Two and a Half Hours

  • Fold laundry
  • Wash the dishes left out from making pizza for last night’s dinner
  • Do yoga
  • Wash more dishes
  • Do more yoga, and exercises to strengthen my recently-strained MCL
  • Read some of the 50-100 tabs open to Economist and Atlantic articles I’ve been meaning to read for the last four months.
  • Rearrange boxes of Christmas decorations and miscellaneous items in our apartment’s storage area

These are all the things I did while I listened to about two and a half episodes of David Cross’ podcast, Senses Working Overtime with David Cross, last Saturday morning. I discovered David Cross had a podcast shortly after I opened my laptop for the morning. IIf you’re not familiar with David Cross, he played Tobias Funke on Arrested Development. If you’re not familiar with Arrested Development, you’re not alone – almost no one watched the show when it aired, and that’s why it was unceremoniously cancelled after three seasons in 2006.

Please note: There’s a much, much longer and more detailed version of this post where I expand on these points, however, it’s also borderline unreadable. Here’s the abridged version for the meantime.

Here’s how I consumed two and a half episodes of Senses Working Overtime with David Cross:

  • I opened my computer, opened youtube.com in my browser, and Youtube suggested five videos and one ad in a 3×2 grid, and started autoplaying the David Cross podcast when I hovered my mouse over it.
  • None of the five videos were from a channel to which I had subscribed, but somehow, Youtube intuited I would probably watch a video from David Cross.
  • If I had Youtube installed on my phone, once I installed Youtube on my phone, I could resume the video where I left off.

Consuming media in this way is an extremely recent development.


Prior to the advent of consumer grade internet and websites reliably hosting audio and video, consuming media in this way would have been well-nigh impossible.

If a comic started some sort of an interview show, I’d have to be in a radio market where the show were broadcast, and catch the episodes individually as they aired live. If I wanted to binge on multiple episodes, I’d either have to order cassette copies of the show, if the station made those available, or find a friend who had recorded the original broadcast on cassette tape and was willing to duplicate or send a copy of their tapes of the show. If the station didn’t sell tapes and I didn’t have friends who had recorded the show, I’d be out of luck.

The near-immediate availability of everything that has ever been made has fundamentally changed our relationship with media. However, the way I spent two hours Saturday morning wasn’t the result of me seeking out a specific piece of entertainment and then bingeing it, e.g. searching for Arrested Development and rewatching it for over two hours. Rather, out of the hundreds of millions of hours of content on Youtube, the site suggested a specific hour-long video, and subsequently showed me another two hours of content that I didn’t even know I would watch.

Anyway, I hope everyone had a nice weekend.

Anyone can call themselves a roofer.

Wisconsin does not have any licensing requirements for roofing. Anyone – and I mean anyone can declare themselves a “roofer” and start a roofing company.

If you’re having roofing work done, you could have a seasoned professional redo your roof, or you could have someone’s nephew show up with a bucket of tar, a nail gun, and unearned optimism. Unfortunately, you’ll never know whether you hired the right person until the middle of the next heavy rainstorm.

Likewise, anyone can claim to be a cybersecurity expert. That includes highly public figures, such as Rudy Giuliani. In January 2017, then President-elect Trump named Rudy Giuliani as his administration’s cybersecurity advisor during the transition period.

Back in 2017, I remember being surprised by the announcement. I had no idea that Giuliani ran a security company, let alone a cybersecurity company. I wasn’t the only one caught off guard by the announcement, and it turned out I wasn’t the only one curious about Giuliani Security.

Curious users promptly investigated giulianisecurity.com and discovered that the site had many vulnerabilities and was impressively out-of-date, as discussed in this r/technology thread. The site exposed SSH and MySQL to the public internet. Based off of the joomla! and OpenSSH versions installed, the server had not been patched in years. Whatever Giuliani believed about cybersecurity, he clearly didn’t practice those beliefs to his own site.

Anyone can call themselves a roofer.

Hours after news broke regarding giulianisecurity.com’s many vulnerabilities, one of the admins for that domain responded. As a self-identified cybersecurity professional, Giuliani knew his organization had to respond to the vulnerabilities on the giulianisecurity.com site. Would the organization could mitigate the risk? Would they transfer the risk to another party? Avoid it? Accept it?

We’ll never know for sure the intention of the admin in question, but someone left the site unpatched with the same ports and services exposed, but removed the A records that directed queries to that particular site. I suppose this was a misguided attempt at risk avoidance, but the server – with all of its potentially private info, and likely itself inside giulianisecurity.com’s DMZ – remained up and accessible. To this day, Giuliani Partners LLC still has the giulianisecurity.com domain registered, and, to this day the A record for the root domain has never been restored. Fortunately, , the former WAN IP for giulianisecurity.com has since stopped exposing ports 3306 and 22 to the public internet.

