“Let the universe go on in exactly the same way it would have if that one critical moment had never occurred. Twenty years later, that was what he would desperately wish had happened twenty years ago, and twenty years before twenty years later happened to be right now. Altering the distant past was easy, you just had to think of it at the right time.”

— Harry James Potter-Evans-Verres, on time-travel

Dear Amazon,


Q: What is 17x22x48 inches?

A: The box that two of these arrived in yesterday.

They were curled up in a corner like abandoned puppies. The box wasn’t terribly well-sealed, either, so I’m sure the UPS driver looked inside and had a good laugh about the giant box of air he carried up to my porch with one hand.

In other news, Los Angeles Target shoppers are less murder-y than Detroit Dollar General shoppers, but still pretty violent. Governors, if you want people to enforce mask orders, they’d better be on-duty cops. If you don’t have enough of those to go around, don’t criminalize breathing wrong and expect store clerks to risk their lives for you.

By the way, if they’re actually sick, shooting them is sure to spread the virus as it spatters their blood across the walls and floor…

Totally related, Corona-chan has been in Ohio since at least January. (and that site does something really evil, changing the contents of the URL bar as you scroll down, so that I almost posted a link to the story below it, which is bullshit)

Update

The Dayton Daily News story has more details: onset of currently first known case was January 7 in Miami County, and January 13 in Montgomery County, both women in their seventies. Unless they were on a senior cruise together, this suggests it was spreading in the community in late December. In Ohio.

This upends all the hypotheses about “asymptomatic transmission” that have helped justify the massive shutdown of the country. The only support for the claim that you could spread it without symptoms was the now-proven-incorrect belief that it was newly-arrived and spreading only from people with recent foreign travel history, who were contagious without knowing they were sick.

The reality is that people were coughing and sneezing all winter, thinking they just had the flu or a bad cold, while actually spreading the joy of Corona-chan to family, friends, and holiday shoppers.

Pixiv: shorts


The last time I visited the realm of Daisy Dukes And Other Delights, it was back when I was still pulling cheesecake from Gelbooru, using Steven’s extensive exclusion list to sift the vile haystack for shining needles.

This search was a lot easier.

Unrelated, A Wild Yeast Appears!

First sighting in weeks. The bread machine yeast was the only one left on the shelf (even the commercial stuff they’re repackaging in the bakery was all gone), but here’s a dirty little secret: bread machine yeast is just rapid-rise yeast, which is just instant yeast, which is just active dry yeast milled a bit finer to expose more surface area, so it starts rising sooner. No modern commercial dry yeast requires “proofing”, so the only significant difference is that a faster rise has less flavor. And you can always use a bit less and let it rise longer, to compensate.

They also had two bags of King Arthur All-Purpose flour, so I grabbed one.

Speaking of King Arthur, they’re listing both Red and Gold as in-stock today, along with Bread and Whole Wheat flour. And my 2 pounds of SAF Gold finally arrived Saturday, so I’m set for however long it takes California to open back up, with or without Benito Newsom’s blessing.

Churches across the state have announced that they’re more into forgiveness than permission, no matter what some judge says.

Back to the cheesecake, or at least a crepe:

more...

Thunderclaptrap


The latest “branded” vulnerability that’s getting hysterical coverage is “Thunderspy”, in which all your data are belong to us if your computer has a Thunderbolt port. In less than five minutes. With only $400 in off-the-shelf hardware.

Except the details of the story contradict that. First is the assumption that your powered-down computer is available to the attacker for long enough that they can crack the case and reflash the Thunderbolt port’s firmware; five minutes on a desktop, maybe, but most laptops? A quick look at the sites that crack them open and test for repairability suggests that it’s not going to be as easy as the claimed “unscrew the backplate, attach a device momentarily, reprogram the firmware, reattach the backplate”.

Second is the assumption that the attacker will be able to return when your computer is sleeping and exfiltrate your data through the compromised port. Admittedly, Thunderbolt is fast at data transfer, but how many trips do you have to make before you find it in the right state?

