The Daily Parker

Politics, Weather, Photography, and the Dog

Blogging A-to-Z Challenge Topic 2018

Blogging A to ZAs I mentioned a couple of weeks ago, The Daily Parker will participate in this year's Blogging A-to-Z Challenge. Today's the official Theme Reveal day. My topic will be: Programming Concepts using Microsoft C# .NET.

My topics will include:

  • Compilers vs Interpreters
  • Generics
  • Human factors (and errors)
  • LINQ
  • Polymorphism

...and will finish with a real-world practical example on April 30th.

I will also keep up my annoying political and Parker posts through April. And, full disclosure, many of the 26 A-to-Z posts will be technical and more involved than just linking to a Washington Post article. Because of that, and because I want a consistent publication cadence, I'm going to write them ahead of time, even if it's just the night before.

A-to-Z posts will start at noon UTC (7am Chicago time) on April 1st and continue through the 30th, with Sundays off. You can find them directly through their A-to-Z Tag. Enjoy!

1.5 Gs

As of just a few moments ago, I passed 1.5 billion seconds old.

Yes, this is a thing most people don't really think about, but as someone who works in software, this actually has some significance—and another Y2K problem that will occur just a few months before I get to 2.0 Gigaseconds (Gs) in 2038.

The problem is a thing called the Unix epoch. Computers can only count as high as they have bits to count. Unix computers, which include Macs and most of the infrastructure of the Internet, count time in seconds from 1 January 1970 00:00 UTC, which was (at the moment I'm typing this) 1,521,383,994 seconds ago.

Everyone knows computers can count to awesomely huge numbers. But you need to give them enough bits to do that. Unix time is measured by a 32-bit number, which can count up to 232-1, or 4,294,967,295 (in binary, a 32-item string of 1s), which is enough seconds to count just over 136 years.

But you sometimes want to measure things that happened in the past, so Unix time takes the first bit of the 32-bit number and makes it a sign. If the first bit is 0, the time is in the present. If it's 1, the time is the number of seconds before the beginning of the epoch. So this cuts the measurable period in half, to 68 years. Specifically, Unix time rolls over at 3:14:08 on 19 January 2038.

The fix is simply to use a bigger number. Today, 64-bit numbers are no big deal, and they give you 263-1 (9,223,372,036,854,775,807) seconds to work with in either direction. That's roughly 292 billion years, which is sufficient to measure most human-scale activities.

So, knowing all this, and knowing that I was born in the first year of the Unix epoch, it wasn't difficult to figure out my "epoch" birth moment at 9:12 CDT this morning.

But there's a catch. As I mentioned, computers count by 2s, not by 10s, so this entire post is a lie. I'm not 1.5 Gs old; I'm just over 1,500,000,000 seconds old. 1.5 x 230 (i.e., 1.5 giga anything) is 1,610,612,736, so I won't be 1.5 Gs old until Unix moment 1,631,995,056, which will be 18 September 2021 at 19:57:36 UTC.

So check back in three and a half years. I'm sure I'll have another post about this nonsense then.

(For those of you keeping score at home, I was 1.0 Gs old on 13 September 2004 at 20:09:04 CDT, during a lull in blogging. Else I'm sure I would have mentioned this then.)

Ides of March reading list

I'm writing a response to an RFP today, so I'll have to read these when I get a chance:

There were two more stories in my inbox this morning, but they deserve their own post after lunch.

Function following forms

Designer Josh Gee spent two years trying to put Boston city government forms online:

Getting city workers to accept online submissions rather than traditional paper ones is the bulk of this work. On average, it took me about 30 minutes to make a digital form and five weeks to meet with, earn the trust of, and get buy-in from the employees who would use it. Even if they were excited, the nitty gritty details took a lot of back and forth.

While I avoided a bunch of process change, there were some takeaways that I think are useful for anyone working to move government forms online:

  • There is huge demand to move forms online — I had expected to drag departments online kicking and screaming. Instead, the majority of departments were eager to move things online and thrilled to have a partner with the technical knowledge, mandate, and tools to do that.
  • Flexibility about form structure and questions — I initially thought there would be a strong demand for submissions that look exactly like current paper forms. That hasn’t been the case. In all but one or two cases, I was not only able to move forms online, but also suggest changes that made forms shorter, more clear, and more accessible.
  • Excited about future change — Early on I began to notice a pattern. A few weeks after I moved a form online, some departments would to reach back out and ask for tools to help them manage digital submission, “This has been absolutely amazing. It would be great if I could approve it and then send it to Steve for his signature”. I thought a lot about the phrase salami slicing. If I tried to change everything about the way these departments worked right off the bat, they would have resisted every step of the way. Moving just a part of their workflow online made them eager to go completely digital.

This is close to home as my company is right now engaged in an effort to do this sort of thing for the U.S. Military Enrollment Processing Command. It's not easy.

Mid-week link roundup

Lots of things popped up in my browser today:

And now, back to work.

