The Daily Parker

Politics, Weather, Photography, and the Dog

Google blocked at Peet's Coffee in HMB

I've spent the morning working at the Peet's Coffee in Half Moon Bay, Calif.. For some reason, this location has blocked HTTP access to most Google addresses.

The most obvious symptom is that browser requests to Google, Youtube, and other Google properties (including GMail) simply don't go through. Chrome reports "connection reset" after timing out; IE simply spins into oblivion. Another symptom, which took me a few moments to figure out, is that sites that have Google Analytics bugs (like this one) sometimes, but not always, fail to load. Reading the page source shows that the entire page has loaded, but the browser doesn't render the page because part of it is being blocked.

Using nothing more sophisticated than Ping and Tracert, I've determined that the block occurs pretty close to my laptop, possibly even in the WiFi router or in Peet's proxy server. Pinging Google's public DNS service (8.8.8.8) works fine, as does making nslookup requests against it. But pinging www.google.com, www.youtu.be, and www.gmail.com all fail. Tracerts to these URLs and directly to their public IPs also fail at the very first hop.

Google IPs appear to start with 74.125.x.y. Tracert to 8.8.4.4 passes through 74.125.49.85 a few hops away; www.google.com resolves to 74.125.224.84; etc. However, reverse DNS lookups show something slightly different. 8.8.4.4 resolves back to google-public-dns-b.google.com; however, 74.125.224.84 resolves back to nuq04s07-in-f20.1e100.com. 74.125.224.69 (www.youtu.be) resolves back to another 1e100.com address.

All other sites appear to work fine, with decent (megabit-speed) throughput.

So, the mystery is: who has blocked Google from this Peet's store, and why? I have sent Peet's a request for comment.

You have the right to remain silent

A man accused of rape in Alabama got into an online argument with the Jefferson County Sheriff's Office on the office's Facebook page:

U.S. Marshals took Dustin McCombs into custody today in Ohio, said Chief Deputy Randy Christian.

The U.S. Marshal's Gulf Coast Regional Task for in Birmingham shared information with their counterparts in Ohio who tracked down the fugitive.

McComb's was featured on the Jefferson County Sheriff Department's Facebook page as its "Creep of the Week" because of an outstanding forcible rape charge.

McCombs apparently decided that was a challenge, taking up a posting duel with the department on Facebook, according to the website Gizmodo.

Of course, McCombs has not been convicted of the crime that led to his arrest warrant, but wow is he stupid. The entire exchange is still available on Failbook, and worth a look. So is the sheriff's Facebook page, which seems like an effective use of social media by government.

Vox populi

Welcome back. We were dark today to protest two flawed legislative proposals, the Stop Online Piracy Act and the Protect IP Act.

The administration today hinted at a threat to veto SOPA, while several senators have withdrawn support for PIPA in response to the blackout protests around the Internet:

Co-sponsors who say they can no longer support their own legislation include Senators Marco Rubio, a Florida Republican, Roy Blunt, a Missouri Republican, and Ben Cardin, a Maryland Democrat. Republican Representatives Ben Quayle of Arizona, Lee Terry of Nebraska, and Dennis Ross of Florida also said they would withdraw their backing of the House bill.

Rubio said he switched his position on the Senate measure, the Protect IP Act, after examining opponents’ contention that it would present a “potentially unreasonable expansion of the federal government’s power to impact the Internet,” according to a posting today on Facebook. Blunt said in a statement today he is withdrawing as a co-sponsor of the Senate bill.

The Washington Monthly explains the administration's volte face on SOPA:

The White House didn’t issue a veto threat, per se, but the administration’s chief technology officials concluded, “We will not support legislation that reduces freedom of expression, increases cybersecurity risk or undermines the dynamic, innovative global Internet.” The statement added that any proposed legislation “must not tamper with the technical architecture of the Internet.” The White House’s position left SOPA and PIPA, at least in their current form, effectively dead.

The state of play in the Senate is a little different — a PIPA vote is likely next Tuesday — but even in the upper chamber, the bill is quickly losing friends. Sen. Scott Brown (R-Mass.) announced his opposition yesterday, and Sen. Ben Cardin (D-Md.), a former co-sponsor of PIPA, is also now against it.

The President did, however, shut down the Keystone XL pipeline (at least for now).

So, in all, this was a pretty good day for the people.

Update: Via Coding Horror, Mozilla Foundation Chair Mitchell Baker has a great description of why PIPA and SOPA are so awful.

Wikipedia joins SOPA protest; Twitter boss scoffs

The largest encyclopedia ever assembled will go offline tomorrow to protest against the Stop Online Piracy Act, currently working its way through Congress's collective bowels. From Wikipedia's public statement:

[T]he Wikimedia Foundation is asked to allocate resources and assist the community in blacking out the project globally for 24 hours starting at 05:00 UTC on January 18, 2012, or at another time as determined by the Wikimedia Foundation. This should be carried out while respecting technical limitations of the underlying software, and should specifically prevent editing wherever possible. Provisions for emergency access to the site should be included in the blackout software. In order to assist our readers and the community at large to educate themselves about SOPA and PIPA, these articles and those closely related to them will remain accessible for reading purposes if possible. Wikipedians are urged to work with WMF staff to develop effective messaging for the "blackout screens" that directs readers to suitable online resources. Sister projects, such as the German and Italian Wikipedias and Wikimedia Commons, have indicated an intention to support the same principles with banners on those sites, and the support of other projects is welcome and appreciated.

