New Year’s Day open thread

Usually New Year’s Day is an occasion to discuss New Year’s resolutions, humorous and/or serious. But if we have learned anything from last year, it is that external events can derail even the best laid and best intentioned plans. So let’s share wishes for the return of experiences we miss, or few new things we want to try out as soon as they are available.

132 thoughts on “New Year’s Day open thread

  1. Happy New Year! What I miss the most is getting together with friends in person. And my kids being able to to go school in person. DH would add going to sporting events in person.

  2. Happy New Year!

    I have real plans for this year, for the first time in ages. Plans for work, home, exercise, volunteering…. Putting them all out there feels a bit intimidating, so here is one I can share: I have plans to change the way I shop for my clothes.

    Nearly two years ago I decided I was only going to buy locally-made clothing, to cut energy used in transport and because worker safety rules are tougher here. Then I decided “local” could be interpreted as “on the same continent” (because of common EU regulations, so no, Finn, Ukraine & similar don’t count) and I bought a wool cape made in Italy. Later that summer I slipped entirely and bought 3 jumpsuits and a sundress online. Only thing local was having some adjustments made to the dress (and it’s made by a company that says its materials come from eco-friendly sources). Fewer purchases, but clearly not a raging success.

    Last year, I bought Uniqlo Heat Tech long johns and tights, camis with built-in bras from Pour Moi and another manufacturer that might be European, and a bunch of base layer tops from Intimissimi, where I didn’t look too much into their “Italien fabric”. They’re silk & cotton, look & feel wonderful. Ahem. My overall score is very similar to the previous year.

    For this year, I have a plan. Whenever things open up, I want to look for a coat and maybe some pants at stores I think have mostly locally or EU-made stuff, that are conveniently all in the same part of town. I’m also going to drop some things off at a secondhand shop and look there for bell bottom jeans and wide-legged summer pants like MM “loves” (that’s an affectionate tease, MM!), a kimono, and maybe summer dresses. There are other second hand shops I’ve got my eye on for the dresses and maybe a sparkly topper, for if we ever go out again. I might even see how I feel about sorting through the racks at Humana. The last prong of attack will be market stands that sell leather and knit goods. If they don’t have the belt, sweater, or hat that you want, they will make it for you. The leather and buckles are right there, but obviously the knit items need to be ordered. I expect the second hand items will be less than I’m accustomed to paying, while things at the stores on market will generally be more (although my cape was €39, which I don’t consider spendy), so I probably won’t get a ton of stuff. Fine by me. We will see how it goes, but I think the closest thing to a need I have is work clothes for warm/hot weather.

  3. Happy new year, Totebaggers! May 2021 be filled with health and happiness for you all.

    Finn, I thought of you last night after you described how fireworks were a common on NYE in your area. Were there fireworks last night? I really would like to see that someday.

    Wishes for experiences: having friends over for dinner, running with a large group of friends, girls happy hour after work in the summer, seeing a movie in a movie theater, concerts, the list goes on and on.

    Oh, and I would like to be able to try on clothing in a dressing room in a store.

  4. Swim, last night I was reminded of how much I like this city at night. The guys trying to pick me up didn’t bother me—I enjoyed talking to them. The city feels much friendlier at night. I told my son when I got home how much I love that women don’t need to be afraid here (even though I did make sure to keep my bag in front of me, not on my back hip as during the day). He said “that’s probably a you thing”. In any event, once things open up again, I want to start going out to concerts and maybe clubs, with or without my son.

  5. I’d like to go out to get sushi with DH and without the children. I’d also like the kids to go to camp and to school. I’m hoping that at least DH and I will have been vaccinated by summer so they can do that.

  6. My oldest got invited to a New Year’s Eve party and I had to say absolutely not. The parents of one of his best high school friends always put this party on, and his high school gang comes, as well as many adult friends of the family. We usually stop by every year. But this, year, no. I was suprised that they even were doing the party – they are the cautious sorts. Their party is never on the wild side, so I imagine they felt they could hold it with social distancing, but my feeling is that once the food comes out (and being Italian, there is lots of it) the masks were going to come off. I felt badly about it, but I explained to DS1 that this is exactly the sort of gathering that Fauci is telling us to forego. My DS2 has already gotten together with his BFF for walkaround takeout sushi, so I suggested my oldest do something similar.

    So something I hope for next year is that we can do the party again. I also want to hold one of my traditional backyard BBQs. There are friends who I feel like I am losing touch with because they are not on Facebook and it is hard to see them in person in the cold.

    I also want to just be able to send my DD to school, every day, without having to worry about whether this is an in-person day or not, and whether she will end up on quarantine for having gone to school.

  7. Most of my goals/wants involve dedicated time with people I love. I cancelled a girls’ weekend with two of my oldest friends in October 2019 because I flew out to be with my brother when he had surgery. I cancelled again Feb 2020 for similar reasons, and our Apr 3 date was cancelled due to the virus. So I very much look forward to a lazy weekend of wine, walking around whatever city and laughing with people I’ve shared life with for over 30 years. I hope to get to do our annual siblings weekend. DS graduates this May, and we had at one point planned to go to Ireland, so we’ll see if that still happens. He was extremely sick at the end of the last trip he took and spent the the whole flight home throwing up into a bag, so the thought of a 10 hr flight is giving him flashbacks. So he’s asking about options for driving trips. My parents are finally moving to a continuing care place, so I’d like to be able to spend a weekend helping them clear out the house. And lastly, as we start putting more of an eye to retirement, DH and I would like to take some short trips to various locations. Even if I can’t do all these things, I want/need to put more effort into dedicating time to people I love, and not giving half my attention and trying to accomplish other tasks at the same time. That is probably my number one self-improvement goal for the year.

    The other major goal is health. DH turns 59 in a few weeks, and both his parents and both siblings had both a stroke and heart attack by 60. He is generally healthier than they all were, doesn’t smoke, no diabetes, but the family history is bad. I have had a series of small annoying health things, and have another skin thing removed in a week based on biopsy results, so I just want us both to get aggressive about improving our habits.

    I do love the focus on starting anew, so will invest the time in more concrete goals (like leave my phone in the other room when watching movies with DH and eat out no more than once/week). 2020 has highlighted for me that I should only focus on what I can control.

  8. I’d like to send my kids off to school without worrying about whether they’re going to follow covid protocols, and I’d like to see DS graduate.

  9. Finn, I hope your kids have good semesters in campus vicinity and that you can go to graduation in person.

    Does anyone have contact info for SoFlaMom that’s newer than an AOL address?

  10. I am looking forward to a return to normalcy. Or some significant progress toward normalcy. Some things on the calendar that I want to do (in person all):
    – Help DS2 and GF move into wherever they’ll be for 4 yrs beginning mid-yr. Maybe they won’t want/need my/our help.
    – Attend his white coat ceremony
    – Attend DS3’s college graduation.

    DW mentioned today she’d like to travel to Iceland, adding that might be a 2022 adventure. But we can start thinking about it and looking at stuff.

