‘The Open Source Airtable alternative’ — looks nifty as a quick and easy way to hook up an SQL database to a web-based spreadsheet view
For US soldiers tasked with the custody of nuclear weapons in Europe, the stakes are high. Security protocols are lengthy, detailed and need to be known by heart. To simplify this process, some service members have been using publicly visible flashcard learning apps — inadvertently revealing a multitude of sensitive security protocols about US nuclear weapons and the bases at which they are stored. […] the flashcards studied by soldiers tasked with guarding these devices reveal not just the bases, but even identify the exact shelters with “hot” vaults that likely contain nuclear weapons. They also detail intricate security details and protocols such as the positions of cameras, the frequency of patrols around the vaults, secret duress words that signal when a guard is being threatened and the unique identifiers that a restricted area badge needs to have.omgwtf!
Justin Mason's Weblog Posts
I was looking for a decent definition of this over the weekend, and couldn’t find it, so bookmarking for future reference. ‘Greenhouse gas emissions are categorised into three groups or ‘Scopes’ by the most widely-used international accounting tool, the Greenhouse Gas (GHG) Protocol. Scope 1 covers direct emissions from owned or controlled sources. Scope 2 covers indirect emissions from the generation of purchased electricity, steam, heating and cooling consumed by the reporting company. Scope 3 includes all other indirect emissions that occur in a company’s value chain.’
Looks extremely nifty — a global CDN for your code: ‘Fly is a platform for applications that need to run globally. It runs your code close to users and scales compute in cities where your app is busiest. Write your code, package it into a Docker image, deploy it to Fly’s platform and let that do all the work to keep your app snappy.’ Decent pricing, too.
‘Our hypothesis was that after a trauma, patients would have fewer intrusive memories [from post-traumatic stress] if they got to play Tetris as part of a short behavioural intervention while waiting in the hospital Emergency Department,’ says Professor Holmes. ‘Since the game is visually demanding, we wanted to see if it could prevent the intrusive aspects of the traumatic memories from becoming established i.e. by disrupting a process known as memory consolidation.’ The study involved 71 motor vehicle accident victims, of whom half received the intervention (recalled the trauma briefly and then played Tetris) while waiting in the hospital emergency department, and half performed another task, all doing so within six hours of the accident. Results showed that the researchers’ hypothesis was right: those who had played Tetris had fewer intrusive memories of the trauma in total over the week immediately following the accident than the controls. The researchers also found that the intrusive memories diminished more quickly.Amazing! The paper is at https://pubmed.ncbi.nlm.nih.gov/28348380/ ; follow-up trials with more participants are underway.
What the hell. This is incredibly dystopian shit.
They told McDaniel something he could hardly believe: an algorithm built by the Chicago Police Department predicted […] that McDaniel would be involved in a shooting. That he would be a “party to violence,” but it wasn’t clear what side of the barrel he might be on. He could be the shooter, he might get shot. They didn’t know. But the data said he was at risk either way. McDaniel was both a potential victim and a potential perpetrator, and the visitors on his porch treated him as such. A social worker told him that he could help him if he was interested in finding assistance to secure a job, for example, or mental health services. And police were there, too, with a warning: from here on out, the Chicago Police Department would be watching him. The algorithm indicated Robert McDaniel was more likely than 99.9 percent of Chicago’s population to either be shot or to have a shooting connected to him. That made him dangerous, and top brass at the Chicago PD knew it. So McDaniel had better be on his best behavior.tl;dr: police attention and apparently-“suspicious” interactions with cops as a result of the predictive policing listing wound up with him assumed to be a “snitch”, resulting in several attempts on his life. What a mess.
We perform a detailed vertical analysis of application performance atop a range of modern file systems and SSD FTLs. We formalize the “unwritten contract” that clients of SSDs should follow to obtain high performance, and conduct our analysis to uncover application and file system designs that violate the contract. Our analysis, which utilizes a highly detailed SSD simulation underneath traces taken from real workloads and file systems, provides insight into how to better construct applications, file systems, and FTLs to realize robust and sustainable performance.(via Nelson)
Via Keith Dawson:
A large study out of Australia has added to the accumulating evidence that the level of neutralizing antibodies circulating in the blood is highly correlated with protection against symptomatic Covid-19. Ars Technica has a good summary of the research and what it means. It’s known that antibody levels decline with time. This work also gave hints about how long protection against disease might last after natural infection or vaccination — which bears on whether or when we might need a booster shot. The Ars reporter writes: ‘A vaccine with 95% efficacy after the second dose would still have an estimated 77% efficacy 250 days out. And that’s for protection against a symptomatic infection. The protection against severe COVID-19 is much stronger and would likely take far longer to decline… A starting efficacy of 70% would be down to 33% efficacy at 250 days.’ The model the researchers developed was able to predict, with good accuracy, the efficacy a vaccine should show in Phase III trials based on the antibody levels measured in Phase I and II.
