The temperature at Inner Drive Technology World HQ bottomed out this morning, hitting -4.8°C at 10:41 am, and it may even end the day above freezing. So this mercifully-short cold snap won't keep us out of the record books, just as predicted. It's still the warmest winter in Chicago history. (Let's hope we don't set the same record for spring or summer.)
Meanwhile, the record continues to clog up with all kinds of fun stories elsewhere:
- Senate minority leader Mitch McConnell (R-KY), who has led his party in the Senate since the Cretaceous, announced he will step down from leadership in November, handing some other schmuck clean-up duties after the electoral disaster likely to befall the party on the 5th of that month.
- After the unhinged ruling on embryo "personhood" the Alabama Supreme Court handed down last week, Republicans across the country have fallen over themselves saying they want to protect IVF treatment while they vote against protecting IVF treatment. Jamelle Bouie runs down some of the dumbass things Republicans have said on the ruling, with a cameo from the dumb-as-rocks junior US Senator from Alabama, who sounded more like Nigel Tufnel than usual.
- Aaron Blake pointedly contradicts the usual "bad for Biden" story line by putting President Biden's Michigan-primary win last night in perspective.
- Bruce Schneier looks at the difficulties insuring against cyber crime, one of the problems we're also solving at my day job.
- New York prosecutors said the Art Institute of Chicago exhibited "willful blindness" in 1966 when it acquired art looted by the Nazis, an accusation the museum denies.
- Harry Windsor, the Duke of Sussex, lost his case against the UK Home Office, in which he sued to keep his publicly-funded security detail the same size as it was when he actually did his job as the Royal Spare. The high court (the rough equivalent of the DC Circuit Court of Appeals in this case) ruled that the relevant agency had made a perfectly rational decision as the Duke now lives in California, doesn't do bugger-all for the UK, and is a whiny prat to boot.
Finally, Chicago Transit Authority president Dorval Carter took a—gasp!—CTA train to a city council hearing, at which he promised the CTA could be the best transit system in the world if only the State of Illinois would give it more funding. The very last thing I did in Munich on Sunday was to take the S-Bahn to the airport at 7am, so I can assure you money isn't the CTA's only impediment to achieving that lofty goal.
(Also, I just realized that This Is Spinal Tap turns 40 on Saturday. Wow.)
Consumer Reports released a paper last month detailing how many companies track the average Facebook user:
Using a panel of 709 volunteers who shared archives of their Facebook data, Consumer Reports found that a total of 186,892 companies sent data about them to the social network. On average, each participant in the study had their data sent to Facebook by 2,230 companies. That number varied significantly, with some panelists’ data listing over 7,000 companies providing their data. The Markup helped Consumer Reports recruit participants for the study. Participants downloaded an archive of the previous three years of their data from their Facebook settings, then provided it to Consumer Reports.
One company appeared in 96 percent of participants’ data: LiveRamp, a data broker based in San Francisco. But the companies sharing your online activity to Facebook aren’t just little-known data brokers. Retailers like Home Depot, Macy’s, and Walmart, all were in the top 100 most frequently seen companies in the study. Credit reporting and consumer data companies such as Experian and TransUnion’s Neustar also made the list, as did Amazon, Etsy, and PayPal.
The data examined by Consumer Reports in this study comes from two types of collection: events and custom audiences. Both categories include information about what people do outside of Meta’s platforms.
In the report, Consumer Reports calls for a number of policy proposals covering data collection practices, some of which could be part of a national digital privacy law, something that the organization has long advocated for.
We need a European Union-style regulatory regime to protect our privacy. The companies won't do it without regulation.
The computer I'm using to write this post turns 8 years old on April 6th. It has served me well, living through thousands of Daily Parker posts, two house moves, terabytes of photographs, and only one blown hard drive.
So I have finally broken down and ordered a new one: a Dell Precision 3460 that will sit on my desk instead of under it, and will run Windows 11 with TPM 2.0 instead of warning me that it doesn't have the right hardware to get the latest OS.
The new computer will have an 13th Gen Intel Core i5-13600 processor with burst speeds up to 5 GHz, an nVidia T1000 graphics card with 3 DP outputs right on the chassis, a 512 GB SSD as a boot drive, and a pair of 32 GB 4800 MHz DIMMS that I ordered separately. Plus, instead of decrypting and re-encrypting my 4 TB, 7200-RPM data drive, I'm just going to get a 4 TB M.2 2280 SSD, because they're actually less expensive and use less power than the one in my 2016 box.
Unfortunately I'll need to completely replace my 14-year-old Dell monitor, and get an HDMI-to-DP conversion cable for my newer (2018-vintage) monitor, but neither of those things is terribly expensive these days.
