NSO Group: The Rip in the Fabric of Intelware

July 22, 2021

A contentious relationship with the “real news” organizations can be risky. I have worked at a major newspaper and a major publisher. The tenacity of some of my former colleagues is comparable to the grit one associates with an Army Ranger or Navy Seal, just with a slightly more sensitive wrapper. Journalists favored semi with it clothes, not bushy beards. The editorial team was more comfortable with laptops than an F SCAR.

Communications associated with NSO Group — the headline magnet among the dozens of Israel-based specialized software companies (an very close in group by the way)— may have torn the fabric shrouding the relationship among former colleagues in the military, government agencies, their customers, and their targets.

Whose to blame? The media? Maybe. I don’t have a dog in this particular season’s of fights. The action promises to be interesting and potentially devastating to some comfortable business models. NSO Group is just one of many firms working to capture the money associated with cyber intelligence and cyber security. The spat between the likes of journalists at the Guardian and the Washington Post and NSO Group appears to be diffusing like spilled ink on a camouflage jacket.

I noted “Pegasus Spyware Seller: Blame Our Customers Not Us for Hacking.” The main point seems to be that NSO Group allegedly suggests that those entities licensing the NSO Group specialized software are responsible for their use of the software. The write up reports:

But a company spokesman told BBC News: “Firstly, we don’t have servers in Cyprus.

“And secondly, we don’t have any data of our customers in our possession.

“And more than that, the customers are not related to each other, as each customer is separate.

“So there should not be a list like this at all anywhere.”

And the number of potential targets did not reflect the way Pegasus worked.

“It’s an insane number,” the spokesman said.

“Our customers have an average of 100 targets a year.

“Since the beginning of the company, we didn’t have 50,000 targets total.”

For me, the question becomes, “What controls exist within the Pegasus system to manage the usage of the surveillance system?” If there are controls, why are these not monitored by an appropriate entity; for example, an oversight agency within Israel? If there are no controls, has Pegasus become an “on premises” install set up so that a licensee has a locked down, air tight version of the NSO Group tools?

The second item I noticed was “NSO Says ‘Enough Is Enough,’ Will No Longer Talk to the Press About Damning Reports.” At first glance, I assumed that an inquiry was made by the online news service and the call was not returned. That happens to me several times a day. I am an advocate of my version of cancel culture. I just never call the entity again and move on. I am too old to fiddle with the egos of a younger person who believes that a divine entity has given that individual special privileges. Nope, delete.

But not NSO Group. According to the write up:

“Enough is enough!” a company spokesperson wrote in a statement emailed to news organizations. “In light of the recent planned and well-orchestrated media campaign lead by Forbidden Stories and pushed by special interest groups, and due to the complete disregard of the facts, NSO is announcing it will no longer be responding to media inquiries on this matter and it will not play along with the vicious and slanderous campaign.” NSO has not responded to Motherboard’s repeated requests for comment and for an interview.

Okay, the enough is enough message is allegedly in “writing.” That’s better than a fake message disseminated via TikTok. However, the “real journalists” are likely to become more persistent. Despite a lack of familiarity with the specialized software sector, a large number of history majors and liberal arts grads can do what “real” intelligence analysts do. Believe me, there’s quite a bit of open source information about the cozy relationship within and among Israel’s specialized software sector, the interaction of these firms with certain government entities, and public messages parked in unlikely open source Web sites to keep the “real” journalists learning, writing, and probing.

In my opinion, allowing specialized software services to become public; that is, actually talk about the capabilities of surveillance and intercept systems was a very, very bad idea. But money is money and sales are sales. Incentive schemes for the owners of specialized software companies guarantee than I can spend eight hours a day watching free webinars that explain the ins and outs of specialized software systems. I won’t but some of the now ignited flames of “real” journalism will. They will learn almost exactly what is presented in classified settings. Why? Capabilities when explained in public and secret forums use almost the same slide decks, the same words, and the same case examples which vary in level of detail presented. This is how marketing works in my opinion.