Crazy HPC-oriented feature in current AWS offerings: shared memory buffers over EFA:
HPC workloads use algorithms that require parallelization and a low latency communication between the different processes. The two main technologies used for the parallel communications are message-passing with distributed memory and shared memory. Message Passing Interface (MPI) is a message-passing standard used for the communication in a parallel distributed environment. Elastic Fabric Adapter (EFA) enables your MPI applications to use low-latency, inter-node communication. The shared memory paradigm allows multiple processors in the same system to communicate using a memory (RAM) portion that is shared between the processes. This method takes advantage of the high-speed memory bus.
This is very cool. Updating the old “C10K” problem space to C1.2M — the current state of Linux userspace networking — using libreactor and a whole load of up-to-date tweaks. Interesting to note that this scale is feasible to run in Docker (using –network=host, of course).
Scaleway dealing with the storage-driven cryptocurrency:
This cryptocurrency is a few months old, and at Scaleway, we are already witnessing the impact of Chia on all our products, from Object Storage and instances, to dedicated servers. Speculative farmers are forcing their way in to make as much money as possible, as quickly as possible. [….] In order to service as many clients as possible, we have decided that from today: Chia plotting is forbidden on all SSD and NVMe powered instances, dedicated servers, RPN-SAN, BMaaS and Block Storage services. Chia plotting is extremely I/O intensive and destroys most SSDs in under a few weeks Important notice: Chia plotting engages client responsibility according to Section 9 of our contract. We will bill clients for any SSDs and NVMes destroyed due to Chia plotting activities.
To believe that our choices are the restoration of continuity or the breakdown of society paradoxically is to not take the planetary [climate] crisis seriously enough — and that’s terrible, because the unexpected boon of seriousness is awakening to possibility, to the capacities we gain amidst disruption and acceleration. Seen through 20th century eyes, everything is about to get really weird, really fast. But discontinuity is not just danger. Discontinuity means change in our selves and our societies. [….] It is too late to avoid huge losses, enormous suffering. But it is absolutely not too late to limit our losses to those we’ve already set in motion, and to seize our opportunities to build a better human world — indeed, quite possibly a better world than the one we have now.
tl;dr: ‘Don’t use select() anymore in 2021.’ Select(2) on Linux has a limit of 1024 fds
‘Each day, try to do either projects or interrupts, not both. If you’re oncall, don’t try to do projects, and vice versa. People aren’t machines, context switches are really expensive, and usually assumed to be free in process planning. People who are constantly interrupted end up with delayed and sloppy project work, and vice versa (people who have a lot of project work are sloppy at interrupts unless time is carved out for them). Your team’s oncall and interrupt-handling should be structured around funneling interrupts at the people who are supposed to be interrupted. If that’s too much for those people, add more people until it isn’t. “Spreading the load” by assigning items across the entire team randomly is counter-productive.’
Great. Lethal machine learning is now in prod:
Last year in Libya, a Turkish-made autonomous weapon — the STM Kargu-2 drone — may have “hunted down and remotely engaged” retreating soldiers loyal to the Libyan General Khalifa Haftar, according to a recent report by the UN Panel of Experts on Libya. [….] the Kargu-2 signifies something perhaps even more globally significant: a new chapter in autonomous weapons, one in which they are used to fight and kill human beings based on artificial intelligence. The Kargu is a “loitering” drone that can use machine learning-based object classification to select and engage targets, with swarming capabilities in development to allow 20 drones to work together. The UN report calls the Kargu-2 a lethal autonomous weapon. Its maker, STM, touts the weapon’s “anti-personnel” capabilities.
‘Essentials for your daily round’ — a really lovely set of EDC products, and not _too_ crazy expensive….
crikey. Freenode ops resign en masse and move to another service due to a dodgy-sounding “change of management” by some MtGox dude
A modern — working! — replica of the DEC PDP-11/70. Truly a thing of retrocomputing beauty
This is new to me — Thanks to David Mee for the pointer.