The mitigation strategy is simply “power down or hibernate”. Even after compromising your ports, physical access to a powered-up or sleeping computer is required to access your encrypted data. (if your data wasn’t encrypted, they didn’t need a hardware hack to steal it in the first place)

The researcher branding agent does offer a second scenario that’s at least plausible: find a not-currently-plugged-in Thunderbolt peripheral (monitor, etc) that has previously been connected to your computer, steal the 64-bit ID code that was used to establish a trust arrangement, flash that to a naughty data-exfiltration device, and then plug it into your awake-or-sleeping computer.

Mitigation strategy? “power down or hibernate”.

Or use a Mac, which apparently is only vulnerable if it’s been rebooted into Windows with Boot Camp and then put to sleep.

So, if you care enough about security to fully encrypt your laptop, but care so little about security that you casually leave it running unattended or just put it to sleep for convenience, and you don’t notice when it was power-cycled while you were out of the room, then this can be used to steal all your data.

That pretty much restricts the vulnerable population to senior executives at tech companies. The rest of us are safe.

(and, yes, state actors can easily accomplish this, but we already knew that they were compromising unattended phones and laptops to spy on foreign executives and politicians, especially in Corona-chan’s motherland)

Coming soon to an America near you…


Top of the “trending” list on Twitter just now:

Not entirely unrelated:

Two months into the lockdown, some people can’t handle the pressure:

In response to criticism, California has simplified their convoluted stages-within-stages “reopening” roadmap, which was about as smooth as a typical California road:

Someone found an upside to all this nonsense:

Well, that’s no surprise…


I went looking for updates on the story of Detroit-area grocery-store security guard Calvin Munerlyn, murdered in cold blood for “disrespecting” a woman by instructing her to wear a mask, as required by the state. To no great surprise, the mass media is… “not aggressively pursuing this local news story of no particular national significance”.

I managed to find local news coverage sharing the good news that Ramonyea Travon and Larry have finally been arrested; surprisingly, the family that kills together split up, with Larry hiding out in Texas (two unnamed accomplices drove him to Houston and checked him into a motel under his own name).

The killer’s sister Brya Shatonia was also arrested, for tampering with evidence and interfering with a murder investigation. Momma Sharmel is being held without bond on the charge of first degree murder.

In addition to murder, the fact that Larry is also charged with “felon in possession of a firearm” completes the explanation of why this story was dropped like a hot potato.

Two steps backward, one step fore


Today, California entered early stage 2 of the Grand Non-ReOpening And Gluten-Free Bake Sale. This means that they gradually, grudgingly, allow a small percentage of businesses to reopen for curbside delivery of orders placed online or over the phone. No in-person sales or merchandise on sidewalks, or else. It’s stages all the way down, though, so there’s no telling when we’ll even reach middle stage 2, much less late-early-middle stage 3 when it might become possible to get a haircut or go to a church.

Unrelated, there’s a big sale on telephoto lenses in Tokyo…

Also unrelated, Good Eats: Reloaded season 2 episode 4 wasn’t bad,

…but it didn’t do anything for me, perhaps because I never tried the cake recipe from the original episode, and wouldn’t really want to make the revised one, either; I just don’t bake cake.

Now, I did make a batch of Bigger Bolder Baking’s Crazy Dough and use it to make fresh soft pretzels. WARNING: disable Javascript on this site or be inundated with a constant stream of page-reflowing Google ads.

It’s an interesting dough, tangy without the overpowering sourness of California sourdough. The flavor comes from yogurt, and since she said her favorite kind to use is Greek, I used the good stuff: Fage’s with 5% milkfat. I think that would be too rich for some of the other suggested uses for the dough, like pizza or naan, but it worked great for pretzels.

The one snag with this dough is something that my Baker’s Percentage script called out: she lists 3 1/3 cups all-purpose flour as being equivalent to 500 grams. Her other weight conversions are reasonable, since different sources give slightly different results, and she likely rounded a bit to make the numbers clean. But you’d really have to pack your flour in to get to that weight, which most conversion tables would call 4 or 4 1/8 cups.

