The Power of Regulation: Muscles MSFT Meets a Strict School Marm
November 17, 2023
This essay is the work of a dumb dinobaby. No smart software required.
I read “The EU Will Finally Free Windows Users from Bing.” The EU? That collection of fractious states which wrangle about irrelevant subjects; to wit, the antics of America’s techno-feudalists. Yep, that EU.
The “real news” write up reports:
Microsoft will soon let Windows 11 users in the European Economic Area (EEA) disable its Bing web search, remove Microsoft Edge, and even add custom web search providers — including Google if it’s willing to build one — into its Windows Search interface. All of these Windows 11 changes are part of key tweaks that Microsoft has to make to its operating system to comply with the European Commission’s Digital Markets Act, which comes into effect in March 2024
The article points out that the DMA includes a “slew” of other requirements. Please, do not confuse “slew” with “stew.” These are two different things.
The old fashioned high school teacher says to the high school super star, “I don’t care if you are an All-State football player, you will do exactly as I say. Do you understand?” The outsized scholar-athlete scowls and say, “Yes, Mrs. Ee-You. I will comply.” Thank you MSFT Copilot. You converted the large company into an image I had of its business practices with aplomb.
Will Microsoft remove Bing — sorry, Copilot — from its software and services offered in the EU? My immediate reaction is that the Redmond crowd will find a way to make the magical software available. For example, will such options as legalese and a check box, a new name, a for fee service with explicit disclaimers and permissions, and probably more GenZ ideas foreign to me do the job?
The techno weight lifter should not be underestimated. Those muscles were developed moving bundles of money, not dumb “belles.”
Stephen E Arnold, November 17, 2023
Smart Software for Cyber Security Mavens (Good and Bad Mavens)
November 17, 2023
This essay is the work of a dumb humanoid. No smart software required.
One of my research team (who wishes to maintain a low profile) called my attention to the “Awesome GPTs (Agents) for Cybersecurity.” The list on GitHub says:
The "Awesome GPTs (Agents) Repo" represents an initial effort to compile a comprehensive list of GPT agents focused on cybersecurity (offensive and defensive), created by the community. Please note, this repository is a community-driven project and may not list all existing GPT agents in cybersecurity. Contributions are welcome – feel free to add your own creations!
Open source cyber security tools and smart software can be used by good actors to make people safe. The tools can be used by less good actors to create some interesting situations for cyber security professionals, the elderly, and clueless organizations. Thanks, Microsoft Bing. Does MSFT use these tools to keep people safe or unsafe?
When I viewed the list, it contained more than 30 items. Let me highlight three, and invite you to check out the other 30 at the link to the repository:
- The Threat Intel Bot. This is a specialized GPT for advanced persistent threat intelligence
- The Message Header Analyzer. This dissects email headers for “insights.”
- Hacker Art. The software generates hacker art and nifty profile pictures.
Several observations:
- More tools and services will be forthcoming; thus, the list will grow
- Bad actors and good actors will find software to help them accomplish their objectives.
- A for fee bundle of these will be assembled and offered for sale, probably on eBay or Etsy. (Too bad fr0gger.)
Useful list!
Stephen E Arnold, November 17, 2023
xx
test
Google: Rock Solid Arguments or Fanciful Confections?
November 17, 2023
This essay is the work of a dumb humanoid. No smart software required.
I read some “real” news from a “real” newspaper. My belief is that a “real journalist”, an editor, and probably some supervisory body reviewed the write up. Therefore, by golly, the article is objective, clear, and actual factual. What’s “What Google Argued to Defend Itself in Landmark Antitrust Trial” say?
“I say that my worthy opponent’s assertions are — ahem, harrumph — totally incorrect. I do, I say, I do offer that comment with the greatest respect. My competitors are intellectual giants compared to the regulators who struggle to use Google Maps on an iPhone,” opines a legal eagle who supports Google. Thanks, Microsoft Bing. You have the “chubby attorney” concept firmly in your digital grasp.
First, the write up says zero about the secrecy in which the case is wrapped. Second, it does not offer any comment about the amount the Google paid to be the default search engine other than offering the allegedly consumer-sensitive, routine, and completely logical fees Google paid. Hey, buying traffic is important, particularly for outfits accused of operating in a way that requires a US government action. Third, the support structure for the Google arguments is not evident. I could not discern the logical threat that linked the components presented in such lucid prose.
