Computer Security Procedures: Carelessness, Indifference, Poor Management or a Trifecta?

September 27, 2022

$35M Fine for Morgan Stanley after Unencrypted, Unwiped Hard Drives Are Auctioned”  raises an interesting question about security in an important company. The write up asserts:

The SEC action said that the improper disposal of thousands of hard drives starting in 2016 was part of an “extensive failure” over a five-year period to safeguard customers’ data as required by federal regulations. The agency said that the failures also included the improper disposal of hard drives and backup tapes when decommissioning servers in local branches. In all, the SEC said data for 15 million customers was exposed.

Morgan Stanley. Outstanding. If the story is accurate, the auctioning of the drives fits with the parsimonious nature of banks in my experience. Banks like to accept money; banks do not like to output money. Therefore, selling old stuff is a matter of removing the detritus, notifying the person charged with moving surplus to a vendor, and cashing the check for the end of life, zero life clutter. Standard operating procedure? Probably. Does senior management know about hardware security for old gear? My hunch is that most senior managers know about [a] cross selling, [b] sparking deals, [c] getting on a talking head financial news show, and [d] getting the biggest bonus possible. Security is well down my hypothetical list.

Net net: Security is easy to talk about. Security requires management know how and attention to business processes, not just deals and bonus payments.

Stephen E Arnold, September 27, 2022

The UK and EU Demonstrate an Inability to Be Googley

September 15, 2022

In the grand scheme of operating a revolving door, the Google is probably going to adjudicate and apologize / explain. I call this “explagize,” an art form perfected at the GOOG. But what’s a revolving door? Visualize a busy pre-Covid building in midtown Manhattan. To enter, one pushes a panel of glass and the force spins a wagon wheel of similar doors. Now imagine that one pays every time one goes around. That’s how the Google online ad business works? Banner adds, pay. Pay to play, pay. Pay for AdWords, caching. Want analytics about those ads? Pay. The conceptual revolving door, however, does not allow the humanoid to escape either without fear of missing out on a sale or allowing a competitor to get clicks and leads and sales.

The BBC article “Google Faces €25bn Legal Action in UK and the EU” states:

The European Commission and its UK equivalent are investigating whether Google’s dominance in the ad tech business gives it an unfair advantage over rivals and advertisers.

This is old news, right? What’s different is this statement:

Damien Geradin, of the Belgian law firm Geradin Partners – which is involved in the Dutch case – said, “Publishers, including local and national news media, who play a vital role in our society, have long been harmed by Google’s anti-competitive conduct. “It is time that Google owns up to its responsibilities and pays back the damages it has caused to this important industry. “That is why today we are announcing these actions across two jurisdictions to obtain compensation for EU and UK publishers.”

Do you think “pay back” means a painful procedure capped with a big number fine? I do.

What’s not being considered, in my opinion, are these factors:

  • The barristers, avocets, and legal eagles trying to wrest big bucks from Googzilla are unlikely to find the alleged monopolist eager to retain their firms’ services or look favorably on hiring the progeny of these high fliers
  • Will the UK and EU spark counter measures; for example, prices may rise and some ad services not offered to outfits in the UK and EU?
  • Will the UK and EU grasp the fact that ad options may not be able to fill any gap or service pull out from the Google?
  • The high value data which Google allegedly has and under some circumstances makes available to government authorities may go missing because Google either suffered a machine failure or curtailed investment in infrastructure so that the data are disappeared.

More than money? Yep. Consequences after decades of hand waving and chicken salad fines may cause some governments to realize that their power, influence, and degrees of freedom are constrained by a certain firm’s walled garden.

The money for the fine? Too little and too late as I try to make sense of the situation. The spinning revolving door can be difficult to escape and trying may cause dizziness, injury, or company death. Yikes.

