The Confluence: Big Tech, Lobbyists, and the US Government
March 13, 2023
I read “Biden Admin’s Cloud Security Problem: It Could Take Down the Internet Like a Stack of Dominos.” I was thinking that the take down might be more like the collapses of outfits like Silicon Valley Bank.
I noted this statement about the US government, which is
embarking on the nation’s first comprehensive plan to regulate the security practices of cloud providers like Amazon, Microsoft, Google and Oracle, whose servers provide data storage and computing power for customers ranging from mom-and-pop businesses to the Pentagon and CIA.
Several observations:
- Lobbyists have worked to make it easy for cloud providers and big technology companies to generate revenue is an unregulated environment.
- Government officials have responded with inaction and spins through the revolving door. A regulator or elected official today becomes tomorrow’s technology decision maker and then back again.
- The companies themselves have figured out how to use their money and armies of attorneys to do what is best for the companies paying them.
What’s the consequence? Wonderful wordsmithing is one consequence. The problem is that now there are Mauna Loas burbling in different places.
Three of them are evident: The fragility of Silicon Valley approach to innovation. That’s reactive and imitative at this time. The second issue is the complexity of the three body problem resulting from lobbyists, government methods, and monopolistic behaviors. Commercial enterprises have become familiar with the practice of putting their thumbs on the scale. Who will notice?
What will happen? The possible answers are not comforting. Waving a magic wand and changing what are now institutional behaviors established over decades of handcrafting will be difficult.
I touch on a few of the consequences in an upcoming lecture for the attendees at the 2023 National Cyber Crime Conference.
Stephen E Arnold, March 13, 2023
Clearing the Clouds in the EU
January 5, 2023
For many companies, computing in the cloud so someone else can worry about all that infrastructure seems like a no-brainer. But there is one big problem. The cloud services market is dominated by just three players: Amazon, Google, and Microsoft. The Next Web argues that “Dependence on Cloud’s ‘Big Three’ Is Hurting EU Startup Growth—It’s Time for a New Approach.” Writer Marris Adikwu informs us tech firms in Europe are suffering losses, cutting payroll, and struggling to attract investors. Several related factors contribute to the problem, like the war in Ukraine, the energy crisis, and rising inflation. However, Adikwu asserts, a lack of cloudy competition also plays a role. Yep, it is time to gear up for more pressure on some high profile tech giants. We are told:
“While founders are reviewing budgets up and down looking to trim as much as possible in order to stay afloat, one major spend has been left largely untouched: cloud services. While the shift to the cloud was intended to reduce computing costs, many companies that have adopted these services are facing a surge in spending. Contract lock-ins and egress fees are making it impossible to leave. In fact, some argue that the cloud could be costing many businesses more than it’s actually saving.”
Yes, one must pay to leave but often not to enter. That can make the contract seem like a great deal at first. But once a cloud service is holding a firm’s data, the company is stuck if it cannot afford the fees to move it out. Held hostage are little items like office software, payroll systems, and customer websites. We learn:
“Currently, AWS charges between $0.08 to $0.12 per GB in egress fees, meanwhile Google Cloud and Microsoft Azure charge $0.08 and $0.05 per GB respectively for inter-continental data transfers from North America to Europe. According to Yann Lechelle, CEO of EU-based cloud provider Scaleway, startups often accept six-figure cloud credits from AWS, GCP, and Azure and take on products and services that they don’t always need, because they seem free.”
EU regulators address the issue in the European Data Act, but that legislation is still under discussion and, some feel, does not go far enough to protect against unfair contractual terms anyway. Adikwu recommends startups protect themselves by carefully considering their needs, spreading services across multiple cloud vendors, seeking out reserved instances and other discounts, and tapping into cost-saving technology. See the write-up for more details on these suggestions.
Cynthia Murrell, January 5, 2023
The Cloud and Points of Failure: Really?
September 13, 2022
A professional affiliated with Syntropy points out one of my “laws” of online; namely, that centralization is inevitable. What’s interesting about “The Internet is Now So Centralized That One Company Can Break It” is that it does not explain much about Syntropy. In my opinion, there is zero information about the c9ompany. The firm’s Web site explains:
Unlocking the power of the world’s scientific data requires more than a new tool or method – it requires a catalyst for change and collaboration across industries.
