Google: Alleged Candidate Filtering
February 18, 2021
Who knows if this story is 100 percent spot on. It does illustrate a desire to present the Google in a negative way, and it seems to make clear how simple filters can come back to bite the hands of the busy developers who add features and functions without much thought for larger implications.
The story is “Google Has Been Allowing Advertisers to Exclude Nonbinary People from Seeing Job Ads.” The main idea seems to be:
Google’s advertising system allowed employers or landlords to discriminate against nonbinary and some transgender people…
Oh, oh.
If true, the check box for “exclude these” could become a bit of a sink hole.
The write up points out:
It’s not clear if the advertisers meant to prevent nonbinary people or those identifying as transgender from finding out about job openings.
Interesting item if accurate.
Stephen E Arnold, February 18, 2021
Objectifying the Hiring Process: Human Judgment Must Be Shaped
February 18, 2021
The controversies about management-employee interactions are not efficient. Consider Google. Not only did the Timnit Gibru dust up sully the pristine, cheerful surface of the Google C-suite, the brilliance of the Google explanation moved the bar for high technology management acumen. Well, at least in terms of publicity it was a winner. Oh, the Gibru incident probably caught the attention of female experts in artificial intelligence. Other high technology and consumer of talent from high prestige universities paid attention as well.
What’s the fix for human intermediated personnel challenges? The answer is to get the humans out of the hiring process if possible. Software and algorithms, databases of performance data, and the jargon of psycho-babble are the path forward. If an employee requires termination, the root cause is an algorithm, not a human. So sue the math. Don’t sue the wizards in the executive suite.
These ideas formed in my mind when I read “The Computers Rejecting Your Job Application.” The idea is that individuals who want a real job with health care, a retirement program, and maybe a long tenure with a stable out” get interviewed via software. Decisions about hiring pivot on algorithms. Once the thresholds are crossed by a candidate, a human (who must take time out from a day filled with back to back Zoom meetings) will notify the applicant that he or she has a “real” job.
If something goes Gibru, the affected can point fingers at the company providing the algorithmic deciders. Damage can be contained. There’s a different throat to choke. What’s not to like?
The write up from the Beeb, a real news outfit banned in China, reports:
The questions, and your answers to them, are designed to evaluate several aspects of a jobseeker’s personality and intelligence, such as your risk tolerance and how quickly you respond to situations. Or as Pymetrics puts it, “to fairly and accurately measure cognitive and emotional attributes in only 25 minutes”.
Yes, online. Just 25 minutes. Forget those annoying interview days. Play a game. Get hired or not. Efficient. Logical.
Do online hiring and filtering systems work. The write up reminds the thumb typing reader about Amazon’s algorithmic hiring and filtering system:
In 2018 it was widely reported to have scrapped its own system, because it showed bias against female applicants. The Reuters news agency said that Amazon’s AI system had “taught itself that male candidates were preferable” because they more often had greater tech industry experience on their resume. Amazon declined to comment at the time.
From my vantage point, it seems as if these algorithmic hiring vendors are selling their services. That’s great until one of the customers takes the outfit to court.
Progress? Absolutely.
Stephen E Arnold, February 17, 2021
Music Research: Bach, Mozart, and Vivaldi Are Losers
February 18, 2021
Here’s a statement from “Techno Is the Genre Least Effective at Reducing Anxiety.” The statement is simple:
techno, dubstep and 70’s rock anthems the top three types of music that recorded an increase in their blood pressure.
Now read this statement:
Techno, dubstep and classical chill out were also the top three genres to increase heart rates among the volunteers.
Let’s try to figure this out:
- Dubstep appears in each list
- Techno appears in each list
- 70s rock anthems appears in one list
- Classical chill out appears in one list.
It seems that listening to any one of these types of music will pump up the heart rate and increase blood pressure. But no! Only 70s rock anthems and classical chill out increase the heart rate without affecting blood pressure.
What do the data say?
“The study was conducted by the Vera Clinic, who also drafted in Doctor Ömer Avlanm?? to review the results. Medically they make a lot of sense…”
Sure they do. Bach and Mozart are losers. The music should do more than just raise blood pressure. Is there a Chopin rave happening on Zoom soon? Yep, thumb typing research for the GenXers and Millennials. Sample selection methodology? Confidence? Analytic methods? Term definition? Ho ho ho.
