Tag Archives: IT

October 29, 2023 · 17:07

The students of Mediocrates

This is the setting I found myself in. Early this morning (0r late last night) I wrote ‘War never Changes’ (at https://lawlordtobe.com/2023/10/29/war-never-changes/). It was several hours after that when I got a message from JB-Hifi who was flogging the Microsoft laptop ‘Surface Laptop Studio 2’ and I decided to search on some reviews. I knew nothing of this device and soon enough I understood why. The Verge gives us ‘Surface Laptop Studio 2 review: this could be so much more’ with the byline “Microsoft’s new Surface Laptop Studio 2 has new chips, a new touchpad, and a very, very high price tag”, the review was given to the people on October 4th (world animal day no less) and there we see “there’s the biggest problem for the Surface at this price, which is that its battery life is not anywhere near what Apple can offer. I only averaged four hours and 19 minutes of continuous use out of this device with Battery Saver on” as such this battery is a lot less then what the MacBook Air gave us in 2020, the new MacBook Air is even better. More importantly it loses 7 out of 8 tests against the MacBook Air with a M2 processor. I was horrified that it took Microsoft 47% longer to export 4K video. That is nothing less than a joke. The larger issue isn’t this, it is that Intel just announced its “Meteor Lake” CPU generation, and we expect to see those laptops roll out around December. I have no idea how Microsoft stacks up against that puppy, but I fear the worst for Microsoft.

You see, we get that not every laptop is a given for everyone, I am fine with that. Yet to rely on an I7 processor implies you need a sturdy battery to begin with and that one is missing from the get go.

This is the larger setting of Microsoft, wanting to be in a race merely to compete, never to win it. They lost 6 times over already and they are losing more. How much longer before the Microsoft sycophants give up on the brand? Microsoft always had competitors (Asus, Apple, Dell, HP) and now Intel is in a position to surpass them as well. That is the problem with Microsoft, they aren’t in it to win it. They can claim whatever they want, yet when you get “Unfortunately, the Studio 2’s benchmark scores were underwhelming. Don’t get me wrong: it’s certainly an improvement over the OG Studio. Whether exporting in Premiere or running Tomb Raider, it is faster. But these are far from the best numbers you’ll see among premium workstations today.” To be labelled underwhelming is a problem. They shouted for the longest time that their console was the most powerful in the world and within 2 years it was surpassed by the weakest console of them all (Nintendo Switch) and I am about to hand 50 million potential customers (in phase one) to another vendor (preferably Amazon).

Microsoft is now the favourite corporation to end up with the wooden spoon (dead last in a race). They lost against so many (see previous article for names) and now we see that Intel and Tencent Technologies are potential better players too.
It puts Microsoft on a sliding scale of revenue. It needs to get $4 billion in interest alone on current loans and when their so called mountain of revenue dwindles down because they are losing too many places where they are in the top 2 it becomes awkward and disappointing on several levels. This is the setting I spoke about yesterday and some still call me delusional. Not to worry, the facts are out there and the Verge (at https://www.theverge.com/23900932/microsoft-surface-laptop-studio-2-2023-intel-review) added to the hardship of Microsoft. 

When you get quotes like “right now is a particularly not-great time to be buying a horrendously expensive 13th Gen laptop” especially when the 14th gen laptops are being released next month before Christmas. Then we get “the current Surface Laptop Studio is an okay convertible. For its price, it should be more than that”, as I see it it is Mediocrates all over again. He was the man famous for “Meh, good enough” and in IT that just doesn’t hold the mustard. If there is an upside then it would be the design and the screen. All these parts that I saw looked pretty spectacular. But does that warrant the $3,499.99 price-tag? I personally don’t believe so, but others might feel differently on that. It seemingly has more options to connect and that is good, but as stated lacks a full SD slot. That is an issue I had with the Lenovo Chromebook 5 years ago, but that thing was $349, for $3K more I expect better and the lack of a full slot tends to have other issues when working in laptop mode, but I will agree that could merely be me.

So on Sunday I learn that Microsoft still worships Mediocrates, not a good setting to be in, not at all.

Leave a comment

Filed under Finance, IT

Tagged as , , , , , , , , , , , , , ,

September 27, 2023 · 00:47

One card to rule them all

This morning I was confronted with an image. The image wasn’t the unsettling part, it was the part that the image did not give. You see, I got my first smart-card in 1991 by Unilever. They already had smart-card security when it was a myth at best. 

Now consider the set-up above. This level of card cloning can now be done by a high schooler. And people think that this level of protection works? How quaint.

So my old noggin started to mull things over, we need to upgrade this stuff by a lot. I know all the people will state that this isn’t needed. But when insurance companies catch on that people are cutting corners the premium goes up by a lot. Now, my idea might not be the best solution, but I leave this to the ACTUAL cyber boys to mull this idea into something workable.

In my view the smart-card has 3 layers, the lowest layer is an RFID shield, this makes scanning the cards really hard, the middle layer is the circuitboard and the top layer is the plastic layer. Now the circuitboard can have 7 nano sims, but only a minimum of two are required. You see, all that cheap corner stuff is done for. The 6 sim locations are connected through printed circuitry, the one part a hacker cannot copy or clone. As such these sims become part of a non-repudiation process. And as they are specifically created for each client, you have 64 options right from the start and when you consider that each nano sim and the circuitry adds a few thousand combinations we can safely say that these hackers stop being a problem.

