The Daily Parker

Politics, Weather, Photography, and the Dog

Too many things in my inbox

I probably won't have time to read all of these things over lunch:

Share that last one with your non-technical friends. It's pretty clever.

Three items, implicitly related

Item the first: Bruce Schneier discusses how Russian censors have tried to shut down Telegram, an encrypted communications app:

Russia has been trying to block Telegram since April, when a Moscow court banned it after the company refused to give Russian authorities access to user messages. Telegram, which is widely used in Russia, works on both iPhone and Android, and there are Windows and Mac desktop versions available. The app offers optional end-to-end encryption, meaning that all messages are encrypted on the sender's phone and decrypted on the receiver's phone; no part of the network can eavesdrop on the messages.

Since then, Telegram has been playing cat-and-mouse with the Russian telecom regulator Roskomnadzor by varying the IP address the app uses to communicate. Because Telegram isn't a fixed website, it doesn't need a fixed IP address. Telegram bought tens of thousands of IP addresses and has been quickly rotating through them, staying a step ahead of censors. Cleverly, this tactic is invisible to users. The app never sees the change, or the entire list of IP addresses, and the censor has no clear way to block them all.

A week after the court ban, Roskomnadzor countered with an unprecedented move of its own: blocking 19 million IP addresses, many on Amazon Web Services and Google Cloud. The collateral damage was widespread: The action inadvertently broke many other web services that use those platforms, and Roskomnadzor scaled back after it became clear that its action had affected services critical for Russian business. Even so, the censor is still blocking millions of IP addresses.

Whatever its current frustrations, Russia might well win in the long term. By demonstrating its willingness to suffer the temporary collateral damage of blocking major cloud providers, it prompted cloud providers to block another and more effective anti-censorship tactic, or at least accelerated the process. In April, Google and Amazon banned—and technically blocked—the practice of “domain fronting,” a trick anti-censorship tools use to get around Internet censors by pretending to be other kinds of traffic. Developers would use popular websites as a proxy, routing traffic to their own servers through another website—in this case Google.com—to fool censors into believing the traffic was intended for Google.com. The anonymous web-browsing tool Tor has used domain fronting since 2014. Signal, since 2016. Eliminating the capability is a boon to censors worldwide.

Meanwhile, back in the U.S., a Federal judge has cleared the path for AT&T to purchase Time Warner, which will create one of the largest companies the world has ever seen.

All of this is scary to a lot of people. Which is why charlatans are on the rise once again.

We live in interesting times.

Parker update

We just got back from the vet. The x-rays show that Parker's leg is almost completely healed, so he's finally cleared to go back to his play group. He has no idea about this right now but tomorrow morning he'll be very, very happy.

Now I'm about to run to my office, so I'm queuing up these articles to read later:

OK. Chugging some tea, and hitting the CTA. More later.

Why no one answers the phone anymore

Alexis Madrigal, closer to an X-er than a Millennial, rhapsodizes on how the telephone ring, once imperative, now repulses:

Before ubiquitous caller ID or even *69 (which allowed you to call back the last person who’d called you), if you didn’t get to the phone in time, that was that. You’d have to wait until they called back. And what if the person calling had something really important to tell you or ask you? Missing a phone call was awful. Hurry!

Not picking up the phone would be like someone knocking at your door and you standing behind it not answering. It was, at the very least, rude, and quite possibly sneaky or creepy or something. Besides, as the phone rang, there were always so many questions, so many things to sort out. Who was it? What did they want? Was it for … me?

There are many reasons for the slow erosion of this commons. The most important aspect is structural: There are simply more communication options. Text messaging and its associated multimedia variations are rich and wonderful: words mixed with emoji, Bitmoji, reaction gifs, regular old photos, video, links. Texting is fun, lightly asynchronous, and possible to do with many people simultaneously.

But in the last couple years, there is a more specific reason for eyeing my phone’s ring warily. Perhaps 80 or even 90 percent of the calls coming into my phone are spam of one kind or another. Now, if I hear my phone buzzing from across the room, at first I’m excited if I think it’s a text, but when it keeps going, and I realize it’s a call, I won’t even bother to walk over. My phone only rings one or two times a day, which means that I can go a whole week without a single phone call coming in that I (or Apple’s software) can even identify, let alone want to pick up.

Meanwhile, robocalling continues to surge, with a record 3.4 billion of them sent in April—approximately 40% of all calls placed that month by some reckonings.

Welcome to the 21st century, where your 19th-century technologies do more harm than good.

Lunchtime reading

Not all of this is as depressing as yesterday's batch:

I'm sure there will be more later.

