The Bezos Bulldozer and One of Its Charming Quirks

October 22, 2021

Amazon is the Bezos bulldozer. I know. I know. He’s into space and making the world better. Nevertheless, the “trust” outfit Reuters is not buying the PR. “Amazon Copied Products and Rigged Search Results to Promote Its Own Brands, Documents Show” provides an interesting look at Amazon’s ecommerce business strategy.

The write up asserts:

… Thousands of pages of internal Amazon documents examined by Reuters – including emails, strategy papers and business plans – show the company ran a systematic campaign of creating knockoffs and manipulating search results to boost its own product lines in India, one of the company’s largest growth markets. The documents reveal how Amazon’s private-brands team in India secretly exploited internal data from to copy products sold by other companies, and then offered them on its platform.

Navigate to the source document for quotes, names of bulldozer drivers, and the specifics of the retail ants crushed under the steel tracks of the snorting behemoth.

Why would Amazon copy and boost its own products?

Gee, that’s a tough question. Pick from these possible reasons:

[a] Executive compensation incentives engineer rapacious methods into the ecommerce processes

[b] Because Amazon could. Hey, what’s power for if one doesn’t use it.

[c] Increasing profit results in higher stock prices and juicier bonuses for high-performing Amazon professionals

[d] It’s fun because business is a game

[e] The companies and products are little more than tests for Amazon. Follow the data.

I like the “It’s fun” answer. Because business is a game to be won.

Stephen E Arnold, October 22, 2021

Facebook: Why Change?

October 6, 2021

I read “Facebook Can’t Be Saved.” The main point struck me as:

Facebook has experienced years of intense scrutiny over the exact issues that are being discussed in the wake of Haugen’s revelations, and has only succeeded in making its inherent problems worse. During the hearing, Haugen compared fixing Facebook’s issues to mandating that cars come with seat belts. But maybe Facebook doesn’t need a seat belt. Maybe it just needs to stop being given more chances.  

This is an interesting analogy. I would ask this question, “Why should Facebook change?” The company has loyal users, lobbyists, and friends in high places. The available consequences are fines and enduring hearings and legal proceedings.

After watching the testimony by the whistle blower, my hunch is that Facebook will evolve. But the deep machine is chugging along.

Stephen E Arnold, October 6, 2021

Google Play Store Content Curation Flop, Well, Thousands of Flops

September 20, 2021

Google does collect user personal information for targeted ads, but more than 19000 apps in the Google Play Store could violate user privacy. The Daily Hunt shares the warning in the article: “Alert! More Than 19000 Apps On Google Play Store Could Leak Your Personal Data-Check Details.”

Digital security company Avast discovered that over 19000 apps hosted on the Google Play Store could leak user data and risk the phone’s security. Avast said the apps leak information, because there is a misconfiguration in the Firebase data. Android developers use Firebase to store user data. Avast reported the problem to Google, so it can notify app developers.

Most of the apps affected are:

“The apps that could be facing the issue are mostly related to lifestyle, gaming, food delivery and email, among others, the firm said, adding that users in Europe, South-East Asia and Latin America region are likely to have been impacted by it. More than 10 percent of 180,300 publicly available Firebase instances were found to be open by researchers at the Avast Threat Labs, which means that apps users’ data in those cases have been exposed to the public.”

User information is waiting to be stolen. Hopefully Google and Android app developers will fix the Firebase misconfiguration quickly so information is stolen by bad actors.

Whitney Grace, September 20, 2021

Change Is Coming But What about Un-Change?

September 8, 2021

My research team is working on a short DarkCyber video about automating work processes related to smart software. The idea is that one smart software system can generate an output to update another smart output system. The trend was evident more than a decade ago in the work of Dr. Zbigniew Michalewicz, his son, and collaborators. He is the author of How to Solve It: Modern Heuristics. There were predecessors and today many others following smart approaches to operations for artificial intelligence or what is called by thumbtypers AIOps. The DarkCyber video will become available on October 5, 2021. We’ll try to keep the video peppy because smart software methods are definitely exciting and mostly invisible. And like other embedded components, some of these “modules” will become components, commoditized, and just used “as is.” That’s important because who worries about a component in a larger system? Do you wonder if the microwave is operating at peak efficiency with every component chugging along up to spec? Nope and nope.