‘During WWII, one of Nazi Germany’s most notorious communication codes was broken by a mild mannered librarian and family man from West Limerick, Richard Hayes. His day-job was as Director of the National Library of Ireland – but during wartime, he secretly led a team of cryptanalysts as they worked feverishly on the infamous “Görtz Cipher” – a fiendish Nazi code that had stumped some of the greatest code breaking minds at Bletchley Park, the centre of British wartime cryptography.
But who was Richard Hayes? He was a man of many lives. An academic, an aesthete, a loving father and one of World War Two’s most prolific Nazi Codebreakers.
At the outbreak of WWII, Hayes, being highly regarded for his mathematical and linguistic expertise, was approached by the head of Irish Military Intelligence (G2), Colonel Dan Bryan, with a Top Secret mission. At the behest of Taoiseach Éamon de Valera, Hayes was given an office and three lieutenants to decode wireless messages being covertly transmitted via Morse code from a house in north Dublin owned by the German Embassy. The coded messages posed a huge threat to Irish national security and the wider war effort. As Hayes team worked to break the code, it was all academic until he met his greatest challenge yet. The man who was to be his nemesis, Dr. Herman Görtz, a German agent who parachuted into Ireland in 1940 in full Luftwaffe uniform in an attempt to spy and transmit his own coded messages back to Berlin. […] The events that transpired were a battle of wits between the mild mannered genius librarian and his nemesis, the flamboyant Nazi spy.
Hayes has been referred to by MI5 as Irelands “greatest unsung hero” and the American Office of Strategic Services as “a colossus of a man” yet due to the secret nature of his work he is virtually unheard of in his own country.’
Hayes was our lead code-breaker, director of the National Library of Ireland, and then director of the Chester Beatty Museum; he was the first to discover the German use of microdots to hide secret messages; and MI5 credited him with a “whole series of ciphers that couldn’t have been solved without [his] input”. Quite the polymath!
The book is apparently well worth a read: Code Breaker, by Marc McMenamin, and I can strongly recommend this RTE radio documentary. It’s full of amazing details, such as the process of feeding Hermann Görtz false information while he was in prison, in order to mislead the Nazis.
After the war, he fruitlessly warned the Irish government not to use a “Swedish cipher machine”, presumably one made by Boris Hagelin, who went on to found Crypto AG, which later proved to be providing backdoors in its machines to the CIA and BND.
Quite a towering figure in the history of Irish cryptography and cryptanalysis!
Featuring an interesting dig into the current state of Windows system and network-level diagnostic tools:
netsh trace […] correlates events on the wire with events that happen on the TCP layer, timers, buffer management, socket layer, and even the Windows asyncio subsystem (IOCP).
‘Extract Tables from PDFs – If you’ve ever tried to do anything with data provided to you in PDFs, you know how painful it is — there’s no easy way to copy-and-paste rows of data out of PDF files. Tabula allows you to extract that data into a CSV or Microsoft Excel spreadsheet using a simple, easy-to-use interface. Tabula works on Mac, Windows and Linux.’
Wow, this is not OK — Facebook are massively mistreating these contract workers.
“Every day was a nightmare,” she said, adding that the support given was “insufficient.” Facebook says psychological help is available to all its moderators 24 hours a day, but Isabella claims its wellness coaches are not qualified psychiatrists. “I was seeing the wellness team but didn’t feel I got the support I needed. I can’t say I left work feeling relieved or knowing I could go home and have a good night’s sleep – that’s not possible,” she added. “It would follow me home. I could just be watching TV at home and think back to one of the horrible, really graphic tickets.”“Wellness coaches” are not sufficient — this is exploitation.
Nature paper on the UK contact notification app’s impact on the COVID-19 pandemic:
Here we investigated the impact of the NHS COVID-19 app for England and Wales, from its launch on 24 September 2020 through to the end of December 2020. It was used regularly by approximately 16.5 million users (28% of the total population), and sent approximately 1.7 million exposure notifications: 4.4 per index case consenting to contact tracing. We estimated that the fraction of app-notified individuals subsequently showing symptoms and testing positive (the secondary attack rate, SAR) was 6.0%, comparable to the SAR for manually traced close contacts. We estimated the number of cases averted by the app using two complementary approaches. Modelling based on the notifications and SAR gave 284,000 (108,000-450,000), and statistical comparison of matched neighbouring local authorities gave 594,000 (317,000-914,000). Roughly one case was averted for each case consenting to notification of their contacts. We estimated that for every percentage point increase in app users, the number of cases can be reduced by 0.8% (modelling) or 2.3% (statistical analysis). These findings provide evidence for continued development and deployment of such apps in populations that are awaiting full protection from vaccines.