    2021 exercise/fitness goals:
    – average 11,000+ steps/day for the year. I was only a little under that for 2020.
    – do 10,000+ steps/day for one month…the TCM achievement I hold in high esteem. It won’t be January.
    – I have been going to my gym every 3rd day since it reopened in August for weight training. I think I’m more toned and feel better for it. so my loose goal is to keep that up and go 10x/mo, increasing the weight amounts every so often.

    Weight management:
    – fact based I lost 4 whole pounds in 2020. I guess not bad in the age of Covid, but also fact based I gave back 10-12 lbs since the end of August. My doc was fine with that and my other numbers earlier this week, so I am not worried. But
    – I want to drop 2lbs/month this year.

    The ‘K” shaped recovery has been very good to us. I hope economy recovers more broadly and fairly quickly for everyone.

  11. Fred, you reminded me that I’ve been missing the gym workouts. I think I’ll resume when I’m vaccinated.

  12. Fred, that weight loss/regain sounds to me like you’re lifting weights right. I bet you’ve lost inches as you’ve put on muscle.

  13. I have a group of friends with whom I socialize almost exclusively by having dinner with them at restaurants. The last time I saw them was in January– I missed the February dinner because I was visiting DS.

    I’m looking forward to dining with them again.

  14. When I come to this point in the calendar after the festivities, I feel the pages of the calendar about to fly. By the time, I realize it, it’s Feb.
    Yesterday as I took down the tree, I looked at all the ornaments. A lot were made by DS and DD as kids. I remember thinking at the time, that I was spending far too much time at Micheals during the holidays. The next set of ornaments were ones we brought back from our travels and the third set were random yet ones that represented what the kids were into, like Star Wars or the Sugar Plum Fairy from when we saw the Nutcracker.

  15. Louise – I have that those exact 3 sets of kinds of ornaments on our family room tree. I so enjoy putting it up and taking it down. Looking at each ornament and reminiscing. They now fill a fill 6 foot tree. My living room tree is is 9 feet with silver and red ornaments and white lights- super beautiful, but not as fun to take down and put up. We keep ours up until after Jan 6.

  16. I took the tree down yesterday, a New Years Day tradition. About five years ago my mom gifted me several shoe boxes of my childhood favorites. We now have way too many ornaments and this year so many were left in the box. Yesterday I organized the ornaments, putting the ones we used this year together, so next year when we decorate we can decide if we want to dig into the archives for any. I figure the ones that don’t make the cut for a second year will get tossed.

    Our ornaments are also the kids made/travels/representative of kids personality and likes. Then my childhood homemade and Hallmark penguins and the like. My MIL tossed all DH’s ornaments when he went to college (and began her tradition of elegant magazine worthy tree decorating), so he doesn’t have any representation of his youth on our tree.

  17. Mafalda – I used to keep mine till Jan 6, but I find myself swamped the first week of Jan and unable to enjoy a quiet putting away of all things Christmas.
    I tried a magazine worthy tree and I am halfway there but the ornaments are not Martha Stewart worthy even if the tree and lights are. Long time ago when I was just starting out, I had a guy in the office who had a side business selling home goods through mail order. I really didn’t want to buy anything but he showed me crystal nativity figurines. They were pretty expensive for me at the time but over a couple of months, I got the whole set. When, I look at that set, I think of him and his marketing skills.

  18. We keep our decorations up until after Jan 3, which is #2’s birthday – he likes for them to still be up. Actual timing depends on the year – I’m not strict on Jan 6. Some years I have to take the tree down before the 3rd, if it gets too dry. This year’s tree has stopped taking water but is still hanging in there!

  19. Meme, your trip linked at 6:05 looks amazing and they have many other delightful options. Have you used that travel company before? Many of their tours do not seem very physically demanding, so right up my alley. TBH right now it’s hard to imagine finding joy in traveling, but I am hopeful for the future.

  20. Kim, Mémé has used that company several times, and I was persuaded to use them for our trip to Glacier four or five years ago. They were excellent. Everything was well-organized and well-executed.

  21. Kim. Many trips with them. 2 different US National Pk trips, 2 African Safaris, Greenland, Patagonia, Portugal kayak, so far. They have lots of Polar bear trips in Canada. DH is too weak for any more travel other than bridge tourneys and family visits when they start up again, so I will be booking shorter solo trips US and Canada, maybe Central America. They are now affiliated with Lindblad, high priced nature ship based trips, but that is really a separate business. For this one figured I could drive to Quebec City rather than fly if I choose to.

  22. A tour over a week with a dozen participants solo means you’d better really hope you like the other participants, or at least that there’s no one you want to avoid. Good luck with it!

    Rocky, your comment from a few days ago, worrying about your SDiL because she wouldn’t want to spend a night away from her 10-month old baby is still ringing in my ears. It sounds a lot like my sister and mom telling me to “do something for myself” when I finally had the kid I’d waited so long for and what I wanted to do was be with him (and write my diss). I eventually did get to a place where I would’ve appreciated their help, just a couple years later. I still wish I could’ve gotten them to come to conferences or let him visit them then, but I don’t for a second regret the time I had with my little babe. Please don’t begrudge your relative the time soaking up her baby, especially now that she knows her life may be getting smaller. The prevailing opinion is that babies are a pain because they cry, poop, and spit up, boring because they can’t do much yet, and frustrating because you don’t know what they want. Some of us really enjoy watching all the tiny stages in development. Not for the sake of getting to a stage we can label in a post online or a sticker in a baby book, but because we just find it fascinating to watch life unfurl like that, and feel really privileged to see it so close-up. You don’t need to worry about her.

  23. We don’t take any Christmas stuff down until Epiphany. We decorated the tree on Dec 21, so we haven’t had it up that long. Our ornaments are really personal and some are pretty old – even some from when my mother was a kid.

  24. I spent my New Years Day deep cleaning the stove – taking apart all the burners, toothpicking out the tiny holes where the gas comes out, standing on tall chairs to get to the top of the hood, etc, etc. Fun stuff, but it needed to be done. I just realized today that DS1 has to be back at school on the 19th. He came home at Thanksgiving when Newark went into lockdown. It has been so nice having him for a good bit. DS2 goes back a week later.

  25. Our tree has similar groupings of ornaments to Louise: ornaments from my family (both some nice ones and some that I made including a now 50 year old hand-crafted (by me) ornament spray-painted gold with macaroni); ornaments that the kids made or picked out; and ornaments from travels. We have too many ornaments now to use them all – but in 5-10 years, I’ll give the kid ornaments to DS and DD. We are going to take the tree down today – after a while, DH and I both start having some allergies (stuffy nose) from the tree. I had that momentary thought – is it COVID? And then remembered it’s from the tree (and when I went to a different part of the house, my stuffy nose disappeared).

    We are all feeling a little blue that work/school start on Monday.

  26. I took down Christmas yesterday as well. It’s amazing how much quicker everything comes down than goes up. We ended up getting about 20 cards, so actually not too bad.