The centre sim is where specifics are programmed on site (hotel, corporation HR), the other one, or up to 3 other ones are SPECIFIC to that client. Yes, it could all fit ONE sim, but that is where people get into trouble and cyber criminals will have a field day.

You see, what we do is raise the threshold. The image below gives the side I was after. 

The lower part are the wannabe hackers, simple thieves and so on, that is a little over 50% of the lot and they are taken out of the equation completely. They lack the resources to make it work. The yellow are partial threats, these are the high end hackers. They are driven to results and finance, so if the goal is not the required need, it is left alone. That doesn’t make them a non-issue, but unless they have something really interesting to gain, they aren’t interested. The green ones are the remaining threats. People with government access, or serious funds. We have now removed a little over 90% of the threat that was in existence. You think and insurance company having to pay out millions upon millions will try to avoid having to pay at all. We can come with all the usual culprits, but that is not where it is at. Consider that a player like Northrop Grumman needs to keep their IP safe, the first stage is non-repudiation.  That person and that person alone could have done this and a cloned card makes that part near impossible. In the end some will always have access, but when we can remove 90% from the equation, that part matters and it matters a lot. So that is what I was mulling over and this idea came to the top. Perhaps not everyone’s cup of tea, but that is not my concern. I had another idea, number 4 (or 5) this week alone and now I will snore like a sawmill, it is Wednesday here now.

Enjoy the day.

Leave a comment

Filed under Finance, IT, Science

Tagged as , , , , , ,

September 18, 2023 · 16:56

The notion

This all started a long time ago and my mind revisited this point mere hours ago. I was watching a YouTube on Dubai by Travelalgorithm. I saw a banner stating “The dream starts here” and my mind went somewhere else. You see, what it is not the dream or the nightmare, but the notion? The spark that sets things in motion.

Past tense
In the past (around 35 years ago) I was send a game to test. It was called Virus. It had a bio hazard sticker, it was wrapped like it was dangerous, but it was a game. A game with a difference. You see, someone thought things through. They had the building blocks, but your hard-drive was the template. It would scan your drive and from there it would create levels and a game. And that file could be send to others who would send their file to you and you would have hundreds of hours to play. The setting was pretty ingenious.

Present time
Now we go to today, it could still work, but it could also set a massive larger stage with cloud stages. Now we are going to a much higher challenge (if you have a cloud directory). Then my mind took a twist on the matter and I cannot tell if it is just the story, a related story to other film IP I have, or merely new IP. 

What happens when that solution creates a scan handle for every file? What if it looks for something specific? Now these levels become an entirely new stage in data collecting. And the idea is not new. Phishing operations are set to this level of access. Yet did anyone consider that gaming is also a data collective? I accuses Microsoft of that years ago, but that was a simple operation. What if the operation is not that simple. What if the combination of games create the handles they need to collect stuff? People thinking that they are gamers are so collectively driven to whatever is proclaimed to be cool. Look at some game advertising that claim “only 1% can do this”. How many people will let their ego speak and fall for that trap and that is merely the simplest of traps. What if the upload that some games do is holding a little more? It is not out of the realm of possibilities and I a not that certain how alert Google and Apple are on the subject. This gets to be a lot more dangerous if you consider the old stages that Facebook game creators employed. If you had one game, getting to a certain level would unlock something in another game and soon enough people started to play that game too and more games afterwards. So what happens that two or more games will unlock interactions as well as other interactions? 

You might think this is nuts and it possibly is, but isn’t that how some ideas make for great story IP (read movie IP). At present there is more and more need for new stories and as America hasn’t been getting anything done. Other creators have had the stage all to themselves. There are all kinds of twists in stories. I personally will always love the Usual Suspects (1995) and that is for me. Yet today thee is an abundance of twists and cockles in storytelling that could and should be upgraded. Yet too many use the game as the story (which makes sense), yet too many are avoiding the technology that enabled the game in the first place and Virus was not a usual game. We focus on intelligent auto design of levels making them never the same (Diablo 3) and that is fine. Yet what happens when that engine is corrupted? It is starting to happen and it is happening more and more. What if the design is set to make you ALMOST succeed? Did you figure on that? Did you realise that most match three games seem to be easy the first 15 levels and after that it gets harder soon enough? But they have you, just buy a few ‘special items’ and you are back on track and it works, for the next 10-15 levels at least and suddenly you have spend $5. It isn’t much because that is not the goal. It is the goal of 200,000 people spending that and suddenly the game makers has a cool million. But what if that isn’t all? What if the IP on your laptop is the end goal? Did you consider that danger? That is the notion this story is thinking of. Consider the twist in Ocean’s 8 (2018). I thought it was brilliant and until the end I never saw it coming. As we went in blinker mode for one target, we overlooked the larger picture and combine these two and you have the setting. If you are still in the dark. Consider the military locations and what hardware too many kids get access to on that base (some adults too). There is a larger setting where they are all gullible and the Pentagon has overlooked that setting. Now consider what access the criminal mind gets when they combine two notions to create a third. So is that three notions, or does it suddenly become a total of 6 options? ( I will let you figure that one out).

