Google Speaks But Is MIT Technology Review Delivering Useful Information or Just PR?
February 4, 2021
I read “Google Says It’s Too Easy for Hackers to Find New Security Flaws.” I assume that the Google is thrilled that its systems and methods were not directly implicated in the SolarWinds’ misstep and possibly VMWare’s and Microsoft’s. But I don’t know because the information is dribbling out at irregular intervals and in my opinion has either been scrubbed or converted to euphemism. A good example is the Reuters’ report “Exclusive: Suspected Chinese Hackers Used SolarWinds Bug to Spy on US Payroll Agency — Sources.”
The esteemed institution supported by Jeffrey Epstein and housing a expert who allegedly had ties to an American adversary’s officials reports:
Attackers are exploiting the same types of software vulnerabilities over and over again, because companies often miss the forest for the trees.
What makes this story different is that the Google is now agreeing that today’s software is easy to compromise. The write up quotes an expert who offers:
Over its six-year lifespan, Google’s team has publicly tracked over 150 major zero-day bugs, and in 2020 Stone’s team documented 24 zero-days that were being exploited—a quarter of which were extremely similar to previously disclosed vulnerabilities. Three were incompletely patched, which meant that it took just a few tweaks to the hacker’s code for the attack to continue working. Many such attacks, she says, involve basic mistakes and “low hanging fruit.”
This is news? I think it is more self congratulatory just like the late January 2021 explanation of the SolarWinds’ misstep which I discuss in the February 9, 2021 DarkCyber video program. You can view the video on this blog.
Stephen E Arnold, February 4, 2021
Come On, Man: Hackers Seeking Legal Immunity
February 3, 2021
The hacking industry is thriving and there are companies labeled private sector offensive actors (PSOAs) selling cyberweapons enabling their customers to become hackers. PSOAs are nasty bad actor groups and they are trying to gain legal immunity to avoid criminal charges. Microsoft has more details in the story, “Cyber Mercenaries Don’t Deserve Immunity.”
One of these PSOAs trying to gain legal immunity is the NSO Group. The NSO Group sells cyberweapons to governments and the company argues its afforded the same legal immunity as its customers. Microsoft President Brad Smith stated the NSO Group’s business model is dangerous. It would allow other PSOAs to skirt laws and avoid any repercussions from their cyberweapons.
The biggest worry is that PSOAs’ technology could fall into the wrong hands and be used for nefarious deeds. Another worry is that if the NSO Group is granted sovereign immunity their actions will be profit driven rather than for the common good:
“Second, private-sector companies creating these weapons are not subject to the same constraints as governments. Many governments with offensive cyber capabilities are subject to international laws, diplomatic consequences and the need to protect their own citizens and economic interests from the indiscriminate use of these weapons. Additionally, some governments – like the United States – may share high-consequence vulnerabilities they discover with impacted technology providers so the providers can patch the vulnerability and protect their customers. Private actors like the NSO Group are only incented to keep these vulnerabilities to themselves so they can profit from them, and the exploits they create are constantly recycled by governments and cybercriminals once they get into the wild.”
Human rights are another concern, because governments run by bad actors can use the cyberweapons to harm their citizens. Anyone who fights for human rights could be tracked and have their information stolen. This could ultimately lead to their deaths.
The NSO Group and PSOAs must be held to the same standards as other private companies. If their products are used by bad actors with the PSOAs’ knowledge they must be held liable.
Whitney Grace, February 3, 2021
Has Google Muffed the Bunny? Translation: Is Googzilla from Warped Ad DNA?
February 3, 2021
I read “This is How Google will Collapse,” written not by a student allegedly named Daniel Colin James, affiliated in some way with an entity called Empirics Asia. Yep, another name ending in –ic like politic, semantic, and the worst word of this set ethic.
The write up is a dark prognosis for the GOOG. I visualized a somber physician telling a patient, “Look at the bright side, you have more years to live before you die an agonizingly slow death.”
The main point of the write up is that Google chased the hopes and dreams of artificial intelligence. That’s a useful endeavor, but Google did little to respond to certain user cohorts embracing ad blockers, Amazon taking the product search traffic from under Googzilla’s snout, and Facebook pushing hard into online advertising.
The write up notes:
Google’s then-CEO Sundar Pichai famously predicted in 2016 that “the next big step will be for the very concept of the ‘device’ to fade away” and that “over time, the computer itself — whatever its form factor — will be an intelligent assistant helping you through your day. We will move from mobile first to an AI first world.” Google’s ability to acknowledge the coming trend and still fail to land in front of it reminded many observers of its catastrophic failures in the booming industries of social media and instant messaging.