An extremely long and detailed discussion from Jose-Luis Jimenez of how, exactly, the science of airborne transmission of disease via 5-micron infective droplets wound up wrong, and remained incorrect for much of modern medicine, culminating in the disastrous treatment of COVID-19
This nails the issue with housing in Ireland:
The Government has been called on to do something to stop this. Even Fianna Fáil politicians have come out crying crocodile tears of outrage. But the truth is the investor purchase of housing in Ireland on a major scale is actually Government policy and has been for the last decade. The Government does not actually want you to be able to buy or rent an affordable home. They have created an unaffordable housing system that is focused on delivering housing as an investment asset, not a home.[…] This current crisis has been brewing for a long time. It goes back to the Celtic Tiger days of the late 1990s and early 2000s when the Fianna Fáil-PD Governments encouraged the shift from housing to be treated as a home, to people buying it up as an investment asset. They told people to speculate in the property market and gave tax breaks for landlords to buy a second, or third, home to rent out. These became the ‘buy-to-let’ investors. The banks lent out massively which added fuel to the fire of rising housing prices, and the inevitable crash happened in 2008 and 2009. As their response to the disaster they had created, Fianna Fáil turned to global ‘vulture’ funds to buy up the bad loans and failed housing projects. They set up the ‘bad bank’ NAMA, which went on, under the Fine Gael Government from 2011 to the current day, to sell off (at a discount) huge land banks and billions of euro worth of properties to vulture and real estate investment funds.
Nice walkthrough of rooting and extending a bit of IOT hardware
It’s a depressing read, as ever. Ulster Unionism is a mess, is falling apart, and is vulnerable to being taken over by the paramilitaries:
“Unionism is losing power and control. It needs leaders who have the skill to say, look, we have cards to play and if we are sensible we can save this place. Instead, Arlene said if there was a united Ireland she’d leave. People are left feeling unappeased but it is not a definite thing. It is more a kind of grief or sense they have lost something intangible. It is about shattered dreams.”
“Nuke tweets in one click” —
Don’t like a bad tweet? Block the tweet, its author, and every single person who liked it—in one click.Genius.
Here’s the best bit:
Tesla patched the vulnerabilities with an update pushed out in October 2020, and it has reportedly stopped using ConnMan. Intel was also informed since the company was the original developer of ConnMan, but the researchers said the chipmaker believed it was not its responsibility. The researchers learned that the ConnMan component is widely used in the automotive industry, which could mean that similar attacks can be launched against other vehicles as well. Weinmann and Schmotzle turned to Germany’s national CERT for help in informing potentially impacted vendors, but it’s currently unclear if other manufacturers have taken action in response to the researchers’ findings.Great job, Intel….
Solid paper in PLOS – ‘Validation testing to determine the sensitivity of lateral flow testing for asymptomatic SARS-CoV-2 detection in low prevalence settings: Testing frequency and public health messaging is key’:
Our data show that the Innova LFD can successfully detect SARS-CoV-2 infection in people with a viral titre above approximately 100 viral copies/ml. However, as determined at our site using the ThermoFisher COVID-19 TaqPath assay, it is incapable of detecting infection at comparable PCR Ct values of 30 and over. These levels of infection are indicative of very early or very late stages of infection, and as such, we would strongly recommend that LFD testing is used to screen people at very regular frequency and that a negative result should not be used to determine that someone is free from SARS-CoV-2 infection.IMO ‘very regular frequency’ is the key detail here. Single LFA rapid tests, alone, are not useful as a simple replacement for PCR tests.
