TV Pursues Nichification or 1 + 1 = Barrels of Money
July 10, 2024
This essay is the work of a dumb dinobaby. No smart software required.
When an organization has a huge market like the Boy Scouts and the Girl Scouts? What do they do to remain relevant and have enough money to pay the overhead and salaries of the top dogs? They merge.
What does an old-school talking heads television channel do to remain relevant and have enough money to pay the overhead and salaries of the top dogs? They create niches.
A cheese maker who can’t sell his cheddar does some MBA-type thinking. Will his niche play work? Thanks, MSFT Copilot. How’s that Windows 11 update doing today?
Which path is the optimal one? I certainly don’t have a definitive answer. But if each “niche” is a new product, I remember hearing that the failure rate was of sufficient magnitude to make me a think in terms of a regular job. Call me risk averse, but I prefer the rational dinobaby moniker, thank you.
“CNBC Launches Sports Vertical amid Broader Biz Shift” reports with “real” news seriousness:
The idea is to give sports business executives insights and reporting about sports similar to the data and analysis CNBC provides to financial professionals, CNBC President KC Sullivan said in a statement.
I admit. I am not a sports enthusiast. I know some people who are, but their love of sport is defined by gambling, gambling and drinking at the 19th hole, and dressing up in Little League outfits and hitting softballs in the Harrod’s Creek Park. Exciting.
The write up held one differentiator from the other seemingly endless sports programs like those featuring Pat McAfee-type personalities. Here’s the pivot upon which the nichification turns:
The idea is to give sports business executives insights and reporting about sports similar to the data and analysis CNBC provides to financial professionals…
Imagine the legions of viewers who are interested in dropping billions on a major sports franchise. For me, it is easier to visualize sports betting. One benefit of gambling is a source of “addicts” for rehabilitation centers.
I liked the wrap up for the article. Here it is:
Between the lines: CNBC has already been investing in live coverage of sports, and will double down as part of the new strategy.
- CNBC produces an annual business of sports conference, Game Plan, in partnership with Boardroom.
- Andrew Ross Sorkin, Carl Quintanilla and others will host coverage from the 2024 Olympic Games in Paris this summer.
Zoom out: Cable news companies are scrambling to reimagine their businesses for a digital future.
- CNBC already sells digital subscriptions that include access to its live TV feed.
- In the future, it could charge professionals for niche insights around specific verticals, or beats.
Okay, I like the double down, a gambling term. I like the conference angle, but the named entities do not resonate with me. I am a dinobaby and nichification is not a tactic that an outfit with eyeballs going elsewhere makes sense to me. The subscription idea is common. Isn’t there something called “subscription fatigue”? And the plan to charge to access a sports portal is an interesting one. But if one has 1,000 people looking at content, the number who subscribe seems to be in the < one to two percent range based on my experience.
But what do I know? I am a dinobaby and I know about TikTok and other short form programming. Maybe that’s old hat too? Did CNBC talk to influencers?
Stephen E Arnold, July 10, 2024
A Signal That Money People Are Really Worried about AI Payoffs
July 8, 2024
This essay is the work of a dumb dinobaby. No smart software required.
“AI’s $600B Question” is an interesting signal. The subtitle for the article is the pitch that sent my signal processor crazy: The AI bubble is reaching a tipping point. Navigating what comes next will be essential.”
Executives on a thrill ride seem to be questioning the wisdom of hopping on the roller coaster. Thanks, MSFT Copilot. Good enough.
When money people output information that raises a question, something is happening. When the payoff is nailed, the financial types think about yachts, Bugatti’s, and getting quoted in the Financial Times. Doubts are raised because of these headline items: AI and $600 billion.
The write up says:
A huge amount of economic value is going to be created by AI. Company builders focused on delivering value to end users will be rewarded handsomely. We are living through what has the potential to be a generation-defining technology wave. Companies like Nvidia deserve enormous credit for the role they’ve played in enabling this transition, and are likely to play a critical role in the ecosystem for a long time to come. Speculative frenzies are part of technology, and so they are not something to be afraid of.