I've also updated the math on the March 2016 post announcing my previous computer, to show the progression of computing technology over the past 8 years:
|Config, Processor, Ram, HDD
|Desktop, Core i5 5.0 GHz, 64 GB, 512 GB SSD + 4TB SSD Data
|Desktop, Xeon 6C 2.4 GHz, 40 GB, 512 GB SSD + 2TB Data
|Laptop, Core i7 2.4, 12 GB, 512 GB SSD
|Laptop, Core i5 2.2 GHz, 8 GB, 256 GB SSD
|Laptop, Core 2 Duo 2.66 GHz, 4 GB, 250 GB
|Desktop, Xeon 4C 2.0 GHz, 8 GB, 146 GB
|Laptop, Centrino 2.0 GHz, 2 GB, 160 GB
|Laptop, Pentium M 2.8 GHz, 2 GB, 60 GB
|Laptop, Pentium M 1.4 GHz, 1 GB, 60 GB
|Laptop, Pentium 4 1.7 GHz, 512 MB, 40 GB
|Desktop, Pentium 3 500 MHz, 256 MB, 20 GB
|Desktop, Nx 586 90 MHz, 32 MB, 850 MB
|Desktop, 80386 33 MHz, 4 MB, 240 MB
I mean, wow. I fully expect to be amazed at the speed—and the video.
I will say that my hope that the computer I bought in March 2016 would last at least 4 years came true twice over. In fact, from 1991 to 2016, I upgraded my main computer about every 2.7 years on average. Only two made it past 5 years, but only by 4 and 6 months.
It's been a really great machine. And I'm sure I'll discover that it can do one or two things that my new box can't, just like this one lost a couple of features I still sometimes miss. (My 2008 desktop could make mix CDs. I've never set this one up to do that.)
An Ottawa judge told the Crown Prosecution Service to return a suspect's mobile phones after prosecutors failed to unlock them after trying 175 million passwords:
The police seized the phones in October 2022 with a warrant obtained based on information about a Google account user uploading images of child pornography. The contents of the three phones were all protected by complex, alpha-numeric passcodes.
Ontario Superior Court Justice Ian Carter heard that police investigators tried about 175 million passcodes in an effort to break into the phones during the past year.
The problem, the judge was told, is that more than 44 nonillion potential passcodes exist for each phone.
To be more precise, the judge said, there are 44,012,666,865,176,569,775,543,212,890,625 potential alpha-numeric passcodes for each phone.
In his ruling, Carter said the court had to balance the property rights of an individual against the state’s legitimate interest in preserving evidence in an investigation. The phones, he said, have no evidentiary value unless the police succeed in finding the right passcodes.
The article helpfully describes how dictionary attacks work, but doesn't attempt to figure out how long it would take to brute-force them. (I'm not going to attempt that, either, but I expect it's a while.)
Via Bruce Schneier, your car does not respect your privacy anymore:
Mozilla recently reported that of the car brands it reviewed, all 25 failed its privacy tests. While all, in Mozilla's estimation, overreached in their policies around data collection and use, some even included caveats about obtaining highly invasive types of information, like your sexual history and genetic information. As it turns out, this isn’t just hypothetical: The technology in today’s cars has the ability to collect these kinds of personal information, and the fine print of user agreements describes how manufacturers get you to consent every time you put the keys in the ignition.
This gets even more complicated when you think about how cars are shared. Rental cars change drivers all the time, or a minor in your household might borrow your car to learn how to drive. Unlike a cell phone, which is typically a single user device, cars don’t work like and vehicle manufacturers struggle to address that in their policies. And cars have the ability to collect information not just on drivers but their passengers.
Consumers are effectively hamstrung by the state of legal contract interpretation, and manufacturers are incentivized to mitigate risk by continuing to bloat these (often unread) agreements with increasingly invasive classes of data. Many researchers will tell you the only real solution here is federal regulation. There have been some cases of state privacy law being leveraged for consumers' benefit, as in California and Massachusetts, but on the main it's something drivers aren't even aware they should be outraged about, and even if they are, they have no choice but to own a car anyway.
Note to self: no more don't start having sex in my Prius.
It's 22°C and sunny right now, making me wonder what's wrong with me that I'm putting together a software release. I probably should fire off the release, but I'm doing so under protest. I also probably won't get to read all of these things I've queued up:
Finally, Stan's Donuts will open a new store just three blocks from the apartment I moved out of one year ago today. I might have to stop in soon. I will not, however, wash them down with CH Distillery's latest abomination, Pumpkin-Spice Malört.
Other than getting a little rained on this morning, I've had a pretty good day. But that didn't leave a lot of time to catch up on any of these before I started a deployment just now:
- Heather Cox Richardson examines US history through the lens of a never-ending conflict between "two Americas, one based in religious zeal, mythology, and inequality; and one grounded in rule of the people and the pursuit of equality."