The Web site continues:
We are committed to inspiring others around our vision — a world in which the immense power of a single source of truth in biomedical data propels us towards discoveries, breakthroughs and cures faster than ever before.
The company is apparently involved with Merck KGaA, which as I recall from my Pharmaceutical News Index days, is not too keen on sharing its intellectual property, trial data, or staff biographies. Also, the company has some (maybe organic, maybe more diaphanous) connection with Palantir Technologies. Palantir, an interesting search and retrieval company morphing into search based applications and consulting, is a fairly secretive outfit despite its being a publicly traded company. (The firm’s string of quarterly disappointments and its share price send a signal to some astute observers I think.)
But what’s in the article by individual identified at the foot of the essay as Domas Povilauskas, the top dog at Syntropy. Note that the byline for the article is Benzinga Contributor which is not particularly helpful.
Hmmm. What’s up?
The write up recycles the online leads to centralization notion. Okay. But centralization is a general feature of online information, and that’s not a particularly new idea either.
The author continues:
The problem with the modern Internet is that it is essentially a set of private networks run by individual internet service providers. Each has a network, and most connections occur between these networks…. Networks are only managed locally. Routing decisions are made locally by the providers via the BGP protocol. There’s no shared knowledge, and nobody controls the entire route of the connection. Using these public ISPs is like using public transport. You have no control over where it goes. Providers own the cables and everything else. In this system, there are no incentives for ISPs to provide a good service.
The set up of ISPs strikes me as a mix of centralization and whatever works. My working classification of ISPs and providers has three categories: Constrained services (Amazon-type outfits), Boundary Operators (the TOR relay type outfits), and Unconstrained ISPs and providers (CyberBunker-type organizations). My view is that this is the opposite of centralization. In each category there are big and small outfits, but 90 percent of the action follows Arnold’s Law of Centralization. What’s interesting is that in each category — for instance, boundary operators — the centralization repeats just on a smaller scale. AccessNow runs a conference. At this conference are many operators unknown by the general online user.
The author of the article says:
The only way to get a more reliable service is to pay ISPs a lot for high-speed private connections. That’s the only way big tech companies like Amazon run their data centers. But the biggest irony is that there is enough infrastructure to handle much more growth. 70% of Internet infrastructure isn’t utilized because nobody knows about these routes, and ISPs don’t have an excellent solution to monetize them on demand. They prefer to work based on fixed, predetermined contracts, which take a lot of time to negotiate and sign.
I think this is partially correct. As soon as one shifts from focusing on what appear to be legitimate online activities to more questionable and possibly illegal activities, evidence of persistent online services which are difficult for law enforcement to take down thrive. CyberBunker generated millions and required more than two years to knock offline and reign in the owners. There is more dimensionality in the ISP/provider sector than the author of the essay considers.
The knock-offline idea sounds good. One can point to the outages and the pain caused by Microsoft Azure/Microsoft Cloud, Google Cloud, Amazon, and others as points of weakness with as many vulnerabilities as a five-legged Achilles would have.
The reality is that the generalizations about centralization sound good, seem logical, and appear to follow the Arnold Law that says online services tend to centralization. Unfortunately new technologies exist which make it possible for more subtle approaches to put services online.
Plus, I am not sure how a company focused on a biomedical single source of truth fits into what is an emerging and diverse ecosystem of ISPs and service providers.
Stephen E Arnold, September 13, 2022
ISPs and Network Providers: The Big Warming
September 5, 2022
On September 14, 2022, I will be sharing some of my team’s research about ISPs and network providers. Coincidentally, the “open” information services are providing interesting — but as yet not yet rock solid information — about the ISP and network provider world. In a sense, figuring out what ISPs and network providers are doing is like looking at distant star data in the Webb space telescope data stream. There is information flowing, but making those data speak clearly is not an easy job.
I read “I Ran the Worlds Largest DDOS for Hire Empire and CloudFlare Helped.” The write up struck me as quite interesting. I circled this pass as interesting but not backed up with footnotes or cheerful hyperlinks:
As the infrastructure provider for over 20% of all www traffic traversing the internet today, CloudFlare is in a position to enforce it’s beliefs on a global scale. Most of the time this isn’t a problem, lots of nefarious websites try to take advantage of the services CloudFlare offers and are rightfully kicked off. The problems arise in a small category of websites that blur the line.