Observations:

1. A PR disaster is, it appears, becoming a significant political issue. This may pose some interesting challenges within the Israel centric specialized software sector. NSO Group’s system ran on cloud services like Amazon’s until AWS allegedly pushed Pegasus out of the Bezos stable.

2. A breaker of the specialized software business model of selling to governments and companies. The cost of developing, enhancing, and operating most specialized software systems keeps companies on the knife edge of solvency. The push into commercial use of the tools by companies or consumerizing the reports means government contracts will become more important if the non-governmental work is cut off. Does the world need several dozen Dark Web indexing outfits and smart time line and entity tools? Nope.

3. A boost to bad actors. The reporting in the last week or so has provided a detailed road map to bad actors in some countries about [a] What can be done, [b] How systems like Pegasus operate, [c] the inherent lack of security in systems and devices charmingly labeled “insecure by design” by a certain big software company, and [d] specific pointers to the existence of zero day opportunities in blast door protected devices. That’s a hoot at ??????? ???? “Console”.

Net net: The NSO Group “matter” is a very significant milestone in the journey of specialized software companies. The reports from the front lines will be fascinating. I anticipate excitement in Belgium, France, Germany, Israel, the United Kingdom, and a number of other countries. Maybe a specialized software Covid Delta?

Stephen E Arnold, July 22, 2021

Databases: Old Wine, New Bottles, and Now Updated Labels with More Jargon and Buzzwords

June 29, 2021

I read “It’s the Golden Age of Databases. It Can’t Last.” The subtitle is fetching too:

Startups are reaping huge funding rounds. But money alone won’t be enough to top the current market leaders.

I think that it is important to keep in mind that databases once resided within an organization. In 1980, I had my employer’s customer database in a small closet in my office. I kept my office locked, and anyone who needed access had to find me, set up an appointing, and do a look up. Was I paranoid? Yep, and I suppose that’s why I never went to work for flexi-think outfits intellectually allied with Microsoft or SolarWinds, among others.

Today the cloud is the rage. Why? It’s better, faster, and cheaper. Just pick any two and note that I did not include “more secure.” If you want some color about the “cost” of the cloud pursuit fueled by cost cutting, check out this high flying financial outfit’s essay “Andreesen Horowitz Partner Martin Casado Says the Cost of Cloud Computing Is a $100 Billion Drag on the Biggest Software Companies, Sparking a Huge Debate across the Industry.” Some of the ideas are okay; others strike me as similar to those suggesting the Egyptian pyramids are big batteries. The point is that many companies embraced the cloud in search of reducing the cost and hassle of on premises systems and people.

One of the upsides of the cloud is the crazy marketing assertions that a bunch of disparate data can be dumped into a “cloud system” and become instantly available for Fancy Dan analytics. Yeah, and I have a bridge to sell you in Brooklyn. I accept PayPal too.

The “Golden Age” write up works over time to make the new databases exciting for investors who want a big payout. I did note this statement in the write up which is chock-a-block with vendor names:

Ultimately, Databricks and Snowflake’s main competitors probably aren’t each other, but rather Microsoft, AWS and Google.

Do you think it would be helpful to mention IBM and Oracle? I do.

Here’s another important statement from the write up:

One thing is certain: The big data revolution isn’t slowing down. And that means the war over managing it and putting the information to use will only get more fierce.

Why the “fierce”? Perhaps it will be the investors in the whizzy new “we can federate and be better, faster, and cheaper” outfits who put the pedal to the metal. The reality is that big outfits license big brands. Change is time consuming and expensive. And the seamless data lakes with data lake houses on them? Probably still for sale after owners realize that data magic is expensive, time consuming, and fiddly.

But rah rah is solid info today.

