How Lindsey Graham Lost His Way – Rolling Stone

Lindsey Graham and Donald Trump were born nine years and one month apart. Trump came first, but when they appear side by side, as they often do these days, the men look about the same age. On November 6th, in the East Room of the White House, the president held an event to mark the record number of federal judges his administration has appointed, and Graham was there, having played a critical role in the achievement as chairman of the Senate Judiciary Committee. Trump’s staff had scheduled the event in part to shift focus from the House impeachment investigation, to remind any wobbly Republicans of the reason they’d held their noses and voted for the guy in the first place.

Over the course of his three terms representing South Carolina in the Senate, Graham had become predominantly known for two things: extreme hawkishness on foreign policy, following the lead of his close friend and mentor, the late Arizona Sen. John McCain, and a bipartisan streak that resulted in high-profile attempts to cut big deals on issues like immigration reform and climate change. A former senior staffer for a Democratic senator who has worked alongside Graham on bipartisan legislation tells me, “Like John McCain, he was a conservative Republican, but it was always worth asking where he was going to be on a particular issue, because he wasn’t completely beholden to party orthodoxy. He’d often be way out ahead of his staff, negotiating on the Senate floor unbeknownst to them, and they would be playing catch-up.

Will Folks, a conservative political blogger in South Carolina, says, “The joke here is Graham has a ‘count to six’ approach to governing: He spends the first four years of his term doing whatever he wants, veering off toward the left, and then the last two years, when the electorate is paying more attention, he comes right.

”Graham is “never flustered, and just a natural at dealing with people who don’t like him,” says David Woodard, a political-science professor at Clemson University who ran Graham’s first two campaigns for the House of Representatives and recalls the first-term congressman as quickly becoming the unofficial social director for his freshman class, though he added, “You’re going to find Lindsey knows a lot of people, but he’s not close to anybody.”

Source: How Lindsey Graham Lost His Way – Rolling Stone

‘Shattered’: Inside the secret battle to save America’s undercover spies in the digital age

When hackers began slipping into computer systems at the Office of Personnel Management in the spring of 2014, no one inside that federal agency could have predicted the potential scale and magnitude of the damage. Over the next six months, those hackers — later identified as working for the Chinese government — stole data on nearly 22 million former and current American civil servants, including intelligence officials.

The data breach, which included fingerprints, personnel records and security clearance background information, shook the intelligence community to its core. Among the hacked information’s other uses, Beijing had acquired a potential way to identify large numbers of undercover spies working for the U.S. government. The fallout from the hack was intense, with the CIA reportedly pulling its officers out of China. (The director of national intelligence later denied this withdrawal.)Personal data was being weaponized like never before. In one previously unreported incident, around the time of the OPM hack, senior intelligence officials realized that the Kremlin was quickly able to identify new CIA officers in the U.S. Embassy in Moscow — likely based on the differences in pay between diplomats, details on past service in “hardship” posts, speedy promotions and other digital clues, say four former intelligence officials. Those clues, they surmised, could have come from access to the OPM data, possibly shared by the Chinese, or some other way, say former officials.

The OPM hack was a watershed moment, ushering in an era when big data and other digital tools may render methods of traditional human intelligence gathering extinct, say former officials. It is part of an evolution that poses one of the most significant challenges to undercover intelligence work in at least a half century — and probably much longer.The familiar trope of Jason Bourne movies and John le Carré novels where spies open secret safes filled with false passports and interchangeable identities is already a relic, say former officials — swept away by technological changes so profound that they’re forcing the CIA to reconsider everything from how and where it recruits officers to where it trains potential agency personnel. Instead, the spread of new tools like facial recognition at border crossings and airports and widespread internet-connected surveillance cameras in major cities is wiping away in a matter of years carefully honed tradecraft that took intelligence experts decades to perfect.

Source: ‘Shattered’: Inside the secret battle to save America’s undercover spies in the digital age

A Letter From Gary Larson | TheFarSide.com | TheFarSide.com

Gary Larson has finally arrived online and the promise of new The Far Side cartoons is in the air, yet I don’t know how I feel about this. I will always love The Far Side but I cringe at the thought of the new stuff not measuring up to old stuff. I also miss seeing the cartoon nestled in the comics pages of an actual newspaper. And, truth be told, Larson’s hero status fell in my eyes when he aggressively chased his cartoons off the Internet.

Twelve years after I wrote that I still feel the same way. Now that Larson wants to join the party is he still welcome? Does The Far Side belong on the Internet at all, even if it’s Larson’s own doing? Or should it ride off into the sunset along with the newspaper industry?

I kinda wish I hadn’t had to ponder this question.

Truthfully, I still have some ambivalence about officially entering the online world — I previously equated it to a rabbit hole, although “black hole” sometimes seems more apropos — but my change of heart on this has been due not only to some evolution in my own thinking, but also in two areas I’ve always cared about when it comes to this computer/Internet “stuff”: security and graphics.