The pillars of the logical structure are:
- Appropriate payments for traffic; that is, the Google became the default search engine. Do users change defaults? Well, sure they do? If true, then why be the default in the first place. What are the choices? A Russian search engine, a Chinese search engine, a shadow of Google (Bing, I think), or a metasearch engine (little or no original indexing, just Vivisimo-inspired mash up results)? But pay the “appropriate” amount Google did.
- Google is not the only game in town. Nice terse statement of questionable accuracy. That’s my opinion which I articulated in the three monographs I wrote about Google.
- Google fosters competition. Okay, it sure does. Look at the many choices one has: Swisscows.com, Qwant.com, and the estimable Mojeek, among others.
- Google spends lots of money on helping people research to make “its product great.”
- Google’s innovations have helped people around the world?
- Google’s actions have been anticompetitive, but not too anticompetitive.
Well, I believe each of these assertions. Would a high school debater buy into the arguments? I know for a fact that my debate partner and I would not.
Stephen E Arnold, November 17, 2023
Adobe: Delivers Real Fake War Images
November 17, 2023
This essay is the work of a dumb humanoid. No smart software required.
Gee, why are we not surprised? Crikey. reveals, “Adobe Is Selling Fake AI Images of the War in Israel-Gaza.” While Adobe did not set out to perpetuate fake news about the war, neither it did not try very hard to prevent it. Reporter Cam Wilson writes:
“As part of the company’s embrace of generative artificial intelligence (AI), Adobe allows people to upload and sell AI images as part of its stock image subscription service, Adobe Stock. Adobe requires submitters to disclose whether they were generated with AI and clearly marks the image within its platform as ‘generated with AI’. Beyond this requirement, the guidelines for submission are the same as any other image, including prohibiting illegal or infringing content. People searching Adobe Stock are shown a blend of real and AI-generated images. Like ‘real’ stock images, some are clearly staged, whereas others can seem like authentic, unstaged photography. This is true of Adobe Stock’s collection of images for searches relating to Israel, Palestine, Gaza and Hamas. For example, the first image shown when searching for Palestine is a photorealistic image of a missile attack on a cityscape titled ‘Conflict between Israel and Palestine generative AI’. Other images show protests, on-the-ground conflict and even children running away from bomb blasts — all of which aren’t real.”
Yet these images are circulating online, adding to the existing swirl of misinformation. Even several small news outlets have used them with no disclaimers attached. They might not even realize the pictures are fake.
Or perhaps they do. Wilson consulted RMIT’s T.J. Thomson, who has been researching the use of AI-generated images. He reports that, while newsrooms are concerned about misinformation, they are sorely tempted by the cost-savings of using generative AI instead of on-the-ground photographers. One supposes photographer safety might also be a concern. Is there any stuffing this cat into the bag, or must we resign ourselves to distrusting any images we see online?
A loss suffered in the war is real. Need an image of this?
Cynthia Murrell, November 17, 2023
AI Is a Rainmaker for Bad Actors
November 16, 2023
This essay is the work of a dumb dinobaby. No smart software required.
How has smart software, readily available as open source code and low-cost online services, affected cyber crime? Please, select from one of the following answers. No cheating allowed.
[a] Bad actors love smart software.
[b] Criminals are exploiting smart orchestration and business process tools to automate phishing.
[c] Online fraudsters have found that launching repeated breaching attempts is faster and easier when AI is used to adapt to server responses.
[d] Finding mules for drug and human trafficking is easier than ever because social media requests for interested parties can be cranked out at high speed 24×7.
“Well, Slim, your idea to use that new fangled smart software to steal financial data is working. Sittin’ here counting the money raining down on us is a heck of a lot easier than robbing old ladies in the Trader Joe’s parking lot,” says the bad actor with the coffin nail of death in his mouth and the ill-gotten gains in his hands. Thanks, Copilot, you are producing nice cartoons today.
And the correct answer is … a, b, c, and d.
For some supporting information, navigate to “Deepfake Fraud Attempts Are Up 3000% in 2023. Here’s Why.” The write up reports:
Face-swapping apps are the most common example. The most basic versions crudely paste one face on top of another to create a “cheapfake.” More sophisticated systems use AI to morph and blend a source face onto a target, but these require greater resources and skills. The simple software, meanwhile, is easy to run and cheap or even free. An array of forgeries can then be simultaneously used in multiple attacks.
I like the phrase “cheap fakes.”
