https://festercluck.wordpress.com/atom

Let’s get this out of the way: The singular act of redistricting early in Texas is the grossest example of deafness by Texas legislators I’ve ever witnessed. We have so many other things that need attention independent of this that to lock it together with flood aid is nothing less than a disgusting violation of the public trust.

Mesquite is divided into an Eastern (District 107) and Western (District 113) districts. While I’m generally not a fan of splitting up the city, it’s true that life on either side of 635 does tend to have it’s differences. However, why are we still pretending that Balch Springs isn’t part of that life. Balch Springs students attend Mesquite ISD schools in both districts 107 and 113. The segregation of their vote into a district with South Dallas does not represent what life is actually like in that area. Balch Springs life is deeply intertwined with Mesquite. Having lived in both cities, I know this first hand.

Why is the northern part of District 113 including areas of Garland and Rowlett? This again serves no sensible purpose. Drawing the line of 113 at the Northern border of Mesquite would serve the area best. The only purpose I can see for including that area of Garland is to dilute their vote, and including Rowlett to compensate for the swing in vote 113 sees by including them. It effectively silences Garland’s voice.

In my lifetime I’ve always known Mesquite and Balch Springs as a fairly diverse area. By that I mean over the last 40 some years we generally have a population of around 30% Hispanic, 30% Caucasian, 30% Black, and 10% Asian. While there are the occasional racist, since I was in school 30 years ago we mostly consider those issues behind us. Social issues gravitate around economic factors instead. If the State would get its head out of it’s ass, perhaps it could learn a few things. Our borders are not your political play things, and while I love and respect all my neighbors, I have no interest in being the dumping ground of silenced minorities. We all deserve better.

The halls of power have decided they shall pick us instead of allowing for fair and normal voting. Please, everyone, continue voting and making your voice heard. However, since the courts keep eroding our ability to trust that system, it time to turn up the court of public opinion. The only way to do that effectively is by affecting their wallets. More specifically, property values. I’ll be writing a more detailed article on how this method will be effective, but the short version is that we must refuse to do business with, occupy the property of, or purchase the property of any person involved with the political misbehavior we are seeing, and we must uphold that commitment for the next 7-10 years. We must also make this commitment extend to any person doing business with the misbehaving party, or occupying their property, or purchasing their property.

We must refuse to be employed by, provide services to, enter any premises owned by, do business with, or purchase the property of any person listed below. This commitment must remain in effect for at least 7 years, attaching to property even if it’s sold to another party. If a listed person held interest in it, even if only in part, that business or property is effectively ex-communicated for 7 years past either it’s sale OR 7 years after the removal of that person from the list.

I’ll be posting the list along with a map of properties and list of businesses affected. The list will be fluid of course, and we should all communicate on it’s contents. However, to start, I’ll be listing every Texas legislator who voted for redistricting, any politician involved with bringing the matter to the legislature ahead of or locked with flood aid, and any politician involved with forcing the priority upon Texas. I believe this currently means:

Butler Snow LLP
Paul Bettencourt
Brian Birdwell
Donna Campbell
Brandon Creighton
Pete Flores
Brent Hagenbuch
Bob Hall
Kelly Hancock
Adam Hinojosa
Joan Huffman
Bryan Hughes
Phil King
Lois W. Kolkhorst
Mayes Middleton
Robert Nichols
Tan Parker
Angela Paxton
Charles Perry
Charles Schwertner
Kevin SparksDaniel Alders
Trent Ashby
Jeff Barry
Cecil Bell, Jr.
Keith Bell
Greg Bonnen
Brad Buckley
Benjamin Bumgarner
Dustin Burrows
Angie Chen Button
Briscoe Cain
Giovanni Capriglione
David Cook
Tom Craddick
Charles Cunningham
Pat Curry
Drew Darby
Jay Dean
Mano DeAyala
Mark Dorazio
Paul Dyson
Caroline Fairly
James Frank
Gary Gates
Stan Gerdes
Charlie Geren
Ryan Guillen
Sam Harless
Cody Harris
Caroline Harris Davila
Brian Harrison
Richard Hayes
Cole Hefner
Hillary Hickland
Janis Holt
Andy Hopper
Lacey Hull
Todd Hunter
Carrie Isaac
Helen Kerwin
Ken King
Stan Kitzman
Marc LaHood
Stan Lambert
Brooks Landgraf
Jeff Leach
Terri Leo Wilson
Mitch Little
Janie Lopez
AJ Louderback
David Lowe
J.M. Lozano
John Lujan
Shelley Luther
Don McLaughlin, Jr.
John McQueeney
Will Metcalf
Morgan Meyer
Brent Money
Matt Morgan
Candy Noble
Mike Olcott
Tom Oliverson
Angelia Orr
Jared Patterson
Dennis Paul
Dade Phelan
Katrina Pierson
Keresa Richardson
Nate Schatzline
Mike Schofield
Alan Schoolcraft
Matt Shaheen
Joanne Shofner
Shelby Slawson
John Smithee
David Spiller
Valoree Swanson
Carl H. Tepper
Tony Tinderholt
Steve Toth
Ellen Troxclair
Gary VanDeaver
Cody Vasut
Denise Villalobos
Wes Virdell
Trey Wharton
Terry M. Wilson