Stephen E Arnold, September 15, 2022

Tech Torture: Email Clients

September 13, 2022

I read an amusing article called “A Microsoft User Raged against Outlook. Microsoft Lovers Fought Back.” The main idea for the article is that new go to source for real news — TikTok. The video in question presents one user of Microsoft’s Outlook email client. I vaguely recall using Outlook which would self destruct when a file exceeded the software’s mental capacity. Abandon ship! Yep, no more Outlook.

Here’s the article’s killer sentence for me:

The most poignant — and surely important — commentary came with these simple words: “Google is no better. I don’t know why none of them can work after this many years.”

The author of the write up asks an interesting question:

Could it be, in fact, that there’s a desperate need for a radical rethinking of our simplest, most important enterprise software, so that we can’t be twisting toward the Department of Doolally on a daily basis?

Why is some modern software almost impossible to use? I sat down this morning (September 11, 2022) and jotted down some reasons. You may not find my musing helpful, but — hey — that’s okay. IDC which is dinobaby speak for “I don’t care.” Here goes:

  1. As staff turnover, quiet quits, whatever, the replacements have to justify their “value” by changing one of more things.
  2. Mobile software development people have little or no appreciation for the value of interfaces which do not state change, respond to arbitrary gestures, or use incomprehensible icons rarely seen in the history of man, including cuneiform writing.
  3. Teams which really don’t care much about a product because the big bonuses come from the hot new thing keenly desired by management. As a result, spectacularly inept and just plain stupid ideas are implemented. The managers don’t use the product. The team members don’t use the product. The software developers don’t use the product or care much about managers or team members.
  4. Regression to the norm. Over time smart companies become stupid. Examples range from anti union actions in order to keep employees who believe that no one cares about them to a company yapping about racial diversity terminating a high profile minority female.

Why do people care about email clients? Maybe these individuals cannot function without digital crutches. My reaction to those who love or hate a piece of software: “Oh, poor baby.”

Stephen E Arnold, September 13, 2022

Facebook: A Tipping Point and Meta Math

September 2, 2022

I am not going to recycle the financial analysts’ reports about Facebook revenue and “profit.” Nor will I comment on Apple’s decapitation of certain Facebook money spinning. Instead I want to suggest that my research team and I have formulated the notion that Facebook is approaching or at its tipping point.

The evidence to support this fanciful idea is sparse, just two data points. After all, how quickly can a multi billion dollar dorm room dating app disappear when grandmas and grandpas use it to keep in touch with their middle aged “kids.” (Note that grandmas call their female friends “girls.” Amusing indeed.)

Let’s look at the two items of data, quickly of course because this is a free collection of blog posts without advertising or sponsorship. That’s not something one can say about other creators’ outputs.

First, navigate to this story: “Why is Instagram Dying? We Asked 100 Gen Z Users to Compare TikTok vs. Reels.” The write up reveals the results of semi Gen X/Millennial survey. It is pointless to comment about sample size, sample selection, and methodology. Let’s just look at a single finding from the report assuming the modern day math is sort of accurate.

image

The key bar indicates (without numbers, for sure) that TikTok has better algorithms. The finding, which I assume to be like other Internet-centric content, super accurate. Facebook is not doing numerical recipes in a tasty way.

But Facebook’s switchblade drone move is the chatter about charging users for access to what was a “free” service. As Jack Benny used to say, “Yipe.” “Meta’s Plans to Charge for Facebook and Instagram Could Be the Final Nail in Their Coffins” states:

With Instagram’s currently experiencing a low point due to some unwelcome features, offering a paid option could be the last straw for many, and cause them to move to other social platforms.

What’s the second factor? I have pointed out that the estimable Zuckster is happy to chatter away with a sticker sales professional. However, “Zuckerberg Targeted by House GOP Eager to Probe Hunter Biden” suggests that the Zuckster will have an opportunity to use his famous line “Congressperson, that you for that question. I am sorry I don’t have knowledge of the information. I will send the data you request to your office.” Will the elected officials welcome with enthusiasm an explanation from the highly regarded former liberal democrat leader from the UK to explain how alleged messages from an investigative body were understood by those really social Facebook, WhatsApp, and Instagram professionals? Dulcet tones may not be what the Congressional representatives want to hear, but who knows? Maybe the British politician can handle the annoying questioners from the Colony.