    DS is going back to school on the 11th. They are optimistic that there will be some in person classes, but he said he’ll probably come home if everything stays on line again. I can’t say I blame him. We’ll see what happens.

  27. Last night, we were looking for something to watch as a family, and we stumbled upon “Death to 2020” on Netflix. We all thought it was really funny. (Lots of profanity, so not suitable for younger viewers.)

    I always find it sad to see all the discarded Christmas trees lying by the side of the road awaiting pick-up. Early January is probably my least favorite time of year. The holidays are over, the decorations have gone away, it’s back to the grind, and it’s still dark in the afternoon. I tend to get perkier toward the end of the month when the days really start getting noticeably longer.

  28. I spent some time this morning reading the NYTimes deep dive into the huge security breach. I think this is one of the biggest bad things to have happened in a while, and want to comment on it. I don’t think this is too political for the main page.
    Evidently, the issue lies in the software that controls networks. I actually worked on this type of system as a summer consultant back in the 90’s. The company that hired me had was using this big blob of C code to do a lot of the work of generating the data structures used by some controllers. Nobody could read the code because of the way it was written so they couldn’t amke needed changes. They hired me thinking I could figure the code out. Oh lord was it a mess. It was 10,000 lines of one SINGLE C function, with myriad layers of preprocessing. This is a C thing that lets even more code get generated at startup, which makes the code even more opaque because it is close to impossible to know what is being generated. Nobody back then was thinking about security, but this thing would have been a security nightmare for the same reason it was unmodifiable. You can’t determine if code is secure if you can’t read it. So I spent the summer going back to the original specs and rewriting is so that any competent engineer could understand it,
    So SolarWinds, the company at the heart of this, had outsourced the development of this software to various contractors in Eastern Europe. OK, lots of companies do this, and even if they had developed in house, developers can still be compromised or make stupid mistakes. That really wasn’t the core of the problem. The problem was, SolarWinds had no kind of independent security review process, and it is likely that the code was badly written and hard to understand. So compromised software was developed, no one knew, and it was picked up by Microsoft who resold it, again without verifying that anyone had ever done any kind of security review.
    Clean, readable code that can be reviwed is at the heart of any quality process yet no one bothers. One of my fave case studies that I have my students do is Toyota. Remember does accelerator failures. Well one of the proabably causes was the fact that the code they developed for their cars ignored all quality standards for embedded software in the automotive industry (MISRA-C, for anyone who is geeky enough to care). As part of the lawsuits, outside software experts, including some from NASA, were brought in. Their conclusion? The code was too unreadable to even assess or test for bugs.
    The software industry has got to shape up. Software needs to be designed and engineered, just like we design and engineer dams and bridges. Instead, companies hire managers who know nothing about computers, who then hire people who are not that qualified to “code” – aka, fling code out in the cheapest fastest way possible. And then we all scratch our heads when systems get constantly breached.

  29. MM,

    Just don’t overthink it.

    Its security practices appear to have been lacking on a few fronts, including the use of the password “solarwinds123” for its update server.

  30. The other thing to keep in mind that people often think hackers are in a dark basement frantically typing Unix commands. It’s far more about conning people.

    If you want to hack into solar winds your best option might be to send Xenia Onatop to build a relationship with some midlevel Solarwinds executive.

    This is after all state sponsored espionage. This works just as well as it ever did:

  31. Rhett, you made me laugh. Remember when public officials couldn’t be gay because that would make it too easy to blackmail them (because being gay was a scandalous secret, of course)? I’m envisioning an operation in which it is discovered that a battalion of femme fatale has been unleashed on an industry/government agency/branch of the military, so there is a frantic effort to coordinate hiring and advancement of gay officers to the highest levels, to counter the legion of lipstick. Think the movie would be optioned? Of course, there is the wrinkle that women might also compete for those top spots and some of them might be bi/gay. That’s clearly a hole in the plot. Or maybe it’s the thing the whole story turns on. What do you think?

    Our decorations are mostly still up, but most of them aren’t terribly Christmas-specific, so I’ll leave them as long as we enjoy them. Jingle bells and the candle carousel will likely come down first, but the thick fleecy throw blanket will probably stay til spring break.

    NoB, I hear you on how different it feels once the lengthening of days is noticeable. Here, sunset is only a few minutes later than it was, but for the last couple days I’ve felt like it stayed light later than it had been. That might be an illusion, but I don’t care; I like it. Hope you feel it soon too.

    Rocky, “begrudge” might not be the perfect word for whatever the negative feelings about a mom in her 30s not wanting to give up time with the baby she waited so long for.

  32. And then there’s:

    And the old standby the disgruntled employee.

    A Robert Hassen like scenario is a strong possibility. A disgruntled software developer who thinks he’s smarter than everyone else but is furious he doesn’t get the respect he feels entitled to.

  33. SM, DH and I have been on many organized group trips and cruises where we are “stuck” with other people, all of whom would at first glance appear to be our peer group or compatible. Not so. 8 trips with one company is an indication that we have found the unicorn.

  34. Speaking of spies – I had the most amazing viewing experience. They have remastered the classic The Day of the Jackal. It was released in 1973 when movie film was entirely capable of HD. So you watch Paris in 1973 and it looks like it was filmed yesterday.

  35. Although this is an actual FSB (formerlyKGB) agent arrested and jailed in the US.

    So maybe the key is to be attractive enough but not so attractive that you stand out.

  36. Although one of the “real” Americans was a bit of a bombshell. Anna Chapman born Anna Vasilyevna Kushchenko.

  37. Rhett, it’s getting hot in here, lol. But the last line in your last post probably disqualifies everyone in the few previous ones, alas.

    Meme, I hope you enjoy the solo trip as much as you did the ones with your DH.

  38. I mean I don’t think the guys at 2:47 and 2:50 qualify as “attractive enough but not so attractive that you stand out.”

  39. And yes, clearly this movie needs a disgruntled software developer who’s been disrespected and is going to make everyone pay. Casting ideas?

  40. But do the senior execs really need an older guy? The 30-ish dude chatting me up NYE was pleasant; I turned down his invite to chat a bit longer, but someone his age is clearly do-able. The 24 year old from earlier in the evening, however, was a bridge too far. Maybe the function of the older hottie in the movie is to give middle-aged male viewers the chance to project themselves in a good light.

  41. And yes, clearly this movie needs a disgruntled software developer who’s been disrespected and is going to make everyone pay. Casting ideas?

    Or would you need someone older?

  42. Mémé, just curious, have you been been on multiple trips with any other travelers when using that travel company? Have you kept in touch with anyone you met through those trips?

  43. Thinking in terms of hacking being most about conning people… You might need Onatop to get the right person in the hotel room passed out so you can access the dual factor authentication. But you’re going to need to know your way around. So you meet up with current or former employees and say you’re working for an unnamed startup that’s looking to get into the network monitoring space. We are will to pay $250k? if you’ll walk us through Solarwinds inner workings.

