The Daily Parker

Politics, Weather, Photography, and the Dog

Spooky Boi

Remember the deer in the cemetery? He's getting bolder:

He (I think it's a male fawn) let me get pretty close, and held still when I took photos through the fence:

A local artist named him "Spooky Boi," which fits, I think. It's pretty spooky when megafauna stares at you through a cemetery fence at 7am as you pass by with a dog.

How long until the end of the Republic?

Via James Fallows, Eric Scnurer worries that we've gone from the Gracci to Sulla to Cataline—a span of 57 years of Roman history—in only two years of ours:

Despite...Catiline’s intent to murder Cicero and various other members of the Senate, to stop the vote count and overturn the foregone election results, and unlawfully to seize the levers of government through violence is well known to all of them, a good number of these very same legislators and leaders shrug the whole thing off. Some sympathized with his political program; others were implicated in the plot; still others were basically in the same boat as Catiline, having committed similar crimes and sexual debaucheries that limited their political futures; and still others were perfectly fine with ending the trappings of republicanism if it meant they retained their power and Senate seats. And some simply couldn’t be roused to care.

The conspiracy ultimately collapsed and was defeated, but not without further militant uprisings aided by Rome’s enemies abroad. Catiline, a demagogue but in the end not the best of politicians or insurrectionists, was killed. Democracy, and the old order of things, seemed to have survived, and matters returned to a more-or-less normal state under Cicero’s stable hand.

But it turned out to be a brief reprieve. The rot had already set in. What mattered most in the long-term was not the immediate threat of the insurrectionists, but rather the complacency, if not sympathy, of the other ostensibly-republican leaders. It revealed the hollowness of not just their own souls but also the nation’s.

Another 10 months in America, another 15 years forward on the Roman sundial. At this rate, we’re about a year before midnight.

History doesn't actually repeat itself. But it does rhyme...

That look

I left Cassie all alone for 5½ hours yesterday, and came home to this baleful look:

And yet, 20 minutes later, all was forgiven:

(A 15-minute walk occurred between these two photos, which may have had something to do with the forgiveness.)

Well-designed phishing attack

I had planned to note Bruce Schneier's latest essay, "The Misaligned Incentives for Cloud Security," along with a report that Microsoft has noticed an uptick in SolarWinds attacks against its own services. But twice in two weeks I've received bogus DMCA takedown notices that tried to trick me into downloading files from a Google site, and I'm impressed by the effort that went into these phishing attacks.

In both cases, the attacks came through the blog's Contact page, meaning someone had to copy and paste the text into the form. They both lay out most, but not all, of the elements of a DMCA takedown notice, with lots of threatening (but inaccurate) text about what could happen if I don't comply. But here's the kicker: instead of specifying which of the Daily Parker's nearly 8,000 posts contain infringing material, as required by the DMCA, they contain a link to a file on a Google site that I should download to see the material they claim to own.

It turns out, I know a thing or two about copyright law, and about computer security, so I didn't fall for the phish. I worry, though, that this attack could fool a lot of people. Reminder, folks: never download a file you didn't specifically ask for. (In my case, I did attempt to download one of the files, in a sandbox, with virus protection jacked all the way up. The virus protection took one look at the file and didn't even allow the download.)

Let me enumerate the really sophisticated features of this attack:

  • It contained mostly true information. People send out DMCA takedown notices all the time; experienced website administrators take them seriously when received. The author of this phish included the correct and relevant US Code sections, and a mostly-correct description of how the DMCA operates. They got the statutory damage amount totally wrong, but only because the number they used would scare people more.
  • It didn't contain any English language errors. Whoever wrote the copy for this attack speaks perfect English. This wasn't a laughable 409 scam.
  • It came through the Contact feature, not an email. The attacker took the time to go to the Daily Parker contact page, copy and paste the phishing text, and click "send." A human had to do that.
  • It stated a plausible claim. This is Daily Parker post #7,922 since the blog started on 13 May 1998. It is conceivable that at some point in the last 23 years I posted a photo for which I didn't obtain a proper license. This would be true of any large blog or website.
  • It used a real Google Sites link. The download link pointed to an asset actually stored on a google.com computer somewhere. That might convince someone of its legitimacy, unless you remember that anyone can put anything up on a Google Site or other cloud storage service. Again: never download a file you didn't specifically ask for.
  • It came from a network in the US. Reverse-IP lookups showed the origin IP addresses to be owned by a major ISP in Colorado, not a scary Eastern European location. Of course, it means that the attacker has access to a computer physically located in the US, which means I'll send my own legal notice to the ISP if I receive another one of these.

