The Daily Parker

Politics, Weather, Photography, and the Dog

Extraordinary measures in the UK

I'm trying to get my mind around a Conservative government announcing this a few minutes ago:

The chancellor, Rishi Sunak, has announced the government will pay the wages of British workers to keep them in jobs as the coronavirus outbreak escalates.

In an unprecedented step, Sunak said the state would pay grants covering up to 80% of the salary of workers kept on by companies, up to a total of £2,500 per month, just above the median income.

“We are starting a great national effort to protect jobs,” he said. “It’s on all of us.”

Sunak said there would be no limit on the funding available to pay people’s wages.

The government is also deferring the next quarter of VAT payments, which is the equivalent of injecting another £30bn into the economy and is designed to help companies stay afloat.

(Another thing that I just learned: Sterling has dropped 12% against the dollar in the past week, hitting £1 = $1.1641 a few minutes ago.)

Closer to home:

And finally, Mother Jones asks "How do you know if you're living through the death of an empire?"

Shaka, when the walls fell

I have tons of experience working from home, but historically I've balanced that by going out in the evenings. The pandemic has obviously cut that practice down to zero. Moreover, the village of Oak Park will start shelter-in-place measures tomorrow, so I expect Chicago to do the same in the next couple of days. The Oak Park order seems reasonable: stay home except for essentials like food and medicine, stay two meters away from other people, it's OK to walk your dog, and so on. Since I'm already doing all of those things, a Chicago order would only affect my friends who, for example, own book shops and can't work remotely for other reasons.

In other pandemic news:

  • As of yesterday a record 41,000 Illinois residents filed for unemployment benefits in a 48-hour period.
  • Two luxury hotels have closed in Chicago with others expected to follow.
  • Bruce Schneier calls attention to a work-from-home security awareness kit and worries about how the pandemic will increase overall infosec vulnerability because people don't actually know how to secure their home offices.
  • Josh Marshall worries we're flying totally blind, because we haven't collected vital data about the pandemic's spread.
  • The pub where citizens took refuge in the Zombie apocalypse comedy Sean of the Dead has shut because of the pandemic. “We stayed open during a zombie plague, ISIS attacks on London, an alien invasion and the news that Genesis were reforming, but we’ve had to take expert advice and close our doors this time”, said landlord Simon Williams.
  • Republican US Senator Richard Burr briefed "a small group of well-connected constituents" about COVID-19 three weeks ago, according to a secret recording obtained by NPR. Another Republican asshat, US Representative Don Young (R-AK), joked about the "beer virus" and suggested people continue going out as normal. (Even if I hadn't specified the party affiliations of these tools, you'd know which party, wouldn't you?)
  • Former US Senator Al Franken calls Trump's response "the last straw."
  • Peter Nicholas writes in the Atlantic that "this is how Donald Trump will be remembered."

Also, today is the 92nd anniversary of the debut of "Amos 'n' Andy" on Chicago's WMAQ radio.

Updates

I spent an hour trying (unsuccessfully) to track down a monitor to replace the one that sparked, popped, and went black on me this morning. That's going to set me back $150 for a replacement, which isn't so bad, considering.

Less personally, the following also happened in the last 24 hours:

I don't have a virus, by the way. I'm just working from home because the rest of my team are also out of the office.

Great security, guys

Via Schneier, it seems that our security services have not done a great job at, you know, security:

[J]ust how bad is the CIA’s security that it wasn’t able to keep [accused leaker and former CIA sysadmin Joshua] Schulte out, even accounting for the fact that he is a hacking and computer specialist? And the answer is: absolutely terrible.

The password for the Confluence virtual machine that held all the hacking tools that were stolen and leaked? That’ll be 123ABCdef. And the root login for the main DevLAN server? mysweetsummer.

It actually gets worse than that. Those passwords were shared by the entire team and posted on the group’s intranet. IRC chats published during the trial even revealed team members talking about how terrible their infosec practices were, and joked that CIA internal security would go nuts if they knew. Their justification? The intranet was restricted to members of the Operational Support Branch (OSB): the elite programming unit that makes the CIA’s hacking tools.

Oh dear. We used to have the best tools and people in the world. Now it just looks like we have a bunch of tools.

