Operating System “Ecology”

Back in my days of playing AD&D, each month, Dragon Magazine would feature an “The Ecology of…” some mythical beast. The article would read like a National Geographic treatment of what the creature eats, what places they inhabited, and so on. (The one that sticks with me was about the beholder, which is a uniquely characteristic example.) I still think about the word, “ecology,” a lot, because it neatly captures the immediate surroundings of a particular thing. I suppose talking about the “ecology” of an operating system is taking things a bit too far, but hear me out.

As I type this, I’m cloning a spinning-media hard drive to a solid-state hard drive. It’s already 33% done, so I’m going to have to hurry. To do this, I searched for “clone hdd to ssd”, and read the results. The first several, including a prominent LifeHacker article, talked about using EaseUS Backup to do the job.

Fine. I download software, and install it, and try to use it. Along the way, I’m prompted five times to upgrade to the paid version. Each time, I sidestep the upsell, because LifeHacker has assured me that the free edition is all I need. When I finally get to the actual button that does the thing, I see that this is no longer true.

Fine. Times change, and they felt the need to start charging for this. I get it. I don’t begrudge them. If all else fails, I’ll find a way to do this with Linux, because it’s always possible to do things like this with Linux, and do it for free, if you’re willing to learn the flags of some arcane commands.

But I take another look at the search results, and there’s another possibility: Macrium Reflect. Ah! That’s right. I did this for another computer over a year ago, and that’s what I used, I now recall.

Fine. I download this new program. I have to sign up with an email address to get the downloader. Fine. I register. I get my email. I download the downloader. I run the downloader. I enter my email. I get the downloader running. It downloads the program, installs it, and I’m copying the drive right now. The UI is very efficient, and there’s no annoying upsell come-ons. But I’ve had to click about 25 times to get to the point of doing the thing.

People who’ve never actually lived in macOS, and think that Windows is just great (thank you very much) never see it from our side. In the ecology of Macs, if you want some software, it’s usually quite clear that what you want is either free or paid, and installing consists of downloading a file, opening it, and dragging an icon. That’s it. The difference in the two operating system “ecologies,” in terms of friction and user-hostility, is pretty stark. Window users who have never tried Mac: you have no idea how much nicer life can be.

Aaand the clone is done. Let’s see how much faster Civ V starts up now…

Students defeat new ‘Barnacle’ parking clamp, skip fines and get free internet

As it turns out, to take off the Barnacle, all you need to do is run your vehicle’s windshield defroster for 15 minutes, and then use a credit card or similar thin piece of plastic to release the suction cup around the edge. Presto! You’re free from fees.

Other students shared other solutions – blocking its signal and deactivating it by covering it in aluminum, or fitting your windshield with a mock Barnacle of your own – but our fave low-tech workaround was shared by a user who found out his campus only had 12 wheel boots to go around and bought and illegally parked 12 scrapyard cars that could be “sacrificed” so everyone else could park however they wanted.

Source: Students defeat new ‘Barnacle’ parking clamp, skip fines and get free internet

The more they overthink the plumbing, the easier it is to stop up the drain. – Scotty, Star Trek III, The Search For Spock

How 4 Chinese Hackers Allegedly Took Down Equifax | WIRED

While the operation had a certain degree of complexity, Equifax itself made their job much easier than it should have. It should have patched that initial Apache Struts vulnerability, for starters. And an FTC complaint from last summer also found that the company stored administrative credentials in an unsecured file in plaintext. It kept 145 million Social Security numbers and other consumer data in plaintext as well, rather than encrypting them. It failed to segment the databases, which would have limited the fallout. It lacked appropriate file integrity monitoring and used long-expired security certificates. The list goes on. Equifax didn’t just let the alleged Chinese hackers into the vault; it left the skeleton key for every safe deposit box in plain sight.

Source: How 4 Chinese Hackers Allegedly Took Down Equifax | WIRED

This whole incident deeply offends me. I don’t like that our capitalistic society has given these credit-reporting companies so much control over our lives. I don’t like that they seem to be completely unaccountable for being so integral to so much of our economy. I don’t like that they hold all the information you would need to ruin someone’s life by impersonating them online. I don’t like that they are not being prosecuted for being so flippant with personally-identifying data.

I don’t like the fact that a sovereign foreign power committed industrial espionage on a critical part of our economy. I don’t like that they already did basically the same thing to a government personnel database the year before. I don’t like that China’s government exists to begin with, given their treatment of their own people, Hong Kong, and the Uighers. I also don’t like that China has been committing wholesale intellectual property theft for many decades. I don’t like the fact that we all know it, and nothing seems to be getting done to stop it.

The initial vulnerability the attackers leveraged was a problem in Apache Struts, which implies that Equifax’s web application uses Java. Using Java for a web application in 2017 is like driving a Model T in 1950. Sure, it was a reliable means of transportation, and revolutionary when it was introduced, but it’s 20 years out of date. It requires an inordinate amount of maintenance, spare parts are more difficult to find. Mechanics can be lazy, because they know they have the owner of the car over a barrel, and they can charge a premium for service, and take their time. There are many better options available, which start quicker, go faster, have safety features built in, and are far more comfortable.