- Josh Marshall ponders the difficulty of covering the XPOTUS's increasingly ghastly behavior in the "both-sides" journalism world we inhabit.
- James Fallows zooms out to look at the framing decisions that journalists and their publishers make that inhibit our understanding of the world. Like, for example, looking at the soon-to-be 4th time Republicans in Congress have shut down the Federal government and blaming all of Washington.
- Fallows also called attention to Amna Nawaz's recent interview with authoritarian Turkish president Recep Erdogan in which she kept her cool and her focus and he...didn't.
- Speaking of the impending Republican torching of the US Government (again), Krugman looks at the two clown shows in the party, but wonders why "everyone says that with the rise of MAGA, the G.O.P. has been taken over by populists. So why is the Republican Party’s economic ideology so elitist and antipopulist?"
- The Supreme Court has once again told the Alabama legislature that it can't draw legislative maps that disenfranchise most of its black citizens. Which, given the state's history, just seems so unlike them.
- The Federal Trade Commission and 17 US States have sued Amazon for a host of antitrust violations. “A single company, Amazon, has seized control over much of the online retail economy,” said the lawsuit.
- Monica Hesse dredges all the sympathy and understanding she can muster for XPOTUS attorney Cassidy Hutchinson's memoir. NB: Hutchinson is 27, which means I am way overdue for starting my own memoir.
- Chicago Sun-Times columnist David Roeder complains that the CTA's planned Red Line extension to 130th Street doesn't take advantage of the existing commuter rail lines that already serve the far south side, but forgets (even as he acknowledges) that Metra and the CTA have entirely different missions and serve different communities. Of course we need new regional transport policies; but that doesn't mean the 130th St extension is bad.
- Software producer Signal, who make the Signal private messaging app, have said they will leave the UK if the Government passes a "safety" bill that gives GCHQ a back door into the app.
- Molly White shakes her head as the mainstream press comes to terms with something she's been saying for years now: NFTs have always been worthless. Oh, and crypto scored two $200-million thefts this week alone, which could be a new record, though this year has already seen $7.1 trillion of crypto thefts, hacks, scams, and other disasters.
- After almost 20 years and a the removal of much of an abandoned hospital in my neighboorhood, the city will finally build the park it promised in 2017.
Finally, I rarely read classical music reviews as scathing as Lawrence Johnson's evisceration of the Lyric Opera's Flying Dutchman opening night last Friday. Yikes.
Inner Drive Technology WHQ cooled down to 14°C overnight and has started to climb up into the low-20s this morning, with a low dewpoint and mostly-clear skies. Perfect sleeping weather, and almost-perfect walking weather! In a few minutes I'm going to take Cassie out for a good, long walk, but first I want to queue up some stuff to read when it's pissing with rain tomorrow:
- A Wall Street Journal poll (which the XPOTUS funded in part) appears to have bad news for the Biden re-election campaign, not least because 52% of voters surveyed believe the laziest person to hold that office since Harding and the dumbest since...well, Harding..."has a strong record of accomplishments."
- The Wisconsin Republican Party has given up any pretense of respect for the voters by threatening to impeach the newly-elected Democratic state supreme court justice Janet Protasiewicz before she has even heard a single case. Says Jamie Bouille, "In the absence of national regulation — and against the backdrop of a federal Supreme Court that is, at best, apathetic on issues of voting rights — states are as liable to become laboratories of autocracy as they are to serve as laboratories of democracy."
- Molly White may not shed any tears for Sam Bankman-Fried's difficulties getting comfortable in prison, but our prison system really does create dangerous conditions for people who don't have armies of lawyers fighting for them.
- Elizabeth Spiers has had enough of men who double down on reprehensible behavior, and the other men who let them.
- The Chicago Tribune looks at Underground Railroad sites around the city.
- Charlie Warzel laments that "streaming has reached its sad, predictable fate." Vulture reached that conclusion back in June, when it reported on studio executives having reached that conclusion in March. And then the strike happened...
- The Economist's Bartleby column provides a how-to guide on "networking for introverts."
- James Fallows reviews former Naval Intelligence officer Michael McLaughlin's book on the cyber-war that you and I are already fighting.
- The UK set a new record this afternoon with its 7th consecutive day of 30°C temperatures, an unprecedented (at least since the 1880s) occurrence. "Before that, according to Met Office data, the UK has only had three consecutive days of 30°C weather in September on four previous occasions: 1898, 1906, 1911 and 2016," the Guardian reports. "Saturday was named the hottest day of 2023 in the UK with 32.7C recorded at Heathrow." (This is not normal.)
