The Daily Parker

Politics, Weather, Photography, and the Dog

Quick note on debugging client authentication in .NET Core 6

I've spent about four hours doing a shit ton of A-B tests and a lot of Internet searching to figure out why I kept getting a specific error.

The app is a .NET Core 6 WebAssembly, and the app registration is set for "any organization," meaning anyone with a Microsoft ID (work, school, or XBox) can authenticate with the app.

The error began when I added a client certificate. The relevant section appSettings.config file looks like this:

{
	"AzureAD": {
		"Instance": "https://logon.microsoftonline.com",
		"Domain": "ourdomain.onmicrosoft.com",
		"ClientId": "our client ID",
		"TenantId": "organizations",
		"CallbackPath": "/signin-oidc",
		"SignedOutCallbackPath:": "/signout-oidc",
		"ClientCapabilities": [ "cp1" ],
		"ClientCertificates": [
			{
				"SourceType": "KeyVault",
				"KeyVaultUrl": "https://our-key-vault.vault.azure.net/",
				"KeyVaultCertificateName": "our-certificate-name"
			}
		]
	}
}

So far, all good. Except when I tested the code, I got this:

{
	"error": {
		"code": "Unauthorized",
		"message": "AKV10032: Invalid issuer. Expected one of https://sts.windows.net/tenant1guid/, https://sts.windows.net/tenant2guid, found https://sts.windows.net/tenant3guid"
	}
}

Our Key Vault lives in tenant1, and also has access to tenant2, but tenant3 is my login ID from my company's AD tenant.

Let me skip to the end, because I'd like to finish this fix today.

The solution was to go into launchSettings.json and add this:

{
	"profiles": {
		"App Name": {
			"AZURE_TENANT_ID": "tenant1guid"
		}
	}
}

Boom. Done. And if I ever need this information again, or anyone else does, I hope they find this blog entry.

Last warm day in this house (I think)

The temperature outside has hit 19°C, so I've just opened 26 of the 30 windows in my house (the other four are behind furniture and hard to reach). Because I'm moving in about three weeks, and because the forecast says a cold front will come through mid-day tomorrow, I expect that when I close most of the windows tonight they'll stay closed as long as I live here.

Still, with all that sun and warm air on the other side of those open windows, it's time to take Cassie out.

Aviation perfection

This. Is. Amazing:

Chicago Public Media explains how they made it:

The viral video was shot earlier this summer, with the help of a Minneapolis-based production studio. With a “lean crew” of just three people, Sky Candy Studios paid a visit to the Windy City in late July, the company’s founder Michael Welsh said.

Over the course of a Saturday and a Sunday, Welsh piloted an FPV-style drone with a GoPro attached through the nooks and crannies of Wrigleyville. The “high-precision drone,” which weighs under 250 grams, is meant to cruise through tight spaces and wouldn’t do any damage if it were to bump into something — or someone, Welsh said.

“It’s incredibly small and safe and allows you to do these maneuvers that in the past you weren’t able to do with drones,” said Welsh, who initially started flying drones about 12 years ago when he was in the Army.

The final product includes five different videos that are stitched together “with some creative editing magic,” Welsh said. For each of the five videos, Welsh says they probably did about five takes, with a lot of prep and talking with the people who appear in the shots. Inside Murphy’s Bleachers, for example, they let patrons know a drone was coming through and they should ignore it. At first, Welsh said people can’t help but look at the camera flying by them, but by the third take “they’re kind of bored with it.”

And they did this all with a tiny 250-gram drone? Whoa.

Yay Justice Ketanji Brown!

The Tweet I highlighted earlier has this context behind it:

Justice Ketanji Brown Jackson turned the favored tactic of her right-wing peers on its head Tuesday, advancing an originalist argument to support protections for racial minorities. 

She made the comments during oral arguments in Merrill v. Milligan, a case that gives the conservative majority the opportunity to gut the Voting Rights Act even further.

She read out a quote from the legislator who introduced the [14th] amendment, and went on to explain that the 14th Amendment was enacted to give a constitutional foundation to the Civil Rights Act of 1866 that was “designed to make people who had less opportunity and less rights equal to white citizens.”

Josh Marshall loves it:

It is such a breath of fresh air, seeing Justice Ketanji Brown Jackson say from the bench what the 14th Amendment actually says. “It’s not a race-blind remedy,” she says, in something of an understatement. But we can actually go well beyond this since so much of modern jurisprudence, mostly but not only from the right, is based not only on ignoring the context and plain text of the 14th Amendment but pretending that the real Constitution — albeit with some additions and fresh paint jobs — is the one finalized in the first Congress as the first ten amendments. The Civil War amendments are not only not race-blind. They reflect a larger realization and aim: that the whole state thing just hadn’t worked out.

