The Daily Parker

Politics, Weather, Photography, and the Dog

Cities don't actually collapse like that

Annalee Newitz, author of Four Lost Cities, explains that urban collapse doesn't look anything like dystopian fiction would have it:

It’s always lurking just around the corner, seductive and terrifying, but it never quite happens. Lost-city anxieties, like the ones aroused by the pandemic, result from a misunderstanding of what causes cities to decline. Pandemics, invasions, and other major calamities are not the usual culprits in urban abandonment. Instead, what kills cities is a long period in which their leaders fail to reckon honestly with ongoing, everyday problems—how workers are treated, whether infrastructure is repaired. Unsustainable, unresponsive governance in the face of long-term challenges may not look like a world-historical problem, but it’s the real threat that cities face.

This slow-motion catastrophe—a combination of natural disaster and political indifference—was far more important to [Angkor's] transformation than the Ayutthaya invasion [in 1431]. And it stands as a warning to many cities in the U.S. Without a coherent response from local government, cities lashed by climate change will gradually lose their populations. The demise won’t be spectacular, even if the storms are monstrous. Instead, people will leave in dribs and drabs, and the exodus could take generations.

So, I'm going to stay in Chicago, which will likely remain a thriving urban center for hundreds more years.

Waiting for one CI build, then another

It's every other Tuesday today, so I'm just waiting for the last continuous-integration (CI) build to finish before deploying the latest software to our production environment. So far, so boring, just the way I like it. Meanwhile, in the real world:

  • In a symbolic but meaningless vote, all but 5 Republican members of the US Senate voted to let the XPOTUS off the hook for inciting an insurrection against, well, them, as this way they believe they get to keep his followers at no cost to themselves. If this past year were a novel, the next sentence might begin with "Little did they know..." Which, you know, describes those 45 Republicans to a T.
  • Dutch police arrested more than 180 people in Amsterdam and Rotterdam for rioting against Covid-19 lockdowns: "A leading Dutch criminologist, Henk Ferwerda, said the riots involved 'virus deniers, political protesters and kids who just saw the chance to go completely wild – all three groups came together.'"
  • Air travelers across the US can rejoice that CNN Airport News will go away on March 31st.
  • Over 1 teratonne of ice melted over each of the past few years, increasing concerns about global sea level rises.
  • Two mathematicians argue that time-travel paradoxes don't exist, because the universe routes around them.

Finally, snow continues to fall in Chicago, so far accumulating to about 100 mm by my house and as of noon about 125 mm at O'Hare. Calling this a "snowstorm" seems a bit over the top as it's coming down at under 10 mm per hour and forecast to stop before too long. Plus it's barely below freezing for now—but forecast to cool down to -11°C by Wednesday night before creeping above freezing Friday and Saturday. So we might have a blanket of snow for a bit. Still, it's the most snow we've gotten all season, with less than 5 weeks to go before meteorological spring starts March 1st. I'm OK with this mild winter, though it might presage a very hot summer.

Catching up

Even though things have quieted down in the last few days (gosh, why?), the news are still newing:

Finally, last August's derecho caused "the most damage in the least amount of time" of any weather disaster on record.

Less than 24 hours to go

The US Constitution, Amendment XX, section 1, says point blank that the STBXPOTUS will be XPOTUS in less than 24 hours. Between now and then, I have no doubt he'll shit the bed (possibly even literally) on his way out the door. Just a few minutes ago the Times reported that the outgoing administration has declared China's treatment of Uighurs "genocide," which may complicate President Biden's plans to pressure the country diplomatically. (Biden apparently supports this designation, however.)

From completely bollixing the vaccine rollout to failing in the most basic acts of class and decency with the Bidens to appointing crazy people to civil-service roles to executing more people in the past month than the US Government has executed in the past 12 years, he has done everything in his power to make 60% of Americans ready to see the back of him. We haven't even seen today's pardon list yet; I can only guess how much fun I'll have reading it.

For all of that, though, one thing has absolutely delighted me these past two weeks: he hasn't posted anything on social media. Consequently, as the Post reports, misinformation online has dropped 73% since he got booted from Twitter and Facebook:

The new research by the San Francisco-based analytics firm reported that conversations about election fraud dropped from 2.5 million mentions to 688,000 mentions across several social media sites in the week after Trump was banned from Twitter.

