• Home
• About
• Writers
• Landscape
• Wizards Index
• Fraud
• Wanna Be Like Larry?

Capital One and Surprising Consequences

DarkCyber noted the ZDNet article “GitHub Sued for Aiding Hacking in Capital One Breach.” According to the “real news” outfit:

While Capital One is named in the lawsuit because it was its data that the hacker stole, GitHub was also included because the hacker posted some of the stolen information on the code-sharing site.

Github (now owned by Microsoft) allegedly failed to detect the stolen data. Github did not block the posting of Social Security numbers. These follow a specific pattern. Many text parsing methods identify and index the pattern and link the number to other data objects.

What law did Github violate? Management lapses are not usually the stuff that makes for a good legal drama, at least on “Law and Order” reruns. The write up reports:

The lawsuit alleges that by allowing the hacker to store information on its servers, GitHub violated the federal Wiretap Act.

DarkCyber thanks ZDNet for including a link to the complaint.

Lawyers, gotta love ‘em because we have a former Amazon employee, a financial institution with a remarkable track record of security issues, and a company owned by Microsoft. What about the people affected? Oh, them. What if Github is “guilty”? Perhaps a new chapter in open source and public posting sites begins?

Stephen E Arnold, August 4, 2019

Open Source: No Handcuffs, Freedom, and Maybe Problems

DarkCyber has noted the use of open source technology in policeware (software and systems for law enforcement) and in intelware (software and systems for intelligence professionals). The reasons mentioned to me when I get a demonstration include avoiding the handcuffs clicked on when one licenses proprietary software, the ability to get bug fixes and enhancements without waiting for the proprietary software vendor to get around to these adjustments, and a bigger pool of technical talent from which to draw. “12 Challenges Businesses face when Using Open-Source Software” does a good job of identifying some issues to consider when adopting open source code.

Let’s look at three of these which I have encountered in the last few months. I won’t name the vendors of the policeware and intelware systems, and if you want the other nine “challenges”, please, navigate to the original article.

Here are the three “challenges”, which in some cases may be deal breakers:

Cost. Note that the article pegs cost last in the list of 12 issues. My thought is that cost in the number one consideration. I have heard, “Our software is more value centric because we use open source software.” My response is, “So the license fees is reduced, but what about the cost of support, training, and coding special widgets to get the system working to meet our specifications?” No policeware or intelware system is “cheap.” Less expensive than another product, sure. But in terms of headcount, direct and indirect system costs, and time — vendors often understate costs and licensees say “Wow, I’ll go with you.”

Compatibility. Because a chunk of code or a system is open source and perceived as open, the software may not be compatible with one’s existing code. More problematic, the assumption that open source can happily ingest whatever “common” or “database” content one wants to have the open source software process. Think in terms of finding, licensing, or writing “filters,” “import routines,” or “file conversion” routines. Vendors of proprietary software may not have what you need, but you can buy filters from a cheerful sales professional or directly from the company. Working out “compatibility” can be expensive and slow down the process.

Mystery Sources. Open source is perceived as one way for a developer to demonstrate his open sourciness and his expertise. However, intelligence agencies in some countries create or contribute code to open source projects. Assuming that what looks like a benign tool may prove to be somewhat problematic. How problematic? Data about compromised open source software are elusive. In the US, third parties who use open source software for projects sub contracted by a prime contractor can be a vector for backdoors, exploits, and malware. Paranoiac project managers and contracting officers may wish to ponder this issue. Legalese will not reduce the aperture for fancy dancing.

Is open source inherently more risky than proprietary solutions? No, risk is about equal. Proprietary software is fraught with problems. So is open source. That’s a point of fact that is often glossed over.

Stephen E Arnold, July 26, 2019

Spy on the Competition: Sounds Good, Right?

DarkCyber noted this consumer and small business oriented write up about spying. Navigate to “7 ways to Spy on Your Competitor’s Facebook Ads [2019 Update].” The update promises to add some nifty new, useful methods to the original story.

What are the methods? Here’s a run down of four of them. You will have to navigate to the original story for the other three, or you could just not bother. Spoiler: None of the methods reference commercially available tools and services available from specialist vendors. Who’s a specialist vendor? Attend one of our LE and intel training sessions, and we will share a list of 30 firms with you.

Here are four methods we found interesting:

1. Use services which report about a firm’s online advertising activities.
2. Use services which report about a firm’s online advertising activities.
3. Use services which report about a firm’s online advertising activities.
4. Use services which report about a firm’s online advertising activities.

There you go. The spying methods.

DarkCyber wants to point out that these methods are different from the persistent tracking bug data some vendors helpfully install on one’s Internet connected device.

