The Daily Parker

Politics, Weather, Photography, and the Dog

The world keeps turning

Even though my life for the past week has revolved around a happy, energetic ball of fur, the rest of the world has continued as if Cassie doesn't matter:

And if you still haven't seen our spring concert, you still can. Don't miss it!

Lunchtime headaches

I'm shaking my head at email service provider Postmark, who four weeks ago announced they would be phasing out support for TLS 1.0 (a network security protocol). I understood this when they announced it in February, 60 days ahead of their cutover to TLS 1.2, but didn't think it applied to anything of mine. This morning they sent a more focused email saying, "you're getting this email because we can see that this applies to you." Panic ensues.

Why panic? Because almost everything I've developed in the last 12 years depends on Postmark for email messaging, and the way they worded their notice, it seemed like all of those apps will fail on April 20th. And the only documentation they supplied relevant to me (and anyone else in the Microsoft universe) was a set of instructions on how to test TLS 1.2 support, not whether this would be a breaking change.

I immediately contacted their support group and said, as nicely as I can, "WTF dudes?" To which they replied, "oh yeah, bummer, dude." So I sent a lengthier reply just now and started digging into their source code. It turns out they're using an out-of-the-box Microsoft component that should transparently switch from TLS 1.0 to TLS 1.2 if asked to do so. I believe, therefore, the affected applications will be fine. In fact, fixing the problem may only require a simple, non-invasive change to Microsoft Azure settings for the affected applications. But I don't know that for sure. And I'm hoping their actual development team will respond with "yeah, no probs, dude, you're cool."

My other headache is literal, from staring at too many screens. So I'll do something else in a moment.

Record temperature yesterday

Chicago got up to 21°C yesterday, tying the record for March 9th set in 1974. It's already 20°C right now, close to the record 22°C set in 1955.

In other news:

And now that I've finally gotten a .NET 5 application to deploy onto a Microsoft Azure Functions App, I will take a well-earned walk.

Ice fishing, orcas, and budget reconciliation

These are just some of the things I read at lunch today:

  • Ezra Klein looks at how a $1.9 trillion proposal got through the US Senate and concludes the body has become "a Dadaist nightmare."
  • Several groups of ice fishermen, 66 in total, found themselves drifting into Green Bay (the bay, not the city) yesterday, when the ice floe they were fishing on broke away from the shore ice. Given that Lake Michigan has one of the smallest ice covers in years right now, this seems predictable and tragic.
  • Writing in the Washington Post, Bruce Schneier laments that government security agencies have to customize President Biden's Peloton stationary bicycle to make it safe to use in the White House—not because of the effort involved to keep the president safe, but because very few people will have a Peloton with that level of security.
  • The resident Orca population in the Salish Sea between British Columbia and Washington has immigration issues and declining standards of living. (So far, none of them has joined the Proud Whales.)

Finally, McSweeney's translates US Representative Marjorie Green's (R-GA) non-apology for being a racist whacko into simpler terms.

Man caught living at O'Hare for three months

Aditya Singh never left O'Hare after arriving on October 19th:

Singh, 36, lived in the secure area with access to terminals, shops and food at O’Hare International Airport until his arrest Saturday after two United Airlines employees asked to see his identification, prosecutors said. He showed them an airport ID badge that an operations manager had reported missing on Oct. 26.

Police said Singh told them that the coronavirus pandemic left him too afraid to fly and so he instead remained in the airport, often relying on the kindness of strangers to buy him food.

Singh completed a master’s program at Oklahoma State University and had been living since summer 2019 in Orange, California, southeast of Los Angeles, in the home of Carl Jones, who said he offered Singh a place to live in exchange for helping him care for his elderly father and other odd jobs.

Jones told the Tribune that Singh’s visa was expiring, so he planned in October to return to India, where his mother lives. Jones described Singh as a “very gentle soul” who often volunteered helping the homeless. The two last spoke Oct. 19 when, Jones said, Singh confirmed he had arrived safely in Chicago and was on his way to India.

Singh faces two felony charges, but I can't imagine a jury sending him to jail.

Sure Happy It's Thursday, March 319th...

