Blog Ipsa Loquitur

Published on under Shame About Those Death Panels Though

Jonathan Chait on how Trump Is Proving That Obama’s Legacy Will Survive:

It is not surprising that only this year did the Affordable Care Act become popular. The law’s unpopularity depended entirely on the existence of an imaginary alternative that was free of trade-offs. The populist fallacy that everybody can get better insurance for less money if only the government wasn’t run by morons is seductive. Obama’s wonkish explanations could not expose the fallacy’s hollowness. But the Republicans in power have proven excellent (if inadvertent) tutors.

Indeed, some of the most important subjects of the lesson have been the members of the governing party themselves, many of whom never bothered to grapple with the policy before. The Republicans have spent the year desperately trying to pass a repeal, even in the face of staggering public disapproval for their efforts, because they cannot admit their entire case against Obamacare has been built on a lie. “They can’t accept they’ve been promising something that is undeliverable and a bad idea for seven years,” a “well-connected former Republican aide” told a reporter.

On the one hand, this kind of cheerfulness can understandably be mistaken for Pollyanna-ish naïveté. Every time your side gets a win, you can’t pat yourself on the back and say “of course, it was always going to be fine.”

But on the other hand, look: I’m exhausted and it’s less than a year into Trump’s first term. The other day, I listened to three podcasts about the dangers posed by the North Korean nuclear ICBM program. I appreciate—no, I need—a little of Chait’s relentlessly positive mentality. It’s good to hope that no matter how hard the Trump Administration tries, it can’t roll back every bit of Obama’s legacy.

So while I still have the reflex to throw up my hands and say “there are no political consequences for anything anymore,” I want to think that Chait’s right. How can you have watched a Republican House, Republican Senate, and Republican President fail to repeal Obamacare, and not believe that our politics are at least a little tethered to reality? The proposed legislation was wildly unpopular, even moreso than the existing legislation.

More Chait:

For eight years, Republicans drove themselves into a fever-pitch hysteria against the Affordable Care Act without bothering to learn how the law worked. Working from the premise that Obamacare was a uniquely ill-designed law — death panels! train wrecks! — they easily persuaded themselves and much of the country that Republicans could write something vastly better.

Half a year of Republican-run government has systematically exposed the right-wing arguments against Obamacare as bad-faith rhetoric or outright fantasy. One small-business owner, who told the New York Times in 2012 that he opposed the law as something jammed down the public’s throat, was re-interviewed this year. “I can’t even remember why I opposed it,” he now says.

It’s hard to argue with results in this case, but you have to wonder what the next year looks like. ​

Published on under Fear of a Bot Planet

Last month, the WannaCry ransomware attack caused a lot of damage to computer systems worldwide, but it could have been worse. It was limited in large part because one security researcher stumbled across a web domain named in the WannaCry source code. When the researcher looked up the domain, he saw no one had registered it; and so he put down the ten bucks for it, figuring it might be important. It turns out, if there was a web site at the domain, WannaCry uninstalled itself instead of encrypting users’ files and holding them for ransom.

A lot of outlets reported this web domain as a secret “kill switch” coded into WannaCry, but the anonymous security research wrote a fascinating essay titled How I accidentally stopped a global Wanna Decryptor ransomware attack:

The reason that was suggested is that the domain is a “kill switch” in case something goes wrong, but I now believe it to be a badly thought out anti-analysis.

In certain sandbox environments traffic is intercepted by replying to all URL lookups with an IP address belonging to the sandbox rather than the real IP address the URL points to. A side effect of this is if an unregistered domain is queried it will respond as it it were registered (which should never happen).

I believe the malware creators were trying to query an intentionally unregistered domain which would appear registered in certain sandbox environments, then once they see the domain responding, they know they’re in a sandbox and the malware exits to prevent further analysis. This technique isn’t unprecedented: the Necurs trojan queries five totally random domains, and if they all return the same IP it exits.

However, because WannaCrypt used a single hardcoded domain, my registration of it caused all infections globally to believe they were inside a sandbox and exit… thus we unintentionally prevented the spread and further ransoming of computers infected with this malware.

Got that? Your computer has a special file that it uses to look up the address of a server before it checks the internet’s version of that server address. When you type into your web browser, your computer first checks that special file—called a Hosts file—to see if it already knows what IP address is. Spoiler alert: your Hosts file is empty by default, so unless you added something by hand, your computer will end up asking the DNS computers what this site’s IP address is.

Security researchers (like Mr. I Stopped WannaCry By Accident) use software that creates a fake computer within their computer. That way, they can get their fake computer infected with viruses in a controlled environment, and see what they do, and inspect them forensically. All this without compromising a real computer.

However, many of these fake computers—called sandboxes—come with a Hosts file that points every unregistered domain back to the sandbox. So the WannaCry author mashed his or her keyboard for a few seconds, came up with a super long and random-ish domain name, and assumed that the only way that domain could do anything but fail to load was if WannaCry was running in a sandbox.

Or if a security researcher registered the domain for ten bucks. ​

One more thing

In addition to checking to see if they’re running in a sandbox, viruses usually check to see what they’re supposed to be doing once they’ve infected a computer. They need their instructions: send out millions of spam emails for one client, mine a whole bunch of bitcoins for this other client, etc. Viruses do this by talking to control servers, and you’ll never guess where Russian spies are hiding their control servers:

According to a report published Tuesday by researchers from antivirus provider Eset, a recently discovered backdoor Trojan used comments posted to Britney Spears’s official Instagram account to locate the control server that sends instructions and offloads stolen data to and from infected computers. The innovation—by a so-called advanced persistent threat group known as Turla—makes the malware harder to detect because attacker-controlled servers are never directly referenced in either the malware or in the comment it accesses.

