The Daily Parker

Politics, Weather, Photography, and the Dog

More stuff to read

I know, two days in a row I can't be arsed to write a real blog post. Sometimes I have actual work to do, y'know?

Finally, as I've gone through my CD collection in the order I bought them, I occasionally encounter something that has not aged well. Today I came across Julie Brown's "The Homecoming Queen's Got a Gun," which...just, no. Not in this century.

Scarier than we thought

According to an upcoming book by Washington Post reporters Carol Leonnig and Philip Rucker, Joint Chiefs of Staff Chairman Mark Milley seriously worried about the XPOTUS attempting an autogolpe in January:

Milley described “a stomach-churning” feeling as he listened to Trump’s untrue complaints of election fraud, drawing a comparison to the 1933 attack on Germany’s parliament building that Hitler used as a pretext to establish a Nazi dictatorship.

In December, with rumors circulating that the president was preparing to fire then-CIA Director Gina Haspel and replace her with Trump loyalist Kash Patel, Milley sought to intervene, the book says. He confronted White House Chief of Staff Mark Meadows at the annual Army-Navy football game, which Trump and other high-profile guests attended.

“What the hell is going on here?” Milley asked Meadows, according to the book’s account. “What are you guys doing?”

When Meadows responded, “Don’t worry about it,” Milley shot him a warning: “Just be careful.”

Greg Sargent warns we need immediate reforms to make sure we never get that close to a coup again:

Milley’s general overarching fear was absolutely correct: Trump and key strains of the movement behind him were unquestionably willing to resort to potentially illegal and violent means to thwart the transfer of power from Trump to the legitimately elected new government. They actually did attempt this.

On certification of federal elections, Congress could set standards for states that streamline the certification process to take pressure off low-level election boards, and place ultimate control of certification in the hands of state judicial actors who are ostensibly nonpartisan. That would make it harder to corrupt certification.

On state legislatures sending rogue electors, Congress could revise the Electoral Count Act. Ideas include setting higher evidentiary standards for objections to electors, making the threshold for objecting higher than one senator and representative, and requiring two-thirds of Congress to sustain an objection.

This could avert a 2024 scenario in which a GOP legislature in one deciding state buckles this time under pressure to send rogue electors, and a GOP-controlled chamber in Congress counts them, creating a severe crisis at best and a stolen election at worst.

Whatever reforms we choose, the basic guiding idea here should be this. We don’t just want to make it harder to corrupt these processes, but also to reduce the incentive to pressure officials at all these levels to do so, since it would be less likely to succeed.

Milley’s fear of a Trump military coup was not borne out. But this shouldn’t lead us to congratulate ourselves over Trump’s incompetence or the virtues of individual players. It should add to our urgency to act.

Scary stuff. And the Republican Party continues to push towards minority rule, having given up on democracy itself. So yes, we need to fix this, to the extent possible.

Not exactly storming the ballustrades

Former Social Security commissioner, whom President Biden fired last week, "defiantly" "showed up" for "work" yesterday morning. It worked about as well as someone not born in the Pleistocene would have guessed:

Ousted Social Security commissioner Andrew Saul, the Trump appointee who declared Friday he would defy his firing by President Biden, on Monday found his access to agency computers cut off, even as his acting replacement moved to undo his policies.

“There will be more,” said Saul, a wealthy former women’s apparel executive and prominent Republican donor who had served on the board of a conservative think tank that has called for cuts to Social Security benefits. “Stay tuned.”

OK, Boomer.

Now, I'm not wild about the president firing an agency head, when the agency probably would have done better to stay out of politics. But when the head of said agency wants to dismantle the agency, maybe firing him is OK?

Inside the Anom phone

Via Bruce Schneier, Motherboard got ahold of a pair of Anom phones, which the FBI and Australian Federal Police used to take down a bunch of criminal networks earlier this year:

Motherboard has obtained and analyzed an Anom phone from a source who unknowingly bought one on a classified ads site. On that site, the phone was advertised as just a cheap Android device. But when the person received it, they realized it wasn't an ordinary phone, and after being contacted by Motherboard, found that it contained the secret Anom app.