Twitter CEO Dick Costolo is unimpressed: " 'That's just silly. Closing a global business in reaction to single-issue national politics is foolish,' Costolo [said]."

For what it's worth, my U.S. Senators are split: Senator Mark Kirk (R-IL) claims to be opposed to it, while Senator Dick Durbin (D-IL) is a co-sponsor of the Senate's version. Neither has any material on his website about it. I have written to Senator Durbin and to Representative Mike Quigley (D-IL) for comment.

SOPA would be unconstitutional

Via Sullivan, a constitutional analysis of the Stop Online Piracy Act:

To begin with, the bills represent an unprecedented, legally sanctioned assault on the Internet’s critical technical infrastructure. Based upon nothing more than an application by a federal prosecutor alleging that a foreign website is “dedicated to infringing activities,” Protect IP authorizes courts to order all U.S. Internet service providers, domain name registries, domain name registrars, and operators of domain name servers—a category that includes hundreds of thousands of small and medium-sized businesses, colleges, universities, nonprofit organizations, and the like—to take steps to prevent the offending site’s domain name from translating to the correct Internet protocol address.

This not only violates basic principles of due process by depriving persons of property without a fair hearing and a reasonable opportunity to be heard, it also constitutes an unconstitutional abridgement of the freedom of speech protected by the First Amendment. The Supreme Court has made it abundantly clear that governmental action suppressing speech, if taken prior to an adversary proceeding and subsequent judicial determination that the speech in question is unlawful, is a presumptively unconstitutional “prior restraint.” In other words, it is the “most serious and the least tolerable infringement on First Amendment rights,” permissible only in the narrowest range of circumstances. The Constitution requires a court “to make a final determination” that the material in question is unlawful “after an adversary hearing before the material is completely removed from circulation.”

(Emphasis in quoted blog post; references removed.)

I've already written to my representative in Congress; have you written to yours?

Bruce Schneier gives another interview

Given my activities yesterday (i.e., going through airport security), I found the latest interview with Bruce Schneier timely and once again correct:

As we came by the checkpoint line, Schneier described one of these aspects: the ease with which people can pass through airport security with fake boarding passes. First, scan an old boarding pass, he said—more loudly than necessary, it seemed to me. Alter it with Photoshop, then print the result with a laser printer. In his hand was an example, complete with the little squiggle the T.S.A. agent had drawn on it to indicate that it had been checked. “Feeling safer?” he asked.

To a large number of security analysts, [the billions we've spent on security theater] makes no sense. The vast cost is not worth the infinitesimal benefit. Not only has the actual threat from terror been exaggerated, they say, but the great bulk of the post-9/11 measures to contain it are little more than what Schneier mocks as “security theater”: actions that accomplish nothing but are designed to make the government look like it is on the job. In fact, the continuing expenditure on security may actually have made the United States less safe.

Yes. We spend money on high-tech, whiz-bang solutions to human-intelligence problems. The attack on 9/11 can't happen again in the U.S., not because of full-body scanners at airports, but because of reinforced cockpit doors and vigilant passengers. Should we let just anyone board a transport airplane without a security check[1]? No, of course not; but we should make the checks effective, rather than flamboyant.

Security, however, tends to ratchet up, because no one wants to be the guy who relaxed security right before an attack. And we know an attack will happen someday; nihilists are not easily dissuaded from their crimes. Still, one can hope.

My 15 minutes, your download speeds

A little housekeeping: if the blog seems slow today, thank this entry, which has got over 70,000 page views yesterday through 19:00 CDT and continues to get hit today. (Usual site traffic is about 4,000 page views per day, total.)

So, there's nothing wrong with either the blog or with your carrier. It's just a lot more traffic than my servers usually get.

About this blog (v. 4.1.6)

I'm David Braverman, this is my blog, and Parker is my 5-year-old mutt. I last updated this About... page in February, but some things have changed. In the interest of enlightened laziness I'm starting with the most powerful keystroke combination in the universe: Ctrl-C, Ctrl-V.

Twice. Thus, the "point one" in the title.

The Daily Parker is about:

  • Parker, my dog, whom I adopted on 1 September 2006.
  • Politics. I'm a moderate-lefty by international standards, which makes me a radical left-winger in today's United States.
  • Photography. I took tens of thousands of photos as a kid, then drifted away from making art until a few months ago when I got the first digital camera I've ever had that rivals a film camera. That got me reading more, practicing more, and throwing more photos on the blog. In my initial burst of enthusiasm I posted a photo every day. I've pulled back from that a bit—it takes about 30 minutes to prep and post one of those puppies—but I'm still shooting and still learning.
  • The weather. I've operated a weather website for more than ten years. That site deals with raw data and objective observations. Many weather posts also touch politics, given the political implications of addressing climate change, though happily we no longer have to do so under a president beholden to the oil industry.
  • Chicago, the greatest city in North America, and the other ones I visit whenever I can.