Now, here's where they missed the mark:

  • They asked me to download a file. No. No, no, no. GFY a thousand times with a chainsaw.
  • The phish did not contain all the required elements of a DMCA takedown notice. They didn't list specific assets, with URLs, that they allege infringed their copyrights; they didn't assert a claim of ownership in a legally-sufficient manner; they didn't provide full contact information; and they didn't sign it. But of course they didn't, because the closer they got to legal sufficiency, the more information I'd have that they have no real claim.
  • They sent two nearly-identical (but not identical enough) phishes 8 days apart. You think I didn't remember the first one? You think I didn't compare them? The second attempt simply confirmed that the first attempt wasn't merely an amateur-hour legal notice but, as I suspected, a phish.
  • One of the phishes came through a non-publicized FQDN. Because I host the Daily Parker on Microsoft Azure, it has an Azure-provided fully-qualified domain name (FQDN) in addition to www.thedailyparker.com. I have never publicized the Azure FQDN, and as far as I know the Azure FQDN has no inbound links. I suppose it could have gotten picked up by a search engine, but again, without inbound links, I can't see how. It's not secret; it's just really odd that someone would use it.
  • The claimant's names were...weird. I said earlier that the text of the phish used correct English throughout, but the names of the supposed claimants seem to have come from a name-generation tool. Seriously, the names were Ford Prefect-weird.
  • It turns out, I'm well-versed in both copyright law and cybersecurity. This type of mistake even has an entire TV Tropes entry. I guess a criminal wouldn't necessarily know that, however. They might find out, should they send a third phishing attempt my way. Will I haul them into Illinois court to answer a tortious trespassing case? Probably not. But I might tell their ISP. And the FBI. Because at some point, they will get someone to open whatever malicious file they linked to, which I expect will lead to actual crimes.

In recognition the effort that went into this phishing attack, I wanted to publicize it in case it happens to anyone else. If you get an alleged DMCA takedown notice, and it doesn't meet the legal requirements as outlined by the USPTO, ignore it. And once more, with feeling: never download a file you didn't specifically ask for.

And if you're the script kiddie who sent the phish, GFY with a tree. Sideways.

Beautiful baserunning

In Pittsburgh yesterday, Cubs player Javier Báez drew the first baseman into a rundown between home and first, allowing another player to score, and then capitalized on the catcher's error to advance to second:

The Tribune:

With Willson Contreras on second, Pittsburgh Pirates third baseman Erik González fielded Báez’s grounder and threw to first, but Will Craig caught the ball off the bag. Craig, instead of just trotting back and touching the base, advanced to try to tag Báez — and then Báez’s baserunning savvy kicked in.

As Contreras raced around third, Báez darted back toward the plate in spurts as if playing tag. Craig still hadn’t tagged Báez as Contreras dived toward home, and Craig’s toss to catcher Michael Perez was too late. After signaling Contreras should be safe, Báez then raced back to first. When Perez’s throw to first was off the mark and bounced into short right field, Báez made it to second.

The scoring determination: fielder’s choice, RBI, E2.

Báez said he simply was trying to help Contreras score by keeping Craig close to him so he would chase him. After Báez signaled Contreras safe — a moment that made Ross chuckle when watching the replay — he realized he should get back to first.

Note that all Will Craig had to do was step on first base to end the inning. Apparently he got confused, but only catcher Perez got charged with an error for his wild throw back to first.

The Cubs have won 9 of their last 11 games.

Removing highways

About two weeks ago I told a relative newcomer to San Francisco about the Embarcadero Freeway, which used to cover the Embarcadero from Fisherman's Wharf down to the Bay Bridge. From its construction in 1959 to its destruction (with the help of the Loma Prieta earthquake) in 1991, it stood, without question, as the biggest urban planning mistake west of the Rockies. Looking at it photos today makes me angry.

Removing I-480 showed other cities how their lives might improve if they also removed or buried freeways. Boston's Big Dig reconnected the North End with the Common; removing the eastern section of Rochester's Inner Loop has made that city more livable.

The New York Times reports on the other cities that have followed:

As midcentury highways reach the end of their life spans, cities across the country are having to choose whether to rebuild or reconsider them. And a growing number, like Rochester, are choosing to take them down.

In order to accommodate cars and commuters, many cities “basically destroyed themselves,” said Norman Garrick, a professor at the University of Connecticut who studies how transportation projects have reshaped American cities.

“Rochester has shown what can be done in terms of reconnecting the city and restoring a sense of place,” he said. “That’s really the underlying goal of highway removal.”

In recent years, more cities have started to seriously rethink some of their highways. The Congress for the New Urbanism, a group that tracks highway removals, counted 33 proposed projects in 28 American cities. And the idea is being discussed in many others.

Among the proposed removal plans: getting rid of the BQE in New York, the Buffalo Skyway, and New Orleans' Claiborne Expressway—all of them ugly roads that destroyed neighborhoods and made lives demonstrably worse. (See, for example, the Eisenhower Expressway in Chicago.)

Not under consideration? Burying I-90/94 in downtown Chicago. Maybe someday.

Chicago's LSD

We have an odd debate in Chicago about the name of our most iconic road. A group of aldermen want to change the name of Lake Shore Drive to Jean Baptiste Point du Sable Drive, in honor of the first non-native permanent settler, who was also Black. The (Black) mayor and a contingent of other aldermen of varying races disagree:

The proposal’s sponsors faced opposition from some colleagues and the mayor’s office over fears that renaming the iconic road would lead to a nightmare at the post office and for residents with thousands of address changes.