If you visit the west of Ireland or Achill, you can still see the traces of booleying today. Fascinating part of Irish rural history:
by the 1800s, it was mostly young people and teenage girls especially who had the job of looking after cows at these seasonal ‘boolies’. This gave rise to a vibrant but now largely forgotten cultural scene in Ireland’s uplands. Oral history collected in the 1930s and 1940s in Connemara, Mayo, Donegal, and the Galtee Mountains makes clear that booleying facilitated the transmission of a lot of important cultural knowledge. One man from Cloch Cheannaola in Donegal states that his mother had learned her songs from other dairymaids in the hills, while another account from Iorras Aintheach in Galway outlines how the girls not only sang but played musical instruments and danced as well. [….] The small degree of independence which young women gained as participants in booleying was sometimes missed later on in life. There is an unmistakeable sense of loss in songs like Na Gamhna Geala and Aililiú na Gamhna, in which married women reminisce about their time looking after cows and calves in the hills.
Hard not to sympathise with this take —
I’ve had to develop a special radar for reading product pages now: a mounting feeling of dread as a promising technology is introduced while I inevitably arrive at the buried lede: it’s more crypto bullshit. Cryptocurrency is the multi-level marketing of the tech world. “Hi! How’ve you been? Long time no see! Oh, I’ve been working on this cool distributed database file store archive thing. We’re doing an ICO next week.” Then I leave. Any technology which is not an (alleged) currency and which incorporates blockchain anyway would always work better without it. There are hundreds, perhaps thousands, of cryptocurrency scams and ponzi schemes trussed up to look like some kind of legitimate offering. Even if the project you’re working on is totally cool and solves all of these problems, there are 100 other projects pretending to be like yours which are ultimately concerned with transferring money from their users to their founders. Which one are investors more likely to invest in? Hint: it’s the one that’s more profitable. Those promises of “we’re different!” are always hollow anyway. Remember the DAO? They wanted to avoid social arbitration entirely for financial contracts, but when the chips are down and their money was walking out the door, they forked the blockchain.
An exhaustive copy of the official Sites and Monuments Record annotated on Google Maps (via ITS Slack)
The precise molecular mechanisms connecting regular activity to improved health have been unclear. A study published April 14 in Science Advances makes major gains in this understanding. Building off previous work on single bouts of exercise, researchers at Ghent University in Belgium found that when humans perform long-term training, histamine receptors are activated, improving a variety of cardiometabolic risk factors, from insulin sensitivity to aerobic capacity and blood vessel health. “It’s awesome, it’s a very cool paper,” says University of Oregon exercise physiologist John Halliwill, who was not involved in the study. “This is one of a few studies out there finally looking at these molecular transducers, and this is the only one out there on histamine that showed that it has this lasting impact on how we adapt to exercise. . . . It’s not just a signal associated with allergies and asthma, wound healing. It seems to have a hand in everything related to exercise, which is quite amazing.”
attempting to estimate the carbon footprint of cloud computing at AWS, by estimating the power consumption of individual EC2 instances running a workload.
The numbers are in, in this _Science_ paper —
Cases of SARS-CoV-2 infection in Manaus, Brazil, resurged in late 2020, despite previously high levels of infection. Genome sequencing of viruses sampled in Manaus between November 2020 and January 2021 revealed the emergence and circulation of a novel SARS-CoV-2 variant of concern. Lineage P.1, acquired 17 mutations, including a trio in the spike protein (K417T, E484K and N501Y) associated with increased binding to the human ACE2 receptor. Molecular clock analysis shows that P.1 emergence occurred around mid-November 2020 and was preceded by a period of faster molecular evolution. Using a two-category dynamical model that integrates genomic and mortality data, we estimate that P.1 may be 1.7–2.4-fold more transmissible, and that previous (non-P.1) infection provides 54–79% of the protection against infection with P.1 that it provides against non-P.1 lineages. Enhanced global genomic surveillance of variants of concern, which may exhibit increased transmissibility and/or immune evasion, is critical to accelerate pandemic responsiveness.
