The Daily Parker

The Tech Forum goes on. Tomorrow, though, I don't need my work laptop, and so will bring my personal one, enabling me to post a little more.

I've also thought about finally writing my own blog engine. Or, at least, forking an existing one (maybe even this one?) and going to town on it. During some downtime today I purged a lot of crap from my Microsoft Azure subscriptions, but I still have old applications (like this blog) running in old workloads.

Tonight: the Fun Dinner. Oh, boy.

After the whipsaw between 2019 and 2020, I'm happy 2021 came out within a standard deviation of the mean on most measures:

• In 2020, I flew the fewest air miles ever. In 2021, my 11,868 miles and five segments came in 3rd lowest, ahead of only 2020 and 1999.
• I only visited one other country (the UK) and two other states (Wisconsin and California) during 2021. What a change from 2014.
• In 2020, I posted a record 609 times on The Daily Parker; 2021's 537 posts came in about average for the modern era.
• Cassie got almost 422 hours of walks in 2021, a number I don't think I ever achieved with Parker. And given I only had her for 291 days of 2021, that's an average of 1:27 of walks per day. According to my Garmin, she and I covered over 684 km just on walks that I recorded with my watch. A young, high-energy dog plus working from home most of the time will do that, I suppose.
• Speaking of walks, in 2021 I got 4,926,000 steps and walked 3,900 km—about the straight-line distance from New York to Seattle. Those numbers came within 2% of 2020 and 4% of 2019. I also hit new personal records for distance and steps when I walked over 51 km on September 3rd. And I hit my step goal 355 times (cf. 359 times in 2020), though not all in a row.
• I drove 4,242 km in 2021, almost exactly the same amount as in 2020 (4,265 km), but I used a bit more fuel (116 L to 79 L).
• I spent 1365 hours working from home and 521 in the office in 2021, about the same (1327 and 560) as in 2020. I expect about the same in 2022.
• Personal software development took up another 184 hours, almost all on the really cool thing I'm going to soft-launch tomorrow.
• The Apollo Chorus took up 222 hours of my time, including 100 in rehearsals and performances and about the same amount on my duties as president. In 2020, that was 57 and 71 hours respectively, mainly because we didn't have any in-person performances.
• Finally, I started only 28 books in 2021 and finished 23, after dropping a couple that dogged me for a while. That's more than in my worst-ever year, 2017 (18 and 13), but down a bit from the last two years. That said, my average numbers for the past 10 years are 28.2 and 23.3, making 2021...average. I also watched 51 movies and 48 TV shows, which just means I need to get out more.

So, will 2022 return to normal (-ish)? Or will some of the trends that started in March 2020 continue even after the pandemic has long become something we scare children with?

The Daily Parker has, as of yesterday, 8,000 posts since 13 May 1998. We should hit 10,000 in February 2025. Keep reading and find out!

I had planned to note Bruce Schneier's latest essay, "The Misaligned Incentives for Cloud Security," along with a report that Microsoft has noticed an uptick in SolarWinds attacks against its own services. But twice in two weeks I've received bogus DMCA takedown notices that tried to trick me into downloading files from a Google site, and I'm impressed by the effort that went into these phishing attacks.

In both cases, the attacks came through the blog's Contact page, meaning someone had to copy and paste the text into the form. They both lay out most, but not all, of the elements of a DMCA takedown notice, with lots of threatening (but inaccurate) text about what could happen if I don't comply. But here's the kicker: instead of specifying which of the Daily Parker's nearly 8,000 posts contain infringing material, as required by the DMCA, they contain a link to a file on a Google site that I should download to see the material they claim to own.

It turns out, I know a thing or two about copyright law, and about computer security, so I didn't fall for the phish. I worry, though, that this attack could fool a lot of people. Reminder, folks: never download a file you didn't specifically ask for. (In my case, I did attempt to download one of the files, in a sandbox, with virus protection jacked all the way up. The virus protection took one look at the file and didn't even allow the download.)

Let me enumerate the really sophisticated features of this attack:

• It contained mostly true information. People send out DMCA takedown notices all the time; experienced website administrators take them seriously when received. The author of this phish included the correct and relevant US Code sections, and a mostly-correct description of how the DMCA operates. They got the statutory damage amount totally wrong, but only because the number they used would scare people more.
• It didn't contain any English language errors. Whoever wrote the copy for this attack speaks perfect English. This wasn't a laughable 409 scam.
• It came through the Contact feature, not an email. The attacker took the time to go to the Daily Parker contact page, copy and paste the phishing text, and click "send." A human had to do that.
• It stated a plausible claim. This is Daily Parker post #7,922 since the blog started on 13 May 1998. It is conceivable that at some point in the last 23 years I posted a photo for which I didn't obtain a proper license. This would be true of any large blog or website.
• It used a real Google Sites link. The download link pointed to an asset actually stored on a google.com computer somewhere. That might convince someone of its legitimacy, unless you remember that anyone can put anything up on a Google Site or other cloud storage service. Again: never download a file you didn't specifically ask for.
• It came from a network in the US. Reverse-IP lookups showed the origin IP addresses to be owned by a major ISP in Colorado, not a scary Eastern European location. Of course, it means that the attacker has access to a computer physically located in the US, which means I'll send my own legal notice to the ISP if I receive another one of these.

