The Daily Parker

Item the first: Bruce Schneier discusses how Russian censors have tried to shut down Telegram, an encrypted communications app:

Russia has been trying to block Telegram since April, when a Moscow court banned it after the company refused to give Russian authorities access to user messages. Telegram, which is widely used in Russia, works on both iPhone and Android, and there are Windows and Mac desktop versions available. The app offers optional end-to-end encryption, meaning that all messages are encrypted on the sender's phone and decrypted on the receiver's phone; no part of the network can eavesdrop on the messages.

Since then, Telegram has been playing cat-and-mouse with the Russian telecom regulator Roskomnadzor by varying the IP address the app uses to communicate. Because Telegram isn't a fixed website, it doesn't need a fixed IP address. Telegram bought tens of thousands of IP addresses and has been quickly rotating through them, staying a step ahead of censors. Cleverly, this tactic is invisible to users. The app never sees the change, or the entire list of IP addresses, and the censor has no clear way to block them all.

A week after the court ban, Roskomnadzor countered with an unprecedented move of its own: blocking 19 million IP addresses, many on Amazon Web Services and Google Cloud. The collateral damage was widespread: The action inadvertently broke many other web services that use those platforms, and Roskomnadzor scaled back after it became clear that its action had affected services critical for Russian business. Even so, the censor is still blocking millions of IP addresses.

Whatever its current frustrations, Russia might well win in the long term. By demonstrating its willingness to suffer the temporary collateral damage of blocking major cloud providers, it prompted cloud providers to block another and more effective anti-censorship tactic, or at least accelerated the process. In April, Google and Amazon banned—and technically blocked—the practice of “domain fronting,” a trick anti-censorship tools use to get around Internet censors by pretending to be other kinds of traffic. Developers would use popular websites as a proxy, routing traffic to their own servers through another website—in this case Google.com—to fool censors into believing the traffic was intended for Google.com. The anonymous web-browsing tool Tor has used domain fronting since 2014. Signal, since 2016. Eliminating the capability is a boon to censors worldwide.

Meanwhile, back in the U.S., a Federal judge has cleared the path for AT&T to purchase Time Warner, which will create one of the largest companies the world has ever seen.

All of this is scary to a lot of people. Which is why charlatans are on the rise once again.

We live in interesting times.

We just got back from the vet. The x-rays show that Parker's leg is almost completely healed, so he's finally cleared to go back to his play group. He has no idea about this right now but tomorrow morning he'll be very, very happy.

Now I'm about to run to my office, so I'm queuing up these articles to read later:

• Affluence appears to be a better predictor of kids passing the "marshmallow test" than anything else.
• Fallows posts two reader responses to his post on our deteriorating foreign policy environment.
• Schneier reports on newly discovered vulnerabilities in email encryption.
• "UTC is enough for everyone, right?" Spoiler alert: No. Just, no.
• The administration has asserted it's above the law. Spoiler alert: No. Just, no.
• The Supreme Court has ruled that a baker can't be forced to make a gay wedding cake.

OK. Chugging some tea, and hitting the CTA. More later.

Alexis Madrigal, closer to an X-er than a Millennial, rhapsodizes on how the telephone ring, once imperative, now repulses:

Before ubiquitous caller ID or even *69 (which allowed you to call back the last person who’d called you), if you didn’t get to the phone in time, that was that. You’d have to wait until they called back. And what if the person calling had something really important to tell you or ask you? Missing a phone call was awful. Hurry!

Not picking up the phone would be like someone knocking at your door and you standing behind it not answering. It was, at the very least, rude, and quite possibly sneaky or creepy or something. Besides, as the phone rang, there were always so many questions, so many things to sort out. Who was it? What did they want? Was it for … me?

There are many reasons for the slow erosion of this commons. The most important aspect is structural: There are simply more communication options. Text messaging and its associated multimedia variations are rich and wonderful: words mixed with emoji, Bitmoji, reaction gifs, regular old photos, video, links. Texting is fun, lightly asynchronous, and possible to do with many people simultaneously.

But in the last couple years, there is a more specific reason for eyeing my phone’s ring warily. Perhaps 80 or even 90 percent of the calls coming into my phone are spam of one kind or another. Now, if I hear my phone buzzing from across the room, at first I’m excited if I think it’s a text, but when it keeps going, and I realize it’s a call, I won’t even bother to walk over. My phone only rings one or two times a day, which means that I can go a whole week without a single phone call coming in that I (or Apple’s software) can even identify, let alone want to pick up.