After the FBI announced the Anom operation, some Anom users have scrambled to get rid of their device, including selling it to unsuspecting people online. The person Motherboard obtained the phone from was in Australia, where authorities initially spread the Anom devices as a pilot before expanding into other countries. They said they contacted the Australian Federal Police (AFP) in case the phone or the person who sold it was of interest to them; when the AFP didn't follow up, the person agreed to sell the phone to Motherboard for the same price they paid. They said they originally bought it from a site similar to Craigslist.

Anom started when an FBI confidential human source (CHS), who had previously sold devices from Phantom Secure and another firm called Sky Global, was developing their own product. The CHS then "offered this next generation device, named 'Anom,' to the FBI to use in ongoing and new investigations," court documents read.

In June the FBI and its law enforcement partners in Australia and Europe announced over 800 arrests after they had surreptitiously been listening in on Anom users' messages for years. In all, authorities obtained over 27 million messages from over 11,800 devices running the Anom software in more than 100 countries by silently adding an extra encryption key which allowed agencies to read a copy of the messages. People allegedly smuggling cocaine hidden inside cans of tuna, hollowed out pineapples, and even diplomatic pouches all used Anom to coordinate their large-scale trafficking operations, according to court documents.

 

That's some cool and scary shit. I'm glad they got all those criminals, but what happens when the people targeted are political dissidents? As Schneier has discussed at length, there is no such thing as a zero-trust environment.

We're dumb, but we're not that dumb

Two sad-funny examples of how, nah, we're exactly that dumb. The first, from TDWTF, points out the fundamental problem with training a machine-learning system how to write software:

Any ML system is only as good as its training data, and this leads to some seriously negative outcomes. We usually call this algorithmic bias, and we all know the examples. It's why voice assistants have a hard time with certain names or accents. It's why sentencing tools for law enforcement mis-classify defendants. It's why facial recognition systems have a hard time with darker skin tones.

In the case of an ML tool that was trained on publicly available code, there's a blatantly obvious flaw in the training data: MOST CODE IS BAD.

If you feed a big pile of Open Source code into OpenAI, the only thing you're doing is automating the generation of bad code, because most of the code you fed the system is bad. It's ironic that the biggest obstacle to automating programmers out of a job is that we are terrible at our jobs.

I regret to inform the non-programmer portion of the world that this is true.

But still, most of the world's bad code isn't nearly as bad as the deposition Paula Deen gave in her harassment suit in May 2013. This came up in a conversation over the weekend, and the person I discussed this with insisted that, no, she really said incredibly dumb things that one has to imagine made her attorney weep. She reminds us that the Venn diagram of casual bigotry and stupidity has a large overlapping area labeled "Murica."

Just wait for the bit where the plaintiff's attorney asks Deen to give an example of a nice way to use the N-word.

I will now continue writing code I hope never winds up in either a deposition or on TDWTF.

Cosplaying soldiers arrested in Massachusetts

I mean...

Police in Massachusetts arrested 11 people Saturday after an hours-long standoff with a group of heavily armed men near Interstate 95, sparking stay-at-home orders for nearby residents and a highway shutdown during the holiday weekend.

According to the Wakefield Police Department, several men carrying rifles and handguns took off into the woods after refusing to comply with orders during a motor vehicle stop around 1:30 a.m. The men claimed to belong to a group that “does not recognize our laws,” police said.

“No threats were made, but these men should be considered armed and dangerous,” the department said in a statement at the time.

The incident concluded around nine hours later with authorities saying all those involved had been apprehended. The men are expected to appear in district court on a variety of firearms charges Tuesday morning. In the meantime, investigators are still trying to determine what, if any, motives the group might have had.

Apparently these guys belong to a group called "Rise of the Moors," which one must assume has nothing to do with Yorkshire:

The group’s website describes its organization as a collective of “Moorish Americans,” and its members believe they are the “original sovereigns of this land — America.”

