The Daily Parker

...will be to Bletchley Park:

The National Museum of Computing is a must-see if you are ever in the UK. It was a short 30ish minute train ride up from London. We spent the whole afternoon there.

There is a rebuild of the Colossus, the the world's first electronic computer. It had a single purpose: to help decipher the Lorenz-encrypted (Tunny) messages between Hitler and his generals during World War II. The Colossus Gallery housing the rebuild of Colossus tells that remarkable story.

We saw the Turing-Welchman Bombe machine, an electro-mechanical device used to break Enigma-enciphered messages about enemy military operations during the Second World War. They offer guided tours (recommended as the volunteers have encyclopedic knowledge) and we were able to encrypt a message with the German Enigma (there's a 90 second video I made, here) and decrypt it with the Bombe, which is effectively 12 Engimas working in parallel, backwards.

I wanted to understand the computing power these systems had then, and now. Check out the website where you can learn about the OctaPi - a Raspberry Pi array of eight Pis working together to brute-force Engima. You can make your own here!

Yes, there's a Raspberry Pi Enigma-cracker. If only we'd had one in 1940...

As readers have inferred, I've started a new position (more later), and with that I've got to set up a new work computer. I say "computer," but it's actually a MacBook Pro. All of my everything lives in the Microsoft universe. This has caused a slight problem trying to get access to my new company's source code in GitHub.

See, I've used Password Safe for years to manage all my passwords. By "all" I mean that I follow the standard industry practice of never re-using passwords, and generating strong passwords for each asset. This includes my GitHub account.

Today I finally got my existing GitHub account authorized to access the company's repositories. So all I have to do is log in to my GitHub account, and...wait...crap.

So how do I get my GitHub password? Here are the steps I tried:

1. My safe file is on OneDrive, so I can get it off my phone and email it to my work address. No problem there.
2. But PWSafe is a Windows application. There isn't a Mac version available through the same vendor.
3. There is a Mac version through a different vendor—for $15. OK, let me rule out all the free options first.
4. Aha! I have a virtual machine sitting in Microsoft Azure that I can spin up. It has access to OneDrive and it has a local copy of PWSafe already installed.
5. Log into the Microsoft Azure portal.
6. Spin up VM.
7. Google how to connect to it from a Mac. (Microsoft has a client available through the iTunes store.)
8. Go to the App Store on my Mac.
9. Find the RDP client.
10. Attempt to install the RDP client.
11. Dammit. I have to set up a new Apple ID because my personal Apple ID is—you guessed it—in the safe.
12. Set up a new Apple ID for work.
13. Actually install the RDP client this time.
14. Realize that the password for the VM is—you guessed it—in the safe.
15. Shut down the VM for now.
16. Jot down a note to add my GitHub account to LastPass so I can get into it from work.
17. Jot down another note to add my VM credentials to LastPass.
18. Get more tea.
19. Blog about this.

Oh well. I have plenty to do this afternoon that doesn't involve writing software.

By now you may have heard that Georgia Secretary of State Brian Kemp, who oversees elections in Georgia, and who is running for governor of Georgia this coming Tuesday, claims the Democratic Party hacked the voter registration database.

No. What happened is, when the state Democratic Party's voter protection director reached out to his office directly after being alerted to a gaping data vulnerability, he turned his own malfeasance into an attack on his opposition:

By the time Democrats reached out to the experts, Kemp’s office and the Federal Bureau of Investigation had already been alerted to the problem on Saturday morning by David Cross of the Morrison Foerster law firm. Cross is an attorney for one of the plaintiffs in a lawsuit against Kemp and other elections officials concerning cyber weaknesses in Georgia’s election system.

A man who claims to be a Georgia resident said he stumbled upon files in his My Voter Page on the secretary of state’s website. He realized the files were accessible. That man then reached out to one of Cross’s clients, who then put the source and Cross in touch on Friday.

The next morning, Cross called John Salter, a lawyer who represents Kemp and the secretary of state’s office. Cross also notified the FBI.

WhoWhatWhy, which exclusively reported on these vulnerabilities Sunday morning, had consulted with five computer security experts on Saturday to verify the seriousness of the situation. They confirmed that these security gaps would allow even a low-skilled hacker to compromise Georgia’s voter registration system and, in turn, the election itself. It is not known how long these vulnerabilities have existed or whether they have been exploited.

