Cory Doctorow's How I got scammed was a fascinating read. Phishing has gotten more sophisticated, but also, even people whose security practices are way above the norm can get hit when the stars (mis)align just so.

There's a name for this in security circles: "Swiss-cheese security." Imagine multiple slices of Swiss cheese all stacked up, the holes in one slice blocked by the slice below it. All the slices move around and every now and again, a hole opens up that goes all the way through the stack. Zap!

The fraudster who tricked me out of my credit card number had Swiss cheese security on his side. Yes, he spoofed my bank's caller ID, but that wouldn't have been enough to fool me if I hadn't been on vacation, having just used a pair of dodgy ATMs, in a hurry and distracted. If the 737 Max disaster hadn't happened that day and I'd had more time at the gate, I'd have called my bank back. If my bank didn't use a slightly crappy outsource/out-of-hours fraud center that I'd already had sub-par experiences with. If, if, if. [...]

The following Tuesday, I called my bank and spoke to their head of risk-management. I went through everything I'd figured out about the fraudsters, and she told me that credit unions across America were being hit by this scam, by fraudsters who somehow knew CU customers' phone numbers and names, and which CU they banked at. This was key: my phone number is a reasonably well-kept secret. You can get it by spending money with Equifax or another nonconsensual doxing giant, but you can't just google it or get it at any of the free services. The fact that the fraudsters knew where I banked, knew my name, and had my phone number had really caused me to let down my guard.

Years ago, I got a call on a weekend from someone claiming to be from my credit card and was just plausible enough for me to not hang up. (Also a claimed fraud alert.) But I got suspicious when the caller started asking me for private information and then claimed it was necessary to authenticate me (at my own phone number). So I said "I also need to authenticate you; what's my mother's maiden name?" Oh no, the caller said, we can't give you that information... but with all the data breaches we've seen, that technique is no longer safe. The phisher might have my mother's maiden name [1]. Doctorow's phisher had his unpublished phone number. Secrets aren't.

[1] Helpful tip: don't use the actual answers for security questions that people might be able to research or guess. As far as your bank is concerned, your mother's maiden name can be QjFVa6ufeqr_7.

I just came across a speech that Bari Weiss recently gave for the Federalist Society, specifically for their lawyers' convention. She starts by talking about how surprising a choice she was for that; she's not exactly their type.

I found this worth my time to read. Choosing concise excerpts (to stay within the bounds of fair use) is hard, but here are some bits to give the flavor. I read the transcript; there's also a video if you prefer to listen.

( content warning: Hamas war and reactions to it )

John Bull wrote a post (in tweet-sized pieces, naturally) that rings true for me, and he gave a name for the phenomenon we're seeing with Twitter, saw with LiveJournal, and partially saw with Stack Overflow. The thread starts here on Twitter and here on Mastodon (the Fediverse). Selected quotes:

One of the things I occasionally get paid to do by companies/execs is to tell them why everything seemed to SUDDENLY go wrong, and subs/readers dropped like a stone. So, with everything going on at Twitter rn, time for a thread about the Trust Thermocline.

So: what's a thermocline?

Well large bodies of water are made of layers of differing temperatures. Like a layer cake. The top bit is where all the the waves happen and has a gradually decreasing temperature. Then SUDDENLY there's a point where it gets super-cold.

The Trust Thermocline is something that, over (many) years of digital, I have seen both digital and regular content publishers hit time and time again. Despite warnings (at least when I've worked there). And it has a similar effect. You have lots of users then suddenly... nope. [...]

But with a lot of CONTENT products (inc social media) that's not actually how it works. Because it doesn't account for sunk-cost lock-in.

Users and readers will stick to what they know, and use, well beyond the point where they START to lose trust in it. And you won't see that.

But they'll only MOVE when they hit the Trust Thermocline. The point where their lack of trust in the product to meet their needs, and the emotional investment they'd made in it, have finally been outweighed by the physical and emotional effort required to abandon it. [...]

Virtually the only way to avoid catastrophic drop-off from breaching the Trust Thermocline is NOT TO BREACH IT.

I can count on one hand the times I've witnessed a company come back from it. And even they never reached previous heights.