During his phone conversation, the apparent leader said his men grabbed weapons Saturday morning on I-95 when they were approached by law enforcement because they felt threatened. The apparent leader asked to be served a summons, saying law enforcement officials could deliver the summons to a table that he offered to set up in the middle of the highway.

He expressed concern about being arrested and fingerprinted, which he described as a form of self-incrimination. He said he and his men wanted to go home.

“I want my men to be safe, alive, keep and bear their arms,” he said.

I mean...I'm less interested in where people come up with these ideas, which seem like legal mondegreens. But why do they persist in believing this stuff?

Partisan court takes another swipe at the Voting Rights Act

The two most recent US Supreme Court appointees may have agreed with the moderate justices on a couple of issues this term, but as the last opinions come out this morning, they have reminded us that the Republican Party's anti-democratic policies remain their top priorities.

Despite no evidence of retail election fraud, in 2016 Arizona's Republican majority enacted a law making it a crime to collect ballots from voters. Many voters in Arizona and elsewhere have difficulty making it to the polls, and in some cases, to the nearest mailbox. Ballot collection drives helped ensure they could still cast votes. Given who benefitted most from these drives, no one had any illusions about why Arizona Republicans passed this bill.

The Court today ruled, in a 6-3 decision right along party lines, that this does not violate section 2 of the Voting Rights Act. Justice Alito delivered the opinion, which repeats the Republican Party's canards about voting fraud as if channeling the voice of Mitch McConnell:

Finally, the strength of the state interests served by a challenged voting rule is also an important factor that must be taken into account. As noted, every voting rule imposes a burden of some sort, and therefore, in determining “based on the totality of circumstances” whether a rule goes too far, it is important to consider the reason for the rule. Rules that are supported by strong state interests are less likely to violate §2.

One strong and entirely legitimate state interest is the prevention of fraud. Fraud can affect the outcome of a close election, and fraudulent votes dilute the right of citizens to cast ballots that carry appropriate weight. Fraud can also undermine public confidence in the fairness of elections and the perceived legitimacy of the announced outcome.

(Brnovich v DNC, opinion at 19; citations removed.)

He then retreats deep into his epistemological bubble to declare that, even though Arizona has no documented instances of such fraud, and even though it will make it harder for Black, Hispanic, and poor people to cast ballots, the law doesn't really discriminate. Because, of course, the Arizona Secretary of State's office are all, all honourable men:

The State makes accurate precinct information available to all voters. When precincts or polling places are altered between elections, each registered voter is sent a notice showing the voter’s new polling place. Arizona law also mandates that election officials send a sample ballot to each household that includes a registered voter who has not opted to be placed on the permanent early voter list, and this mailing also identifies the voter’s proper polling location. In addition, the Arizona secretary of state’s office sends voters pamphlets that include information (in both English and Spanish) about how to identify their assigned precinct.

The Court of Appeals noted that Arizona leads other States in the rate of votes rejected on the ground that they were cast in the wrong precinct, and the court attributed this to frequent changes in polling locations, confusing placement of polling places, and high levels of residential mobility. But even if it is marginally harder for Arizona voters to find their assigned polling places, the State offers other easy ways to vote. Any voter can request an early ballot without excuse. Any voter can ask to be placed on the permanent early voter list so that an early ballot will be mailed automatically. Voters may drop off their early ballots at any polling place, even one to which they are not assigned. And for nearly a month before election day, any voter can vote in person at an early voting location in his or her county.

(Id. at 26-27, citations removed.)

So, once again, the Republican justices take the position that because the Voting Rights Act has done its job over the years, we don't need the Voting Rights Act anymore. (Kind of like how we taught the Germans a lesson in 1918 and they hardly bothered us after that.)

In her dissent, Justice Kagan expresses no patience for any of this crap:

If a single statute represents the best of America, it is the Voting Rights Act. It marries two great ideals: democracy and racial equality. And it dedicates our country to carrying them out. Section 2, the provision at issue here, guarantees that members of every racial group will have equal voting opportunities. Citizens of every race will have the same shot to participate in the political process and to elect representatives of their choice. They will all own our democracy together—no one more and no one less than any other.