Stephen E Arnold, February 18, 2021
Microsoft: Technical Excellence Translates to More Excellencerness
February 18, 2021
I found the Microsoft explanation of the SolarWinds’ misstep interesting. CBS circulated some of the information in the interview in “SolarWinds: How Russian Spies Hacked the Justice, State, Treasury, Energy and Commerce Departments.” The point that Windows’ security systems did not detect the spoofing, modifying, and running of Microsoft software was skipped over in my opinion. I loved this statement by Brad Smith, one of the senior executives at the Redmond giant:
When we analyzed everything that we saw at Microsoft, we asked ourselves how many engineers have probably worked on these attacks. And the answer we came to was, well, certainly more than 1,000.
Then failing to detect the breach which seems to have exploited the fascinating Microsoft software update methods:
I think that when you look at the sophistication of this attacker there’s an asymmetric advantage for somebody playing offense.
Okay, “certainly.” Okay, 1,000.
What if SolarWinds’ misstep was not the largest and most sophisticated hack? Is it possible that an insider or a contractor working from home in another country provided the credentials? What if piggybacking on the wild and wonderful Windows’ update system and method was a cottage industry among some bad actors? What if the idea for the malware was a result of carelessness and assumptions about the “security” of how Microsoft and its partners conducted routine business? What if the bad actors used open source software and some commercial reverse engineering tools, information on hacker forums, and trial and error? Does one need a 1,000 engineers? Microsoft may need that many engineers, but in my experience gained in rural Kentucky, a handful of clever individuals could have made the solar fires burn more brightly. Who can manage 1,000 hackers? I am not sure nation states can get 1,000 cyber warriors to a single conference center at one time or get most to read their email, file reports, and coordinate their code. Some may suggest Russia, China, North Korea, or Iran can do these managerial things in a successful way. Not I. The simplest explanation is often the correct one. Insider, opportunism, and a small team makes more sense to me.
Let me shift gears.
What about the spoofing, modifying, and running of Microsoft software for months, maybe a year, maybe more without detecting the intrusion?
I noted “A Vulnerability in Windows Defender Went Unnoticed for 12 Years.” That write up asserts:
A critical bug in Windows Defender went undetected by both attackers and defenders for some 12 years, before finally being patched last fall. The vulnerability in Microsoft’s built-in antivirus software could have allowed hackers to overwrite files or execute malicious code—if the bug had been found. Let’s be clear—12 years is a long time when it comes to the life cycle of a mainstream operating system, and it’s a heck of a long time for such a critical vulnerability to hide.
Sure, let’s be clear. Microsoft talks security. It issues techno-marketing posts like its late January explanation of the SolarWinds’ misstep which I reported on in the DarkCyber video news program on February 9, 2021.
But perhaps more pointed questions should be asked. I don’t want to know about Team featuritis. I don’t want to know why I should not install certain Windows 10 updates or accept updates like the mandatory update KB4023057. I don’t want to know about folding mobile phones. Nope. None of those things.
I want TV interviewers, CBS “real news” writers, and Microsoft to move beyond marketing chatter, hollow assurances, and techno-babble. Oh, I forgot. The election, Covid, and the Azure cloud JEDI thing. I, like others, need their priorities readjusted.
How many employees and partners told Brad Smith, “You were great in the 60 Minutes interview? Lots I would wager.
Stephen E Arnold, February 18, 2021
Alphabet Google Spells Misunderstanding with a You
February 17, 2021
Developers at Google’s recently formed game studios were shocked February 1 when they were notified that the studios would be shut down, according to four sources with knowledge of what transpired. Just the week prior, Google Stadia vice president and general manager Phil Harrison sent an email to staff lauding the “great progress” its studios had made so far. Mass layoffs were announced a few days later, part of an apparent pattern of Stadia leadership not being honest and upfront with the company’s developers, many of which had upended their lives and careers to join the team.
