Weird A.I. Yankovic, a cursed deep dive into the world of voice cloning

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

In the parallel universe of last year’s Weird: The Al Yankovic Story, Dr. Demento encourages a young Al Yankovic (Daniel Radcliffe) to move away from song parodies and start writing original songs of his own. During an LSD trip, Al writes “Eat It,” a 100% original song that’s definitely not based on any other song, which quickly becomes “the biggest hit by anybody, ever.”

Later, Weird Al’s enraged to learn from his manager that former Jackson 5 frontman Michael Jackson turned the tables on him, changing the words of “Eat It” to make his own parody, “Beat It.”
Your browser does not support the video tag.

This got me thinking: what if every Weird Al song was the original, and every other artist was covering his songs instead? With recent advances in A.I. voice cloning, I realized that I could bring this monstrous alternate reality to life.

This was a terrible idea and I regret everything.

Everything that is wrong with, and everything that is right with, AI voice cloning, brought together in one place. Hearing simulations of artists like Michael Jackson, Madonna, and Kurt Cobain singing Weird Al’s versions of their songs is… strange and unsettling.

Some of them are pretty convincing, which is a useful and accessible reminder about how powerful these tools are becoming. An under-reported story from a few years back identified what might be the first recorded case of criminals using AI-based voice spoofing as part of a telephone scam, and since then the technology needed to enact such fraud has only become more widely-available. While this weirder-than-Weird-Al project is first and foremost funny, for many it foreshadows darker things.

How to date a recording using background electrical noise

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Matching a target ENF series with a section of a reference series

We’re going to use ENF matching to answer the question “here’s a recording, when was it was (probably) taken?” I say “probably” because all that ENF matching can give us is a statistical best guess, not a guarantee. Mains hum isn’t always present on recordings, and even when it is, our target recording’s ENF can still match with the wrong section of the reference database by statistical misfortune.

Still, even though all ENF matching gives us is a guess, it’s usually a good one. The longer the recording, the more reliable the estimate; in the academic papers that I’ve read 10 minutes is typically given as a lower bound for getting a decent match.

To make our guess, we’ll need to:

  1. Extract the target recording’s ENF values over time
  2. Find a database of reference ENF values, taken directly from the electrical grid serving the area where the recording was made
  3. Find the section of the reference ENF series that best matches the target. This section is our best guess for when the target recording was taken

We’ll start at the top.

About a year after Tom Scott did a video summarising how deviation over time (and location!) of the background electrical “hum” produced by AC power can act as a forensic marker on audio recordings, Robert Heaton’s produced an excellent deep-dive into how you can play with it for yourself, including some pretty neat code.

I remember first learning about this technique a few years ago during my masters in digital forensics, and my first thought was about how it might be effectively faked. Faking the time of recording of some audio after the fact (as well as removing the markers) is challenging, mostly because you’ve got to ensure you pick up on the harmonics of the frequencies, but it seems to me that faking it at time-of-recording ought to be reasonably easy: at least, so long as you’re already equipped with a mechanism to protect against recording legitimate electrical hum (isolated quiet-room, etc.):

Taking a known historical hum-pattern, it ought to be reasonably easy to produce a DC-to-AC converter (obviously you want to be running off a DC circuit to begin with, e.g. from batteries, so you don’t pick up legitimate hum) that regulates the hum frequency in a way that matches the historical pattern. Sure, you could simply produce the correct “noise”, but doing it this way helps ensure that the noise behaves appropriately under the widest range of conditions. I almost want to build such a device, perhaps out of an existing portable transformer (they come in big battery packs nowadays, providing a two-for-one!) but of course: who has the time? Plus, if you’d ever seen my soldering skills you’d know why I shouldn’t be allowed to work on anything like this.

Matching a target ENF series with a section of a reference series×

Coco the Criminal and Peanut the Prophet

There’s a bird feeder in my garden. I’ve had it for about a decade now – Ruth got it for me, I think, as a thirtieth birthday present – and it’s still going strong and mostly-intact, despite having been uprooted on several occasions to move house.

