Books read in 2024

  Not much blogging going on here still, but here's my annual list of books read for 2024.

• James Bamford, Spy Fail: Foreign Spies, Moles, Saboteurs, and the Collapse of America's Counterintelligence (2023)
• Benjamin Breen, Tripping on Utopia: Margaret Mead, The Cold War and the Troubled Birth of Psychedelic Science
• Jennifer Burns, Milton Friedman: The Last Conservative (2023)
• Bryan Burrough, Vendetta: American Express and the Smearing of Edmond Safra (1992)
• Ron Chernow, The House of Morgan: An American Banking Dynasty and the Rise of Modern Finance (1990, 2010 foreword)
• Rich Cohen, The Fish That Ate the Whale: The Life and Times of America's Banana King (2012)
• Daniel C. Dennett, I've Been Thinking (2023)
• Cory Doctorow, The Bezzle (fiction)
• Edward Dolnick, Down the Great Unknown: John Wesley Powell's 1869 Journey of Discovery and Tragedy Through the Grand Canyon (2002)
• Jon Friedman & John Meehan, House of Cards: Inside the Troubled Empire of American Express (1992)
• Beverly Gage, G-Man: J. Edgar Hoover and the Making of the American Century (2022)
• John Ganz, When the Clock Broke: Con Men, Conspiracists, and How America Cracked Up in the Early 1990s
• Masha Gessen, The Future Is History: How Totalitarianism Reclaimed Russia (2017)
• Martin Kihn, House of Lies: How Management Consultants Steal Your Watch and Then Tell You the Time (2005)
• Stephen Kinzer, Poisoner in Chief: Sidney Gottlieb and the CIA Search for Mind Control (2020)
• Stephen Kinzer, The True Flag: Theodore Roosevelt, Mark Twain, and the Birth of American Empire (2017)
• Talia Lavin, Wild Faith: How the Christian Right is Taking Over America
• Milton Mayer, They Thought They Were Free: The Germans 1933-45 (1955)
• Michael Warren Lucas, git commit murder (2017, fiction)
• Arvind Narayanan and Sayash Kapoor, AI Snake Oil: What Artificial Intelligence Can Do, What It Can't, and How to Tell the Difference
• Craig Nelson, Thomas Paine: Enlightenment, Revolution, and the Birth of Modern Nations (2006)
• Ryan J. Reilly, Sedition Hunters: How January 6th Broke the Justice System (2023)
• Chris Rodda, Liars for Jesus: The Religious Right's Alternate Version of American History, Volume 2 (2016)
• Zoë Schiffer, Extremely Hardcore: Inside Elon Musk's Twitter
• Matt Zwolinski and John Tomasi, The Individualists: Radicals, Reactionaries, and the Struggle for the Soul of Libertarianism

Top for 2024 published in 2024: Doctorow, Breen, Ganz; other top reads for the year: Gage, Dennett, Kinzer (2020), Cohen, Gessen, Rodda

A few non-books of relevance for 2025:

What the Southern Baptists used to believe, but no longer do: https://www.sbc.net/resource-library/resolutions/resolution-on-moral-character-of-public-officials/

Umberto Eco, "Ur-Fascism," New York Review of Books, June 22, 1995

Dorothy Thompson, "Who Goes Nazi," Harper's Magazine, August 1941 (but contrast with Mayer 1955 and Gessen 2017 above)

A few planned or already (or still) in-progress reads for 2024:

G.A. Cohen, Self-Ownership, Freedom, and Equality (1995)

John Ferris, Behind the Enigma: The Authorised History of GCHQ, Britain's Secret Cyber-Intelligence Agency (2020)

Peter H. Wilson, The Holy Roman Empire: A Thousand Years of Europe's History (2017)

Lawrence Wright, The Looming Tower: Al-Qaeda and the Road to 9/11 (2006)

Arthur M. Melzer, Philosophy Between the Lines: The Lost History of Esoteric Writing (2014)

Mark S. Weiner, The Rule of the Clan: What an Ancient form of Social Organization Reveals About the Future of Individual Freedom (2013)

(Previously: 2023, 2022, 2021, 2020, 2019, 2018, 2017, 2016, 2015, 2014, 2013, 2012, 2011, 2010, 2009, 2008, 2007, 2006, 2005.) 

NRA CEO Doug Hamlin's cat killing story

 Per Stephanie Kirchgaessner in The Guardian, 14 October 2024:

Douglas Hamlin, who was appointed to lead the NRA this summer in the wake of a long-running corruption scandal at the gun rights group, was involved decades ago in the sadistic killing of a fraternity house cat named BK, according to several local media reports at the time.

Hamlin pleaded no contest to a misdemeanor charge of animal cruelty brought against him and four of his fraternity brothers in 1980, when he was an undergraduate student at the University of Michigan at Ann Arbor. The charge was brought against Hamlin under a local Ann Arbor ordinance. All five members of Alpha Delta Phi were later expelled from the fraternity.