Plus, these methods are quite different from the approaches implemented in commercial OSINT and intercept analysis systems.

My next relatively public lecture will be in October in San Antonio. After the session, look me up. I might share a couple of solutions. Better yet write darkcyber333 at yandex dot com and sign up for a for fee intelligence systems webinar.

Stephen E Arnold, July 11, 2019

Short Honk: NLP Tools

Making sense of unstructured content is tricky. If you are looking for opens source natural language processing tools, “12 Open Source Tools for Natural Language Processing” provides a list.

Stephen E Arnold, March 26, 2019

RedMonk and Its Assessment of IBM as an Open Source Leader

I read “The RedMonk Programming Language Rankings: January 2019.” The analysis was interesting and contained one remarkable assertion and one probably understandable omission. The guts of the report boiled down, in my opinion, to a reminder to job hunters. If you want to increase your chances of getting hired, know:

1 JavaScript
2 Java
3 Python
4 PHP
5 C#

But the surprising statement in the write up was this one:

IBM remains at the forefront of open source innovation.

Now the omission. If IBM is in the forefront, where is Amazon? The company has made an effort to support most of the widely used open source software. Plus, the company appears to be taking tactical steps to close or capture open source.

From my vantage point, Amazon is taking a more “innovative” approach to open source. Granted Amazon’s “approach” may be a milestone in the company’s enhanced walled garden approach to core software systems. IBM’s approach seems little more than Big Blue’s attempt to give back and convince the open source community that it is not the IBM of its mainframe heritage.

Stephen E Arnold, March 24, 2019

When Free Fails the Doers, the Dreamers, and the Disillusioned

My team and I worked for several “open source software companies,” before I decide to hang up my Delta Million Mile Club name tag. (Weird red tags those puppies are.)

I read “Free Labor of Open Source Developers. Is That Sustainable?” The question caused me to chuckle. The answer is fairly straightforward.

Nope. Not for individuals. For outfits like Amazon, yep.

Under specific conditions, open source software does “work”. Now “does work” translates as “makes money, delivers fame, and/or makes those participating [a] happy, [b] feel like the effort is sticking it to the “man”, [c] proves that a person can actually write code which mostly works, and/or [d] builds a psychic bond with a community.

Some big companies do the open source “give back” and “contribution” and “support” dance. For these outfits, open source software is a part of a business model. Usually the practitioners of this type of marketing and sales offer for-fee widgets, add ins, and digital gizmos. Then the customer who downloads and uses the open source code has the opportunity to use the software and [a] buy engineering services, [b] buy training, [c] pay for “enhanced support,” and/or [d] attend conferences for insiders. I find Microsoft’s embrace of open source amusing.

For individuals, a pet project can provide satisfaction and a job maybe.

The write up does a good job of explaining the idealistic roots of open source software. I must admit, however, that I do not drink alcohol, so the analogy “like free beer” does not make any sense to me. The roots of open source software seem to be anchored in a desire to have software which did not [a] cost money to use, [b] could be modified; that is, not put the users in handcuffs, and [c] was updated on a calendar often wildly out of sync with the needs of the licensees. Proprietary software meant “bad” and the new open source software meant good with hints of revolution and “I just can’t take proprietary software anymore.”

The write up reviews a popular paper about the economics of open source software. I did not spot a reference to a later study which suggested that large companies were the biggest adopters of open source.* If that research were correct, the reason boils down to [a] big companies want to trim their costs for proprietary software’s license fees, mandatory upgrades, mandatory maintenance, and contractual limits on what changes a licensee of proprietary software can make. The researchers pointed out that large companies had [a] the staff and [b] the money to make open source software work for their use cases.

Flash forward to 2016. The Ford Foundation’s Roads and Bridges** makes clear that software development performed for free has a built in flaw. Developers can quit. Dead end? Maybe. Large companies can step in and embrace the project and, of course, the community. Outfits using this method range from the Amazons to the smaller firms which allow employees to work on projects. The open source approach can be overwhelmed or a victim of abandonment.

I am not sure I am convinced that the open source community exists. There are factions and many of them are at war. Consider Lucene/Solr’s contentious history. I also am not keen on the simile comparing open source to a religious community. Once again there are fanatics, and there are those whom the fanatics would like to either [a] imagine roasting in hell or [b] actually burning alive after a presentation at an open source meet up.

Net net: Amazon has crafted a new chapter in the lock in playbook. The approach borrows from IBM’s FUD to the more New Age methods of being famous and getting a “real” job.