Meanwhile, robocalling continues to surge, with a record 3.4 billion of them sent in April—approximately 40% of all calls placed that month by some reckonings.

Welcome to the 21st century, where your 19th-century technologies do more harm than good.

Not all of this is as depressing as yesterday's batch:

• Dana Milbank raises the question, once again, whether President Trump is just a liar or really mentally ill.
• McCay Coppins describes how professional troll Stephen Miller got and kept his job.
• Illinois is getting an anti-carjacking bill that doesn't go as far as Chicago's police superintendent wanted.
• Josh Marshall wonders why Missouri Governor Eric Greitens resigned so abruptly yesterday.
• Via Bruce Schneier, an explanation of numbers stations.
• Scott Hanselman walks through how to secure Azure App Services with free SSL certificates from Azure Let's Encrypt.
• The Daily WTF tells an agonizing story of how incompetent corporate bureaucracy cost close to a million dollars to do a simple POC.

I'm sure there will be more later.

Via Bruce Schneier, interesting research into how to use mouse movements to detect lying:

Cognitive psychologists and neuroscientists have long noted a big "tell" in human behavior: Crafting a lie takes more mental work than telling the truth. So one way to spot lies is to check someone's reaction time.

If they're telling a lie, they'll respond fractionally more slowly than if they're telling the truth. Similarly, if you're asked to elaborate on your lie, you have to think for a second to generate new, additional lies. "You're from Texas, eh? What city? What neighborhood in that city?" You can craft those lies on the fly, but it takes a bit more mental effort, resulting in micro hesitations.

In essence, the scientists wanted to see whether they could detect -- in the mouse movements -- the hesitation of someone concocting a lie.

Turns out ... they could. The truth-tellers moved the mouse quickly and precisely to the true answer. The folks who were lying jiggered around the screen for a bit, in a sort of hemming-and-hawing adaptation of Fitts' Law.

That's kind of cool. And kind of scary.

Lawyer Paul Rosensweig and national security analyst Megan Reiss think John Bolton getting rid of the "cyber czar" position is "a magnificent idea:"

Bolton is completely correct that there is no need for any coordinationbetween the various federal agencies on this issue. Cybersecurity is not a cross-cutting problem that affects all sorts of equities. We have no concerns that eliminating this position will result in conflicting mission imperatives. We have every confidence that the National Security Agency, for example, can work out vulnerability disclosure equities without the need for input from the Departments of Commerce, Justice or Homeland Security (much less Treasury or State).

We also are confident that the decision accurately reflects the diminished importance of cybersecurity as a national issue. Cybersecurity is no longer deserving of the prominence that so many national security experts seem to give it. We fully expect the Office of the Director of National Intelligence to eliminate the cybersecurity menace from its annual threat assessment. We are confident that the trend lines for cyber threats and intrusions are down.

Didn't we already know John Bolton was incompetent? 

A little Tuesday morning randomness for you:

• Millions of people who voted for President Trump have discovered that his policies are horrible for them. As only one example, MSNBC looks at the devastation immigration changes have caused to the crab industry in Hoopers Island, Md.
• Microsoft's Raymond Chen explains why the technology for compressing Windows folders hasn't changed since 2000.
• An artist has put up a Divvy-style "Chicago Gun Share Program" exhibit in Daley Plaza. (I'll try to get a photo this week.)
• MillerCoors has brought back Zima again. I have to say, I'm conflicted about this.

Back to debugging acceptance tests.

Richard Florida demonstrates how Amazon's HQ2 competition was rigged:

A detailed analysis undertaken by Patrick Adler, my colleague at the University of Toronto’s Martin Prosperity Institute, and Adam Singer, a graduate student at the university’s Rotman and Munk schools, took a look at how all 238 HQ2 applicant cities and the 20 finalists lined up on Amazon’s RFP criteria. While it can be difficult to measure whether a given city adheres to each criterion, their analysis shows that many of the finalist cities do not even fit the most obvious ones. What’s more, several of the rejected cities seem to fit Amazon’s criteria for its HQ2 city better than some of the finalists.  

[I]t’s worth asking why these 20 cities were selected as finalists, even if others would appear to be better candidates according to Amazon’s own criteria. Our analysis suggests the finalists may have other things in common that are not listed on the company’s RFP.

For one, the finalists are more likely to be farther away from the company’s original home base in physical distance, reflecting the predominance of East Coast cities on the list. Last year, an Amazon executive was quoted as saying that Amazon would like to build HQ2 outside of the Pacific Northwest, to attract a more diverse set of employees.

Finalist cities are also likely to have a larger share of tech workers. And they are more likely to have non-stop flights to the company’s current home base in Seattle.

