The Daily Parker

Politics, Weather, Photography, and the Dog

Two big wins for all of us

New York Governor Andrew Cuomo announced his resignation this morning:

Gov. Andrew M. Cuomo of New York said Tuesday he would resign from office, succumbing to a ballooning sexual harassment scandal that fueled an astonishing reversal of fortune for one of the nation’s best-known leaders.

Mr. Cuomo said his resignation would take effect in 14 days. Lt. Gov. Kathy Hochul, a Democrat, will be sworn in to replace him.

“Given the circumstances, the best way I can help now is if I step aside and let government get back to governing,” Mr. Cuomo said from his office in Manhattan. “And therefore that’s what I’ll do.”

The resignation of Mr. Cuomo, a three-term Democrat, came a week after a report from the New York State attorney general concluded that the governor sexually harassed nearly a dozen women, including current and former government workers, by engaging in unwanted touching and making inappropriate comments. The 165-page report also found that Mr. Cuomo and his aides unlawfully retaliated against at least one of the women for making her complaints public and fostered a toxic work environment.

Good. He needs to go. And yes, I am happy that my party threw the book at one of our own. We hold ourselves accountable, unlike the other guys.

But that's not all the Democratic Party did today. We also passed a $1 trillion infrastructure bill in the Senate with the support of nine Republicans:

The 69-to-30 vote follows weeks of turbulent private talks and fierce public debates that sometimes teetered on collapse, as the White House labored alongside Democrats and Republicans to achieve the sort of deal that had eluded them for years. Even though the proposal must still clear the House, where some Democrats recently have raised concerns the measure falls short of what they seek, the Senate outcome moves the bill one step closer to delivering President Biden his first major bipartisan win.

The bill proposes more than $110 billion to replace and repair roads, bridges and highways, and $66 billion to boost passenger and freight rail. That transit investment marks the most significant infusion of cash in the country’s railways since the creation of Amtrak about half a century ago, the White House said.

The infrastructure plan includes an additional $55 billion to address lingering issues in the U.S. water supply, such as an effort to replace every lead pipe in the nation. It allocates $65 billion to modernize the country’s power grid. And it devotes billions in additional sums to rehabilitating waterways, improving airports and expanding broadband Internet service, particularly after a pandemic that forced Americans to conduct much of their lives online.

If this bill becomes law, it's possible that within my lifetime the United States could have the same quality of roads, bridges, and trains that Western Europe has today. (NB: I expect to live at least another 50 years.)

Meanwhile, as if to underscore this week's IPCC report, the dewpoint outside my window right now has almost reached 26°C, giving us a delightful heat index of 38.7°C. Even Cassie didn't want to be outside for her lunchtime walk.

Update: the 2pm readings at O'Hare show even lovelier weather: temperature 33°, dewpoint 25°C, heat index 40.4°C. Bleah.

Journalism error on NPR

Yesterday, Boston University clinical journalism instructor and WGBH-Boston reporter Jenifer McKim presented a story on NPR's Morning Edition about Grindr, the gay dating app. NPR's Steve Inskeep introduced the story by saying "the dating app Grindr is a popular site for men seeking other men. It's also used by underage boys, which can put them at risk of sexual exploitation and trafficking."

Between that introduction and the body of the story, I got pretty steamed. This morning I sent the following comment to NPR:

I have serious problems with the way Jenifer McKim presented this story. Principally, despite the quote from Jack Turban that "gay people aren't more likely to be sexual predators than straight people," the story heavily implies the opposite. McKim's bookending the story with quotes from assault victim German Chavez sets it up as a story about abused children, strongly implying that gay dating app Grindr is to blame (and also implying that gay men are to blame). Yet Chavez admitted that he lied about his age to circumvent Grindr's age policy, and Kathryn Macpagal even says "there aren't a lot of spaces for LGBT teens online to make friends." It seems that the problem is a lack of safe spaces for gay teens, not an app explicitly marketed to adults with strictly enforced age policies.