    One would imagine the FBI is pouring over the financial records of current and former Solarwinds employees. Of course the key to being a detective is people are stupid (hopefully.). Someone bought a Ferrari or paid off their mortgage and can’t explain where they got the money.

    So then the question… if you’re the FBI do you say to current and former Solarwinds employees, “If you think you may have had something to do with this and you come forward you won’t go to jail. If you don’t come forward and we find out you will die in the CO super max prison with the Unibomber.”

  44. And then the plot thickens once again: the evil genius beefcake programmer at the center of it is a unibomber fan who has memorized his entire manifesto. Meanwhile, Putin is dealing with blowback….

    Btw Someone bought a Ferrari or paid off their mortgage and can’t explain where they got the money. reminds me that DS’s former coach has noticed that I haven’t worked in a while. He wonders where the money comes from, says he won’t judge if I tell him…. His ideas seem to be much more interesting than the reality, lol.

  45. Also, there must be some good pun about solarWINDS and BLOWback, but it’s much too late at night here for me to think of it.

  46. OK, there are hacks that are all about conning people. The attack on the Democratic National Party networks, which was caused by convincing someone to click on an email, was a con. Yes, tons of hacks are done that way.

    This was not a con. This had to do with utter unprofessionalism on the part of SolarWinds. The password was beyond horrible, and of course that tells me that they were also too stupid to do things like monitor accesses to their servers, or look for changes in the code. Nobody was conned here. They were just too stupid to even be taking the most routine steps. It had nothing to do with sending an attractive spy. The people at SolarWinds were able to do it to themselves.

    There is more to it than just that. Besides the backdoor inserted on the update server, it appears there is a second hack out there, called Supernova, which exploits a vulnerbility in the Orion API that allows authentication to be bypassed if certain parameters are passed. This has nothing to do with the insanely stupid password – this is a flaw in their code.
    “The SolarWinds Orion Platform is a suite of infrastructure and system monitoring and management products. The SolarWinds Orion API is embedded into the Orion Core and is used to interface with all SolarWinds Orion Platform products. API authentication can be bypassed by including specific parameters in the Request.PathInfo portion of a URI request, which could allow an attacker to execute unauthenticated API commands. In particular, if an attacker appends a PathInfo parameter of WebResource.adx, ScriptResource.adx, i18n.ashx, or Skipi18n to a request to a SolarWinds Orion server, SolarWinds may set the SkipAuthorization flag, which may allow the API request to be processed without requiring authentication.”

    Dear god. Who wrote this code?

    This also exposes a harsh light on the customers security practices. It seems because they trusted SolarWinds, because Microsoft was selling it, that they didn’t do any security testing of their own. And neither did Microsoft

    None of this has to do with cons. It has to do with supremely stupid and lax security practices.

  47. MM,

    API authentication can be bypassed by including specific parameters in the Request.PathInfo portion of a URI request,

    How did they know what parameters to use? How
    did they know the vulnerability existed?

  48. Finn. No multiple trips. Followed up and met up in NY once and it was a dud. SM, Thank you, I am sure I will if I get to go. I am not high on the vaccine list, but do precede the under 65s without two comorbidities. I should get it before August. I only went with DH on 3 of the 7 trips with this company. It was always a bit too energetic for him. 2 were with a daughter, one each, and 2 solo.

  49. the backdoor inserted on the update server is kind of fun too. The people who did this were targeting specific organizations, namely much of the US government, as well as CrowdStrike, Microsoft, and other high value targets. It gives near complete access to the target’s systems. According to Fortinet, this is what it does

    “Once downloaded, it then lies dormant for 12 to 14 days before taking any action. Once the waiting period is over, the Backdoor takes steps to ensure it is running in one of the environments targeted by the attacker, as opposed to a lower value organization, or in a sandbox or other malware analysis environment. The attacker appears to have wanted to stay as far below the industry’s radar as possible while carrying out its specific mission.
    Here is a high-level overview of the steps it takes to do so:
    Machine domain name validation. It checks the domain name of the compromised machine to ensure:
    It doesn’t contain certain strings.
    It is not a SolarWinds domain.
    It doesn’t contain the string ‘test’.
    It validates that no analysis tools, suc.h as WireShark, are running.
    It also checks to ensure that unwanted security software is not running.
    Once all of the validations are completed, it calls home to the threat actor and sends information to identify the breached organization…..
    As a next step, the threat actor leverages a memory-only payload called TEARDROP to deliver a CobaltStrike BEACON, among other payloads. CobaltStrike is a commercially available, full-featured penetration testing toolkit that advertises itself as “adversary simulation software.” However, it is also commonly used by attackers. To date, FortiEDR has actively detected and blocked many attacks leveraging CobaltStrike in real-time, including this one”

    So in other words, it lies dormant, then checks to see if it has been placed at one of the targets. If so, it then checks to make sure security software is not running. It sends out information on the identity of the target and then it deploys its payload.

  50. BTW, to mitigate confusion, the backdoor is referred to as Sunburst, and the thing that exploits the authenticatio vulnerability is called Supernova

  51. MM,

    Your link made me think of other “cons.” You send a skilled operative to chat up Solarwinds employees. 3-4 vodka sodas later, “The places sucks. I tell it’s a bunch of clowns supervised by monkeys. Do you know the API allows you to bypass authentication?”

    I know this will come as a shock but some people really love to complain.

  52. Some people like to complain. Some like to get food delivered or sleep. This is from a few years ago

    In another public embarrassment for the Air Force’s nuclear missile program, two crew members were disciplined earlier this year for leaving silo blast doors open while they were on duty in an underground facility housing nuclear missiles.

    In April a crew member was found “derelict in his duties in that he left the blast door open in order to receive a food delivery from the onsite chef” while the other crew member was on an authorized sleep break…

    In May, at Malmstrom Air Force Base in Montana, a maintenance team was allowed into an underground launch control center while one crew member was sleeping, in violation of rules. In this case, the commander of the crew, when questioned about the incident, told the deputy to lie about being asleep, which she initially did, according to officials.

    The silo blast doors are at the bottom of a shaft that leads to the launch control center. The heavy-duty blast doors are meant to protect the launch control center in event of a nuclear blast. That center controls up to 10 missile silos.
    Air Force officials insist security was not compromised in these incidents

  53. Possibly. But since the code existed, a decent code review would have surfaced it long before they got to that point.

  54. Rhett – The Day of the Jackal is one of my favorite novels. Thanks for recommending the movie.

  55. But it’s so much more fun to think that the cleaning company was made up of covert agents, leaving no fingerprints as they gathered info leading to the launch codes.

  56. But since the code existed, a decent code review would have surfaced it long before they got to that point.

    You link had some theories that it was there on purpose to serve some business need, make the product easier to use, etc. Is that possible?

  57. Mooshi, it is scary that it checked for security stuff that could detect it. Also the laying low for a while before doing anything seems like an extra level of tricky.

    Rhett, how about interpretive dance, where the most chiseled cast member is the malware and goes around knocking out the others. The overall look is a cross between Jackie Chan and a Bollywood dance number.