This was shared with me in the form of screen shots (so, hard to read), but then I found the link to where it happened on Reddit (in a "legal advice" channel). I thought my readers might enjoy this.

Original post, two months ago, which has a note from moderators saying they've verified the story:

[oregon] I accidentally created an army of crow body guards. Am I liable if my murder attempts murder? (Personal Injury)

To make a long story short, im a late 20 something living in portland oregon. I had a pretty intense emo/goth phase as a tween that i thought i had grown out of.

A couple months ago, i was watching a nature program on our local station about crows. The program mentioned that if you feed and befriend them, crows will bring you small gifts. My emo phase came back full force and i figured that i was furloughed and had lots of time- so why not make some crow friends.

My plan worked a little too well and the resident 5 crows in my neighborhood have turned into an army 15 strong. At first my neighbors didnt mind and enjoyed it. They're mostly elderly and most were in a bird watching club anyway. They thought the fact that i had crows following me around whenever i go outside was funny.

Lately, the crows have started defending me. My neighbor came over for a socially distanced chat (me on my porch her in my yard) and the crows started dive bombing her. They would not stop until she left my yard.

They didnt make physical contact with her, but they got very close.

Am i liable if these crows injure someone since i fed them? I obviously cant control the crows. I would rather them not attack my neighbors. But since i technically created this nuisance, could i be financially on the hook for any injuries?

To be clear, they're not agressive 100% of the time. If just the neighbors are out they are friendly normal crows. They only get aggressive when someone gets close to me or my property.

ETA: TL;DR- I have turned into Moira Rose, queen of the crows. My inadvertent crow army has gotten aggressive towards others. If they hurt someone could i be held liable?

ETA PT II: I did not train these birds to attack. Also thank you for all of your awards. Im glad my stupid decisions bring you joy. Please consider donating that money to your local Audubon society instead

There's a followup, posted yesterday with a positive outcome:

So to make a long story short, i called our local Audubon society. They didn't think feeding the crows was bad and suggested that the neighbors also start feeding them so they essentially became better socialized.

The plan worked and the crows are now a beloved part of the community. There have been no recent dive bombings.

Most amazingly, the crows may have legitimately saved my neighbor. Our city had a pretty big ice and snow event recently. Like i said in my last post, most of my neighbors are older. One of my neighbors was walking down his steep driveway, slipped, and couldnt get back up.

The crows started going ballistic and were making more noise than we have ever heard. A different neighbor went outside to see what was up and found the gentleman in his driveway. Neighbor is mostly ok! Just some serious bruises.

Needless to say the crows have been getting some high value food since then.

Thanks for all the help on my original post. It blew up way more than i was expecting and i thought you guys would enjoy an update.

Our government is out of control; that's been true for some time but it's gotten worse. The murder of George Floyd is appalling. That he's one of many is appalling. That many police are trained to do such violence, and are supported in it, is appalling. That our government responds with more unprovoked violence and escalation is appalling. I keep using that word, and I feel like I should have better words and more coherent thoughts, and I don't.

But I have this talk that you should listen to -- under 20 minutes, and Trevor Noah has some insightful things to say about the many dominoes that have fallen to get us here and societal contracts and more.

What is society? Society is a contract that we sign as human beings. We agree on common rules, common ideals, and common practices that are going to define us as a group. And the contract is only as strong as the people who are abiding by it.

I have a lot of links I've been meaning to share accumulating in tabs, tweets, and whatnot. I'd wanted to "curate" this more, but sharing something is better than sharing nothing because I didn't get to that, so...

• Stack Exchange (aka Stack Overflow Inc) fired its two longest-serving, most-community-connected community managers. A week before, a third such had given notice, though that was not yet public when the firings happened. Here's a post on Meta.SE. Jon posted about his departure on his blog. He talked more about it in his 2019 in review. Meanwhile, firing Shog9 was egregious enough in the community's eyes that a GoFundMe campaign to help tide him over between jobs has raised $11k so far. Jon and Shog, and also ex-SO moderator George Stocker, have been writing a lot on Twitter about the company's change in direction, often in intertwined threads that are hard to link into.

• Jon on Misunderstanding Meta

• Effective apologies -- five of these six elements are core to teshuva, the Jewish understanding of repentance. (I forget who shared this where.)

