The Daily Parker

Politics, Weather, Photography, and the Dog

Wait, what?

The United States Postal Service has a surveillance program that tracks social media posts for law enforcement, and no one can say why:

The details of the surveillance effort, known as iCOP, or Internet Covert Operations Program, have not previously been made public. The work involves having analysts trawl through social media sites to look for what the document describes as “inflammatory” postings and then sharing that information across government agencies.

“Analysts with the United States Postal Inspection Service (USPIS) Internet Covert Operations Program (iCOP) monitored significant activity regarding planned protests occurring internationally and domestically on March 20, 2021,” says the March 16 government bulletin, marked as “law enforcement sensitive” and distributed through the Department of Homeland Security’s fusion centers. “Locations and times have been identified for these protests, which are being distributed online across multiple social media platforms, to include right-wing leaning Parler and Telegram accounts.”

When contacted by Yahoo News, civil liberties experts expressed alarm at the post office’s surveillance program. “It’s a mystery,” said University of Chicago law professor Geoffrey Stone, whom President Barack Obama appointed to review the National Security Agency’s bulk data collection in the wake of the Edward Snowden leaks. “I don’t understand why the government would go to the Postal Service for examining the internet for security issues.”

I mean, scraping social media takes only a modicum of technical skills. In the last year I've written software that can scan Twitter and run detailed sentiment analysis on keyword-based searches. But I'm not a government agency with arrest powers. Or, you know, a constitutional mandate to deliver the mail.

Weird.

End of the week or beginning of the weekend?

Today's end-of-workweek stories:

Finally, today is the 157th anniversary of the surrender of the traitors and the end of the white rebellion in America. (Sounds different these days, doesn't it?)

Microsoft suffers DDOS attack on its DNS servers

Microsoft Azure and Office 365 suffered an outage yesterday that affected just about everything in their cloud:

Microsoft Corp. was hit by a massive cloud outage today that took most of its internet services offline.

Microsoft’s Azure cloud services, as well as Teams, Office 365, OneDrive, Skype, Xbox Live and Bing were all inaccessible due to the outage. Even the Azure Status page was reportedly taken offline.

The first reports of the outage emerged from users on Twitter, and were confirmed by the website DownDetector which showed that reports began flooding in at around 5 p.m. ET. It says it received thousands of notices from Xbox Live, Teams and Office users.

Microsoft 365’s Twitter status account posted another update at 6.35 p.m. ET saying that traffic was being rerouted to resilient DNS capabilities and that it was already “seeing an improvement in service availability.”

Today, Microsoft reported as a preliminary root cause "We are continuing to investigate the underlying cause for the DNS outage but we have observed that Microsoft DNS servers saw a spike in DNS traffic." In other words, it looks like they suffered a distributed denial-of-service (DDOS) attack on their internal name servers. The final analysis will come out next Thursday.

This outage was like the familiar "collective amnesia" trope in sci-fi where suddenly none of the characters recognizes any of the others, though they retain their normal personalities and abilities. (See, e.g.Dollhouse and Buffy. Joss Whedon lurves this trope.) For example, The Daily Parker was still running, but no one could get to it because the mapping from www.thedailparker.com to the Microsoft App Service hosting it has to go through Microsoft's internal name servers.

I wonder if this was a DDOS attack from inside the house?

The world keeps turning

Even though my life for the past week has revolved around a happy, energetic ball of fur, the rest of the world has continued as if Cassie doesn't matter:

And if you still haven't seen our spring concert, you still can. Don't miss it!

Lunchtime headaches

I'm shaking my head at email service provider Postmark, who four weeks ago announced they would be phasing out support for TLS 1.0 (a network security protocol). I understood this when they announced it in February, 60 days ahead of their cutover to TLS 1.2, but didn't think it applied to anything of mine. This morning they sent a more focused email saying, "you're getting this email because we can see that this applies to you." Panic ensues.

Why panic? Because almost everything I've developed in the last 12 years depends on Postmark for email messaging, and the way they worded their notice, it seemed like all of those apps will fail on April 20th. And the only documentation they supplied relevant to me (and anyone else in the Microsoft universe) was a set of instructions on how to test TLS 1.2 support, not whether this would be a breaking change.

I immediately contacted their support group and said, as nicely as I can, "WTF dudes?" To which they replied, "oh yeah, bummer, dude." So I sent a lengthier reply just now and started digging into their source code. It turns out they're using an out-of-the-box Microsoft component that should transparently switch from TLS 1.0 to TLS 1.2 if asked to do so. I believe, therefore, the affected applications will be fine. In fact, fixing the problem may only require a simple, non-invasive change to Microsoft Azure settings for the affected applications. But I don't know that for sure. And I'm hoping their actual development team will respond with "yeah, no probs, dude, you're cool."

