It's a lovely day in Chicago, which I'm not enjoying as much as I could because I'm (a) in my Loop office and (b) busy as hell. So I'll have to read these later:
Finally, Mick Jagger turns 79 today, which surprised me because I thought he was closer to 130.
The security guru just posted a video he presented in November 2020:
Even though it seems the entire world has paused to honor HRH The Queen on the 70th anniversary of her accession, the world in fact kept spinning:
Blogger Moxie Marlinspike wrote about their first impressions of web3 back in January. I just got around to reading it, and you should too.
- On the same topic, a group of 25 security professionals, including Grady Booch, Bruce Schneier, and Molly White, wrote an open letter to Congress advocating for serious regulation of cryptocurrencies.
- What's Russian dictator Vladimir Putin's strategy in Ukraine? Wait us out. (It helps that he gives no thought to anyone's life but his own.)
- Closer to home, Jelani Cobb writes about "the atrocity of American gun culture."
- The US Navy's last conventionally-powered aircraft carrier, the USS Kitty Hawk, has arrived in Brownsville, Texas, for dismantling. Apparently Chicago didn't want an aircraft carrier museum for some reason.
- Chicago has bungalows, L.A. has dingbats, Amsterdam has canal houses, and Dublin has over-basement row houses.
- Bloomberg suggests the Elizabeth Line could prompt a whole re-map of the London Underground.
Oh, and plastic recycling doesn't work, and probably can't.
And here, a propos of nothing, is a photo of St Boniface Cemetery I took this morning:
I just discovered that Azure App Services allows you to create one free managed certificate per App Service. For Weather Now, I spent $140 creating two certificates, when really I only cared about the one (for https://www.wx-now.com).
The free App Service managed certificate is a turn-key solution for securing your custom DNS name in App Service. It's a TLS/SSL server certificate that's fully managed by App Service and renewed continuously and automatically in six-month increments, 45 days before expiration, as long as the prerequisites set-up remain the same without any action required from you. All the associated bindings will be updated with the renewed certificate. You create the certificate and bind it to a custom domain, and let App Service do the rest.
The free certificate comes with the following limitations:
- Does not support wildcard certificates.
- Does not support usage as a client certificate by using certificate thumbprint (removal of certificate thumbprint is planned).
- Does not support private DNS.
- Is not exportable.
- Is not supported on App Service Environment (ASE).
- Only supports alphanumeric characters, dashes (-), and periods (.).
That will make a big difference going forward, and saved me $70 for the emergency Inner-Drive.com port going on this week...
Today we celebrate the big rock that gives us days in the first place. One out of 364 is pretty good, I guess. And there are some good stories on my open browser tabs:
Finally, the Defense Department will open a Defense Innovation Unit just down the street from my current office in June. I knew about these plans a couple of years ago when I worked on an unclassified project for the US Military Enrollment Processing Command and was looking forward to it. I'm glad it's finally gotten to Chicago.
Leading off today's afternoon roundup, The Oatmeal (Matthew Inman) announced today that Netflix has a series in production based on his game Exploding Kittens. The premise: God and Satan come to Earth—in the bodies of cats. And freakin' Tom Ellis is one of the voices, because he's already played one of those parts.
Meanwhile, in reality:
- A consumers group filed suit against Green Thumb Industries and three other Illinois-based cannabis companies under the Clayton Act, alleging collusion that has driven retail pot prices above $8,800 per kilo. For comparison, the group alleges that retail prices in California are just $660 per kilo. (Disclosure: The Daily Parker is a GTI shareholder.)
- Illinois Governor JB Pritzker (D), one of the indirect defendants in the pot suit, signed a $46 billion budget for the state that includes $1.8 billion in temporary tax relief. Apparently, I'll get a $50 check from the State that I can apply to the $600 increase in property taxes Cook County imposed this year, which is nice, but I think the state could have aimed a bit lower on the income cap for that rebate and given more help to other people.
- Shortly after US District Court Judge Kathryn Kimball Mizelle (a 35-year-old who never tried a case and who graduated summa cum mediocrae laude from the legal powerhouse University of Florida just 8 years ago and earned a rare "not qualified" rating from the ABA upon her appointment in 2020 by the STBXPOTUS) ruled against the CDC in a case brought by an anti-masker, the DOT dropped mask mandates for public transport and air travel in the US. In related news, the Judge also said it's OK to piss in other people's swimming pools and up to the other swimmers not to drink the water.
- While the Chicago Piping Plovers organization waits for Monty and Rose to return to Montrose Beach, another one of the endangered birds has landed at Rainbow Beach on the South Side. He appears more inclined to rent than buy, but local ornithologists report the bird has a new profile on the Plōvr dating site.
- NBC breaks down the three biggest factors driving inflation right now, and yes, one of them is president of Russia. None, however, is president of the US.
