The Daily Parker

While I do get to sign off a bit earlier today, I might not read all of these articles until tomorrow:

• Block Club Chicago lists 21 neighborhood spots that are great for working from home. (Do you think any will let me set up four monitors?)
• Seymour Island, Antarctica, recorded a temperature of 20.75°C last week, breaking the 18°C Antarctic heat record set three days earlier.
• From November, Christian Thrailkill speculates on "what happens to Trumpworld once Trump is gone."
• Ostia Nwanevu, writing for New Republic, simply says: "End the GOP."
• Did management-consultant thinking kill the Iowa caucus?
• Via Bruce Schneier, very 3 months, the Internet's root address servers get new security certificates. This week...they got stymied by IRL security.
• The UK government has approved plans for new high-speed rail from London to the north, which will help reduce traffic and air travel. They hope.
• People have discovered that rats eat car parts. I already knew that.
• Google Maps turned 15 last Saturday. Happy birthday!

Finally, despite today's near-record low temperatures in Chicago, we expect a 12°C increase from earlier this morning until tomorrow afternoon. Hey, if this is the only day all winter that even flirts with -18°C, I'm happy.

In just one more example of the president slipping his leash, thanks to the Republican trolls in the Senate giving him permission to do so, the Justice Department said it found prosecutors recommendations for Roger Stone's sentence "shocking." Three Assistant US Attorneys immediately quit the case:

Jonathan Kravis, one of the prosecutors, wrote in a court filing he had resigned as an assistant U.S. attorney, leaving government entirely. Aaron S.J. Zelinsky, a former member of special counsel Robert S. Mueller III’s team, said he was quitting his special assignment to the D.C. U.S. Attorney’s Office to prosecute Stone, though a spokeswoman said he will remain an assistant U.S. attorney in Baltimore.

Adam Jed, also a former member of Mueller’s team, asked a judge’s permission to leave the case like the others, though gave no indication of resigning his job.

None provided a reason for their decisions.

Uh huh. Thanks, WaPo. ("Three people left their office in haste this afternoon after their work area became engulfed in flames. None provided a reason for their decisions.")

Greg Sargent says the president's strategy is "designed to get you to surrender:"

In the end, many of President Trump’s ugliest degradations — the nonstop lying, the constant efforts to undermine faith in our political system, the relentless delegitimization of the opposition — often seem to converge in some sense on a single, overarching goal:

To get you to give up.

To give up on what, exactly? On the prospects for accountability for Trump, via mediating institutions such as the media, or via other branches of government, or even via the next election, and more broadly, on the very notion that our political system is capable of rendering outcomes that have not been thoroughly corrupted to their core.

Meanwhile:

• Michael Bloomberg has quietly moved into the lead in a race he isn't even officially in.
• New Republic says we're a psychopath nation.
• Former Toronto Blue Jays pitcher Mike Bolsinger has sued the Houston Astros over their sign-stealing cheating scandal.
• A Swiss cryptography firm that supplied dozens of regimes around the world was co-owned by the CIA and West Germany's BND.
• Is chill-filtering whisky really that bad?

Fun times. Fun times. At least we can take some comfort in Japanese railway station psychology.

I don't often use profanity on this blog, but this morning I am moved to call the Iowa Democratic Party's leaders a bunch of fucking morons. Last night we saw the results of the IDP picking "fast" and "cheap" for critical infrastructure in the most important election cycle in a generation. Now the national Party will go into New Hampshire with a black eye and no end of razzing from the Tweeter in Chief.

It's not just that the IDP chose "fast and cheap" instead of, you know, "good." It's also that everyone in the Democratic Party, from Puerto Rico to Nome, knows what a fucking big deal this election is. Presumably someone involved in this debacle might have done some contingency planning. Like, for example, having enough volunteers on the phones in case something happened with the app.

We've had years to prepare for last night's Iowa Caucuses. Perhaps not a full four years—they changed caucus rules a bit and added verification steps to prevent fraud—but certainly longer than two months. That's how long it took to write the mobile app the Party commissioned to make this the smoothest Caucuses ever, according to reports in NPR and the New York Times. That and $60,000, which gets you two junior developers and a journeyman team lead for two months, tops.

I've run multi-million-dollar software projects (including one in Des Moines 15 years ago), and my back-of-the-envelope estimate for an app to tabulate caucus results that needs to run perfectly on election night came to about $300,000 for a fast project (4-5 months) or $200,000 if it could take 9-10 months. A budget of $60,000 might, perhaps, cover just the coding, not UI testing, app distribution, security testing, project management, integration testing, API deployment, load testing, or testing the testing (i.e., test validation). And the $200k budget doesn't include $20,000 in infrastructure charges to ensure adequate capacity on election night.