That time when the CIA made encryption products

For about 50 years, the CIA and its (West-) German equivalent, the BND, owned Crypto AG in Switzerland, giving them access to the secrets of dozens of countries:

From 1970 on, the CIA and its code-breaking sibling, the National Security Agency, controlled nearly every aspect of Crypto’s operations — presiding with their German partners over hiring decisions, designing its technology, sabotaging its algorithms and directing its sales targets.

Then, the U.S. and West German spies sat back and listened.

They monitored Iran’s mullahs during the 1979 hostage crisis, fed intelligence about Argentina’s military to Britain during the Falklands War, tracked the assassination campaigns of South American dictators and caught Libyan officials congratulating themselves on the 1986 bombing of a Berlin disco.

Greg Miller, the Washington Post reporter who broke the story in the US, followed up today with some insight into the bureaucratic bullshit that nearly scuttled the deal, and would go on to help our intelligence services miss that 9/11 was about to happen:

The CIA comes across as an overbearing elder, impatient with its more timid counterpart, dismissive of its intermittent objections. CIA officials “made the rules as they went along,” according to the history, “and were much more inclined to ask forgiveness than permission.”

The NSA was full of people who were technically brilliant but struggled to grasp the potential of the operation, impeded efforts to expand its scope and at times put the program’s secrecy in jeopardy with sloppy tradecraft.

“NSA people traveled in true name, and sent far more people to meetings than CIA felt was advisable from a security standpoint,” the CIA history says. “One of the continuing irritants on the CIA side was this apparent lack of appreciation for traditional [agency] clandestine operational procedures.”

“Between the CIA and the NSA there were always disputes about which of these services had the say,” a senior BND official said in that agency’s history of the operation. “CIA saw itself as the one in charge and emphasized this by having a CIA man posted at the operation in Munich,” the location of a CIA base for overseeing Crypto.

Yesterday, NPR's Fresh Air broadcast an extensive interview with Miller, that ended with this chilling thought:

When you learn something, when you learn about something terrible that's happening - in South America, for instance, many of the governments that were using Crypto machines were engaged in assassination campaigns. Thousands of people were being disappeared, killed. And I mean, they're using Crypto machines, which suggests that the United States intelligence had a lot of insight into what was happening. And it's hard to look back at that history now and see a lot of evidence of the United States going to any real effort to stop it or at least or even expose it.

To me, the history of the Crypto operation helps to explain how U.S. spy agencies became accustomed to, if not addicted to, global surveillance. This program went on for more than 50 years, monitoring the communications of more than 100 countries. I mean, the United States came to expect that kind of penetration, that kind of global surveillance capability. And as Crypto became less able to deliver it, the United States turned to other ways to replace that. And the Snowden documents tell us a lot about how they did that. Instead of working through this company in Switzerland, they turned their sights to companies like Google and Apple and Microsoft and found ways to exploit their global penetration. And so I think it tells us a lot about the mindset and the personalities of spy agencies as well as the global surveillance apparatus that followed the Crypto operation.

Think about Crypto AG when you install Kaspersky Anti-Virus or install a Huwei device on your network. Just think about it.

Lunchtime links

Even when I work from home, I have a lot to do. At least I don't have a commute today, giving me extra time to catch up later:

And now, back to work.

After all, who's really signing this contract, anyway?

An AI demonstration website will show you photos of people who don't exist:

You encounter so many people every day, online and off-, that it is almost impossible to be alone. Now, thanks to computers, those people might not even be real. Pay a visit to the website This Person Does Not Exist: Every refresh of the page produces a new photograph of a human being—men, women, and children of every age and ethnic background, one after the other, on and on forever. But these aren’t photographs, it turns out, though they increasingly look like them. They are images created by a generative adversarial network, a type of machine-learning system that fashions new examples modeled after a set of specimens on which the system is trained. Piles of pictures of people in, images of humans who do not exist out.

It’s startling, at first. The images are detailed and entirely convincing: an icy-eyed toddler who might laugh or weep at any moment; a young woman concerned that her pores might show; that guy from your office. The site has fueled ongoing fears about how artificial intelligence might dupe, confuse, and generally wreak havoc on commerce, communication, and citizenship.

