Even though my life for the past week has revolved around a happy, energetic ball of fur, the rest of the world has continued as if Cassie doesn't matter:
And if you still haven't seen our spring concert, you still can. Don't miss it!
I'm shaking my head at email service provider Postmark, who four weeks ago announced they would be phasing out support for TLS 1.0 (a network security protocol). I understood this when they announced it in February, 60 days ahead of their cutover to TLS 1.2, but didn't think it applied to anything of mine. This morning they sent a more focused email saying, "you're getting this email because we can see that this applies to you." Panic ensues.
Why panic? Because almost everything I've developed in the last 12 years depends on Postmark for email messaging, and the way they worded their notice, it seemed like all of those apps will fail on April 20th. And the only documentation they supplied relevant to me (and anyone else in the Microsoft universe) was a set of instructions on how to test TLS 1.2 support, not whether this would be a breaking change.
I immediately contacted their support group and said, as nicely as I can, "WTF dudes?" To which they replied, "oh yeah, bummer, dude." So I sent a lengthier reply just now and started digging into their source code. It turns out they're using an out-of-the-box Microsoft component that should transparently switch from TLS 1.0 to TLS 1.2 if asked to do so. I believe, therefore, the affected applications will be fine. In fact, fixing the problem may only require a simple, non-invasive change to Microsoft Azure settings for the affected applications. But I don't know that for sure. And I'm hoping their actual development team will respond with "yeah, no probs, dude, you're cool."
My other headache is literal, from staring at too many screens. So I'll do something else in a moment.
Chicago got up to 21°C yesterday, tying the record for March 9th set in 1974. It's already 20°C right now, close to the record 22°C set in 1955.
In other news:
And now that I've finally gotten a .NET 5 application to deploy onto a Microsoft Azure Functions App, I will take a well-earned walk.
These are just some of the things I read at lunch today:
- Ezra Klein looks at how a $1.9 trillion proposal got through the US Senate and concludes the body has become "a Dadaist nightmare."
- Several groups of ice fishermen, 66 in total, found themselves drifting into Green Bay (the bay, not the city) yesterday, when the ice floe they were fishing on broke away from the shore ice. Given that Lake Michigan has one of the smallest ice covers in years right now, this seems predictable and tragic.
- Writing in the Washington Post, Bruce Schneier laments that government security agencies have to customize President Biden's Peloton stationary bicycle to make it safe to use in the White House—not because of the effort involved to keep the president safe, but because very few people will have a Peloton with that level of security.
- The resident Orca population in the Salish Sea between British Columbia and Washington has immigration issues and declining standards of living. (So far, none of them has joined the Proud Whales.)
Finally, McSweeney's translates US Representative Marjorie Green's (R-GA) non-apology for being a racist whacko into simpler terms.
Aditya Singh never left O'Hare after arriving on October 19th:
Singh, 36, lived in the secure area with access to terminals, shops and food at O’Hare International Airport until his arrest Saturday after two United Airlines employees asked to see his identification, prosecutors said. He showed them an airport ID badge that an operations manager had reported missing on Oct. 26.
Police said Singh told them that the coronavirus pandemic left him too afraid to fly and so he instead remained in the airport, often relying on the kindness of strangers to buy him food.
Singh completed a master’s program at Oklahoma State University and had been living since summer 2019 in Orange, California, southeast of Los Angeles, in the home of Carl Jones, who said he offered Singh a place to live in exchange for helping him care for his elderly father and other odd jobs.
Jones told the Tribune that Singh’s visa was expiring, so he planned in October to return to India, where his mother lives. Jones described Singh as a “very gentle soul” who often volunteered helping the homeless. The two last spoke Oct. 19 when, Jones said, Singh confirmed he had arrived safely in Chicago and was on his way to India.
Singh faces two felony charges, but I can't imagine a jury sending him to jail.
- Author John Scalzi gives the STBXPOTUS a colossal take-down on his blog today: "We don’t have to wait on history, but as it happens, this is how history will remember Donald Trump: Not as a forceful, charismatic authoritarian, but as a corrupt and pathetic wretch, who spent the final days of his presidency shouting at the walls about how the world is against him."
- Alexandra Petri: "Now is not the time to point fingers, Julius Caesar. Now is the time for healing." ("I am frankly appalled when I think of all the things that have been said on both sides, like, 'Death to Caesar!' and 'Ouch!'")
- National security experts, including the former chief research psychologist for the US Secret Service, advise treating the STBXPOTUS "like he's a terrorist leader."
- It appears that Ivanka and Jared wouldn't let the people protecting them into the house to pee, forcing the US Secret Service to spend nearly $100,000 over the past few years renting an apartment close by.