The details of the case, described in local media reports at the time, are gruesome. The house cat was captured, its paws were cut off, and was then strung up and set on fire. The killing, which occurred in December 1979, was allegedly prompted by anger that the cat was not using its litterbox.

The case caused such a furore locally that some students and animal rights activists wore buttons and armbands in memory of BK.

While The Guardian notes that Hamlin's role was not clear, Judge S.J. Elden singled him out for particular criticism as the president of the fraternity who had a responsibility to prevent it--and not, as was attempted without success, to cover it up.

(See other conservative animal abuse tagged posts, about Kevin Roberts, Bill Frist, Kristi Noem, James Dobson, Mike Huckabee, Mitt Romney, and Jerry Falwell.)

Who's Who in Jack Smith's presidential immunity brief

 Here's my best effort, informed by Adam Klasfeld's at Just Security and others I came across.

P1 = Steve Bannon.

P2 = Trump campaign manager Bill Stepien (post July 2020).

P3 = Trump deputy campaign manager Justin Clark.

P4 = Trump senior campaign advisor Jason Miller.

P5 campaign operative Mike Roman.

P6 = Roger Stone.

P7 = Hope Hicks.

P8 = Pence Chief of Staff Marc Short.

P9 = Eric Herschmann.

P10 = Joe DiGenova.

P11 = Victoria Toensing.

P12 = Jenna Ellis.

P13 = Jared Kushner.

P14 = Ivanka Trump.

P15 = Trump WH Assistant to the President and Director of Oval Office Operations Nicholas F. Luna. P16 = AZ Gov Doug Ducey.

P17 = GA Gov Brian Kemp.

P18 = Speaker of the AZ House Rusty Bowers.

P19 = Trump staffer Christina Bobb (4 Dec 2020 tweet https://x.com/christina_bobb/status/1334996485075836936, ref p. 20).

P20 = Kory Langhofer (Bowers' attorney).

P21 = Trump chief of staff Mark Meadows.

P22 = campaign attorney (p. 22) Alex Cannon.

P23 = Trump GA lawyer Ray Smith (Roy Stallings Smith III, a real estate attorney).

P24 = volunteer Trump GA attorney Jackie Pick.

P25 = GA Sec of State Chief Operations Officer Gabriel Sterling.

P26 = GA Attorney General Christopher M. Carr.

P27 = US Senator David Perdue (proof is ref in Trump tweet on p. 18).

P28 = Kelly Loeffler (ditto).

P29 = GA election worker Wandrea "Shaye" Moss.

P30 = GA election worker Ruby Freeman (Shaye's mother, p. 25).

P31 = Cleta Mitchell, private attorney introduced on Trump v Kemp call as "who is not the attorney of record but has been involved" (p. 29, see WaPo "Here’s the full transcript and audio of the call between Trump and Raffensperger").

P32 = Kurt R. Hilbert, lead attorney for Trump in Trump v. Kemp.

P33 = GA Secretary of State Brad Raffensperger.

P34 = GA Lt. Gov. Geoff Duncan.

P35 = GA Secretary of State General Counsel Ryan Germany.

P36 = Trump private attorney on Raffensperger call Alex Kaufman (Fox Rothschild, subsequently resigned Jan 7, 2021; however, Kaufman stated he never represented Trump).

P37 = MI Senate Majority Leader Mike Shirkey.

P38 = MI House Speaker Lee Chatfield.

P39 = RNC Chairwoman Ronna McDaniel.

P40 = not referenced.

P41 = ? Scott Gragson ?, "Michigan campaign associate" (p. 34)

P42 = Trump executive assistant Molly Michael.

P43 = RNC Chief Counsel Justin Riemer.

P44 = RNC spokesperson Liz Harrington (recipient of email from Riemer: https://www.washingtonpost.com/politics/rnc-trump-stop-the-steal/2021/07/12/79e58a02-e320-11eb-934f-7e6c1927f261_story.html).

P45 = White House Deputy Chief of Staff/Social Media Director Dan Scavino.

P46 = PA GOP Chair Lawrence Tabas.

P47 = Philadelphia City Commissioner Al Schmidt.

P48 = former NYPD commissioner and Giuliani-Kerik partner Bernard B. Kerik (p. 40 tweet: https://x.com/BernardKerik/status/1334944478180888586).

P49 = WI Supreme Court Justice Brian Hagedorn.

P50 = Cybersecurity and Infrastructure Security Agency Director Chris Krebs.

P51 = Tucker Carlson.

P52 = Trump admin Attorney General William "Bill" Barr.

P53 = AZ attorney Jack Wilenchik (p. 51).