The “blur” seems to say to me: Hey, we are big and well known, and maybe some bad actors use our service.”
Here’s another sentence which may catch the attention of legal eagles:
As someone who has previously justified their actions by saying “I am not directly causing harm, the responsibility flows downstream to my end users” I can tell you it is a shaky defense at best. The situation would be different if CloudFlare was unaware of the booter websites they are offering protection to, but that is not the case. CloudFlare knows who they are protecting and chooses to continue doing so, being fully cognizant of the end result their actions will have. Let’s talk about that end result because the hypocrisy of it all stings like a slap in the face as I type this. CloudFlare is responsible for keeping booter websites online and operating, the very same websites who’s sole purpose is to fuel CloudFlare’s very own business model, selling DDoS protection.
I am no lawyer and I certainly don’t understand anything other than my dinobaby world. However, it seems as if a big company is allegedly in a position to do more to protect truth, justice, and the American way than it may be doing. Oh, the American way means operating without meaningful oversight, regulation, and the invisible ethical hand that makes stakeholders quiver with glee.
Worth watching what other ISP and network provider examples emerge as the real journalists reach their coffee shops and begin working this subject.
Stephen E Arnold, September 5, 2022
Is Google Drive — Gulp — a Hacking Tool for Bad Actors?
August 17, 2022
Russia is a near-impregnable force when it comes to hacking. Vladimir Putin’s home base is potentially responsible for influencing many events in the United States, including helping Donald Trump win his first presidential election. Russia neither confirms nor denies the roles hackers play in its and global politics. Unfortunately, Cyber Scoop shares how a common Google tool has been purloined by hackers: “Russian Hacking Unit Cozy Bears Adds Google Drive To Its Arsenal, Researchers Say.”
In what is one of the simplest ways to deliver malware, Russian hackers from the state-funded unit Cozy Bear are using Dropbox and Google Drive. Did you read that? Russian hackers are using legitimate cloud storage services, including one from one of the biggest tech giants, to deliver malware. Palo Alto Networks’ Unit 42 researchers are confounded by the delivery process, because it is hard to detect:
“This is a new tactic for this actor and one that proves challenging to detect due to the ubiquitous nature of these services and the fact that they are trusted by millions of customers worldwide,” the researchers said. “When the use of trusted services is combined with encryption, as we see here, it becomes extremely difficult for organizations to detect malicious activity in connection with the campaign.”
Russian hackers and other black hat people have used cloud storage services to deliver malware before, but using Google Drive is a new tactic. Google is a globally trusted brand that makes more people vulnerable to malware. When people see Google, they automatically trust it, so potential victims could unknowingly download malware.
Dropbox is deleting any accounts that are exploiting their services for hacking. The good news is cloud storage services want to protect users, but the bad news is they are not acting fast enough.
Whitney Grace, August 17, 2022
Is the New Era of Timesharing Winding Down?
August 11, 2022
What kind of question is that? Stupid for sure. The cloud is infinite. The earnings bright spots for Amazon, Google, and Microsoft are cloud revenue and services. Google wants to amp up its cloud because sitting in third place behind the dorky outfits Amazon and Microsoft is not part of the high school science club’s master plan. And Microsoft cannot cope with Amazon AWS. Accordingly Microsoft is chasing start ups in order to be in the front of the ChocoTaco line for the next big thing. And Amazon. Fancy moves like killing long-provided services like backup, making changes that will cause recoding of some applications, and thinking about ways to increase revenue from Fancy Dan billing thresholds.
The cloud is the big thing.
If the information in “Why AI and Machine Learning Are Drifting Away from the Cloud” is on the money, one of those odd ball Hegelian things may be gaining momentum. The reference is to the much loved and pretty obvious theory that sine waves operated in the biological world. I am referring to the old chestnut test question about thesis, antithesis, and synthesis. Stated another way: First there was a big computer. Then there was timesharing. Then there was the personal computer. Then there was client server. That begot the new version of the cloud. The future? Back to company-owned and controlled computers. Hegelian stuff, right?
The article presents this idea:
Cloud computing isn’t going anywhere, but some companies are shifting their machine learning data and models to their own machines they manage in-house. Adopters are spending less money and getting better performance.
