The Daily Parker

Politics, Weather, Photography, and the Dog

Evening roundup

With only 18 hours to go in the worst presidency in American history—no, really this time—I have a few articles to read, only two of which (directly) concern the STBXPOTUS.

Finally, after seven weeks of back-and-forth with Microsoft engineers, I've helped them clarify some code and documentation that will enable me to release a .NET 5.0 version of the Inner Drive Extensible Architecture™—the IDEA™—by this time tomorrow.

Sure Happy It's Thursday, March 319th...

Lunchtime roundup:

Finally, the authors of The Impostor's Guide, a free ebook aimed at self-taught programmers, has a new series of videos about general computer-science topics that people like me didn't learn programming for fun while getting our history degrees.

The Economist's Bartleby column examines how Covid-19 lockdowns have "caused both good and bad changes of routine."

Everyone who understands security predicted this

Security is hard. Everyone who works in IT knows (or should know) this. We have well-documented security practices covering every part of software applications, from the user interface down to the hardware. Add in actual regulations like Europe's GDPR and California's privacy laws, you have a good blueprint for protecting user data.

Of course, if you actively resist expertise and hate being told what to do by beanie-wearing nerds, you might find yourself reading on Gizmodo how a lone hacker exfiltrated 99% of your data and handed it to the FBI:

In the wake of the violent insurrection at the U.S. Capitol by scores of President Trump’s supporters, a lone researcher began an effort to catalogue the posts of social media users across Parler, a platform founded to provide conservative users a safe haven for uninhibited “free speech” — but which ultimately devolved into a hotbed of far-right conspiracy theories, unchecked racism, and death threats aimed at prominent politicians.

The researcher, who asked to be referred to by their Twitter handle, @donk_enby, began with the goal of archiving every post from January 6, the day of the Capitol riot; what she called a bevy of “very incriminating” evidence.

Operating on little sleep, @donk_enby began the work of archiving all of Parler’s posts, ultimately capturing around 99.9 percent of its content. In a tweet early Sunday, @donk_enby said she was crawling some 1.1 million Parler video URLs. “These are the original, unprocessed, raw files as uploaded to Parler with all associated metadata,” she said. Included in this tranche of data, now more than 56 terabytes in size, @donk_enby confirmed the raw video includes GPS coordinates, which point to the locations of users when the videos were filmed.

Meanwhile, dozens of companies that have donated to the STBXPOTUS and other Republican causes over the past five years have suddenly started singing a different tune:

Calmer today as the Derpnazis return home

We had a relatively quiet day yesterday, but only in comparison to the day before:

Meanwhile, here in Chicago:

Finally, Bruce Schneier advises the incoming administration on how to deal with the SolarWinds intrusion.

See? Yesterday was quiet.

I'm screaming in my head

The Times continues its coverage of the SolarWinds breach, and adds a detail that explains why the Russians continue to eat our lunch:

Employees say that under [SolarWinds CEO Kevin] Thompson, an accountant by training and a former chief financial officer, every part of the business was examined for cost savings and common security practices were eschewed because of their expense. His approach helped almost triple SolarWinds’ annual profit margins to more than $453 million in 2019 from $152 million in 2010.

But some of those measures may have put the company and its customers at greater risk for attack. SolarWinds moved much of its engineering to satellite offices in the Czech Republic, Poland and Belarus, where engineers had broad access to the Orion network management software that Russia’s agents compromised.

So many things went wrong in this case that singling out one CEO for taking profits over security may seem myopic. But the SVR must love the poetry of it: a greedy American CEO tries to increase his paycheck by hiring engineers easy for them to compromise, leading to the largest network intrusion in history.

I want to see Congress investigate this, and I want to see Thompson reduced to penury for his greed. Not that anything will change; until we have rational regulation of software security—hell, until we have any regulation of software security—criminals and our adversaries will keep exploiting companies like SolarWinds.

Good morning!

Just an hour or so into the first business day of 2021, and morning news had a few stories that grabbed my attention:

Finally, don't eat icicles. They're basically frozen bird poop.

Ephemeral GPS failure

Sony-made GPS chipsets failed all over the world this weekend when a GPS cheat-sheet of sorts expired:

In general, the pattern of your route is correct, but it may be displaced to one side or the other. However, in many cases by the completion of the workout, it sorts itself out. In other words, it’s mostly a one-time issue.

The issue has to do with the ephemeris data file, also called the EPO file (Extended Prediction Orbit) or Connected Predictive Ephemeris (CPE). Or simply the satellite pre-cache file. That’s the file that’s delivered to your device on a frequent basis (usually every few days). This file is what makes your watch near-instantly find GPS satellites when you go outside. It’s basically a cheat-sheet of where the satellites are for the next few days, or up to a week or so.