- Along those lines, (sane) Republican writer Sarah Longwell, who publishes The Bulwark, found that 68% of Republicans believe the Big Lie that the XPOTUS won the 2020 election, but "the belief that the election was stolen is not a fully formed thought. It’s more of an attitude, or a tribal pose." Makes me proud to be an American!
And finally, via Bruce Schneier, two interesting bits. First, a new paper explains how a bad actor can introduce a backdoor into a machine learning training session to force specific outcomes (explained in plain English by Cory Doctorow). Second, an attacker used a "flash loan" to take over the Beanstalk crypto currency voting system and stole $182 million from it. Because Crypto Is The Future™.
Canada has put the Prairie Provinces on a winter storm warning as "the worst blizzard in decades" descends upon Saskatchewan and Manitoba:
A winter storm watch is in effect for southern Manitoba and southeastern Saskatchewan, with snowfall accumulations of 30 to 50 centimetres expected mid-week, along with northerly wind gusts of up to 90 kilometres per hour, said Environment Canada on Monday.
“Do not plan to travel — this storm has the potential to be the worst blizzard in decades,” the agency warns.
The storm is expected to start Tuesday night, as a Colorado low pressure system moving toward Minnesota will bring a “heavy swath of snow” from southeastern Saskatchewan through most of southern Manitoba.
Snow will start to fall early in the evening near the U.S. border and move north overnight. Blowing snow and high winds will cause zero visibility and whiteout conditions, making driving treacherous.
And finally, prosecutors in Texas have declined to pursue charges against a 26-year-old woman arrested last week for infanticide after self-inducing an abortion. Welcome to the new 19th Century, at least in the religious South.
Via Molly White, a new company called Gripnr wants to monetize your D&D campaign, and it's as horrible as it sounds:
Gripnr plans to generate 10,000 random D&D player characters (PCs), assign a “rarity” to certain aspects of each (such as ancestry and class), and mint them as non-fungible tokens, or NFTs. Each NFT will include character stats and a randomly-generated portrait of the PC designed in a process overseen by Gripnr’s lead artist Justin Kamerer. Additional NFTs will be minted to represent weapons and equipment.
Next, Gripnr will build a system for recording game progress on the Polygon blockchain. Players will log into the system and will play an adventure under the supervision of a Gripnr-certified Game Master. After each game session is over, the outcome will be logged on-chain, putting data back onto each NFT via a new contract protocol that allows a single NFT to become a long record of the character’s progression. Gripnr will distribute the cryptocurrency OPAL to GMs and players as in-game capital. Any loot, weapons, or items garnered in-game will be minted as new sellable NFTs on OpenSea, a popular NFT-marketplace.
As a D&D veteran who once played a character (for 5 minutes) with Gary Gygax* as DM, I can't see how any gamer would want to do this. Molly White has spent the last two years documenting the ways scammers and grifters have used "the blockchain" and "NFTs" and other Web3 buzzwords to steal (or, as I believe, launder) billions of dollars. Gripnr seems like just one more scam, but I could be wrong: Gripnr could just be a lazy get-rich-quick scheme for its creators.
Now that I've got a few weeks without travel, performances*, or work conferences, I can go back to not having enough time to read all the news that interests me. Like these stories:
Finally, Michelin has handed out its 2022 stars for Chicago. Nothing surprising on the list, but I now have four more restaurants to try.
* Except that I volunteered to help a church choir do five Messiah choruses on Easter Sunday, so I've got two extra rehearsals and a service in the next 12 days.
Bonus update: the fog this morning made St Boniface Cemetery especially spooky-looking when Cassie and I went out for her morning walk:
Via Bruce Schneier, a developer who maintains one of the most important NPM packages in the world got pissed off at Russia recently, without perhaps thinking through the long-term consequences:
A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and raised concerns about the safety of free and open source software.
The application, node-ipc, adds remote interprocess communication and neural networking capabilities to other open source code libraries. As a dependency, node-ipc is automatically downloaded and incorporated into other libraries, including ones like Vue.js CLI, which has more than 1 million weekly downloads.
“At this point, a very clear abuse and a critical supply chain security incident will occur for any system on which this npm package will be called upon, if that matches a geolocation of either Russia or Belarus,” wrote Liran Tal, a researcher at Snyk, a security company that tracked the changes and published its findings on Wednesday.
“Snyk stands with Ukraine, and we’ve proactively acted to support the Ukrainian people during the ongoing crisis with donations and free service to developers worldwide, as well as taking action to cease business in Russia and Belarus,” Tal wrote. “That said, intentional abuse such as this undermines the global open source community and requires us to flag impacted versions of node-ipc as security vulnerabilities.”
Yeah, kids, don't do this. The good guys have to stay the good guys because it's hard to go back from being a bad guy.