Will one and one equal three? One is TikTok and two is the opportunity to answer questions about a slippery political topic. My hunch is that the added value to reach three (a truly wonderful prime) is the ad revenue. If this tipping point is reached the one plus one may resolve to mysterious negative sum.

Worth watching. The Zuck is entertaining to observe from my vantage point in rural Kentucky. It will be instructive to watch how the math resolves at the Meta tipping point. The one plus one could result in a new magic number called the zuckup. One plus one equals a zuckup. I am not sure it will find much favor in some cohorts, particularly among TikTok users.

Stephen E Arnold, September 2, 2022

Figure This Rights Issue Out? Too Confusing for Me

July 28, 2022

I spotted a post at this Reddit location. I want to believe everything I read on the Internet because the information superhighway is so darned safe, well marked, and a clean, well lighted place. (Thanks, Mr. Hemingway.)

The post about which my attention wobbled is from an entity/persona named Simon Longbottom. The individual says:

I work at Adobe Stock Premium and it has come to my attention that Picrights is using this photo image and we have no record of their license to use this picture.

The picture is referenced in the Reddit post.

Simon says:

I am authorizing everyone reading this to act as an agent of Adobe Stock Premium to get fair compensation for their infringement. You should all be familiar with how to request this payment. I suggest sending them an email demand letter telling them to to take down the photo immediately and pay our standard licensing fee of $1786 for this image to settle our claim. My boss says that you can keep 85% of everything you get from this terrible company that has committed such terrible infraction. They need to learn a real lesson – please help me teach it to them.

Picrights is a professional services firm which collects use fees for rights holders. I am not too familiar with the outfit, and I don’t know if Simon works for Adobe.

The question is, “What’s going on in this post?”

The matter is complicated by the inclusion in the thread of emails for professionals working at Picrights. Those emails might be used by bad actors I suppose.

I like to think of Reddit personas and outfits which walk close to possibly improper behavior as outliers. My assumption may be incorrect.

In my upcoming lecture for a Federal law enforcement group, I am going to comment about what I call “soft fraud.” This single Reddit post raises some interesting questions, and there seems to be little recourse for those caught in a Web of digital fluffery. Reddit seems unwilling or unable to clear up the “entity” issue. The references to Adobe are in need of verification. There may be the ancillary question about the Picrights’ activities.

Perhaps a better question is, “Does anyone care?” Reddit? Adobe? Simon? Picrights? Anyone?

Stephen E Arnold, July 28, 2022

Meta: Trying Not to Zuck Up

July 20, 2022

Meta is the umbrella company for Facebook and Instagram. The company created the Oversight board to monitor appeals for content moderation on the platforms. The BBC examines the Meta and the banned content in: “Meta Board Hears Over A Million Appeals Over Removed Posts.” The majority of the disputed posts were from Canada, Europe, and the United States. They contained violent, hate speech, or bullying content.

The Oversight Board published twenty cases of appealed content and ruled against Meta in fourteen of them. Some of the cases were: photos of female breasts in a breast cancer post, a photo of a dead child with text about whether it was right to retaliate against China for how it treats Uighur Muslims, and the decision to ban Donald Trump after the January 6 rots. The board overturned banning the breast and dead child images, but supported the Trump decision.

The Oversight Board was originally going to review 130 cases, but Meta agreed that it was wrong removing content on fifty-one of them.

“Board director Thomas Hughes said it looked for “emblematic” cases with “problematic elements” to take on. He added that the categories of hate speech, violence and bullying were “difficult-to-judge issues” – especially for automated systems. ‘Also in many of those cases, context is extremely important,’ he said.”

The Oversight Board released its first annual report covering October 2020-December 2121. Anyone can appeal a decision about removed content. During the first period, 1.1 million cases were received, 2,600 cases are reported a day, and 47 of them came to the board. Most of the complaints came from western countries. Ninety-four percent of the requests were to restore content mostly a user’s posts.