I circled in red this statement from the Empircs’ post:
Google was a driving force in the technology industry ever since its disruptive entry in 1998. But in a world where people despised ads, Google’s business model was not innovation-friendly, and they missed several opportunities to pivot, ultimately rendering their numerous grand and ambitious projects unsustainable. Innovation costs money, and Google’s main stream of revenue had started to dry up. In a few short years, Google had gone from a fun, commonplace verb to a reminder of how quickly a giant can fall.
Not exactly E=mc^2 but more of a what goes up must come down—sort of like a Loon balloon. The gas leaks out and then plop.
Stephen E Arnold, February 3, 2021
Subscriptions Are Dead: Bad News for Substack and Its Truck Load of Competitors
February 3, 2021
I know. I know. I know that “Subscription-Based Pricing Is Dead: Smart SaaS Companies Are Shifting to Usage-Based Models” is talking about cloud service providers. These are the small, emotionally sensitive firms like Amazon, Google, Microsoft, and others who struggle to make ends meet each month. The basic idea is that the taxi meter approach to pricing is the future. Hop in the cab, tell the head in the clouds driver your destination, and pay what the meter shows upon arrival. Did your driver crash? Did your driver take you to Sonic Drive In before reversing course and delivering you near your destination? Did your driver like some gig workers driving vehicles for money pull a gun and rob you? No? Lucky you.
The write up states:
Some fear that investors will hate usage-based pricing because customers aren’t locked into a subscription. But, investors actually see it as a sign that customers are seeing value from a product and there’s no shelf-ware. In fact, investors are increasingly rewarding usage-based companies in the market. Usage-based companies are trading at a 50% revenue multiple premium over their peers. Investors especially love how the usage-based pricing model pairs with the land-and-expand business model. And of the IPOs over the last three years, seven of the nine that had the best net dollar retention all have a usage-based model.
To read this article, guess what? You have to pay a subscription fee. I know. I know. Silicon Valley “real” news outfits just emit parental and oracular, consult like statements.
A couple of observations may be warranted:
First, many customers dislike usage based pricing because of surprises when the bill is presented. And, believe me, when the bill is submitted, getting a sensitive firm to alter it can be a time sink hole.
Second, the usage based model was one that was popular among some timesharing companies. Example: The much loved Dialcom or the European Space Agency’s operation decades ago. Why? Surprise fees.
Third, usage based pricing demands convoluted price lists. I assume that you, gentle reader, remember the wonderful days of IBM’s J1, J2, and J3 fee schedules. AT&T had some excellent methods as well. After Judge Green’s break up of Ma Bell, even Baby Bells howled when Bellcore fired off an invoice. Those were the days.
Now, if the write up is correct, the good old days have returned, except at the “real” news outfit making this profound statement.
Stephen E Arnold, February 3, 2021
AI Ethics: Now a Thing. Consulting Revenues to Follow
February 3, 2021
Artificial intelligence ethics are a growing concern amongst IT moralists and ethical policy makers. These experts do not want revolutionary AI tools used for evil, but ethical practices for AI are literally…er…literary in movies and books. While books and movies act as touchstones for reality, they still remain works of fiction. Technology Review runs down a list of “responsible AI ventures” in “Worried About AI Ethics? These Startups Are Here To Help.”
It is extremely important for all technology to comply with legal and business standards and business. AI models must be audited before they can be put to work, but the different branches of companies (data scientists, lawyers, and executives) do not speak the same languages. Audits take much longer than necessary. Parity AI is a startup specializing in bias-mitigation tools and explainability platforms to guarantee AI complies with operating procedures or that it is ethical. Parity focuses on helping companies determine risk and impact factors using various AI algorithms and data inputs.
Explainability is another area of AI ethics that is emerging. Explainability is transparency in AI models that explain how they made their decisions. There are two startups that specialize in this:
“[Fiddler] helps data science teams track their models’ evolving performance, and creates high-level reports for business executives based on the results. If a model’s accuracy deteriorates over time, or it shows biased behaviors, Fiddler helps debug why that might be happening. Gade sees monitoring models and improving explainability as the first steps to developing and deploying AI more intentionally.
Arthur, founded in 2019, and Weights & Biases, founded in 2017, are two more companies that offer monitoring platforms. Like Fiddler, Arthur emphasizes explainability and bias mitigation, while Weights & Biases tracks machine-learning experiments to improve research reproducibility. All three companies have observed a gradual shift in companies’ top concerns, from legal compliance or model performance to ethics and responsibility.”