  58. There are myriad reasons why that code was there, some nefarious, some silly. But again, a company that takes its software seriously, not just for security reasons but to ensure that the software doesn’t contain a bug that could pull down someone’s production network, would be doing code reviews that would pick it up. Code reviews are part of the normal process of software development. Some companies take them seriously, others don’t, and most are kind of in the middle. I don’t think this company was doing them at all. But that would be par for the course for a company that took process so lightly that they had an easy to guess password on their update servier.

    Many hacks and instrusions exploit bugs and stupidly written software. This has been true since the 80’s, at least. I remember working as a student admin and dealing with some kind of attack on our research system that exploited a buffer overflow bug in the email code. You would think companies would learn.

  59. would be doing code reviews that would pick it up.

    And the boss would say, “Oh yeh. That’s there because X.” How does a code review fix that? Keeping in mind the one thing corporate America hates above all else is someone pointing out their previous shitty decisions.

  60. Rhett, reviews are common in many engineering fields.If you don’t want your dam to collapse, your company better have layers of reviews built in. I am arguing that we need to take software that seriously if we are ever going to get secure systems. And clearly, code reviews are just one tool. Security audits, not just of the code but also the servers and everything else, should have been done. Extensive testing…
    There are many things that should have been in place, including at the companies who bought this stuff, and it didn’t happen. I would say they get what they deserve, and hopefully Microsoft has some consequences, but ultimately it is the taxpayers who will foot the bill for this mess

  61. MM,

    I would argue we need to change the incentives so that these things occur. The current executive incentives do not support the level of diligence that is required.

  62. MM,

    What do your ethics classes teach? When Volkswagen asks you to code X. When Boeing asks you to code Y. When Solarwinds says code Z. What’s the official position?

  63. Rhett, I was told on here long ago that ethics is not a topic for engineers, and I shouldn’t expect them to think about that. When they are told to build a dam, they assume someone else has thought about all that other stuff and they build the dam.

  64. MM, thanks for the great explanation. My takeaway is that the outsourcing of coding overseas is just a bad idea. Also, there aren’t enough good software engineers out there managing and writing the protocols. Those in charge have limited technical experience, thus hindering the quality control. Also, no one budgets enough time for testing. This parallels my limited experience.

    As for New Years resolutions….I bought a goal journal for this year. But, I have misplaced it, so I haven’t started yet. That’s a bad sign.

  65. I realize you think engineers are all souless automatons, but that is not true. ABET accreditation requires that we teach engineering ethics. When I do the case studies with my students, I have to assess that unit, and report to ABET. Many programs, including where my son goes to school, require an entire course in ethics and technology.

    The issues at SolarWinds were caused by managers with no computing or security background, not engineers. It turns out that many of the development engineers were complaining loudly and some quit.

    Would you make comments like that about lawyers or accountants?

  66. Mooshi, it’s not me saying it. I’m glad to hear that there are ethics course (I’m guessing that’s what the “e” in ABET means) for software engineers. I was rocked back on my heels by the unanimous insistence here that ethics are not something an engineer should think about. That means more works for humanities types (or simply skipping ethical questions altogether) but needs to be done in a way closely linked with the products. Do you think other engineering fields are likely to get ethics classes as wel?

    Qqqq, would you say that outsourcing is more problematic for software than for other types of things? I’m thinking of safety standards for workers at clothing manufacturers and mines for minerals required for phones and PV cells.

  67. Mooshi, in response to your question, yes, I think ethics education should play a big part in training lawyers and accountants.

  68. Well, DS started his new year with a bang — he bought a car! For many years, he has dreamed about buying his own car, with his own money. He has spent countless hours on Craigslist looking at used-car listings, and figuring out what he might want. He has also spent countless hours watching Youtube videos about how to repair and modify cars, since he wanted a car that he could work on.

    He found a car that fit the bill in early December. It was at a little mom-and-pop dealership in rural New Hampshire. The day after Christmas, which was a couple of days after he got his license, DH drove up with him to look at it. DS decided it was exactly what he wanted, so he wrote a $5,000 check from his supermarket earnings to pay for it (after negotiating the price down from $6,000).

    DS didn’t quite believe DH and me when we told him he wouldn’t be able to take the car back with him immediately — in Massachusetts, you need to register the vehicle and get a Massachusetts license plate before you can drive it in state. The mom-and-pop dealership in NH doesn’t deal with the Massachusetts RMV, so DS had to do the legwork himself (I did help him). As we all know, dealing with the RMV can be difficult in normal times; add Covid to the mix, and it gets harder. It took a week to get through the process. For DS, there was drama. There were tears. He talked obsessively and endlessly about the car and how much he wanted to have it. Honestly, it has been like living with a lovestruck teenager who was being kept away from the object of his affection, except in this case the object of his affection was not a pretty girl, but rather a 2007 Honda Accord EXL.

    But all’s well that ends well. Yesterday, DH took DS back to the dealership, DS put his plates on the Honda, and he drove home with his car. (Well, actually, it wasn’t that easy, because in his excitement about finally going to pick up his car, DS forgot to grab the plates when DH and he left the house; when he got to the dealership and realized he had done this, he had to drive all the way back home, get the plates, then drive back up.) When he finally arrived home with the Honda, we practically had to drag him out of it to come eat dinner.

    I know that this is just the start of the story; like any relationship, this one will have its ups and downs. There will be times when his love will try his patience, and maybe even times when he will wish he had never committed in the first place. But hopefully there will be more good times than bad. For now, he is just totally over the moon.

  69. Mooshi, sorry for all the response posts. As soon as I hit “send”, another angle of your comment hits me. I’m looking forward to your reply to Rhett’s question about what the ethics courses have to say about this. Also, I’m not clear on what you’re saying—there are ethics principles for software engineers, but they were overwritten by unscrupulous managers? What good are ethics classes if the end result is still to simply follow orders?

  70. How are hyperbaric oxygen chambers related to the liquid oxygen needed for Covid patients (and others who are “on oxygen”)? My dad tells me he didn’t have metal or rubber toys when he was little, because until WWII was over, those materials were needed elsewhere. Could the equipment used to isolate oxygen for these chambers be used in the “war” in the virus?

  71. I realize you think engineers are all souless automatons, but that is not true. ABET accreditation requires that we teach engineering ethics.

    So what does it teach they should do in the situations mentioned previously? Resign and go to the press?

  72. @NOB – I love this story as I do all stories about your kids. They are both seriously great kids!

  73. Louise’s link to the NYT article is worth posting in full. It says that among the God-only-knows how many other provisions in the new 5K page bill that Trump signed, the Expected Family Contribution is being eliminated from the FAFSA.


    FAFSA’s Expected Family Contribution Is Going Away. Good Riddance.


    FAFSA’s Expected Family Contribution Is Going Away. Good Riddance.
    The dollar figure that the federal financial aid form spits out has long left families confused and despondent. And then there are those great expectations.