If I understand this money talk, a big time outfit is directly addressing fears that AI won’t generate enough cash to pay its bills and make the investors a bundle of money. If the AI frenzy was on the Money Train Express, why raise questions and provide information about the tough-to-control costs for making AI knock off the hallucination, the product recalls, the lawsuits, and the growing number of AI projects which just don’t work?
The fact of the article’s existence makes it clear to me that some folks are indeed worried. Does the write up reassure those with big bucks on the line? Does the write up encourage investors to pump more money into a new AI start up? Does the write up convert tests into long-term contracts with the big AI providers?
Nope, nope, and nope.
But here’s the unnerving part of the essay:
In reality, the road ahead is going to be a long one. It will have ups and downs. But almost certainly it will be worthwhile.
Translation: We will take your money and invest it. Just buckle up, butter cup. The ride on this roller coaster may end with the expensive cart hurtling from the track to the asphalt below. But don’t worry about us venture types. We will surf on churn and the flows of money. Others? Not so much.
Stephen E Arnold, July 8, 2024
Happy Fourth of July Says Microsoft to Some Employees
July 8, 2024
This essay is the work of a dinobaby. Unlike some folks, no smart software improved my native ineptness.
I read “Microsoft Lays Off Employees in New Round of Cuts.” The write up reports:
Microsoft conducted another round of layoffs this week in the latest workforce reduction implemented by the Redmond tech giant this year… Posts on LinkedIn from impacted employees show the cuts affecting employees in product and program management roles.
I wonder if some of those Softies were working on security (the new Job One at Microsoft) or the brilliantly conceived and orchestrated Recall “solution.”
The write up explains or articulates an apologia too:
The cutbacks come as Microsoft tries to maintain its profit margins amid heavier capital spending, which is designed to provide the cloud infrastructure needed to train and deploy the models that power AI applications.
Several observations:
- A sure-fire way to solve personnel and some types of financial issues is identifying employees, whipping up some criteria-based dot points, and telling the folks, “Good news. You can find your future elsewhere.”
- Dumping people calls attention to management’s failure to keep staff and tasks aligned. Based on security and reliability issues Microsoft evidences, the company is too large to know what color sock is on each foot.
- Microsoft faces a challenge, and it is not AI. With more functions working in a browser, perhaps fed up individuals and organizations will re-visit Linux as an alternative to Microsoft’s products and services?
Net net: Maybe firing the security professionals and those responsible for updates which kill Windows machines is a great idea?
Stephen E Arnold, July 8, 2024
VPNs, Snake Oil, and Privacy
July 2, 2024
This essay is the work of a dinobaby. Unlike some folks, no smart software improved my native ineptness.
Earlier this year, I had occasion to meet a wild and crazy entrepreneur who told me that he had the next big thing in virtual private networks. I listened to the words and tried to convert the brightly-covered verbal storm into something I could understand. I failed. The VPN, as I recall the energizer bunny powered start up impresario needed to be reinvented.
Source: https://www.leviathansecurity.com/blog/tunnelvision
I knew that the individual’s knowledge of VPNs was — how shall I phrase it — limited. As an educational outreach, I forwarded to the person who wants to be really, really rich the article “Novel Attack against Virtually All VPN Apps Neuters Their Entire Purpose.” The write up focuses on an exploit which compromises the “secrecy” the VPN user desires. I hopes the serial entrepreneur notes this passage:
“The attacker can read, drop or modify the leaked traffic and the victim maintains their connection to both the VPN and the Internet.”
Technical know how is required, but the point is that VPNs are often designed to:
- Capture data about the VPN user and other quite interesting metadata. These data are then used either for marketing, search engine optimization, or simple information monitoring.
- A way to get from a VPN hungry customer a credit card which can be billed every month for a long, long time. The customer believes a VPN adds security when zipping around from Web site to online service. Ignorance is bliss, and these VPN customers are usually happy.
- A large-scale industrial operation which sells VPN services to repackagers who buy bulk VPN bandwidth and sell it high. The winner is the “enabler” or specialized hosting provider who delivers a vanilla VPN service on the cheap and ignores what the resellers say and do. At one of the law enforcement / intel conferences I attended I heard someone mention the name of an ISP in Romania. I think the name of this outfit was M247 or something similar. Is this a large scale VPN utility? I don’t know, but I may take a closer look because Romania is an interesting country with some interesting online influencers who are often in the news.