Stephen E Arnold, June 29, 2021

High School Management Method: Blame a Customer

June 9, 2021

I noted another allegedly true anecdote. If the information is correct, gentle reader, we have another example of the high school science club management method. Think acne, no date for the prom, and a weird laugh type of science club. Before you get too excited, yes, I was a member of my high school’s science club and I think an officer as well as a proponent of the HSSC approach to social interaction. Proud am I.

Fastly Claims a Single Customer Responsible for Widespread Internet Outage” asserts:

The company is now claiming the issue stemmed from a bug and one customer’s configuration change. “We experienced a global outage due to an undiscovered software bug that surfaced on June 8 when it was triggered by a valid customer configuration change,” Nick Rockwell, the company’s SVP of engineering and infrastructure wrote in a blog post last night. “This outage was broad and severe, and we’re truly sorry for the impact to our customers and everyone who relies on them.”

Yep, a customer using the Fastly cloud service.

Two observations:

  1. Unnoticed flaws will be found and noticed, maybe exploited. Fragility and vulnerability are engineered in.
  2. Customer service is likely to subject the individual to an inbound call loop. Take that, you valued customer.

And what about Amazon’s bulletproof, super redundant, fail over whiz bang system. Oh, it failed for users.

Yep, high school science club thinking says, “We did not do it.” Yeah.

Stephen E Arnold, June 9, 2021

Reconciling Two Views of Cloud Computing

June 2, 2021

I think it would be helpful to read “The Cost of Cloud, a Trillion Dollar Paradox.” The write up is an MBA team effort, and it makes what I think is an interesting point. The cloud makes sense when a company is small and doing the “go fast, break things” stuff. But as the company becomes larger, the cloud becomes expensive and slaps handcuffs on the customer. The MBAs may not agree with my précis, but it works okay for me.

Then read “Atlassian Claims It’s a Step Closer to Achieving Nirvana with Its Data.” The main point of the essay to that centralizing cloud work is better, faster, and all around more wonderful than the multi-cloud thing. I winced at the use of the word “nirvana.” Amazon AWS and nirvana don’t fit together like peanut butter and chocolate or pinga and salt. (Nirvana, I think, means according to Google’s recycling of the Oxford “languages”

transcendent state in which there is neither suffering, desire, nor sense of self, and the subject is released from the effects of karma and the cycle of death and rebirth.

That’s AWS for sure.

Both articles are marketing material. The a16z piece makes it clear that the firm’s analysts are on the ball. I think the message is, “We’re on the ball. We put money where it will really pay off.” The Ziff story is a marketing tchotchke, and it is designed to send a specific message about the freedom from suffering, desire, etc. associated with the use of AWS services.

What’s the nitty gritty?

Marketing, not analysis nor personal experience, has become the payload of what appears to be technical relevant information. This is a good thing, right. Perfect for home economics and political science majors who wrangle jobs in or around technology.

Lock in and cost control are not difficult concepts in my opinion. Pick one. Nirvana is near.

Stephen E Arnold, June 2, 2021

What Is Cloud Computing? It May Be Timesharing REbranded

June 1, 2021

I have been around long enough to watch hot trends come and go. Then years or decades later the “old” new thing returns. “Nvidia Is Renting Out Its A.I. Superpod Platform for $90K a Month” states:

Nvidia is looking to make work and development in artificial intelligence more accessible, giving researchers an easy way to access its DGX 2 supercomputer. The company announced that it will launch a subscription service for its DGX Superpod as an affordable way to gain entry into the world of supercomputers.

Does this sound like timesharing to you? It does to me. And what about those automatic upticks in charges? It is too early to tell, but my hunch is that there will be “peak times,” data transfer thresholds, and a taxi meter method applied to some user actions. I hope I am wrong, but, hey, timesharing business models have been around since — what? — the 1950s. That is long enough for those thrilling moments after opening a timesharing invoice to become one of the benefits of this “new” but “old” approach to computing.

Will the Nvidia supercomputing deals include a white coat? One tip: If you tour the superpod data facility, take a sweater.

