Every un-shredded car is a policy failure

Previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , , ,

IRS login makes you take a selfie for this security company you've never heard of

I see no way this could possibly go wrong.

You'll soon have to prove your identity to a Virginia-based security company called ID.me in order to file a return, check tax records, or make payments on the Internal Revenue Service (IRS) website. Your old username and password credentials -- if they still work -- will stop working in the summer of 2022. [...]

ID.me compares your selfie with your driver's license or passport image to verify you are who you say you are. It might also ask for other documentation, such as a copy of a recent bill. If the system still isn't satisfied, it may even ask you to jump on a video call with a human representative. [...] The company says it's also devised ways for overseas, under-documented, or homeless people to verify their identities.

Uh huh.

ID.me says a total of ten federal agencies use its system, including the Department of Veterans Affairs and the Social Security Administration.

The IRS, of course, is a big agency that deals directly with many millions of individuals and businesses. ID.me will become responsible for a huge amount of personally identifiable information -- at a time when cyberattacks on government networks have become common. Recall the 2015 cyberattack on the United States Office of Personnel Management (OPM), in which cybercriminals gained access to 22.1 million government personnel records, including those of government employees and their families, and people who had undergone background checks. [...]

And ID.me can store tax filers' personal data for up to seven and a half years, the representative tells me in an email. [...]

In the event of a data leak, however, your options for redress are somewhat limited. At the very top of the ID.me terms of service, you'll find an all-caps statement saying that by using ID.me you agree to binding arbitration in the event of a dispute, and wave your right to join a class action against the company.

I first encountered this bullshit a few months ago.

My business, DNA Lounge, tried to apply for the "California Venues Grant Program funded by the State of California and administered by CalOSBA", and we couldn't even begin the application process without me personally submitting to this techbro biometric-harvesting bullshit by ID.me. And I wouldn't do that, so we couldn't apply.

There are many ways to prove who I am to the State of California, and giving my biometric information to some third-party for-profit data-harvester with a Montenegro domain is not an acceptable one.

Previously, previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , , , , , ,

Monkey Dump

Truck with 100 monkeys crashes in PA, some of them missing:

DANVILLE, Pa. (AP) -- A truck carrying about 100 monkeys was involved in a crash Friday in Pennsylvania, state police said as authorities searched for at least three of the monkeys that appeared to have escaped the vehicle.

The truck carrying the animals crashed with a dump truck in the afternoon in Montour County. The truck had been on its way to a lab.

I have heard this story before, and the first time it was called Mrs. Frisby and the Rats of NIMH.

But more importantly: are the fungible? ARE THEY FUNGIBLE??

CDC: All my apes are gone:

The shipment of monkeys was en route to a CDC-approved quarantine facility after arriving Friday morning at New York's Kennedy Airport from Mauritius, the agency said.

The location of the lab and the type of research for which the monkeys were destined weren't clear, but cynomolgus monkeys are often used in medical studies. A 2015 paper posted on the website of the National Center for Biotechnology Information referred to them as the most widely used primate in preclinical toxicology studies.

Previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , ,

Instagram: How not to do messaging

Though Facebook is really good at a few things -- being a rage amplifier; providing a clean, well-lit space for fascists; and allowing unmedicated schizophrenics to find each other and thereby elevate their delusions into national movements -- it's important to remember that they are actually stultifyingly incompetent at just about everything that comprises what most people think their business is.

Sadly, my businesses still have a presence on Facebook and Instagram because choosing not to use those services essentially means choosing not to advertise, and that's not really a stand we can afford to take during this pandemic apocalypse.

And since I still have to manage this shitshow, here's me pissing in the wind again about how terrible it is to try and actualy use it.

I've written before about the mind-boggling unusability of Instagram's inbox-management for business accounts: that the messages are partitioned into four different places with four different interfaces with no rhyme or reason. It's just unfathomable how anyone is able to communicate with their customers through this disaster. [Narrator: "They cannot. They mostly don't try."]

Well, a couple years ago, Facebook integrated Instagram into this "Facebook Inbox For Business Suits" thing or whatever they're calling it today. In theory, now you can use a Facebook web page instead of the postage-stamp-sized Instagram app to manage your messages while typing with your thumbs like an animal.

Take a look at the image to the right. Zoom in. Let the hate wash over you. I'll wait.

  • First indignity: you have to make the window be basically full screen width or none of those icons on the right show up, because it's got 3 different sidebars (not shown). And even then, sometimes the message author's profile picture appears on top of the buttons, making them unclickable.

  • The "All Messages" tab is not all messages. So the very first words on the page are already a lie. You still have to click through to the four other tabs to see everything.

  • When it shows you an Instagram "story", you almost never get to actually see it. Stories usually expire after 24 hours, but I look at this page once a day and I can't remember the last time a story actually showed up as something other than a broken-image box.