Donald J Trump
Greg Abbott

This site uses Akismet to reduce spam. Learn how your comment data is processed.

1. Identify an industry asset that should have its value written down.
2. Hype asset throughout industry, inflating value perception.
3. Advertise upcoming investment into building more of over-valued asset over some 5+ year window, contract with no intention to follow through with expansion.
4. Create or obtain a separate corporate entity.
5. Separate corp contracts with industry to become leader in over-valued asset. Seeks and obtains government funding for effort.
6. Industry sells assets at over-valued price to corp.
7. Corp grows rapidly in <5 year window, until overspending or fraud leads to public disgrace, leading to stock crash and bankruptcy.
8. Assets are liquidated, sold back to industry for pennies of the buy/build price paid through Govt funding.

AI is the cloud computing industry’s attempt to keep its aging assets and purchase contracts appearing valuable. They overbuilt and overcommitted on infrastructure. Stargate will buy, at great tax payer expense, these distressed assets at inflated prices and subsequently go bankrupt. The datacenters will then be sold back to cloud computing industry dirt cheap, thus completing the robbery.

This is a followup to my previous post.

Microsoft has removed information about disabling mitigations to Downfall in upcoming and current security updates to Windows. Why would Microsoft suddenly care about publishing how to turn off bare-metal mitigations that one could simply choose not to install? These updates can cause significant performance degredation in operations on Intel processors used in cryptographic key creation and usage, and in Secure Enclaves. The attack is just another form of Spectre (thus the camp Bond naming lineage).

Its almost as if there’s some giant

I’m done with snark. Azure has been pwned since at least 2017 at the bare metal level. Technical analysis on why and how can be read in my previous post. Microsoft’s current behavior continues to be reactionary without getting to the point, so I’ll be clear.

I worked shortly for Azure Developer Support. In Microsoft terms, I was a blue badge. I have had the occassion to look through the firehose that is Azure’s live logs. In 2018 I saw multitudes of VM’s being relocated by the Health Monitoring System for out of memory issues that did not exist. I also discovered at least 2 corporate clients who had their environments compromised with no sign of any malicious entry, only adminitrative actions which the admin had not performed, and subsequently called support.

I understand these attacks.Their attempted exploitation will chew up a lot of memory, and often lead to memory leaks both by virtue of their implementation and because malwate writers are notoriously bad about this. I determined in 2018 that malicious actors were exploiting speculative execution side channels to read out krys to Guedt boxen from the hypervisor or higher. It likely started in the Western Europe Region, where the hardware is “notorious for faling”. Health events are always high there.

I reported all these things to multiple people within Microsoft. I never received followup.

Personally and professionally I no longer recommend Azure. Even with Microsoft’s data segregation moves to assist with political and legal boundaries, its plain to see that the layer typically reserved as the domain for intelligence agencies is a free for all. I understand that Microsoft did not create Spectre, this is Intel’s problem. However, Azure is not the tower of top grade hardware Microsoft brands itself as either, no where near that. Frankly, no cloud provider has been or is safe, at all. The mere existence of the hypervisor layer in view of these exploits makes them an automatic liability when compared to running your own machines, and scales exponentially with the size of the provider.

Thank you to Sayen Sen for his article bringing me up to date, and for retaining the registry keys.

In response to Ars Technica’s coverage of the Storm-0558 Azure/Exchange hack: https://arstechnica.com/security/2023/09/hack-of-a-microsoft-corporate-account-led-to-azure-breach-by-chinese-hackers/

Let us all take a trip back to 2018, the earliest year mentioned in the article, and a year I revist often when in reference to Microsoft.