In other words, any competent person would have chosen "fast and good" or "cheap and good."

Plus, media outlets also report that the IDP kept the app's origins and code a secret, in complete contravention of basic principles of secure software design. Had they put the code up for review on GitHub, outside reviewers could have caught any technical problems far, far earlier.

So once again, the state of Iowa, a technology hub renowned the world over as a serious rival to Palo Alto, New York, and Bangalore, demonstrated exactly why they need to conduct a primary election on the same day as a few other states a bit later on in the season.

This election is ours to lose. And with this own-goal, you, the Iowa Democratic Party, are fucking making it happen.

Not just articles today, but also a whole HBO mini-series:

• Starting Monday, HBO will air a 6-part series on the infamous McDonald's Monopoly fraud, about which I have posted previously.
• That interesting new take-out place you saw on GrubHub? It might not exist.
• Republicans voting in favor of President Trump's abuse of power and obstruction of Congress will be remembered.
• The Atlantic calls Facebook's new data-privacy tool "a data landfill."
• Airlines have slashed flight schedules in and out of China as a result of the coronavirus outbreak in Wuhan, but Cranky Flier says it's more about the panic than the virus.
• By the way, coronaviruses are way less contagious than measles, so try not to panic.

For yet another thing to worry about today, after this post and the one before it, the New Yorker has started a series about the last time democracy almost died. (Hint: it got better.)

Via Bruce Schneier, two Harvard undergraduates have demonstrated that the volume of easily-obtainable information from multiple, large-scale data breaches makes targeting people for cybercrime easier than you could have guessed:

The students found a dataset from a breach of credit reporting company Experian, which didn’t get much news coverage when it occurred in 2015. It contained personal information on six million individuals. The dataset was divided by state, so [students Dasha] Metropolitansky and [Kian] Attari decided to focus on Washington D.C. The data included 69 variables—everything from a person’s home address and phone number to their credit score, history of political donations, and even how many children they have.

But this was data from just one leak in isolation. Metropolitansky and Attari wondered if they could identify an individual across all other leaks that have occurred, combining stolen personal information from perhaps hundreds of sources.

There are sites on the dark web that archive data leaks, allowing an individual to enter an email and view all leaks in which the email appears. Attari built a tool that performs this look-up at scale.

“We also showed that a cyber criminal doesn’t have to have a specific victim in mind. They can now search for victims who meet a certain set of criteria,” Metropolitansky said.

For example, in less than 10 seconds she produced a dataset with more than 1,000 people who have high net worth, are married, have children, and also have a username or password on a cheating website. Another query pulled up a list of senior-level politicians, revealing the credit scores, phone numbers, and addresses of three U.S. senators, three U.S. representatives, the mayor of Washington, D.C., and a Cabinet member.

"We're two college students. If someone really wanted to do some damage, I'm sure they could use these same techniques to do something horrible," [Metropolitansky said].

As Schneier points out, "you can be sure that the world's major intelligence organizations have already done all of this."

This is also why we need government regulation or stricter liability laws around data breaches. Experian's sloppiness imperiled six million people, and has probably resulted in crime already. But they have no incentive to fix their issues. In fact, they didn't even reveal the breach for years.

Yesterday I bemoaned not only our depression-inducing lack of sunlight (predicted return of the sun: Sunday, maybe), but also Senate Republicans' efforts to hide or ignore information relevant to the impeachment trial now underway.

Another story about how a lack of transparency causes damage has come to light. The Washington Post reports that the Saudi attack on Post owner Jeff Bezos' phone was helped to great extent by Apple's refusal to report security defects:

A security report last week alleged that Bezos, who also owns The Washington Post, received a WhatsApp message laden with code that secretly snatched reams of personal data from his iPhone X. The message allegedly came from Mohammed bin Salman, the crown prince of Saudi Arabia. Security researchers say Bezos probably fell victim to the iPhone’s Achilles’ heel: Its defenses are so difficult to penetrate that once sophisticated attackers are in, they can go largely undetected.

That is in part because Apple employs a secretive approach to finding and fixing security flaws, researchers say, something that has generated debate in the security community.

Security researchers say iPhones and Androids have different approaches to security. They say they generally believe there are more bugs and vulnerabilities in Android. That may be because there are so many different versions, or “forks,” of Android. Google allows its myriad handset makers and others to customize the operating system.