The write up includes quite a bit of technical detail. There is one interesting factoid that took care to highlight for the VPN oriented entrepreneur:
Interestingly, Android is the only operating system that fully immunizes VPN apps from the attack because it doesn’t implement option 121. For all other OSes, there are no complete fixes. When apps run on Linux there’s a setting that minimizes the effects, but even then TunnelVision can be used to exploit a side channel that can be used to de-anonymize destination traffic and perform targeted denial-of-service attacks. Network firewalls can also be configured to deny inbound and outbound traffic to and from the physical interface. This remedy is problematic for two reasons: (1) a VPN user connecting to an untrusted network has no ability to control the firewall and (2) it opens the same side channel present with the Linux mitigation. The most effective fixes are to run the VPN inside of a virtual machine whose network adapter isn’t in bridged mode or to connect the VPN to the Internet through the Wi-Fi network of a cellular device.
What’s this mean? In a nutshell, Google did something helpful. By design or by accident? I don’t know. You pick the option that matches your perception of the Android mobile operating system.
This passage includes one of those observations which could be helpful to the aspiring bad actor. Run the VPN inside of a virtual machine and connect to Internet via a Wi-Fi network or mobile cellular service.
Several observations are warranted:
- The idea of a “private network” is not new. A good question to pose is, “Is there a way to create a private network that cannot be detected using conventional traffic monitoring and sniffing tools? Could that be the next big thing for some online services designed for bad actors?
- The lack of knowledge about VPNs makes it possible for data harvesters and worse to offer free or low cost VPN service and bilk some customers out of their credit card data and money.
- Bad actors are — at some point — going to invest time, money, and programming resources in developing a method to leapfrog the venerable and vulnerable VPN. When that happens, excitement will ensue.
Net net: Is there a solution to VPN trickery? Sure, but that involves many moving parts. I am not holding my breath.
Stephen E Arnold, July 2, 2024
Will Google Charge for AI Features? Of Course
July 2, 2024
Will AI spur Google to branch out from its ad-revenue business model? Possibly, Dataconomy concludes in, “AI Is Draining Google’s Money and We May Be Charged for It.” Writer Eray Eliaç?k cites reporting from the Financial Times when stating:
“Google, the search engine used by billions, is considering charging for special features made possible by artificial intelligence (AI). This would be different from its usual practice of offering most of its services for free. Here’s what this could mean: Google might offer some cool AI-driven tools, like a smarter assistant or personalized search options, but only to those who pay for them. The regular Google search would stay free, but these extra features would come with a price tag, such as Gemini, SGE, and Image generation with AI and more.”
Would Google really make more charging for AI than on serving up ads alongside it? Perhaps it will do both?
Eliaç?k reminds us AI is still far from perfect. There are several reasons he does not address:
- Google faces a challenge to maintain its ad monopolies as investigations into its advertising business which has been running without interference for more than two decades
- AI is likely to be a sector with a big dog and a couple of mid sized dogs, and a bunch of French bulldogs (over valued and stubborn). Google wants to be the winner because it invented the transformer and now has to deal with the consequences of that decision. Some of the pretenders are likely to be really big dogs and capable of tearing off Googzilla’s tail
- Cost control is easy to talk about in MBA class and financial columns. In real online life, cost control is a thorny problem. No matter how much the bean counters squeeze, the costs of new gear, innovation, and fixing stuff when it flames out over the weekend blasts many IT budgets into orbit. Yep, even Google’s wizards face this problem.
Net net: Google will have little choice but find a way to monetize clicks, eye balls, customer service, cloud access, storage, and any thing that can be slapped with a price tag. Take that to MBA class.
Cynthia Murrell, July 2, 2024
Prediction: Next Target Up — Public Libraries
June 26, 2024
This essay is the work of a dinobaby. Unlike some folks, no smart software improved my native ineptness.
