The Daily Parker

Politics, Weather, Photography, and the Dog

One more day of perfect weather

We're once again basking in 21°C sun, prompting me to take Cassie on a 47-minute walk at lunchtime. Unfortunately, with a board meeting and rehearsal this evening, that leaves less time for doing my actual work, so I have to go back to that now.

Like I said yesterday, the next couple of weeks will be a bit busy.

Coding continues apace

I'm almost done with the new feature I mentioned yesterday (day job, unfortunately, so I can't describe it further), so while the build is running, I'm queuing these up:

All right! The build pipelines have completed successfully, so I will now log off my work laptop and order a pizza.

The Internet runs on Doug's code, and Doug just got pwned by the SVR

Remember this XKCD from 2020? With a little help from what researchers think may be the Russian government, that little brick wobbled a bit in the past few days:

The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux.

It was an incredibly complex backdoor. Installing it was a multi-year process that seems to have involved social engineering the lone unpaid engineer in charge of the utility.

I simply don’t believe this was the only attempt to slip a backdoor into a critical piece of Internet software, either closed source or open source. Given how lucky we were to detect this one, I believe this kind of operation has been successful in the past. We simply have to stop building our critical national infrastructure on top of random software libraries managed by lone unpaid distracted—or worse—individuals.

The Economist has it in the King's English:

xz Utils is open-source software, which means that its code is public and can be inspected or modified by anyone. In 2022 Lasse Collin, the developer who maintained it, found that his “unpaid hobby project” was becoming more onerous amid long-term mental-health issues. A developer going by the name Jia Tan, who had created an account the previous year, offered to help. For more than two years they contributed helpful code on hundreds of occasions, building up trust. In February they smuggled in the malware.

Jia Tan’s patient approach, supported by several other accounts who urged Mr Collin to pass the baton, hints at a sophisticated human-intelligence operation by a state agency, suggests The Grugq.

Analysis by Rhea Karty and Simon Henniger suggests that the mysterious Jia Tan made an effort to falsify their time zone but that they were probably two to three hours ahead of Greenwich Mean Time—suggesting they may have been in eastern Europe or western Russia—and avoided working on eastern European holidays. For now, however, the evidence is too weak to nail down a culprit.

Sleep well...

The biggest April Fool in the country

Yes, I do mean the demented, very old man running as the Republican nominee for President. One might believe, in a moment of weakness, that Swiss farmers harvest tons of spaghetti each year, but that wouldn't bother most people outside of your closest friends and possible your boss.

Alas, the guy who believes whatever will get him the next win, no matter how un-strategic that may be, keeps popping up in my newspapers:

Finally, check out this new Cyber Security product! I'd bet your company has already installed it.

SBF gets 25

Today is the 45th anniversary of Three Mile Island's partial meltdown, and the day after Sam Bankman-Fried's total meltdown:

Sam Bankman-Fried, the former cryptocurrency mogul who was convicted of fraud, was sentenced to 25 years in prison on Thursday, capping an extraordinary saga that upended the multi-trillion-dollar crypto industry and became a cautionary tale of greed and hubris.

Mr. Bankman-Fried’s sentence was shorter than the 40 to 50 years that federal prosecutors had recommended, but above the six-and-a-half-year sentence requested by the defense lawyers. A federal probation officer had recommended 100 years, just under the maximum possible penalty of 110 years behind bars.

His sentence ranks as one of the longest imposed on a white-collar defendant in recent years. Bernie Madoff, who orchestrated a notorious Ponzi scheme that unraveled during the 2008 financial crisis, received a 150-year sentence in 2009. He was in his 70s at the time and died 12 years later. Elizabeth Holmes, who was convicted of defrauding investors in her blood-testing startup, Theranos, was sentenced to 11 years and three months in 2022.

Molly White had some thoughts on this earlier in the week:

Bankman-Fried [tried] to argue that no money has been lost thanks to his fraud, mostly based on the argument that the bankruptcy team has estimated that creditors will receive a "100% recovery". In a later letter, he even submits that he tried to help the bankruptcy team recover assets. Incredibly, he includes in his evidence to support this claim the screenshots of his January 2023 message to Ryne Miller — despite the fact that Judge Kaplan already determined that his arguments that the message was just an attempt at being helpful "d[id] not appear, on a preliminary basis, to be a persuasive reading". Kaplan later decided that the same message was one of two instances in which Bankman-Fried had tried to tamper with a witness, and rescinded his pre-trial release.

Bankman-Fried's arguments regarding losses were rebutted by the prosecutors in several different ways and, somewhat awkwardly, also rebutted by the very same bankruptcy team he quoted to support his claims that customers would be reimbursed at 100%.

[Prosecutors did] not seem optimistic about Bankman-Fried's future prospects, writing that "A sentence that resulted in the release of the defendant while he is at a working age would leave open the very real possibility that he perpetrates again."

If he serves the minimum time possible, he'll get out in his mid-50s.

Heading home soon

American Airlines says my flight home has a 45-minute delay at the moment (though of course that could get worse). So I just spent 35 minutes walking in a big circle around the southwest corner of downtown San Diego. I don't think I'd ever live here, but I do enjoy the weather.

Meanwhile, as if I don't have too many things on my to-be-read shelf already, the New York Times book editor has released a list of the 22 funniest novels since Catch-22. Maybe someday I'll get to a few of them?

Anyway, I should be home with Cassie in about 11 hours. If she understood English and had any concept of "future," she'd be excited too.

How many steps do you need?

I've spent the morning getting a demo ready so that I don't have to be on the call at 3:30 am PDT. And now, I'm heading off to do a hike with a few of my co-workers. While I'm hiking, I'll be building up to my daily goal of 10,000 steps, which I make about 97% of the time.

But maybe I don't need that many? National Geographic takes a look:

Getting in 9,000 to 10,000 daily steps cuts risk of death by more than a third and reduced cardiovascular disease risk by at least 20 percent, but even smaller increases showed benefits, researchers found in a study of more than 72,000 people.

“Any activity is good activity. We found the more steps you did per day, the lower your risk of mortality and cardiovascular disease was,” says Matthew Ahmadi, an epidemiologist at the University of Sydney in Australia and one of the study’s authors. “The 10,000 mark is a great target to hit, but even if you aren’t able to hit that, still doing any amount of activity to increase your daily steps can go a long way to improving your health and lowering your risk of disease.”

In fact, highly sedentary people in the study began experiencing a heart benefit starting as low as 4,300 steps per day, when their risk of heart disease fell by 10 percent. Doubling that step count to 9,700 steps a day doubled the benefit.

Let's see how I do today.

Walk to San Diego waterfront

Given the weather and the fact that I'd been stuck in the conference hotel all day, I slipped out for a 4-kilometer walk around downtown San Diego this afternoon. It was perfectly clear and 20°C, but somehow I persevered.

I was exercising so I didn't take a lot of photos. But I have never seen a cruise ship up close before, so despite the mouse on the front, this impressed me:

That's the Disney Wonder. I will never go on that ship any more than I will get to go on the USS Carl Vinson, which is behind it to the left, and frankly even more impressive.

Then there was this sign, which shows that Little Italy will, in fact, take your shit:

And now, I have to demonstrate the product we've been working on for four years to a lot of other developers.

O'Hare again

Just quickly passing through O'Hare on my way to a work conference for a couple days. I saw a couple of snow flurries on my way here this morning, which happens mid-March in Chicago. Despite the two minutes of discomfort, though, I left my winter coat in my car. Won't need it where I'm going.