If you are tracking the world of open source software, the write up is a useful addition to one’s library of analyses. One suggestion: Keep in mind that “free” open source software is a lure in certain circumstances. Think of it as a form of digital phishing, particularly for marketing oriented outfits.

Stephen E Arnold, February 17, 2019

——–

Note:

* Diomidis Spinellis and Vaggelis Giannikas, “Organizational Adoption of Open Source Software,” Journal of Systems and Software, March 2012, page 666-682, and Stephen E Arnold’s The New Landscape of Search, June 2011.

** See https://www.fordfoundation.org/about/library/reports-and-studies/roads-and-bridges-the-unseen-labor-behind-our-digital-infrastructure

Ignoring Amazon: Risky, Short Sighted, Maybe Not an Informed Decision

I read “AWS, MongoDB, and the Economic Realities of Open Source.” The write up does a good job of explaining how convenience can generate cash for old line businesses.

The essay then runs down the features of a typical open source business model; namely, money comes from proprietary add ons, services, training, etc. Accurate and helpful is the discussion. Few people recognize the vulnerability of this type of open source model for companies not in a “winner take all position.” A good example is Elastic’s success, and the lack of success of other open source search systems which are in most cases pretty good.

The discussion of Amazon explains that Amazon is in the service business; specifically, the software-as-a-service business. That’s mostly correct. I have given two or three talks about Amazon’s use of AWS in the law enforcement and intelligence sector, and I have to be honest. Few understood what I was emphasizing. Amazon is a disruption machine. I call it the Bezos bulldozer.

The write up draws parallels with the music business case with which the Stratechery essay begins. I understand the parallel. I agree with this statement:

AWS is not selling MongoDB: what they are selling is “performance, scalability, and availability.” DocumentDB is just one particular area of many where those benefits are manifested on AWS. Make no mistake: these benefits are valuable.

The point of the write up is mostly on the money as well. I noted this statement:

…the debate on the impact of cloud services on open source has been a strident one for a while now. I think, though, that the debate gets sidetracked by (understandable) discussions about “fairness” and what AWS supposedly owes open source. Yes, companies like MongoDB Inc. and Redis Labs worked hard, and yes, AWS is largely built on open source, but the world is governed by economic realities, not subjective judgments of fairness.

There are several facets of Amazon’s system and method for competition which may be more important than the inclusion of open source software in its suite of “conveniences.”

At some point, I would welcome conference organizers, MBAs, and open source mavens to address such questions as:

1. What is the ease of entry or implementation for open source services on AWS?
2. What is the future of training developers to use the AWS system? Who does the training?
3. What is the short term benefit to Amazon to have developers use open source and the AWS platform to create new products and services?
4. What is the long term benefit to Amazon to have new products and services become successful on the AWS platform?
5. What is the mid term impact on procurements for commercial and government entities?
6. What is the shape of the Bezos bulldozer’s approach to lock in?

I was recently informed by a conference organizer that no one had interest in Amazon’s disruption of the policeware and intelware sector.

Do you think that the organizer’s conclusion was informed? Do you think open source is more than the digital equivalent of a gateway drug?

I do. For information about the DarkCyber briefing on Amazon’s policeware and intelware “play,” write benkent2020 at yahoo dot com.

Stephen E Arnold, January 15, 2019

Big Companies Launch Open Source Safe Data Initiative

Huge corporations usually do not support open source code, because it harms their bottom line. Qrius shares how some of the biggest tech companies are behind a new initiative for an interesting change of pace, “Facebook, Google, Twitter, Microsoft To Launch Open Source Initiative For Safe Data Transfer.”

Facebook, Twitter, Microsoft, and Google have teamed up in an endeavor to make data transfer across various platforms easier and safer. The new initiative is called the Data Transfer Project (DTP) and it is an open source project that helps users seamlessly transfer data across multiple online services without facing privacy issues. It sounds like a fantasy superhero team up. How will the DTP will do:

“According to Damien Kieran, Data Protection Officer at Twitter, most of the online services we use right now do not interact with each other in a coherent and intuitive fashion. Formed in 2017, the DTP is expected to bridge this gap and introduce service-to-service data portability through its open-source platform.

The project is expected to roll out in phases, starting with ensuring data portability from one service to another with encrypted signups, said Steve Satterfield, Privacy and Public Policy Director at Facebook.”

The DTP is a great idea, because how many times do you need to upload, download, reupload, and change file formats with your data? Transfer fluidity across many platforms is a must, especially with mobile technology, but privacy is even more important as users share their data across a wider physical and digital expanse. There are also new data protection laws, such as ones introduced in the EU, and the DTP will hopefully write the necessary legal jargon to protect the user and prevent the companies from breaking the laws.

