Author: David K.

Students defeat new ‘Barnacle’ parking clamp, skip fines and get free internet

As it turns out, to take off the Barnacle, all you need to do is run your vehicle’s windshield defroster for 15 minutes, and then use a credit card or similar thin piece of plastic to release the suction cup around the edge. Presto! You’re free from fees.

Other students shared other solutions – blocking its signal and deactivating it by covering it in aluminum, or fitting your windshield with a mock Barnacle of your own – but our fave low-tech workaround was shared by a user who found out his campus only had 12 wheel boots to go around and bought and illegally parked 12 scrapyard cars that could be “sacrificed” so everyone else could park however they wanted.

Source: Students defeat new ‘Barnacle’ parking clamp, skip fines and get free internet

The more they overthink the plumbing, the easier it is to stop up the drain. – Scotty, Star Trek III, The Search For Spock

How 4 Chinese Hackers Allegedly Took Down Equifax | WIRED

While the operation had a certain degree of complexity, Equifax itself made their job much easier than it should have. It should have patched that initial Apache Struts vulnerability, for starters. And an FTC complaint from last summer also found that the company stored administrative credentials in an unsecured file in plaintext. It kept 145 million Social Security numbers and other consumer data in plaintext as well, rather than encrypting them. It failed to segment the databases, which would have limited the fallout. It lacked appropriate file integrity monitoring and used long-expired security certificates. The list goes on. Equifax didn’t just let the alleged Chinese hackers into the vault; it left the skeleton key for every safe deposit box in plain sight.

Source: How 4 Chinese Hackers Allegedly Took Down Equifax | WIRED

This whole incident deeply offends me. I don’t like that our capitalistic society has given these credit-reporting companies so much control over our lives. I don’t like that they seem to be completely unaccountable for being so integral to so much of our economy. I don’t like that they hold all the information you would need to ruin someone’s life by impersonating them online. I don’t like that they are not being prosecuted for being so flippant with personally-identifying data.

I don’t like the fact that a sovereign foreign power committed industrial espionage on a critical part of our economy. I don’t like that they already did basically the same thing to a government personnel database the year before. I don’t like that China’s government exists to begin with, given their treatment of their own people, Hong Kong, and the Uighers. I also don’t like that China has been committing wholesale intellectual property theft for many decades. I don’t like the fact that we all know it, and nothing seems to be getting done to stop it.

The initial vulnerability the attackers leveraged was a problem in Apache Struts, which implies that Equifax’s web application uses Java. Using Java for a web application in 2017 is like driving a Model T in 1950. Sure, it was a reliable means of transportation, and revolutionary when it was introduced, but it’s 20 years out of date. It requires an inordinate amount of maintenance, spare parts are more difficult to find. Mechanics can be lazy, because they know they have the owner of the car over a barrel, and they can charge a premium for service, and take their time. There are many better options available, which start quicker, go faster, have safety features built in, and are far more comfortable.

Not all applications require encrypted this, and sharded that, and intrusion detection systems, and real-time monitoring, and everything else, but if any application needed these sorts of treatments, it would have been this one. Also, if any application needed its owners to stay on top of CVE disclosure reports, and fix affected layers of their stack, as appropriate, it would have been this one.

In sort, there’s literally no good news here. Nothing will happen to China, its government, or the actual individuals named in the indictment. The punishment to Equifax is a slap on the wrist. Everyone jumped on the settlement, and now no one will get anything. Everything about this is wrong, and nothing good will come of it.

Joaquin Phoenix Thanks Oscar Crowd for ‘Second Chance’: ‘I’ve Been Selfish, I’ve Been Cruel’

Joaquin Phoenix accepted his best actor award for “Joker” with a speech that touched on racism, animal rights and his own ability to change.

“I’ve been a scoundrel in my life. I’ve been selfish, I’ve been cruel at times, hard to work with,” he said. “I’m grateful that so many of you in this room have given me a second chance. And I think that’s when we’re at our best, when we support each other, not when we cancel each other out for past mistakes, but when we help each other to grow, when we educate each other, when we guide each other toward redemption. That is the best of humanity.”

Source: Joaquin Phoenix Thanks Oscar Crowd for ‘Second Chance’: ‘I’ve Been Selfish, I’ve Been Cruel’

So. much. this.