The publishers (in spirit at least) have kneecapped the Internet Archive. If you don’t know what the online service does or did, it does not matter. I learned from the estimable ShowBiz411.com site, a cultural treasure is gone. Forget digital books, the article “Paramount Erases Archives of MTV Website, Wipes Music, Culture History After 30 Plus Years” says:
Parent company Paramount, formerly Viacom, has tossed twenty plus years of news archives. All that’s left is a placeholder site for reality shows. The M in MTV – music — is gone, and so is all the reporting and all the journalism performed by music and political writers ever written. It’s as if MTV never existed. (It’s the same for VH1.com, all gone.)
Why? The write up couches the savvy business decision of the Paramount leadership this way:
There’s no precedent for this, and no valid reason. Just cheapness and stupidity.
Tibby, my floppy ear Frenchie, is listening to music from the Internet Archive. He knows the publishers removed 500,000 books. Will he lose access to his beloved early 20th century hill music? Will he ever be able to watch reruns of the rock the casbah music video? No. He is a risk. A threat. A despicable knowledge seeker. Thanks to myself for this nifty picture.
My knowledge of MTV and VH1 is limited. I do recall telling my children, “Would you turn that down, please?” What a waste of energy. Future students of American culture will have a void. I assume some artifacts of the music videos will remain. But the motherlode is gone. Is this a loss? On one hand, no. Thank goodness I will not have to glimpse performs rocking the casbah. On the other hand, yes. Archaeologists study bits of stone, trying to figure out how those who left them built Machu Pichu did it. The value of lost information to those in the future is tough to discuss. But knowledge products may be like mine tailings. At some point, a bright person can figure out how to extract trace elements in quantity.
I have a slightly different view of these two recent cultural milestones. I have a hunch that the publishers want to protect their intellectual property. Internet Archive rolled over because its senior executives learned from their lawyers that lawsuits about copyright violations would be tough to win. The informed approach was to delete 500,000 books. Imagine an online service like the Internet Archive trying to be a library.
That brings me to what I think is going on. Copyright litigation will make quite a lot of digital information disappear. That means that increasing fees to public libraries for digital copies of books to “loan” to patrons must go up. Libraries who don’t play ball may find that those institutions will be faced with other publisher punishments: No American Library Association after parties, no consortia discounts, and at some point no free books.
Yes, libraries will have to charge a patron to check out a physical book and then the “publishers” will get a percentage.
The Andrew Carnegie “free” thing is wrong. Libraries rip off the publishers. Authors may be mentioned, but what publisher cares about 99 percent of its authors? (I hear crickets.)
Several thoughts struck me as I was walking my floppy ear Frenchie:
- The loss of information (some of which may have knowledge value) is no big deal in a social structure which does not value education. If people cannot read, who cares about books? Publishers and the wretches who write them. Period.
- The video copyright timebomb of the Paramount video content has been defused. Let’s keep those lawyers at bay, please. Who will care? Nostalgia buffs and the parents of the “stars”?
- The Internet Archive has music; libraries have music. Those are targets not on Paramount’s back. Who will shoot at these targets? Copyright litigators. Go go go.
Net net: My prediction is that libraries must change to a pay-to-loan model or get shut down. Who wants informed people running around disagreeing with lawyers, accountants, and art history majors?
Stephen E Arnold, June 26, 2024
Microsoft: Not Deteriorating, Just Normal Behavior
June 26, 2024
This essay is the work of a dinobaby. Unlike some folks, no smart software improved my native ineptness.
Gee, Microsoft, you are amazing. We just fired up a new Windows 11 Professional machine and guess what? Yep, the printers are not recognized. Nice work and consistent good enough quality.
Then I read “Microsoft Admits to Problems Upgrading Windows 11 Pro to Enterprise.” That write up says:
There are problems with Microsoft’s last few Windows 11 updates, leaving some users unable to make the move from Windows 11 Pro to Enterprise. Microsoft made the admission in an update to the "known issues" list for the June 11, 2024, update for Windows 11 22H2 and 23H2 – KB5039212. According to Microsoft, "After installing this update or later updates, you might face issues while upgrading from Windows Pro to a valid Windows Enterprise subscription."