Still, the idea has merit if you know the direction some are not considering for too long a time.

Enjoy Monday.

Leave a comment

Filed under Gaming, IT, movies, Stories

Tagged as , , , , , , , , , ,

August 30, 2023 · 07:35

A simpleminded A, B, C

It started yesterday when I saw a message pass by on LinkedIn. (See below). 

The honest first thing I thought was ‘Are you effing kidding me?’ It was like an episode of comedy capers. I thought that this level of shortsightedness was a thing of the past, but it seems to me that people will get themselves into heaps of troubles for the longest of times. And what was that term “endless digital potential?” A call to arms for the stupid people? 

So here I am educating the wannabes and the short of cash people, because it is essential. An API is an Application Programming Interface. It is a set of definitions and protocols for integrating application software, or to ‘simplify’ this “a software intermediary that allows two applications to talk to each other.” It is a way for others to talk to your software or data. It allows access. To give another reference. You are about to connect an anchor to your boat. But there are Danforth anchors, plow anchors, fluke anchors and several others. It depends on the size of the boat and WHERE you tend to park that dinghy, that largely decides what kind of anchor you need, not what is the prettiest anchor, that tends to be a factor in losing your boat. 

To put it in a better way “digital potential” will be seen when you connect YOUR data to anyone else’s data. Did you consider that? You see this blinders approach to information is nice and those with dollar shaped pupils take notice and want to race to that digital potential, yet the reality is something less nice. It is the chapter of risk.

RISK
Risk is the number one consideration, there is no other. Is it worth doing ‘approach A’ to get to the finish of revenue? 

Bad coding
This is perhaps the largest foe. Right off the bat, if you start off with the premise of bad coding, you are exposing yourself to serious API security risks and that is an issue. But fear not this person thought of that. We are given “That’s why we designed IBSuite as API First!” Yes, really? Security risks are still a massive danger. Unrestricted access to sensitive business flows is the stuff nightmares are made of and a security risk will bring that to your front door. 

Inadequate validation
A security researcher discovered an API payload that would send invalid data to their own user process, which would repeatedly fail to be handled correctly. This error handling loop prevented further access to their user account. This is perhaps the smallest issue, the problem is that failure to handle something correctly implies that something goes somewhere else. Do you know where that somewhere else is? Consider that your former colleagues spend decades optimising the data you have now, would you like others to enjoy that hard work, or keep that in house? 

Hesitating over API utilisation
Some state that in big companies, sometimes management can neglect to track APIs and their utilisation numbers. From this point, you can incur many charges and leave yourself open to security risks due to exposed APIs. So not only are you in danger to hand over your data, you can get charged for it too. Utilisation of data and greed in one nice compact solution, who would have thought it possible? 

Accountability
This does sound like the odd duck out, but in reality it often connects to data loss, Since API’s connect external users and applications with a firm’s internal applications, they are potential paths to a firm’s data. If access to these paths is not controlled, data can reach the wrong hands – and can be stolen, modified, or even irretrievably deleted. So data could get copied and then deleted, to make sure it does not hinder YOUR storage. I wonder if they will charge you to hand the data back? Just a thought.

Risks of XML
I admit, this is the hardest one for me. It is not always easy to put your finger on XML, its usage is too widespread, in the 90’s it was never an issue, more of a fab for some. Yet, 3rd party APIs could be compromised and leveraged to attack other API services. Attacks such as SQL injection, XML External Entity injection, and more, should be considered when handling data from other APIs. This part tends to be tedious but essential. It is time consuming ground work, but it must be done. 

APl incompetence
This is harder for me, I have a massive lack of knowledge here, it is specific niche knowledge that the experts have, yet it amounts to the ability to have a fault-tolerant system. Consider that in the 90’s there was accounting software. If I used a specific expression, the program would crash. No biggie you would think, but at that point I ended being in THAT system, now completely open with supervisor privileges. I had access to the entire mainframe with access to everything. This was a specific setting that was solved 3 weeks later. But what happened when it was not found? Consider that your system is open to anyone that employs such a solution and they get access to everything including the porn pics of your wife and your data. I am willing to bet that option one was a lot more upsetting to you, weird that.

Lack of security
You would think that this is covered, but it is not. Akamai (a US cybersecurity firm) reported “Of note, fewer than 50% of respondents have API security testing tools in place. Even fewer have deployed API discovery tools. Although the survey results suggest enterprises recognise the security risks of widespread API usage, there is no clear consensus on where to prioritise investments”, this matters. Security should be everything when it is about your house and your data. 

This is all mere top-line header consideration. So consider the intro I reacted to and the lack of risks that it shows. So how much risk are you willing to take with your house and your data? If I was inclined to be that short sighted in promoting ‘digital potential’ I would have gone with “APIs are not required, but if you consider and adhere to the risks in a proper way, they are the safest way to connect and explore digital potential. Any eco-system has risks, which is why we designed IBSuite to be a safety first option in exploring the digital oceans for revenue you cannot see now, but to get there in a digitally safe way, one that keeps your data YOURS.” Is it as good? Perhaps not, but it instills value that you as a customer and the data YOU have is used for safe navigation and that matters.