For nearly 30 years, I’ve been pastored by a visionary man who believes this to his core. I’ve seen what redemption looks like in many people’s lives, and I cannot agree any harder: this is the very best of humanity.

Democratic Primary Election = The Bachelor

It occurs to me that the selection of the Democratic presidential nominee bears a striking resemblance to the reality TV show, The Bachelor. Both efforts are supposedly about choosing a winner by intangible, arbitrary, and constantly-moving standards, run by a cadre of people who we never see, with a goal of creating as much drama as possible. Ostensibly, the objective is to find the perfect candidate to fill the slot, and produce a happy relationship, but anyone who wants to win either contest should be considered suspiciously ill-inentioned, at best, or mentally ill, at worst. Just a thought. I’m working through the similarities during shower time.

n-gate.com. we can’t both be right.

Python dicts are now ordered

February 07, 2020 (comments)

A webshit has something to say about Python internals, but I couldn’t focus on the article, because the first comment on the blog post involves the text “it brings Python on par with PHP,” which is such a monumentally alien thought that I think I need medical attention. Hackernews argues about who already knew this, why, and how. Another argument breaks out about whether this is the Correct and Natural approach to data structures, or if it’s Completely Wrong and Stupid because of some ridiculous edge case nobody cares about. Most of the complaints are from people who are deeply concerned that (entirely hypothetical) existing code might break in the case its author made extremely specific assumptions about one particular data structure in a programming language directly aimed at people who do not give a shit about these topics.

Source: n-gate.com. we can’t both be right.

Arguably one of the pithiest comments on this site yet.

Colorado is the first state to cap skyrocketing insulin co-pays – CNN

Colorado Gov. Jared Polis signed a bill into law Wednesday that places a $100 per month cap on insulin co-pays, regardless of how much insulin a patient uses. Insurance companies will pay anything more than the $100 co-pay, according to the new law.

Source: Colorado is the first state to cap skyrocketing insulin co-pays – CNN

Today, in Medicare-For-All-is-being-slightly-delayed news… Big win. Hopefully, this will sweep the rest of the states. This is something that could be handled by the Congress – DIRECTLY under their statutory powers of governing INTRA-STATE commerce – if they just got their collective heads out of… the sand, and quit wasting time with a sham of an impeachment that they knew would never succeed.

Drug Company Set to Pay $15 Million to DOJ Over Doctor Bribery Scandal

Mallinckrodt Pharmaceuticals announced today that the company expects to pay $15.4 million in a settlement with the U.S. Justice Department after allegations that Questcor Pharmaceuticals, which Mallinckrodt acquired in 2014, had bribed doctors and their staff to prescribe an incredibly expensive drug.

Source: Drug Company Set to Pay $15 Million to DOJ Over Doctor Bribery Scandal

Today, in Medicare-For-All-is-inevitable news: A pharmaceutical company jacked up the price of a drug for newborns from $40 to FORTY THOUSAND DOLLARS, even though it has been in the market, unchanged, since 1952. And then they were caught bribing doctors to prescribe it!

On top of this, there’s a $33 version of the drug in Canada. So, what did these jerks do? Why, bought the rights to sell it in the US, and then simply locked it up, of course! I mean, what else does one do in this situation?

DHH on Twitter: “Gig exploitation math is very simple.”

Seems like it’s only a matter of time before word gets around that this just doesn’t work long term. Especially in a time of record employment. Of course, if the government is calling “gig jobs” employment, then we might have a problem. I guess we’ll see if word of mouth about the negative rates involved win out over the exploitation of desperately underemployed people.

Confirmed: Gucci Fall/Winter 2020 Menswear Still Slaps

Alessandro Michele turned up his blouse game and blasted Marilyn Manson on the Milan runway for his latest collection, a statement against toxic masculinity

Source: Confirmed: Gucci Fall/Winter 2020 Menswear Still Slaps

The movie, The Devil Wears Prada, made me actually consider that there might be something to the fashion industry. Gucci’s 2020 menswear collection has destroyed that notion. This is one of the 4 or 5 most-influential fashion brands on the planet. You can’t convince me that this picture isn’t the result of being told, “You have 2 minutes to run through a Goodwill, and anything you can fit in this bag will be free,” and putting on a runway with the result.