I like that I can see it from my desk.

A greater spotted woodpecker hangs off a feeder cage with a fat/seed ball inside.
A woodpecker’s been a regular visitor this winter.

This month, though, it lost a piece, when one of its seed cages was stolen in a daring daylight heist by a duo of squirrels who climbed up the (“climb-proof”) pole, hung upside-down from the hooks, and unscrewed the mechanism that held the feeder in place.

Not content to merely pour out and devour the contents, the miscreants made off with the entire feeder cage. It hasn’t been seen since. I’ve scoured the lawn, checked behind the bushes, peered around bins and fence posts… it’s nowhere to be found. It’s driving me a little crazy that it’s vanished so-thoroughly.

Grey squirrel sitting on a log.
Artists’ recreation of one of the culprits. (Courtesy @mikebirdy.)

I can only assume that the squirrels, having observed that the feeder would routinely be refilled once empty, decided that it’d be much more-convenient for them if it the feeder were closer to their home:

“Hey, Coco!”

“Yeah, Peanut?”

“Every time we steal the nuts in this cage, more nuts appear…”

“Yeah, it’s a magic cage. Everysquirrel knows that, Peanut!”

“…but we have to come all the way down here to eat them…”

“It’s a bit of a drag, isn’t it?”

“…so I’ve been thinking, Coco: wouldn’t it be easier if the cage was… in our tree?”

Bird feeder with a missing cage: only its lid continues to hang.
Scene of the crime.

I like to imagine that the squirrels who live in whatever-tree the feeder’s now hidden in are in the process of developing some kind of cargo cult around it. Once a week, squirrels sit and pray at the foot of the cage, hoping to appease the magical god who refills it. Over time, only the elders will remember seeing the feeder ever being full, and admonish their increasingly-sceptical youngers ones to maintain their disciplined worship. In decades to come, squirrel archaeologists will rediscover the relics of this ancient (in squirrel-years) religion and wonder what inspired it.

Or maybe they dumped the feeder behind the shed. I’d better go check.

A greater spotted woodpecker hangs off a feeder cage with a fat/seed ball inside.× Grey squirrel sitting on a log.× Bird feeder with a missing cage: only its lid continues to hang.×

Parcel Delivery Scammers Could Try Harder

There’s a lot of talk lately about scam texts pretending to be from Royal Mail (or other parcel carriers), tricking victims into paying a fee to receive a parcel. Hearing of recent experiences with this sort of scam inspired me to dissect the approach the scammers use… and to come up with ways in which the scams could be more-effective.

Let’s take a look at a scam:

Anatomy of a Parcel Fee Scam

A parcel fee scam begins with a phishing email or, increasingly, text message, telling the victim that they need to pay a fee in order to receive a parcel and directing them to a website to make payment.

Scam SMS from "Royal Mail" asking the recipient to go to myparce-uk-manage.com to pay a "fee required for shipping", shown on an iPhone screen
This text message was received by a friend of mine the other week, and it’s pretty typical. Don’t type in that web address, obviously.

If the victim clicks the link, they’ll likely see a fake website belonging to the company who allegedly have the victim’s parcel. They’ll be asked for personal and payment information, after which they’ll be told that their parcel is scheduled for redelivery. They’ll often be redirected back to the real website as a “convincer”. The redirects often go through a third-party redirect site so that your browser’s “Referer:” header doesn’t give away the scam to the legitimate company (if it did, they could e.g. detect it and show you a “you just got scammed by somebody pretending to be us” warning!).

Many scammers also set a cookie so they’ll recognise you if you come back: if you return to the scam site with this cookie in-place, they’ll redirect you instantly to the genuine company’s site. This means that if you later try to follow the link in the text message you’ll see e.g. the real Royal Mail website, which makes it harder for you to subsequently identify that you’ve been scammed. (Some use other fingerprinting methods to detect that you’ve been victimised already, such as your IP address.)

