Google: High School Science Club Mini Revolt. Mini? Why Not Maxi?

December 17, 2020

Ah, remember the good old days. No one knew about thumb typing. High school students contented themselves with chemistry experiments, electronics kits, and weird tin girder thingies. Now the HSSC has grown up, but has failed to leave behind the beliefs, precepts, and insights of their youth.

I thought about the then and now perspective when I read “Google AI Researchers Lay Out Demands, Escalating Internal Fight.” As if the assorted lawsuits were not enough to bedevil the senior management of the Google. I know the allegations about fiddling with online advertising are colorful, but just maybe that’s another facet of what I call HSSCMM or the high school science club management method. The idea is that teen spirit allows some bright young people to discard history, expected behaviors, and social conventions in order to demonstrate the superiority of the young mind.

Yeah, how is that working out?

Let’s recap:

  1. Google management seems to have an issue with staff who want to explain how smart software can become biased. How does this get fixed? Just work through the weird explanations emitted by Google and then ask the question, “Are there other ways to ignite a social issue powder keg?” The answer is, “Well, probably.”
  2. How can a company find itself in the litigation hot seat in multiple jurisdictions? Easy. Treat the European Community as if they were slightly dull and non-Googley critics of the world’s largest online ad system. Create a situation which allows the company to come to the attention of 40 US states attorneys general. Recite the mantra about competition and a free service. Are there other ways to catch attention of people who sue for a living? The answer is, “Well, probably.”
  3. A couple of days ago, the Google infrastructure with Chubby, Sawzall, and their pals crashed. Nifty. Some can get by without Gmail, but what about the father who used the fine tweeter system to share this thought: “I’m sitting here in the dark in my toddler’s room because the light is controlled by @Google Home. Rethinking… a lot right now.”

Does it seem that the HSSCMM is fraying at the edges?

Am I concerned? Nope. Just amused. I think there are lessons to be learned from these Google missteps just as there are from the SolarWinds’ misstep. (What’s the cost of remediating this minor hiccup? A few bucks? An ad like Facebook’s in the Wall Street Journal? Or an AT&T telemarketing promotion of its outstanding video service?)

Integrity, ethical behavior, and an effort to deliver solutions that work are not priorities. That’s too bad. Once upon a time, high school science clubs meant something sort of positive. Today the sort of negative has won.

That explains a great deal about the social and technical environment in which these almost comical actions are unfolding.

Do you have a HSSCMM T shirt? Messrs. Brin and Page may be wearing theirs now.

Stephen E Arnold, December 17, 2020

FireEye Breach a Major Concern

December 17, 2020

The cybersecurity firm responsible for safeguarding data at government organizations (including several US federal agencies) and Fortune 500 companies around the world recently announced it suffered a breach. CEO Kevin Mandia tried to downplay the implications and persuade us his company has everything under control, but Tech Central explains “Why Everyone Should Be Worried by the FireEye Hack.” FireEye revealed the attacker was probably a “sophisticated state-sponsored actor,” but Tech Central informs us:

“Reporters with the Washington Post were more specific: It was Russia. And not just any Russians, but a group known as ‘APT29’ or ‘Cozy Bear,’ hackers affiliated with the Kremlin’s intelligence services. Cozy Bear’s pedigree includes past hacks of the US state department and White House during the Obama administration and, perhaps most famously, of the Democratic National Committee’s servers during the 2016 presidential campaign. (Who did the state department and the White House recruit to clean up the earlier breaches? FireEye.) FireEye said the hackers pilfered its so-called ‘Red Team’ tools. That’s the stuff companies like FireEye use to test vulnerabilities of computer networks to make them more resilient. The tools are meant to mimic a complex assault, and now they’re in the hands of a hostile player. FireEye said the hackers focused primarily on information from its government clients, and it released 300 countermeasures for its customers and the public to use against hacks enabled by the stolen tools. The company also said it hadn’t seen any of its tools used yet for break-ins, and none involved ‘zero-day’ exploits. … ‘We do not believe that this theft will greatly advance the attacker’s overall capabilities,’ FireEye noted.”

Readers should take that assertion with a grain of salt; we are told the federal Cybersecurity & Infrastructure Security Agency is not so confident. Cybersecurity vendors seem to be better at marketing than protecting themselves and, by extension, their clients. This PR challenge is high, though, as the company’s stock market dive reveals. We’re reminded FireEye is not the first cybersecurity firm to be hacked. If the guardians themselves are not secure, is anyone?