Some context — European telcos no longer operate their equipment:
As an icebreaker, [telco operators] were asked if they thought the Chinese could eavesdrop through “backdoors” in Huawei equipment. Every single hand went up. One of the bankers then asked, for balance, if they thought the US could access communications through key Cisco equipment. “All the hands went straight back up without hesitation” [….] In a modern telecommunications service provider, new equipment is deployed, configured, maintained and often financed by the vendor. Just to let that sink in, Huawei (and their close partners) already run and directly operate the mobile telecommunication infrastructure for over 100 million European subscribers. The host service provider often has no detailed insight in what is going on, and would have a hard time figuring this out through their remaining staff. Rampant outsourcing has meant that most local expertise has also left the company, willingly or unwillingly.(via ITS slack)
“The evidence supporting airborne transmission is overwhelming, and evidence supporting large droplet transmission is almost non-existent” (Greenhalgh et al., Lancet, 2021) (via Daniel Lemire)
France’s official “Repairability Index” site
Very impressive level of detail here
This is chilling:
I love tech. But watching it intersect with a Hindu nationalist government trying to crush dissent, choke a free press, and destroy a nation’s secular ethos doesn’t feel like something I bought a ticket to. Writing about technology from India now feels like having a front-row seat to the country’s rapid slide into authoritarianism. “It’s like watching a train wreck while you’re inside the train,” I Slacked my boss in November.
This is the best news to happen in Ireland’s emissions situation for a while! The ESB plan to turn off the highly polluting coal power station at Moneypoint, switching it to be a hub for offshore wind energy, including energy storage using hydrogen. Moneypoint has massive connections to the Irish grid, and the amount of available wind power on the west coast is simply huge. Great stuff!
Using DD-WRT to turn off the internet for certain devices during night-time hours
‘[River] wanted to use a Raspberry Pi to bring the fans into his home automation system, but the Raspberry Pi doesn’t have a 304.2 MHz radio. What it does have is user-programmable GPIO and the rpitx package, which converts a GPIO pin into a basic radio transmitter. Of course, the Pi’s GPIO pin’s aren’t long enough to efficiently transmit at 304.2 MHz, so [River] added a proper antenna, as well as a low-pass filter to clean up the transmitted signal. The rpitx package supports OOK out of the box, so [River] was quickly able get the Pi controlling his fan in no time’
Zeynep Tufekci hits the nail on the head here — 3 particular factors were wilfully overlooked in Western countries’ early response to the COVID pandemic:
Put all three together: airborne transmission, clusters driving the epidemic, and presymptomatic transmission. Not only do we get a clear and consistent picture of many things that have happened since, we also get the mitigation strategy. Further, all three dimensions support each other: transmission from people not (yet) coughing or sneezing very much argues in favor of aerosol transmission, which explains how large clusters can be driving the epidemic and how transmission in a situation like that ship can occur. And the mitigation and other strategies become clear: pay attention to clusters and ventilation, universal masks, different policies for indoors and outdoors, etc.
Holy cow this could have been pretty serious:
A software mistake caused a Tui flight to take off heavier than expected as female passengers using the title “Miss” were classified as children, an investigation has found. The departure from Birmingham airport to Majorca with 187 passengers on board was described as a “serious incident” by the Air Accidents Investigation Branch (AAIB). An update to the airline’s reservation system while its planes were grounded due to the coronavirus pandemic led to 38 passengers on the flight being allocated a child’s “standard weight” of 35kg as opposed to the adult figure of 69kg. This caused the load sheet – produced for the captain to calculate what inputs are needed for take-off – to state that the Boeing 737 was more than 1,200kg lighter than it actually was.
Excellent thread on privacy and security of the proposed Digital Green Certificate for intra-EU safe travel during the COVID-19 pandemic, from Carmela Troncoso. tl;dr:
My conclusion is: this is an immature design of an extremely complex infrastructure with no guaranteed security. The proposed scheme is likely to go down the slippery slope of discrimination and surveillance. I’d like to end reminding my wild thought: Given that fraud is possible anyway, a simple paper-based solution with enough protection to deter cheating may be sufficient to get us through this summer, avoiding long-term consequences.
Allow Minecraft Bedrock Edition clients on mobile devices, Switch, PS4 and XBox to connect to your Java edition Minecraft server. Works particularly nicely as a plugin in a PaperMC server — will definitely give this a go and see how the kids get on….
Official guidance from the CDC is toning down the “bleach everything!” messaging:
People can be infected with SARS-CoV-2 through contact with surfaces. However, based on available epidemiological data and studies of environmental transmission factors, surface transmission is not the main route by which SARS-CoV-2 spreads, and the risk is considered to be low. The principal mode by which people are infected with SARS-CoV-2 is through exposure to respiratory droplets carrying infectious virus. In most situations, cleaning surfaces using soap or detergent, and not disinfecting, is enough to reduce risk. Disinfection is recommended in indoor community settings where there has been a suspected or confirmed case of COVID-19 within the last 24 hours. The risk of fomite transmission can be reduced by wearing masks consistently and correctly, practicing hand hygiene, cleaning, and taking other measures to maintain healthy facilities.Can we tone down the cleanliness theatre now?