Spoofed Royal Mail webpage saying "Royal Mail: Your Package Has A £2.99 Unpaid Shipping Fee, To Pay This Now Please Visit www.myparcel-uk-manage.com If You Do Not Pay This Your Package Will Be Returned To Sender" and asking for personal details
The spoofed websites usually use HTTPS (“padlock icon” etc.) and have convincing branding (lifted directly from the real company’s website). They frequently – but not always – ask for information that seems… suspicious and unnecessary, like date of birth or bank account sort code.

Typically, no payment is actually taken. Often, the card number and address aren’t even validated, and virtually any input is accepted. That’s because this kind of scam isn’t about tricking you into giving the scammers money. It’s about harvesting personal information for use in a second phase.

Once the scammers have your personal information they’ll either use your card details to make purchases of hard-to-trace, easy-to-resell goods like gift cards or, increasingly, use all of the information you’ve provided in order to perform an even more-insidious trick. Knowing your personal, contact and bank details, they can convincingly call you and pretend to be your bank! Some sophisticated fraudsters will even highlight the parcel fee scam you just fell victim to in order to gain your trust and persuade you that they’re genuinely your bank, which is a very powerful convincer.

"SCAM" spelled out using keycaps from a cyrillic keyboard. Photo by Mikhail Nilov from Pexels.
SCAM > ЫСФЬ? Who knew translation was as simple as these keycaps suggest!

Why does the scam work?

A scam like the one described above works because each individual part of it is individually convincing, but the parts are delivered separately.

Email, reading: Ihre Sendung CH63 **** 26 wurde noch nicht geliefert.
Parcel fee scams aren’t limited to the Anglophone world. Apparently Swiss Post tried to visit me on Monday, even though I’m about 500 miles outside of their delivery area!

Being asked to pay a fee to receive a parcel is a pretty common experience, and getting texts from carriers is too. A lot of people are getting a lot more stuff mail-ordered than they used to, right now, and that – along with the Brexit-related import duties that one in ten people have had to pay – means that it seems perfectly reasonable to get a message telling you that you need to pay a fee to get your parcel.

Similarly, I’m sure we’ve all been called by our bank to discuss a suspicious transaction. (When this happens to me, I’ve always said that I’ll call them back on the number on my card or my bank statements rather than assume that they are who they claim to be. When I first started doing this, 20 years ago, this sometimes frustrated bank policies, but nowadays they’re more accepting.) Most people though will willingly believe the legitimacy of a person who calls them up, addresses them by name and claims to be from their bank.

Separating the scam into two separate parts, each of which is individually unsuspicious, makes it more effective at tricking the victim than simpler phishing scams.

Delivery man, wearing a face mask, holding a parcel and checking his mobile phone. Photo by Kindel Media from Pexels.
“You know these £50 headphones you bought? Yeah, they came from the EU so you owe another £25 somehow.” Fuck Brexit.

Anybody could fall for this. It’s not about being smart and savvy; lots of perfectly smart people become victims of this kind of fraud. Certainly, there are things you can do (like learning to tell a legitimate domain name from a probably-fake one and only ever talking to your bank if you were the one who initiated the call), but we’re all vulnerable sometimes. If you were expecting a delivery, and it’s really important, and you’re tired, and you’re distracted, and then a text message comes along pressuring you to pay the fee right nowanybody could make a mistake.

The scammers aren’t really trying

But do you know what: these scammers aren’t even trying that hard. There’s so much that they could be doing so much “better”. I’m going to tell you, off the top of my head, four things that they could do to amplify their effect.

Wait a minute: am I helping criminals by writing this? No, I don’t think so. I believe that these are things that they’ve thought of already. Right now, it’s just not worthwhile for them to pull out all the stops… they can make plenty of money conning people using their current methods: they don’t need to invest the time and energy into doing their shitty job better.

But if there’s one thing we’ve learned it’s that digital security is an arms race. If people stop falling for these scams, the criminals will up their game. And they don’t need me to tell them how.