If a single statute reminds us of the worst of America, it is the Voting Rights Act. Because it was—and remains—so necessary. Because a century after the Civil War was fought, at the time of the Act’s passage, the promise of political equality remained a distant dream for African American citizens. Because States and localities continually “contriv[ed] new rules,” mostly neutral on their face but discriminatory in operation, to keep minority voters from the polls. Because “Congress had reason to suppose” that States would “try similar maneuvers in the future”— “pour[ing] old poison into new bottles” to suppress minority votes. Because Congress has been proved right.

Today, the Court undermines Section 2 and the right it provides. The majority fears that the statute Congress wrote is too “radical”—that it will invalidate too many state voting laws. So the majority writes its own set of rules, limiting Section 2 from multiple directions. Wherever it can, the majority gives a cramped reading to broad language. And then it uses that reading to uphold two election laws from Arizona that discriminate against minority voters. I could say—and will in the following pages—that this is not how the Court is supposed to interpret and apply statutes. But that ordinary critique woefully undersells the problem. What is tragic here is that the Court has (yet again) rewritten—in order to weaken—a statute that stands as a monument to America’s greatness, and protects against its basest impulses. What is tragic is that the Court has damaged a statute designed to bring about “the end of discrimination in voting.”

(Kagan Dissent at 1, 3; citations removed).

When a few commentators tut-tutted that the Court "is less one-sided than liberals feared," they missed the point. Justices Barrett and Kavanaugh seem less unhinged than they did at their confirmation hearings, but they never lost their party loyalty. Sure, they upheld Obamacare (for the 17th time); sure, they ruled that children don't lose First Amendment protections just because they say something their school doesn't like. And just as sure, they will vote every single time to limit the franchise, because voting rights have become an existential threat to the Republican Party.

The Republicans' 40-year program of selecting and promoting young, partisan judges continues to pay off. Until we Democrats start using the political power we actually have, the Republicans will continue to drive the United States toward minority corporatist rule that will take decades to undo.

"F*** school, f*** softball, f*** cheer, f*** everything" wins with SCOTUS

Brandi Levy, a 19-year-old student from Pennsylvania, won her appeal to the US Supreme Court after being suspended from cheerleading for a year after Snapchatting the above sentiment:

She sent the message on a Saturday from the Cocoa Hut, a convenience store popular with teenagers.

Though Snapchat messages are meant to vanish not long after they are sent, another student took a screenshot and showed it to her mother, a coach. The school suspended Ms. Levy from cheerleading for a year, saying the punishment was needed to “avoid chaos” and maintain a “teamlike environment.”

Ms. Levy sued the school district, winning a sweeping victory from a divided three-judge panel of the United States Court of Appeals for the Third Circuit, in Philadelphia. The court said the First Amendment did not allow public schools to punish students for speech outside school grounds, relying on a precedent from a different era.

Everyone except Justice Thomas joined Justice Breyer's opinion, which held:

While public schools may have a special interest in regulating some off-campus student speech, the special interests offered by the school are not sufficient to overcome B. L.’s interest in free expression in this case.

[T]hree features of off-campus speech often, even if not always, distinguish schools’ efforts to regulate off-campus speech. First, a school will rarely stand in loco parentis when a student speaks off campus. Second, from the student speaker’s perspective, regulations of off-campus speech, when coupled with regulations of on-campus speech, include all the speech a student utters during the full 24-hour day. That means courts must be more skeptical of a school’s efforts to regulate off-campus speech, for doing so may mean the student cannot engage in that kind of speech at all. Third, the school itself has an interest in protecting a student’s unpopular expression, especially when the expression takes place off campus, because America’s public schools are the nurseries of democracy. Taken together, these three features of much off-campus speech mean that the leeway the First Amendment grants to schools in light of their special characteristics is diminished.