Lunchtime roundup:

Finally, the authors of The Impostor's Guide, a free ebook aimed at self-taught programmers, has a new series of videos about general computer-science topics that people like me didn't learn programming for fun while getting our history degrees.

The Economist's Bartleby column examines how Covid-19 lockdowns have "caused both good and bad changes of routine."

Everyone who understands security predicted this

Security is hard. Everyone who works in IT knows (or should know) this. We have well-documented security practices covering every part of software applications, from the user interface down to the hardware. Add in actual regulations like Europe's GDPR and California's privacy laws, you have a good blueprint for protecting user data.

Of course, if you actively resist expertise and hate being told what to do by beanie-wearing nerds, you might find yourself reading on Gizmodo how a lone hacker exfiltrated 99% of your data and handed it to the FBI:

In the wake of the violent insurrection at the U.S. Capitol by scores of President Trump’s supporters, a lone researcher began an effort to catalogue the posts of social media users across Parler, a platform founded to provide conservative users a safe haven for uninhibited “free speech” — but which ultimately devolved into a hotbed of far-right conspiracy theories, unchecked racism, and death threats aimed at prominent politicians.

The researcher, who asked to be referred to by their Twitter handle, @donk_enby, began with the goal of archiving every post from January 6, the day of the Capitol riot; what she called a bevy of “very incriminating” evidence.

Operating on little sleep, @donk_enby began the work of archiving all of Parler’s posts, ultimately capturing around 99.9 percent of its content. In a tweet early Sunday, @donk_enby said she was crawling some 1.1 million Parler video URLs. “These are the original, unprocessed, raw files as uploaded to Parler with all associated metadata,” she said. Included in this tranche of data, now more than 56 terabytes in size, @donk_enby confirmed the raw video includes GPS coordinates, which point to the locations of users when the videos were filmed.

Meanwhile, dozens of companies that have donated to the STBXPOTUS and other Republican causes over the past five years have suddenly started singing a different tune:

Unemployment insurance fraud at record levels

The expansion of unemployment benefits combined with sensible precautions against transmission of Covid-19 have made criminals' lives much easier:

From March through the end of November, there have been more than 2 million initial claims filed for regular state unemployment benefits, according to the agency. That figure excludes people filing claims under five federal pandemic jobless aid programs the state implemented last year.

The agency has said the rise in unemployment fraud is likely due to large corporate data breaches and is not the result of any state system breaches. Past breaches including one in 2017 involving Equifax exposed the personal data of millions of people, including names, Social Security numbers, driver’s licenses number, dates of births, addresses and credit card information.

People who have not filed for benefits but receive a letter from the state unemployment agency saying a claim has been filed under their name should immediately report it through the IDES website or by calling 800-814-0513.

Don't even get me started on the calls about my car's warranty...

Calmer today as the Derpnazis return home

We had a relatively quiet day yesterday, but only in comparison to the day before:

Meanwhile, here in Chicago:

Finally, Bruce Schneier advises the incoming administration on how to deal with the SolarWinds intrusion.

See? Yesterday was quiet.

I'm screaming in my head

The Times continues its coverage of the SolarWinds breach, and adds a detail that explains why the Russians continue to eat our lunch:

Employees say that under [SolarWinds CEO Kevin] Thompson, an accountant by training and a former chief financial officer, every part of the business was examined for cost savings and common security practices were eschewed because of their expense. His approach helped almost triple SolarWinds’ annual profit margins to more than $453 million in 2019 from $152 million in 2010.

But some of those measures may have put the company and its customers at greater risk for attack. SolarWinds moved much of its engineering to satellite offices in the Czech Republic, Poland and Belarus, where engineers had broad access to the Orion network management software that Russia’s agents compromised.

So many things went wrong in this case that singling out one CEO for taking profits over security may seem myopic. But the SVR must love the poetry of it: a greedy American CEO tries to increase his paycheck by hiring engineers easy for them to compromise, leading to the largest network intrusion in history.

I want to see Congress investigate this, and I want to see Thompson reduced to penury for his greed. Not that anything will change; until we have rational regulation of software security—hell, until we have any regulation of software security—criminals and our adversaries will keep exploiting companies like SolarWinds.