Former college football coach Tommy Tuberville, now a United States Senator grâce a the wisdom and good sense of the fine people of Alabama, continues to degrade the United States military by preventing the US Senate from confirming 301 (and counting) general and flag officers from formally taking the jobs they're already doing. Earlier this month, the commanders of the Naval Air Forces and Naval Sea Systems Command retired, passing their responsibilities—but, crucially, not their policy-setting powers—to their putative successors. US Senator Mark Kelly (D-AZ), a retired US Navy Captain and 4-time Space Shuttle astronaut, stopped just short of calling Tuberville an idiot on today's NPR Morning Edition.
In other news:
- One of the last sane Republican office holders, US Senator Mitt Romney (R-UT), announced he won't seek re-election in 2024.
- One of the least-sane Republican office holders, US Representative Lauren Boebert (R-CO), got thrown out of a performance of the Beetlejuice musical in Denver for, among other things, being a Karen when told to stop all the other things she was doing to disrupt the show.
- Contra David Ignatius' column in the Post yesterday advocating for President Biden to step aside in 2024, Josh Marshall has a simple message for my party: "Biden’s age is a real challenge. But the whole question is locked up. It’s locked in. So everyone who wants to beat Trump needs to absorb that, stop whining and buck up."
- ProPublica takes us through the chronology of the Navy's failed $100 billion Littoral Combat Ship (LCS) program, that tried to support three entirely different mission profiles and, consequently, does none of them well. (This is why we're building a bunch more Arleigh Burke-class destroyers and reintroducing frigates after a 35-year construction hiatus.)
- After a 13-year construction hiatus, the Hudson River tunnel connecting New Jersey Transit to Penn Station will resume in 2025, with a projected opening in 2035. (NB: A British-French consortium dug the 50-kilometer Chunnel in six years for the 2023 equivalent of £14 billion. If it finishes by 2035, the 3-kilometer Gateway Tunnel will have taken 25 years and cost over $16 billion.)
- Transport for London (TfL) announced that most of London inside the M-25 is now an ultra-low-emissions zone (ULEZ) with motorist fees of £12.50 ($15.61) per day for cars that don't meet the current emissions standards. The government has also pledged £163 million ($204 million) to scrap old cars that don't qualify for the ULEZ.
- A NIMBY group in Minneapolis has temporarily halted implementation of the city's environmentally-necessary zoning changes that would allow more housing density by—get this—using Minnesota's 1970s-era environmental laws.
- By the way, cars aren't just giving us asthma and killing more people than any other cause in the United States and Canada, they're also bankrupting us.
- Here's what you need to know about the latest Covid booster. I'm getting mine Tuesday.
Finally, John Scalzi's blog turned 25 today, making the Hugo-winning author a relative new arrival to the blogging scene, at least when compared with The Daily Parker.
Every time I perform a major work like a Mozart opera, I'm tired and uncreative for about two days afterward. I often forget this. So yesterday and today are more for recharging than creating, which is fortunate as the story I'm working on at my day job just requires changing a label to a text box and adding a Save button. (I should have all that done in a couple of hours.)
I expect regular posting will resume tomorrow.
I forgot at the time that my post yesterday afternoon was the 9,000th since The Daily Parker began in May 1998.
I generally care more about the "modern era" since I began posting in a true blog format in November 2005. This is the 8,806th post since then.
At the current rate, you should see the 10,000th post in early August 2025 (all-time) or at the end of December 2025 (modern era), depending on how you count.
The Daily Parker began as a joke-of-the-day engine at the newly-established braverman.org on 13 May 1998. This will be my 8,907th post since 1998 and my 8,710th since 13 November 2005. And according to a quick SQL Server query I just ran, The Daily Parker contains 15,043,497 bytes of text and HTML.
A large portion of posts just curate the news and opinions that I've read during the day. But sometimes I actually employ thought and creativity, as in these favorites from the past 25 years:
- Old Man Moskowitz, sent in by an old friend in New York, 26 May 1998.