I've deprecated the Software category, but only because I don't post much about it here. That said, I write a lot of software. I work for 10th Magnitude, a startup software consultancy in Chicago, I've got about 20 years experience writing the stuff, and I continue to own a micro-sized software company. (I have an online resume, if you're curious.) I see a lot of code, and since I often get called in to projects in crisis, I see a lot of bad code, some of which may appear here.

I strive to write about these and other things with fluency and concision. "Fast, good, cheap: pick two" applies to writing as much as to any other creative process (cf: software). I hope to find an appropriate balance between the three, as streams of consciousness and literacy have always struggled against each other since the first blog twenty years ago.

If you like what you see here, you'll probably also like Andrew Sullivan, James Fallows, Josh Marshall, and Bruce Schneier. Even if you don't like my politics, you probably agree that everyone ought to read Strunk and White, and you probably have an opinion about the Oxford comma—punctuation de rigeur in my opinion.

Another, non-trivial point. Facebook reads the blog's RSS feed, so many people reading this may think I'm just posting notes on Facebook. Facebook's lawyers would like you to believe this, too. Now, I've reconnected with tons of old friends and classmates through Facebook, I play Scrabble on Facebook, and I eagerly read every advertisement that appears next to its relevant content. But Facebook's terms of use assert ownership of everything that appears on their site, regardless of prior claims, which contravenes four centuries of law.

Everything that shows up on my Facebook profile gets published on The Daily Paker first, and I own the copyrights to all of it (unless otherwise disclosed). I publish the blog's text under a Creative Commons attribution-nonderivative-noncommercial license; republication is usually OK for non-commercial purposes, as long as you don't change what I write and you attribute it to me. My photos, however, are published under strict copyright, with no republication license, even if I upload them to other public websites. If you want to republish one of my photos, just let me know and we'll work something out.

Anyway, thanks for reading, and I hope you continue to enjoy The Daily Parker.

Significant data disclosure at Stanford Hospital

I don't have all the details, but it looks like an employee at one of the hospital's vendors did something really stupid:

A medical privacy breach led to the public posting on a commercial Web site of data for 20,000 emergency room patients at Stanford Hospital in Palo Alto, Calif., including names and diagnosis codes, the hospital has confirmed. The information stayed online for nearly a year.

Since discovering the breach last month, the hospital has been investigating how a detailed spreadsheet made its way from one of its vendors, a billing contractor identified as Multi-Specialty Collection Services, to a Web site called Student of Fortune, which allows students to solicit paid assistance with their schoolwork.

Gary Migdol, a spokesman for Stanford Hospital and Clinics, said the spreadsheet first appeared on the site on Sept. 9, 2010, as an attachment to a question about how to convert the data into a bar graph.

One can easily see how this happened: someone on the billing contractor's staff was taking a class of some kind and decided to use real, live, HIPAA-protected data for a project. My law-school Wills instructor, Jerry Leitner, would explain this by the "omnibus explanation," the thing that explains nearly every human endeavor that ends badly: stupidity.

The article mentions Stanford got fined $250,000 from the breach. I wonder if they'll be able to get a contribution award from the contractor?

Costs and benefits of anti-terror spending

Gulliver this afternoon examines whether we might want to examine them:

A new academic paper [PDF] from John Mueller (of The Ohio State University) and Mark Stewart (of the University of Newcastle in Australia) attempts to determine whether the return on investment justified those huge expenditures. ... [T]he findings in this paper are truly remarkable. By 2008, according to the authors, America's spending on counterterrorism outpaced all anti-crime spending by some $15 billion. Messrs Mueller and Stewart do not even include things like the wars in Iraq and Afghanistan (which they call "certainly terrorism-determined") in their trillion-plus tally.

"[A] most common misjudgment has been to embrace extreme events as harbingers presaging a dire departure from historical patterns. In the months and then years after 9/11, as noted at the outset, it was almost universally assumed that the terrorist event was a harbinger rather than an aberration. There were similar reactions to Timothy McVeigh’s 1995 truck bomb attack in Oklahoma City as concerns about a repetition soared. And in 1996, shortly after the terrorist group Aum Shinrikyo set off deadly gas in a Tokyo subway station, one of terrorism studies' top gurus, Walter Laqueur, assured the world that some terrorist groups 'almost certainly' will use weapons of mass destruction 'in the foreseeable future.' Presumably any future foreseeable in 1996 is now history, and Laqueur’s near 'certainty' has yet to occur."

The paper also found that anti-terror spending has outpaced anti-crime spending by some $15 bn, despite crime costing society significantly more. The paper doesn't go into the politics of why this might be so, but I'll hazard a guess that cutting crime benefits more people a little while spending on anti-terror measures benefits a few people quite a bit. Lowering the likelihood that my car will suffer $300 in damage from a break-in has less immediacy than a $30m contract for a new security gadget would were I in that line of business.