Source: A Letter From Gary Larson | TheFarSide.com | TheFarSide.com

Families Don’t Use Landlines Anymore – The Atlantic

The early telephone’s bulky size and fixed location in the home made a phone call an occasion—often referred to in early advertisements as a “visit” by the person initiating the call. (One woman quoted in Once Upon a Telephone recalls the phone as having the “stature of a Shinto shrine” in her childhood home.) There was phone furniture—wooden vanities that housed phones in hallways of homes, and benches built for the speaker to sit on so they could give their full attention to the call. Even as people were defying time and space by speaking with someone miles away, they were firmly grounded in the space of the home, where the phone was attached to the wall.

Over the course of the 20th century, phones grew smaller, easier to use, and therefore less mystical and remarkable in their household presence. And with the spread of cordless phones in the 1980s, calls became more private. But even then, when making a call to another household’s landline, you never knew who would pick up. For those of us who grew up with a shared family phone, calling friends usually meant first speaking with their parents, and answering calls meant speaking with any number of our parents’ acquaintances on a regular basis. With practice, I was capable of addressing everyone from a telemarketer to my mother’s boss to my older brother’s friend—not to mention any relative who happened to call. Beyond developing conversational skills, the family phone asked its users to be patient and participate in one another’s lives.

Source: Families Don’t Use Landlines Anymore – The Atlantic

Facebook audio snooping almost certainly prompted targeted ad

A story in July’s Consumer Reports discussed the possibility of our social media apps secretly listening to us:

Well, it’s technically possible for phones and apps to secretly record what you say. And lots of people sure seem to think they do.

According to a nationally representative phone survey of 1,006 U.S. adults conducted by Consumer Reports in May 2019, 43 percent of Americans who own a smartphone believe their phone is recording conversations without their permission.

But, to date, researchers have failed to find any evidence of such snooping.

While there might not be any fire yet, there sure as hell is smoke.
Continue reading

Electronics testing at the airport

I haven’t posted a TSA story in a while because I’m lucky enough not to travel as often as I did. When I have traveled, I have come to appreciate how professional the team at my home airport, Raleigh-Durham, is. I’ve never had a bad experience with them and this – I want to stress – is not a bad one, either. Just unusual.

For years I have enjoyed the benefit of TSA-Pre, allowing me to speed through security lines. Naturally, I headed into the TSA-Pre line when I flew out of Raleigh on Wednesday morning. Expecting all to be well, I was intrigued when I apparently set off the metal detector.

“Wait right here, sir,” the screener said, calmly. “We’re going to screen your electronics.”

I waited on the mat next to the metal detector while another agent got through checking another traveler’s electronics. He invited me over and I carried my bags to the testing station.

“Got any thing that is sharp, going to stick me, contraband, etc?” he asked. When I answered no, he politely asked if I had a laptop in the bag. I showed him the pocket it was in and he laid it out on the counter.

He then swabbed my laptop with a chemical pad, popped the swab into the sensor for analysis, and stepped away. To my surprise, the sensor began beeping. My newish work laptop had only been on my office desk and my home desk – not to the coca fields of South America or anything. I began to think over kind of substance could have possibly set off this false alarm.
Continue reading

A Destroyer – By John Steinbeck

USS Elliot (DD-967) in North Arabian Gulf, circa 1998

John Steinbeck spent a few weeks aboard a destroyer in World War II, the USS Knight (DD-663), and wrote this ode to destroyers called “A Destroyer” in 1943. It appeared in a collection of his dispatches published in 1958 in a book called Once There Was a War.

I think it sums up life on a destroyer quite well.

A destroyer is a lovely ship, probably the nicest fighting ship of all. Battleships are a little like steel cities or great factories of destruction. Aircraft carriers are floating flying fields. Even cruisers are big pieces of machinery, but a destroyer is all boat. In the beautiful clean lines of her, in her speed and roughness, in her curious gallantry, she is completely a ship, in the old sense.

For one thing, a destroyer is small enough so that her captain knows his whole crew personally, knows all about each one as a person, his first name and his children and the trouble he has been in and is capable of getting into. There is an ease on a destroyer that is good and a good relationship among the men. Then if she has a good captain you have something really worth serving on.

The battleships are held back for a killing blow, and such a blow sometimes happens only once in a war. The cruisers go in second, but the destroyers work all the time. They are probably the busiest ships of a fleet. In a major engagement, they do the scouting and make the first contact. They convoy, they run to every fight. Wherever there is a mess, the destroyers run first. They are not lordly like the battleships and the men who work them are seamen. In rough weather they are rough, honestly and violently rough.
Continue reading

AD/LDAP authentication on Linux hosts

I’ve been working with the Lightweight Directory Access Protocol (LDAP) for 18 years now. Then Microsoft embraced and extended LDAP with Active Directory. Nowadays most companies base all of their authentication and authorization on Active Directory and for good reason. In a Windows-only world it works great. For a mixed-platform environment, it’s a bit more difficult to make work.