Your mouse knows when you're lying

Via Bruce Schneier, interesting research into how to use mouse movements to detect lying:

Cognitive psychologists and neuroscientists have long noted a big "tell" in human behavior: Crafting a lie takes more mental work than telling the truth. So one way to spot lies is to check someone's reaction time.

If they're telling a lie, they'll respond fractionally more slowly than if they're telling the truth. Similarly, if you're asked to elaborate on your lie, you have to think for a second to generate new, additional lies. "You're from Texas, eh? What city? What neighborhood in that city?" You can craft those lies on the fly, but it takes a bit more mental effort, resulting in micro hesitations.

In essence, the scientists wanted to see whether they could detect -- in the mouse movements -- the hesitation of someone concocting a lie.

Turns out ... they could. The truth-tellers moved the mouse quickly and precisely to the true answer. The folks who were lying jiggered around the screen for a bit, in a sort of hemming-and-hawing adaptation of Fitts' Law.

That's kind of cool. And kind of scary.

Because who needs cyber security, anyway?

Lawyer Paul Rosensweig and national security analyst Megan Reiss think John Bolton getting rid of the "cyber czar" position is "a magnificent idea:"

Bolton is completely correct that there is no need for any coordinationbetween the various federal agencies on this issue. Cybersecurity is not a cross-cutting problem that affects all sorts of equities. We have no concerns that eliminating this position will result in conflicting mission imperatives. We have every confidence that the National Security Agency, for example, can work out vulnerability disclosure equities without the need for input from the Departments of Commerce, Justice or Homeland Security (much less Treasury or State).

We also are confident that the decision accurately reflects the diminished importance of cybersecurity as a national issue. Cybersecurity is no longer deserving of the prominence that so many national security experts seem to give it. We fully expect the Office of the Director of National Intelligence to eliminate the cybersecurity menace from its annual threat assessment. We are confident that the trend lines for cyber threats and intrusions are down.

Didn't we already know John Bolton was incompetent

Four unrelated stories

A little Tuesday morning randomness for you:

Back to debugging acceptance tests.

Thanks for playing

Richard Florida demonstrates how Amazon's HQ2 competition was rigged:

A detailed analysis undertaken by Patrick Adler, my colleague at the University of Toronto’s Martin Prosperity Institute, and Adam Singer, a graduate student at the university’s Rotman and Munk schools, took a look at how all 238 HQ2 applicant cities and the 20 finalists lined up on Amazon’s RFP criteria. While it can be difficult to measure whether a given city adheres to each criterion, their analysis shows that many of the finalist cities do not even fit the most obvious ones. What’s more, several of the rejected cities seem to fit Amazon’s criteria for its HQ2 city better than some of the finalists.  

[I]t’s worth asking why these 20 cities were selected as finalists, even if others would appear to be better candidates according to Amazon’s own criteria. Our analysis suggests the finalists may have other things in common that are not listed on the company’s RFP.

For one, the finalists are more likely to be farther away from the company’s original home base in physical distance, reflecting the predominance of East Coast cities on the list. Last year, an Amazon executive was quoted as saying that Amazon would like to build HQ2 outside of the Pacific Northwest, to attract a more diverse set of employees.

Finalist cities are also likely to have a larger share of tech workers. And they are more likely to have non-stop flights to the company’s current home base in Seattle.

But one factor is even more interesting. Our analysis found that shortlisted cities had more U.S. senators with considerable seniority.

At the end of the day, none of this should surprise us. Like all corporate site selection, the HQ2 process is a rigged game, where the company knows the answer in advance and sets up a fictitious competition to wrest maximum incentives.

Besides the political advantages, there are many signs that Amazon’s HQ2 is heading to the greater Washington, D.C. region—the fact that its CEO has a multi-million dollar mansion there (currently undergoing a $12 million renovation, with large public rooms for social events) and already owns the Washington Post; the fact that three area jurisdictions made the shortlist; and the fact that the person running Amazon’s search previously ran an economic development agency in the region. Perhaps four other metros on the list are serious contenders—New York, Boston, Chicago, and Toronto—with Philadelphia, Denver, Atlanta, and Dallas having an outside chance.

Chicago, however, will be less likely to play the race-to-the-bottom game.

List of 2018 A-to-Z topics

Blogging A to ZHere's the complete list of topics in the Daily Parker's 2018 Blogging A-to-Z challenge on the theme "Programming in C#":

Generally I posted all of them at noon UTC (7am Chicago time) on the proper day, except for the ones with stars. (April was a busy month.)

I hope you've enjoyed this series. I've already got topic ideas for next year. And next month the blog will hit two huge milestones, so stay tuned.