The Oversight Board is compared to a supreme court for Meta and Mark Zuckerberg formed it. Meta pays for its costs, but it operates separately. Its members include human rights activists, lawyers, academics, and journalists. During the appeals session, the board made 86 more recommendations, including translating policies into more languages and being more specific about what constitutes hate speech.

Whitney Grace, July 20, 2022

Microsoft and the Next Fix Problem

July 11, 2022

I spotted a now routine story about a bug in Microsoft’s software. The story “Windows 11’s ‘Resolved’ Outlook Search Bug Resurfaces: When’s the Next Fix?” reveals a key insight into the software giant’s technical method.

I noted this statement in the article about an issue with search functionality in the Outlook email program, one of the original landscape apps which are pretty much orthogonal to the mobile phone’s display:

When doing a search in Outlook on Windows 11 PCs, the email program sometimes fails to provide results relevant to recent messages…

Yep, search. Microsoft. Not working.

But the important facet of the story appears in the story headline; specifically, “When’s the next fix?”

The Microsoft softies have experienced many issues with search and retrieval. Unlike Elizabeth Barrett Browning, I shall not count the ways. However, I will point out that there is now a fatalism about Microsoft. Stuff goes wrong. Microsoft attempts to fix the problem. Then the problem comes back

Whether it is the outstanding security systems or the brilliance of Word’s fascinating approach to automatic numbering, fixes beget more fixes.

So here we are: Unfixable code, persistent issues, and a giant theme park of opportunities for people to make bad decisions, waste time, and hunt for security flaws.

Yep, next fix. Working11ood. Which time is the charm? Third, fourth, nth? Is there a macro for excellence? Wait, let’s roll that macro thing back.

Stephen E Arnold, July 11, 2022

Xoogler Demonstrates Historical Revisionism

July 4, 2022

How did Google’s famous “solving death” project get funded? What about the “put wood behind” social networking initiative? What about those X moon shots?

The answers to these and other Google mysteries allegedly appear in “Former Google CEO Describes Brutal Review Process for New Projects.” The write up reveals:

Schmidt always stated Google took a bottom-up approach to managing the 20% project. Meaning it was a collaborative effort in deciding what steps to take with new product ideas. However, Schmidt says at Collision that company leaders were more involved than previously stated. It wasn’t a team decision that allowed projects to advance to the next level. The decision was determined through a “brutal” review process from management.

The questions asked, according to the article, were:

Are these ideas good enough?
Can we fund them?
Are they going to work?
Are they going to scale?
Are they legal?

One question I thought would be included was, “Is it possible to solve death?”

Obviously I am not officially Googley, but, take it from me, that is okay. Tony Bennett crooning in the cafeteria was sufficient for me. I also liked entering a building on Surfside because the door was propped open so those washing cars could traipse in and out without those silly key cards.

But death?

The write up includes this quote from the former leader of the online ad outfit:

To build a systemic innovation culture, which is what I think we’re talking about here, you need to have both bottoms up and tops down.

That’s logical. And logic rules at Google, right? Oh, I forgot to ask, “Is it possible arrogance plays a small part?”

Stephen E Arnold, July 4, 2022

Swedish Radio Tunes In to the Zuckbook Baloney

June 30, 2022

Sveriges Radio AB or Swedish Radio is a combo of the US National Public Radio and a “real” newspaper. In general, this approach to information is not the core competency of the Meat (sorry, Meta) Zuckbook thing. An interesting case example of the difference between Sveriges Radio and the estimable Silicon Valley super company is described in “Swedish Radio Created Fake Pharmacy – Reveals How Facebook Stored Sensitive Information.”

The main idea is that the Sveriges team did not listen to much disco or rap. Instead the canny outfit set up a honey pot in the form of a fake pharmacy. Then Sveriges analyzed what Facebook said it did with health-related information versus what the the Zuckster actually did.