- My all-time-favorite Jewish joke, 23 June 1998. (And my second-favorite, 31 January 2003.)
- My all-time-favorite engineering joke, 11 February 2000.
- An essay on conspiracies and coincidence, 22 January 2006.
- Rant about Microsoft certification exams, 29 June 2006.
- Feeling sad about the end of Kodachrome, 31 December 2010.
- My friends and I debate the merits (such as they were) of Wisconsin Governor Scott Walker (R), 26 March 2011.
- An examination of the Astrolabe lawsuit against the Time Zone Database, 22 October 2011, and Astrolabe's response on 14 October 2011.
- A rant about Tea Party Republicans, 14 August 2012.
- Three articles in the New York Times inspire two lengthy explanations and a rant, 18 December 2012.
- The Y2K problem and other date disasters in programming, 29 April 2018.
- The Music Theory A-Z challenge, starting on 1 April 2019.
- The entire series on logical fallacies, July-August 2019.
- My obituary for Parker, 18 November 2020.
- Star Trek: Discovery's 3rd season irked me, 3 December 2020.
- Neon CRM also irked me, 10 February 2021. (Hmm...I wrote longer blog posts in the months when I didn't have a dog.)
- Cassie comes home from PAWS, 16 March 2021.
- My struggles to play SimCity 4, 25 years after I bought it, 8 May 2021.
- Lots of posts tagged "Photography," but particularly around the time I finished scanning all my slides (from 1983 to 2001).
Also interesting is how I can chart key events in my life just by looking at how often I posted:
Right now, I'm predicting the 10,000th post on 5 August 2025. Keep reading and find out.
We've now got two full years between us and 2020, and it does look like 2022 got mostly back to normal.
- The Daily Parker got 487 posts in 2022, 51 fewer than in 2021 and 25 below median. As usual, I posted the most in January (46) and fewest in November (37), creating a very tight statistical distribution with a standard deviation of 3.45. In other words: posting was pretty consistent month to month, but down overall from previous years.
- I flew 10 segments and 16,138 flight miles in 2022, low for the 21st century but about average for my lifetime.
- Once again, I visited only one other country (the UK, of course), but 8 other states: North Carolina, Indiana, Kentucky, Ohio, Wisconsin, California, Texas, and Michigan. In 2023, I plan to visit a bunch of new countries, but we'll see. Altogether I spent 107 hours traveling.
- I walked Cassie for a little more than 369 hours, somewhat fewer than in 2021 (422) but still an average of over an hour a day. It's about half as much as she wanted.
- I got 4,537,290 steps for 3,693 km of walking, a little below 2021 but about average overall. I only hit my step goal 327 times, though, due to no longer getting worked up about missing it in bad weather. I still averaged 12,393 a day, which doesn't suck.
- I drove 5,925 km on 144 L of gasoline, for an average of 2.4 L/100 km (96.4 MPG). The last four months of the year I used only 4 L of gas over 1,179 km, meaning I'm heading into 2023 with a nearly-full tank I last filled on August 21st. I do love living in the city!
- I worked 1,894 hours for my real job, including 1,260 from home and 580 in the office. The remainder went to conferences and work events. Plus, I spent 103 hours commuting, all of it by public transit (see above re: gasoline use).
- My commitment to the Apollo Chorus went up by a third this year, with 318 hours overall split between rehearsing and performing (220 hours) and my responsibilities as president (98 hours). Last year I spent 57 hours on rehearsals and performances and 71 hours on board stuff, but the first half of 2021 we were still virtual. In the last full year before the pandemic, 2019, I spent 200 hours overall (27 for the Board, 144 on rehearsals and performances, 29 for the fundraiser), so we really did do more this year than in years past.
- Finally, reading stayed the same, with 27 books started (cf. 28 in 2021) and 24 finished (cf. 23 in 2021)—both numbers exactly at median for me. But I watched a whopping (for me) 56 movies and 50 TV show seasons or miniseries. Yeek.