Several observations:
- Bad actors, unencumbered by bureaucracy, can download, test, tune, and deploy smart criminal actions more quickly than law enforcement can thwart them
- Existing cyber security systems are vulnerable to some smart attacks because AI can adapt and try different avenues
- Large volumes of automated content can be created and emailed without the hassle of manual content creation
- Cyber security vendors operate in “react mode”; that is, once a problem is discovered then the good actors will develop a defense. The advantage goes to those with a good offense, not a good defense.
Net net: 2024 will be fraught with security issues.
Stephen E Arnold, November 17, 2023
How Google Works: Think about Making Sausage in 4K on a Big Screen with Dolby Sound
November 16, 2023
This essay is the work of a dumb, dinobaby humanoid. No smart software required.
I love essays which provide a public glimpse of the way Google operates. An interesting insider description of the machinations of Googzilla’s lair appears in “What I Learned Getting Acquired by Google.” I am going to skip the “wow, the Google is great,” and focus on the juicy bits.
Driving innovation down Google’s Information Highway requires nerves of steel and the patience of Job. A good sense of humor, many brain cells, and a keen desire to make the techno-feudal system dominate are helpful as well. Thanks, Microsoft Bing. It only took four tries to get an illustration of vehicles without parts of each chopped off.
Here are the article’s “revelations.” It is almost like sitting in the Google cafeteria and listening to Tony Bennett croon. Alas, those days are gone, but the “best” parts of Google persist if the write up is on the money.
Let me highlight a handful of comments I found interesting and almost amusing:
- Google, according to the author, “an ever shifting web of goals and efforts.” I think this means going in many directions at once. Chaos, not logic, drives the sports car down the Information Highway
- Google has employees who want “to ship great work, but often couldn’t.” Wow, the Googley management method wastes resources and opportunities due to the Googley outfit’s penchant for being Googley. Yeah, Googley because lousy stuff is one output, not excellence. Isn’t this regressive innovation?
- There are lots of managers or what the author calls “top heavy.” But those at the top are well paid, so what’s the incentive to slim down? Answer: No reason.
- Google is like a teen with a credit card and no way to pay the bill. The debt just grows. That’s Google except it is racking up technical debt and process debt. That’s a one-two punch for sure.
- To win at Google, one must know which game to play, what the rules of that particular game are, and then have the Machiavellian qualities to win the darned game. What about caring for the users? What? The users! Get real.
- Google screws up its acquisitions. Of course. Any company Google buys is populated with people not smart enough to work at Google in the first place. “Real” Googlers can fix any acquisition. The technique was perfected years ago with Dodgeball. Hey, remember that?
Please, read the original essay. The illustration shows a very old vehicle trying to work its way down an information highway choked with mud, blocked by farm equipment, and located in an isolated fairy land. Yep, that’s the Google. What happens if the massive flows of money are reduced? Yikes!
Stephen E Arnold, November 16, 2023
Buy Google Traffic: Nah, Paying May Not Work
November 16, 2023
This essay is the work of a dumb humanoid. No smart software required.
Tucked into a write up about the less than public trial of the Google was an interesting factoid. The source of the item was “More from the US v Google Trial: Vertical Search, Pre-Installs and the Case of Firefox / Yahoo.” Here’s the snippet:
Expedia execs also testified about the cost of ads and how increases had no impact on search results. On October 19, Expedia’s former chief operating officer, Jeff Hurst, told the court the company’s ad fees increased tenfold from $21 million in 2015 to $290 million in 2019. And yet, Expedia’s traffic from Google did not increase. The implication was that this was due to direct competition from Google itself. Hurst pointed out that Google began sharing its own flight and hotel data in search results in that period, according to the Seattle Times.
“Yes, sir, you can buy a ticket and enjoy a ticket to our entertainment,” says the theater owner. The customer asks, “Is the theater in good repair?” The ticket seller replies, “Of course, you get your money’s worth at our establishment. Next.” Thanks, Microsoft Bing. It took several tries before I gave up.
I am a dinobaby, and I am, by definition, hopelessly out of it. However, I interpret this passage in this way:
- Despite protestations about the Google algorithm’s objectivity, Google has knobs and dials it can use to cause the “objective” algorithm to be just a teenie weenie less objective. Is this a surprise? Not to me. Who builds a system without a mechanism for controlling what it does. My favorite example of this steering involves the original FirstGov.gov search system circa 2000. After Mr. Clinton lost the election, the new administration, a former Halliburton executive wanted a certain Web page result to appear when certain terms were searched. No problemo. Why? Who builds a system one cannot control? Not me. My hunch is that Google may have a similar affection for knobs and dials.