• For managers: different ways of showing recognition (I saw this while in the midst of year-end reviews at work)

• Designing for people, which is timely as we work to build Codidact

• On site design in general, Alphabet of accessibility issues. Yes I experience several of these, and I'm just one person!

• Register article on GitLab and diversity

• To kill a community

• What is community anyway?

• Internal monologues or not?

• On grieving: how not to say the wrong thing. Synopsis: rings of concern, comfort in, dump out.

• siderea on the problem of punching up

• Samuel Liew's Stack Exchange timeline

A friend shared this with me earlier today and I literally laughed out loud:

(Source)

The second-last column is about a famous Zulu leader. The last one is about walled cities under fire.

"Shaka, when the walls fell" is a key phrase in a rather unusual episode of Star Trek: The Next Generation, named "Darmok". The famous universal translator doesn't work when the Enterprise encounters these particular aliens, because their language doesn't work at the word level. They speak in what the crew calls metaphor. I've seen discussions of this over the years ("could that really work?" "improbable, because..."). The post about the Jeopardy episode links to this Atlantic article about the episode that argues that we're looking at it all wrong. I found it an interesting read.

Also, Atlantic does in-depth articles about episodes of SF shows? Who knew?

(I don't have a Trek icon. Here, have one from one of my favorite shows instead.)

I have some things collecting in tabs, so here's a hodge-podge:

• First, border-crossing. You've probably heard by now that border control in the US has gotten aggressive, including demanding passwords for encrypted devices and then taking them out of view for an extended time. You don't have to give up your password, but if you don't, they can confiscate your device for weeks or months for "review". The rights you have against unreasonable search and seizure in the US are not the same as those you have at the border. While they can't deny entry to US citizens, they can to others.

• It's important to know what you don't know. David Director Friedman has an interesting idea about applying economics to teaching -- specifically, grading exams.

• A lot of the Rands article The New Manager Death-Spiral sounds very familiar.

• We all know one of the Internet rules: don't read the comments. The parts of the net I frequent tend to be better than, say, a random sample of YouTube, which is due to a mix of conscientious participants and comment moderation. A while back I came across a comment-moderation policy described as "Victorian Sufi Buddha Lite": they require a comment to be at least two of true, necessary, and kind.

• I'm not sure that philosophy applies to windshield notes, but they sure are funny.

• How do we know Humpty Dumpty is an egg? The rhyme doesn't say so. Huh, I never thought about that.

• Speaking of things I hadn't thought about, have you ever noticed the similarities between fantasy-adventurer settings and westerns?

A friend sent me a link to this speech from the CEO of the Anti-Defamation League at a conference today. Excerpt:

And let me say this. There recently have been reports that the new Administration plans to force Muslim-Americans to register for some sort of master government list.

Look, Islamic extremism is a threat to us all. But as Jews, we know what it means to be registered and tagged, held out as different from our fellow citizens.

As Jews, we know the righteous and just response. All of us have heard the story of the Danish king who said if his country’s Jews had to wear a gold star…all of Denmark would too.

So I pledge to you right here and now, because I care about the fight against anti-Semitism, that if one day in these United States, if one day Muslim-Americans will be forced to register their identities, then that is the day that this proud Jew will register as a Muslim.

Because fighting prejudice against the marginalized is not just the fight of those minorities. It’s our fight. Just as the fight against anti-Semitism is not only the fight of us Jews. It’s everyone’s fight.

The rest is worth reading too.

I forget how I got there, but I recently found two interesting posts about my curious-but-not-very-useful "superpower". This Guardian article (from 2002) talks about animals (and people) that can see into the ultraviolet spectrum. Did you know that raptors can see into the UV? Do you know why that's important? Because rodents -- that is, prey -- emit urine trails, and urine is visible in the UV spectrum (as anybody who's tried to find and clean pets' urine stains knows).

And then there's this fascinating post from someone who sees into the UV (due to aphakia), in which he describes and shows what he sees and talks about some cool testing he did. It's hard to evaluate such things when monitor calibration is in play (do you see what I do on my monitor? probably not), but it looks like "black lights" are lighter and more purple for him than for me.

One of the ways he tested the bounds of his vision was with a simple prism. I never thought of that. Now, where can I find a prism? :-)