The Stadia Xooglers-to-be tried to get more information from Alphabet Google. According to the article:
One source described the Q&A as an ultimately unsuccessful attempt at extracting some kind of accountability from Stadia management. “I think people really just wanted the truth of what happened,” said the source. “They just want an explanation from leadership. If you started this studio and hired a hundred or so of these people, no one starts that just for it to go away in a year or so, right? You can’t make a game in that amount of time…We had multi-year reassurance, and now we don’t.” The source added that the Q&A “wasn’t pretty.”
The management finesse is notable. If the information in the article is accurate, the consistency of Alphabet Google’s management methods is evident. I have labeled the approach “the high school science club management method” or HSSCMM. With the challenges many business schools face, the technique is not explored with the rigor of other approaches. Nevertheless, several characteristics of this Stadia motif are worth noting:
- Misinformation
- Awkward communications
- Insensitivity to the needs of Googlers on the express bus to Xooglerdom
- A certain blindness toward strategic and tactical planning.
Online games are bigger than many other forms of entertainment. I recall learning that in the mid 2000s, Google probed Yahoo about online games if I recall the presentation I heard 15 years ago.
Taking the article at face value, it appears that Alphabet Google spells misunderstanding with a you. There is no letter “we” in Alphabet I conclude. High school science club members struggle with the pronoun and spelling thing I conclude.
What’s the outlook for Alphabet Google in the burgeoning online game sector? Options include:
- Acquiring a company and integrating it into the Google
- Cleaning the high school and leaving the Science Club leadership intact
- Creating a duplicate service with activity centered in another country which is a variation on Google’s approach to messaging
- Going into a holding pattern and making a fresh start once the news cycle forgets that Alphabet Google failed on the well publicized game initiative.
- Teaming with Microsoft to create the bestest online game service ever.
Stephen E Arnold, February 17, 2021
Amazon: Putting Eyes on Humans
February 17, 2021
Amazon may have a new driver at the controls of the Bezos bulldozer, but the big orange machine keeps pushing monitoring technology. “Amazon’s Driver Monitoring App Is an Invasive Nightmare” does not like the system the online bookstore uses to keep an eye on human delivery drivers. The write up states:
Mentor is made by eDriving, which describes the app on its website as a “smartphone-based solution that collects and analyzes driver behaviors most predictive of crash risk and helps remediate risky behavior by providing engaging, interactive micro-training modules delivered directly to the driver in the smartphone app.”
From my tumble down shack in rural Kentucky, the Bezos bulldozer seems to be using technology from an outfit called eDriving. There are several options available to the online bookstore. Amazon can continue to pay eDriving. Amazon can clone the system. Amazon can acquire the company, people, or technology.
Based on my on-going research into Amazon’s surveillance capabilities, the enhanced cameras, the online hook to the AWS mothership, and the use of third-parties to nudge monitoring forward is still in its early days. Amazon moves slowly and in a low profile way. Most law enforcement and intelligence organizations observe Amazon the way a tourist does a turtle in the Galapagos: Check out where the turtle is after breakfast and then note that the darned thing moved behind a rock a few fee away by noon. No big deal. Turtles move, right? Turtles are not gazelles, right?
Several observations:
- Amazon chugs along in a sprightly manner behind the curtain separating public use of a system like Mentor
- Amazon time makes it difficult for some observers to note significant change in a system or technology
- The trick to figuring out where Amazon is headed in surveillance systems is to step back and observe the suite of systems.
What does one learn?
How about Amazon as the plumbing for many of the widely used policeware and intelware systems? Who knew that Palantir Technologies is a good Amazon customer? Maybe not IBM which inked a deal with the chipper Denver based “ride ‘em cowboy” policeware firm.
How useful would Amazon’s monitoring technology be if connected to a Palantir content intake system? My guess is that it would be quite useful, and it would require the Amazon cloud to work. What’s that mean for cloud competitors like Google, IBM, and Microsoft?
Amazon’s policeware and intelware approach is a lock in dream. Where could a Mentor-type system be useful to investigators?
Sorry. I can’t think of a single use case. Ho ho ho.
Stephen E Arnold, February 17, 2021
IBM Watson: Learn How to Build a Recommendation Engine with Watson NLP
February 17, 2021
I came across this IBM free lesson: “Build a Recommendation Engine with Watson Natural Language Understanding.”