This was a functional boat once, they chose the wrong anchor and in the wrong place that cost them their livelihood. What will you do? Look deeper, look better, look elsewhere? All good questions and it all started by understanding the risks of an API because everything has a risk, not looking at it implies you are taking too many risks with something you can only lose once. 

1 Comment

Filed under Finance, IT, Science

Tagged as , , , , , ,

August 16, 2023 · 18:03

Evolution is not merely the person

The setting started a few days ago, yet the new stage we are shown is merely hours old. Even as it seemingly started on August 12th with ‘Tapping an economy’ (at https://lawlordtobe.com/2023/08/12/tapping-an-economy/) the stage is getting redefined, almost as we speak. This is seen with ‘Saudi Arabia and UAE race to buy Nvidia chips to power AI ambitions’ (at https://www.afr.com/world/middle-east/saudi-arabia-and-uae-race-to-buy-nvidia-chips-to-power-ai-ambitions-20230815-p5dws6). I believe personally it is merely one of two sides. You see, we are given “Saudi Arabia and the United Arab Emirates are buying up thousands of the high-performance Nvidia chips crucial for building artificial intelligence software, joining a global AI arms race that is squeezing the supply of Silicon Valley’s hottest commodity.” But it is merely one side and this side is putting pressure on the US, it’s companies are running out of funs and their credit cards are reaching limits. These two players have the cash to run circles around dozens of nations and that is not the only place they are in an advantage. I will not go back to my IP (no mater how valid it is). The larger station is that these two players will need data centres and that is where EVROC (as discussed in the earlier article 4 days ago) has the ability to set up national data centres, a stage that takes American companies out of the loop. I am not anti-American, I am anti-stupid and the catering that data centres have given the US companies all whilst places like Cambridge Analytics opened up to is now starting to show. There is the added setting that nationally speaking these two players prefer to be set in, the stage is not merely based on national needs. I personally believe that they have a ‘non-American’ involvement mindset. And I reckon that evidence will be proven when EVROC is allowed these two new data centres as well. It puts the USA in a massively decreasing setting. Another (non-related) stage is added to this. Only a few hours ago Yahoo Finance (merely one source) is giving us (at https://finance.yahoo.com/news/dollar-being-dethroned-india-just-201500390.html) ‘India just bought 1M barrels of oil from the UAE using rupees instead of USD for the first time’, we can chalk this up to a whole set of reasons and if someone states that this will be the pro-forma setting of BRICS, I will not be able to support or oppose it. There is not enough data accessible to me. The larger stage is set that the US is being ignored for too man settings and that is merely in the last week. I do not care how many Pizza al Fungi’s Janet Yellen has consumed, or how magical that dinner was. The stage is that the US has become trivialised and a lot of it is by their own doing. So whilst some are staging to trivialise that India is not using the US dollar. The reality is that only 3 years ago that option would be ludicrous and here we see it play out. So is BRICS becoming more powerful, it the US becoming weaker and just how much gains will Saudi Arabia and the United Arab Emirates make in this year alone? EVROC is still a Swedish conundrum, but there are too many voices out there that are too anti-American voiced (which is not anti-stupid, my personal setting). I know I am seeing my own prophecies come to reality, but not in a way I envisioned. It could be that I never had the proper glasses to see it all, or it is because new elements are coming to bear and that second part is the larger stage I am now worried about. Not because of what the KSA and UAE are doing, but because of the US and its Trump and Karen setting, it is highly likely that it will drag the EU and Japan down with them. These latter two made the wrong calls a few times and now that the endgame (of the US) is starting to show, the back paddle actions of the EU (optionally towards China) might not be enough. I have no idea how this will play out for the Commonwealth. The stage of Canada with wildfires and 90% of the NWT being a goner looks more like a scene from ‘How it ends’ (2018) than reality, no matter how surreal both are. As such this stage will impact the rest of the Commonwealth. The UK is close to broke, and with Canada in the state it is in, the Commonwealth needs to find a safe place and footing and the US is less likely to be that place at present. It needs to find a solitary road to link to nations and that is the hard part. I have no idea what the safe route is, but I do feel certain that the US is no longer that part. I feel that finding a way to connect to the Middle East is presently safer than a link to China, but in reality I am speculating on what the safer route is. 

The setting we see now (the Nvidia AI chip) where we were given (at https://www.crn.com.au/news/ai-chips-could-save-future-data-centres-money-nvidia-599254)“Nvidia chief executive Jensen Huang has a mantra that he has uttered enough times that it almost became a joke during his SIGGRAPH 2023 keynote last week: “the more you buy, the more you save.”” Yet the setting is not merely ‘the more you save’ it is about to become who owns them and those who cannot afford them and now the KSA and UAE will have additional power positions. So consider “AI chips can save companies significant money on costs compared to traditional CPUs for what he views as the future: data centres, fuelled by demand for generative AI capabilities, relying on large language models (LLMs) to answer user queries and generate content for a wide range of applications” and a place like EVROC could set up two data centres all whilst these two nations provide the AI chips required, now we get an entirely new play and it will give these two nations the power to set a stage that excludes the US or their tech-firms. A stage none of them ever had before, as such do you still think I am boasting or creating non-sense? Too many sources had the elements available and the larger media ignored the puzzle pieces. So, is my puzzle correct? Not necessarily, but the pieces fit the image we have all seen before. This does not make the image correct, but it makes it decently likely and the more BS the American media spouts the less reliable it should be seen. This does not make China or the Middle East more reliable, but in the setting I currently see it makes the Middle East (KSA and UAE) a lot safer than the US has been the last few years and that counts, because that reinforces the image that Nvidia and EVROC are giving us, with optional speculations from yours truly (aka moi).