I read a wonderful example of Silicon Valley MBA thinking called “It’s Time to Say “Ok, Boomer!” to Old School Change Management.” At first glance, the ideas about efficiency and keeping pace with technical updates make sense. The write up states:

There are a variety of dated methods when it comes to change management. Tl;dr it’s lots of paper and lots of meetings. These practices are widely regarded as effective across the industry, but research shows this is a common delusion and change management itself needs to change.

Hasta la vista Messrs. Drucker and the McKinsey framework.

The write up points out that a solution is at hand:

DevOps teams push lots of changes and this is creating a bottleneck as manual change management processes struggle to keep up. But, the great thing about DevOps is that it solves the problem it creates. One of the key aspects where DevOps can be of great help in change management is in the implementation of compliance. If the old school ways of managing change are too slow why not automate them like everything else? We already do this for building, testing and qualifying, so why not change? We can use the same automation to record change events in real time and implement release controls in the pipelines instead of gluing them on at the end.

Does this seem like circular reasoning?

I want to point out that if one of the automation components operates using probability and the thresholds are incorrect, the data poisoned (corrupted by intent or chance) or the “averaging” which is a feature of some systems triggers a butterfly effect, excitement may ensue. The idea is that a small change may have a large impact downstream; for example, a wing flap in Biloxi could create a flood in the 28th Street Flatiron stop.

Several observations:

  • AIOps are already in operation at outfits like the Google and will be componentized in an AWS-style package
  • Embedded stuff, like popular libraries, are just used and not thought about. The practice brings joy to bad actors who corrupt some library offerings
  • Once a component is up and running and assumed to be okay, those modules themselves resist change. When 20 somethings encounter mainframe code, their surprise is consistent. Are we gonna change this puppy or slap on a wrapper? What’s your answer, gentle reader?

Net net: AIOps sets the stage for more Timnit Gebru shoot outs about bias and discrimination as well as the type of cautions produced by Cathy O’Neil in Weapons of Math Destruction: How Big Data Increases Inequality and Threatens Democracy.

Okay, thumbtyper.

Stephen E Arnold, September 8, 2021

Rethinking the Work Week

September 3, 2021

I read the “real” news and analysis piece about how long one should work. You may have time to check this essay for yourself as long as you can disconnect work from “real” life in the WFH and hybrid work environment.

The article is “This Is the Optimal Number of Hours You Should Work Every Day.” I want to point out that the title is misleading. There is the parental “should” and the failure to define “work.”

Here’s the key assertion in the article:

…aim for a 7.6 hour work day. That would equate to a 38-hour work week.

Let me identify a few organizations who might struggle with a 38 hour workweek:

  • The Légion étrangère
  • Lawyers gunning for partner in a Big Time law firm in Manhattan
  • Consulting firms like Bain, BCG, McKinsey, etc. (Mid-tier outfits may be stuck in the undifferentiated swamp of “experts” because the “get the job done” mentality is not part of the culture.)
  • First responders when crises become the norm in Lake Tahoe.

These are “exceptions”. However, the article makes it clear that the “modern” worker conceptualized by Fast Company does not want that organization man-approach to work.

However, there are some cultural forces putting their invisible hand on the Fast Company approach:

  • Reduced control by those who pay one’s salary
  • Escape from cultural norms
  • A perception that workers are entitled and have the right to work to get the job done within the workers’ guidelines.

When I worked at Booz, Allen & Hamilton, one of the Type As was known for spouting this aphorism:

Nothing worthwhile comes easy.

The goal of this type of write up, in my opinion, is to weaken the methods refined over the centuries to direct workers in such a way that specific tasks can be accomplished. Efficiency requires that waste be eliminated.

The redefinition of the work week is just one signal that change is occurring in real time.

How are the new approaches to working out?

Stephen E Arnold, September 3, 2021

Quote to Note: An Open Source Developer Speaks Truth

August 10, 2021

Navigate to “Lessons Learned from 15 Years of SumatraPDF, an Open Source Windows App.” Please, read the article. It is excellent and applicable to commercial software as well.

Here’s the quote I circled and enhanced with an exclamation point:

… changing things takes effort and the path of least resistance is to do nothing.

Keep this statement in mind when Microsoft says it has enhanced the security of its updating method or when Google explains that it has improved its search algorithm.

The author of “Lessons Learned…” quotes Jeff Bezos (the cowboy hat wearing multi billionaire who sent interesting images which were stunning I have heard) as saying:

There will never be a time when users want bloated and slow apps so being small and fast is a permanent advantage.