Bad? Yes. But then I worked through this write up: “Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says.” Is the information in the article on the money? I don’t know. I do know that bad actors find Windows the equivalent of an unlocked candy store. Goodies are there for greedy teens to cart off the chocolate-covered peanuts and gummy worms.
Everyone interested in entering the Microsoft Windows Theme Park wants to enjoy the thrills of a potentially lucrative experience. Thanks, MSFT Copilot. Why is everyone in your illustration the same?
This remarkable story of willful ignorance explains:
U.S. officials confirmed reports that a state-sponsored team of Russian hackers had carried out SolarWinds, one of the largest cyberattacks in U.S. history.
How did this happen? The write up asserts:
The federal government was preparing to make a massive investment in cloud computing, and Microsoft wanted the business. Acknowledging this security flaw could jeopardize the company’s chances, Harris [a former Microsoft security expert and whistleblower] recalled one product leader telling him. The financial consequences were enormous. Not only could Microsoft lose a multibillion-dollar deal, but it could also lose the race to dominate the market for cloud computing.
Bad things happened. The article includes this interesting item:
From the moment the hack surfaced, Microsoft insisted it was blameless. Microsoft President Brad Smith assured Congress in 2021 that “there was no vulnerability in any Microsoft product or service that was exploited” in SolarWinds.
Okay, that’s the main idea: Money.
Several observations are warranted:
- There seems to be an issue with procurement. The US government creates an incentive for Microsoft to go after big contracts and then does not require Microsoft products to work or be secure. I know generals love PowerPoint, but it seems that national security is at risk.
- Microsoft itself operates with a policy of doing what’s necessary to make as much money as possible and avoiding the cost of engineering products that deliver what the customer wants: Stable, secure software and services.
- Individual users have to figure out how to make the most basic functions work without stopping business operations. Printers should print; an operating system should be able to handle what my first personal computer could do in the early 1980s. After 25 years, printing is not a new thing.
Net net: In a consequence-filled business environment, I am concerned that Microsoft will not improve its security and the most basic computer operations. I am not sure the company knows how to remediate what I think of as a Disneyland for bad actors. And I wanted the new Windows 11 Professional to work. How stupid of me?
Stephen E Arnold, June 26, 2024
Falling Apples: So Many to Harvest and Sell to Pay the EU
June 25, 2024
This essay is the work of a dinobaby. Unlike some folks, no smart software improved my native ineptness.
What’s goes up seems to come down. Apple is peeling back on the weird headset gizmo. The company’s AI response — despite the thrills Apple Intelligence produced in some acolytes — is “to be” AI or vaporware. China dependence remains a sticky wicket. And if the information in “Apple Has Very Serious Issues Under Sweeping EU Digital Rules, Competition Chief Says,” the happy giant in Cupertino will be writing some Jupiter-sized checks. Imagine. Pesky Europeans are asserting that Apple has a monopoly and has been acting less like Johnny Appleseed and more like Andrew Carnegie.
A powerful force causes Tim Apple to wonder why so many objects are falling on his head. Thanks, MSFT Copilot. Good enough.
The write up says:
… regulators are preparing charges against the iPhone maker. In March [2024], the European Commission, the EU’s executive arm, opened a probe into Apple, Alphabet and Meta, under the sweeping Digital Markets Act tech legislation that became applicable this year. The investigation featured several concerns about Apple, including whether the tech giant is blocking businesses from telling their users about cheaper options for products or about subscriptions outside of the App Store.
Would Apple, the flag bearer for almost-impossible to repaid products and software that just won’t charge laptop batteries no matter what the user needs to do prior to a long airplane flight prevent the free flow of information?
The EU nit pickers believe that Apple’s principles and policies are a “serious issue.”
How much money is possibly involved if the EU finds Apple a — pardon the pun — a bad apple in a barrel of rotten US high technology companies? The write up says:
If it is found in breach of Digital Markets Act rules, Apple could face fines of up to 10% of the company’s total worldwide annual turnover.
For FY2023, Apple captured about $380 billion, this works out to a potential payday for the EU of about US$ 38 billion and change.
Speaking of change, will a big fine cause those Apples to levitate? Nope.