Your guess is as good as mine as to what comes next, but the larger fighting ring (a square setting) is about to show us who the contenders are and the amount of underdogs they face. Because no matter how much BS an underdogs brings to the table, in the ring it is what you can achieve and as I personally see it, the US, EU and Japan are starting to become the largest underdogs this century, which could be a stage pushed in by evolution.

Have fun today.

Leave a comment

Filed under Finance, Media, Politics, Science

Tagged as , , , , , , , , , , , , , , , , , , , , , , , , , , ,

July 23, 2023 · 16:59

Blue laundry leaking

It happens, sometimes the colours get into the other colours and your white stuff is no longer white. I had my issues with myself, overlooking a red sock with my white shirts and behold, I was suddenly the owner of pink shirts. This is a problem as it is not fashionable pink, but a melee of pink shades in white shirts. The fashion looks a righteous mess. This is something we all dread, and in IT land it is not different, especially when the detergent is Microsoft.

It all started (at https://www.bleepingcomputer.com/news/security/stolen-microsoft-key-offered-widespread-access-to-microsoft-cloud-services/) with ‘Stolen Microsoft key offered widespread access to Microsoft cloud services’ where we are given “Redmond revealed on July 12th that the attackers had breached the Exchange Online and Azure Active Directory (AD) accounts of around two dozen organisations. This was achieved by exploiting a now-patched zero-day validation issue in the GetAccessTokenForResourceAPI, allowing them to forge signed access tokens and impersonate accounts within the targeted organisations.” I was at first cautious. There are intense haters of Microsoft and they do not throw around any kind of evidence, as such I wondered how far this went and behold, ITWire gives us (at https://itwire.com/security/danger-from-microsoft-azure-breach-still-remains,-warns-wiz-researcher.html) ‘Danger from Microsoft Azure breach still remains, warns Wiz researcher’ and here we are given “New York-based cloud security firm Wiz has warned companies and organisations affected by the recent Microsoft Azure breach that the impact of the intrusion may be much wider than reported, and could affect applications beyond those claimed by Microsoft to be impacted.” In addition we are given “Our researchers concluded that the compromised MSA key could have allowed the threat actor to forge access tokens for multiple types of Azure Active Directory applications, including every application that supports personal account authentication, such as SharePoint, Teams, OneDrive, customers’ applications that support the ‘login with Microsoft’ functionality, and multi-tenant applications in certain conditions”, I see this as an issue. The larger scope is not merely the cloud. That thing has all kinds of security issues. No, the small ‘hidden’ text becomes “The breach came to light on 13 July, with the email account of US Commerce Secretary Gina Raimondo cited as one of the more prominent accounts to have been breached” it came to light as a ‘prominent’ account was breached. So how long was this mess there? There is a reason I do not trust Microsoft and as such I do not want them anywhere near the 50 million accounts that I see coming, or the ones that follow, which will be a massive amount of accounts. Even more I reckon as I concluded a new stage in Dubai. I saw the opportunity when I investigated the Dubai Mall, the Mall of the Emirates, the Dubai Marina Mall and the Battuta Mall. There were a few more, but the setting of malls this big all in one city was something I never considered and it gave me more ideas, more options and that made me consider the interactions of my Augmented Reality IP with two other IP’s. Actually four, but that is a story for another day. What is absolutely clear is that I do not want Microsoft anywhere near it. Not with the mess they have, so either Amazon wakes up, or Tencent technologies gets it all. I never discontinued my interest in Google, but they basically took themselves of the field. No idea where Apple is, but that is not my problem at present. You see, the larger stage is the security risk that Microsoft is and it is also seen with “The news agency said Adair’s client had not forked out what Microsoft demands for its premium security suite, and hence detailed forensic data was unavailable.” Really? They are all about the forking out, all whilst their solution is like a 45 year old prostitute claiming to be a virgin? I would suggest that forking out is the least of their problems. That is even beyond the fact that the transgressions are requiring ‘detailed forensic data’ all whilst the transgressions are what the first article is implying “by exploiting a now-patched zero-day validation issue”, all whilst IT Wire implies that the damage is well beyond the ‘pretended’ scope and as such might (a speculation from my side) not be patched, not to the degree it needed to be. And anyone wonders why I do not trust Microsoft with my IP? They haven’t been able to close their barn doors, at least since 2019, optionally long before that. So your data (and my IP) would have been at risk for well over 4 years. We are also given “This isn’t a Microsoft-specific issue, if a signing key for Google, Facebook, Okta or any other major identity provider leaks, the implications are hard to comprehend. Our industry — and especially cloud service providers — must commit to a greater level of security and transparency concerning how they protect critical keys such as this one, to prevent future incidents and limit their potential impact” This might be, but I have never seen these levels of transgressions on Google Cloud or Amazon AWS, but that is merely my point of view. Then we get an interesting side “while Microsoft had ensured that Azure Active Directory applications would not longer accept forged tokens as valid, by revoking the compromised keys, the danger from the breach still remained” well, it might be, it might not be. Microsoft stated that they had the most powerful console in the world and within 2 years that Nintendo launched the weakest nextgen console of them all, they surpassed all sales records Microsoft claimed to have had, so I am not holding my breath here. The number one question is ‘Why could Microsoft not differentiate between real tokens and forged tokens?’ That would have ben my first question, but I am not seeing that here. Possibly for very valid reasons, but the missing out is a case here. So whilst some stare at “setting up application-specific backdoors”, my issue is that with every application, the change of interaction and transgressions increase. It just does. For example (a bad and debatable one), if EVERY application has a zero day issue (pure speculation) we get with 3 applications a speculative 9 zero day problems. So what happens when the average corporation has Azure and 35 applications. This implies that this customer has 42,875 risk factors. Yes, it is a speculation, yet the ITWire article gives us this with “The full impact of this incident is much larger than we Initially understood it to be”, as well as “We must learn from it and improve”, a setting that sounds nice, but consider that Azure was launched 14 years ago, if you are still learning, you have a much larger problem. In December 2020 I wrote ‘Historic view versus reality’ (at https://lawlordtobe.com/2020/12/26/historic-view-versus-reality/) there I quotes the No Such Agency giving us “National Security Agency warns hackers are forging cloud authentication information”, as such the Microsoft claim “Microsoft had ensured that Azure Active Directory applications would not longer accept forged tokens as valid” as a hollow joke. The NSA made the statement 3 years ago, as such Microsoft should have put (buggy) solutions in place to stop forged keys, but it seems they never did. Another mess they made with their own hands. Don’t take my word on this, the NSA send out warnings in 2020. Warnings that Microsoft seemingly never took to heart. Still happy with your blue cloud? I reckon it is time for people to consider Amazon AWS, Apple iCloud, Google Cloud (GCP), Oracle Cloud or wherever you will be trying to keep your data safe, as I personally see it Microsoft is not that place and with that they are scuttling yet another (what I personally like to call) a spin system, just like a washing machine trying to tumble dry your data on servers where you do not have access to them. But that might be my short sighted feel on the matter.