"Hacker type" man in hoodie between two computer monitors, looking at his phone.
He ain’t even breaking a sweat. But if the economic pressure was there, he might.

I’m a big fan of trying to make better attacks. Even just looking at site-spoofing scams I’ve been doing this for a couple of decades. Because if we can collectively get ahead of security threats, we’re better able to defend against them.

So no: this isn’t about informing criminals – it’s about understanding what they might do next.

How could the scammers be more effective?

I’d like to highlight four ways that this scam could be made more-effective. Again, this isn’t about helping the criminals: it’s about thinking about and planning for what tomorrow’s attacks might look like.

1. SMS Spoofing

Most of these text messages appear to come from random mobile numbers, which can be an red flag. But it’s distressingly easy to send a text message “from” any other number or even from a short string of text. Imagine how much more-convincing one of these messages would be if it appeared to come from e.g. “Royal Mail” instead?

Text message from "Mum", but actually a marketing text.
Organisers of Parklife Festival were fined £70K for causing distress by texting participants from “Mum” in 2014.

A further step would be to spoof the message to appear to come from the automated redelivery line of the target courier. Many parcel delivery services have automated lines you can call, provide the code from the card dropped through your door, and arrange redelivery: making the message appear to come from such a number means that any victim who calls it will hear a genuine message from the real company, although they won’t be able to use it because they don’t have a real redelivery card. Plus: any efforts to search for the number online (as is done automatically by scam-detection apps) will likely be confused by the appearance of the legitimate data.

"Royal Mail" text message reading: You owe, like, a billion pounds for a parcel we tried to deliver. Go to DanQ.me/royal-mail-scam and pay us. This is totally a legit text message.
This took me literally seconds and fractions of a penny.

SMS spoofing is getting harder as the underlying industry that supports bulk senders tries to clean up its image, but it’s still easy enough to be a real (yet underexploited) threat.

2. Attention to detail

Scammers routinely show a lack of attention to detail that can help give the game away to an attentive target. Spelling and grammar mistakes are commonplace, and compared to legitimate messages the scams generally have suspicious features like providing few options for arranging redelivery or asking for unusual personal information.

A "Royal Mail" scam message that's full of little errors that make it unlike a legitimate one.
Also: where would you even get this email address from, “Royal Mail”? Can’t be from a merchant because I give a different one to each store…

They’re getting a lot better at this already: text messages and emails this year are far more-convincing, from an attention-to-detail perspective, than they were three years ago. And because improvements to the scam can be made iteratively, it’s probably already close to the “sweet spot” at the intersection of effort required versus efficacy. But the bad guys’ attention to detail will only grow and in future they’ll develop richer, more-believable designs and content based on whatever success metrics they collect.

3. Tracking tokens

On which note: it amazes me that these SMS scams don’t yet seem to include any identifier unique to the victim. Spam email does this all the time, but a typical parcel scam text directs you to a simple web address like https://royalmail.co.uk.scamsite.com/. A smarter scam could send you to e.g. https://royalmail.co.uk.scamsite.com/YRC0D35 and/or tell you that your parcel tracking number was e.g. YRC0D35.

"DHL" scam email encouraging you to click a link to arrange redelivery.
Click a link (or even just view the images!) in this phishing email and the sender knows that you read it. SMS scammers could learn from this.

Not only would this be more-convincing for anybody who’s familiar with the kind of messages that are legitimately left by couriers, it would also facilitate the gathering of a great deal of additional metrics which scammers could use to improve their operation. For example:

  • How many, and which, potential victims clicked the link? Knowing this helps plan future scams, or for follow-up attacks.
  • Pre-filling personal data, even just a phone number, acts as an additional convincer, or else needn’t be asked at all.
  • Multivariate testing can determine which approaches work best: show half the victims one form and half the victims another and use the results as research for future evolution.