Ian Bogost goes from this to a discussion of alienation in crowds, and the delights of urban civilization. But I'm still stuck on the face generator. I might want to meet this person, for example, but she isn't even imaginary:

Here's a video explaining how it works:

Working from home is still working

While I do get to sign off a bit earlier today, I might not read all of these articles until tomorrow:

Finally, despite today's near-record low temperatures in Chicago, we expect a 12°C increase from earlier this morning until tomorrow afternoon. Hey, if this is the only day all winter that even flirts with -18°C, I'm happy.

Boy, he sure learned his lesson

In just one more example of the president slipping his leash, thanks to the Republican trolls in the Senate giving him permission to do so, the Justice Department said it found prosecutors recommendations for Roger Stone's sentence "shocking." Three Assistant US Attorneys immediately quit the case:

Jonathan Kravis, one of the prosecutors, wrote in a court filing he had resigned as an assistant U.S. attorney, leaving government entirely. Aaron S.J. Zelinsky, a former member of special counsel Robert S. Mueller III’s team, said he was quitting his special assignment to the D.C. U.S. Attorney’s Office to prosecute Stone, though a spokeswoman said he will remain an assistant U.S. attorney in Baltimore.

Adam Jed, also a former member of Mueller’s team, asked a judge’s permission to leave the case like the others, though gave no indication of resigning his job.

None provided a reason for their decisions.

Uh huh. Thanks, WaPo. ("Three people left their office in haste this afternoon after their work area became engulfed in flames. None provided a reason for their decisions.")

Greg Sargent says the president's strategy is "designed to get you to surrender:"

In the end, many of President Trump’s ugliest degradations — the nonstop lying, the constant efforts to undermine faith in our political system, the relentless delegitimization of the opposition — often seem to converge in some sense on a single, overarching goal:

To get you to give up.

To give up on what, exactly? On the prospects for accountability for Trump, via mediating institutions such as the media, or via other branches of government, or even via the next election, and more broadly, on the very notion that our political system is capable of rendering outcomes that have not been thoroughly corrupted to their core.

Meanwhile:

Fun times. Fun times. At least we can take some comfort in Japanese railway station psychology.

Fast, Cheap, Good: pick two

I don't often use profanity on this blog, but this morning I am moved to call the Iowa Democratic Party's leaders a bunch of fucking morons. Last night we saw the results of the IDP picking "fast" and "cheap" for critical infrastructure in the most important election cycle in a generation. Now the national Party will go into New Hampshire with a black eye and no end of razzing from the Tweeter in Chief.

It's not just that the IDP chose "fast and cheap" instead of, you know, "good." It's also that everyone in the Democratic Party, from Puerto Rico to Nome, knows what a fucking big deal this election is. Presumably someone involved in this debacle might have done some contingency planning. Like, for example, having enough volunteers on the phones in case something happened with the app.

We've had years to prepare for last night's Iowa Caucuses. Perhaps not a full four years—they changed caucus rules a bit and added verification steps to prevent fraud—but certainly longer than two months. That's how long it took to write the mobile app the Party commissioned to make this the smoothest Caucuses ever, according to reports in NPR and the New York Times. That and $60,000, which gets you two junior developers and a journeyman team lead for two months, tops.

I've run multi-million-dollar software projects (including one in Des Moines 15 years ago), and my back-of-the-envelope estimate for an app to tabulate caucus results that needs to run perfectly on election night came to about $300,000 for a fast project (4-5 months) or $200,000 if it could take 9-10 months. A budget of $60,000 might, perhaps, cover just the coding, not UI testing, app distribution, security testing, project management, integration testing, API deployment, load testing, or testing the testing (i.e., test validation). And the $200k budget doesn't include $20,000 in infrastructure charges to ensure adequate capacity on election night.

In other words, any competent person would have chosen "fast and good" or "cheap and good."

Plus, media outlets also report that the IDP kept the app's origins and code a secret, in complete contravention of basic principles of secure software design. Had they put the code up for review on GitHub, outside reviewers could have caught any technical problems far, far earlier.

So once again, the state of Iowa, a technology hub renowned the world over as a serious rival to Palo Alto, New York, and Bangalore, demonstrated exactly why they need to conduct a primary election on the same day as a few other states a bit later on in the season.

This election is ours to lose. And with this own-goal, you, the Iowa Democratic Party, are fucking making it happen.