Zignal found it dropped swiftly and steeply on Twitter and other platforms in the days after the Twitter ban took hold on Jan. 8.

The findings, from Jan. 9 through Friday, highlight how falsehoods flow across social media sites — reinforcing and amplifying each other — and offer an early indication of how concerted actions against misinformation can make a difference.

The research by Zignal and other groups suggests that a powerful, integrated disinformation ecosystem — composed of high-profile influencers, rank-and-file followers and Trump himself — was central to pushing millions of Americans to reject the election results and may have trouble surviving without his social media accounts.

Researchers have found that Trump’s tweets were retweeted by supporters at a remarkable rate, no matter the subject, giving him a virtually unmatched ability to shape conversation online. University of Colorado information science professor Leysia Palen declared in October, after months of research: “Trump’s amplification machine is peerless.”

Glory, hallelujah. Despite 25,000 Guard troops defending the capital, and an inauguration ceremony tomorrow without a huge cheering crowd, things seem better than they did a month ago. I think once we're past the 2020 hangover, 2021 will turn out all right.

I'm screaming in my head

The Times continues its coverage of the SolarWinds breach, and adds a detail that explains why the Russians continue to eat our lunch:

Employees say that under [SolarWinds CEO Kevin] Thompson, an accountant by training and a former chief financial officer, every part of the business was examined for cost savings and common security practices were eschewed because of their expense. His approach helped almost triple SolarWinds’ annual profit margins to more than $453 million in 2019 from $152 million in 2010.

But some of those measures may have put the company and its customers at greater risk for attack. SolarWinds moved much of its engineering to satellite offices in the Czech Republic, Poland and Belarus, where engineers had broad access to the Orion network management software that Russia’s agents compromised.

So many things went wrong in this case that singling out one CEO for taking profits over security may seem myopic. But the SVR must love the poetry of it: a greedy American CEO tries to increase his paycheck by hiring engineers easy for them to compromise, leading to the largest network intrusion in history.

I want to see Congress investigate this, and I want to see Thompson reduced to penury for his greed. Not that anything will change; until we have rational regulation of software security—hell, until we have any regulation of software security—criminals and our adversaries will keep exploiting companies like SolarWinds.

How we got here

The New Yorker next week has Lawrence Wright's excellent long-form history of "the mistakes and the struggles behind America's coronavirus tragedy:"

There are three moments in the yearlong catastrophe of the covid-19 pandemic when events might have turned out differently. The first occurred on January 3, 2020, when Robert Redfield, the director of the Centers for Disease Control and Prevention, spoke with George Fu Gao, the head of the Chinese Center for Disease Control and Prevention, which was modelled on the American institution. Redfield had just received a report about an unexplained respiratory virus emerging in the city of Wuhan.

Redfield is convinced that, had C.D.C. specialists visited China in early January, they would have learned exactly what the world was facing. The new pathogen was a coronavirus, and as such it was thought to be only modestly contagious, like its cousin the sars virus. This assumption was wrong. The virus in Wuhan turned out to be far more infectious, and it spread largely by asymptomatic transmission. “That whole idea that you were going to diagnose cases based on symptoms, isolate them, and contact-trace around them was not going to work,” Redfield told me recently. “You’re going to be missing fifty per cent of the cases. We didn’t appreciate that until late February.” The first mistake had been made, and the second was soon to happen.

What are the odds that we can avoid a cock-up this bad in future? I will leave that as an exercise for the reader.

Putin finally gives us the punchline

You have to admire Vladimir Putin's sense of humor. For five years, he's manipulated our STBXPOTUS into doing just about everything Russia could have wanted. Now that our STBXPOTUS has become STBX, Putin doesn't need him anymore. So why not come clean?

He did just that at his year-end press conference last Thursday:

Steve Rosenberg, BBC: Don't you think over the last years you also have borne part of the responsibility for making these relations [with Europe and the West] seem like a cold war...?