Stephen E Arnold, June 25, 2024
Thomson Reuters: A Trust Report about Trust from an Outfit with Trust Principles
June 21, 2024
This essay is the work of a dinobaby. Unlike some folks, no smart software improved my native ineptness.
Thomson Reuters is into trust. The company has a Web page called “Trust Principles.” Here’s a snippet:
The Trust Principles were created in 1941, in the midst of World War II, in agreement with The Newspaper Proprietors Association Limited and The Press Association Limited (being the Reuters shareholders at that time). The Trust Principles imposed obligations on Reuters and its employees to act at all times with integrity, independence, and freedom from bias. Reuters Directors and shareholders were determined to protect and preserve the Trust Principles when Reuters became a publicly traded company on the London Stock Exchange and Nasdaq. A unique structure was put in place to achieve this. A new company was formed and given the name ‘Reuters Founders Share Company Limited’, its purpose being to hold a ‘Founders Share’ in Reuters.
Trust nestles in some legalese and a bit of business history. The only reason I mention this anchoring in trust is that Thomson Reuters reported quarterly revenue of $1.88 billion in May 2024, up from $1.74 billion in May 2023. The financial crowd had expected $1.85 billion in the quarter, and Thomson Reuters beat that. Surplus funds makes it possible to fund many important tasks; for example, a study of trust.
The ouroboros, according to some big thinkers, symbolizes the entity’s journey and the unity of all things; for example, defining trust, studying trust, and writing about trust as embodied in the symbol.
My conclusion is that trust as a marketing and business principle seems to be good for business. Therefore, I trust, and I am confident that the information in “Global Audiences Suspicious of AI-Powered Newsrooms, Report Finds.” The subject of the trusted news story is the Reuters Institute for the Study of Journalism. The Thomson Reuters reporter presents in a trusted way this statement:
According to the survey, 52% of U.S. respondents and 63% of UK respondents said they would be uncomfortable with news produced mostly with AI. The report surveyed 2,000 people in each country, noting that respondents were more comfortable with behind-the-scenes uses of AI to make journalists’ work more efficient.
To make the point a person working for the trusted outfit’s trusted report says in what strikes me as a trustworthy way:
“It was surprising to see the level of suspicion,” said Nic Newman, senior research associate at the Reuters Institute and lead author of the Digital News Report. “People broadly had fears about what might happen to content reliability and trust.”
In case you have lost the thread, let me summarize. The trusted outfit Thomson Reuters funded a study about trust. The research was conducted by the trusted outfit’s own Reuters Institute for the Study of Journalism. The conclusion of the report, as presented by the trusted outfit, is that people want news they can trust. I think I have covered the post card with enough trust stickers.
I know I can trust the information. Here’s a factoid from the “real” news report:
Vitus “V” Spehar, a TikTok creator with 3.1 million followers, was one news personality cited by some of the survey respondents. Spehar has become known for their unique style of delivering the top headlines of the day while laying on the floor under their desk, which they previously told Reuters is intended to offer a more gentle perspective on current events and contrast with a traditional news anchor who sits at a desk.
How can one not trust a report that includes a need met by a TikTok creator? Would a Thomson Reuters’ professional write a news story from under his or her desk or cube or home office kitchen table?
I think self funded research which finds that the funding entity’s approach to trust is exactly what those in search of “real” news need. Wikipedia includes some interesting information about Thomson Reuters in its discussion of the company in the section titled “Involvement in Surveillance.” Wikipedia alleges that Thomson Reuters licenses data to Palantir Technologies, an assertion which if accurate I find orthogonal to my interpretation of the word “trust.” But Wikipedia is not Thomson Reuters.
I will not ask questions about the methodology of the study. I trust the Thomson Reuters’ professionals. I will not ask questions about the link between revenue and digital information. I have the trust principles to assuage any doubt. I will not comment on the wonderful ouroboros-like quality of an enterprise embodying trust, funding a study of trust, and converting those data into a news story about itself. The symmetry is delicious and, of course, trustworthy. For information about Thomson Reuters’s trust use of artificial intelligence see this Web page.
Stephen E Arnold, June 21, 2024
There Must Be a Fix? Sorry. Nope.