It is a great accomplishment that these four companies are working together. Hopefully it is for good and not the all mighty dollar.

Whitney Grace, November 21, 2018

—

IBM Lock In Approach Modified and Given New Life

I read “Alphabet Backs GitLab’s Quest to Surpass Microsoft’s GitHub.” The write up explains that Microsoft bought GitHub. Google invests in GitLab. Plus:

It’s the latest major deal in the so-called DevOps market. Broadcom Inc. agreed to buy CA Technologies for $19 billion earlier this year; Atlassian Corp. bought OpsGenie Inc. for $295 million; and Salesforce Inc. spent $6.5 billion to purchase MuleSoft Inc.

From my point of view, these are open source oriented deals.

These deals are part of a revitalization of the old school IBM type of vendor lock in. The way that once worked was:

Buy our big iron

Use our software

Use our preferred partners

Or

Good luck getting those mainframe puppies to behave.

Now the trajectory is to embrace open source, support anyone who codes something semi useful, add proprietary bits, and lock in the platform users.

In short, the lock in play is undergoing a renascence.

How about that open source credo? But where’s Amazon? If you want our take on Amazon’s tactics, contact benkent2020 at yahoo dot com and ask about our for fee briefing on this subject.

Stephen E Arnold, September 20, 2018

Changing How Electronics Are Done

I read “DARPA Plans a Major Remake of US Electronics.” The write up reports that the US government’s Defense Advanced Research Projects Agency is funding activities to “radically alter how electronics are made.” The idea is to make an engineer skilled in the anticipated art to become more productive. If the funding generates innovation and applied research deliverables, “the effect could be to make small groups of engineers capable of feats that take 100 engineers to achieve today.”

There are some interesting observations presented in the write up. These are attributed to Bill Chappell, who is the DARPA directors for this initiative. The write up is important because the stated objectives are one that will allow some technical and process roadblocks to be removed; for example, acceleration of innovation, increasing productivity, and stepping up activity for open source hardware.

However, there are several ideas percolating in the statements in my opinion.

First, the US is not producing what we call in Harrod’s Creek “home grown electronics engineers.” In part, the initiative is to increase US activity. China and Russia, two cite two nation states, are creating more technical professionals. Now the US has to do more with less.

Second, big picture problems are not what some US projects accomplish. The way innovation works is to make incremental advances within often quite specific scopes of interest. This new initiative is more big picture and less improving the efficiency of an advertising server’s predictive matching in silicon or some equally narrow focus.

Third, the program suggests to me that some insightful US government professionals are concerned about the US electronics industry. The idea that technology from another nation state could create an unknown vulnerability is sufficiently troubling to warrant this big picture program.

In short, the failures of the US electronics sector have become a concern. One hopes that this project will address, in part, this significant issue. In my DarkCyber video news program to be released on July 24, 2018, I comment about the forthcoming Chinese made blockchain phone. I ask one question, “Does this device have the capability to phone home to the manufacturer? Could the device be monitored by an entity in the country of origin?”

Stephen E Arnold, July 18, 2018

« Previous Page — Next Page »

• 

• Search the site

•  

  Subscribe to Beyond Search

  • 
  • 
   
  • 
   
  
  Feature archive
  News archive
   
  
  
  Stephen E. Arnold monitors search, content processing, text mining and related topics from his high-tech nerve center in rural Kentucky. He tries to winnow the goose feathers from the giblets. He works with colleagues worldwide to make this Web log useful to those who want to go "beyond search". Contact him at sa [at] arnoldit.com. His Web site with additional information about search is arnoldit.com.