Enjoy the day, Monday is now but a day away.

Leave a comment

Filed under Finance, Gaming, IT, Media, Science

Tagged as , , , , , , , , , , , ,

July 22, 2023 · 18:10

Rage anonymously

Yup, we get that, although there is not really an anonymous part in this, it is me. Two things made me snap. The first one was a presentation. There was nothing wrong with the presentation, it was actually quite good and it should be regarded, but I will not mention it here (for obvious reasons). The second one is the one I am starting here. I am in favour of protesting, protesting is in the world I grew in an age old tradition. I get it, but I also regard the accountability part of any protest. Even in the army, I was in favour of the anti nuclear protests. In the Netherlands in 1981. That protest was the largest protest in Dutch history and drew in over 400,000 demonstrators, the largest in Dutch history. In addition they gathered in excess of 3.75 million signatures, close to 25% of the population in that time were against US nuclear missiles in the Netherlands. Never before did a group of people agree to that degree to anything like it.
As such I cannot oppose demonstrations. Yet it is different with ‘Just stop oil’, they went to far. They obstructed a car with a newborn trying to get to the hospital and at that point I snapped. If I was there, I would have shot at least one person in the head. I would not care about gender, both genders are equally worthless at that point. When you stop a newborn from reaching the hospital in time, optionally endangering that newborns life, you deserve to get shot in the head. I hope these people consider that, because there are a lot more angry people out there in the UK. If I had it my way, I would reroute 350K barrels of oil per day away from the UK to China (for example). I wonder what chaos that would reflect and as long as any demonstrator from ‘Just stop oil’ is still alive, that reroute would not be undone. I wonder how many of these people will suddenly realise the stupidity of their actions. I get why they are demonstrating and I get why it is done. Yet this is wrongly done and it is done in the most stupid of ways. The UK is depending on oil in many ways and when we reduce the allotment by 350K barrels a day these people will wake up fast and in not such a nice way. When they get hunted by the tradies losing their livelihood they will get a first rate education on the stupidity that they embraced. And when you consider that they endangered a new born child, the support they had will fall away quite quick. 

What?
The second part was a presentation. The presentation was good, really good, but it struck a chord with me in not such a nice way. You see, these presentations all look good, yet when they interfere  with the bonus and bottom dollar of any board of directors, the setting changes, it changes by a lot. 

So it started with:
Good Data design is purposeful
Good Data design is clear
Good Data design is balanced
Good Data design is inclusive

These were the first 4 slides of 12 excellent slides. Yet there is an issue with them and it is not on the designer, that person did his/her job. The problem is that this presentation goes somewhere, and that tends to be up the ladder. I am not giving you the other 8, because I will invade someone else’s IP too much (and I am not giving the whole slides, just the titles. But the next part will show you why it bothered me.