That results in two security philosophies. In Android’s case, the researchers said, the more people who look for bugs, the more secure a system becomes. But Apple’s strategy follows the idea that less visibility into the software means fewer bugs will be discovered in the first place, making the overall operating system more secure. It takes skill, resources or both to find those bugs, which means hackers will typically use them sparingly to protect them from discovery.

Bruce Schneier has argued in favor of transparency for years. This is why. And why I only use Android devices.

Fortunately, I'm debugging a build process that takes 6 minutes each time, so I may be able to squeeze some of these in:

• Bruce Schneier reports on a new critical vulnerability in Windows that the NSA told Microsoft about. That's new.
• The New Yorker's Rebecca Mead takes a thoughtful (and only mildly snarky) look at the Duke and Duchess of Sussex withdrawing from royal life.
• In the same issue, John Cassidy examines the reasons behind our assassination of Qassem Suleimani.
• The Washington Post documents the "rare and bizarre ritual" by which the House transmitted the articles of impeachment to the Senate.
• The Atlantic's Emma Green comments on Elizabeth Warren's new argument on electability. (Note: I have contributed financially to Elizabeth Warren's Senatorial and Presidential campaigns.)
• Via Heirloom Books in Chicago, the Smithsonian Magazine discusses how archivist Greg Priore smuggled $8m worth of artifacts out of the Carnegie Library of Pittsburgh over a 25-year period.
• The Electronic Frontier Foundation discusses the privacy-smashing way the U.S. Government has decided to send emails to people.
• The New York Times explains how Tiffany & Co. moved 114,000 gems without losing any.
• The Blommer Chocolate outlet store a few blocks from where I'm sitting will close next month after 30 years in business. The factory will remain open, however, so Chicago will still smell like chocolate every so often.
• Finally, Viking Cruises will bring a ship to Chicago in 2022.

Back to debugging Azure DevOps pipelines...

I had a lot going on at work today, so all I have left is a lame-ass "read these later" post:

• Cranky Flier wonders why Delta is Tweeting to individual passengers.
• James Fallows looks at Bob Garfield's latest book.
• Bruce Schneier says China isn't the problem in crappy 5G security.
• And John Scalzi has a new book coming out, which he'll sign if you pre-order.

I'd say "back to the mines," but I believe I have a date with Kristen Bell presently.

A few articles to read at lunchtime today:

• Will Peischel, writing for Mother Jones, warns that the wildfires in Australia aren't the new normal. They're something worse. (Hint: fires create their own weather, causing feedback loops no one predicted.)
• A new analysis finds that ocean temperatures not only hit record highs in 2019, but also that the rate of increase is accelerating.
• First Nations communities living on Manitoulin Island in Lake Huron—the largest freshwater island in the world—warn that human activity is disrupting millennia-old ecosystems in the Great Lakes.

Fortunately, those aren't the only depressing stories in the news today:

• Anatomically modern humans migrated out of Africa earlier than 200,000 years ago, but failed to thrive in the European environment.
• Artificial personae will disrupt public discourse more than ever this year, and it's really hard to detect them.
• No one running for Cook County State's Attorney (the chief county prosecutor) passes Greg Hinz' sniff test for corruption.
• Jennifer Rubin calls the Administration's explanations for why we killed Iranian Maj. Gen. Qasem Soleimani "Trump's worst lie ever."
• Author James Mann says President Trump is a no-dick Cheney. Sorry, my mistake: He's "no Dick Cheney."

Now that I'm thoroughly depressed, I'll continue working on this API over here...

We typically think of January 1st as the day things happen. But December 31st is often the day things end.

On 31 December 1999, two things ended at nearly the same time: the presidency in Russia of Boris Yeltsin, and the American control of the Panama Canal Zone.

Also twenty years ago, my company gave me a $1,200 bonus ($1,893 in 2019 dollars) and a $600 suite for two nights in midtown Manhattan because I volunteered to spend four hours at our data center on Park Avenue, just so that Management could say someone was at the data center on Park Avenue continuously from 6am on New Year's Eve until 6pm on New Year's Day. Since all of the applications I wrote or had responsibility for were less than two years old, literally nothing happened. Does this count as an anniversary? I suppose not.

And one hundred years ago, 31 December 1919 was the last day anyone could legally buy alcohol in the United States for 13 years, as the Volstead Act took effect at midnight on 1 January 1920.

I'm DD tonight, but I will still raise a glass of Champagne to toast these three events.

Photo by Harris & Ewing - Library of Congress, Public Domain, Link