P54 = Trump campaign staffer Tim Murtaugh--in text thread on fake electors with P3 Clark/P4 J Miller/P9 Herschmann "certifying illegal votes" (https://www.newsweek.com/arizona-gold-fake-electors-trump-allies-indictment-1894131).

P55 = ? ? "Star Wars bar" thread (Jason Miller quote).

P56 = ? "Star Wars bar" (p. 151: P56 but not P55 attends meeting at VA campaign HQ).

P57 = former US Rep & US Attorney elector nominee who opted out of fake elector scheme Thomas Marino (p. 53).

P58 = VP Pence Counsel Greg Jacob (p. 70) "Pence lawyer".

P59 = WH Counsel Pat Cippolone.

P60 = WH press secretary Kayleigh McEnany.

P61 = AZ Senate president Karen Fann.

P62 = TX AG Ken Paxton.

P63 = MO AG, now US Senator Eric Schmitt.

P64 = J6 Ellipse rally organizer Carolyn Wren.

P65 = J6 Ellipse rally funder Julie Fancelli. (https://www.propublica.org/article/trump-campaign-fundraiser-ellipse-rally)

P66 = ? Katrina Pierson ?  campaign employee working on J6 Ellipse rally who had most contact with Trump and was a private citizen after December 31, 2020.  (p. 119) (https://www.politico.com/news/2022/02/18/capitol-riot-panel-interview-katrina-pierson-00010154)

P67 = WH photographer Shealeah Craighead.

P68 = Gen Michael Flynn.

P69 = WH trade advisor Peter Navarro.

P70 = Ivan Raiklin (https://www.cnn.com/politics/live-news/january-6-hearings-june-16#h_5cb75e4babd00cc7b68a62e35a09fa68) (p. 137).

P71 = Deputy WH Counsel Pat Philbin.

P72 = Matt Morgan (On pg. 151, P72 gives Herschmann a “tutorial on campaign basics and operations,” and is repeatedly mentioned along with P3, who is campaign attorney & Deputy Campaign Manager Justin Clark).

P73 = ? Michael Best ? assured Eric Herschmann he could trust P22 (p. 152)

P74 = ? J. Christian Adams or Matt Braynard ? (testified at December 10 Georgia hearing: https://www.gpb.org/news/2020/12/10/at-georgia-house-hearing-republicans-baseless-claims-of-voting-fraud-persist)

P75 = Ken Block, managing director of C2.

P76 = Jay Sekulow (see https://www.washingtonpost.com/politics/2023/03/22/pence-trump-grand-jury/ ).

P77 = Stefan Passantino (p. 151, WH Counsel’s office person “who handled ethics issues”; "former member of President Donald J. Trump’s Office of White House Counsel. In that capacity, Mr. Passantino was charged with overseeing compliance and ethics, policing conflicts of interest, and approving and enforcing ethics requirements" per the ethics complaint against him: https://ldad.org/wp-content/uploads/2023/03/Ethics-Complaint-against-Stefan-Passantino.pdf ).

CC1 = Rudy Giuliani.

CC2 = John Eastman.

CC3 = Sidney Powell.

CC4 = Jeffrey Clark.

CC5 = Ken Chesebro.

CC6 = Boris Epshteyn.

C1 = Berkeley Research Group.

C2 = Simpatico Software Systems.

C3 = Dominion Voting Systems.

[p. 73, no P#--unnamed US Senator is likely Ron Johnson of WI].

Corrections gladly accepted.

Kevin Roberts' dog-killing story

 Kevin Roberts, the president of the Heritage Foundation and head of Trump's Project 2025, was previously a history professor at New Mexico State University. While at the university, he told colleagues and dinner guests that he was irritated by the barking of a neighbor's dog, so he killed it with a shovel. Kenneth Hammond, then chairman of the history department, told The Guardian:

My recollection of his account was that he was discussing in the hallway with various members of the faculty, including me, that a neighbor’s dog had been barking pretty relentlessly and was, you know, keeping the baby and probably the parents awake and that he kind of lost it and took a shovel and killed the dog. End of problem.

Two other former colleagues report hearing the same story directly from Roberts; three others report hearing the story repeated from people who heard it directly from Roberts.

Roberts denies the story, claiming instead:

In 2004, a neighbor’s chained pit bull attempted to jump a fence into my backyard as I was gardening with my young daughter. Thankfully, the owner arrived in time to restrain the animal before it could get loose and attack us. 

 (Source: Stephanie Kirchgaessner, "Project 2025 mastermind allegedly told colleagues he killed a dog with a shovel," The Guardian, 24 September 2024)

See the "conservative animal abuse" tag on this blog for several other accounts of prominent conservatives killing or abusing dogs and cats.