Further, in the graf immediately following that quote from Macpagal, McKim blows all the homophobic dog whistles, saying "over 100 men...includ[ing] police officers, priests and teachers" have "faced charges...related to sexually assaulting or attempting to meet minors for sex on Grindr." This is exactly the language that conservative groups use to vilify gays and dating apps in general.

Of course I am not downplaying the harms of sexual assault and predation on minors. But I think McKim had an obligation to put the incidence of those harms in proper context. Start with the proportion of one hundred men out of millions of Grindr users. Of the 100, how many were "police officers, priests and teachers?" How many were journalists or BU professors? How many were convicted? In how many cases was it determined that the minors in question lied about their ages? Did Grindr cooperate with the investigations? What proportion of the cases were assaults, and what proportion were "attempt[s] to meet minors?" And what proportion of Tinder users, or OKCupid users, or FarmersD users for that matter, were police, priests, or teachers (assuming McKim meant "or" and meant to include the Oxford comma) accused of crimes against children directly related to their use of the app?

I applaud McKim's ongoing efforts to protect children. But the structure, presentation, and tone of her story yesterday did not live up to the standards for accuracy and against sensationalism that I expect from NPR or WGBH-Boston.

I'll post any reply from NPR, WGBH, or McKim that I receive.

Andrew Cuomo facing impeachment, criminal charges: reports

New York State Attorney General Letitia James released a report yesterday that alleges New York Governor Andrew Cuomo sexually harassed at least 11 women, including a New York State Police trooper assigned to his protective detail:

The report, released by the attorney general, Letitia James, and the announcement from the Albany County prosecutor, Kevin Soares, endangered Mr. Cuomo’s political future while also placing him in legal jeopardy.

“Governor Cuomo sexually harassed current and former state employees in violation of both federal and state laws,” Ms. James said, adding that the governor’s administration had “fostered a toxic workplace” in which staffers suppressed complaints because of a “climate of fear.”

Shortly after the report was released, Mr. Soares issued a statement saying that his office was conducting an investigation into Mr. Cuomo’s behavior and that it would be requesting investigative materials that the attorney general’s office had obtained. Mr. Soares encouraged other victims to come forward to aid in the inquiry.

President Biden has called on Cuomo to resign, as has US House Speaker Nancy Pelosi (D-CA) and Senate Majority Leader Chuck Schumer (D-NY). The State Assembly Speaker has opened an impeachment inquiry. I don't expect Cuomo to remain in office past the end of this month, but like other malignant narcissists I could mention, he may not understand that he's done.

Note that all the people I mentioned in this post are Democrats, from the President on down. I'm glad that my party finally wants to get rid of this asshole, and frustrated it took so long. But at least we ultimately do the right thing.

Inside the Anom phone

Via Bruce Schneier, Motherboard got ahold of a pair of Anom phones, which the FBI and Australian Federal Police used to take down a bunch of criminal networks earlier this year:

Motherboard has obtained and analyzed an Anom phone from a source who unknowingly bought one on a classified ads site. On that site, the phone was advertised as just a cheap Android device. But when the person received it, they realized it wasn't an ordinary phone, and after being contacted by Motherboard, found that it contained the secret Anom app.

After the FBI announced the Anom operation, some Anom users have scrambled to get rid of their device, including selling it to unsuspecting people online. The person Motherboard obtained the phone from was in Australia, where authorities initially spread the Anom devices as a pilot before expanding into other countries. They said they contacted the Australian Federal Police (AFP) in case the phone or the person who sold it was of interest to them; when the AFP didn't follow up, the person agreed to sell the phone to Motherboard for the same price they paid. They said they originally bought it from a site similar to Craigslist.

Anom started when an FBI confidential human source (CHS), who had previously sold devices from Phantom Secure and another firm called Sky Global, was developing their own product. The CHS then "offered this next generation device, named 'Anom,' to the FBI to use in ongoing and new investigations," court documents read.