The short version is this: we think about 1% of applications and traffic “out there” are still using TLS1.0/TLS1.1. Given where browsers are at, I think this percentage is an under-estimate of the usage on Java applications – I suspect it’s even higher there. When we dig in with customers “Why are you still using TLS1.0 or TLS1.1” the most common reasons are legacy appliances and applications. Think of hardware load balancers that were never updated, or can’t be, to support TLS1.2 or better. Compliance mandated traffic inspection devices that force TLS1.0 in certain industries are another reason. For these applications, the change will break them, and they’ll get a low-level exception. The users can re-enable TLS1.0 and TLS1.1, but they may suffer an outage because they likely weren’t expecting a breaking change low in the networking stack.
oh god this brings back painful memories —
On a particularly large deployment, I eventually had to layer in a second pgbouncer tier. One tier ran on the application servers and another tier on the database servers. Altogether it aggregated connections for around 1 million client processes. Tuning it was 40% dark art, 40% brute force, and 10% pure luck.Amazing to see that these issues are still something that Postgres users have to worry about :)
Good article on the topic of COVID-19 airborne transmission, with some decent graphics and charts
This is going to be one of the big scandals of COVID-19, when we get around to looking back from a position of safety in the future:
On 28 March 2020, two months after the WHO had declared COVID-19 a global health emergency, the agency broadcast a public-health message on Twitter and Facebook. “FACT: #COVID19 is NOT airborne,” it said, labelling claims to the contrary as misinformation. But evidence quickly established that the virus is transmitted by air, and researchers roundly criticized the agency. The WHO updated its advice on SARS-CoV-2 transmission three months later, acknowledging the possibility that airborne transmission might occur in some community settings. Airborne transmission in “crowded and inadequately ventilated spaces over a prolonged period of time with infected persons cannot be ruled out”, the updated advice says. Yuguo Li, a building environment engineer at the University of Hong Kong, says that he is disappointed it took the WHO and other health authorities so long. “We would have saved a lot of people” if airborne transmission was recognized earlier, he says.
Keith Dawson has written up a great summary of a paper by Dr. Zoë Hyde:
The general perception and belief for the last year has been that children are less likely than adults to be infected with SARS-CoV-2. A new paper in the journal Clinical Infectious Diseases casts serious doubt on this assumption. The author of that paper, Zoë Hyde of the University of Western Australia, argues that there are two principal reasons why the myth of a lower attack rate in children developed: we don’t test kids much, and they may only be infectious for a very short window of time. The CDC’s stance on kids and Covid seems to be overly sanguine. The metric used in their paper is hospitalization rate. It is true that hospitalization rates for teenagers and younger people are extremely low, but that may not be strongly indicative of infection rate. Kids’ infections are more likely to result in a mild or even asymptomatic case of Covid-19 — about twice as likely as for adults, according to Hyde. Combine this fact with the US bias towards testing only once symptoms appear, and you can see how this could contribute to an undercount of childhood cases. Compounding the dearth of testing is the (fairly robust) finding that, when infected, children may be shedding virus for a shorter time than adults: only two days on average, compared to five days for adults. So kids are more than twice as likely to show up PCR-negative even in the rare instances in which they are tested. Looking at seroprevalence surveys, Hyde cites studies from Italy and Brazil pointing to similar levels of children and adults who have antibodies indicating they have recovered from the disease. (In the Italian study from last year, children’s seroprevalence was even higher than that of the oldest adults, the result of what Hyde calls “survivorship bias” — i.e., the older people who got Covid-19 mostly died.) The hosts on This Week in Virology went over Hyde’s paper in last week’s podcast, TWiV #731. If you can spare the time, listen to 11 minutes’ worth of their discussion beginning at 23:33. One compelling point the TWiV team brought out: children are not immune from long Covid. A UK study found that 12.9% of kids had symptoms weeks after clearing the disease, compared with 22% of adults. The belief that children don’t get infected much should no longer be used as an argument for why schools ought to be reopened.
Turns out they accidentally released some charts back in Feb, modelling vaccination/reopening scenarios — these were probably used in private briefings to the cabinet, and not intended for public consumption (via Andrew Flood)
Well done, Slovakia — massive decrease in prevalence after 2 rounds of mass testing.