Cynthia Murrell, December 17, 2020

Amazon Uses Googley Phrase Which Also Was Mostly Marketing Hoo Hah

December 17, 2020

You may not remember, but I do. Like yesterday. I wrote an analysis for the late, highly regarded financial services firm and contract bridge epicenter BearStearns. The document was published more than a decade ago. Two things happened. Google immediately rolled out a special event to announce universal search. I heard that the name morphed into unified search and then federated search among some Googlers. The idea is that a user runs a query and expects the content of which he or she is aware will be in the results. Ho ho ho. The merrie search elves know that even at the mighty Google one must search silos of data. Universal, unified, federated. That’s like a Dark Web vendor posting 1 800 YOU WISH as the customer support number for bogus contraband.

Imagine my surprise when I noted this Amazon post:

Announcing Unified Search in the AWS Management Console

Universal, unified, whatever. I find it fascinating how search related terminology comes into vogue and falls out of favor only to return in a weird but actually identifiable Kondratiev waves. Examples include:

  • Inference (nifty but there was a search vendor called Inference now essentially forgotten)
  • Boolean which several vendors have resurrected after thumbtypers declared the method dead
  • indexing now creeping back into favor after metadata and enrichment have not moved the needle for jargon recycling.

Yep, unified. Much better than “federated”, of course. Remember Vivisimo? I sort of do, but IBM repositioned it as some whizzy part of Watson. Is search at AWS or anywhere for that matter what the user expects. Ho ho ho say the merrie search elves. Ho ho ho. That’s a good one.

Stephen E Arnold, December 16, 2020

Seeking Clarity? Amazon AWS Can Provide It

December 17, 2020

AWS increases their AI and machine learnings technology offerings everyday. While AWS is one of the leading providers for AI-powered technology it has yet to overcome AI’s limitations. One of the biggest issues facing AI-powered technology is bias. The best examples of AI bias are facial recognition studies that lack diverse ethnic examples (e.g. black, white, Asian, etc. people).

Amazon developed a solution for bias: Amazon SageMaker Clarify, a tool designed for machine learning developers to gain deeper insight into training data and models to detect bias and explain predictions. Amazon SageMaker Clarify works by:

“SageMaker Clarify is integrated with Amazon SageMaker Data Wrangler, making it easier to identify bias during data preparation. You specify attributes of interest, such as gender or age, and SageMaker Clarify runs a set of algorithms to detect any presence of bias in those attributes. After the algorithm runs, SageMaker Clarify provides a visual report with a description of the sources and measurements of possible bias so that you can identify steps to remediate the bias. For example, in a financial dataset that contains only a few examples of business loans to one age group as compared to others, SageMaker will flag the imbalance so that you can avoid a model that disfavors that age group.”

Eliminating bias detection is a major holdup in AI technology, but SageMaker Clarify is a step in the right direction. Other AI players, including Google, Microsoft, and Apple, are developing their own ways to detect bias.

Whitney Grace, December 17, 2020

Security Vendors: Despite Marketing Claims for Smart Software Knee Jerk Response Is the Name of the Game

December 16, 2020

Update 3, December 16, 2020 at 1005 am US Eastern, the White House has activate its cyber emergency response protocol. Source: “White House Quietly Activates Cyber Emergency Response” at Cyberscoop.com. The directive is located at this link and verified at 1009 am US Eastern as online.

Update 2, December 16, 2020 at 1002 am US Eastern. The Department of Treasury has been identified as a entity compromised by the SolarWinds’ misstep. Source: US “Treasury, Commerce Depts. Hacked through SolarWinds Compromise” at KrebsonSecurity.com

Update 1, December 16, 2020, at 950 am US Eastern. The SolarWinds’ security misstep may have taken place in 2018. Source: “SolarWinds Leaked FTP Credentials through a Public GitHub Repo “mib-importer” Since 2018” at SaveBreach.com

I talked about security theater in a short interview/conversation with a former CIA professional. The original video of that conversation is here. My use of the term security theater is intended to convey the showmanship that vendors of cyber security software have embraced for the last five years, maybe more. The claims of Dark Web threat intelligence, the efficacy of investigative software with automated data feeds, and Bayesian methods which inoculate a client from bad actors— maybe this is just Madison Avenue gone mad. On the other hand, maybe these products and services don’t work particularly well. Maybe these products and services are anchored in what bad actors did yesterday and are blind to the here and now of dudes and dudettes with clever names?

Evidence of this approach to a spectacular security failure is documented in the estimable Wall Street Journal (hello, Mr. Murdoch) and the former Ziff entity ZDNet. Numerous online publications have reported, commented, and opined about the issue. One outfit with a bit of first hand experience with security challenges (yes, I am thinking about Microsoft) reported “SolarWinds Says Hack Affected 18,000 Customers, Including Two Major Government Agencies.”