​Basically, the people who want to control a botnet put a specially-coded comment on one of Spears’s photos. The comment looks innocuous to the human eye, but infected computers recognize it and use that to receive their instructions.

Published on under Dog Bites Car Stories

Craig Garthwaite, a professor of strategy and healthcare at Northwestern University, on why replacing Obamacare is so hard: it’s fundamentally conservative.

Republicans are engaged in a brutal civil war between hard-liners and moderates as they struggle to craft legislation to repeal and replace Obamacare. The episode invites an almost existential question for the GOP: Why, after seven years of nearly endless war against Obamacare, is the party unable to deliver a more conservative policy that provides access to health care to a similar number of Americans?

As a life-long Republican who has spent months contemplating this question, I’ve come to an answer that will be hard for many conservatives to swallow: Passing an Obamacare replacement is difficult because the existing system is fundamentally a collection of moderately conservative policies.

​Garthwaite’s op-ed is a nice recitation of the philosophical reasons conversatives should be comfortable supporting a market-based healthcare system like Obamacare. However, it doesn’t delve into the parentage of Obamacare, or why the DNA of the bill is so amenable to conservative principles.

For example, the right-leaning Heritage Foundation think tank consistently advocated for implementing the sorts of health insurance exchanges core to Obamacare, as recently as 2006. As governor of Massachusetts, Mitt Romney signed into law and implemented health insurance reform that looks awfully like Obamacare’s.

Fact is, there are a lot more reasons Congressional Republicans could support health care than ‘Reagan thought government could do stuff okay sometimes.’

Published on under The Ol' Burlap Switcheroo

Alastair Pal for Reuters UK: Fake online stores reveal gamblers’ shadow banking system.

The seven sites, operated out of Europe, purport to sell items including fabric, DVD cases, maps, gift wrap, mechanical tape, pin badges and flags. In fact, they are fake outlets, part of a multinational system to disguise payments for the $40 billion (31.6 billion pounds) global online gambling industry, which is illegal in many countries and some U.S. states.

The findings raise questions about how e-commerce is policed worldwide. They also underline a strategy which fraud specialists say regulators, card issuers and banks have yet to tackle head-on.

​Okay, so it’s no great surprise that despite the fact that gambling is illegal in the U.S., it’s still possible to find web sites that’ll take your money. That’s not news. What’s interesting about this story is how they take your money. Gambling sites set up stores that accept real money for fake goods, laundering the funds:

In December, a reporter placed an order for a yard of burlap cloth on one of the sites,, a website run by a UK company called Sarphone Ltd. The fabric, advertised in U.S. dollars at $6.48 per yard, has “many uses including lightweight drapes,” the website says. Sarphone did not respond to requests for comment.

This order went unmet. After a few weeks an email from My Fabric Factory arrived saying the product was out of stock. The payment was refunded.

​The most surprising thing about this is that it sounds like regulators largely rely on credit card processors to self-report gambling transactions.

Published on under I smell a sitcom, folks

Lisa Selin Davis, in the Guardian: For 18 years, I thought she was stealing my identity. Until I found her:

In 2013, my license was suspended again, this time for an unpaid ticket from 2012, for “Drive Cell Phone”, as the officer wrote. Like an addict, I cycled through every tactic with the DMV: charm, threats, shame; I tried begging and berating them. Once again, I pleaded guilty and paid a fine to get my license back, and once again I filled out the “Unauthorized Use” form.

Finally, the DMV told me that I wasn’t the victim of identity theft; there was simply another Lisa S Davis with the same birthday in New York City. Our records were crossed. When cops run a license, they don’t check the person’s address, signature, or social security numbers. They check the name and the birthday, and both the other Lisa S Davis’s and mine were the same. We were, in the eyes of the law, one person, caught in a perfect storm of DMV and NYPD idiocy.

When I visited the board of elections office in downtown Brooklyn, they told me the same thing. Lisa S Davis and I: we were one.

​Come for the tale of outdated government IT, stay for the white Lisa S Davis thoughtfully checking her privilege.

Published on under I'm More of a Druid of Meh

Willy Staley’s profile of Mike Judge in the New York Times is full of gems like this:

Calling “Idiocracy” a documentary is one of those jokes about Donald Trump that was made constantly in the latter months of 2016 and now reeks of a certain strain of ineffectual liberal smugness. Still, it’s an observation not entirely without merit. As recently as two years ago, the movie felt like a relic of the jingoistic Bush years, but then history shuddered in such a way as to render it clairvoyant.

In “Idiocracy,” the secretary of state is sponsored by Carl’s Jr., a company whose chairman very nearly became our current secretary of labor. In 2505, the Oval Office is occupied by an ex-wrestler and porn star named Dwayne Elizondo Mountain Dew Herbert Camacho; our president has been on the business end of a Stone Cold Stunner and once appeared in a nonpornographic segment of an otherwise soft-core Playboy VHS tape, dumping sparkling wine onto a limousine. His name is a brand name, too.

I hope one day to learn there’s a German word for “proposing something deliberately absurd which later turns out to be entirely factual.” They’ve got all the best ones, like joy derived from the suffering of others, and “grief bacon.” This would just complete the trifecta.

Of course, this profile largely exists to promote Judge’s new work, not his old. Turns out Silion Valley rhymes with Idiocracy more than I had thought:

If “Idiocracy” imagined that America would one day amuse itself into ruin, then “Silicon Valley” offers a compelling case for how we’ll go about doing it — not in spite of our best and brightest, but because of them.

Do the Germans have a word for “Mike Judge kinda needs a hug?”