Not all applications require encrypted this, and sharded that, and intrusion detection systems, and real-time monitoring, and everything else, but if any application needed these sorts of treatments, it would have been this one. Also, if any application needed its owners to stay on top of CVE disclosure reports, and fix affected layers of their stack, as appropriate, it would have been this one.

In sort, there’s literally no good news here. Nothing will happen to China, its government, or the actual individuals named in the indictment. The punishment to Equifax is a slap on the wrist. Everyone jumped on the settlement, and now no one will get anything. Everything about this is wrong, and nothing good will come of it.

Joaquin Phoenix Thanks Oscar Crowd for ‘Second Chance’: ‘I’ve Been Selfish, I’ve Been Cruel’

Joaquin Phoenix accepted his best actor award for “Joker” with a speech that touched on racism, animal rights and his own ability to change.

“I’ve been a scoundrel in my life. I’ve been selfish, I’ve been cruel at times, hard to work with,” he said. “I’m grateful that so many of you in this room have given me a second chance. And I think that’s when we’re at our best, when we support each other, not when we cancel each other out for past mistakes, but when we help each other to grow, when we educate each other, when we guide each other toward redemption. That is the best of humanity.”

Source: Joaquin Phoenix Thanks Oscar Crowd for ‘Second Chance’: ‘I’ve Been Selfish, I’ve Been Cruel’

So. much. this.

For nearly 30 years, I’ve been pastored by a visionary man who believes this to his core. I’ve seen what redemption looks like in many people’s lives, and I cannot agree any harder: this is the very best of humanity.

Democratic Primary Election = The Bachelor

It occurs to me that the selection of the Democratic presidential nominee bears a striking resemblance to the reality TV show, The Bachelor. Both efforts are supposedly about choosing a winner by intangible, arbitrary, and constantly-moving standards, run by a cadre of people who we never see, with a goal of creating as much drama as possible. Ostensibly, the objective is to find the perfect candidate to fill the slot, and produce a happy relationship, but anyone who wants to win either contest should be considered suspiciously ill-inentioned, at best, or mentally ill, at worst. Just a thought. I’m working through the similarities during shower time.

n-gate.com. we can’t both be right.

Python dicts are now ordered

February 07, 2020 (comments)

A webshit has something to say about Python internals, but I couldn’t focus on the article, because the first comment on the blog post involves the text “it brings Python on par with PHP,” which is such a monumentally alien thought that I think I need medical attention. Hackernews argues about who already knew this, why, and how. Another argument breaks out about whether this is the Correct and Natural approach to data structures, or if it’s Completely Wrong and Stupid because of some ridiculous edge case nobody cares about. Most of the complaints are from people who are deeply concerned that (entirely hypothetical) existing code might break in the case its author made extremely specific assumptions about one particular data structure in a programming language directly aimed at people who do not give a shit about these topics.

Source: n-gate.com. we can’t both be right.

Arguably one of the pithiest comments on this site yet.

Colorado is the first state to cap skyrocketing insulin co-pays – CNN

Colorado Gov. Jared Polis signed a bill into law Wednesday that places a $100 per month cap on insulin co-pays, regardless of how much insulin a patient uses. Insurance companies will pay anything more than the $100 co-pay, according to the new law.

Source: Colorado is the first state to cap skyrocketing insulin co-pays – CNN

Today, in Medicare-For-All-is-being-slightly-delayed news… Big win. Hopefully, this will sweep the rest of the states. This is something that could be handled by the Congress – DIRECTLY under their statutory powers of governing INTRA-STATE commerce – if they just got their collective heads out of… the sand, and quit wasting time with a sham of an impeachment that they knew would never succeed.

Drug Company Set to Pay $15 Million to DOJ Over Doctor Bribery Scandal

Mallinckrodt Pharmaceuticals announced today that the company expects to pay $15.4 million in a settlement with the U.S. Justice Department after allegations that Questcor Pharmaceuticals, which Mallinckrodt acquired in 2014, had bribed doctors and their staff to prescribe an incredibly expensive drug.

Source: Drug Company Set to Pay $15 Million to DOJ Over Doctor Bribery Scandal

Today, in Medicare-For-All-is-inevitable news: A pharmaceutical company jacked up the price of a drug for newborns from $40 to FORTY THOUSAND DOLLARS, even though it has been in the market, unchanged, since 1952. And then they were caught bribing doctors to prescribe it!

On top of this, there’s a $33 version of the drug in Canada. So, what did these jerks do? Why, bought the rights to sell it in the US, and then simply locked it up, of course! I mean, what else does one do in this situation?

DHH on Twitter: “Gig exploitation math is very simple.”

Seems like it’s only a matter of time before word gets around that this just doesn’t work long term. Especially in a time of record employment. Of course, if the government is calling “gig jobs” employment, then we might have a problem. I guess we’ll see if word of mouth about the negative rates involved win out over the exploitation of desperately underemployed people.