You see you can scream interaction and promotion of understanding all you like, but what is our understanding? The understanding of IT, its users or the understanding of the board of directors? They tend to be three different things. The promotion of inclusivity only goes to the degree that the bottom dollar is not impacted and simplicity is a whole other ball of wax. If it is (too) simple that board member is feeling the brunt of what comes next and they will oppose this and oppose what you want to achieve and that is before we get issues of legacy systems (where the current provider works with a board member wanting to stay relevant. I have been involved with fights of that nature going back to the mid 80’s. And the less said about inclusivity the better. These are all good things, but they tend to raise costs and the board members are all about the bottom dollar and that is an issue. I have had too many of these fight against wannabe’s to last me a lifetime, and the wannabe’s always get a yay-sayer making me look bad in the process. A setting many retired IT person can attest to and those who rolled over had a decent retirement, the rest had close to nothing, as such this struck a nerve with me. I hope that the presenter gets the laurel that he or she deserves, but they better be ready for a fight they never faced before. Especially when that board is filled with fakers. That was my view on the matter and these two items got to me. So my Saturday was all about controlling my anger and checking my sniperscope (I had not done that for years). So whomever wants to endanger a newborn better get ready to walk around with an added air conditioning system to the brain.

We all get angry at times, we all go overboard at times and in this case I am lucky. I am (lucky for them) 10,563.82 miles away from those stupid twats. But they will face people over there that also have had enough and they are close enough to rely on the cricket-bat to dish out the punishment. 

Well one more day until the weekend ends, I better make it count.

Leave a comment

Filed under Finance, IT, Law, Media, Politics

Tagged as , , ,

July 6, 2023 · 22:39

Threading the needle

Yup, we all try to strike a balance, well, mostly all. You see the greed driven have no balance, they adhere to scales and only for as long as the scales are set to their side. To see this more clearly I will have to quote a previous article. In that article I wrote “Whatever they are spinning here, make no mistake. This is about DATA, this is about AGGREGATION and about linking people, links that too often Twitter has and LinkedIn and Facebook does not” and I wrote this on March 11th (at https://lawlordtobe.com/2023/03/11/one-bowl-of-speculation-please/) in the article ‘One bowl of speculation please’. I made a few more speculation there, but they do not matter, it is not important if they were correct. You see, I took a look at thread today (or at least try to). And the first hint was given below.

We could not create an account, you can only login with an instagram account, Facebook is optionally that desperate. It was always about linking data, about the granularity of their advertising population. That is all it was and Elon Musk opened that door by ruffling the feathers of his population. It gets to be worse as the ‘solution’ does not even work. 

Their servers are in for a rough pounding and when these services are united, your freedom is pretty much over. 

So there I was pondering a few issues and suddenly it hit me, you see when you when you look at the Tencent Technologies solution below, you might not see the options. 

But there is one and Tencent Technologies is now in a pretty good place to set a new stage themselves. It was always possible with cloud streaming, but I wonder if anyone had thought of it. It seems that Google did not, they dumped their solution. Amazon is clearly still in place in a few ways, but I wonder how far they thought ahead and now Tencent Technologies is nipping at their heels. I reckon that by late 2024 they might have figured out what I was seeing today. In the end Tencent and Amazon are in the running for a new side of cloud technology that is about to hit both doors. I wonder who will open their door first, because if I am right (and I have been correct more often than not) then the revenue from that technology will set them in a captains seat for years to come. And it was so simple, the greed driven people were overthinking their revenue and missing the turnpikes that gave them additional revenue on a long term scale. It is the consequence when you cater to the ‘fake it until you make it’ and their pupils have all turned to dollar signs missing innovation left right and centre. Come to think of it, I forgot another player. The third player is Apple and they could stand to gain a lot more (as does Tencent Technologies). I reckon that if Apple supports unreal engine 5 they might be slightly ahead of the other two, I reckon they need to get past the Epic Games launcher as those dodo’s will ruin a lot more than they make, but that would be up to Apple. A stage now set aside as Meta did not prepare properly, they did not copy the accounts setting because the shortcut was too easy, the fakers did not think things through and that will hinder a lot more than they think. No mater how they go about it, as the people realise that more and more data will be linked, the moment that they realise  that their freedom is now set to enabling advertisements on every device they have, that will be the moment that these people will shun away from Meta and whatever they offer handing a large field of opportunity to the ruling cloud streaming players like Amazon and Apple, with Tencent Technologies following soon thereafter. I am a little surprised, did Google not see this coming? I for one to some degree did not, but this is and has been a Google stage and they missed it too, even as they have some of the elements ready (with the Unreal Engine 5 engine as an unknown). A setting that was out there as I have written about it for at least a year. So what else are these people missing out of? Elon Musk opened the door, but the door also leads to places that Twitter and Musk were never in, as such what comes next and who will cater to that pioneering stage?

I honestly do not know, but I will see it come soon enough. Enjoy the day before the day before the weekend. 

Leave a comment

Filed under Finance, IT, Science

Tagged as , , , , , , , , , , , , , ,

April 10, 2023 · 00:55

And the lesson is?