These are exactly the same techniques that legitimate marketers (and email spammers) use to track engagement with emails and advertisements. It stands to reason that any sufficiently-large digital fraud operation could benefit from them too.

4. Partial submission analysis

I’ve reverse-engineered quite a few parcel scams to work out what they’re recording, and the summary is: not nearly as much as they could be. A typical parcel scam site will ask for your personal details and payment information, and when you submit it will send that information to the attacker. But they could do so much more…

C5 envelope with a yellow "Item underpaid. Fee to pay £1.50" sticker attached.
Real couriers put a card through your door with a code on. Or just put a sticker on your letter and never actually claim the fee, as recently happened to my friends Kit and Matt.

I’ve spoken to potential victims, for example, who got part way through filling the form before it felt suspicious enough that they stopped. Coupled with tracking tokens, even this partial data would have value to a determined fraudster. Suppose the victim only gets as far as typing their name and address… the scammer now has enough information to convincingly call them up, pretending to be the courier, ask for them by name and address, and con them out of their card details over the phone. Every single piece of metadata has value; even just having the victim’s name is a powerful convincer for a future text message campaign.

Summary

There’s so much more that parcel fee SMS scammers could be doing to increase the effectiveness of their campaigns, such as the techniques described above. It’s not rocket science, and they’ll definitely have considered them (they won’t learn anything new from this post!)… but if we can start thinking about them it’ll help us prepare to educate people about how to protect themselves tomorrow, as well as today.

Scam SMS from "Royal Mail" asking the recipient to go to myparce-uk-manage.com to pay a "fee required for shipping", shown on an iPhone screen× Spoofed Royal Mail webpage saying "Royal Mail: Your Package Has A £2.99 Unpaid Shipping Fee, To Pay This Now Please Visit www.myparcel-uk-manage.com If You Do Not Pay This Your Package Will Be Returned To Sender" and asking for personal details× "SCAM" spelled out using keycaps from a cyrillic keyboard. Photo by Mikhail Nilov from Pexels.× Email, reading: Ihre Sendung CH63 **** 26 wurde noch nicht geliefert.× Delivery man, wearing a face mask, holding a parcel and checking his mobile phone. Photo by Kindel Media from Pexels.× "Hacker type" man in hoodie between two computer monitors, looking at his phone.× Text message from "Mum", but actually a marketing text.× "Royal Mail" text message reading: You owe, like, a billion pounds for a parcel we tried to deliver. Go to DanQ.me/royal-mail-scam and pay us. This is totally a legit text message.× A "Royal Mail" scam message that's full of little errors that make it unlike a legitimate one.× "DHL" scam email encouraging you to click a link to arrange redelivery.× C5 envelope with a yellow "Item underpaid. Fee to pay £1.50" sticker attached.×

The Perfect Art Heist: Hack the Money, Leave the Painting

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Thieves didn’t even bother with a London art gallery’s Constable landscape—and they still walked away with $3 million.

This comic is perhaps the best way to enjoy this news story, which describes the theft of £2.4 million during an unusual… let’s call it an “art heist”… in 2018. It has many the characteristics of the kind of heist you’re thinking about: the bad guys got the money, and nobody gets to see the art. But there’s a twist: the criminals never came anywhere near the painting.

A View from Hampstead Heath, ca. 1825, by John Constable

This theft was committed entirely in cyberspace: the victim was tricked into wiring the money to pay for the painting into the wrong account. The art buyer claims that he made the payment in good faith, though, and that he’s not culpable because it was the seller’s email that must have been hacked. Until it’s resolved, the painting’s not on display, so not only do the criminals have the cash, the painting isn’t on display.

Anyway; go read the comic if you haven’t already.

There’s Really No Easy Way to Say ‘I Was Stabbed’

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

The first thing people usually want to know is what getting stabbed feels like. The answer is that it feels like getting punched really hard. Or at least, I assume it’s what getting hit feels like. I’ve never been punched. I have been stabbed six times.