In June the FBI and its law enforcement partners in Australia and Europe announced over 800 arrests after they had surreptitiously been listening in on Anom users' messages for years. In all, authorities obtained over 27 million messages from over 11,800 devices running the Anom software in more than 100 countries by silently adding an extra encryption key which allowed agencies to read a copy of the messages. People allegedly smuggling cocaine hidden inside cans of tuna, hollowed out pineapples, and even diplomatic pouches all used Anom to coordinate their large-scale trafficking operations, according to court documents.

 

That's some cool and scary shit. I'm glad they got all those criminals, but what happens when the people targeted are political dissidents? As Schneier has discussed at length, there is no such thing as a zero-trust environment.

The NSA has a sense of humor

After Fox network blowhard Tucker Carlson whined that the National Security Agency, the US intelligence service tasked with spying on communications outside the US, had tapped his phones, the agency clapped back on Twitter:

TPM's Cristina Cabrera reports, "Carlson doubled down on his accusation shortly afterward on his program, saying the NSA’s statement 'an entire paragraph of lies written purely for the benefit of the intel community’s lackeys at CNN and MSNBC.'"

The NSA is just having a bit of sport with Carlson, but one can't know for sure. First, the NSA would never admit to spying on anyone. But second, even if the NSA were spying on him, wouldn't Carlson want to know which overseas friend of his would have attracted the agency's attention, and why?

In related news, the Manhattan District Attorney appears ready to charge the Trump Organization and its CFO with tax crimes tomorrow morning. Stay tuned!

All work and dog play

Oh, to be a dog. Cassie is sleeping comfortably on her bed in my office after having over an hour of walks (including 20 minutes at the dog park) so far today. Meanwhile, at work we resumed using a bit of code that we put on ice for a while, and I promptly discovered four bugs. I've spent the afternoon listening to Cassie snore and swatting the first one.

Meanwhile, in the outside world, life continues:

And right by my house, TimeLine Theater plans to renovate a dilapidated warehouse to create a new theater space and cultural center, while a 98-year-old hardware store by Wrigley Field will soon become apartments.

Wednesday afternoon

I spent the morning unsuccessfully trying to get a .NET 5 Blazor WebAssembly app to behave with an Azure App Registration, and part of the afternoon doing a friend's taxes. Yes, I preferred doing the taxes, because I got my friend a pile of good news without having to read sixty contradictory pages of documentation.

I also became aware of the following:

Tomorrow morning, I promise to make my WebAssembly app talk to our Azure Active Directory. Right now, I think someone needs a walk.

Because conservatives love states' rights

SDCA Senior Judge Roger Benitez, a George W Bush appointee, has ruled that California's assault-weapons ban violates the 2nd Amendment:

The state’s definition of illegal military-style rifles unlawfully deprives law-abiding Californians of weapons commonly allowed in most other states and by the U.S. Supreme Court, the judge wrote.

Judge Roger T. Benitez, who has favored pro-gun groups in past rulings, described the AR-15 rifle, used in many of the nation's deadliest mass shootings, as an ideal weapon.

"Like the Swiss Army Knife, the popular AR-15 rifle is a perfect combination of home defense weapon and homeland defense equipment," he wrote in Friday's decision.

"Yet, the State of California makes it a crime to have an AR15 type rifle," Benitez continued. "Therefore, this Court declares the California statutes to be unconstitutional."

What a novel theory: other states allow this thing, so California must also. And yet I would bet you an entire dollar that Judge Benitez would disagree with his own theory as regards, say, marijuana or abortions.

The hypocrisy of Republicans on this issue is a lot like their hypocrisy on many others: what they want, others must have; what they don't want, no one else can have. The Federal government can't tell states they have to allow abortions, but they can tell states they can't ban the causes of the biggest health crisis in America since the invention of the automobile.