Tips on using OpenBSD's pledge and unveil in perl scripts

 OpenBSD 5.9 (current as of this post is 7.5) introduced the "pledge" system call and 6.4 introduced the "unveil" system call, which together provide a means of more granular control of system access by processes running on the system to enforce least privilege.  When a program calls "pledge", it provides a list of categories of system calls (called "promises") that it is planning to make during the life of the running process (children have to make their own pledges and are not restricted), and attempts to make calls outside of those areas will cause the call to be blocked and the process to be killed. Additional calls to pledge cannot add new categories but it can remove them, so access can become more restrictive but not less restrictive.

  "Unveil," by contrast, selectively exposes parts of the file system, by file path, with specific access, and the rest of the file system is correspondingly "veiled" or blocked from access. Successive calls to unveil can expand or override previous ones, expanding access to the file system, adding write and create permissions where there was previously read only, but only until unveil is called with no arguments, which locks the current state in place. Further attempts to call unveil after that result in a violation.

Violations of pledges or attempts to access file paths that are not unveiled show up in process accounting logs for the process with the process flags "P" or "U", respectively.  (My "reportnew" log monitoring script knows how to monitor process accounting logs and can be easily set up to report on such violations.)

Perl scripts on OpenBSD can also use pledge and unveil, with two modules provided in the base operating system, "OpenBSD::Pledge" and "OpenBSD::Unveil".  I've been adding this functionality to several of my commonly used scripts and have learned a few tips that I'd like to share.

Pledge:

* Check your call to pledge for errors.  If you typo the name of a promise (category of system calls), or you provide pledge with a string of comma separated promises instead of an array or list, it will fail and nothing will be pledged.

* If you don't have any idea what promises are required, just use "error".  With the error promise, instead of blocking the system call and killing the process, the result is logged to /var/log/messages and you can see what promises are required.

* The "stdio" promise is always included with OpenBSD::Pledge, so you don't need to list it.

* The "unveil" promise is required if you intend to use OpenBSD::Unveil.

* Calls to exec or system require the "proc" and "exec" promises; the new processes created as a result are not restricted and need to make their own use of pledge and unveil.  (Note: this means that if you are calling a system command that writes to a file, but your script doesn't otherwise write to files, you do not need to pledge the "wpath" promise in your script.)

* If you otherwise fork a child process (e.g., explicitly using "fork" or Parallel::ForkManager or implicitly forking a child process using "open" to read from or write to a command), the promises pledged by the parent process are carried over to the child, which can then restrict them further. (Hat tip to Bryan Steele, who pointed this out on Bluesky without specifically referring to the Perl context.)

* If you use the DBI perl module with mariadb and are accessing a database through a named pipe on the same server, you'll need to pledge the "unix", "inet", and "prot_exec" promises. (This works even from a chroot jail if the named pipe or socket is a hard link from the jail.)

* This isn't a tip, but an observation: if you promise "proc" but not "exec," your system call will fail but your process will not be killed and the script will continue running.

Unveil:

* If you make use of other perl modules in your code with "use", they are loaded prior to your call to unveil and so you don't need to unveil directories like /usr/libdata/perl5 in order to use them. The exception is perl modules that include compiled shared objects (".so"), or which use "require" on other modules (loading them at runtime), in which case you do need unveil such directories, but only with "r" permission.

* If you use the DBI perl module with mariadb, you will need to unveil /var/run/mysql with "rw" and /usr/lib and /usr/local/lib with "rx".

* If you use calls to "system" or "open" which use pipes, globs, or file redirection, you need to unveil "/bin/sh" with "x" permission. You may be able to rewrite your code to avoid the requirement--can you call "system" with a command name and list of arguments rather than a string, and do any processing you need in your program instead of with the shell?

* If you use calls to "system" to execute system commands, you need to unveil them with "x" permission but in most cases you don't need to include "r".

* It is often much easier to unveil a directory rather than individual files; if you plan to check for the existence of a file and then create it if it doesn't exist, you need "rwc" on the containing directory.

* One of the biggest challenges sometimes is to find the source of an unveil violation; unveiling "/" with various permissions to see if it goes away, and then removing that and testing individual directories under the root directory in trial and error can help find things. That's how I first found the need to unveil "/bin/sh".

Finally, if you are writing perl modules it's helpful to document which promises need to be pledged and files and directories need to be unveiled in the calling scripts in order for them to function. It would be inappropriate to pledge or unveil within the module except in a context like a forked child process. I've done this with my Signify.pm wrapper for the OpenBSD "signify" command for signing and verifying files with detached signatures or gzip archives with embedded signatures in the gzip header comments.

If you've made use of pledge and unveil--in perl scripts or otherwise--what lessons have you learned?

[UPDATE: 8 February 2026]: Note that OpenBSD::Pledge still does not support execpromises, so you cannot place pledge's execpromises restrictions on anything executed with "system" or "exec."