I’ll back up. And I’ll try not to make this too writerly, but I’m fighting my instincts. I wanted to add a quote from an Auden poem about suffering, but I desisted. Please admire my restraint.

You have to understand, this kind of thing doesn’t happen in Wellington. It doesn’t happen in most places, but it especially doesn’t happen in a small city in New Zealand, in a park, at 11:30 a.m.

I go back and forth. It wasn’t that bad, I tell myself. It could have been much worse, people have survived much worse. And then I look at my scars, still red and new, and I think: But it was pretty bad, wasn’t it? It is possible I could have died. What if I hadn’t had my phone? If I hadn’t met someone on the path? I could have bled out somewhere between the trees. But of course, it’s useless to think about what-ifs. What if he had stabbed me in the heart? What if I hadn’t gone to the park at all? What if I died in a car crash tomorrow? It’s a pointless exercise.

Author Emma Berquist writes about her experience of the (extremely unusual) incident she was involved in, of being stabbed by a stranger in a park in Wellington. An inspiring personal story.

Pay Up, Or We’ll Make Google Ban Your Ads

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

A new email-based extortion scheme apparently is making the rounds, targeting Web site owners serving banner ads through Google’s AdSense program. In this scam, the fraudsters demand bitcoin in exchange for a promise not to flood the publisher’s ads with so much bot and junk traffic that Google’s automated anti-fraud systems suspend the user’s AdSense account for suspicious traffic.

The shape of our digital world grows increasingly strange. As anti-DoS techniques grow better and more and more uptime-critical websites hide behind edge caches, zombie network operators remain one step ahead and find new and imaginative ways to extort money from their victims. In this new attack, the criminal demands payment (in cryptocurrency) under threat that, if it’s not delivered, they’ll unleash an army of bots to act like the victim trying to scam their advertising network, thereby getting the victim’s site demonetised.

What Kind of Person Steals Their Co-workers’ Lunch?

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

For the past month or two, my place of work (this very website) has been plagued by a relatively harmless but deeply mystifying figure: the phantom lunch thief. What’s happened since has followed a trajectory sure to be familiar to anyone who’s ever worked in an office with more than, say, 30 employees: a menacing, all-caps Post-It note was posted, instructing the thief: “PLEASE DO NOT TAKE FOOD THAT DOESN’T BELONG TO YOU.” The appropriate authorities were alerted. The authorities sent out slightly mean emails about how we’re all adults here, and even those of us who didn’t do anything wrong were embarrassed. For a few days, no lunches were stolen. But then, just when you thought it was safe to leave an Amy’s frozen burrito in the shared fridge for 12 days, the lunch thief struck again. Collectively, and publicly — all wanting to make very clear that we were innocent — my colleagues and I wondered: who does this? What kind of person steals lunch from people they work with, and why?

To find out, I had to identify one such person. First, I offered my own office lunch thief immunity (or, well, anonymity) if they came forward to tell me their life story, but nobody took me up on it. I asked Twitter, where many people expressed outrage over the very idea of lunch theft, but again, no actual thieves surfaced. I even made a Google Form about it, and nobody filled out my Google Form. I was very nearly too dejected to continue my search when I remembered: Reddit. If not there, where?

On Reddit, I found a few lunch theft discussion threads, and messaged about 15 or 20 users who indicated that they had stolen, or would steal, lunch from a co-worker, several of whom sounded very pleased with themselves. I told them I was a reporter, and asked if they’d be willing to elaborate on their experiences in lunch theft. Unfortunately, most relevant postings I found were from, like, four years ago, and again it seemed no one would come forward. But then someone wrote me back. Eventually he agreed to speak with me, and we arranged a phone call. His name is Rob, and he’s a programmer in his early 40s. Together we decided there are probably enough programmers in their 40s named Rob that divulging this amount of personal information was okay.

As a non-lunch-stealer, I’ve never understood the mentality either (I’ve been the victim once or twice at work, at more-often way back when I lived in student accommodation), and this interview really helped to humanise a perpetrator. I still can’t condone it, but at least now I’ve got a greater understanding. Yay, empathy!