The preliminary set up, according to the write up, takes about an hour. Once that hour has been invested, the IBM Watson Knowledge Studio service will allow you to whip up your own recommendation engine. Plus, with Watson, the system will understand what humans write.
What are the preliminary steps? No big deal. Get an IBM cloud account, then navigate to the IBM Cloud console. Pick a pricing plan. Just choose “free” otherwise the lesson is free, not building the recommendation solution, you silly goose.) Then follow the steps for provisioning a Watson Knowledge Studio instance. Choose “free” again.
Next you have an opportunity to work through six additio0nal steps:
- Define entity types and subtypes
- Create “Relation Types”
- Collect documents that describe your domain language
- Annotate Documents
- Generate a Machine Learning Model
- Deploy model to Natural Language Understanding service.
The system seems to enjoy documents which are no larger than 2,000 words, preferable smaller. And the documents must be in ASCII, PDF, DOC, and HTML. The IBM information says Zip files are supported, but zip files can contain non text objects and long text documents. (That’s why people zip long text files, right?) The student can also upload documents in the UIMA CAS XMI format. If you are not familiar with this file format, you can get oriented by looking at documents like this.)
Once you have worked through steps one through five (obviously without making an error), you will need you Natural Language Understanding API Key which “is located at The Natural Language Understanding API Key and URL can be found by navigating to your Watson Natural Language Understanding instance page and looking in the Credentials section.”
No problem.
But what if the customer support system relies on voice? What if the customer is asked to upload a screenshot or a file containing data displayed when a fault occurs? What if the customer has paid for “premier” support which features a Zoom session? What if the person who wants to learn about Watson recommendation engine for a small trucking company?
Good questions. You may want to set aside some time to work through steps one through five which encapsulate some specialized college courses and hands-on experience with smart software, search, indexing, etc.
Perhaps hiring an IBM partner to set up the system and walk you through its quirks and features is a more practical solution.
On the other hand, check out Amazon’s off the shelf machine learning systems.
Stephen E Arnold, February 17, 2021
A Tattoo Can Monitor Your Brainwaves
February 17, 2021
Most tattoos are works of art, but some people inject ink into their skin for medical reasons. Medical tattoos often list allergies or say “DNR” (do not resuscitate) on a person’s chest. Digital Trends share that a new type of tattoo ink can monitor brainwaves in the article: “This Game-Changing Graphene Tattoo Can Continuously Monitor Your Brainwaves.”
Brain Scientific, Inc. was founded by Baruch “Boris” Goldstein and specializes in special tattoos. These tattoos are inked on your head with a special grapheme ink, so they can monitor brainwaves. Here is a more accurate description:
“To be clear, Brain Scientific’s new Brain E-Tattoo doesn’t resemble any piece of ink you’ve seen before. It’s a small patch, about the size of a postage stamp that looks, for all intents and purposes, like a microchip wafer affixed above the ear of the wearer. While the company uses the word “tattoo” to describe it, it’s more accurately referred to as a minimally invasive, implantable, 4-channel, micro electroencephalography (EEG) with grapheme electrodes for continuous brain monitoring. And there’s a chance this bit of cyborg tech could one day help save your life.”
The idea is that the grapheme-based electrodes will be connected to a micro EEG to analyze brain patterns and alert you to abnormal brain patterns like seizures and Alzheimer’s.
Brain Scientific specializes in AI technology, but they transitioned into hardware when they could not find the right tools. Goldstein wants the grapheme tattoo to eventually replace EEG headsets and continuously monitor brain activity. With the recorded brain activity, medical professionals can observe how any changes differ from past neurological data. The grapheme tattoo can also monitor other body functions.
Grapheme tattoos may one day be programmed to download information directly into your brain. Companies like Apple, Facebook, and Google will have different grapheme tattoo types and sell exclusive content. How long before those get on the market?
Whitney Grace, February 17, 2021
SolarWinds: Woulda, Coulda, Shoulda?
February 17, 2021
The SolarWinds security breach had consequences worldwide. The bad actors, supposed to be Russian operatives, hacked into systems at the Department of Homeland Security, the Treasury Department, the National Institutes of Health, the Department of Justice, and other federal agencies as well as those of some major corporations. The supply-chain attack went on for months until it was finally discovered in December; no one is sure how much information the hackers were able to collect during that time. Not only that, it is suspected they inserted hidden code that will continue to give them access for years to come.