That is at times the issue and it does at times get help from people, managers mainly that belief that the need for speed rectifies everything, which of course is delusional to say the least. So, last week there was a news flash that was speeding across the retina’s of my eyes and I initially ignored it, mainly because it was Samsung and we do not get along. But then Tom’s guide (at https://www.tomsguide.com/news/samsung-accidentally-leaked-its-secrets-to-chatgpt-three-times) and I took a closer look. The headline ‘Samsung accidentally leaked its secrets to ChatGPT — three times!’ was decently satisfying. The rest “Samsung is impressed by ChatGPT but the Korean hardware giant trusted the chatbot with much more important information than the average user and has now been burned three times” seemed icing on the cake, but I took another look at the information. You see, to all ChatGPT is seen as an artificial-intelligence (AI) chatbot developed by OpenAI. But I think it is something else. You see, AI does not exist, as such I see it as an ‘Intuitive advanced Deeper Learning Machine response system’, this is not me dissing OpenAI, this system when it works is what some would call the bees knees (and I would be agreeing), but it is data driven and that is where the issues become slightly overbearing. In the first you need to learn and test the responses on data offered. It seems to me that this is where speed driven Samsung went wrong. And Tom’s guide partially agrees by giving us “unless users explicitly opt out, it uses their prompts to train its models. The chatbot’s owner OpenAI urges users not to share secret information with ChatGPT in conversations as it’s “not able to delete specific prompts from your history.” The only way to get rid of personally identifying information on ChatGPT is to delete your account — a process that can take up to four weeks” and this response gives me another thought. Whomever owns OpenAI is setting a data driven stage where data could optionally be captured. More important the NSA and likewise tailored organisations (DGSE, DCD et al) could find the logistics of these accounts, hack the cloud and end up with TB’s of data, if not Petabytes and here we see the first failing and it is not a small one. Samsung has been driving innovation for the better part of a decade and as such all that data could be of immense value to both Russia and China and do not for one moment think that they are not all over the stage of trying to hack those cloud locations. 

Of course that is speculation on my side, but that is what most would do and we don’t need an egg timer to await actions on that front. The final quote that matters is “after learning about the security slip-ups, Samsung attempted to limit the extent of future faux pas by restricting the length of employees’ ChatGPT prompts to a kilobyte, or 1024 characters of text. The company is also said to be investigating the three employees in question and building its own chatbot to prevent similar mishaps. Engadget has contacted Samsung for comment” and it might be merely three employees. Yet in that case the party line failed, management oversight failed and Common Cyber Sense was nowhere to be seen. As such there is a failing and I am fairly certain that these transgressions go way beyond Samsung, how far? No one can tell. 

Yet one thing is certain. Anyone racing to the ChatGPT tally will take shortcuts to get there first and as such companies will need to reassure themselves that proper mechanics, checks and balances are in place. The fact that deleting an account takes 4 weeks implies that this is not a simple cloud setting and as such whomever gets access to that will end up with a lot more than they bargained for.

I see it as a lesson for all those who want to be at the starting signal of new technology on day one, all whilst most of that company has no idea what the technology involves and what was set to a larger stage like the loud, especially when you consider (one source) “45% of breaches are cloud-based. According to a recent survey, 80% of companies have experienced at least one cloud security incident in the last year, and 27% of organisations have experienced a public cloud security incident—up 10% from last year” and in that situation you are willing to set your data, your information and your business intelligence to a cloud account? Brave, stupid but brave.

Enjoy the day

Leave a comment

Filed under IT, Science

Tagged as , , , , , ,

March 15, 2023 · 22:13

Remembering things

This started when LinkedIn was the source of a question. I suddenly remembered another setting, I wrote about it (when is not important), it was around a year ago, but the part that matters is that this was something Adobe could have used in a number of ways (especially when it decreases the impact of Microsoft). The idea was… let’s start at the beginning.

Above you see the question that shook my mind.

Now take a look below.

Now we see a simple setting towards a project. There is some version control and perhaps Adobe upgraded that part, but too often we see people howl with despair when their version control gives out. USB and Laptop issues are the most common issues, but they are not alone and some go with cloud solutions, yet there are times when connections are lousy, there are cloud security issues, thee have always been cloud security issues and some have more than others, the latter side is that some people tend to rely on local versions, that is fine. Now consider the addition of blockchain to a project file. A file that keeps track of all versions and optionally with Adobe we see actions as well in each version. So now the initial question becomes a mere exercise. A project that gathers the versions and optionally puts them in one place. In this I still like the old DEC (Digital Engineering Corporation) who had VAX/VMS, in the late 80’s they already had version control. At the end of EVERY file there was “;xx” the x’s were a number, as such we could have 99 files called image.jpg. It would take decades for other systems to catch up, DEC was ahead of its time. Now this solution will no longer do and we need to seek alternatives, so how about an alternative use of Blockchain? OR a Blockchain like solution? In a previous article I took that to a whole new level, but that was then and this is now. It was a question that got pushed back to the front of my mind. 

I wonder if anyone else is on that bus ride. Have a great day and please stop crashing drones, they might only be $700K, but it is a waste of good material.

Leave a comment

Filed under IT, Science

Tagged as , , , , , , ,