By John Gruber

• Archive
• The Talk Show
• Dithering
• Projects
• Contact
• Colophon
• Feeds / Social
• Sponsorship

Linked List: May 13, 2015

Wednesday, 13 May 2015

Johnny Carson on Late Night With David Letterman in 1985 ★

“You will find out, after a few years, that this is the only way I can talk with anybody.”

AMC Running Marathon of ‘Mad Men’ Leading Up to Series Finale ★

Rick Kissell, reporting for Variety:

AMC is going all out for the series finale of “Mad Men,” setting a marathon of episodes as a lead-up and asking its sister networks to forgo regularly scheduled programming during the acclaimed drama’s conclusion.

The network on Tuesday said that every episode from all seven seasons of “Mad Men” will air consecutively, starting at 6 p.m. on Wednesday and concluding with last week’s episode at 9. And then at 10 p.m., while AMC airs the series finale, BBC America, IFC, SundanceTV and We TV will air a special message commemorating the series.

Probably my favorite show of all time. The Sopranos is the only one that makes it a close call.

‘The Detail in Seymour Hersh’s Bin Laden Story That Rings True’ ★

Add The New York Times to the list of news agencies backing aspects of Seymour Hersh’s blockbuster expose on the killing of Osama bin Laden. Carlotta Gall writes for the upcoming issue of their Sunday magazine:

Among other things, Hersh contends that the Inter-Services Intelligence directorate, Pakistan’s military-intelligence agency, held Bin Laden prisoner in the Abbottabad compound since 2006, and that “the C.I.A. did not learn of Bin Laden’s whereabouts by tracking his couriers, as the White House has claimed since May 2011, but from a former senior Pakistani intelligence officer who betrayed the secret in return for much of the $25 million reward offered by the U.S.”

On this count, my own reporting tracks with Hersh’s. Beginning in 2001, I spent nearly 12 years covering Pakistan and Afghanistan for The Times. (In his article, Hersh cites an article I wrote for The Times Magazine last year, an excerpt from a book drawn from this reporting.) The story of the Pakistani informer was circulating in the rumor mill within days of the Abbottabad raid, but at the time, no one could or would corroborate the claim. Such is the difficulty of reporting on covert operations and intelligence matters; there are no official documents to draw on, few officials who will talk and few ways to check the details they give you when they do.

Two years later, when I was researching my book, I learned from a high-level member of the Pakistani intelligence service that the ISI had been hiding Bin Laden and ran a desk specifically to handle him as an intelligence asset.

Drip, drip, drip.

Verizon Security Flaw Left Millions of Home Internet Users Vulnerable to Attack ★

Joseph Bernstein, reporting for BuzzFeed:

Last week, BuzzFeed News received a tip from Eric Taylor — now the chief information security officer of a company called Cinder, but probably better known by his former hacking alias, Cosmo the God. Taylor and Blake Welsh, a student at Anne Arundel Community College in Maryland, had found a way to easily access Verizon user information by spoofing IP data. They passed along the information to BuzzFeed News on the condition that we would report it to Verizon before publishing — which we did. […]

Within a few hours of the tip, and despite having no technical background, with the explicit permission of several Verizon account holders, I was able to convince Verizon customer service to reset an account password, giving me total control of a Verizon account. It was surprisingly easily done.

So far, it sounds like no customers were actually attacked by this flaw but it’s pretty scary. Especially the social engineering angle:

Even worse, customer support gave me that reset information despite the customer having a security PIN set up. In order to get a reset when someone has set a PIN, Verizon customer support requires either that number, the amount of the most recent payment, or access to the phone listed on the account; Verizon will call customers at that number with their PIN. None of these were listed in the source code, and I obviously didn’t have access to the account phone.

So I called back, and asked for the amount of my last payment, claiming to be balancing my checkbook. Verizon happily gave it to me. Now armed with one of the requisite pieces of verification information, I called back a third time and got a friendly rep to reset the password. We were able to successfully repeat this procedure on demand.

By the Numbers: AOL Then and Now ★

Jiminy.

What UberX Drivers Actually Earn ★

Emily Guendelsberger, in a thorough and thoroughly entertaining first-person story for Philadelphia City Paper:

I talked to lots of drivers. But few kept a meticulous enough log of hours worked, miles driven and expenses paid that I felt comfortable using their data alone. Many drivers worried about getting in trouble, too — Uber can “deactivate” a driver for any reason. I needed someone on the record, someone whose data I knew I could trust.

So, in January, I applied to be an UberX driver myself.

Eye-opening figures on what drivers actually earn. Brutal.