Stephen E Arnold, June 1, 2021

A Field of Data Silos: No Problem

May 5, 2021

The hype about silos has followed data to the cloud. IT Brief grumbles, “How Cloud Silos Are Holding Organisations Back.” Although the brief write-up acknowledges that silos can be desirable, it issues the familiar call to unify the data therein. PureStorage CTO Mark Jobbins writes:

“Overcoming the challenges presented by having cloud silos requires organisations to develop a robust data architecture. Having a common data platform should form the foundation of the data architecture, one that decouples applications and their data from their underlying infrastructure, preventing organizations from being locked into a single delivery model. Working with a multi-cloud architecture is valuable because it helps organizations utilize best-in-breed services from the various cloud service providers. It also reduces vendor lock-in, improves redundancy, and lets businesses choose the ideal features they need for their operations. It’s important to have a strong multi-cloud strategy to ensure the business gets the right mix of security, performance, and cost. The strategy should include the tools and technologies that consolidate cloud resources into a single, cohesive interface for managing cloud infrastructure. Hybrid clouds bring public and private clouds together.”

Such “hybrid clouds” allow an organization to retain those advantages of that multi-cloud architecture with the blessed unified platform. Of course, this is no simple task, so we are told one must recruit a gifted storage specialist to help. We presume this is where Jobbins’ company comes in.

Cynthia Murrell, May 5, 2021

Alphabet: Another PR Hit Related to Raising Prices and Changing the Google Rules?

April 23, 2021

Here in Harrod’s Creek, everyone — and I mean everyone, including my phat, phaux phrench bulldog — loves Google. After reading “Why I Distrust Google Cloud More Than AWS or Azure” it is quite clear that the post in iAsylum.net is authored by someone who would find our Harrod’s Creek perception off base.

The write up contains some salty language. On the other hand, there are a number of links to information supportive of the argument that Google cannot be trusted. Now trust, like ethics, is a slippery fish. In fact, I am not sure my trust checkbook has much value today.

The main point of the iAsylum write up is that Alphabet Google cannot be trusted. The principal reasons are that Google changes prices and acts in capricious ways. Examples range from Google Map fees to the GOOG’s approach to developers.

The most painful point for us lovers of all things Google was the question in the essay:

Will Google Cloud even exist a decade from now?

That’s a difficult question to answer. Some companies are predictable. Amazon’s Bezos bulldozer moves in quite specific directions. True, it can swerve to avoid a large rock, but for the most part, the Bezos bulldozer’s actions are not much of a surprise. Got a hot product? Amazon may just happen to have one too. No surprises.

Google is unpredictable. There’s the HR and ethics mess in the AI unit. There’s the spate of legal challenges about the firm’s approach to advertising. There’s the search service which returns some darned interesting results, often not related to the query the user submitted.

For those of us in Harrod’s Creek, worries about the future should be factored into our lives. But for now, we love those Google mouse pads. Our last remaining mouse pad is now yellowed and cracking. But it once was a spiffy thing.

Let me rephrase the iAsylum question:

Will Google Cloud evolve like my Google mouse pad?

Stephen E Arnold, April 23, 2021

Oracle Matches One Amazon AWS Capability: Bringing Order to Chaos

April 19, 2021

In 2018, I started noticing more Amazon AWS support for ServiceNow. ServiceNow is a company which uses cloud technology to help its customers manage digital workflows for enterprise operations. Amazon revealed in 2018 “How to install and configure the AWS Service Management Connector for ServiceNow,” the procedure which some AWS customers had mastered before the blog post gave its stamp of approval.

Oracle Integrates ServiceNow into its Cloud Infrastructure” makes it clear that the much loved database vendor is doing what AWS did in 2018. The article reports:

Oracle has announced the integration of ServiceNow into its Oracle Cloud Infrastructure. The integration means enterprise customers have the ability to access and manage OCI (Oracle Cloud Infrastructure) resources via their existing ServiceNow service portal and the ITOM (ServiceNow IT Operations Management) Visibility application, which will give them a single dashboard to manage their public cloud resources from Oracle and other cloud providers.