  • When it does actually show you the contents of an Instagram story or post, it is 240 pixels wide. You can't resize it. You can't click on it to open it in a new window. You can't copy its URL. Hope your eyesight is good!

  • When it shows you Facebook messages or replies, it doesn't show you the actual message. It shows you the post on which the messages were made. And it is always set to "Most relevant comments", meaning it's showing you the top-rated 5-of-30 or whatever, in bogosort-order. Because that's what you want to see in your "Facebook Connect Businessy Direct Comments Suite". Not the most recent message, but one that was popular two weeks ago.

  • There is no "mark all read" button. You have a thousand messages in the list, but a couple of them, 700+ messages ago, are marked as unread, making the unread count up top useless? Congratulations, you get to click a thousand times to clear that. Also, the position of the "delete" button changes every time. Sometimes those 5 buttons are horizontal, but sometimes they wrap to 2 or more lines, depending on... I don't even know what. (See "Facebook Cow Clicker".)

  • Once you have deleted a message, it is gone forever. There is no Trash folder. The message itself exists, and everyone can still see it, you just have no way to navigate back to it from "Facebook Presents Inbox by Marc Jacobs" or whatever this is.

  • That "Exclamation point" button means "Mark as spam". As far as I can tell, it's the same as Trash. It does not even move it to a spam folder, because as I said, folders aren't a thing. There is no Spam folder, nor a Trash folder, not an Archive folder. And it absolutely for sure does not report the message as spam. It's just a handy busy-box for you to click that does nothing, like calling 311 about a blocked bike lane.

  • Is there a way to report abusive Instagram messages? Sure there is, there's a "Report" item hidden on a dot-dot-dot popup menu in the "User" sidebar! That takes you to a FAQ telling you to run the Instagram app on your phone, find the message again (good luck with that), and report it from there.

  • If it's a Facebook comment, there are context menus for blocking and reporting, that work completely differently. What you want is a button that means "report this abusive asshole and make them go away forever". What you get is three different paths to report comments, delete comments, and block users, which take like 14 clicks, and if you miss one step, some or all of those things don't happen. Also it's entirely possible that "block" means "don't show this person's abuse to me personally, but do continue showing them to everyone else who looks at my business page." After all these years, I still have no idea.

  • My business account manages multiple Facebook and Instagram pages. Do messages to all of them show up in the same place? Hahahahahahahaha no. Each one gets its own separate "Instagram By Facebook Inbox Business Message Console Business" page.

  • Oh yeah, those red message count badges at the top? They never change as messages are read or tabs are changed. I mean, that sounds too hard, right?

One might hope that this incompetence indicates that they simply don't have employees who know what they're doing, and one might dream that maybe that's because Facebook is just too embarassing a place for the competent to work. Maybe the people capable of getting jobs elsewhere took my advice and quit. But that's wishful thinking. Ethics are not correlated with programming skill. It's just that they don't give a shit. Tools to allow businesses to use Facebook to intermediate communication with those businesses' customers are not a priority. As a rational, sane person, the things that you expect are part of Facebook's business are not. If you think you are their customer, or even that your customers are their customers, you are wrong.

Previously, previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , , ,

Oddly specific botnet

Whoever once had the address "mim@mcom.com" has a vast and extremely enthusiastic botnet trying to crack their password on mcom.com's (nonexistent) IMAP server, from 20,000+ unique IPs in the last 30 days.

Never give up hope, it might work some day!

Though I am impressed by the IP space they control, I guess.

Previously, previously, previously, previously, previously.

Tags: , , , , , ,

DNA Lounge: Wherein the Castro Theatre is the latest COVID casualty

The Castro Theatre is turning over control to Another Planet:

The 100-year-old theater, known throughout the world as one of the symbols of San Francisco's historic LGBTQ Castro neighborhood, will be renewed as a live events venue with music, comedy, film and more as Another Planet Entertainment takes over its programming.

The Berkeley independent [sic] concert promotion company -- which promotes hundreds of local concerts annually at venues like Berkeley's Greek Theatre, the Fox Theater in Oakland and the Bill Graham Civic Auditorium in San Francisco, as well as co-produces the Outside Lands music festival in Golden Gate Park -- has signed a long-term contract, with plans to [...] broaden the programming at the 1,400-capacity venue to include live music, comedy and community events. The Castro will still screen select films, but the changes are sure to be earthshaking for many Bay Area film organizations and movie fans who have been filling the Castro for decades.

"It's heartbreaking, devastating, and not surprising," said Marc Huestis, who has presented special events at the Castro Theatre for 40 years. [...] "Even before COVID, it was like repertory theater was kind of on its last legs," Huestis continued. "It makes me very emotional because it's just such an important cultural institution and the heartbeat of not only the neighborhood but of the city."