While startups like these could create an ethics ecosystem, there are still ethical concerns with designers. Professor Gang Chen of MIT did not disclose that he shared his nanotechnology researched with China. The United States government is angry and MIT is “deeply distressed.”
Whitney Grace, February 3, 2021
IBM Watsonizes Blockchain: Cash Sinkhole Grows
February 2, 2021
IBM had big plans to regain its position as the champion of the digital world wide mud wrestling competition. We know that mainframes generate revenue. We know that IBM’s cloud is at least in the game. We know that the cognitive computing marketing hoo hah Watson thing has struggled to climb in the ring. Now we know that the IBM blockchain superstar made it in the ring but tripped over a rope and plunged to the mat. Yep, dazed and confused before landing a punch.
If the information in “IBM Blockchain Is a Shell of Its Former Self After Revenue Misses, Job Cuts: Sources” is accurate, that’s the pickle on top of the IBM disaster burger. The write up asserts from unnamed sources of course:
BM has cut its blockchain team down to almost nothing, according to four people familiar with the situation. Job losses at IBM escalated as the company failed to meet its revenue targets for the once-fêted technology by 90% this year, according to one of the sources. “IBM is doing a major reorganization,” said a source at a startup that has been interviewing former IBM blockchain staffers. “There is not really going to be a blockchain team any longer. Most of the blockchain people at IBM have left.”
The write up noted:
In its recent full-year results statement, IBM as a whole reported revenue fell 6% on an annualized basis. Looking back to its 2017 financial statement, IBM called itself the “blockchain leader for business.” All mention of the technology is now absent from the company’s statements.
IBM, steeped in cognitive computing technology and confidence replied:
“IBM maintains a strong team dedicated to blockchain across the company. We have shifted some resources but remain committed to the technology, blockchain ecosystem and services. We see blockchain as a driver for our cloud business.”
Good to know. What’s Watson say?
Stephen E Arnold, February 2, 2021
Security Gaffes and the Tweeter
February 2, 2021
The Next Web has some advice for those going online to discuss how a security breach has affected them—“Don’t Dox Yourself by Tweeting About Data Breaches.” Writer Ben Dickson noticed several NetGalley users doing just that following the breech of that site’s database backup file last month. He writes:
“The database in question included sensitive user information, including usernames and passwords, names, email addresses, mailing addresses, birthdays, company names, and Kindle email addresses. Unfortunately, many users took to social media and started discussing the incident without thinking about what they are putting up for everyone to see. And in their haste to be the first to tweet about the breach, many users made awful mistakes, which could further compromise their security.”
A couple examples include the person who announced they use the same password everywhere (!) and someone who revealed their full name by reproducing their NetGalley notification. (Her Twitter account uses a pseudonym.) To make matters worse, it appears the database stored user information unencrypted. Though NetGalley itself does not keep incredibly sensitive data like banking information, hackers have ways of twisting even the most benign information to their dastardly goals. The write-up continues:
“After the NetGalley hack, the attackers have access to a fresh list of emails and passwords. They can use this information in credential stuffing attacks, where they enter the login information obtained from a data breach on other services and possibly gain access to other, more sensitive accounts. Cross-service account hijacking is something that happens often and can even include high-profile tech executives. The attacks can also combine the data from the NetGalley breach with the billions of user account records leaked in other data breaches to create more complete profiles of their targets. So, alone, the NetGalley data breach might not look like a big deal. But … every piece of information that falls into the hands of malicious actors can become instrumental to a larger attack.”
Dickson hastens to add that people need not stop tweeting about data breeches altogether. Doing so can actually provide valuable discussion, as his closing examples illustrate. One should just be careful not to include personal details the hackers’ might add to their collection.
Cynthia Murrell, February 2, 2021
Mom and Pop Online Ad Vendor Warrants Cutting Words from Down Under
February 2, 2021
I read “Shrill Threats: Google Risks Losing Media Fight.” The author seems not to be in fear of the acumen, the management prowess, and the business brilliance of the mom and pop online ad vendor. One should, I suppose, feel Googzilla’s pain. Amazon is on a tear in product search. The rattled Facebook continues to suck in advertiser money. Apple sells high margin hardware and has multiple revenue streams dumping cash into the weird Apple building.
The point of the story in the Sydney Morning Herald was to underscore the way in which the GOOG is perceived in Australia. Its country manager and the goal of playing hardball with folks who are quite hardy is news. After cutting a deal with the wine and cheese crowd in France, Google wants to avoid paying for content. Hey, content can be scraped like snow from a drive way. The difference is that real snow scraping can cause heart attacks. The Google scraping has caused anger to build among some publishers in Australia. The result may be more than a snowball fight.