Justice Thomas, with predictable disdain for the modern world and rational thought in general, would have applied his originalist philosophy even to Snapchat:

I would begin the assessment of the scope of free-speech rights incorporated against the States by looking to “what ‘ordinary citizens’ at the time of [the Fourteenth Amendment’s] ratification would have understood” the right to encompass. McDonald v. Chicago, 561 U. S. 742, 813 (2010) (THOMAS, J., concurring in part and concurring in judgment). Cases and treatises from that era reveal that public schools retained substantial authority to discipline students. As I have previously explained, that authority was near plenary while students were at school. See Morse v. Frederick, 551 U. S. 393, 419 (2007) (concurring opinion). Authority also extended to when students were traveling to or from school. See, e.g., Lander v. Seaver, 32 Vt. 114, 120 (1859). And, although schools had less authority after a student returned home, it was well settled that they still could discipline students for off-campus speech or conduct that had a proximate tendency to harm the school environment.

Perhaps the most familiar example applying this rule is a case where a student, after returning home from school, used “disrespectful language” against a teacher—he called the teacher “old”—“in presence of the [teacher] and of some of his fellow pupils.” Id., at 115 (emphasis deleted). The Vermont Supreme Court held that the teacher could discipline a student for this speech because the speech had “a direct and immediate tendency to injure the school, to subvert the master’s authority, and to beget disorder and insubordination.”

I left the citations in because seeing Thomas at his epistemologically-sealed best really drives home how frighteningly out of touch he is. First, he cited his own concurrences, which (a) have no force of law and (b) he wrote. Then he cited and quoted a Vermont case from 1859 that sure, I guess, has precedential value in the state of Vermont, but probably doesn't even reflect current Vermont law.

In the rest of his dissent, Thomas cites his own concurrences a couple more times, a Missouri case from 1885, an Iowa case from 1971, and another Missouri case from 1877. He really does live in the 19th Century.

So, good on Levy, and on the First Amendment, who won a clear victory with this case. But what the hell, Clarence? How much more of this originalist crap do we have to endure before you finally retire and we can appoint someone from the 21st Century to Thurgood Marshall's seat?

Well-designed phishing attack

I had planned to note Bruce Schneier's latest essay, "The Misaligned Incentives for Cloud Security," along with a report that Microsoft has noticed an uptick in SolarWinds attacks against its own services. But twice in two weeks I've received bogus DMCA takedown notices that tried to trick me into downloading files from a Google site, and I'm impressed by the effort that went into these phishing attacks.

In both cases, the attacks came through the blog's Contact page, meaning someone had to copy and paste the text into the form. They both lay out most, but not all, of the elements of a DMCA takedown notice, with lots of threatening (but inaccurate) text about what could happen if I don't comply. But here's the kicker: instead of specifying which of the Daily Parker's nearly 8,000 posts contain infringing material, as required by the DMCA, they contain a link to a file on a Google site that I should download to see the material they claim to own.

It turns out, I know a thing or two about copyright law, and about computer security, so I didn't fall for the phish. I worry, though, that this attack could fool a lot of people. Reminder, folks: never download a file you didn't specifically ask for. (In my case, I did attempt to download one of the files, in a sandbox, with virus protection jacked all the way up. The virus protection took one look at the file and didn't even allow the download.)

Let me enumerate the really sophisticated features of this attack:

  • It contained mostly true information. People send out DMCA takedown notices all the time; experienced website administrators take them seriously when received. The author of this phish included the correct and relevant US Code sections, and a mostly-correct description of how the DMCA operates. They got the statutory damage amount totally wrong, but only because the number they used would scare people more.
  • It didn't contain any English language errors. Whoever wrote the copy for this attack speaks perfect English. This wasn't a laughable 409 scam.
  • It came through the Contact feature, not an email. The attacker took the time to go to the Daily Parker contact page, copy and paste the phishing text, and click "send." A human had to do that.
  • It stated a plausible claim. This is Daily Parker post #7,922 since the blog started on 13 May 1998. It is conceivable that at some point in the last 23 years I posted a photo for which I didn't obtain a proper license. This would be true of any large blog or website.
  • It used a real Google Sites link. The download link pointed to an asset actually stored on a google.com computer somewhere. That might convince someone of its legitimacy, unless you remember that anyone can put anything up on a Google Site or other cloud storage service. Again: never download a file you didn't specifically ask for.
  • It came from a network in the US. Reverse-IP lookups showed the origin IP addresses to be owned by a major ISP in Colorado, not a scary Eastern European location. Of course, it means that the attacker has access to a computer physically located in the US, which means I'll send my own legal notice to the ISP if I receive another one of these.