One point seems to be sidestepped in the coverage of this “concern.” The corrective measures kicked in after the bad actors had compromised and accessed what may be sensitive data. Just a mere 18,000 customers were affected. Who were these “customers”? The list seems to have been disappeared from the SolarWinds’ Web site and from the Google cache. But Newsweek, an online information service, posted this which may, of course, be horse feathers (sort of like security vendors’ security systems?):

Read more

Crazy Research for the Work from Home Crowd

December 16, 2020

I read — despite my inner voice shouting, no, no, no — “Australian Study Shows Working in Pajamas Does Mot Hurt Productivity.” One summer session in graduate school, I had a roomie who slept without anything. Nifty, particularly when I had to observe this person sitting at the desk in the dorm before heading to class. Yeah, disgusting then and the memory is disgusting now.

The write up states:

When the study examined the effects wearing pajamas had on productivity and mental health, it found that wearing pajamas was associated with more frequent reporting of poorer mental health. For 59% of participants who wore pajamas during the day at least one day a week, they admitted their mental health declined while working from home, versus 26% of participants who did not wear pajamas while working from home.

The headline sort of misses the point.

But one of the flaws in the study is that the question, “Do you wear clothing when you sleep?” seems to have been ignored by the journalist and maybe the researchers in Sydney.

Key point: Pretty silly stuff. I want to know what percentage of the sample slept naked and then arose to work in a productive manner with a good mental attitude. Then I want to know that if a partner were present for the naked WFHers, what is the impact of this behavior on anyone able to look at this nude person perched in an Aeron with a laptop scrunched on their chest.

Got the picture?

Stephen E Arnold, December 16, 2020

Security Theatre: Act II of Flimsies or the Security Shibboleth Myth

December 16, 2020

The election is over. The activities in 2015 and 2016 were Act I. I think we are now in Act II of “Flimsies or the Security Shibboleth Myth.” I am perched happily on a small hill in rural Kentucky. I know zero about the machinations of the giant security outfits and the throbbing US government agencies. I do, however, read some news once in a while; for example, “SolarWinds Orion: More US Government Agencies Hacked.” The main idea is that the cyber breach and theft of pentest tools from FireEye, a prestigious cyber security firm, is very much in the news. The BBC story points out that a number of US government agencies were allegedly breached:

  • US Department of Defense (does that include the Defense Intelligence Agency).
  • US Department of State (does anyone work there any more?)
  • US Department of Homeland Security
  • US Department of Treasury (the FinCen folks perhaps?)

A contact told me that the estimable US Department of Commerce was a victim as well.

The main question for me is,

Do these Fancy Dan, often six figure or more cyber security systems work?

Another question:

Are the technologies ranging from Dark Web threat reports to smart software that works like a human immune system real or marketing fluff?

I don’t know the answer to these questions, but I am wondering what Act III will present.

Stephen E Arnold, December 16, 2020

A Plan for a Recurring Google Tax Takes Shape

December 16, 2020

I spotted what looked like another ho hum the EC wants to penalize Google again story. “Tech Giants Face Fine of Up to 10% of Turnover for EU Rule Breaches -EU Source” contains a couple of nuggets. The first is that not just Google is a target. Now the goal is a company defined as a “technology” firm is fair game. With companies explaining that their operation is based on information, it is possible for the Google Tax to apply to companies different from the Google; for example, a health care company or a logistics outfit.

Second, this passage opens the door to financial and market data disclosures and may institutionalize a permanent penalty tax, maybe a tariff to just operate in the ED:

The rules, known as the Digital Markets Act, set out a list of dos and don’ts for online gatekeepers to ensure a level playing field for rivals and users. This could include requiring dominant companies to share certain kinds of data with rivals and regulators while practices such as companies favoring their own services could be outlawed.

This is likely to give some other nation states ideas for institutionalizing additional fees on “technology” companies. Who will pay these fees? Probably users.

Also, the write up does not identify a source. This is an interesting way to create “real” news when one is a trusted outfit. At least the source lives in the EC, maybe?

Stephen E Arnold, December 16, 2020

The Future? High School Science Club Management

December 15, 2020

With the discrediting of MBA programs, legal training, and art history, what’s a hard charging, Type A, materialistic over achiever supposed to do? The answer, according to Fast Company, is revealed in this article: “Everyone Should Be ‘CEO’ of Their Job and Manage As If They Own That Part of the Business.” However, before I highlight some of the insights in this high school science club management schema, I want to mention that “everyone” is singular; thus, the “their job” should be “an employee’s job or his or her job,” and the plural verb “own” is a singular; ergo, “owns”. Now that the sloppy grammar is behind me, let’s turn to the post MBA world.