    Ron Lieber
    By Ron Lieber
    Published Dec. 30, 2020
    Updated Dec. 31, 2020
    The Expected Family Contribution — a dreaded and confusing term for parents about to send their children to college — made little sense in the best of times. Now, it’s finally going away.

    Among the orders and edicts spilling into the 5,000-plus pages of the bill that President Trump signed into law on Sunday night was one that strikes the three words from the federal Higher Education Act and replaces them with “student aid index.”

    As many as 19 million students and their families encounter the E.F.C. each year. It’s the dollar figure they see after they’ve answered scores of questions on the Free Application for Federal Student Aid (FAFSA) form, which they must file annually to qualify, and then requalify, for federal loans, grants and certain jobs.

    And good riddance, too.

    For decades now, families have been baffled by the E.F.C., the output of a federal formula that uses income and some household assets. Given that it doesn’t account for parents’ own student debts, for instance, plenty of people wondered whether the extra-large number was what they were supposed to pay for four years of college, not just one. It wasn’t.

    Then there are the words themselves. The great expectation that felt more like a demand. The unspoken assumption that, of course, families would step up and pay — parents, really, in the case of most students hoping to matriculate straight from high school. And the notion that this was a mere contribution, bathed in niceties, when in reality the bill could spiral well into the six figures.

    Goodbye to all that — to the judgment those words implied, to the things they meant but did not say and to all of the euphemisms that have seeped into a system that has led to so much anxiety for so many families and the professionals who counsel them.

    The underlying formula that determines the new index will change some, too — many more people will get federal Pell grants for lower-income students or qualify for the maximum amount. Other tweaks may mean even more disappointment for higher-income parents when the new index produces an even larger dollar figure than the E.F.C. did. (Their children could still get a more generous need-based aid offer from many schools than what the new index computes, or they might receive merit aid — which does not depend on financial need — from a college that wants them badly enough.)

    But for now, let us celebrate the banishment, as of the 2022-23 application season, of each of these hateful words from our lives, one by one — and the emotional toll they took on countless parents.

    Great Expectations
    The E.F.C. has been around at least since the Higher Education Act of 1992, though its inventor did not take a bow then. That person almost certainly needed better high school English instruction.

    Where I come from, teachers drilled passive verbs like “expected” right out of us. I can still hear Bill Duffy, in our 20th-century British literature class, raising his voice in a tone both innocent and offended. “By whom?” he wondered.

    Good question. A few years ago, I went to Washington and showed up for an appointment at the Department of Education with the intent of confronting the “expecter” doing the expecting, this destroyer of countless dreams of affordable college. But there is no such person, since the federal aid formula comes from statutes, not assistant secretaries acting on their own.

    Still, it’s worth answering Mr. Duffy’s question. First and foremost, it’s the federal government doing the expecting here. Its demands carry a kind of psychic weight, according to Caitlin Zaloom, an economic anthropologist and professor at New York University and author of the book “Indebted: How Families Make College Work at Any Cost.”

    “Policies like the E.F.C. are instructions to families and not simply numbers that have to be paid,” she said. “They are moral messages that the government is sending to mothers and fathers about what they are supposed to do to be good parents.”

    In other words, kids need education. The government expects parents to pay for it. If you don’t, you just may hinder their success in life. And if any part of your identity is wrapped up in helping your children do better than you have done, well, here’s an advance look at the bill. Got that?

    Those children may become expecters, too. After all, if the government is saying that parents are supposed to pay but that they are unable or unwilling to do so, the kids could begin resenting their parents. And then, parental guilt. And some borrowing, or a lot of it.

    The colleges have expectations, too. They see that E.F.C. figure and may want even more information. You fill out another form, and then comes more judgment about your supposed ability to pay.

    “The idea is that the university knows you well enough to expect something from you,” said Sara Goldrick-Rab, professor of sociology and medicine at Temple University and author of “Paying the Price: College Costs, Financial Aid, and the Betrayal of the American Dream.” “You get those words very early in the relationship, and they don’t really know you at all. It doesn’t build trust.”

    Then comes the kicker: That expectation may be just the beginning. “A college often expects students to pay more than the E.F.C.,” said Robert Kelchen, associate professor of higher education at Seton Hall University and author of “Higher Education Accountability.”

    All in the Family
    For students applying for college right out of high school, the “family” in the E.F.C. usually means parents, since it’s nearly impossible for students to work their way through college in any reasonable period of time anymore.

    But the E.F.C. makes no allowance for families where the parent or parents believe a child should try to pull that off. Or when parents look askance at higher education because they see no value in it, and then decide not to help. Or when students feel an obligation to help parents, even (or especially) if parents can’t help them.

    Estrangement complicates things, too. “With L.G.B.T.Q. students, people really begin to immediately understand the problem,” Dr. Goldrick-Rab said. “When a 19-year-old comes out and gets cut off, what is family now?”

    The E.F.C. also makes no allowance for extended families and obligations to aging parents, aunts, brothers or chosen family.

    “It denies any responsibility that may lie elsewhere,” Dr. Zaloom said.

    And Contributions?!
    By couching the E.F.C.’s final word in the language of charity, the federal financial aid system attempts to soften the blow. Sure, powerful forces are making demands of parents whether they like it or not, but at least it is a kind of gift. Right?

    Of course it isn’t. “A contribution is not supposed to be a payment that inflicts pain,” Dr. Zaloom said. (A disclosure: She married a good friend of mine who also absorbed Mr. Duffy’s wisdom back in the day.) “It is voluntary, something that you give easily. The word belies the weight that it puts on families.”

    Will a more neutral phrase, like student aid index, defuse the emotional land mines around what we can and should pay (and borrow and sacrifice) for college? Almost certainly not. The federal financial aid system can’t solve for stagnant incomes, inequality or the high costs of the residential undergraduate experience that many families crave for their children.

    But we can use better words. Language matters. It need not heap shame and blame on parents who are doing their level best.

    So we come not to praise the E.F.C. but to bury it, smother it in dirt and leave it in the ground. Let it be compost, born from a bitter word salad that nobody ordered in the first place. May a more gentle conversation emerge around our obligations to our children, as soon as humanly possible.

  74. “So what does it teach they should do in the situations mentioned previously? Resign and go to the press?”

    I just asked DS3 about his CS ethics class and he said it had a fairly major focus on whistleblowing and the options and protections surrounding that. I’m not an engineer and wasn’t involved in whatever thread SM is referencing, but at DS’s school ethics are emphasized in computer engineering. As I recall, his brother had a similar course in EE as well.

  75. Whistleblowing applies when there are laws being violated. With software and most consumer products, usually no laws are being violated so it’s perfectly legal to pick “fast and cheap” of fast, cheap and good, with the expected quality effects.

    Keep in mind that in areas where parts have to meet a specific quality standard (nuclear engineering is an example) that the same part can cost several times as much as without the quality standard guarantee because of the cost of assuring quality. Quality and regulatory standards, for software or physical parts, are not free.

  76. Good point WCE. At this point I’m not aware of Solarwinds having done anything illegal. Their product and security practices are just shit.