I experienced this failure as well. I recorded two walks on my Garmin Venu, one Friday and one yesterday. In both cases, the recorded GPS tracks appeared about 400 m to the west of where I actually walked.

Because the issue started between 22:30 UTC on December 31st and 15:00 UTC on January 1st, I (and others) suspect this may have been bad date handling. Last year not only had 366 days, but also 53 weeks, depending on how the engineers configured the calendar. So what probably happened is that an automatic CPE update failed or appeared to expire because the calendar handling was off.

Dates are hard.

Statistics: 2020

What a bizarre year. Just looking at last year's numbers, it almost doesn't make sense to compare, but what the hell:

  • Last year I flew the fewest air-miles in 20 years; this year, I flew the fewest since the first time I got on a commercial airplane, which was during the Nixon Administration. In January I flew to Raleigh-Durham and back, and didn't even go to the airport for the rest of the year. That's 1,292 air miles, fewer than the very first flight I took (Chicago to Los Angeles, 1,745 air miles). I did, however, make an overnight trip to Wisconsin in November, easily breaking the record for my longest travel drought but making it shorter than never. 
  • This is my 609th post on the Daily Parker in 2020—an average of more than 50 per month. This new record blows away the one I set just last year by 10.5%. (Imagine how much I'd have written had anything newsworthy actually happened in 2020.)
  • The pandemic let me spend Parker's last eight months with him nearly every day. Despite his age and discomfort, we managed to go for almost 241 hours of walks (274 annualized), a whopping 29% (46% annualized) more than in 2019.
  • Including today, I got 4,848,171 steps, averaging 13,246 per day. This is 5.7% fewer than last year. I missed 10,000 steps on seven occasions—five this month. Without a daily commute or a dog, not to mention the cold weather, I have struggled since Thanksgiving to get motivated enough to get longer walks in. That said, I hit a new record of 312 consecutive days over 10,000 steps, a record I don't anticipate ever breaking. I also got 56,562 steps on September 4th—another record I don't expect to break soon.
  • I once again read more than the year before, with 39 books started and 37 completed. (I'm still working on The Power Broker, which I started 18 months ago...) On the other hand, I watched 59 movies and 79 TV series, compared with 56 and 38 respectively in 2019. Of course, almost all of that was streaming on my home computer while programming on my work computer, but it's a lot.

I can't even predict what will happen in 2021. I expect fewer steps, more books, and actually to start traveling again. Here's hoping for a speedy vaccination.

Erev Xmas Eve

It's 11°C outside and I have a fuzzy houseguest for the day, so there will be walks! At least until the 20°C temperature drop starts around 6pm... So while I'm enjoying the last above-freezing day of the year with a very sweet and very strong office companion, I've got a few things to occupy my time.

At the top of my list today, we find that the STBXPOTUS has pardoned 15 truly awful murderers and grifters, including the four assholes who slaughtered unarmed Iraqi civilians in 2007. It's possible these are the worst pardons ever granted by a US president. (I wonder if Bill Moyers would agree.)

Next we have Bruce Schneier explaining just how bad the SolarWinds penetration really is.

And finally, US Surgeon General Dr Jerome Adams said Chicago's coronavirus vaccine rollout was the best in the nation. Go us!

I will now finish my lunch, guarded vigilantly by my neighbor's dog who hopes against all evidence that some of my ham sandwich will find its way to her snout.

Portable Document Format: still crappy after all these years

Earlier this year, the Nielsen Norman Group repeated a study they first did in 1996 on the usability of PDF documents. As they've now found three times, making PDFs instead of actual web pages yields a horrible experience for users:

Jakob Nielsen first wrote about how PDF files should never be read online in 1996 — only three years after PDFs were invented. Over 20 years later, our research continues to prove that PDFs are just as problematic for users. Despite the evidence, they’re still used far too often to present content online.

PDFs are typically large masses of text and images. The format is intended and optimized for print. It’s inherently inaccessible, unpleasant to read, and cumbersome to navigate online. Neither time nor changes in user behavior have softened our evidence-based stance on this subject. Even 20 years later, PDFs are still unfit for human consumption in the digital space. Do not use PDFs to present digital content that could and should otherwise be a web page.

PDF files are typically converted from documents that were planned for print or created in print-focused software platforms. When creating PDFs in these tools, it’s unlikely that authors will follow proper guidelines for web writing or accessibility. If they knew these, they’d probably just create a web page in the first-place, not a PDF. As a result, users get stuck with a long, noninclusive mass of text and images that takes up many screens, is unusable for finding a quick answer, and boring to read. There’s more work involved in creating a well-written, accessible PDF than simply exporting it straight from a word processing or presentation platform. Factors such as the use of color, contrast, document structure, tags, and much more must be intentionally addressed.

Yah, so, don't use them.