And that’s a lot of flour for the amount of liquid, and since Greek yogurt has less water than the standard stuff, substituting it in makes things even worse. I used the quick-dough cycle on my bread machine to do the kneading, and I’ve never heard it make squeaking noises like that before; I had to add more milk twice to get a nice smooth dough out of it.

The milk and yogurt also gave the yeast quite a feast. The recipe says to let it proof for about two hours until it doubles in size; it tripled in one hour. I gently punched it down and stuck it in the fridge, and the next morning it had tripled again. After that, it was well-behaved, and I separated it into 105-gram balls and put them back in the fridge until needed. Two pretzels a day for four days was a nice treat, especially since they only needed 10 minutes in my convection toaster oven.

I’ll make it again sometime when I have guests, or after I’m no longer stuck at home waiting for the mindless horde to end the lockdown. And by that I mean the state and county governments, not the zombies.

Wanted: USB-C dock that doesn’t suck


I have ethernet drops in every room of my house. I have a Samsung T5 USB SSD. I have a 12-inch MacBook, which has only a single USB-C port for charging and expansion.

This means I have to use some sort of dock to connect ethernet, external drives, and power. Every portable dock I’ve tried at home or at work can do two of the three reliably, but will spontaneously reset the USB hub component if I try to use all three at once (like, say, backing up the SSD contents over ethernet to my Synology NAS).

Doesn’t matter what brand; even reputable ones like Anker do this. Doesn’t matter what power supply; Apple 30-watt, Apple 87-watt, Anker 60-watt, etc. Doesn’t even matter if I deliberately throttle the rsync copy; it lasts longer at very restricted bandwidths, but still eventually resets.

Plug the SSD directly into my 2012 Mac Mini, and I can copy its data to the NAS at full speed, every time. Plug it into a Thunderbolt port on the 15-inch MacBook Pro I had to give back when I was laid off, ditto; it works great.

Right now, the only way I can successfully use both network and USB SSD at the same time on the MacBook is to run on battery and copy data wirelessly.

So, is there a good USB-C dock with ethernet and at least three USB3 ports that works with a 12-inch MacBook? I don’t even care if it’s portable at this point, and I don’t care if it has HDMI or a memory-card reader. Portable would be nice, for travel, but honestly, at the rate things are going, I won’t be traveling until at least November. And I have my fingers crossed that there isn’t another outbreak of virulent stupidity in the fall.

Random Apple WTF

A few years back, Apple made the -i option (display inode data) to df the default, “to conform to Version 3 of the Single UNIX Specification”. Trouble is, Apple’s new file system doesn’t really have inodes, so the number of “free inodes” is 2^63 minus the number of files and directories, which makes the output basically unreadable.

The manpage recommends using the -P option to disable this, which I long ago embedded in a shell alias so it’s always on. Except I haven’t made that change in the dotfiles on my Mini, so when I went to copy the SSD, I ran into the default behavior, and tried manually adding -P to the command, like so: df -h -P /Volumes/Marippe.

This reported disk usage in 512-byte blocks instead of the human-readable format I requested with -h. Why? Because that’s the official behavior of -P, and the fact that it suppresses inode output is apparently just a documented side effect. Which means that the output of df -h -P is not the same as df -P -h.

This feels like a metaphor for Apple’s current UI design principles.

3D cheesecake 29: themeless


Remember, kids, it’s all fun and games until someone opens their hair salon a few days before the lockdown ends. (next week’s soundtrack)

Unrelated: Dear Apple,

How is this useful in the crash report for my MacBook?

System uptime in nanoseconds: 2589416634187871

For that matter, “your system was restarted because of a problem” isn’t particularly useful in the first place. Also I’d love to know why it takes about five minutes after logging in for the load to drop from 260 to 1.5. How about some diagnostics that cover that?

Vaguely related, what part of “do not disturb” do you not understand?

Now back to our regularly scheduled program

more...