offer online classes and degree programs, but traditional public schools still have not transitioned. When the pandemic hit three was a rush for kids to resume their education and school districts scrambled to assemble online learning platforms.
Most online public education (through no fault of the teachers) stinks worse than cafeteria food, but there are other options for online schooling. With hundreds of online courses available, Class Central organizes all the providers into one catalog. Class Central’s goal is to:
Class Central is a listing of online courses. We aggregate courses from many providers to make it easy to find the best courses on almost any subject, wherever they exist. We focus primarily on free (or free to audit) courses from universities, offered through massive open online course (MOOC) platforms. Whatever you are interested in learning, it is more than likely that our catalog includes a course that will meet your needs. Through Class Central, you can find courses; review courses you’ve taken (and read other people’s reviews); follow universities, subjects and courses to receive personalized updates; and also plan and track your learning.”
In other words, Class Central is like a library catalog of all the courses online combined with Amazon reviews. The coolest thing about Class Central is that it allows you to search through all course offerings by subject. A search for “computer coding” resulted in classes from major universities as well as Udemy, edX, and more.
One of the benefits to Class Central is that is lists whether a course is free or requires a enrollment fee. While there are many free online courses, some services only have a few free lessons before requiring cash or enrollment in the actual institution.
Whitney Grace, December 30, 2020
Smart Software and Cyber Security
December 30, 2020
Smart software appears to be the solution to escalating cyber security woes. An unusual article (actually more of a collection of dot points) provides some insight into the challenges makers of smart security software have to overcome. Navigate to “What is the Impact of Artificial Intelligence on Cyber Security?” and scroll to the section titled “Why Did Artificial Intelligence Fail?” Here are three of the 10 reasons:
- When you stuck in a never-ending development loop
- Most AI models decay overtime
- Optimizing for the wrong thing.
Before I read the article, I had been operating on a simple principle: Smart cyber security software is an oxymoron. Yikes. I did not know I was stuck in a never ending development loop or optimizing for the wrong thing.
The article offers a number of statements which, I assume, are intended to be factoids. In reality, the collection of information is a gathering of jargon and sales babble.
The write up reveals how to get rid of security smart software failures. There are seven items on this list. Here’s one: Statistical Methodology.
Several observations:
- Smart software works when knowns are trimmed to a manageable “space”.
- The “space” is unfortunately dynamic, so the AI has to be able to change. It usually needs the help of humans and an often expensive retraining cycle.
- The known space is what the best of the bad actors use in order to attack in new ways.
Net net: The SolarWinds’ misstep illustrates that exactly zero of the classified systems used to monitor adversaries’ cyber attacks rang the klaxon. To make matters more embarrassing, exactly zero of the commercial threat intelligence and cyber monitoring systems punched a buzzer either.
Conclusion: Lists and marketing hoo had are not delivering. The answer to the question What is the impact of artificial intelligence on security? is an opportunity to over promise and under deliver perhaps?
Stephen E Arnold, December 30, 2020
Misinformation: Semi-Explained
December 30, 2020
I read “Why We’re Posting about Misinformation More Than Ever.” I am not going to work through the Silicon Valley MBA, jargon fest. The informing idea for the essay may be this statement:
Neither the media nor fact-checkers controlled the online conversation surrounding “misinformation” this year.
I am tempted to ask, “Who appointed media and fact checkers as the arbiters of truth”? But, no, I will not ask this question.
Instead I will focus on the big concept of a single online publication dog paddling with enthusiasm to generate revenue, writing about misinformation.
I want to ask several questions and perhaps an enthusiastic Silicon Valley MBA thumb typer or a graduate of a up market journalism school will answer each. Here we go:
- Is Vox is writing about misinformation because Vox is outputting misinformation? The skewed output is similar to a Google results list just powered by humans, not algorithm magic.
- Does Vox wants clicks because clicks generate the desirable pile of money?
- Does Vox believe that technology is now the fabric of modern life; therefore, politics, specious write ups about what a company should do, and trying really hard to become more than an online information service is the path to influence?
Standing by.
Stephen E Arnold, December 30, 2020