Putin: Who withdrew from the missile defense treaties? The INT treaty: who withdrew? It wasn't us but it was the US. ... You do realize that we are smart people, we are not idiots.

Here's the whole clip. The part in question starts at 44:17.

It really warms the heart that our STBXPOTUS never got to the level of artistry and malice Putin can exhibit so casually. He calls our president an idiot, with good evidence to support the insult, while lying on a scale the target of the insult can scarcely fathom.

Also, I love that the French spell his name "Poutine." But that's just an accident of the French language.

Major, ongoing network penetration

FireEye, a cybersecurity firm, revealed last week that unknown parties had penetrated its network and that its clients, including the US Government, were at risk. Bruce Schneier has technical details about the attack. Former Homeland Security Adviser Thomas Bossert lays out the scope of it:

The attackers gained access to SolarWinds software before updates of that software were made available to its customers. Unsuspecting customers then downloaded a corrupted version of the software, which included a hidden back door that gave hackers access to the victim’s network.

This is what is called a supply-chain attack, meaning the pathway into the target networks relies on access to a supplier. Supply-chain attacks require significant resources and sometimes years to execute. They are almost always the product of a nation-state. Evidence in the SolarWinds attack points to the Russian intelligence agency known as the S.V.R., whose tradecraft is among the most advanced in the world.

According to SolarWinds S.E.C. filings, the malware was on the software from March to June. The number of organizations that downloaded the corrupted update could be as many as 18,000, which includes most federal government unclassified networks and more than 425 Fortune 500 companies.

The magnitude of this ongoing attack is hard to overstate.

The Russians have had access to a considerable number of important and sensitive networks for six to nine months. The Russian S.V.R. will surely have used its access to further exploit and gain administrative control over the networks it considered priority targets. For those targets, the hackers will have long ago moved past their entry point, covered their tracks and gained what experts call “persistent access,” meaning the ability to infiltrate and control networks in a way that is hard to detect or remove.

The logical conclusion is that we must act as if the Russian government has control of all the networks it has penetrated.

Now, if only we had an administration that believed its experts and a majority party in the Senate that would pass a Defense Reauthorization Bill...

First snow in Chicago

I'm looking out my office window at the light dusting of snow on my neighbors' cars, wondering how (or whether) I'll get my 10,000 steps today. My commute to work got me 3,000 each way, making the job tons easier before lockdown. Easier psychologically, anyway; nothing prevents me from going for a 45-minute walk except that I really don't want to.

Instead of a lunchtime hike, I'll probably just read these articles:

And just as a side note for posterity, we should remember that the President of Russia congratulated Joe Biden on his win before the Majority Leader of the US Senate did. The Republican Party must really not like democracy.

There's a meme going around

I saw a slightly-inaccurate version of this on Facebook and corrected it.

Here's a list of the most single day, single cause deaths in American history, through yesterday today. See if you can spot the pattern:

  1. Galveston hurricane, 9 Sep 1900 (~6,000)
  2. Battle of Antietam, 18 Sep 1862 (3,652)
  3. Puerto Rico hurricane, 7 Aug 1899 (3,389)
  4. SF earthquake, 18 Apr 1906 (~3,100)
  5. Covid-19, 9 Dec 2020 (3,011)
  6. Terrorist attacks, 11 Sep 2001 (2,996)
  7. Covid-19, 3 Dec 2020 (2,861)
  8. Okeechobee hurricane, 17 Sep 1928 (~2,800)
  9. Covid-19, 2 Dec 2020 (2,762)
  10. Covid-19, 8 Dec 2020 (2,566)
  11. Pearl Harbor, 7 Dec 1941 (2,467)
  12. Covid-19, 1 Dec 2020 (2,461)
  13. Covid-19, 4 Dec 2020 (2,439)
  14. Covid-19, 5 Dec 2020 (2,310)

More important is that the only disaster to kill more Americans on an annualized basis than Covid-19 is the 1918-1919 flu, and it's a very close number (about 300,000 deaths per year attributable to each). As the winter goes on and Covid-19 deaths increase, I expect it will surpass the 1918 flu on that basis.

But no disaster has killed more Americans than HIV/AIDS, except smallpox, depending on when you start counting.

Data from CDC.