However, the story of Rudy Giuliani’s misadventures in web hosting are far from over. According to SecurityTrails.com’s DNS history for the domain, on October 21st, 2021, someone pointed the A record for www.giulianisecurity.com at a new Azure site.

The comedy of errors continues:

  • Whoever decided to make the site accessible via DNS again remembered to add an A record for WWW, but forgot to provide a record for the root of the domain. giulianisecurity.com gives you nothing, and WWW gives you the new (as of 2021) site.
  • The site is still vulnerable to SQL injection and XSS, and lit up a free security scanner like a Christmas tree:
  • The site does not redirect HTTP connections to HTTPS, but at least it serves HTTPS connections now upon request.
  • While the site does provide a HTTPS connection, the site still doesn’t have a valid SSL certificate installed for the domain. The certificate returned is for *.azurewebsites.net, rather than for www.giulianiservices.com.

Anyone can call themselves a roofer. No one will know if they hired the right roofer for the job until after the leaks have started.

POSTSCRIPT: To Mr. Giuliani’s credit, giulianisecurity.com’s SPF record is set with a hard fail by default (-all) and has been set with -all since 2016 per dnshistory.org, so at least there’s that. Additionally, the new site has cleared the hadopelagically low bar of closing 3306 and 22 to the public internet:

Day 2 update

It turns out that it’s far easier to open 28 new tabs about ideas for new posts than it is to radically change my relationship with technology overnight.

As is tradition on Thanksgiving and on Super Bowl Sunday, I watched the game live on honest-to-goodness TV. Since college, those two days are the only times I watch live TV.

I remember reading in a trivia book or perhaps the newspaper as a kid that the average American adult watched something like five hours of TV a day. We’ll revisit that statistic, and some other statistics regarding TV consumption, in a later post. Until then, go read a book or enjoy being bored.

About the tagline…

For some people, history can be defined entirely by specific moments. For others, history’s most widely-known events may be viewed as inevitable small parts of greater political, economic, and cultural patterns. Some historians would say that World War I burst out of the barrel of Gavrilo Princip’s pistol after his shot struck Franz Ferdinand. Others would point to the decades of growing tension between major world powers and argue that just about any event could have set off the Powder Keg of Europe, irrespective of one young man’s actions on a particularly fateful day in Sarajevo.

I often times find myself in the latter camp. Whether discussing global history or the history of technology, an individual with the right ideas at the wrong time and wrong place, or groundbreaking technology introduced a little too early can sputter out and fall far short of their potential impact. Most trends – the adoption of color television, the popularization of the car, the popularization of personal computers, etc, don’t have a single event to which we can point and say “that’s when technology changed for everyone”.

There is one event and one time period in particular where I can point to such a sudden change. Jonathan Haidt characterizes this type of change as producing “hockey stick” charts – one where there’s minimal linear growth, and then, at the end of the shaft of the hockey stick, a sudden, immediate change in slope (some may call it a non-differentiable function) after a certain point in time.

These events happened in 2006, give or take a little.

In 2005, 2006, and 2007 we have:
2005

  • Youtube founded.

2006

  • Steve Jobs announces the iPhone, immediately changing the perception of both smartphones and touchscreen UIs.
    • Prior to the iPhone, smartphones were often synonymous with Blackberry devices. These devices were for business use only. The iPhone was clearly a product for the masses.
    • Touchscreeens now work well enough for the average person to use.
    • For an excellent depiction of the mobile internet and highly capable smartphones contemporary to the iPhone’s release, take a look at Maddox’ post about the iPhone and the Nokia E70.
  • Facebook opens account registration to the general public and introduces the News Feed. Social media goes from usernames, avatars, and profiles to real photos and the News Feed.
  • The Nintendo Wii is released, outselling all previous Nintendo consoles and establishes casual gaming as a major pillar of the gaming market.

2007

  • Google, the world’s most popular search engine then and now, acquires what would become the world’s 2nd most popular search engine, Youtube

This is the first post in a multi-part series. This post sets the stage for the coming sea change in how we spend our free time and to what we give, and often surrender, our attention.

NOTE – For argument’s sake, some things fizzled after being introduced too early in 2005. After years of joking that NetBSD ran on everything but a toaster, Technologic Systems brought the first instance of NetBSD on a toaster to life. Unfortunately for our toaster, time was ripe for the iPhone, Facebook, and Twitter, but IoT was a few years away from widespread adoption. I’ll revisit IoT in a later post series.