In this election and during the primaries, voters have reported not showing up in the poll books, being assigned to the wrong precinct, and being issued the wrong ballot.

All of that could be explained by a bad actor changing voter registration data.

Kemp's incompetence at securing voter registration data should be criminal. If he were a corporate executive, he could personally be sued in the EU and in other parts of the world for his negligence.

But, see, if you're running in a state where the majority of voters want your opponent to win, and you're a Republican, and you have the means and opportunity, you just bollocks up data security so badly that the entire registration process looks suspect. Then you either win, because the opposition can't vote, or you lose, and start bogus investigations to call the election's legitimacy into doubt.

This has been the Jim Crow strategy for a century and a half. That Kemp's opponent is an African-American woman with clear support from a majority of Georgians only makes Kemp's behavior more brazen.

The Republican Party can't win on the merits in most of the country, so they're throwing the game where they can. And the fact that their behavior undermines the legitimacy of elections in general is a feature, not a bug.

I've said this for 30 years: the Republican Party doesn't want to govern; they want to rule. And they are not going to give up their losing battle quietly. Nihilism doesn't care, after all.

Vote on Tuesday, if you haven't already. Enough of this shit. We have real problems to solve, and we need real people to solve them. Don't let the nihilists win.

We have a deployment at work tonight at 5pm (because in financial firms, you always deploy at 5pm on Friday). Fortunately, we've already done a full test, so we're looking forward to a pretty boring deployment tonight.

Fortunately, we have the Internet, which has provided me with all of these things to read:

• It turns out, men are responsible for 100% of all unwanted pregnancies.
• Real, live diplomats explain how to respond to something like Jamal Khashoggi's apparent murder, and how we're not actually doing those things.
• The government of West Virginia, completely and utterly failing to understand (or simply disregarding) the actual security issues with elections, will allow people to vote by mobile phone app next month.
• The New York Times interviewed Eddie Lampert this week, with predictable results.
• A shouting match inside the White House shows how their plays to the base screw with the government's actual policies.
• Finally, the Times' travel section ran "36 Hours in Chicago" this morning, which should be fun as it was written by a New Yorker.

Back to planning for next week's post-deployment fixes.

If the Kanye West–Donald Trump crazyfest didn't do it for you, there are plenty of other things to take a look at this lunchtime:

• Jonathan Capehart just laughed at Kanye. So did Katie Rogers, but more subtly.
• US Senator Rand Paul (R-KY) calls for a halt to weapon sales to Saudi Arabia.
• Let's once again review the case against leafblowers.
• Read Andrew Sullivan's weekly column.
• Bruce Schneier worries about physically-capable computers.
• Despite the cold, you can still get a drink alfresco in Chicago or go to one of our newest steakhouses.

That's all for now. Enough crazy for one Friday.

As in, "nice work, Dutch military, for unraveling a GRU operation and blowing 300 GRU agents worldwide:"

Dutch authorities have photographs of four Russian military intelligence (GRU) operatives arriving at the Amsterdam airport last April, escorted by a member of the Russian embassy. They have copies of the men’s passports — two of them with serial numbers one digit apart. Because they caught them, red-handed, inside a car parked beside the Organization for the Prohibition of Chemical Weapons in The Hague — the GRU team was trying to hack into the OPCW WiFi system — Dutch authorities also confiscated multiple phones, antennae and laptop computers.

On Thursday, the Dutch defense minister presented this plethora of documents, scans, photographs and screenshots on large slides at a lengthy news conference. Within seconds, the images spread around the world. Within hours, Bellingcat, the independent research group that pioneered the new science of open source investigation, had checked the men’s names against several open Russian databases. Among other things, it emerged that, in 2011, one of them was listed as the owner of a Lada (model number VAZ 21093) registered at 20 Komsomolsky Prospekt, the address of the GRU. While they were at it, Bellingcat also unearthed an additional 305 people — names, birthdates, passport numbers — who had registered cars to that very same address. It may be the largest security breach the GRU has ever experienced.

That's a great way to fight back: exposure. This is an example of the integrity and ingenuity which almost led to the Dutch controlling the world instead of the British way back when.