Spectre & Meltdown had been quietly “discovered” a year earlier, repairs at Microsoft were in full swing. Detecting vulnerable systems would have been at that time a matter of exploiting them and testing whether one had exfiltrated important data. Microsoft of course couldn’t just get at encrypted keys by standard routes, but they would have known how to detect them when they saw them. The result of Meltdown/Spectre attacks could often result in a crash dump, so why not just turn off the scrubbing, test the boxen, then parse through the crash dump for key headers and match contents against what had been exfiltrated from the attack? This would be an simple proof that the attacks were real, and whether or not it’d been meaningfully patched. If is highly unlikely the 2021 incident was the first and only unscrubbed crash dump, nor would an engineer’s account be the only path of exploitation here (More on this later). Keys contained in such dumps would give “keys to the kingdom” access to specific environments. Seeing as Microsoft’s log retention schedules wouldn’t have kept the information around long enough to know what else has been copied off the debug

2018 also saw the need to replace many hardware encryption devices due to underpinning weak keys. Microsoft was not immune to this.

So, what’s the likelihood an account with access to the debug environment was hacked before or during Spectre testing, and the attacker just sat and collected unscrubbed crash dumps?

IMHO: Azure has been hacked since at least 2018, and it’s not the first time I’ve pointed this out.

Preface: Conspiracies carry a different weight these days for something so common, in light of that understand I find no grand conspiracy in this, likely just a bunch of people who don’t care. That being said, using this would be too easy.

I’ve submitted this bug to Google already. They’ve replied with a WONT FIX response. I reopened the matter, and they replied it wasn’t a security bug. Therefore, I’m releasing the info.

END PREFACE

Why is the US GPO publishing documents using character dec 150/hex 96 (“–”) as the hyphen character? One possibility is old character format standards (ECMA-48), but documents published long after 1992 are using it. That control character is described as “START OF GUARDED AREA”, which basically means it’s supposed to mark an area of text that cannot be altered and should not be transmitted over networks or even to devices over IO when Guarded Area Transfer Mode is Reset. This is an old standard, and shouldn’t be followed anymore, or at least done with care. Things like this are embedded in old hardware and chip standards that must always be compatible. The standard itself predates the world wide web.

The problem I encountered is Google appears to uphold this standard in various pieces of it’s infrastructure. Indexing, for instance, seems to obey it. I believe this has to do with the use of Terminal Emulation somewhere in their pipeline. Essentially, to have all data transmitted through the terminal, one needs to issue CSI 1 h (SET MODE 1), or in hex: 9B 31 68 (or 9B 31 20 68).

I ran into this by chance when researching government salaries. I reached these pages by scouring government websites, not by using search engines. In fact, Google doesn’t even present the link below.

https://www.govinfo.gov/content/pkg/USCODE-2011-title3/html/USCODE-2011-title3-chap2-sec107.htm

Not even when searching it by link:

https://www.google.com/search?q=https%3A%2F%2Fwww.govinfo.gov%2Fcontent%2Fpkg%2FUSCODE-2011-title3%2Fhtml%2FUSCODE-2011-title3-chap2-sec107.htm&sxsrf=APq-WBsUU4OKDCWPjG342B5H5g0VP6Dq6g%3A1646450771143&ei=U9giYruoCIuV0PEP-eO6uA0&oq=https%3A%2F%2Fwww.govinfo.gov%2Fcontent%2Fpkg%2FUSCODE-2011-title3%2Fhtml%2FUSCODE-2011-title3-chap2-sec107.htm&gs_lcp=ChNtb2JpbGUtZ3dzLXdpei1zZXJwEANKBAhBGAFQmBpYvTNgwzVoAXAAeACAAYABiAHfApIBAzAuM5gBAKABAcABAQ&sclient=mobile-gws-wiz-serp

Nor with quotes:

https://www.google.com/search?q=%22https%3A%2F%2Fwww.govinfo.gov%2Fcontent%2Fpkg%2FUSCODE-2011-title3%2Fhtml%2FUSCODE-2011-title3-chap2-sec107.htm%22&sxsrf=APq-WBugLVQjcizfRHJ006CP9mnuKSMMCg%3A1646450827354&ei=i9giYvaEFaWoptQPspar0AE&oq=%22https%3A%2F%2Fwww.govinfo.gov%2Fcontent%2Fpkg%2FUSCODE-2011-title3%2Fhtml%2FUSCODE-2011-title3-chap2-sec107.htm%22&gs_lcp=ChNtb2JpbGUtZ3dzLXdpei1zZXJwEANKBAhBGAFQihJYvD1gv0BoAHAAeACAAeABiAGWBZIBBTAuNC4xmAEAoAEBwAEB&sclient=mobile-gws-wiz-serp

inurl? Nope:

https://www.google.com/search?q=inurl%3Ahttps%3A%2F%2Fwww.govinfo.gov%2Fcontent%2Fpkg%2FUSCODE-2011-title3%2Fhtml%2FUSCODE-2011-title3-chap2-sec107.htm&sxsrf=APq-WBu8cZsslKGxIEcQEOAl91SveXaL-g%3A1646450943593&ei=_9giYt-vI6ibptQPzu6DwAc&oq=inurl%3Ahttps%3A%2F%2Fwww.govinfo.gov%2Fcontent%2Fpkg%2FUSCODE-2011-title3%2Fhtml%2FUSCODE-2011-title3-chap2-sec107.htm&gs_lcp=ChNtb2JpbGUtZ3dzLXdpei1zZXJwEAM6BAgeEApKBAhBGAFQvg1Y8D5g3EBoAHAAeACAAY0BiAHqBZIBAzAuNpgBAKABAcABAQ&sclient=mobile-gws-wiz-serp

Surely site? Nothing there either:

https://www.google.com/search?q=site%3Ahttps%3A%2F%2Fwww.govinfo.gov%2Fcontent%2Fpkg%2FUSCODE-2011-title3%2Fhtml%2FUSCODE-2011-title3-chap2-sec107.htm&sxsrf=APq-WBvkETnfSmkrAZlgfWkaNWqgIYVGJg%3A1646451000283&ei=ONkiYsytELeiptQPnpi70AI&oq=site%3Ahttps%3A%2F%2Fwww.govinfo.gov%2Fcontent%2Fpkg%2FUSCODE-2011-title3%2Fhtml%2FUSCODE-2011-title3-chap2-sec107.htm&gs_lcp=ChNtb2JpbGUtZ3dzLXdpei1zZXJwEANKBAhBGABQoRZYmkFg1ERoA3AAeAGAAcIBiAG0CZIBAzMuN5gBAKABAcABAQ&sclient=mobile-gws-wiz-serp#sbfbu=1&pi=site:https://www.govinfo.gov/content/pkg/USCODE-2011-title3/html/USCODE-2011-title3-chap2-sec107.htm

Here are the standards I’m referencing. And no, its not Em-Dash. That construct is more modern than many of the documents using it.

http://www.ecma-international.org/publications/files/ECMA-ST/Ecma-048.pdf#page=33

https://codepoints.net/U+0096?lang=en

In the years leading up to writing this article I was of the opinion that everything I’m about to comment on are matters of common sense, matters of basic held ethics, business practices one learns when first learning what business is, and qualities of decent human beings. In a time where I have been delighted to have my confidence in humanity reinforced, there is one exceptional example of opposing arguments occupying too much of my time, and today I handled that situation. Your criticism is hereby requested.

We will touch on these questions and points:

How dare they?!

When should a developer be paid for their work (chronologically)?

Should an employer allow those working for them to continue to work when they do not have funds to pay for that work?

Should an employer rely on or relay the status of unsecured funding to those working for them in the course of their work? When and how is this appropriate?

Status employment of those working for the company: Is discerning this meant to serve the employed, the employer, or both? What are the implications of unilaterally making that call and changing it over time?

Can a contract write away rights? (The quick answer here, in Texas, is no.)

Texas is known to be a employer-friendly state, but what is the reality?

Still writing this. Have it up soon.

Mankind has not yet developed artificial intelligence. What we do have is computer learning and neural networks, and both of these are just ways of rearranging pre-existing data sets. While amazing insight can be had with these tools, when used without oversight they can produce not just tacky, but down right offensive results.

Here’s a simple example. If a developer wanted to quickly make a set of image filters for their photo app, they’d likely look for a list of popular artistic terms around photos and images of people, then query for large data sets of images which match those words. These images would be scanned by their computer learning algorithm for patterns, in so learning how to alter an image of a human into something similar to those categories of portraits. For all the complexity what I’ve described here, personally I find the entire endeavor to be a poor excuse for innovative software. It’s a cheap knock-off. But let’s play along and choose some of the words they might use for filter names:

Renaissance Abstract Dangerous Pop

 It should be immediately obvious that “dangerous” shows more persons of darker skin tone. “Renaissance” the exact opposite. It’s all about the source data. If your using a free app, it’s likely the developer quickly sourced a cheap data set.

AI isn’t biased, you’re just using cheap software.

Short and sweet: You’re doing it wrong. Your Javascript is too “clever”, and will be a maintenance nightmare. Read the docs. No really, read them. You’ve been adding inline padding styles to ‘fix’ your elements because you didn’t read the docs. Worse yet, you simply didn’t take the time to do a couple searches before you vomited code all over the branch.