It would be possible to argue that 150+ years since the passage of the Civil War amendments represents a cooling of the ambitions of the statecraft of the 14th Amendment and an effort to work out some equitable balance between localism and national power. There’s some truth to that. But that’s not an argument available to anyone who argues for originalism. With that you have to go back to what the Reconstruction Congress thought they were doing. And what they were trying to do was quite radical in the context of the 80 preceding years of American national history — indeed, quite radical in some ways in relation to today.

Will this cause the "originalists" on the Court any hesitation before finding against Black voters through tortured, motivated, ahistorical reasoning? Of course not. But the more the centrist Justices call out the three Trump appointees and Thomas for their partisan hackery, the more likely we will see some real court reform.

Well, yes, that's the idea

Chef's kiss:

In case it doesn't show up, here's the Tweet she's replying to:

That didn't stop Justice Thomas (R) from taking his seat, either, so moral consistency isn't something we should expect.

Tick tick tick

I always find it interesting when a literary magazine takes on technology. In that spirit, the New Yorker does its best to explain the Network Time Protocol:

Today, we take global time synchronization for granted. It is critical to the Internet, and therefore to civilization. Vital systems—power grids, financial markets, telecommunications networks—rely on it to keep records and sort cause from effect. N.T.P. works in partnership with satellite systems, such as the Global Positioning System (G.P.S.), and other technologies to synchronize time on our many online devices. The time kept by precise and closely aligned atomic clocks, for instance, can be broadcast via G.P.S. to numerous receivers, including those in cell towers; those receivers can be attached to N.T.P. servers that then distribute the time across devices linked together by the Internet, almost all of which run N.T.P. (Atomic clocks can also directly feed the time to N.T.P. servers.) The protocol operates on billions of devices, coördinating the time on every continent. Society has never been more synchronized.

In N.T.P., [David] Mills built a system that allowed for endless tinkering, and he found joy in optimization. “The actual use of the time information was not of central interest,” he recalled. The fledgling Internet had few clocks to synchronize. But during the nineteen-eighties the network grew quickly, and by the nineties the widespread adoption of personal computers required the Internet to incorporate millions more devices than its first designers had envisioned. Coders created versions of N.T.P. that worked on Unix and Windows machines. Others wrote “reference implementations” of N.T.P.—open-source codebases that exemplified how the protocol should be run, and which were freely available for users to adapt. Government agencies, including the National Institute of Standards and Technology (nist) and the U.S. Naval Observatory, started distributing the time kept by their master clocks using N.T.P.

A loose community of people across the world set up their own servers to provide time through the protocol. In 2000, N.T.P. servers fielded eighteen billion time-synchronization requests from several million computers—and in the following few years, as broadband proliferated, requests to the busiest N.T.P. servers increased tenfold. The time servers had once been “well lit in the US and Europe but dark elsewhere in South America, Africa and the Pacific Rim,” Mills wrote, in a 2003 paper. “Today, the Sun never sets or even gets close to the horizon on NTP.” Programmers began to treat the protocol like an assumption—it seemed natural to them that synchronized time was dependably and easily available. Mills’s little fief was everywhere.

This being the New Yorker, one could describe the article as the author explaining how he met this programmer Mills and the politics around Mills' retirement from computing. It's better-written than the Wikipedia article, anyway.

Census story maps

James Fallows loves the new data visualizations from the Census Bureau:

Through its existence the Census has been an irreplaceable trove of data. A minor illustration: this past April it released a searchable database of individual records from the 1950 Census, rendered in touchingly precise hand-written form. You can look up the name of anyone included in that Census here — as I did for my mother and father.1 Why the 1950 Census? Because by law personally identifiable Census records are kept private for 72 years after the Census date. Thus the 2020 Census details are scheduled for release in 2092.

A few days ago the Census Bureau put some of its data to work in a very different fashion. This was in a fascinating “Story Map” about the shift in American settlement patterns since the late 1700s.

Story Maps are a narrative and explanatory tool for “geo-journalism,” which we’ve mentioned many times, including here. The technology was developed by our long-time friends at the digital mapping company Esri. A few weeks ago Deb Fallows and Michelle Ellia did a story map about the sea-turtle hatchlings of the Florida coastline—tiny creatures scrambling out of their nests in beachfront sand, along the very same coastline that has been pounded by Hurricane Ian this week.