Now ProPublica tells us the government paid big bucks to develop a system that may have stopped it, if only it had been put into place. Writers Peter Elkind and Jack Gillum report that “The U.S. Spent $2.2 Million on a Cybersecurity System that Wasn’t Implemented—and Might Have Stopped a Major Hack.” Oops. We learn:
“The incursion became the latest — and, it appears, by far the worst — in a string of hacks targeting the software supply chain. Cybersecurity experts have voiced concern for years that existing defenses, which focus on attacks against individual end users, fail to spot malware planted in downloads from trusted software suppliers. Such attacks are especially worrisome because of their ability to rapidly distribute malicious computer code to tens of thousands of unwitting customers. This problem spurred development of a new approach, backed by $2.2 million in federal grants and available for free, aimed at providing end-to-end protection for the entire software supply pipeline. Named in-toto (Latin for ‘as a whole’), it is the work of a team of academics led by Justin Cappos, an associate computer science and engineering professor at New York University. … Cappos and his colleagues believe that the in-toto system, if widely deployed, could have blocked or minimized the damage from the SolarWinds attack. But that didn’t happen: The federal government has taken no steps to require its software vendors, such as SolarWinds, to adopt it. Indeed, no government agency has even inquired about it, according to Cappos.”
Other experts also believe in-toto, which is free to use, would have been able to stop the attack in its tracks. Some private companies have embraced the software, including SolarWinds competitor Datadog. That company’s security engineer, in fact, contributed to the tools’ design and implementation. We are not sure what it will take to make the government require its vendors implement in-toto. Another major breach? Two or three? We shall see. See the write-up for more details about supply-chain attacks, the SolarWinds attack specifically, and how in-toto works.
Cynthia Murrell, February 17, 2021
Microsoft and the Covid: Microsoft 0. The Covid. 1.
February 16, 2021
I believe that everything on Yahoo is true. The write up “Microsoft System Blamed for N.J. Vaccine-Booking Glitches” must be viewed as providing direct insight into the excellence of Microsoft’s engineering. In this week’s DarkCyber, I gave my interpretation of Microsoft’s explanation of the SolarWinds’ affair, and I am delighted to have a different topic about the Redmond behemoth. (I am aware that the odd folding phone has been discounted and that Microsoft thinks Australia’s approach to the Google is the best thing since Windows 3.11.
The New Jersey story is that Microsoft software does not allow the state to schedule Covid injections. I noted:
Five weeks of stumbles by Microsoft Corp. on New Jersey’s Covid-19 vaccine-booking software have left the state pushing for daily fixes on almost every part of the system and doubting it will ever operate as intended…
The write up points out that New Jersey’s love affair with Microsoft was in bloom in May 2021:
“To everyone at Microsoft, who has been a vital partner to our information technology team, New Jersey thanks you,” Murphy [Governor of the great state] said at a May 9 virus briefing in Trenton.
Now the love birds are pecking at one another:
Eight months later, though, on Jan. 6, Persichilli [New Jersey Health Commissioner]called out Microsoft by name in one of the governor’s press briefings. She said “enormous interest in receiving the vaccine” caused “capacity challenges” with the state’s Microsoft-run system.
Some questions crossed my mind:
- Has Microsoft shifted from delivering stable solutions to talking about solutions which require additional work to make licensees bubble with enthusiasm?
- Are the issues with the Covid system similar to those which allowed Windows Defender and its Azure complement to overlook the SolarWinds’ breach for more than a six months, a year, maybe more?
- What are the implications of the Covid system hiccup and the JEDI solution which Microsoft has captured from the Bezos bulldozer and other outfits jockeying for a chunk of the multi-billion dollar US government contract?
If anyone from Microsoft is reading this essay, please, push back using the comments function of the blog. At age 77, I really don’t want to engage with thumbtypers in a text message, email, or phone call joust.
Giblets! Goose feathers! What does New Jersey get for dinner on the Jersey shore sitting fix feet apart and wearing a really nifty MSFT mask?
Stephen E Arnold, February 16, 2021