Here’s a passage I circled in red:

My mantra is that everyone should be the “CEO” of their own role and manage their area as if they own that part of the business.

Now let’s try to focus on the message, not the sloppy grammar. The idea is that if I need a person to paint a wall, I should allow that person to be the CEO of the work. What about selecting the color? Should the painter pick another color? What about arranging elevator buttons?

image

Yes, initiative.

What if the wall must be painted before the guests arrive? Is the painter to select the time and pace of the work or just keep painting when the visitors pop in the door.

What about a minor project like replacing an Oracle database with a whizzy Amazon system?

Okay? Now we have arrived at the point which makes it clear that most people who are supposed to be managers are out of their comfort zone. MBAs, lawyers, accountants, and art history majors with an influential father and a great smile have to confess, “Hey, I know zero about this Amazon AWS Quantum Database idea.”

What’s the fix for the clueless president or senior manager? Here are the tips that will guarantee a Covid response type solution or the security methods in use at companies like FireEye:

Take the initiative

Be a team player

Ask for help

Listen

Take risks.

Let’s look at each of these.

Taking initiative is okay, but when people are paid to do a job, those people need to do the job. Yes, that includes protesters at Google type companies. A person is hired for a reason; therefore, do the work. Forget slogans. Put down the mobile phone. Do the work.

Be a team player is great when there is a team. I have news for the science club management adherents: Talking on Zoom and sending Teams messages is not a team environment. Since most companies are seizing Covid as an opportunity to slash costs, yip yap about teams in a asynchronous, distributed Zoom-type world is the antithesis of team building.

Ask for help. Great idea but from whom. Should the person struggling with AWS ask his or her boss for guidance when the superior is an art history major. Sorry, cutting out canvas and stretching it is not a skill directly applicable to the Byzantine world of database system engineering.

Listen. To whom? A colleague whom one does not know on a Zoom-type call? A contractor who shows up and asks, “What’s the problem?” Does one listen to a lawyer from Steptoe & Johnson explain how to break an encrypted message, or does one seek an NSA-type specialist to do the job?

Take risks. Now that’s a super idea, particularly when the individuals may not have a good understanding of the context, upsides, downsides, and costs of a particular decision.

To sum up, the high school science club management method is not one which makes me feel warm and fuzzy. There are old fashioned ideas which seem to have some merit; for example:

  • Expertise
  • Planning
  • Commitment
  • Detail orientation
  • Persistence
  • Integrity
  • Effort
  • Thoughtfulness.

What do you get when everyone is a CEO? Check out the availability of personal protective equipment in some major US cities, the delivery of packages by the United States Post Office, and the content filtering mechanisms in place at some social media outfits.

That’s what high school science club management methods deliver and in thumbtyper time.

Stephen E Arnold, December 15, 2020

FTC List of Entities of Interest

December 15, 2020

I read “FTC Issues Orders to Nine Social Media and Video Streaming Services Seeking Data About How They Collect, Use, and Present Information.” In the write up are the names of the entities about which information is sought. Here these organizations are:

  • Amazon
  • ByteDance (TikTok)
  • Discord Inc.
  • Facebook, Inc.
  • Reddit, Inc.
  • Snap Inc.
  • Twitter, Inc.
  • WhatsApp Inc. (This is a Facebook property)
  • YouTube LLC. (This is a Google property)

What interesting to me is that the FTC is taking action at this time. Here’s the list with the date on which the company began operating:

  • Amazon, 1994, 26 years ago
  • ByteDance (TikTok), 2012, 8 years ago
  • Discord Inc., 2015, 5 years ago
  • Facebook, Inc., 16 years ago
  • Reddit, Inc., 15 years ago
  • Snap Inc., 9 years ago
  • Twitter, Inc., 14 years ago
  • WhatsApp Inc., 2009, 11 years ago
  • YouTube LLC., 15 years ago.

What’s this date information reveal? The mean time for the FTC to recognize a potential issue and begin an investigation is the lifespan of a boxer dog.

A Federal investigation, the legal proceedings, and the appeals if necessary can reach eight years. Thus, it is possible that by 2028, the action begun in 2020 may be resolved.

What’s this suggest, gentle reader? Act now, apologize if snagged by a legal hook, and keep movin’ on down the information highway.

Lax regulation and what it fosters may not permit appropriate, prompt resolution.

Stephen E Arnold, December 15, 2020

« Previous PageNext Page »

  • Archives

  • Recent Posts

  • Meta