Legacy Oracle customers like government agencies are likely to find the integration helpful. At one time, the likes of Amazon itself and Google might have been over the moon. Both of these cloud giants jettisoned Oracle technology and have moved in other directions.

A ServiceNow VP spins the Oracle move this way:

“With this integration, ServiceNow and Oracle are making it seamless for enterprises to unlock productivity for distributed teams to deliver products and services faster, access powerful business insights and create great experiences for employees, wherever they may be,” says ServiceNow’s vice president & general manager of Operations Management & Data Foundations, Jeff Hausman.  Joint customers leveraging the Now Platform and OCI will get the best of both worlds, a seamless experience that maximizes the value of cloud investments and the ability to harness the power of artificial intelligence for proactive operations.”

Many buzzwords like seamless, unlock productivity, business insights, experiences which are “great”, value, proactive, and of course artificial intelligence.

The winner may be ServiceNow. For Oracle, I am not sure yet. Maybe on deck to enter the cross cloud de-chaosizing work now going on in many organizations.

Stephen E Arnold, April 19, 2021

Amazon AWS EC2 Pricing

February 11, 2021

Amazon AWS makes many things simple: Off the shelf machine learning models, buying cables, and spending money. If you want to get a sense for the complexity of pricing at AWS, take a look at “EC2 Instances.Info: Easy Amazon ED2 Instance Comparison.” The effort required to compile the table was significant. In addition to the data structured by EC service, region, and other tags — there’s the splash page table itself. Impressive. For those with some financial and technical expertise, a new job category now exists: Figuring out AWS pricing for a project and then determining how to minimize costs over time. From the Amazon one click patent to this pricing inventory. How far has Amazon driven the Bezos bulldozer? A long way.

Stephen E Arnold, February 11, 2021

Can a Cockroach Love the Google Cloud? Absolutely

February 9, 2021

Cockroach Labs has released its third annual report comparing cloud service providers Amazon Web Services (AWS), Microsoft Azure, and Google Cloud Platform (GCP). On its own blog the company posts, “GCP Outpaces Azure, AWS in the 2021 Cloud Report.” The focus is on online transaction processing (OLTP). Writers Arul Ajmani, John Kendall, Yevgeniy Miretskiy, and Jessica Edwards tell us:

“Our intention is to help our customers and any builder of OLTP applications understand the performance tradeoffs present within each cloud and within each cloud’s individual machines. Perhaps your current configuration isn’t the most cost effective. Or you are looking to build a net-new application and want to see which provider has the fastest network latency. Maybe storage has been an issue in the past and you are looking for new solutions. Regardless of your motivation, the report is designed to help you achieve your goals and develop the best architecture for your specific needs. The 2021 Cloud Report is developed by a team of dedicated engineers and industry experts at Cockroach Labs. It compares AWS, Azure, and GCP on micro and industry benchmarks that reflect critical OLTP applications and workloads. This year, we assessed 54 machines and conducted nearly 1,000 benchmark runs to measure CPU Performance (CoreMark), Network Performance (Netperf), Storage I/O Performance (FIO), OLTP Performance (Cockroach Labs Derivative of TPC-C).”

The post summarizes the report’s highlights. As suggested by the title, the team found Google to deliver the most throughput. On the other hand, AWS’ network latencies remain on top for the third year in a row. We’re told AWS’ custom Graviton2 Processor beat the competition, both running AMD processors, for 16-core CPU performance. The writers also explain when it is worth paying more for each providers’ “advanced disks.” For more details, see the post or navigate to the report itself. Cloud SQL database maker Cockroach Labs was founded in 2015 and is based in New York City. No observations about the prevalence of certain insects in Alphabet City.

Cynthia Murrell, February 9, 2021

Next Page »

  • Archives

  • Recent Posts

  • Meta