Slovakia conducted multiple rounds of population-wide rapid antigen testing for SARS-CoV-2 in late 2020, combined with a period of additional contact restrictions. Observed prevalence decreased by 58% (95% CI: 57-58%) within one week in the 45 counties that were subject to two rounds of mass testing, an estimate that remained robust when adjusting for multiple potential confounders. Adjusting for epidemic growth of 4.4% (1.1-6.9%) per day preceding the mass testing campaign, the estimated decrease in prevalence compared to a scenario of unmitigated growth was 70% (67-73%). Modelling indicated that this decrease could not be explained solely by infection control measures, but required the additional impact of isolation and quarantine of household members of those testing positive.
Testcontainers is a Java library that supports JUnit tests, providing lightweight, throwaway instances of common databases, Selenium web browsers, or anything else that can run in a Docker container.
Lovely little service to draw a map with ridgelines, Joy Division “Unknown Pleasures” style (via Nelson)
‘tl;dr: The time when Microsoft banned my entire country for cheating at Club Bing.’ This is a great story — though it must have been driving the MS Asirra anti-abuse team up the wall. Quite interesting to hear about low-cost/grassroots ways to accomplish some of the tech tasks, e.g. instead of firing up a farm of EC2 instances to crack a Captcha, he farmed out that work using thumbdrives, manually distributed to his friends.
‘The club’s name is synonymous with idiocy in Africa’s most populous nation. How on earth did this happen?’ — what a great story! (via Ben)
Interesting blog post from Nelson about Speedify, a proprietary multipath VPN service to bond two internet links to improve reliability
Amazing well-preserved human footprints from between 4200 and 4600 years ago:
The Centro Nacional de Investigación sobre la Evolución Humana (CENIEH) has participated in chapter 17, which covers the prints of bare feet preserved in the soft floor sediment of Palomera Cave in the Ojo Guareña Karst Complex (Merindad de Sotoscueva, Burgos, Spain). These footprints, ascribed to traces left by about ten individuals who explored the caves between 4200 and 4600 years ago, were discovered in 1969 by Grupo Espeleológico Edelweiss (GEE) at the Sala y Galerías de las Huellas site, some 1200 m from the entrance to Palomera Cave. The fragility of the footprints and their environment meant it was not possible to study them, and doing so has had to await the development of the new non-invasive teledetection techniques.
Great essay on the shitfest that is NFTs and cryptoart:
During unprecedented temperature increases, sea level rise, the total loss of permanent sea ice, widespread species extinction, countless severe weather events, and all the other hallmarks of total climate collapse, this kind of gleeful wastefulness is, and I am not being hyperbolic, a crime against humanity.
Prof. Akiko Iwasaki on Twitter: “This video shows that vaccines have helped some people with #longCOVID with their symptoms. While the numbers are still small in some groups, there are encouraging signs (also via @DanielGriffinMD). I present my hypothesis on how vaccines might improve #LongCovid (1/)”
Reverse-engineered by an external user, it seems: ‘This information below is gathered from sporadic developer posts and videos, salted with my own experience and experiments, various forum threads, and watching streams. Note that since Blizzard does not give exact algorithms, I do have to fill in some gaps, or leave some items unknown.’ The matchmaking systems are very complex and a key component of what makes games like Overwatch playable, so this is interesting stuff. (via Shevaun)
This is great. An amulet is ‘a kind of poem that depends on language, code, and luck. To qualify, a poem must satisfy these criteria: Its complete Unicode text is 64 bytes or less; and the hexadecimal SHA-256 hash of the text includes four or more 8s in a row.’
The hash is a cold hexadecimal spew – 9a120001cc88888363fc67c45f2c52447ae64808d497ec9d699dba0d74d72aab – and, like a fingerprint, it doesn’t tell you anything about the entity it identifies. That’s by design, but even so, it feels strange for a value so pivotal to be totally disconnected from the underlying content, especially when it is this value that’s being collected and traded in cryptographic marketplaces. Ostensibly, the hash provides an immutable link between unique cryptographic object and free-floating digital media. The amulet asks: what if we took that link seriously? In a sense, the definition of the SHA-256 hash function created, at a stroke, all amulets of all rarities. Common to mythic, trashy to lovely, they have been hiding in the manifold combinations of language; we just didn’t know we ought to be looking for them. Until now!