Here’s the passage I circled in Google blue:
is beyond time. The issues surrounding big tech monopoly power have been a matter of controversy for years and there is compelling historical precedent for governments to act to break the market dominance. Big tech had the financial resources to nip this in a bud long ago. But they lacked strategic insight, not understanding that unless they adjusted their mantra around free content and looked more broadly at the what constitutes public good: governments would inevitably act. Instead their response has been arrogant, financially mean and wrapped in denial now translating into shrill threats.
I added some emphasis to you, gentle reader, can ponder a comment no Silicon Valley whiz has had an opportunity to enjoy previously. Imagine Googzilla emitting a shrill howl. Pretty vivid audio. I wonder if Google Translate can make sense of those Googley sounds? Probably not. I think the Google’s lawyers will do the talking.
Stephen E Arnold, February 2, 2021
YouTube Censors a Government Hearing in Ohio
February 2, 2021
It is a strange world we live in. Google’s efforts to curb misinformation on YouTube have led it to take down footage of legislative testimony in Ohio. Cincinnati’s WLWT5 News reports, “YouTube Removes Ohio Committee Video, Citing Misinformation.” We are not surprised the misinformation at hand relates to COVID-19. Digital editor Brian Wiechert writes:
“The video showed Thomas Renz, an attorney for Ohio Stands Up, a citizen group, make the opening testimony during a House committee hearing on a bill that would allow lawmakers to vote down public health orders during the pandemic. In the more than 30-minute testimony, Renz made a number of debunked or baseless claims, including that no Ohioans under the age of 19 have died from COVID-19 – a claim that has been debunked by state data. … “The removal, first reported by Ohio Capital Journal, comes days after the Republican lawmakers in the Senate passed a bill that would establish ‘checks and balances’ on fellow GOP Gov. Mike DeWine’s ability to issue and keep in place executive action during the coronavirus pandemic. Proponents of the bills in the House and Senate believe DeWine and the state health department have issued orders during the last 11 months of the pandemic that have remained enacted for longer than necessary and, as a result, have unduly damaged small businesses and the state’s economy. Opponents called it unconstitutional and warned it would decentralize the state’s response during an emergency and cost lives in the process.”
Checks and balances on lifesaving measures during a pandemic—I am sure this is not what our founders had in mind. Good move, Google. Ohio is a fly over state, so maybe it is devalued because it is not intellectually as capable as the Left and Right coasts of the USA? If residents of the state disagree with that assessment, they may wish to do something about the current occupants of their Senate chamber.
Can we blame it on the Google artificial intelligence software?
Cynthia Murrell, March 2, 2021
A Classy Approach to Editorial Controls
February 2, 2021
Off and on over the decades, I have worked with some publishing outfits: Some were big with lawyers and accountants turning the screws on those far down in the hierarchy. Others were small, operating out of offices the size of a shipping container in a run down neighborhood in Boston. I even worked for a “real” newspaper, hired by the eccentric owner Barry Bingham Jr. to assist the then nationally recognized Courier Journal to succeed in the electronic information sector in 1981. After the break up of the newspaper, I ended up working in a techno business role at a big time New York City publishing company.
But in my professional career, I can state with reasonable confidence that I have not heard editorial control processes described as methods to deal with “daily active sh*t heads.” The quote appears in this story: “Reddit’s CEO Has a Colorful Nickname for the Redditors Who Ruin It for Everyone.” If the individual identified in the write up did make this statement, the word “colorful” does not aptly characterize the situation.
Here’s my take:
- Online information platforms use 230 as a way to dodge responsibility to deliver useful information provided in exchange for some value (ads, subscriptions, donations, etc.)
- Editorial controls should have been implemented the day the service went live in 2005 or so, not 15 years later. The accountability clock seems to be running or stopped.
- Users has always reminded me of those addicted, but “sh*t heads is neither appropriate nor accurate. With appropriate controls developed since our pal Gutenberg made waves, the craziness was neither necessary or facilitated.
Net net: The “sh*t heads” in this situation are the managers who abrogated their responsibility to deliver useful, accurate information. (By the way, Reddit is a hot bed of quite fascinating content, and that content can be manipulated by skilled bad actors.”
As I said, Reddit, not its users, are those with heads comprised of a substance some find offensive. Users, before you think I am okay with you, an editorial process would block or marginalize your rejected information so that you were encouraged to find a more companionable outlet for your thoughts, dreams, fetishes, hopes, and inner psychological voice.
Stephen E Arnold, February 2, 2021