Ald. David Moore, 17th Ward, attempted to quell some of those concerns at a contentious committee meeting in late April, saying his proposal would only change the outer drive — not the inner, residential portion of the road. That meeting saw a shouting match between aldermen when the Chicago Department of Transportation tried to substitute Moore’s ordinance for one they said served the same purpose but cleared up confusing language.

Chicago Mayor Lori Lightfoot defended the move to delay the vote Wednesday, saying she has concerns over changing the name of Chicago’s most well-known roadway.

“It’s one of the most iconic assets the city has. When you say Lake Shore Drive, people know you’re talking about Chicago. And I think that that’s very important,” Lightfoot said.

The effort to get DuSable recognized on a grand scale in Chicago is not new. In the 1990s, then-Ald. Toni Preckwinkle introduced her own ordinance to rename Lake Shore to DuSable Drive, the Chicago Tribune reported.

His name is already affixed to several existing institutions, including the DuSable Museum of African American History, a high school and a monument on Michigan Avenue. But proponents have argued the man deemed the city’s “founding father” deserves more.

I find the whole thing odd. I have no idea which side to support, if either. We should have a DuSable drive. But we should also have Lake Shore Drive.

The decision won't come around again until late June. I'll keep my eyes peeled for follow-up stories on the subject.

Weep, O Mine Eyes, and Sea Snot

The Sea of Marmara, which lies between the Black and Mediterranean Seas, is covered in mucus:

[A] thick, viscous substance known colloquially as “sea snot” is floating on the water’s surface, clogging up their nets and raising doubts about whether fish found in the inland sea would actually be safe to eat.

Scientists say that the unpleasant-looking mucus is not a new phenomenon, but rising water temperatures caused by global warming may be making it worse. Pollution — including agricultural and raw sewage runoff — is also to blame.

As the Guardian and numerous Turkish news outlets have reported, high levels of nitrogen and phosphorus in the Sea of Marmara, situated between the Black and Aegean Seas, are leading to an explosion of the phytoplankton populations that discharge “sea snot.” Though the mucus itself is not necessarily harmful, it can become a host to toxic microorganisms and dangerous bacteria such as E. coli. And when it forms a layer that covers the water’s surface, it can set off a harmful chain of events, preventing fish from being able to breathe, causing mass die-offs, which in turn leads to plummeting oxygen levels that choke other forms of marine life.

Ewwww.

And if you're not up to date on your 16th-century madrigals, the headline of this post comes from this rockin' tune by John Bennett he released way back in '99. (1599.)

Doe!

This morning while walking Cassie I saw a deer placidly grazing in St Boniface Cemetery by the Lawrence Ave. fence. Now, in most parts of the world, deer hang out in cemeteries about as often as corpses. And I have reported in these pages that St Boniface has a resident coyote population (which I expect the deer will discover at some point).

Coyotes are smart predators who typically eat rats and pigeons in urban settings. Also, coyotes can slip under low fences easily, as can most any 20-kilo canid. So while I always enjoy coyote sightings in my neighborhood (as long as they give me a wide berth), I am never surprised. But a deer? In St Boniface?

Since almost none of my readers lives in Chicago, let me show you a satellite image for context:

The nearest forest preserve is 6 km to the west. To the north and south, we have nothing but heavily urbanized Chicago, except for Graceland Cemetery four blocks away. And to the east, we have Lincoln Park along the lake—but also the 8-lane Lake Shore Drive.

Also, from dusk to dawn the cemetery is completely locked up. The east edge is a 4-meter concrete wall and the other three edges have a 3-meter fence. Deer can jump, sure, but 3 meters?

So how did the deer get into the cemetery, how did it get to the cemetery, and how are the cemetery staff going to safely exfiltrate the deer from the grounds before the coyote pack has a venison supper?

Masking some fascinating statistics

NBC has a story this afternoon about people who have gotten full vaccinations against Covid-19 yet prefer to stay masked:

As mask mandates ease across the country, many people are finding that their affinity for face coverings extends beyond health reasons. Even with no requirement to wear their masks, some people are continuing to do so — having come to appreciate the reprieve they provide from stifling social expectations while out in public.

These mask-wearers say they see a multitude of benefits to covering up. No one can tell you to smile when you don’t feel like it. It gives you a break from putting on makeup. And it provides a degree of anonymity.

The Centers for Disease Control and Prevention's guidelines still recommend masking for those who have not been vaccinated. For those who are vaccinated, masks are required only in specific situations, such as on public transportation.

Those reasons aside, perhaps we should take a moment to goggle at the CDC's statistics on seasonal flu from last winter. In the period 27 September 2020 through 15 May 2021, the CDC counted 250 positive flu specimens out of 486,000 received. You read that right: the US had only 250 confirmed flu cases this past winter. In the parallel period two years ago (30 September 2018 through 18 May 2019), the CDC counted 177,000 positive results out of 1.14 million samples.

Masks significantly help prevent the spread of airborne disease. Everything we did to prevent the spread of Covid-19 also prevented the spread of influenza, likely saving hundreds of lives.

So, yeah, I'll wear a mask inside confined public spaces once the weather turns autumnal this year. You should too.