So, yeah, except for the permanent, post-pandemic shift to working from home 2/3 of the time, 2022 really did get back to normal in most ways. I'll take it. Here's to continued normal in 2023!
I realize posting has slipped a little in the past couple of weeks. It should resume its normal frequency tomorrow, as I actually have five consecutive weeks of a routine schedule coming up.
That routine includes rehearsals on Mondays, though, so nothing new today.
The Tech Forum goes on. Tomorrow, though, I don't need my work laptop, and so will bring my personal one, enabling me to post a little more.
I've also thought about finally writing my own blog engine. Or, at least, forking an existing one (maybe even this one?) and going to town on it. During some downtime today I purged a lot of crap from my Microsoft Azure subscriptions, but I still have old applications (like this blog) running in old workloads.
Tonight: the Fun Dinner. Oh, boy.
After the whipsaw between 2019 and 2020, I'm happy 2021 came out within a standard deviation of the mean on most measures:
- In 2020, I flew the fewest air miles ever. In 2021, my 11,868 miles and five segments came in 3rd lowest, ahead of only 2020 and 1999.
- I only visited one other country (the UK) and two other states (Wisconsin and California) during 2021. What a change from 2014.
- In 2020, I posted a record 609 times on The Daily Parker; 2021's 537 posts came in about average for the modern era.
- Cassie got almost 422 hours of walks in 2021, a number I don't think I ever achieved with Parker. And given I only had her for 291 days of 2021, that's an average of 1:27 of walks per day. According to my Garmin, she and I covered over 684 km just on walks that I recorded with my watch. A young, high-energy dog plus working from home most of the time will do that, I suppose.
- Speaking of walks, in 2021 I got 4,926,000 steps and walked 3,900 km—about the straight-line distance from New York to Seattle. Those numbers came within 2% of 2020 and 4% of 2019. I also hit new personal records for distance and steps when I walked over 51 km on September 3rd. And I hit my step goal 355 times (cf. 359 times in 2020), though not all in a row.
- I drove 4,242 km in 2021, almost exactly the same amount as in 2020 (4,265 km), but I used a bit more fuel (116 L to 79 L).
- I spent 1365 hours working from home and 521 in the office in 2021, about the same (1327 and 560) as in 2020. I expect about the same in 2022.
- Personal software development took up another 184 hours, almost all on the really cool thing I'm going to soft-launch tomorrow.
- The Apollo Chorus took up 222 hours of my time, including 100 in rehearsals and performances and about the same amount on my duties as president. In 2020, that was 57 and 71 hours respectively, mainly because we didn't have any in-person performances.
- Finally, I started only 28 books in 2021 and finished 23, after dropping a couple that dogged me for a while. That's more than in my worst-ever year, 2017 (18 and 13), but down a bit from the last two years. That said, my average numbers for the past 10 years are 28.2 and 23.3, making 2021...average. I also watched 51 movies and 48 TV shows, which just means I need to get out more.
So, will 2022 return to normal (-ish)? Or will some of the trends that started in March 2020 continue even after the pandemic has long become something we scare children with?
The Daily Parker has, as of yesterday, 8,000 posts since 13 May 1998. We should hit 10,000 in February 2025. Keep reading and find out!
I had planned to note Bruce Schneier's latest essay, "The Misaligned Incentives for Cloud Security," along with a report that Microsoft has noticed an uptick in SolarWinds attacks against its own services. But twice in two weeks I've received bogus DMCA takedown notices that tried to trick me into downloading files from a Google site, and I'm impressed by the effort that went into these phishing attacks.
In both cases, the attacks came through the blog's Contact page, meaning someone had to copy and paste the text into the form. They both lay out most, but not all, of the elements of a DMCA takedown notice, with lots of threatening (but inaccurate) text about what could happen if I don't comply. But here's the kicker: instead of specifying which of the Daily Parker's nearly 8,000 posts contain infringing material, as required by the DMCA, they contain a link to a file on a Google site that I should download to see the material they claim to own.