The new story map from the Census Bureau uses a combination of historical narrative, map-based data, and overlays of economic, ethnic, and other information. Its purpose is to demonstrate how America’s population centers have changed, as the population has steadily grown.

I'll be playing with this a bit today. Because maps! and history!

Getting a jab today

No, not the Covid booster. I'm getting the flu shot. You should too:

"It's time to get your flu shot right now," advises Dr. William Schaffner, a professor of infectious disease at Vanderbilt University.

"People should get them now," agrees Shaun Truelove, an assistant scientist at the Johns Hopkins Bloomberg School of Public Health who's helping lead a new effort to project this year's flu season for the Centers for Disease Control and Prevention.

The usual flu season starts in November in the U.S. and peaks in January or February. "In normal years, it makes sense to hold off on the flu shot until late fall, as protection really doesn't last more than a few months and late fall/winter is when the flu wave usually hits here," says Deepta Bhattacharya, an immunologist at the University of Arizona College of Medicine. "So in a normal year, I would probably try to wait until mid-October and get the flu shot then," he says. But this year, he says, "flu cases are already starting to go up, so it makes sense to get it sooner — i.e., now."

The reason experts are particularly concerned about the flu this year is that many people, especially very young children, may have little or no immunity against the respiratory infection because the masking, social distancing and other behaviors aimed at protecting against COVID have blunted flu's spread, too. Also, the CDC notes, young children would do well to get a flu shot soon because they require two shots one month apart, and it takes time to build up immunity.

So if you live in the northern hemisphere, get your flu jab this week!

Tracy Flick was never cruel

A first-year undergraduate twerp with obvious narcissistic tendencies went through a homeless encampment handing out fake eviction notices earlier this week:

The one-page notices titled “Maria Hadden’s Five Day Notice To Vacate” were stuffed into belongings and posted on signs in and around Touhy Park, 7348 N. Paulina St., residents said. They were dated Sept. 27 and listed the name of Hadden, the 49th Ward alderperson, in bold blue type over a line reading “landlord/agent.”

The notice says Touhy Park residents have five days to leave and clear the area of “all buildings, sheds, closets, out-buildings, garages, barns and other structures used in connection with said premises.”

It also says residents will be relocated for free to the Four Seasons Hotel in Gold Coast. Their stay at the hotel, 120 E. Delaware Place, would be open-ended “for as long as it takes for Maria Hadden to find you appropriate housing,” the notice states.

The notices say they were “served” by Bill Morton, president of the Rogers Park Chamber of Commerce and candidate for 49th Ward alderman. Sarah Lim, a DePaul University freshman who is considering a run for mayor, is listed as the document’s “affiant,” or someone who files an affidavit.

Lim said she was solely responsible for the fake eviction notices. Morton denied having any involvement.

Lim fantasizes that she's a candidate for mayor next year, and also fantasizes that she didn't do anything wrong with this stunt:

Lim, who is planning on running for mayor of Chicago, said she taped up the bogus flyers so that she could “get my name out there.”

By circulating the sheets, she also hoped to get publicity directly to her website. The site assists high school and college students in attaining internships.

“I started the website last summer,” Lim said. “It has really been a struggle to get more traffic to it, which is why I resorted to the publicity stunt.”

Lim, reached by phone late Thursday afternoon, said she didn’t mean to offend anyone and was only seeking publicity.

“I have no hatred against homeless people,” said Lim, who said she came up with the idea last week because she knows the encampment is controversial. “People want something done about it,” Lim said of the homeless people living there.

“Whatever the intention, it was a very cruel act for all of these people who are pretty vulnerable and seeking housing,” Hadden said. Some are on waiting lists to be placed in homes.

When Lim was told that Hadden thought the fake notices were “cruel,” she said: “I think that instead of trying to turn me into a criminal, Hadden should be focusing on the issues right now.”

A bewildered Hadden said she had no idea why someone would do this. “You can’t make this stuff up,” Hadden said.

I make the comparison to the character Tracy Flick in Tom Perrotta's novel Election because Flick frequently gets held up as a sociopathic striver who would do anything to get elected class president. Except anyone who's read the novel can understand that Flick is actually the good guy; she wins on her merits, and never acts as cruelly as the social-studies teacher who has it in for her.

Sarah Lim, however, seems like a true sociopath in a way that most 17-year-old humans have already grown out of. I sincerely hope she matures in college, but it looks like she has a long way to go just to get to the first-year baseline.