Guess how that turned out? The write up explains:

After four days, 25 000 fake visits from customers had been registered with Facebook. But they had neither shut down nor warned the owners of the made-up pharmacy – Swedish Radio News’ reporters. When the reporters log into their account, they see that Facebook has stored the type of sensitive information that they say their filter is built to delete again and again. The question that the reporters then asked themselves was whether or not Facebook even has a filter that works in the Swedish language. One of the pharmacies that Swedish Radio reported on say that they cannot find any warnings from Facebook on data transfers that have taken place. The other has not wanted to answer the question. According to state investigators in the USA last year, Facebook only filtered in English.

Interesting? Yes, for three reasons:

  1. The radio outfit appears to have caught the Zuckers in a bit of a logical problem: Yes, there are filters? No, we just do marketing speak.
  2. Dismissing the method used to snap a mouse trap on Zuck’s big toe is probably a mistake. The “I’ll get back to you, Senator” works in the lobby-rich US. In Sweden, probably the method will swim like a plate of Surströmming.
  3. “Real” news — at least in Sweden — still has value. Perhaps some of the US “real” news people will give the approach a spin without the social justice and political sheen.

Net net: Will Facebook change its deep swimming in the information ocean? Has the Atlantic herring changed in the last two decades?

Stephen E Arnold, June 30, 2022

NSO Group: Is This a Baller Play to Regain Its PR Initiative or a Fumble?

June 15, 2022

Secrecy and confidentiality are often positive characteristics in certain specialized software endeavors. One might assume that firms engaged in providing technology, engineering support, and consulting services would operate with a low profile. I like to think of my first meeting with Admiral Craig Hosmer. We each arrived at the DC Army Navy Club at 2 30 pm Eastern time. The Admiral told me where to sit. He joined me about 15 minutes later. The Club was virtually empty; the room was small but comfortable; and the one staff member was behind the bar doing what bartenders do: Polishing glasses.

Looking back on that meeting in 1974, I am quite certain no one knew I was meeting the Admiral. I have no idea where the Admiral entered the building nor did I see who drove him to the 17th Street NW location. My thought is that this type of set up for a meeting was what I would call “low profile.”

US Defence Contractor in Talks to Take Over NSO Group’s Hacking Technology” illustrates what happens when the type of every day precautions Admiral Hosmer took are ignored. A British newspaper reports:

The US defence contractor L3Harris is in talks to take over NSO Group’s surveillance technology, in a possible deal that would give an American company control over one of the world’s most sophisticated and controversial hacking tools. Multiple sources confirmed that discussions were centered on a sale of the Israeli company’s core technology – or code – as well as a possible transfer of NSO personnel to L3Harris.

Okay, so much for low profiling this type of deal.

I am not sure what “multiple sources” mean. If someone were writing about my meeting the Admiral, the only sources of information would have been me, the Admiral’s technical aide (a nuclear scientist from Argonne National Laboratory), and probably the bartender who did not approach the area in which the former chair of the Joint Committee on Atomic Energy were sitting.

But what have we got?

  1. A major newspaper’s story about a company which has made specialized services as familiar as TikTok
  2. Multiple sources of information. What? Who is talking? Why?
  3. A White House “official” making a comment. Who? Why? To whom?
  4. A reference to a specialized news service called “Intelligence Online”. What was the source of this outfit’s information? Is that source high value? Why is a news service plunging into frog killing hot water?
  5. Ramblings about the need to involve government officials in at least two countries. Who are the “officials”? Why are these people identified without specifics?
  6. References to human rights advocates. Which advocates? Why?

Gentle reader, I am a dinobaby who was once a consultant to the company which made this term popular. Perhaps a return to the good old days of low-profiling certain activities is appropriate?

One thing is certain: Not even Google’s 10-thumb approach to information about its allegedly smart software can top this NSO Group PR milestone.

Stephen E Arnold, June 15, 2022

Next Page »

  • Archives

  • Recent Posts

  • Meta