    I’m very curious to hear how those ethics classes deal with blowing the whistle on legal but shitty product.

  77. NoB, congrats to your son.

    Did you discuss insurance with him and get a quote before he bought?

  78. “Did you discuss insurance with him and get a quote before he bought?”

    Oh, yes. As soon as he got home from the road test for his license, I called the insurance company, and I had him on the phone with me as I spoke to the agent. The agent told us how much it would be to just add DS to our policy with our existing two cars, and what the fee would be if we added his desired third car. We told him that if he bought the car, he will be responsible for paying that difference. We also told him that he’s responsible for paying for gas, maintenance, repairs, etc. for his car.

    Which he says he’s fine with. He will do anything for his new love! He just got back from his shift at the supermarket. He ran upstairs, changed his clothes, and then ran back outside to work on his car. He told us he’ll come in after it gets dark.

  79. NoB – I love your post. Congratulations to your son (and to you and your DH for raising such a great kid)!

  80. Thank you to the Totebaggers who recommended Ted Lasso as well as Home for Christmas (Netflix – Norwegian) – I love both!

  81. I called the insurance company, and I had him on the phone with me as I spoke to the agent..
    That’s smart.

  82. I don’t understand that NYT article about the EFC. If I’m reading it correctly, the only thing that is changing is that the dollar number that is currently called the “expected family contribution” is now going to be called something else. So it’s just a matter of semantics? The author of the article seems to think that this change in terminology is tremendously important, but I don’t see how it’s important at all. What am I missing?

  83. So basically they’ve taken “expected family contribution” and replaced it with “student aid index”? Sounds much less clear about what the number means. I suspect the vast majority of people who don’t work for the NYT are more upset by the amount of aid they *won’t* get, not what you call it.

    Engineers and ethics: of course they teach it. DD’s classes seem to work an ethics aspect into every section. I think one issue, though, is defining what “ethics” means — without relying on hindsight. DD has looked at things like the causal chain that led to various catastrophes. But there are a lot of other “ethics” issues that require balancing various trade offs – like dams for power vs impacts on fish. The answer now is to build a fish ladder, but we didn’t always know that or do that, so if you’re the guy hired to design the dam, do you think heck no, I’m going to turn down the job because this is a pristine natural stream that is critical to salmon? Or do you think man, I’m doing a great thing here by bringing clean, reliable power to humans who don’t have it? There is no perfect answer; everything has tradeoffs. My hope is that DD is educated to understand that there are tradeoffs involved, and that she needs to think them through and not just assume it’s someone else’s problem.

    Re: computer code: the answer to that is legal: stop giving developers an “out” for selling bad crap. Literally everything else you buy is subject to product liability laws — and in many cases, those are strict liability of what you sell causes harm (even if everyone thought it was great at the time and no one knew any better). But software designers are allowed to force you to agree to waive all those rights via incomprehensible and unchangeable license terms. So they can sell whatever degree of crap they can make a buck on, and not have to worry about any consequences. And that creates an incentive to be first to market above all else — sell first, fix it later.

    That kind of policy may have made sense 25 years ago, when tech was really taking off and becoming a major opportunity for a lot of people. But code is now integral to many, many parts of our life – and Microsoft/Google/Apple/etc. are raking in so much money they literally don’t know what to do with it all. It’s time to shift the incentives back to the kind of balance that literally every other company that does business in the US needs to deal with.

  84. LfB,

    I think the bigger issue is dealing with whatever bullshit justification management and your colleagues have bought into.

    The only way these MBS can blow up is if housing prices fall nationwide. And we all know that can’t happen.

    The pilots will just treat it as another runway trim scenario and hit the cutout switches.

    Whwb you have a family and a mortgage and such it’s awfully tempting to buy into the bullshit.

  85. LfB,

    Question about legal ethics. David Boise was viciously going after the Theranos whistleblowers. Do layers have an obligation to report ongoing illegal activity? My understanding is they do. It just never happens.

    IIRC attorney client privilege doesn’t apply to ongoing illegal activity. But I could be wrong.

  86. I had the same thought as NOB regarding the change to the semantics of financial aid. I don’t understand people to whom precise language is emotionally important. (I understand it for regulations and contracts.) To me, the root of the EFC/student aid index problem is the dollars involved, not what you call the amount of dollars involved.

    I spend a lot of time communicating with people for whom English is not a first language, so my lack of sensitivity to precise wording is usually a feature, not a bug.

  87. I didn’t have any ethics class, and I don’t recall that one had been added when I was part of a curriculum review committee.

    Perhaps just as importantly, I didn’t have any environmental science class either.

  88. Finn, your environmental science class comment reminds me of my response to a friend who teaches Chemistry for Engineers, the only college chemistry class most engineers take. She knows I have more than the equivalent of a degree in chemistry and asked what her students *really* need to know.
    My response: “Don’t send anything with a ring in its structure down the storm sewer.”

  89. “The author of the article seems to think that this change in terminology is tremendously important, but I don’t see how it’s important at all. What am I missing?”

    I don’t think you’re missing anything. My takeaway is that the writer has some sort of hangup with the prior terminology.

    What’s more important is the change in formula.

  90. “storm sewer.”

    OK, while we’re on the subject of terminology, around here I don’t hear this term. The term I hear is, “storm drain.”

    Do those two things refer to different things? The storm drains here are separate from the sewer system, and my understanding is they basically route rainwater to the ocean. People who run water from their rain gutters into the sewers are subject to penalties.

  91. It’s the application of business risk review that is the problem. In my various workplaces, I have had ethics classes, risk classes, some mandatory, some not but issues continue to surface. At every point in long and complicated business processes there can be potential for slip ups. It requires constant vigilance which is expensive and a corresponding risk aware mindset. It’s a constant battle.

  92. We don’t have a standalone ethics class because ABET lets you embed the material into existing courses – you just have to show that it is there. The module I do focuses on the damage that poor design decisions and poor software can inflict on people, as well as liability. In the Toyota case, no laws were broken but because they did not adhere to industry standards and experts testified that their code was bugridden and untestable, they ended up settling for a good chunk of money. I also do a module on privacy standards and data in my database class. I think they do something with bias and racism in the data mining class. In the cybersecurity courses, there is a lot of focus on ethics. My oldest kid had a standalone class on ethics and technology, and they hit a lot of the same topics. The focus isn’t on whistleblowing but rather being aware of the issues. The idea is that in your career, you can hopefully guide managers to good practices and if not, well, there are plenty of jobs out there so just move on. Who wants to work for a company that builds crap? But keep in mind, SolarWinds was outsourcing most of its software work to the Czech republic.

  93. Some ethics violations and violaters, I knew personally.
    I wondered if they had ever thought through their actions and consequences of their violations on their very lucrative careers if they were caught. Apparently not. And we had classes warning against those specific behaviors.

  94. “Has he named his car yet ?”

    Louise — No, and I don’t think he will. I don’t think he’s a name-your-car type of person — nor am I. DH, on the other hand, has always put a lot of thought into finding just the right name for each vehicle he has ever owned. He even names his bikes! :)

  95. Finn, in some places storm water runs into the sewer system (major yuck) but in others the storm drainage system is separate from the sewer system. A place where precise terminology makes sense.