Taking Stock, Fraud

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Taking Stock, Fraud Article (Inc.com)

Nowadays, fraudulent online stock-trading schemes are common. But even before the first electric telegraph, two bankers committed the equivalent of modern-day Internet stock fraud.

Nowadays, fraudulent online stock-trading schemes are common. But even before the first electric telegraph, two bankers committed the equivalent of modern-day Internet stock fraud.

Fabulous article from 1999 about how two bankers in 1837 hacked additional data into the fledgling telegraph system to surreptitiously (and illicitly) send messages to give them an edge at the stock exchange. Their innovative approach is similar to modern steganographic systems that hide information in headers, metadata, or within the encoding of invisible characters.

Inside the Deadly World of Private Prisoner Transport

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Inside the Deadly World of Private Prisoner Transport (The Marshall Project)

Tens of thousands of people every year are packed into vans run by for-profit companies with almost no oversight.

Private prisoner transport vehicle

In July 2012, Steven Galack, the former owner of a home remodeling business, was living in Florida when he was arrested on an out-of-state warrant for failing to pay child support. Galack, 46, had come to the end of a long downward spiral, overcoming a painkiller addiction only to struggle with crippling anxiety. Now, he was to be driven more than a thousand miles to Butler County, Ohio, where his ex-wife and three children lived, to face a judge.

This story was produced in collaboration with The New York Times.

Like dozens of states and countless localities, Butler County outsources the long-distance transport of suspects and fugitives. Galack was loaded into a van run by Prisoner Transportation Services of America, the nation’s largest for-profit extradition company.

Crammed around him were 10 other people, both men and women, all handcuffed and shackled at the waist and ankles. They sat tightly packed on seats inside a cage, with no way to lie down to sleep. The air conditioning faltered amid 90-degree heat. Galack soon grew delusional, keeping everyone awake with a barrage of chatter and odd behavior. On the third day, the van stopped in Georgia, and one of two guards onboard gave a directive to the prisoners. “Only body shots,” one prisoner said she heard the guard say. The others began to stomp on Galack, two prisoners said.

The guards said later in depositions that they had first noticed Galack’s slumped, bloodied body more than 70 miles later, in Tennessee. A homicide investigation lasted less than a day, and the van continued on its journey. The cause of death was later found to be undetermined.

“This is someone’s brother, father, and it’s like nobody even cared,” said Galack’s ex-wife, Kristin Galack.

A Russian Slot Machine Hack Is Costing Casinos Big Time

This article is a repost promoting content originally published elsewhere. See more things Dan's reposted.

Slot machine.

In early June 2014, accountants at the Lumiere Place Casino in St. Louis noticed that several of their slot machines had—just for a couple of days—gone haywire. The government-approved software that powers such machines gives the house a fixed mathematical edge, so that casinos can be certain of how much they’ll earn over the long haul—say, 7.129 cents for every dollar played. But on June 2 and 3, a number of Lumiere’s machines had spit out far more money than they’d consumed, despite not awarding any major jackpots, an aberration known in industry parlance as a negative hold. Since code isn’t prone to sudden fits of madness, the only plausible explanation was that someone was cheating…

Wake Me Up When September Begins

As a result of a couple of different health issues and the death of my old and much-loved mobile, August wasn’t shaping up to be a very good month already. But the biscuit was really taken this week during what turned into An Unexpectedly Expensive Night Out.

An Unexpectedly Expensive Night Out

It started okay: Ruth and went out for tapas, then for cocktails, and then to the cinema to watch the (pretty disappointing) Cowboys & Aliens. So a good start, getting worse. The food was cheap (hooray for vouchers!), the cocktails were reasonably priced (although we did have… a few of them), and the cinema was aided by Orange Wednesdays, so all seemed to be going pretty well, so far, until we came to going home.