Let’s follow this idea. If smart software becomes the next big thing as opposed to feeding people, the big clouds will face customer defection and maybe pushback about pricing, lock in, and restrictions on what can and cannot be done on the services. (Yep, some phishing outfits use the cloud to bedevil email users. Yes, some durable Dark Web sites host some of their data on big cloud services. Yep, some cloud services have “inspection” tools to prevent misuse which may not be as performant as the confections presented in marketing collateral.)
With more AI, perhaps there will be less cloud. Then what?
The write up points out:
Companies shifting compute and data to their own physical servers located inside owned or leased co-located data centers tend to be on the cutting edge of AI or deep-learning use, Robinson [vice president of strategic partnerships and corporate development at MLOps platform company Domino Data Lab] said. “[They] are now saying, ‘Maybe I need to have a strategy where I can burst to the cloud for appropriate stuff. I can do, maybe, some initial research, but I can also attach an on-prem workload.”
Hegel? What’s he got to do with this rethinking of the cloud, today’s version of good old timesharing? Probably nothing. The sine wave theories are silly. Ask any Econ 101 or Poli Sci 101 student. And who does not enjoy surprise charges for cloud computing services which are tough to see through? I know I do.
Stephen E Arnold, August 11, 2022
Oracle: Marketing Experience or MX = Zero?
August 10, 2022
How does one solve the problem MX = 0? One way is to set M to zero and X to zero and bingo! You have zero. If the information in the super select, restricted, juicy article called “Oracle Insiders Describe the Complete Chaos from Layoffs and Restructuring While Employees Brace for More” is accurate, the financially lucrative Oracle database system is unhappy with the firm’s marketing. Not just the snappy PowerPoint decks or the obedient database administrator documentation. Nope. Everything is apparently a bit of indigestion.
The write up which is as I have mentioned is super selected, restricted, and juicy is a bit jumbled. Nevertheless, I noted several observations I found interesting. Let me summarize the 1,100 word report this way: Lots of people from marketing and customer experience (whatever that is) have been fired. Okay. Now let’s look at the comments that struck me as significant. Keep in mind that I love Oracle. Yep, clients just pay those who can make the sleek, efficient, tightly integrated components hum like an electric motor on a fully functioning Ford F 150 Lightning. Here we go. (My comments appear in italics after each bullet.)
- “The common verb to describe ACX is that they were obliterated,” said a person who works at Oracle. (I quite liked the use of the word “obliterated.” Was Oracle using a Predator launched flying ginsu management bomb or just an email or maybe a Zoom call?)
- “There’s no marketing anymore…” (My question is, “Was there ever any marketing at Oracle?” Bombast, yes. Rah rah conferences. Jet flights after curfew at the San Jose airport. But marketing? In my opinion, no.)
- “There’s a sense among many at Oracle of impending doom…” (Yep, upbeat stuff.)
- “We’ve been kind of working like zombies the last couple of weeks because there’s just this sense of ‘What am I doing here?” (The outfit on the former Sea World exit excels at management. Well, maybe it doesn’t? How does the Oracle hit above its weight? That’s a good question. Let’s ask Cerner about the electronic medical record business and its seamless functioning with the Oracle database, shall I? No I shall not.)
- “…Oracle’s code base is so complicated that it can take years before engineers are fully up to speed with how everything works, and workers with over a decade of experience were cut…” (Ah, ha, Oracle is weeding out the dinobabies. Useless deadwood. A 20 something engineer can figure out where an entire database is hiding.)
Net net: I hate to suggest this, but perhaps some database types think using AWS, the GOOG, or the super secure MSFT data management systems is better, faster, and cheaper. Pick two.
Stephen E Arnold, August 10, 2022
Cloud Economics: The Customer Pays Because Going-Back Costs Are Too High
July 11, 2022
Short- and mid-term decisions may not be the optimal ones. Who cares about that pawn? Maybe in the end game, that pawn was on steroids. The player willing to give it up was unwilling to think about what lurks in the future.
I read “FedEx to Close Data Centers, Retire All Mainframes by 2024, Saving $400m.” The main idea is that mainframes are not suited to the zippy world of today. Furthermore, programmers –despite high-tech’s enthusiastic reduction in force moves – are not into the oddities of big iron. Those who do get jazzed with total-code working environments are rarer than a certain prince’s attending a female 15 year-old’s birthday party at the country club pool in Oxfordshire.