- Expedia learned that buying advertising from a competitor (Google) was expensive and then got more expensive. The jump from $21 million to $290 million is modest from the point of view of some technology feudalists. To others the increase is stunning.
- Paying more money did not result in an increase in clicks or traffic. Again I was not surprised. What caught my attention is that it has taken decades for others to figure out how the digital highway men came riding like a wolf on the fold. Instead of being bedecked with silver and gold, these actors wore those cheerful kindergarten colors. Oh, those colors are childish but those wearing them carried away the silver and gold it seems.
Net net: Why is this US v Google trial not more public? Why so many documents withheld? Why is redaction the best billing tactic of 2023? So many questions that this dinobaby cannot answer. I want to go for a ride in the Brin-A-Loon too. I am a simple dinobaby.
Stephen E Arnold, November 16, 2023
An Odd Couple Sharing a Soda at a Holiday Data Lake
November 16, 2023
What happens when love strikes the senior managers of the technology feudal lords? I will tell you what happens — Love happens. The proof appears in “Microsoft and Google Join Forces on OneTable, an Open-Source Solution for Data Lake Challenges.” Yes, the lakes around Redmond can be a challenge. For those living near Googzilla’s stomping grounds, the risk is that a rising sea level will nuke the outdoor recreation areas and flood the parking lots.
But any speed dating between two techno feudalists is news. The “real news” outfit Venture Beat reports:
In a new open-source partnership development effort announced today, Microsoft is joining with Google and Onehouse in supporting the OneTable project, which could reshape the cloud data lake landscape for years to come
And what does “reshape” mean to these outfits? Probably nothing more than making sure that Googzilla and Mothra become the suppliers to those who want to vacation at the data lake. Come to think of it. The concessions might be attractive as well.
Googzilla says to Mothra-Soft, a beast living in Mercer Island, “I know you live on the lake. It’s a swell nesting place. I think we should hook up and cooperate. We can share the money from merged data transfers the way you and I — you good looking Lepidoptera — are sharing this malted milk. Let’s do more together if you know what I mean.” The delightful Mothra-Soft croons, “I thought you would wait until our high school reunion to ask, big boy. Let’s find a nice, moist, uncrowded place to consummate our open source deal, handsome.” Thanks, Microsoft Bing. You did a great job of depicting a senior manager from the company that developed Bob, the revolutionary interface.
The article continues:
The ability to enable interoperability across formats is critical for Google as it expands the availability of its BigQuery Omni data analytics technology. Kazmaier said that Omni basically extends BigQuery to AWS and Microsoft Azure and it’s a service that has been growing rapidly. As organizations look to do data processing and analytics across clouds there can be different formats and a frequent question that is asked is how can the data landscape be interconnected and how can potential fragmentation be stopped.
Is this alleged linkage important? Yeah, it is. Data lakes are great places to part AI training data. Imagine the intelligence one can glean monitoring inflows and outflows of bits. To make the idea more interesting think in terms of the metadata. Exciting because open source software is really for the little guys too.
Stephen E Arnold, November 16, 2023
SolarWinds: Huffing and Puffing in a Hot Wind on a Sunny Day
November 16, 2023
This essay is the work of a dumb humanoid. No smart software required.
Remember the SolarWinds’ misstep? Time has a way deleting memories of security kerfuffles. Who wants to recall ransomware, loss of data, and the general embarrassment of getting publicity for the failure of existing security systems? Not too many. A few victims let off steam by blaming their cyber vendors. Others — well, one — relieve their frustrations by emulating a crazed pit bull chasing an M1 A2 battle tank. The pit bull learns that the M1 A2 is not going to stop and wait for the pit bull to stop barking and snarling. The tank grinds forward, possibly over Solar (an unlikely name for a pit bull in my opinion).
The slick business professional speaks to a group of government workers gathered outside on the sidewalk of 100 F Street NW. The talker is semi-shouting, “Your agency is incompetent. You are unqualified. My company knows how to manage our business, security, and personnel affairs.” I am confident this positive talk will win the hearts and minds of the GS-13s listening. Thanks, Microsoft Bing. You obviously have some experience with government behaviors.
I read “SolarWinds Says SEC Sucks: Watchdog Lacks Competence to Regulate Cybersecurity.” The headline attributes the statement to a company. My hunch is that the criticism of the SEC is likely someone other than the firm’s legal counsel, the firm’s CFO, or its PR team.