I recently worked out how to make Linux systems authenticate against Active Directory using only the LDAP protocol and wanted to share it here for any fellow DevOps/sysaedmins who might want to try it themselves. The goals were to do it with minimum fuss and using the native tools – no third-party apps. I also want to do it solely with LDAP and not have to worry about pointlessly “joining” a Linux host to a domain.

The modern way that Red Hat likes to connect Linux hosts to AD like to do this is to use the SSSD suite of packages, join the host to the Active Directory tree, and talk to AD directly. This seems like a lot of bloat to me when all you need is authentication. Fortunately, you can use the “legacy” means and do it all with LDAP libraries.

Bridging Active Directory and Linux hosts

One way to integrate Linux/UNIX hosts into AD is to add Microsoft Windows Services for UNIX (SFU) schema extensions. This means every AD entry would be defined with common Unix attributes like uid (user id) and gid (group id). These could sometimes get out of sync with the AD attributes and at any rate would require constant updating of the AD records.

Ideally, we won’t depend on Services for UNIX additions in AD and the complexity it brings. Instead, we’ll identify standard AD attributes and map them to Linux/UNIX equivalents. The nss-pam-ldapd package allows us to do this in the /etc/nslcd.conf file, which we’ll see in a minute.

Differences between CentOS 6/AWS and CentOS 7 hosts

One stumbling block has been that Amazon Linux (amzn) uses old, old libraries, based on CentOS 6 packages. The nss-pam-ldapd package which ships with this version of Amazon Linux is version 0.7.5; a version too old to include the mapping functionality we need to avoid using Services for UNIX.

Fortunately, we can remove the amzn version and add an updated one. I have tested one I have found at this link which updates any amzn hosts to the 0.9.8 version of nss-pam-ldapd.

The version of nss-pam-ldapd that ships with CentOS 7 is 0.8.3 and works fine with attribute mapping.

Obtaining the domain’s ObjectSID

The goal of using a directory is consistency. If a user appears in AD, that user will be available to Linux hosts. Also, that user will be treated the same on every directory-equipped server as that user will ideally have the same uid/gid. Without adding Services for UNIX, we need some way to ensure a uid on one host is consistent with the uid on another host. This is done by nss-pam-ldapd by mapping Linux uid/gids to their equivalents in AD, called ObjectSIDs. You need to obtain your AD server’s domain ObjectSID.
Continue reading

My sledding souvenir

The start of the fateful sledding run

I spent this past week at the Veterans Administration’s War-Related Illnesses and Injuries Center (WRIISC), getting examined to figure out the strange health issues I’ve had since leaving the Navy (more on that later).

One issue I discussed with them has bothered me for the past few years.I’ve had a numbness that has developed along my right quadricep. It’s icy-cold sensation can wake me from a deep sleep and is quite aggravating. They asked me if I could recall any injury I may have had to my lower back.

At the time I could think of none. but when pondering it this morning the answer came to me and it is decidedly not war-related. Instead, it’s the long-delayed consequences from an injury I received from snow sledding with the family.
Continue reading

The Book of Prince | The New Yorker

On January 29, 2016, Prince summoned me to his home, Paisley Park, to tell me about a book he wanted to write. He was looking for a collaborator. Paisley Park is in Chanhassen, Minnesota, about forty minutes southwest of Minneapolis. Prince treasured the privacy it afforded him. He once said, in an interview with Oprah Winfrey, that Minnesota is “so cold it keeps the bad people out.” Sure enough, when I landed, there was an entrenched layer of snow on the ground, and hardly anyone in sight.

Prince’s driver, Kim Pratt, picked me up at the airport in a black Cadillac Escalade. She was wearing a plastic diamond the size of a Ring Pop on her finger. “Sometimes you gotta femme it up,” she said. She dropped me off at the Country Inn & Suites, an unremarkable chain hotel in Chanhassen that served as a de-facto substation for Paisley. I was “on call” until further notice. A member of Prince’s team later told me that, over the years, Prince had paid for enough rooms there to have bought the place four times over.

My agent had put me up for the job but hadn’t refrained from telling me the obvious: at twenty-nine, I was extremely unlikely to get it. In my hotel room, I turned the television on. I turned the television off. I had a mint tea. I felt that I was joining a long and august line of people who’d been made to wait by Prince, people who had sat in rooms in this same hotel, maybe in this very room, quietly freaking out just as I was quietly freaking out.

Source: The Book of Prince | The New Yorker