The write up reports:
Speaking during the FedEx investor day, FedEx CIO Rob Carter said the company is aiming for a ‘zero data center, zero mainframe’ environment based in the cloud, which will result in $400 million in savings annually. “We’ve been working across this decade to streamline and simplify our technology and systems,” he said. “We’ve shifted to cloud…we’ve been eliminating monolithic applications one after the other after the other…we’re moving to a zero data center, zero mainframe environment that’s more flexible, secure, and cost-effective.”
One way to view IBM’s approach to computing in the pre-person computer days was a person in handcuffs. IBMers disagree with my view. No problem. I also see cloud computing as a variation of the IBM approach to computing: Lock in and change are business benefits. Leasing mainframes and buying services each year is the equivalent of high-tech’s discovery of subscription-centric revenue models.
FedEx does not see the cloud as a variation on the mainframe strategy and its pricing structure. I thought one of the FedEx wizards was a Harvard MBA wizard.
The write up notes:
FedEx has previously said it planned to work with Intel and Switch to build Edge data centers at FedEx locations across the US. Whether this has actually been rolled out is unclear.
Trendy I suppose. I want to point out that there are some interesting comments about this alleged decision in the Y Combinator Hacker News comments. You can find these at this link.
One comment resonated with me: “Change gives the illusion of progress.”
Stephen E Arnold, July xx, 2022
True or False: Google and Dangerous Functionality
May 13, 2022
I want to be clear: I cannot determine if security-related announcements are PR emissions, legitimate items of data, or clickbait craziness. I am on the fence with the information is “Google Cloud Apparently Has a Security Issue Even Firewalls Can’t Stop.”
The write up presents as real news:
A misconfiguration in Google Cloud Platform has been found which could give threat actors full control over a target virtual machine (VM) endpoint…
These virtual machines are important cogs in some bad actors machinery. Sure, legitimate outfits rely on the Google for important work as well. Therefore, the announcement points some bad actors toward a new opportunity to poke around and outfits engaged in ethically informed activities to batten down their digital hatches.
The write up points out that the Google agreed that “misconfiguration could bypass firewall settings.”
And the Google, being Googley, semi-agrees. Does this mean that the Google Cloud is just semi-vulnerable?
Stephen E Arnold, May 13, 2022
TikTok: Interesting Assumptions and Opinions
March 30, 2022
I am not a TikTok’er. I have an attention span better suited to books, the old fashioned paper artifacts not so popular among certain younger humanoids. I read “The TikTok-Oracle Deal Would Set Two Dangerous Precedents.” The main argument in the write up is that “a global data shortage melee” could erupt. I am not sure what a data storage mêlée would look like. One dictionary defines a mêlée as a ruction. Another offers a lively contention. Let’s assume the write up is based on fact, deeply informed by rigorous search, and absolutely actual factual.
I noted a couple of statements which I found interesting; to wit:
- “The deal would establish precedents likely to harm technology companies and their users.”
- “The costs are worth bearing because they will give TikTok the freedom to compete on its greatest strength: its product.”
- “If the US government succeeds in forcing TikTok to enter this local data-storing arrangement with Oracle, other governments will be more likely to impose comparable requirements on US companies operating within their borders.”
- “The evidence that TikTok posed a national security threat has always been flimsy at best.”
- “Absent evidence of security risks, regulators should allow American and Chinese tech companies to compete without government interference.”
- If the rumored deal between TikTok and Oracle becomes a reality, TikTok will quietly celebrate while other Big Tech firms brace for escalating product battles with one of their strongest competitors.
Some observations are now offered for each of these statements:
- A couple of examples might be helpful.
- What’s the evidence supporting the assertion that China centric firms compete on the “greatest strength”?
- What about governments imposing such requirements on firms; for example, Google and Facebook operations in China.
- What evidence? Why is it flimsy?
- This is an opinion. Are these some facts supporting the assertion?
- Who is the strongest competitor? Oracle? China? Outfits like Amazon, Google, and Microsoft?
I would add one other question: What is the scope of Oracle’s business involvement with China and Chinese supported entities?
Stephen E Arnold, March 30, 2022
-
- Subscribe to Beyond Search
Feature archive
News archive
-