Understand, nobody memorizes documentation before starting to code. They do, however, keep them open and search there first. Using Bootstrap? You should have a tab with GetBootstrap.com open constantly. Using AngularJS? Search on.

Here you will find every core resource (as in links, yo) I use daily designing Javascript & CSS, UI & UX. You might find the occasional C#/.Net tip as well.  But, at its core, this post will serve as a repository of things not to do.

Each section will start by pointing out your deceit, your lies, and your damn lies. If I feel generous I may explain the right way. However it’s most likely you’ll get a link to the part of the documentation I used to determine the right way. And, yes, there is a right way.

Want proof I know you didn’t read the documentation? You put a column inside another column without a row. Don’t do that.

• Learn to use col-*-12 and quit making margin/padding classes.
• If it’s complicated you’re doing it wrong.
• Quit screwing up forms. Copy, paste, imitate. It’s not a science.
• Use bootlint, save me the hassle.

$http’s .success() & .error() taught you how to avoid Promises. Don’t use them as proof you understand Angular. You’re doing it wrong

• Nice 2000 line controller you have there. Abstract much?
• You said you understood MVC. You lied.
• HTTP has all the error codes we need. Quit making up bullshit.
• Router resolves… yeah I figured. Go learn.

Why did you extend the grid with jQuery? No, not an Angular directive either. Go look up their events your damn self. Did you even look at their documentation?

• DataSources can do that. Problem is you keep researching the Grid. Read
• Unsupported means ‘Don’t do that.’… Don’t do that.
• By all means, bring in some other control to extend Kendo’s widgets. It’s not like they haven’t abstracted everything and thoroughly tested the pieces for exactly this sort of situation or anything. We pay for the commercial version purely as a legality….  </sarcasm>

As soon as I’m done balming this peak up I’ll have more.

As a Software Developer in Dallas, TX it is very obvious that the demographics of my profession have absolutely nothing in common with the demographics of my city. To be frank, it’s mostly Caucasian males (~65%), Indian males & females (33%), the later weighted towards immigrant workers.

This is just a mind dump on something larger I’m working on. Please forgive the formatting.

Dallas and Fort Worth have a rough population breakdown of 50% White, 24% Black/African American, 42% Hispanic / Latino (this classification spans races), and various Eastern Asian races making up 1-2%  of the remaining. For these totals I’ve settled on the data found at http://en.wikipedia.org/wiki/Demographics_of_Dallas%E2%80%93Fort_Worth after checking with many sources, and it’s a great average on those.

To get employment data on my industry in my area I used http://qwiexplorer.ces.census.gov/. I included the Dallas, Tarrant, and Denton counties as the industry is spread across these three.

The numbers you are about to read are preliminary, and therefore skewed. I’ve listed a few areas which seemed odd to me, why so, and my current hypothesis as to why that area may be wrong.

       Ind      Avg             Ind    Area     Population
       Emply    Salry           Emp    Emp      D/FW
 BLK   12,642	57980 (-35%)	17%	17%	24%
 WHT   53,454	86124		73%	73%	50%
 HIS   10,593	50541 (-41%) 	14%	21%	42%

Strange Point:
The percentage of persons employed who are black in the area changes almost nothing, and when filtered down to just my industry didn’t change at all. My hypothesis is that this is skewed because my filter is “Information” workers, and there are large call centers here for mobile phone support which one will find a statistically large population. These jobs don’t pay very well, which may in turn have a lot to do with the salary difference from the Caucasian numbers.

The Hispanic numbers at first surprised me the most, but I believe cultural differences adequately account for the population strangeness. The same biases are expected with Hispanic numbers as Black, but the fact that they are significantly lower isn’t in line with industries.

It’s my belief that my local industry should reflect my city demographics. There’s enough of a under-employment problem here that it certainly seems like an area of interest. If employers feel they need to pursue H-1B workers, that means they can’t find those educated to do the job here (in theory).

Secondly, but perhaps more importantly, software development, design, and project management have evolved in these fields through the concerted effort of those in it to bring their own culture, knowledge, and experience to improve these systems. Every one of those specialties are in a slump, even after Agile was supposed to be savior. Agile is great, but even it teaches at its core to be flexible and evolve when challenges arise. I believe the entire process is lacking underlying cultural and cognitive paradigms from these underutilized brethren. No matter how much technical accuracy we’ve designed into our processes and designs, not one person working in this industry hasn’t heard about the importance of a new hire being a good culture fit.

When you fail to merge branches before building, dependencies are silently lost.