June 20, 2024
This essay is the work of a dinobaby. Unlike some folks, no smart software improved my native ineptness.
I enjoy stories like “Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says.” It combines a number of fascinating elements; for example, corporate green, Russia, a whistleblower, and the security of the United States. Figuring out who did what to whom when and under what circumstances is not something a dinobaby at my pay grade of zero can do. However, I can highlight some of the moving parts asserted in the write up and pose a handful of questions. Will these make you feel warm and fuzzy? I hope not. I get a thrill capturing the ideas as they manifest in my very aged brain.
The capture officer proudly explains to the giant corporation, “You have won the money?” Can money buy security happiness? Answer: Nope. Thanks, MSFT Copilot. Good enough, the new standard of excellence.
First, what is the primum movens for this exposé? I think that for this story, one candidate is Microsoft. The company has to decide to do what slays the evil competitors, remains the leader in all things smart, and generates what Wall Street and most stakeholders crave: Money. Security is neither sexy nor a massive revenue producer when measured in terms of fixing up the vulnerabilities in legacy code, the previous fixes, and the new vulnerabilities cranked out with gay abandon. Recall any recent MSFT service which may create a small security risk or two? Despite this somewhat questionable approach to security, Microsoft has convinced the US government that core software like PowerPoint definitely requires the full panoply of MSFT software, services, features, and apps. Unfortunately articles like “Microsoft Chose Profit Over Security” converts the drudgery of cyber security into a snazzy story. A hard worker finds the MSFT flaw, reports it, and departs for a more salubrious work life. The write up says:
U.S. officials confirmed reports that a state-sponsored team of Russian hackers had carried out SolarWinds, one of the largest cyberattacks in U.S. history. They used the flaw Harris had identified to vacuum up sensitive data from a number of federal agencies, including, ProPublica has learned, the National Nuclear Security Administration, which maintains the United States’ nuclear weapons stockpile, and the National Institutes of Health, which at the time was engaged in COVID-19 research and vaccine distribution. The Russians also used the weakness to compromise dozens of email accounts in the Treasury Department, including those of its highest-ranking officials. One federal official described the breach as “an espionage campaign designed for long-term intelligence collection.”
Cute. SolarWinds, big-money deals, and hand-waving about security. What has changed? Nothing. A report criticized MSFT; the company issued appropriate slick-talking, lawyer-vetted, PR-crafted assurances that security is Job One. What has changed? Nothing.
The write up asserts about MSFT’s priorities:
the race to dominate the market for new and high-growth areas like the cloud drove the decisions of Microsoft’s product teams. “That is always like, ‘Do whatever it frickin’ takes to win because you have to win.’ Because if you don’t win, it’s much harder to win it back in the future. Customers tend to buy that product forever.”
I understand. I am not sure corporations and government agencies do. That PowerPoint software is the go-to tool for many agencies. One high-ranking military professional told me: “The PowerPoints have to be slick.” Yep, slick. But reports are written in PowerPoints. Congress is briefed with PowerPoints. Secret operations are mapped out in PowerPoints. Therefore, buy whatever it takes to make, save, and distribute the PowerPoints.
The appropriate response is, “Yes, sir.”
So what’s the fix? There is no fix. The Microsoft legacy security, cloud, AI “conglomeration” is entrenched. The Certified Partners will do patch ups. The whistleblowers will toot, but their tune will be downed out in the post-contract-capture party at the Old Ebbitt Grill.
Observations:
- Third-party solutions are going to have to step up. Microsoft does not fix; it creates.
- More serious breaches are coming. Too many nation-states view the US as a problem and want to take it down and put it out.
- Existing staff in the government and at third-party specialist firms are in “knee jerk mode.” The idea of pro-actively getting ahead of the numerous bad actors is an interesting thought experiment. But like most thought experiments, it can morph into becoming a BFF of Don Quixote and going after those windmills.
Net net: Folks, we have some cyber challenges on our hands, in our systems, and in the cloud. I wish reality were different, but it is what it is. (Didn’t President Clinton define “is”?)
Stephen E Arnold, June 20, 2024
-
- Subscribe to Beyond Search
Feature archive
News archive
-