Now, here's where they missed the mark:

• They asked me to download a file. No. No, no, no. GFY a thousand times with a chainsaw.
• The phish did not contain all the required elements of a DMCA takedown notice. They didn't list specific assets, with URLs, that they allege infringed their copyrights; they didn't assert a claim of ownership in a legally-sufficient manner; they didn't provide full contact information; and they didn't sign it. But of course they didn't, because the closer they got to legal sufficiency, the more information I'd have that they have no real claim.
• They sent two nearly-identical (but not identical enough) phishes 8 days apart. You think I didn't remember the first one? You think I didn't compare them? The second attempt simply confirmed that the first attempt wasn't merely an amateur-hour legal notice but, as I suspected, a phish.
• One of the phishes came through a non-publicized FQDN. Because I host the Daily Parker on Microsoft Azure, it has an Azure-provided fully-qualified domain name (FQDN) in addition to www.thedailyparker.com. I have never publicized the Azure FQDN, and as far as I know the Azure FQDN has no inbound links. I suppose it could have gotten picked up by a search engine, but again, without inbound links, I can't see how. It's not secret; it's just really odd that someone would use it.
• The claimant's names were...weird. I said earlier that the text of the phish used correct English throughout, but the names of the supposed claimants seem to have come from a name-generation tool. Seriously, the names were Ford Prefect-weird.
• It turns out, I'm well-versed in both copyright law and cybersecurity. This type of mistake even has an entire TV Tropes entry. I guess a criminal wouldn't necessarily know that, however. They might find out, should they send a third phishing attempt my way. Will I haul them into Illinois court to answer a tortious trespassing case? Probably not. But I might tell their ISP. And the FBI. Because at some point, they will get someone to open whatever malicious file they linked to, which I expect will lead to actual crimes.

In recognition the effort that went into this phishing attack, I wanted to publicize it in case it happens to anyone else. If you get an alleged DMCA takedown notice, and it doesn't meet the legal requirements as outlined by the USPTO, ignore it. And once more, with feeling: never download a file you didn't specifically ask for.

And if you're the script kiddie who sent the phish, GFY with a tree. Sideways.

What a bizarre year. Just looking at last year's numbers, it almost doesn't make sense to compare, but what the hell:

• Last year I flew the fewest air-miles in 20 years; this year, I flew the fewest since the first time I got on a commercial airplane, which was during the Nixon Administration. In January I flew to Raleigh-Durham and back, and didn't even go to the airport for the rest of the year. That's 1,292 air miles, fewer than the very first flight I took (Chicago to Los Angeles, 1,745 air miles). I did, however, make an overnight trip to Wisconsin in November, easily breaking the record for my longest travel drought but making it shorter than never. 
• This is my 609th post on the Daily Parker in 2020—an average of more than 50 per month. This new record blows away the one I set just last year by 10.5%. (Imagine how much I'd have written had anything newsworthy actually happened in 2020.)
• The pandemic let me spend Parker's last eight months with him nearly every day. Despite his age and discomfort, we managed to go for almost 241 hours of walks (274 annualized), a whopping 29% (46% annualized) more than in 2019.
• Including today, I got 4,848,171 steps, averaging 13,246 per day. This is 5.7% fewer than last year. I missed 10,000 steps on seven occasions—five this month. Without a daily commute or a dog, not to mention the cold weather, I have struggled since Thanksgiving to get motivated enough to get longer walks in. That said, I hit a new record of 312 consecutive days over 10,000 steps, a record I don't anticipate ever breaking. I also got 56,562 steps on September 4th—another record I don't expect to break soon.
• I once again read more than the year before, with 39 books started and 37 completed. (I'm still working on The Power Broker, which I started 18 months ago...) On the other hand, I watched 59 movies and 79 TV series, compared with 56 and 38 respectively in 2019. Of course, almost all of that was streaming on my home computer while programming on my work computer, but it's a lot.

I can't even predict what will happen in 2021. I expect fewer steps, more books, and actually to start traveling again. Here's hoping for a speedy vaccination.

Just a housekeeping note: this is my 7,500th post since re-launching braverman.org as a pure blog in November 2005. On average, I've posted 41.2 times per month, though this year that has gone up somewhat:

For whatever reason, the average (so far) in 2020 is 50.5 times per month. I'll know the exact stats and have more to say about this on Friday.

Welp, it's July now, so we've completed half of 2020. (You can insert your own adverb there; I'll go with "only.")

A couple of things magically changed or got recorded at midnight, though. Among them:

• The Lake Michigan-Huron system finished its 6th consecutive month of record high water levels, with June 2020 levels a full meter over the long-term average.
• Illinois' minimum wage went up to $10 per hour, and Chicago's to $14. Both minima will increase by $1 per year until they reach $15.
• China has asserted total control over Hong Kong on the 23rd anniversary of the UK handing the island back.
• The Daily Parker had a record 576 posts in the 12 months ending yesterday, my third such record this year. June also was the 4th consecutive month where I posted more than 50 times, which is unprecedented.

And finally, I am now officially the President of the Apollo Chorus of Chicago. My first task: ensure that our annual fundraiser, Apollo After Hours, brings in the dough. More on that later.

Just a housekeeping note: my post on the Hitchhiker's Guide to the Galaxy was the 7,000th since this blog relaunched in 2005. (It was the 7,196th since the proto-blog began in 1998.)

Thanks for reading.

This is The Daily Parker's 7,000th post since 13 May 1998 (but only #6,804 since the "modern era" began in November 2005). When I started posting jokes on braverman.org back in 1998, none of the predictions I could make about the world on the verge of the 2020s would have been correct. The Cubs winning the World Series? A powerful computer in every pocket? Donald Trump being anywhere near the nuclear codes?

And here we are. A thousand posts since December 2017, two thousand since October 2015...that's a lot of writing.

And a lot of reading. Thanks for hanging in there.

I've been a little busy lately, so I missed posting that yesterday was the 20th anniversary of my first quasi-blog post.

Yes. You read that right. The Daily Parker, which used to be just Braverman.Org, is 20 years old. I'm betting on 20 more.