Benitez' opinion opens with a lengthy argument that the AR-15, a weapon designed specifically to allow American infantry to kill lots of people as reliably and as easily as possible, really isn't as deadly as someone's hands (no, really, footnote 3 on page 3). But really, he goes on, the term "assault weapon" is too broadly defined to be useful, but even if the AR-15 is an assault rifle, "like all guns, [it] can be used for ill or for good" (at 8).

Judge Benitez does not elaborate on the good that an AR-15 can do.

Naturally his opinion quotes dissents from Thomas, Scalia, and Kavanaugh quite a bit. For non-lawyers, quoting a dissent usually signals that the judge knows he's on the wrong side of precedent, but hopes that he can create new precedent if the case goes all the way up on appeal. He also spends a lot of time on Heller, which, I'm sure even casual Daily Parker readers know, I think was wrongly decided and has caused no end of suffering all over the US.

I expect it will. The 9th Circuit Court of Appeals will probably overturn Benitez, as I would guess they have done on many previous occasions. I have little doubt that our hyper-politicized Supreme Court will grant certiorari, and if so, probably reverse the appellate court.

I'm sick of my country's gun fetish. And assholes like Judge Benitez, who proudly say "there's no way to prevent this" in the only country where this regularly happens.

Ransomware in the news

I've just received my third nearly-identical fake DMCA takedown notice, which I may decide to turn over to the FBI if I can muster the shits to give. I find it funny how each one of them has a few differences that make them look like something other than lazy script-kiddie stuff. This one again misstated the statutory damage limits for willful copyright infringement, and the randomly-generated name of the "claimant" was no less bizarre than the other two. And yet I wonder why they bothered altering the bits they altered. Maybe there are multiple entities involved, with each email coming from a different person or group? Maybe they have some low-paid flunky typing in the note each time, so I'm watching its slow drift from a semi-competent DMCA notice into the digital equivalent of "hodor?"

This one bounced through an IP address in New York State, which means my previous guess that this was a domestic script-kiddie operation might be wrong. For one thing, the threatening language has a few tells that its author doesn't speak English natively. I had originally thought the author merely wanted to sound more convincing by using stock phrases and "magic" legal words, but now that I've seen three examples of the same basic text, it looks more like Russian-inflected English. In any event, I wave my private parts at their aunties.

Both the New Yorker and New York Times published reports over the weekend about crap like this. In the first, Rachel Monroe talked with ransomware negotiator Kurt Minder about negotiating with criminals:

For the past year, Minder, who is forty-four years old, has been managing the fraught discussions between companies and hackers as a ransomware negotiator, a role that didn’t exist only a few years ago. The half-dozen ransomware-negotiation specialists, and the insurance companies they regularly partner with, help people navigate the world of cyber extortion. But they’ve also been accused of abetting crime by facilitating payments to hackers. Still, with ransomware on the rise, they have no lack of clients. Minder, who is mild and unpretentious, and whose conversation is punctuated by self-deprecating laughter, has become an accidental expert.

Hackers use various techniques to gain access to a company’s computers, from embedding malware in an e-mail attachment to using stolen passwords to log in to the remote desktops that workers use to connect to company networks. Many of the syndicates are based in Russia or former Soviet republics; sometimes their malware includes code that stops an attack on a computer if its language is set to Russian, Belarusian, or Ukrainian.

When Minder founded GroupSense, in Arlington, Virginia, in 2014, the cybersecurity threat on everyone’s mind was data breaches—the theft of consumer data, like bank-account information or Social Security numbers. Minder hired analysts who spoke Russian and Ukrainian and Urdu. Posing as cybercriminals, they lurked on dark-Web marketplaces, seeing who was selling information stolen from corporate networks. But, as upgrades to security systems made data breaches more challenging, cybercriminals increasingly turned to ransomware.