I would add that moving data rapidly out of an AWS module  evokes an Arnold corollary:

Speed costs more, often a lot more.

The essay is a good one, and I recommend that you read it, not just the quotes I reproduced in this positive comment about the content.

Stephen E Arnold, August 10, 2021

Deteching: Not Possible, Muchachos

August 6, 2021

Don’t become an Enterprise/IT Architect…” contains a small truth and a Brobdingnagian baby.

The small truth is, according to the article:

there are two speeds in IT: change is slow, growth is fast(-ish). Even if upper management (and many others, but the focus of this post is directed at the gap between ‘top’ and ‘bottom’) thinks they understand the complexity and effects, in reality, most of the time they have no clue as to the actual scale of the problem…

The idea is that there is a permanent break in the cable linking the suits with the people who have desks littered with usb keys, scraps of paper, and technical flotsam and jetsam.

Now for the Big Boy truth:

The frustration is that it will become harder to explain the ‘top’ what is going on and it will be particularly difficult to convince. This is especially true if that top has no interest in actually paying attention, because then it will be even harder as the first difficult step is to get them to hear you out.

What’s this mean for little problems like the SolarWinds’ misstep? What’s this mean for making informed decisions about cloud versus on premises or hybrid versus cloud, etc.? What’s this mean for making deteriorating systems actually work; for example, monopoly provided services which experience continuous and apparently unfixable flaws?

Big and small appear to be forcing a shift to a detech world; that is, one in which users (people or entities) have no choice but to go back to the methods which can be understood and which work. A good example is a paper calendar, not a zippy do, automated kitchen sink solution which is useless when one of the niggling issues causes problems.

As I said, SolarWinds: A misstep. Cyber security solutions that don’t secure anything. Printing modules which don’t print.

Detech. No choice, muchachos.

Stephen E Arnold, August 6, 2021

NSO Group: Talking and Not Talking Is Quite a Trick

July 30, 2021

I read “A Tech Firm Has Blocked Some Governments from Using Its Spyware over Misuse Claims.” First, let’s consider the headline. If the headline is factual, the message I get is that NSO Group operates one or more servers through which Pegasus traffic flows. Thus, the Pegasus system includes one or more servers which have log files, uptime monitoring, and administrative tools which permit operations like filtering, updating, and the like. Thus, a systems administrator with authorized access to one or a fleet of NSO Group servers supporting Pegasus can do what some system administrators do: Check out what’s shakin’ with the distributed system. Is the headline accurate? I sure don’t know, but the implication of the headline (assuming it is not a Google SEO ploy to snag traffic) is that NSO Group is in a position to know — perhaps in real time via a nifty AWS-type dashboard — who is doing what, when, where, for how long, and other helpful details about which a curious observer finds interesting, noteworthy, or suitable for assessing an upcharge. Money is important in zippy modern online systems in my experience.

My goodness. That headline was inspirational.

What about the write up itself from the real news outfit National Public Radio or NPR, once home to Bob Edwards, who was from Louisville, not far from the shack next to a mine run off pond outside my door. Ah, Louisville, mine drainage, and a person who finds this passage suggestive:

“There is an investigation into some clients. Some of those clients have been temporarily suspended,” said the source in the company, who spoke to NPR on condition of anonymity because company policy states that NSO “will no longer be responding to media inquiries on this matter and it will not play along with the vicious and slanderous campaign.”

So the company won’t talk to the media, but does talk to the media, specifically NPR. What do I think about that? Gee, I just don’t know. Perhaps I don’t understand the logic of NSO Group. But I don’t grasp what “unlimited” means when a US wireless provider assures customers that they have unlimited bandwidth. I am just stupid.

Next, I noted:

NSO says it has 60 customers in 40 countries, all of them intelligence agencies, law enforcement bodies and militaries. It says in recent years, before the media reports, it blocked its software from five governmental agencies, including two in the past year, after finding evidence of misuse. The Washington Post reported the clients suspended include Saudi Arabia, Dubai in the United Arab Emirates and some public agencies in Mexico. The company says it only sells its spyware to countries for the purpose of fighting terrorism and crime, but the recent reports claim NSO dealt with countries known to engage in surveillance of their citizens and that dozens of smartphones were found to be infected with its spyware.