Now, here's where they missed the mark:

  • They asked me to download a file. No. No, no, no. GFY a thousand times with a chainsaw.
  • The phish did not contain all the required elements of a DMCA takedown notice. They didn't list specific assets, with URLs, that they allege infringed their copyrights; they didn't assert a claim of ownership in a legally-sufficient manner; they didn't provide full contact information; and they didn't sign it. But of course they didn't, because the closer they got to legal sufficiency, the more information I'd have that they have no real claim.
  • They sent two nearly-identical (but not identical enough) phishes 8 days apart. You think I didn't remember the first one? You think I didn't compare them? The second attempt simply confirmed that the first attempt wasn't merely an amateur-hour legal notice but, as I suspected, a phish.
  • One of the phishes came through a non-publicized FQDN. Because I host the Daily Parker on Microsoft Azure, it has an Azure-provided fully-qualified domain name (FQDN) in addition to www.thedailyparker.com. I have never publicized the Azure FQDN, and as far as I know the Azure FQDN has no inbound links. I suppose it could have gotten picked up by a search engine, but again, without inbound links, I can't see how. It's not secret; it's just really odd that someone would use it.
  • The claimant's names were...weird. I said earlier that the text of the phish used correct English throughout, but the names of the supposed claimants seem to have come from a name-generation tool. Seriously, the names were Ford Prefect-weird.
  • It turns out, I'm well-versed in both copyright law and cybersecurity. This type of mistake even has an entire TV Tropes entry. I guess a criminal wouldn't necessarily know that, however. They might find out, should they send a third phishing attempt my way. Will I haul them into Illinois court to answer a tortious trespassing case? Probably not. But I might tell their ISP. And the FBI. Because at some point, they will get someone to open whatever malicious file they linked to, which I expect will lead to actual crimes.

In recognition the effort that went into this phishing attack, I wanted to publicize it in case it happens to anyone else. If you get an alleged DMCA takedown notice, and it doesn't meet the legal requirements as outlined by the USPTO, ignore it. And once more, with feeling: never download a file you didn't specifically ask for.

And if you're the script kiddie who sent the phish, GFY with a tree. Sideways.

Bad faith and unfair dealing

The bankruptcy court for the Northern District of Texas has dismissed the National Rifle Association's bankruptcy petition as a sham meant to avoid the New York Attorney General's case against them:

"The question the Court is faced with is whether the existential threat facing the NRA is the type of threat that the Bankruptcy Code is meant to protect against. The Court believes it is not," U.S. Bankruptcy Judge Harlin Hale wrote in a 38-page decision.

The group filed for bankruptcy in January at the direction of the NRA's chief executive, Wayne LaPierre — and unbeknownst to some of the organization's board of directors and top officials.

"What concerns the Court most though is the surreptitious manner in which Mr. LaPierre obtained and exercised authority to file bankruptcy for the NRA. Excluding so many people from the process of deciding to file for bankruptcy, including the vast majority of the board of directors, the chief financial officer, and the general counsel, is nothing less than shocking," the Northern District of Texas judge wrote.

Bankruptcy judges tend not to take a lot of bullshit. I'm pretty sure Judge Hale not only found the NRA's petition baldly disingenuous, but he probably also believed that the NRA chose to file in his court because Wayne LaPierre thought a court in Texas might have some sympathy for the gun-rights organization. Maybe Hale does; but that clearly didn't translate into sympathy for LaPierre.

Pass the popcorn.