• Categories

  • 3D-Printing
  • Acquisition
  • Advertising
  • Aggregation
  • AI
  • Alexa
  • algorithms
  • Amazon
  • Amazonia
  • Analytics
  • Appliance
  • Applications
  • Audio
  • Augmented Reality
  • Big data
  • Bing
  • Bitcoin
  • Bitext
  • Book review
  • Business intelligence
  • Business process
  • Business strategy
  • Censorship
  • Cloud computing
  • Company Profile
  • Conferences
  • Connectors
  • Consulting
  • Consumer
  • Content processing
  • Copyright
  • Corporate Concerns
  • Cost
  • Crawl
  • Crowdfunding
  • cryptocurrency
  • Customer support
  • Cyber OSINT
  • cybercrime
  • cybersecurity
  • Dark Web
  • DarkCyber
  • Data
  • Data mining
  • Database
  • Deepfakes
  • Digital Assistant
  • Digital Library
  • E2EE
  • ECommerce
  • EDiscovery
  • Editorial opinion
  • Education
  • Emoticons
  • Enterprise
  • Enterprise search
  • Entity extraction
  • Ethics
  • Facebook
  • Faceted search
  • Factualities
  • Feature
  • Federated search
  • Financial
  • Fogint
  • Google
  • Governance
  • Government
  • Hackers
  • healthcare
  • IBM Watson
  • Image search
  • Indexing
  • Infrastructure
  • Innovation
  • Integration
  • intelware
  • Interface
  • Internet
  • Interview
  • Investment
  • law enforcement
  • Legal matters
  • Library automation
  • Management
  • Marketing
  • Mathematics
  • Metadata
  • Microsoft
  • Mobile
  • Natural language processing
  • News
  • NGIA
  • Online (general)
  • Open Access
  • Open source
  • OSINT
  • Osint Radar
  • Overflight
  • Palantir
  • Patents
  • Personnel
  • Podcast
  • Policeware
  • Portals
  • Predictive coding
  • Privacy
  • Profile
  • Publishing
  • Quotation
  • Real time search
  • Reference tool
  • Rich media
  • Robot Writer
  • Search
  • Search enabled applications
  • search engine
  • Search quality
  • Security
  • Semantic
  • Sentiment analysis
  • SEO
  • SharePoint
  • Short Honks
  • Smart Technology
  • Social
  • Social Media
  • software
  • Statistics
  • Taxonomy
  • Technology
  • Text analytics
  • Text processing
  • Tools
  • Tor
  • Training
  • Translation
  • Twitter
  • Uncategorized
  • Unstructured Data
  • User experience
  • User Interface
  • Vertical search
  • Video
  • visualization
  • Voice search
  • Voice technology
  • Web 3
  • Web Services
  • Webinar
  • Windows
  • Work flow
  • XML
  • Yahoo

• Archives

  Archives Select Month December 2024 November 2024 October 2024 September 2024 August 2024 July 2024 June 2024 May 2024 April 2024 March 2024 February 2024 January 2024 December 2023 November 2023 October 2023 September 2023 August 2023 July 2023 June 2023 May 2023 April 2023 March 2023 February 2023 January 2023 December 2022 November 2022 October 2022 September 2022 August 2022 July 2022 June 2022 May 2022 April 2022 March 2022 February 2022 January 2022 December 2021 November 2021 October 2021 September 2021 August 2021 July 2021 June 2021 May 2021 April 2021 March 2021 February 2021 January 2021 December 2020 November 2020 October 2020 September 2020 August 2020 July 2020 June 2020 May 2020 April 2020 March 2020 February 2020 January 2020 December 2019 November 2019 October 2019 September 2019 August 2019 July 2019 June 2019 May 2019 April 2019 March 2019 February 2019 January 2019 December 2018 November 2018 October 2018 September 2018 August 2018 July 2018 June 2018 May 2018 April 2018 March 2018 February 2018 January 2018 December 2017 November 2017 October 2017 September 2017 August 2017 July 2017 June 2017 May 2017 April 2017 March 2017 February 2017 January 2017 December 2016 November 2016 October 2016 September 2016 August 2016 July 2016 June 2016 May 2016 April 2016 March 2016 February 2016 January 2016 December 2015 November 2015 October 2015 September 2015 August 2015 July 2015 June 2015 May 2015 April 2015 March 2015 February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 December 2013 November 2013 October 2013 September 2013 August 2013 July 2013 June 2013 May 2013 April 2013 March 2013 February 2013 January 2013 December 2012 November 2012 October 2012 September 2012 August 2012 July 2012 June 2012 May 2012 April 2012 March 2012 February 2012 January 2012 December 2011 November 2011 October 2011 September 2011 August 2011 July 2011 June 2011 May 2011 April 2011 March 2011 February 2011 January 2011 December 2010 November 2010 October 2010 September 2010 August 2010 July 2010 June 2010 May 2010 April 2010 March 2010 February 2010 January 2010 December 2009 November 2009 October 2009 September 2009 August 2009 July 2009 June 2009 May 2009 April 2009 March 2009 February 2009 January 2009 December 2008 November 2008 October 2008 September 2008 August 2008 July 2008 June 2008 May 2008 April 2008 March 2008 February 2008 January 2008 November 5

• Recent Posts

  • Pass a Law to Prevent Youngsters from Accessing Social Media. Yep, That Will Work Well
  • FOGINT: Telegram and Its Possible Latent Weakness
  • Deepfakes: An Interesting and Possibly Pernicious Arms Race
  • The Golden Fleecer of the Year: Boeing
  • Directories Have Value

• Meta

  • Log in
  • Entries feed
  • Comments feed
  • WordPress.org