As a fan of both old movies and live music, one might expect me to feel conflicted about this. While losing another repertory movie theatre is awful, gaining another live music venue should be good, right? But, no, this is just another tragedy. Understandable, perhaps, but still tragic.

I don't understand how anyone gets away with calling Another Planet an "independent" company, unless your definition of "independent" is "not publicly traded". I guess NIVA defines "independent" as "anyone who is not Live Nation or AEG", but the reality is that Another Planet are the short leg of the corporate triad who monopolize the live music scene in the Bay Area and beyond.

It's true that APE is the smallest of the three, and they're "local", but they have the same business model as Live Nation and AEG: anti-competitive lock-in through vertical integration and festival radius clauses. They're still monopolists, they're just smaller.

And even though whatever kind of live music they end up doing at The Castro won't be the sort of thing that we do at DNA Lounge -- we're not a "1,400 capacity all-seated" kind of place -- this sort of corporate consolidation hurts all of us small businesses who are actually independent, because it increases APE's monopoly power.

As I explained in detail back in 2018, monopolies are bad. They are bad for consumer choice, they are bad for ticket pricing, they are bad for artists getting paid, they are bad for your local music scene, and they are bad for our culture as a whole.

But as with Slim's (RIP) and Mezzanine (RIP), it's hard to fault the Castro's owners for taking whatever Faustian bargain is offered. It's grim out there.


Crawling toward obscurity

Now, Eternals was bad -- and I've already had some words about that -- but something I have not yet seen anyone bust on is the opening crawl.

Which is CLEARLY an, uh, homage to Blade Runner (violating the cardinal rule of cover songs, "never remind the audience of a better band they could be watching instead") but so ham-handed that it does not replicate (see what I did there?) the MOST RECOGNISABLE features of that crawl: its own bizarrely mismatched fonts!

If you're gonna goof on something, goof on it right!

It's like -- whichever intern got assigned the job of "hey pal, go fake-up a Blade Runner crawl" looked at it and was like, hmmmmm, it looks like whoever did this accidentally screwed up the fonts, while I am immitating this thing I had better correct their error."

Now you may recall that I have some Opinions about Blade Runner, but let me now turn the mic over to the eminently more qualified Typeset In The Future:

Blade Runner's opening crawl is distinctly un-futuristic in its choice of font. It uses Goudy Old Style -- designed by Frederic W. Goudy in 1915 -- as part of a veritable typographic cornucopia. Within five-and-a-bit paragraphs, we are treated to several inconsistently spaced examples of small caps), and five -- count them! -- examples of particularly chunky em dashes. (Thankfully, they do not follow the freaky American style of removing -- for no reason at all -- their surrounding spaces.)

My favorite aspects of this opening crawl, however, are the arbitrary examples of Mid-Sentence Capitalized Words, as popularized by A. A. Milne and P. L. Travers.

I mean. Gestures Wildly.

By the way, the Eternals Pitch Meeting is very good.

Previously, previously, previously, previously, previously, previously, previously, previously, previously.
Tags: , , , ,

Today in Brand Necrophilia

Previously, previously, previously, previously, previously.

Tags: , , ,

A Series of Tubes

This interactive map of the SF sewer system will come in handy for my next heist.

Previously, previously, previously, previously, previously, previously, previously, previously, previously, previously, previously, previously.

Tags: , , ,

This Place is not a Place of Honor

Today in Castle News:

The thing you need to understand about today's Zillow find is that it was built in 2010 in the United States of America. Two full years into the financial crisis, these people decided that what they needed was a MOAT.

It looks like the part of Disney you aren't supposed to see, like there should be dumpsters of half-consumed turkey legs and a Mickey Mouse holding his own head in his hands, chugging bottled water. [...]

It's called Chrismark Castle because... it's owned by Christopher Mark, the great-grandson of a Chicago steel tycoon. (Boostraps!)

It took seven years and $4.1 million to build, but went on sale for $45 million, now down to an affordable $35 million.

He had barely moved in w his wife and children when she filed for divorce. So he moved his pregnant girlfriend (oh) and her daughter in instead. Then SHE left him, and there was a big court case for more child support.

And here's our protagonist, eating dinner alone, too sad even to put food on his plate or light his candle.

He's been trying to sell the place since 2014. In that time, he's tried turning it into a modeling studio (uhhh), a wedding venue, and an exotic animal refuge.

During the lawsuit over child support for the girlfriend (he'd been paying $1k a month), both alleged that the other was responsible for the starvation death of a camel.

Anyway, I will leave you with the world's most uncomfortable hand chair, the fact that there is a navy fighter jet on the property, and yes there IS a dungeon (can't find pictures), and also nearby Hartford, CT has a poverty rate of over 30%.

Previously, previously, previously, previously, previously, previously.

Tags: , ,

  • Previously