    I did not understand the point of the NYT article. The writer seems all concerned over the change in terminology

  96. Its not just private business that makes dangerous crappy decisions. A few years ago, the Oroville dam almost collapsed. The regular spillway was not properly inspected. The emergency spillway was basically a dirt hillside. There was a big storm, the regular spillway collapsed. The emergency spillway was used for the first time since dam construction. It started to collapse. Dam operator switched back to regular spillway, which destroyed it. Evacuation of 188,000 people. I was fortunate to be leaving the area about half an hour ahead of the emergency broadcast signal.

    Anyone who ever played erosion with a garden hose as a child could see what was going to happen. I spend a portion of my career working at that dam, relicensing and whatnot. There was a constant call from community members, enviro groups and ag groups that the emergency spillway needed to be concrete instead of dirt. Note that these groups didnt’ agree on anything but that issue.

    It was too much hassle and the people who would be effected by the dam collapse were neither politically powerful nor the ones who would pay for it.

  97. Louise, the definitions I’m getting for that phrase all present it in terms of financial risk to the company. Is that how you are using it in your 3:11 post?

  98. Rocky and Louise, what parts of that article would you highlight? Seems to me the author sums up their purpose in these lines towards the end:
    The federal financial aid system can’t solve for stagnant incomes, inequality or the high costs of the residential undergraduate experience that many families crave for their children.

    But we can use better words. Language matters. It need not heap shame and blame on parents who are doing their level best.

    After the earlier insights about how families work, particularly in the examples of lgbtq kids, that’s not what I expected.

  99. The dam never did collapse so that’s quite a big different than Boeing or Solarwinds.

  100. I wondered if they had ever thought through their actions and consequences of their violations on their very lucrative careers if they were caught. Apparently not.

    I’m not sue what you mean. Carrie Tolstedt made a few $100 million stealing from Wells Fargo customers and abusing her employees. When it all blew up she had to give $100million back. If she’d been an ethical person she would have been fired years before and lost out on $100s of millions of earnings.

  101. “I did not understand the point of the NYT article. The writer seems all concerned over the change in terminology”

    Because there was no point.
    College is expensive, especially at residential private four-year schools. There is a limited amount of money provided by Other People to pay those bills — the rest must come from the students and their families, and the amount that Families are Expected to Contribute will obviously be a function of their income and assets. No matter what it’s called.

  102. The point of the NYT article was for Ron Lieber to sell his new book, The Price You Pay for College. I like the Times, but this was yet another example of free advertising for their columnist.

  103. Lauren, that makes sense. Although I’ve got to say, if I could have a NYT piece to sell my book, I don’t think I’d spend it on such nicely-written silliness. It was easy to glide through the words, an enjoyable read, but resulted in nothing. Doesn’t make me want to spend money for more of the same.

  104. Rhett: the legal ethics rules are very very tight. There is a crime/fraud exception from the attorney-client privilege, but the mandatory reporting obligation is basically limited to a pending or ongoing crime that puts someone’s life at risk. A lawyer cannot allow a client to use his services to commit a crime, but even if you find out you’re being used, you have to be very careful about what you disclose to fix the problem — basically you have to avoid disclosing confidential info if at all possible, so sometimes you have to tell the court “I need to withdraw as counsel but I can’t tell you why.” Of course, every judge knows that means that your client is a lying scumbag, but you’re not the one saying it.

    As you can imagine, there is a hell of a lot more detail involved. But the short version is that there is a very high priority on client confidences, so the ethics rules are designed to protect that as much as possible while still respecting the need for the lawyer not to lie/cheat/steal or knowingly assist the client in doing so.

  105. basically limited to a pending or ongoing crime that puts someone’s life at risk.

    So almost all white collar crimes have no reporting requirement? Why not make them mandatory reporters?

  106. Mooshi, I appreciate your insight on the Solar Winds debacle.

    NOB, Congrats to your son!

    I miss traveling. I miss skiing and seeing my
    friends. When things are safer, I hope to take a trip to the home country with my mother and my daughter. I also have plans for an extended hiking vacation in 2022.

  107. LfB, why can’t the definition of a woman’s life used in determining if an abortion is legal be used to determine if white collar crime is deadly? We know that plenty of white collar crime is deadly, generally for many more people than a “mass” murderer could hope to claim. Also, your description of that tightrope reminded me of the immigration attorney who told me “if you were married, a different set of rules would apply and he wouldn’t have to leave the country, but that’s just a point of information; I can’t advise you to break the law [and get married when he didn’t have the right visa]”.

    Apparently the SolarWINDS thing has been slowly breaking for a few weeks and I just haven’t heard of it. Probably should get back on the social media site where I followed a bunch of news outlets.

  108. Stupid headlines: “Stock futures rise as equities look to kick off new year higher” (Yahoo Finance)

    Really? Equities are looking to do anything? I didn’t think their inanimate brain function was that developed. Maybe traders want the market to move higher (unless they have sold short then they want the market to decline). But equities themselves are not looking/seeking to do anything.

    It’s the way too much journalism is. I should get over it.

    Coming into my basement office this morning I felt very energized. The last couple of weeks of not doing much appears to have helped my mental attitude.

  109. Wth, man? Kids need to show up somewhere online, but who knows where, ready to do a thing, but no telling what. This note is from my kid’s principal. First half of it confirmed that classes are online Wed-Fri of this week, and they don’t know after that, are waiting to hear from Berlin Senate. Fair enough. But then there is this nonsense, instead of any kind of grounding or assurance that things are not entirely up in the air or unpredictable.

    at 8.30 every morning your child’s tutor will be registering all members of the tutor group. It is most likely that Google Meets will be used for this purpose, although some tutors may use Google Classroom. Either way, all of the students in the school, from Grade Six to Twelve, need to be ready for the day ahead by the time at which we normally start – that is, 8.30.

    The lessons themselves will be taught via Google Meets but not necessarily exclusively so. There may be some instances where my colleagues use Google Classroom or indeed alternatives to Meets. Whichever medium is used, students should realise that their day at home will follow the normal school day

  110. SM, I don’t the school’s messaging is that bad. I’m assuming that the kids have a platform they know to log into. Once logged in, the routine probably makes more sense to students, then parents. The first week of Fall was somewhat chaotic for DD1, but eventually she and the teachers figured it out. Even now, some of emails the school sends out sounds confusing, but DD1 understands it.

    On NYE we were going around the dinner table highlighting the best parts of 2020. One of the highlights for me was seeing my kids become better at accepting stuff that wasn’t planned. This is especially hard for DD1 who always needs to know exactly what it going to happen and if it didn’t, she’d spiral.

  111. LT, the last time School was online (for a couple months starting in Feb) an issue was that there was no agreement on what platform to log into or when and how work would be assigned. It doesn’t sound like much has changed in that regard.

Comments are closed.