- Republicans in Congress supported intrusive security for everyone else in the past, but now that it affects them personally, they don't like it. How surprising.
- Since the Senate has recessed, presumably so Mitch McConnell can avoid an impeachment trial, President-Elect Biden still has no confirmed cabinet officials, forcing the incoming administration into an alternative plan after taking power next Wednesday.
- Chicago teachers locked out of the Chicago Public Schools online learning platform because they refused to return to unsafe classrooms found a poetic way of expressing their displeasure: they taught from the Board of Education President's front lawn.
- Chicago's regional heavy-rail system approved a $1.8 bn purchase of 500 slick new rail cars, which should start to arrive in 2024.
Finally, the authors of The Impostor's Guide, a free ebook aimed at self-taught programmers, has a new series of videos about general computer-science topics that people like me didn't learn programming for fun while getting our history degrees.
The Economist's Bartleby column examines how Covid-19 lockdowns have "caused both good and bad changes of routine."
Security is hard. Everyone who works in IT knows (or should know) this. We have well-documented security practices covering every part of software applications, from the user interface down to the hardware. Add in actual regulations like Europe's GDPR and California's privacy laws, you have a good blueprint for protecting user data.
Of course, if you actively resist expertise and hate being told what to do by beanie-wearing nerds, you might find yourself reading on Gizmodo how a lone hacker exfiltrated 99% of your data and handed it to the FBI:
In the wake of the violent insurrection at the U.S. Capitol by scores of President Trump’s supporters, a lone researcher began an effort to catalogue the posts of social media users across Parler, a platform founded to provide conservative users a safe haven for uninhibited “free speech” — but which ultimately devolved into a hotbed of far-right conspiracy theories, unchecked racism, and death threats aimed at prominent politicians.
The researcher, who asked to be referred to by their Twitter handle, @donk_enby, began with the goal of archiving every post from January 6, the day of the Capitol riot; what she called a bevy of “very incriminating” evidence.
Operating on little sleep, @donk_enby began the work of archiving all of Parler’s posts, ultimately capturing around 99.9 percent of its content. In a tweet early Sunday, @donk_enby said she was crawling some 1.1 million Parler video URLs. “These are the original, unprocessed, raw files as uploaded to Parler with all associated metadata,” she said. Included in this tranche of data, now more than 56 terabytes in size, @donk_enby confirmed the raw video includes GPS coordinates, which point to the locations of users when the videos were filmed.
Meanwhile, dozens of companies that have donated to the STBXPOTUS and other Republican causes over the past five years have suddenly started singing a different tune:
The expansion of unemployment benefits combined with sensible precautions against transmission of Covid-19 have made criminals' lives much easier:
From March through the end of November, there have been more than 2 million initial claims filed for regular state unemployment benefits, according to the agency. That figure excludes people filing claims under five federal pandemic jobless aid programs the state implemented last year.
The agency has said the rise in unemployment fraud is likely due to large corporate data breaches and is not the result of any state system breaches. Past breaches including one in 2017 involving Equifax exposed the personal data of millions of people, including names, Social Security numbers, driver’s licenses number, dates of births, addresses and credit card information.
People who have not filed for benefits but receive a letter from the state unemployment agency saying a claim has been filed under their name should immediately report it through the IDES website or by calling 800-814-0513.
Don't even get me started on the calls about my car's warranty...
We had a relatively quiet day yesterday, but only in comparison to the day before:
Meanwhile, here in Chicago:
Finally, Bruce Schneier advises the incoming administration on how to deal with the SolarWinds intrusion.
See? Yesterday was quiet.
The Times continues its coverage of the SolarWinds breach, and adds a detail that explains why the Russians continue to eat our lunch:
Employees say that under [SolarWinds CEO Kevin] Thompson, an accountant by training and a former chief financial officer, every part of the business was examined for cost savings and common security practices were eschewed because of their expense. His approach helped almost triple SolarWinds’ annual profit margins to more than $453 million in 2019 from $152 million in 2010.
But some of those measures may have put the company and its customers at greater risk for attack. SolarWinds moved much of its engineering to satellite offices in the Czech Republic, Poland and Belarus, where engineers had broad access to the Orion network management software that Russia’s agents compromised.
So many things went wrong in this case that singling out one CEO for taking profits over security may seem myopic. But the SVR must love the poetry of it: a greedy American CEO tries to increase his paycheck by hiring engineers easy for them to compromise, leading to the largest network intrusion in history.
I want to see Congress investigate this, and I want to see Thompson reduced to penury for his greed. Not that anything will change; until we have rational regulation of software security—hell, until we have any regulation of software security—criminals and our adversaries will keep exploiting companies like SolarWinds.