Finally, my indoor Netatmo base station has picked up a funny mid-September thing: cicadas. The annual dog-day cicadas have only a few more days to get the next generation planted in the ground, so the remaining singletons have come out this morning instead of waiting for dusk. As you can see, the ones in the tree right outside the window closest to the Netatmo have been going at it since dawn:
The predominant species in my yard right now are neotibicen pruinosus, or "scissor-grinder" cicadas. But we also have our share of other species in Northern Illinois. And, of course, next May: Brood XIII comes out. That'll be fun (especially for Cassie)!
It never stops, does it? And yet 100 years from now no one will remember 99% of this:
- A group of psychiatrists warned a Yale audience that the XPOTUS has a "dangerous mental illness" and should never get near political office again. Faced with this obvious truth, 59% of Republicans said they'd vote for him in 2024.
- Timothy Noah looks at the average age of the likely nominees for president next year (79) and the average age of the US Senate (60-something) and concludes our country needs a laxative. (Literally so in millions of cases.) Good thing US Representative Nancy Pelosi (D-CA) said she'll run again next year, after she turns 84. Unfortunately, while I agree in principle with Andrew Sullivan's desire to see President Biden "leave the stage," all the alternatives seem worse to me.
- Senate Majority Whip Dick Durbin (D-IL, age 78) has gotten some pushback from an even bigger dick, Justice Samuel Alito (R-$), because the Senator said it would look unethical if the Justice participated in a case involving a reporter who interviewed the Justice about his unethical behavior. But Samuel says he was ethical; and, sure, he is an honourable man.
- Adolescent narcissist Elon Musk cut Internet coverage to the Ukrainian armed forces just as it started a surprise attack against Russia's Black Sea fleet, apparently at the behest of a Russian official. Josh Marshall calls this clear and convincing evidence that "[y]ou simply can’t have critical national security infrastructure in the hands of a Twitter troll who’s a soft touch for whichever foreign autocrat blows some smoke up his behind. But that's what we have here."
- The Federal Transit Administration has finally committed $2 bn to expanding Chicago's Red Line subway to 130th St., a project first proposed in (checks notes) 1969. And who says the United States has the worst public transit funding in the developed world, other than all the urbanists who have ever studied the problem?
- What do you get when you cross ChatGPT with Google Assistant (or Alexa or Siri)? Don't worry, Bruce Schneier says we'll find out soon enough.
- "Boundaries" has a specific, limited meaning in psychology, not even close to the way most people use the word: "while the proliferation of therapeutic terms has given people access to necessary mental health tools, people may overgeneralize concepts such as boundaries and triggers, and use them to rationalize certain behaviors."
Finally, Guinness set the opening date for its new brewery in Chicago's Fulton Market district: Thursday September 28th. The Brews and Choos Project will visit soon thereafter.
Via Molly White, thieves made off with data from LastPass containing the encrypted passwords from 25 million users. They still have to crack the vaults to get at the data, which takes a long time, but Brian Krebs worries they have already succeeded in cracking a few of them:
In November 2022, the password manager service LastPass disclosed a breach in which hackers stole password vaults containing both encrypted and plaintext data for more than 25 million users. Since then, a steady trickle of six-figure cryptocurrency heists targeting security-conscious people throughout the tech industry has led some security experts to conclude that crooks likely have succeeded at cracking open some of the stolen LastPass vaults.
Armed with your secret seed phrase, anyone can instantly access all of the cryptocurrency holdings tied to that cryptographic key, and move the funds to anywhere they like.
Which is why the best practice for many cybersecurity enthusiasts has long been to store their seed phrases either in some type of encrypted container — such as a password manager — or else inside an offline, special-purpose hardware encryption device, such as a Trezor or Ledger wallet.
[Security researcher Nick] Bax said the only obvious commonality between the victims who agreed to be interviewed was that they had stored the seed phrases for their cryptocurrency wallets in LastPass.
If you use LastPass, MetaMask's lead project manager Taylor Monahan urges you to update your credentials now:
According to MetaMask’s Monahan, users who stored any important passwords with LastPass — particularly those related to cryptocurrency accounts — should change those credentials immediately, and migrate any crypto holdings to new offline hardware wallets.
“Really the ONLY thing you need to read is this,” Monahan pleaded to her 70,000 followers on Twitter/X: “PLEASE DON’T KEEP ALL YOUR ASSETS IN A SINGLE KEY OR SECRET PHRASE FOR YEARS. THE END. Split up your assets. Get a hw [hardware] wallet. Migrate. Now.”
If you also had passwords tied to banking or retirement accounts, or even just important email accounts — now would be a good time to change those credentials as well.
Another idea: don't hold your assets in crypto, which, unlike real banking, has no protection against theft and few ways to recover stolen funds.