This week, I got an email from the SEO coordinator at Alaska Airlines:

My name is Shawn with Alaska Airlines. I'm reaching out concerning a specific link on blog.braverman.org. As you may have heard, Alaska Airlines acquired Virgin America last year. We are in the process of updating all Virgin America links to go directly to our website, https://www.alaskaair.com.

We want to make sure your readers are being sent to the correct place!

We would really appreciate it if you could update the link and anchor text, Virgin America, on this page: http://blog.braverman.org/2009/09/default to:https://www.alaskaair.com and Alaska Airlines. 

Please let me know if you have any questions.

If you're not the appropriate person to contact about this, can you put me in contact with the right person?

(The actual post he meant me to change is here.)

See, Alaska took over Virgin America, and now they want to scrub the Internet of all references to the old airline. I politely told Shawn that, no, I was not about to change a 9-year-old blog post to send Virgin down the memory hole.

He replied that he understood, but could I just change the URL to point to Alaska Air at least?

No, Shawn. I'm not editing the post, full stop. It reflects the state of the world in 2009, and to me, it's a document that needs to remain unaltered.

I'm sure the SEO coordinator of an airline believes that it's a doubleplusgood thing to help people who may inadvertently discover a blog post from 2009 not get misdirected. But the whole thing really creeped me out. Alaska or one of its vendors had to go through every one of the over 6,500 posts I've written looking for references to Virgin America, and then Shawn had to field my response to his (no doubt automated) email request. That's a lot of effort to pretend Virgin America never existed.

Did I mention Virgin America Airlines? Just making sure.

Lots of stuff crossed my inbox this morning:

• Researchers at Northwestern University believe they have evidence of four distinct personality types.
• Other researchers have found "huge perceptual differences [of Chicago] based on age, education level and especially race and ethnicity."
• Via Schneier, a look at the effects of publicly shaming companies for bad security.
• With 50 days to go until the election, James Fallows adds a time capsule about Brett Kavanaugh.
• Josh Marshall wonders whether Christine Ford will get better treatment than Anita Hill.

Back to my wonderful, happy software debugging adventure.

Before diving back into one of the most abominable wrecks of a software application I've seen in years, I've lined up some stuff to read when I need to take a break:

• DARPA claims to have developed a microchip, that goes in your brain, that can control a swarm of drones. You read that right.
• The Republican Congress are set to float a budget bill that would add $2 trn to our national debt (only $2,000 bn to my UK readers) over the next 10 years, a move that Thomas Friedman calls "heating up our economy by burning all the furniture in the house."
• Chicago might get a cute little park by Union Station if the latest in a series of development proposals goes through.
• James Fallows asks, is Bob Woodward like Walter Cronkite?
• Bruce Schneier warns about a security hole in Wemo smart plugs, which I use. Which is patched. So I will right now go order my plugs to patch themselves.
• Finally, if you need to use the System.Drawing namespace with .NET Core 2.0, Scott Hanselman has your back.

OK. Firing up Visual Studio, reaching for the Valium...

In late 2016, someone apparently attacked American diplomats in Cuba and China with a device that caused people to hear loud sounds and experience concussion-like brain damage. Now, doctors working with the attack victims may have figured out what it was:

The medical team that examined 21 affected diplomats from Cuba made no mention of microwaves in its detailed report published in JAMA in March. But Douglas H. Smith, the study’s lead author and director of the Center for Brain Injury and Repair at the University of Pennsylvania, said in a recent interview that microwaves were now considered a main suspect and that the team was increasingly sure the diplomats had suffered brain injury.

“Everybody was relatively skeptical at first,” he said, “and everyone now agrees there’s something there.” Dr. Smith remarked that the diplomats and doctors jokingly refer to the trauma as the immaculate concussion.

Strikes with microwaves, some experts now argue, more plausibly explain reports of painful sounds, ills and traumas than do other possible culprits — sonic attacks, viral infections and contagious anxiety.

In particular, a growing number of analysts cite an eerie phenomenon known as the Frey effect, named after Allan H. Frey, an American scientist. Long ago, he found that microwaves can trick the brain into perceiving what seem to be ordinary sounds.

Military strategists have talked about various nonlethal weapons for a long time. I don't remember reading about microwave weapons until now, since sound on its own seemed to be a pretty good way of disabling troops. But this is interesting, and disturbing.