The main idea, of course, is that SolarWinds should not be sued by the US Securities & Exchange Commission. The SEC does have special agents, but no criminal authority. However, like many US government agencies and their Offices of Inspector General, the investigators can make life interesting for those in whom the US government agency has an interest. (Tip: I will now offer an insider tip. Avoid getting crossways with a US government agency. The people may change but the “desks” persist through time along with documentation of actions. The business processes in the US government mean that people and organizations of interest can be the subject to scrutiny. Like the poem says, “Time cannot wither nor custom spoil the investigators’ persistence.”)
The write up presents information obtained from a public blog post by the victim of a cyber incident. I call the incident a misstep because I am not sure how many organizations, software systems, people, and data elements were negatively whacked by the bad actors. In general, the idea is that a bad actor should not be able to compromise commercial outfits.
The write up reports:
SolarWinds has come out guns blazing to defend itself following the US Securities and Exchange Commission’s announcement that it will be suing both the IT software maker and its CISO over the 2020 SUNBURST cyberattack.
The vendor said the SEC’s lawsuit is "fundamentally flawed," both from a legal and factual perspective, and that it will be defending the charges "vigorously." A lengthy blog post, published on Wednesday, dissected some of the SEC’s allegations, which it evidently believes to be false. The first of which was that SolarWinds lacked adequate security controls before the SUNBURST attack took place.
The right to criticize is baked into the ethos of the US of A. The cited article includes this quote from the SolarWinds’ statement about the US Securities & Exchange Commission:
It later went on to accuse the regulator of overreaching and "twisting the facts" in a bid to expand its regulatory footprint, as well as claiming the body "lacks the authority or competence to regulate public companies’ cybersecurity. The SEC’s cybersecurity-related capabilities were again questioned when SolarWinds addressed the allegations that it didn’t follow the NIST Cybersecurity Framework (CSF) at the time of the attack.
SolarWinds feels strongly about the SEC and its expertise. I have several observations to offer:
- Annoying regulators and investigators is not perceived in some government agencies as a smooth move
- SolarWinds may find that its strong words may be recast in the form of questions in the legal forum which appears to be roaring down the rails
- The SolarWinds’ cyber security professionals on staff and the cyber security vendors whose super duper bad actor stoppers appear to have an opportunity to explain their view of what I call a “misstep.”
Do I have an opinion? Sure. You have read it in my blog posts or heard me say it in my law enforcement lectures, most recently at the Massachusetts / New York Association of Crime Analysts’ meeting in Boston the first week of October 2023.
Cyber security is easier to describe in marketing collateral than do in real life. The SolarWinds’ misstep is an interesting case example of reality being different from the expectation.
Stephen E Arnold, November 16, 2023
Using Smart Software to Make Google Search Less Awful
November 16, 2023
This essay is the work of a dumb humanoid. No smart software required.
Here’s a quick tip: to get useful results from Google Search, use a competitor’s software. Digital Digging blogger Henk van Ess describes “How to Teach ChatGPT to Come Up with Google Formulas.” Specifically, Ess needed to include foreign-language results in his queries while narrowing results to certain time frames. These are not parameters Google handles well on its own. It was Chat GPT to the rescue—after some tinkering, anyway. He describes an example search goal:
“Find any official document about carbon dioxide reduction from Greek companies, anything from March 24, 2020 to December 21, 2020 will do. Hey, can you search that in Greek, please? Tough question right? Time to fire up Bing or ChatGPT. Round 1 in #chatgpt has a terrible outcome.”
But of course, Hess did not stop there. For the technical details on the resulting “ball of yarn,” how Hess resolved it, and how it can be extrapolated to other use cases, navigate to the write-up. One must bother to learn how to write effective prompts to get these results, but Hess insists it is worth the effort. The post observes:
“The good news is: you only have to do it once for each of your favorite queries. Set and forget, as you just saw I used the same formulae for Greek CO2 and Japanese EV’s. The advantage of natural language processing tools like ChatGPT is that they can help you generate more accurate and relevant search queries in a faster and more efficient way than manually typing in long and complex queries into search engines like Google. By using natural language processing tools to refine and optimize your search queries, you can avoid falling into ‘rabbit holes’ of irrelevant or inaccurate results and get the information you need more quickly and easily.”
Google is currently rolling out its own AI search “experience” in phases around the world. Will it improve results, or will one still be better off employing third-party hacks?
Cynthia Murrell, November 16, 2023
-
- Subscribe to Beyond Search
Feature archive
News archive
-