Another ruling in the gig economy

The Federal court in the Northern District of California ruled today that GrubHub delivery drivers are contractors, not employees:

The ruling may have far-reaching implications for other sharing economy companies, including Uber Technologies Inc., whose business models are built on pairing customers with products and services through apps and typically avoid the costs of traditional employment.

U.S. Magistrate Judge Jacqueline Scott Corley in San Francisco concluded Thursday, in a first-of-its-kind ruling, that a gig-economy driver doesn't qualify for the protections of employees under California law.

Charlotte Garden, an associate law professor at Seattle University, said Corley's decision is a “doubly big” win for GrubHub due to California's relatively high standard for establishing workers as independent contractors.

“If they can make it here, they can more likely make it anywhere,” Garden said. “It is also the first federal court to reach a verdict on whether workers in the gig economy are employees or not, so companies like Uber and Lyft will also be celebrating this win.”

(Of course, Uber may not survive its ongoing struggle with the Justice Department for other reasons, but that's not the point.)

Judge Corley admonished the state legislature to fix the problem this case exposed: “Under California law whether an individual performing services for another is an employee or an independent contractor is an all-or-nothing proposition,” she wrote. “With the advent of the gig economy, and the creation of a low wage workforce performing low skill but highly flexible episodic jobs, the legislature may want to address this stark dichotomy.”

We can expect multiple lawsuits in other Federal circuits any day now. 

File that under "B" for "Bad OpSec"

Via Bruce Schneier (and other sources), the Australian government suffered one of its worst-ever disclosures of secrets caused by not looking through used furniture:

It begins at a second-hand shop in Canberra, where ex-government furniture is sold off cheaply.

The deals can be even cheaper when the items in question are two heavy filing cabinets to which no-one can find the keys.

They were purchased for small change and sat unopened for some months until the locks were attacked with a drill.

Inside was the trove of documents now known as The Cabinet Files.

The thousands of pages reveal the inner workings of five separate governments and span nearly a decade.

Nearly all the files are classified, some as "top secret" or "AUSTEO", which means they are to be seen by Australian eyes only.

But the ex-government furniture sale was not limited to Australians — anyone could make a purchase.

And had they been inclined, there was nothing stopping them handing the contents to a foreign agent or government.

The found documents ranged from embarrassing (to both major Australian parties) to seriously top secret (troop deployments, police investigations). In response, the Australian government is calling for increased penalties for publishing or even possessing secret documents—but as Schneier points out, in this case that would have made the breech immeasurably worse for Australia:

This illustrates a fundamental misunderstanding of the threat. The Australian Broadcasting Corp gets their funding from the government, and was very restrained in what they published. They waited months before publishing as they coordinated with the Australian government. They allowed the government to secure the files, and then returned them. From the government's perspective, they were the best possible media outlet to receive this information. If the government makes it illegal for the Australian press to publish this sort of material, the next time it will be sent to the BBC, the Guardian, the New York Times, or Wikileaks. And since people no longer read their news from newspapers sold in stores but on the Internet, the result will be just as many people reading the stories with far fewer redactions.

In all, it's a reminder of the security adage that no security system can completely protect against human stupidity.

American mobile phone customers, do this now

I got a weird text from T-Mobile a few minutes ago:

T-Mobile Alert: We have identified an industry-wide phone number port out scam and encourage you to add account security. Learn more:

Well, that does not sound good.

And it's not. Apparently thieves have found that American mobile phone providers are unusually helpful when it comes time to steal mobile phone numbers (called "SIM hijacking") or to port those numbers to third-party mobile providers. In both cases, the thieves now have a way to bypass any three-factor authentication (TFA) you may have set up with, for example, your bank.

T-Mobile at least offers a service called "Port Authentication" which lets you set up a 6- to 16-digit PIN that you must have to make any changes to your account—like, for example, getting a new SIM. After getting the text alert, and validating it with trusted online sources, I immediately called 611 and set up port authentication.

There are a couple of other things you should do:

  • Lock your phone all the time, with something very hard to subvert, like a strong password. If you must use a convenience feature like iris or fingerprint authentication, make sure the phone still requires a password on reboot.
  • Set your phone up so that it doesn't display the contents of texts or IMs when your phone is locked.
  • Encrypt your phone, so that even if all your other security is bypassed, you won't be stuck.

Seriously, this all costs you nothing and can save you a fortune.

Setting up lunchtime reading

Over the weekend I made a couple of minor updates to Weather Now, and today I'm going to spend some time taking it off its Azure Web Role and moving it to an Azure Website. That will (a) save me money and (b) make deployments a lot easier.

Meanwhile, a number of articles bubbled up overnight that I'll try to read at lunchtime:

Back to Azure deployment strategies.

The plan

Today I plan to take Parker on a decent walk before it gets cold and starts snowing. I'm also working on a couple of minor updates to Weather Now, including looking into creating an API against which I can write a React/Relay front-end.

Also I have a lot of reading to catch up on, some of which I may write about.

In other words: a quiet Saturday at home.