Because when we got back to the cycle racks, my bike wasn’t there. By the look of things, somebody cut through my bike lock and had away with it, rendering me bikeless. Suddenly, it became a far more-expensive night out than I’d planned for.

Here's the kind of lock I was using. Turns out that it's insufficient to stop a determined attacker.

They say that you haven’t lived in Oxford until you’ve had your bike stolen[citation needed]. Well: now I have, and I’ve learned an important lesson about the ineffectiveness of moderate-security cable locks like the Kryptonite HardWire (the lock I was using) when up against thieves who are willing to put in the effort to, for example, bring bolt cutters on a night out.

I spoke to a police officer yesterday who’s going to see if any of the nearby CCTV cameras are going to be of any use in finding the bugger.  But in the meantime, I’ve had enough of August. It’s had highlights, like Liz & Simon’s wedding, but mostly it’s been less-than-great.

Wake me up when September begins.

×

Beware: Necrophiliac Paramedics!

A conversation I had this morning with JTA, via text message:

I sent:

Boiler update: this is getting silly. The probability-weighted Markov-chain based predictive text system I’m using this morning saw me type “boi” and suggested “Boiler update:”? /sighs/
On the upside, I’ve successfully arranged for the new distributor valve to be installed on Friday, when I’ll be around.

To give a little background, we’re having trouble with the boiler on Earth. You may have observed that it broke last year, and then again this year: well – it’s still broken, really. Nowadays it’ll only produce a little hot water at a time, and makes a noise like that scene in Titanic where the ship begins to tear in two. You know – a bad noise for a boiler to make. Over the last two or three weeks we’ve repeatedly fought to get it repaired, but it’s been challenging: more on that in a different blog post, if JTA doesn’t get there first.

JTA replied:

On the plus side, at least this saga is overriding your phone’s memory of your previous life as a male prostitute. :-)

I was once mistaken for a gay prostitute, actually – by a gay prostitute – but that’s another story, I guess. In any case, I responded:

Until now! you’ve just mentioned that again, which means it’ll be the “last message received” when the paramedics go through my phone if I’m killed on the way to work this morning. And they’ll say, “yeah; I’d pay to have sex with him.”

Quickly followed by:

And his mate will say:
“Now he’s dead, you don’t HAVE to pay.”
If my corpse is raped by a paramedic, I’m blaming you.

To which JTA said:

You’re talking about people who drive blacked out vans full of drugs. I’m pretty sure they never pay.

From prostitution to necrophilia to date rape over the course of only a handful of text messages. What a great start to a Wednesday morning. I do like the image of an ambulance as “a blacked out van full of drugs,” though…

Space Cowboy

If you’re not following Castle, yet, you should be. I can’t believe that I’ve not recommended this more loudly by now, but seriously, this show is awesome. And I’m not just saying that because the episode I watched most-recently was the single best bit of Whedonverse fan service outside of the Whedonverse. And would be great even if it wasn’t.

Nathan Fillion as Richard Castle as Nathan Fillion as Malcolm Reynolds. This show just got meta. Click on the image for animated version.

The ten second-summary for those of you with short attention spans: Nathan Fillion (of Buffy/Firefly/Dr. Horrible fame) plays Richard Castle, a crime fiction writer who’s drafted into helping the NYPD on a murder case. He then continues to hang around (thanks to his connections with the mayor and the chief of police) with detective Kate Beckett – played by Stana Katic (she was in Quantum of Solace, but we remember her most-fondly from the third Librarian film) – in an effort to use her as the inspiration of his next fictional crime fighter, Nicky Heat. Its cleverly-spun mysteries will appeal to mystery lovers and its comedic elements – generally quite dry but sometimes verging on the silly – prevent the show from being “just another crime drama.”

CTRL-ALT-DEL comic from 28th Feb 2011

The third season’s broadcasting right now (and you can also watch it on Hulu, assuming that you’re in the USA or you know how to Google for how to “watch Hulu without a proxy or VPN”), and the first two seasons are available on DVD. You’ve got my recommendation; now go try it.

×