But one factor is even more interesting. Our analysis found that shortlisted cities had more U.S. senators with considerable seniority.

At the end of the day, none of this should surprise us. Like all corporate site selection, the HQ2 process is a rigged game, where the company knows the answer in advance and sets up a fictitious competition to wrest maximum incentives.

Besides the political advantages, there are many signs that Amazon’s HQ2 is heading to the greater Washington, D.C. region—the fact that its CEO has a multi-million dollar mansion there (currently undergoing a $12 million renovation, with large public rooms for social events) and already owns the Washington Post; the fact that three area jurisdictions made the shortlist; and the fact that the person running Amazon’s search previously ran an economic development agency in the region. Perhaps four other metros on the list are serious contenders—New York, Boston, Chicago, and Toronto—with Philadelphia, Denver, Atlanta, and Dallas having an outside chance.

Chicago, however, will be less likely to play the race-to-the-bottom game.

Here's the complete list of topics in the Daily Parker's 2018 Blogging A-to-Z challenge on the theme "Programming in C#":

• A is for Assembly (April 1)
• B is for BASIC (April 2)
• C is for Common Language Runtime (April 3)
• D is for Database (April 4)
• E is for Encapsulation (April 5)
• F is for F# (April 6)
• G is for Generics (April 7)
• H is for Human Factors (April 9)
• I is for Interface (April 10)
• J is for JetBrains (April 11)
• K is for Key-Value Pairs (April 12)
• L is for LINQ (April 13)
• M is for Method (April 14)
• N is for Namespace (April 16*)
• O is for O(n) Notation (April 17*)
• P is for Polymorphism (April 18*)
• Q is for Querying (April 19*)
• R is for Reflection (April 20*)
• S is for String (April 23*)
• T is for Type (April 23*)
• U is for UUID (April 24*)
• V is for var (April 25)
• W is for While (and other iterators) (April 26)
• X is for XML (April 27)
• Y is for Y2K (and other date/time problems) (April 29*)
• Z is for Zero (April 30)

Generally I posted all of them at noon UTC (7am Chicago time) on the proper day, except for the ones with stars. (April was a busy month.)

I hope you've enjoyed this series. I've already got topic ideas for next year. And next month the blog will hit two huge milestones, so stay tuned.

Today is the last day of the 2018 Blogging A-to-Z challenge. Today's topic: Nothing. Zero. Nada. Zilch. Null.

The concept of "zero" only made it into Western mathematics just a few centuries ago, and still has yet to make it into many developers' brains. The problem arises in particular when dealing with arrays, and unexpected nulls.

In C#, arrays are zero-based. An array's first element appears at position 0:

var things = new[] { 1, 2, 3, 4, 5 };
Console.WriteLine(things[1]);

// -> 2

This causes no end of headaches for new developers who expect that, because the array above has a length of 5, its last element is #5. But doing this:

Console.WriteLine(things[5]);

...throws an IndexOutOfRange exception.

You get a similar problem when you try to read a string, because if you recall, strings are basically just arrays of characters:

var word = "12345";
Console.WriteLine(word.Substring(4));

// 5

Console.WriteLine(word.Substring(5));

// IndexOutOfRange exception

The funny thing is, both the array things and the string word have a length of 5.

The other bugaboo is null. Null means nothing. It is the absence of anything. It equals nothing, not even itself (though this, alas, is not always true).

Reference types can be null, and value types cannot. That's because value types always have to have a value, while reference types can simply be a reference to nothing. That said, the Nullable<T> structure gives value types a way into the nulliverse that even comes with its own cool syntax:

int? q = null;
int r = 0;
Console.WriteLine(q ?? 0 + r);
// 0

(What I love about this "struct?" syntax is you can almost hear it in a Scooby Doo voice, can't you?)

Line 1 defines a nullable System.Int32 as null. Line 2 defines a bog-standard Int32 equal to zero. If you try to add them, you get a NullReference exception. So line 3 shows the coalescing operator that basically contracts both of these statements into a succinct little fragment:

// Long form:
int result;
if (q.HasValue)
{
	result = q.Value + r;
}
else
{
	result = 0 + r;
}

// Shorter form:
int result = (q.HasValue ? q.Value : 0) + r;

// Shortest form:
int result = q ?? 0 + r;

And so the Daily Parker concludes the 2018 Blogging A-to-Z challenge with an entire post about nothing. I hope you've enjoyed the posts this month. Later this morning, I'll post the complete list of topics as a permanent page. Let me know what you think in the comments. It's been a fun challenge.