My other headache is literal, from staring at too many screens. So I'll do something else in a moment.

Record temperature yesterday

Chicago got up to 21°C yesterday, tying the record for March 9th set in 1974. It's already 20°C right now, close to the record 22°C set in 1955.

In other news:

And now that I've finally gotten a .NET 5 application to deploy onto a Microsoft Azure Functions App, I will take a well-earned walk.

Ice fishing, orcas, and budget reconciliation

These are just some of the things I read at lunch today:

  • Ezra Klein looks at how a $1.9 trillion proposal got through the US Senate and concludes the body has become "a Dadaist nightmare."
  • Several groups of ice fishermen, 66 in total, found themselves drifting into Green Bay (the bay, not the city) yesterday, when the ice floe they were fishing on broke away from the shore ice. Given that Lake Michigan has one of the smallest ice covers in years right now, this seems predictable and tragic.
  • Writing in the Washington Post, Bruce Schneier laments that government security agencies have to customize President Biden's Peloton stationary bicycle to make it safe to use in the White House—not because of the effort involved to keep the president safe, but because very few people will have a Peloton with that level of security.
  • The resident Orca population in the Salish Sea between British Columbia and Washington has immigration issues and declining standards of living. (So far, none of them has joined the Proud Whales.)

Finally, McSweeney's translates US Representative Marjorie Green's (R-GA) non-apology for being a racist whacko into simpler terms.

Man caught living at O'Hare for three months

Aditya Singh never left O'Hare after arriving on October 19th:

Singh, 36, lived in the secure area with access to terminals, shops and food at O’Hare International Airport until his arrest Saturday after two United Airlines employees asked to see his identification, prosecutors said. He showed them an airport ID badge that an operations manager had reported missing on Oct. 26.

Police said Singh told them that the coronavirus pandemic left him too afraid to fly and so he instead remained in the airport, often relying on the kindness of strangers to buy him food.

Singh completed a master’s program at Oklahoma State University and had been living since summer 2019 in Orange, California, southeast of Los Angeles, in the home of Carl Jones, who said he offered Singh a place to live in exchange for helping him care for his elderly father and other odd jobs.

Jones told the Tribune that Singh’s visa was expiring, so he planned in October to return to India, where his mother lives. Jones described Singh as a “very gentle soul” who often volunteered helping the homeless. The two last spoke Oct. 19 when, Jones said, Singh confirmed he had arrived safely in Chicago and was on his way to India.

Singh faces two felony charges, but I can't imagine a jury sending him to jail.

Sure Happy It's Thursday, March 319th...

Lunchtime roundup:

Finally, the authors of The Impostor's Guide, a free ebook aimed at self-taught programmers, has a new series of videos about general computer-science topics that people like me didn't learn programming for fun while getting our history degrees.

The Economist's Bartleby column examines how Covid-19 lockdowns have "caused both good and bad changes of routine."

Everyone who understands security predicted this

Security is hard. Everyone who works in IT knows (or should know) this. We have well-documented security practices covering every part of software applications, from the user interface down to the hardware. Add in actual regulations like Europe's GDPR and California's privacy laws, you have a good blueprint for protecting user data.

Of course, if you actively resist expertise and hate being told what to do by beanie-wearing nerds, you might find yourself reading on Gizmodo how a lone hacker exfiltrated 99% of your data and handed it to the FBI:

In the wake of the violent insurrection at the U.S. Capitol by scores of President Trump’s supporters, a lone researcher began an effort to catalogue the posts of social media users across Parler, a platform founded to provide conservative users a safe haven for uninhibited “free speech” — but which ultimately devolved into a hotbed of far-right conspiracy theories, unchecked racism, and death threats aimed at prominent politicians.

The researcher, who asked to be referred to by their Twitter handle, @donk_enby, began with the goal of archiving every post from January 6, the day of the Capitol riot; what she called a bevy of “very incriminating” evidence.

Operating on little sleep, @donk_enby began the work of archiving all of Parler’s posts, ultimately capturing around 99.9 percent of its content. In a tweet early Sunday, @donk_enby said she was crawling some 1.1 million Parler video URLs. “These are the original, unprocessed, raw files as uploaded to Parler with all associated metadata,” she said. Included in this tranche of data, now more than 56 terabytes in size, @donk_enby confirmed the raw video includes GPS coordinates, which point to the locations of users when the videos were filmed.

Meanwhile, dozens of companies that have donated to the STBXPOTUS and other Republican causes over the past five years have suddenly started singing a different tune: