This video came from a random browse for new artists. I don’t know yet if I have an opinion; first minute is rocky, but improves. Think I need to sample some more by this artist. You can find Unknown Mortal Orchestra on SoundCloud.com if you want to sample more without the video — I do like the cover of Sitting on the Dock of the Bay. Verdict still out on the more experimental atmospheric stuff.
Looking for more trouble…
Wow. An issue everybody could love. Do read the Forbes bit as they had the most objections. Caveat: You may have to see John Stossel’s mug if you read the ATR’s opinion.
Next up: Senate, which is waffling thanks to Grassley —
But it was unclear if Senate Judiciary Committee Chairman Chuck Grassley, who holds jurisdiction over the legislation, intends to move it forward during an election year.
The Iowa Republican will review the House bill, consult with stakeholders and his committee “and decide where to go from there,” a spokeswoman told Reuters in an email.
he had recently spoken to a European aircraft maker that said it cleans the cockpits of its planes every week of malware designed for Android phones. The malware spread to the planes only because factory employees were charging their phones with the USB port in the cockpit.
Because the plane runs a different operating system, nothing would befall it. But it would pass the virus on to other devices that plugged into the charger.
Pretty sure Reuters hadn’t counted on that tidbit.
I may have to quit calling these morning roundups given all the scheduling issues I have on my hands right now. At least it’s still morning in Alaska and Hawaii. Catch you here tomorrow!
It’s Friday, when we usually cover a different jazz genre. But we’re playing these sorry cards we’ve been dealt this week and observing the passing of a great artist.
We’ll probably all be sick of seeing this same video, but it is one of the very few of Prince available for embedding with appropriate intellectual property rights preserved. It’s a result of Prince’s tenacious control over his artistic product that we won’t have ready access to his past performances, but this same tenacity taught many artists how to protect their interests.
It’s worth the hour and a quarter to watch the documentary Prince in the 1980s; the enormity of his talent can’t be understood without reactions by professionals to his abilities.
The way his voice slides easily into high registers at 05:44, his guitar playing beginning at 06:53, offer us just the smallest glimpses of his spectacular gifts.
Good night, sweet Prince, may flights of angels sing thee to thy rest.
Great Google-y moogley
Under Not-Google: Opera browser now has free built-in VPN
A lesser-known browser with only 2% of current market share, Opera is a nice alternative to Chrome and Firefox. Its new built-in free VPN could help boost its market share by offering additional privacy protection. It’s not clear this new feature will protect users against censorship tools, though — and this could be extremely important since this Norwegian software company may yet be acquired by a Chinese company which placed a bid on the firm a couple of months ago.
Definitely Not-Google: Apple cracker cost FBI more than $1 million
Can’t swing an iPad without hitting a report on FBI director James Comey’s admission at the Aspen Security Forum this week in Londn that cracking the San Bernardino shooter’s work iPhone cost “more than I will make in the remainder of this job, which is 7 years and 4 months,” or more than $1 million dollars. Speaking of exorbitant expenses, why was Comey at this forum in London? Oh, Comey was the headliner for the event? Isn’t that interesting…wonder if that speaking gig came with speaker’s fee?
That’s it for this week’s morning roundups. Hope you have a nice weekend planned ahead of you!
Day after day, day after day,
We stuck, nor breath nor motion;
As idle as a painted ship
Upon a painted ocean.
Water, water, every where,
And all the boards did shrink;
Water, water, every where,
Nor any drop to drink.
— excerpt, The Rime of the Ancient Mariner by Samuel Taylor Coleridge
Felony and misdemeanor charges are expected today in the Flint water crisis. State Attorney General Bill Schuette will put on a media dog-and-pony show, when it is expected that three persons — two engineers with the Michigan Department of Environmental quality and a Flint water department employee — will be charged for Flint’s lead water levels after the cut-over to Flint River water.
Mind you, the descriptions of these persons do not match that of higher level persons who were responsible for
1) making the final decision to cut Flint off from Detroit’s water system and switching to the Flint river;
2) evaluating work performed by consulting firms about the viability of Flint River as a water source, or about reporting on lead levels after the cut-over;
3) ensuring the public knew on a timely basis the water was contaminated once it was already known to government officials;
4) lack of urgency in responding to a dramatic uptick in Legionnaire’s disease, or the blood lead levels in children.
Just for starters. Reading the Flint water crisis timeline (and yes, it needs updating), it’s obvious negligence goes all the way to the top of state government, and into the halls of Congress.
Michigan’s Governor Snyder has elected to perform some weird self-flagellating mea culpa or performance art, by insisting he and his wife will drink filtered Flint city water for a month. It’s a pointless gesture since the toxic lead levels, experienced during the two years immediately after the city’s cut-over to the Flint River, have already fallen after doing permanent damage to roughly eight thousand children in and around Flint.
Flint’s Mayor Karen Weaver said about the governor’s stunt, “[H]e needs to come and stay here for 30 days and live with us and see what it’s like to use bottled or filtered water when you want to cook and when you want to brush your teeth.”
Or get a new mortgage, I would add. The gesture also does nothing for Flint’s property values. Imagine living in Flint, trying to refinance your home to a lower interest rate, telling the bank, “Oh, but the water’s safe enough for the governor!” and the bank telling you, “Nah. Too risky.”
UPDATE — 10:45 AM EDT —
Charges have been filed against City of Flint’s Laboratory & Water Quality Supervisor Mike Glasgow and Michigan Department of Environmental Quality Office of Drinking Water and Management Assistance district director Steven Busch and MI-ODWMA District Engineer Michael Prysby. Mlive.com-Flint reports,
Glasgow is accused of tampering with evidence when he allegedly changed testing results to show there was less lead in city water than there actually was. He is also charged with willful neglect of office.
Prysby and Busch are charged with misconduct in office, conspiracy to tamper with evidence, tampering with evidence, a treatment violation of the Michigan Safe Drinking Water Act and a monitoring violation of the Safe Drinking Water.
None of the individuals charged in the case have been arraigned.
Sure would like to see the evidence on Glasgow, given the email he wrote 14-APR-2014 (see the timeline).
House hearing on encryption yesterday
Another Congressional hearing of interest: Fed Cybersecurity
In case you missed it, catch the video of today’s House Oversight Subcommittee on Information Technology hearing on Federal Cybersecurity Detecion, Response, and Mitigation. You may have seen Marcy’s tweets on this hearing, at which Juniper Networks was a no-show, and Rep. Ted Lieu (D-CA) was kind of pissed off. Catch Bruce Schneier’s post about Juniper’s vulnerability.
Volkswagen has company: Mitsubishi’s mileage data tweaked to cheat
The Japanese automaker may have to pay back tax rebates offered on vehicles meeting certain fuel efficiency standards. Data from mileage tests on hundreds of thousands of cars was fudged to make the cars look 5-10 percent more efficient.
Speaking of cheating: Volkswagen’s use of code words masked references to emissions controls cheats
The amount of data under review along with the use of code words and phrases like “acoustic software” may delay the completion of the probe’s report. Don’t forget: tomorrow is the second 30-day deadline set for VW to provide a technical solution for owners of its passenger diesel vehicles.
That’s enough. Michigan state AG newser underway now as I update this again at 1:15 p.m. EDT; I may not update here since I addressed known charges above. Catch you on the other side of the hump.
A number of outlets are pointing to an alarming spike in Apple’s national security requests, as reflected in its privacy numbers (though I think they are exaggerating the number). Here’s what the numbers look like since it began reporting national security requests. [I’ll put this in a table later, but I’m trying to get this done in the last window I’ll have for a while.]
Orders received, accounts affected
1H 2013: 0-249, 0-249
2H 2013: 0-249, 0-249
1H 2014: 0-249, 0-249
2H 2014: 250-499, 0-249
1H 2015: 750-999, 250-499
2H 2015: 1250-1499, 1000-1249
As you can see, Apple’s numbers were already rising from a baseline of 0-249 for both categories in the second half of 2014 (not incidentally when encryption became default), though really started to grow the first half of last year. Where the request-to-number-of-accounts affected ratio has differed, it shows more requests received than accounts affected, suggesting either that Apple is getting serial requests (first iMessage metadata, then content), or that the authorities are renewing requests — say, after a 90-day 215 order expires (though Apple reiterates in this report that they have never received a bulk order, so they are presumably, but not definitely, not the additional bulk provider that appears to have shown up in the June 29 order last year. The number of requests may have doubled or even nearly tripled in the reporting reflecting the first half of last year, and may have almost doubled again, but it appears that Apple continues to get multiple orders affecting the same account.
In other words, this appears to be a spike in the number of accounts affected, accompanied by a more gradual spike in the orders received, but it follows on what could be a straight doubling of both categories from the prior period.
It appears Apple is reporting under paragraph 3 reporting, described as follows.
(3) A semiannual report that aggregates the number of orders, directives, or national security letters with which the
person was required to comply in the into separate categories of–
(A) the total number of all national security process received, including all national security letters, and orders or directives under this Act, combined, reported in bands of 250 starting with 0-249;
(B) the total number of customer selectors targeted under all national security process received, including all national security letters, and orders or directives under this Act, combined, reported in bands of 250 starting with 0-249.
(2) A report described in paragraph (3) of subsection (a) shall include only information relating to the previous 180 days.
That should work out to the same reporting method they were using, provided there was no 2-year delay in reporting of a new kind of production, which doesn’t appear to have happened.
One possible explanation of what’s partly behind the increase is that the more recent number reflects USA Freedom Act collection. USAF became law on June 2, with the new 2-hop production going into effect on November 29. Marco Rubio made it clear last year that USAF extended the 2-hop collection to “a large number of companies.” The Intelligence Authorization made it clear a fair number of companies would be covered by it as well. In its discussion of what kind of responses it gave to San Bernardino requests Apple said they got legal process.
Especially given that Apple is a “phone company,” it seems highly likely the government included iMessage data in its roll out of the expanded program (which, multiple witnesses have made clear, was functioning properly in time for the December 2 San Bernardino attack). So it’s quite possible what look to be 500 first-time requests are USAF’s new reporting, though that would seem to be a very high number of requests for the first month of the program.
Probably, the bulk of the increase is from something else, perhaps PRISM production, because iMessage is an increasing part of online communication. Apple’s numbers are still far below Google’s (though Yahoo’s had a big drop off in this reporting period). But it would make sense as more people use iMessage, it will increase Apple’s PRISM requests.
Update: This post has been updated to better reflect my understanding of how this reporting and the new production work.
It’s trash day in my neighborhood. Time to take the garbage to the curb. I aim for as little trash as possible, which means buying and consuming less processed/more fresh foods. I use paper/glass/ceramic/stainless steel for storage, avoiding plastics as much as possible. Every lick of plastic means oil — either the plastic has been created wholly from oil, or fossil fuels have been used in its manufacture. Can say the same about the manufacturing of paper/glass/ceramic/stainless steel, but paper can be composted/recycled/renewed, and the rest can be used for lifetimes if cared for. I use ceramic bowls that belonged to my great-grandmother, and stainless pots and bowls once belonging to my mother, and I expect to hand them down some day.
Which makes me all judgy when I’m walking through the neighborhood, side-eyeing the garbage cans at the curb. Can’t believe how much waste is created every week, and how willing we are to pay tax dollars to stick it in the ground as landfill. How can Family X not bother to recycle at all? How can Family Y live on so much processed, chemical-laden garbage? It’s all right there at the end of their driveway, their addiction to fossil fuel consumption spelled out in trash.
What small change can you make in your lifestyle so Judgy McJudgyPants here doesn’t side-eye your trash cans?
Speaking of trash…
Piling on the wonks, Part 3: United Healthcare exiting Obamacare in Michigan
Disclosure: UHC is my health insurer, which I am fortunate enough to afford. But I couldn’t stay with them if I had to go on Obamacare. UHC says it’s losing too much money in Michigan to remain in the program — not certain how given the double-digit underwriting increase it posted for this past year. UHC will leave other states which may not fare as well as Michigan, and even Michigan will suffer from decreasing competition. Do tell us, though, wonks, how great Obamacare is. I’m sure I will feel better should I ever have to shop Obamacare plans for pricey coverage with a dwindling number of providers. And if you missed the previous discussions on inept Obamacare wonkery, see Part 1 by Marcy and Part 2 by Ed Walker.
Time to fetch the emptied trash can. See you tomorrow!
Another manic Monday? Then you need some of Morcheeba’s Big Calm combining Skye Edward’s mellow voice with the Godfrey brothers’ mellifluous artistry.
Apple’s Friday-filed response to USDOJ: Nah, son
You can read here Apple’s response to the government’s brief filed after Judge James Orenstein’s order regarding drug dealer Jun Feng’s iPhone. In a nutshell, Apple tells the government they failed to exhaust all their available resources, good luck, have a nice life. A particularly choice excerpt from the preliminary statement:
As a preliminary matter, the government has utterly failed to satisfy its burden to demonstrate that Apple’s assistance in this case is necessary—a prerequisite to compelling third party assistance under the All Writs Act. See United States v. N.Y. Tel. Co. (“New York Telephone”), 434 U.S. 159, 175 (1977). The government has made no showing that it has exhausted alternative means for extracting data from the iPhone at issue here, either by making a serious attempt to obtain the passcode from the individual defendant who set it in the first place—nor to obtain passcode hints or other helpful information from the defendant—or by consulting other government agencies and third parties known to the government. Indeed, the government has gone so far as to claim that it has no obligation to do so, see DE 21 at 8, notwithstanding media reports that suggest that companies already offer commercial solutions capable of accessing data from phones running iOS 7, which is nearly three years old. See Ex. B [Kim Zetter, How the Feds Could Get into iPhones Without Apple’s Help, Wired (Mar. 2, 2016) (discussing technology that might be used to break into phones running iOS 7)]. Further undermining the government’s argument that Apple’s assistance is necessary in these proceedings is the fact that only two and a half weeks ago, in a case in which the government first insisted that it needed Apple to write new software to enable the government to bypass security features on an iPhone running iOS 9, the government ultimately abandoned its request after claiming that a third party could bypass those features without Apple’s assistance. See Ex. C [In the Matter of the Search of an Apple iPhone Seized During the Execution of a Search Warrant on a Black Lexus IS300, Cal. License Plate #5KGD203 (“In the Matter of the Search of an Apple iPhone” or the “San Bernardino Matter”), No. 16-cm-10, DE 209 (C.D. Cal. Mar. 28, 2016)]. In response to those developments, the government filed a perfunctory letter in this case stating only that it would not modify its application. DE 39. The letter does not state that the government attempted the method that worked on the iPhone running iOS 9, consulted the third party that assisted with that phone, or consulted other third parties before baldly asserting that Apple’s assistance remains necessary in these proceedings. See id. The government’s failure to substantiate the need for Apple’s assistance, alone, provides more than sufficient grounds to deny the government’s application.
Dieselgate: Volkswagen racing toward deadline
Once around the kitchen
There you are, your week off to a solid start. Catch you tomorrow morning!
She said, ‘There is no reason
and the truth is plain to see.’
But I wandered through my playing cards
and would not let her be
— excerpt, Whiter Shade of Pale by Procol Harum
cover here by Annie Lennox
I’ve been on an Annie Lennox jag, sorry. I’m indulging myself here at the intersection of a favorite song which fit today’s theme and a favorite performer. Some of you will take me to task for not using the original version by Procol Harum, or another cover like Eric Clapton’s. Knock yourselves out; it’s Lennox for me.
Speaking of a whiter shade and truth…
FBI used a ‘gray hat’ to crack the San Bernardino shooter’s phone
Last evening after regular business hours WaPo published a story which made damned sure we knew:
1) The FBI waded into a fuzzy zone to hack the phone — oh, not hiring a ‘black hat’, mind you, but a whiter-shade ‘gray hat’ hacker;
2) Cellebrite wasn’t that ‘gray hat’;
3) The third-party resource was referred to as ‘professional hackers’ or ‘researchers who sell flaws’;
4) FBI paid a ‘one-time fee’ for this hack — which sounds like, “Honest, we only did it once! How could we be pregnant?!
5) A ‘previously unknown software flaw’ was employed after the third-party pointed to it.
This reporting only generated more questions:
• Why the careful wording, ‘previously unknown software flaw’ as opposed to zero-day vulnerability, which has become a term of art?
• How was the determination made that the party was not black or white but gray, and not just a ‘professional hacker who sold knowledges about a flaw they used’? Or was the explanation provided just stenography?
• However did Cellebrite end up named in the media anyhow if they weren’t the source of the resolution?
• What assurances were received in addition to the assist for that ‘one-time fee’?
• Why weren’t known security experts consulted?
• Why did the FBI say it had exhausted all resources to crack the San Bernardino shooter’s phone?
• Why did FBI director Jim Comey say “we just haven’t decided yet” to tell Apple about this unlocking method at all if ‘persons familiar with the matter’ were going to blab to WaPo about their sketchy not-black-or-white-hat approach instead?
That’s just for starters. Marcy’s gone over this latest story, too, be sure to read.
Volkswagen execs get a haircut
Panic among employees and state of Lower Saxony over VW’s losses and anticipated payouts as a result of Dieselgate impelled executives to share the pain and cut their bonuses. Germany’s Lower Saxony is the largest state/municipal shareholder in VW, but it’s doubly exposed to VW financial risks as nearly one in ten Germans are employed in the automotive industry, and VW is the largest single German automotive company. The cuts to bonuses will be retroactive, affecting payouts based on last year’s business performance.
Fuzzy dust bunnies
UPDATE — 12:10 PM EDT —
From @cintagliata via Twitter:
Back in 1971, researchers observed Zika virus replicating in neurons and glia. (in mice) http://bit.ly/1XvsD4d
I’m done with the pesticides-as-causal theory. It may be a secondary exacerbating factor, but not likely primary. In short, we’ve had information about Zika’s destructive effects on the brain and nervous system for 45 years. It’s past time for adequate funding to address prevention, treatments, control of its spread.
It’s all down the hump from here, kids. See you tomorrow morning!
It was rough road this week, but we made it to Friday again for more jazz. Today’s genre is ska jazz, which will feel like an old friend to many of you.
The artist Tommy McCook was one of the earliest artists in this genre. Just listen to his work and you’ll understand why he has had such a deep and long-lasting influence on contemporary Jamaican music.
Let’s get cooking.
Apple pan dowdy
HIGHLY EDITORIAL COMMENT: Bill, STFU.
Just because a single African American author called you “The First Black President” doesn’t mean you are literally a black man (and the label wasn’t meant as a compliment). Your massive white/male/former-elected privilege is getting in the way of listening to people you helped marginalize. You cannot fake feeling their pain or triangulate this away. Just shut up and listen, if for no other reason than you’re hurting your wife yet again. (Sorry, I had to get that off my chest. This opinion may differ from those of other contributors at this site. YMMV.)
Phew. Hope you have a quiet, calm weekend planned. We could use one. See you Monday morning!
Still on spring break around here. If I was legit on a road trip some place warm right now, you’d find me lounging in the sun, sipping fruity cocktails at all hours, listening to some cheesy exotica like this Arthur Lyman piece I’ve shared here.
Though horribly appropriative and colonialist, it’s hard not to like exotica for its in-your-face corniness. I think my favorite remains Martin Denny’s Quiet Village. It brings back memories from the early 1960s, when life was pretty simple.
Let’s have a mai tai for breakfast and get on with our day.
Urgent: Increasing number of hospitals held ransom
Last month it was just one hospital — Hollywood Presbyterian Medical Center paid out bitcoin ransom.
Last week it was three — two Prime Healthcare Management hospitals in California and a Methodist Hospital in Kentucky held hostage.
Now, an entire chain of hospitals has been attacked by ransomware, this time affecting the servers of 10 related facilities in Maryland and Washington DC. The FBI is involved in the case. Is this simple extortion or terrorism? The patients diverted from the facilities to other hospitals’ emergency rooms probably don’t care which it is — this latest attack interfered with getting care as quickly as possible. Let’s hope none of the diverted patients, or those already admitted into the MedStar Union Memorial Hospital chain, have been directly injured by ransomware’s impact on the system.
The MedStar cases spawns many questions:
Bet you can think of a couple more questions, too, maybe more than a couple after reading this:
Hospitals are considered critical infrastructure, but unless patient data is impacted there is no requirement to disclose such hackings even if operations are disrupted.
Computer security of the hospital industry is generally regarded as poor, and the federal Health and Human Services Department regularly publishes a list of health care providers that have been hacked with patient information stolen. The agency said Monday it was aware of the MedStar incident.
Apple iPhone cases emerge
After the San Bernardino #AppleVsFBI case, more law enforcement investigations relying on iPhones are surfacing in the media.
That’s quite enough. Back to pretending I’m lying under a cerulean sky, baking my tuchis, cold drink in hand.
In the Spring a livelier iris changes on the burnish’d dove;
In the Spring a young man’s fancy lightly turns to thoughts of love.
— excerpt, Locksley Hall by Alfred, Lord Tennyson
Welcome to spring break. And by break, I mean schedules are broken around here. Nothing like waiting up until the wee hours for a young man whose fancy not-so-lightly turned to love, because spring.
While the teenager lies abed yet, mom here will caffeinate and scratch out a post. It may be early afternoon by the time I get over this spring-induced sleep deprivation and hit the publish button.
Apple blossoms — iPhones and iPads, that is
Not much blooming on the #AppleVsFBI front, where Apple now seeks information about the FBI’s method for breaking into the San Bernardino shooter’s iPhone 5C. The chances are slim to none that the FBI will tell Apple anything. Hackday offers a snappy postmortem about this case with an appropriate amount of skepticism.
I wonder what Apple’s disclosure will look like about this entire situation in its next mandatory filing with the SEC? Will iPhone 5C users upgrade to ditch the undisclosed vulnerability?
What if any effect will the iPhone 5C case have on other criminal cases where iPhones are involved — like the drug case Brooklyn? Apple asked for a delay in that case, to assess its position after the iPhone 5C case. We’ll have to wait until April 11 for the next move in this unfolding crypto-chess match.
In the meantime, spring also means baseball, where new business blossoms for Apple. Major League Baseball has now signed with Apple for iPads in the dugout. Did the snafu with Microsoft’s Surface tablets during the NFL’s AFC championship game persuade the MLB to go with Apple?
It’s downhill all the way for VW, which missed last week its court-imposed 30-day deadline to offer a technical solution on its emissions standards cheating “clean diesel” passenger vehicles. If there was such a thing as “clean diesel,” VW would have met the deadline; as I said before, there’s no such thing as “clean diesel” technology. The judge allowed a 30-day extension to April 24, but my money is on another missed deadline. Too bad there’s not a diesel engine equivalent of Cellebrite, willing to offer a quick fix to VW or the court, huh?
Of note: former FBI director Robert Mueller has been named “special master” on this case by Judge Charles Breyer; Mueller has been meeting with all the parties involved. What the heck is a “special master”? We may not have a ready answer, but at least there’s a special website set up for this case, In re: Volkswagen “Clean Diesel” MDL.
The cherry on top of this merde sundae is the Federal Trade Commission’s lawsuit filed yesterday against VW for false advertising promoting its “clean diesel” passenger cars.
With no bottom yet in sight, some are wondering if VW will simply exit the U.S. market.
Automotive odd lot
Did Tennyson write anything about spring spawning naps? Because I feel like I need one. Hope we’re back in the groove soon. See you in the morning.