It turns out, I know a thing or two about copyright law, and about computer security, so I didn't fall for the phish. I worry, though, that this attack could fool a lot of people. Reminder, folks: never download a file you didn't specifically ask for. (In my case, I did attempt to download one of the files, in a sandbox, with virus protection jacked all the way up. The virus protection took one look at the file and didn't even allow the download.)
Let me enumerate the really sophisticated features of this attack:
- It contained mostly true information. People send out DMCA takedown notices all the time; experienced website administrators take them seriously when received. The author of this phish included the correct and relevant US Code sections, and a mostly-correct description of how the DMCA operates. They got the statutory damage amount totally wrong, but only because the number they used would scare people more.
- It didn't contain any English language errors. Whoever wrote the copy for this attack speaks perfect English. This wasn't a laughable 409 scam.
- It came through the Contact feature, not an email. The attacker took the time to go to the Daily Parker contact page, copy and paste the phishing text, and click "send." A human had to do that.
- It stated a plausible claim. This is Daily Parker post #7,922 since the blog started on 13 May 1998. It is conceivable that at some point in the last 23 years I posted a photo for which I didn't obtain a proper license. This would be true of any large blog or website.
- It used a real Google Sites link. The download link pointed to an asset actually stored on a google.com computer somewhere. That might convince someone of its legitimacy, unless you remember that anyone can put anything up on a Google Site or other cloud storage service. Again: never download a file you didn't specifically ask for.
- It came from a network in the US. Reverse-IP lookups showed the origin IP addresses to be owned by a major ISP in Colorado, not a scary Eastern European location. Of course, it means that the attacker has access to a computer physically located in the US, which means I'll send my own legal notice to the ISP if I receive another one of these.
Now, here's where they missed the mark:
- They asked me to download a file. No. No, no, no. GFY a thousand times with a chainsaw.
- The phish did not contain all the required elements of a DMCA takedown notice. They didn't list specific assets, with URLs, that they allege infringed their copyrights; they didn't assert a claim of ownership in a legally-sufficient manner; they didn't provide full contact information; and they didn't sign it. But of course they didn't, because the closer they got to legal sufficiency, the more information I'd have that they have no real claim.
- They sent two nearly-identical (but not identical enough) phishes 8 days apart. You think I didn't remember the first one? You think I didn't compare them? The second attempt simply confirmed that the first attempt wasn't merely an amateur-hour legal notice but, as I suspected, a phish.
- One of the phishes came through a non-publicized FQDN. Because I host the Daily Parker on Microsoft Azure, it has an Azure-provided fully-qualified domain name (FQDN) in addition to www.thedailyparker.com. I have never publicized the Azure FQDN, and as far as I know the Azure FQDN has no inbound links. I suppose it could have gotten picked up by a search engine, but again, without inbound links, I can't see how. It's not secret; it's just really odd that someone would use it.
- The claimant's names were...weird. I said earlier that the text of the phish used correct English throughout, but the names of the supposed claimants seem to have come from a name-generation tool. Seriously, the names were Ford Prefect-weird.
- It turns out, I'm well-versed in both copyright law and cybersecurity. This type of mistake even has an entire TV Tropes entry. I guess a criminal wouldn't necessarily know that, however. They might find out, should they send a third phishing attempt my way. Will I haul them into Illinois court to answer a tortious trespassing case? Probably not. But I might tell their ISP. And the FBI. Because at some point, they will get someone to open whatever malicious file they linked to, which I expect will lead to actual crimes.
In recognition the effort that went into this phishing attack, I wanted to publicize it in case it happens to anyone else. If you get an alleged DMCA takedown notice, and it doesn't meet the legal requirements as outlined by the USPTO, ignore it. And once more, with feeling: never download a file you didn't specifically ask for.
And if you're the script kiddie who sent the phish, GFY with a tree. Sideways.