Early last year, GroupSense found evidence that a hacker had broken into a large company. Minder reached out to warn it, but a server had already been compromised. The hacker sent a ransom note to the company, threatening to release its files. The company asked Minder if he would handle the ransom negotiations. Initially, he demurred—“It never occurred to me as a skill set I had,” he said—but eventually he was persuaded.

The profile on Minder dovetailed with the Times' collaboration with a criminal named Woris who gave the paper access to the tools gangs use to launch ransomware attacks:

The Times gained access to the internal “dashboard” that DarkSide customers used to organize and carry out ransom attacks. The login information was provided to The Times by a cybercriminal through an intermediary. The Times is withholding the name of the company involved in the attack to avoid additional reprisals from the hackers.

Access to the DarkSide dashboard offered an extraordinary glimpse into the internal workings of a Russian-speaking gang that has become the face of global cybercrime. Cast in stark black and white, the dashboard gave users access to DarkSide’s list of targets as well as a running ticker of profits and a connection to the group’s customer support staff, with whom affiliates could craft strategies for squeezing their victims.

In the chat log viewed by The Times, a DarkSide customer support employee boasted to Woris that he had been involved in more than 300 ransom attacks and tried to put him at ease.

“We’re just as interested in the proceeds as you are,” the employee said.

Together, they hatched the plan to put the squeeze on the publishing company, a nearly century-old, family-owned business with only a few hundred employees.

In addition to shutting down the company’s computer systems and issuing the pedophile threat, Woris and DarkSide’s technical support drafted a blackmail letter to be sent to school officials and parents who were the company’s clients.

The Russian government allows this to happen because (a) Russian President Vladimir Putin loves annoying the West, and (b) it seems obvious after two seconds of thought that Russian government officials are probably on the take.

All of this gets so exhausting, doesn't it? Simple economics demonstrates the inevitability of theft. It imposes a tax on everyone else, both financially (it costs money to set up good security) and mentally (I will never get back the hour I spent investigating the bogus DMCA notices). At some point, though, it just becomes easier to tolerate a certain level of theft than to build a squirrel-proof bird feeder.

Welcome to Summer 2021

The northern hemisphere started meteorological summer at midnight local time today. Chicago's weather today couldn't have turned out better. Unfortunately, I go into the office on the first and last days of each week, so I only know about this from reading weather reports.

At my real job, we have a release tomorrow onto a completely new Azure subscription, so for only the second time in 37 sprints (I hope) I don't expect a boring deployment. Which kind of fits with all the decidedly-not-boring news that cropped up today:

  • The XPOTUS and his wackier supporters have a new conspiracy theory about him retaking office in a coup d'état this August. No, really.
  • In what could only 100% certainly no doubt how could you even imagine a coincidence, former White House counsel Don McGahn will testify before the House Judiciary Committee tomorrow morning.
  • Also uncoincidentally, a group of 100 historians and political scientists who study this sort of thing have put out a statement warning of imminent democratic collapse in the US. “The playbook that the Republican Party is executing at the state and national levels is very much consistent with actions taken by illiberal, anti-democratic, anti-pluralist parties in other democracies that have slipped away from free and fair elections,” according to the Post.
  • Speaking of democratic backsliding, Josh Marshall takes the Israeli cognoscenti to task for still not getting how much the Israeli government aligning with an American political party has hurt them.
  • Here in Illinois, the state legislature adjourned after completing a number of tasks, including passing a $46 billion budget that no one got to read before they voted on it. (I'm doubly incensed about this because my own party did it. We really need to be better than the other guys. Seriously.)
  • For the first time since March 2020, Illinois has no states on its mandatory quarantine list. And we reported the fewest new Covid-19 cases (401) since we started reporting them.
  • The Northalsted Business Alliance wants to change the name of Chicago's Boystown neighborhood to...Northalsted. Residents across the LGBTQ spectrum say "just, no."

Finally, a Texas A&M business professor expects a "wave of resignations" as people go back to their offices.