Okay, if the headline is on the beam, then NSO Group, maybe some unnamed Israeli government agencies like the unit issuing export licenses for NSO Group-type software, and possibly some “trusted” third parties are going to prowl through the data about the usage of Pegasus by entities. Some of these agencies may be quite secretive. Imagine the meetings going on in which those in these secret agencies. What will the top dogs in these secret outfits about the risks of having NSO Group’s data sifted, filtered, and processed by Fancy Dan analytics’ systems tell their bosses? Yeah, that will test the efficacy of advanced degrees, political acumen, and possible fear.

And what’s NSO Group’s position. The information does not come from an NSO Group professional who does not talk to the media but sort of does. Here’s the word from the NSO Group’s lawyer:

Shmuel Sunray, who serves as general counsel to NSO Group, said the intense scrutiny facing the company was unfair considering its own vetting efforts.

“What we are doing is, what I think today is, the best standard that can be done,” Sunray told NPR. “We’re on the one hand, I think, the world leaders in our human rights compliance, and the other hand we’re the poster child of human rights abuse.”

I like this. We have the notion of NSO Group doing what it can do to the “best standard.” How many times has this situation faced an outfit in the intelware game, based in Herliya, and under the scrutiny of an Israeli agency which says yes or no to an export license for a Pegasus type system. Is this a new situation? Might be. If true, what NSO Group does will define the trajectory of intelware going forward, won’t it?

Next, I like the “world leaders” and “Human rights compliance.” This line creates opportunities for some what I would call Comedy Central comments. I will refrain and just ask you to consider the phrase in the context of the core functions and instrumentality of intelware. (If you want to talk in detail, write benkent2020 at yahoo dot com and one of my team will get back to you with terms and fees. If not, I am retired, so I don’t care.)

Exciting stuff and the NSO Group ice cream melt is getting stickier by the day. And in Herzliya, the temperature is 29 C. “C” is the grade I would assign to this  allegedly accurate statement from the article that NSO Group does not talk to the media. Get that story straight is my advice.

And, gentle NPR news professional, why not ask the lawyer about log file retention and access to data in Pegasus by an NSO system administrator?

Stephen E Arnold, July 30, 2021

Is a New Wave of Disintermediation Gaining Momentum

July 9, 2021

Hacker News pointed to “We Replaced Rental Brokers with Software and Filled 200+ Vacant Apartments.” That real estate write up provides a good case example for using software to chop out the useless humanoids. Sound like an Amazon thing? I think so. Corporate special librarians were among the first to be allowed to find their future elsewhere. Other professions are finding ways to de-humanoid their business processes. How does that Ford Bronco get painted? Not by people with spray guns. Those made-for-TV car shows use humans. Real car makers don’t unless there is some compelling reason.

Now a start up is going to try and de-people Amazon AWS development and programming. Amazon is trying to train people to think Amazon for new t shirts and super duper online cloud services. But the company’s efforts are mostly free education plays and zippy presentations at Amazon-sponsored events.

The disintermediation of the Amazon developer is now a start up’s goal. says:

Digger automatically generates infrastructure for your code in your cloud account. So you can build on AWS without having to learn it.

Disenchanted with the Lyft and Uber thing? Tired of collecting unemployment? Bored with your lawyering gig? Now you can become an entrepreneur:

Deploy anything. Containers, Serverless Lambda functions, webapps, databases, queues, load balancers, autoscaling – Digger supports it all.

If is successful, the certified Amazon professional may be looking for a new career. COBOL programmer maybe?

Stephen E Arnold, July 9, 2021

Amusing Confusing Wizards

July 7, 2021

More from the Redmond wizards’ humor generating machines.

Microsoft has found a way to deflect attention from yet another security issue. Do you print over the Internet? “Microsoft Acknowledges PrintNightmare Remote Code Execution Vulnerability Affecting Windows Pint Spooler Service” says:

IT Admins are also invited to disable the Print Spooler service via Powershell commands, though this will disable the ability to print both locally and remotely. Another workaround is to disable inbound remote printing through Group Policy, which will block the remote attack vector while allowing local printing.

So what distracts one from a print nightmare? That’s easy. Just try to figure out if your PC can run Windows 11? TPM, you say? Intel what?

PrintNightmare aptly characterizes Microsoft’s organizational acumen perhaps?

Stephen E Arnold, July 7, 2021

Next Page »

  • Archives

  • Recent Posts

  • Meta