The RISKS Digest
Volume 32 Issue 78

Tuesday, 27th July 2021

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

Russia Disconnects from Internet in Tests as It Bolsters Security
Reuters
‘Advanced’ Nuclear Reactors? Don't Hold Your Breath
Scientific American
Space Data Integrator
faa.gov
What Ever Happened to IBM's Watson?
NYTimes
A Severe Drought Is Threatening the Hoover Dam Reservoir—and Water Throughout the West
Mother Jones
The end of open source?
Shaun O'Meara
Niemoeller's Boiled Frog: Weaponization of App Data
Josephy Cox via Henry Baker
Hoe no! Facebook snafu spells trouble for gardening group
AP News
Hackers Turning to ‘Exotic’ Programming Languages for Malware Development
The Hacker News
Disinformation for Hire, a Shadow Industry, Is Quietly Booming
Max Fisher
What Should Happen to Our Data When We Die?]
NYTimes
Breast Cancer Patient Attacked by Violent Anti-Mask Protest Outside Los Angeles Clinic
Vice
‘STFU’ is anti-science
Tunku Varadarajan via Henry Baker
The Problem With Stealing High-End Electronics and Beer
Now I Know
Re: Traffic Analysis and Herd Immunity (anthony youngman}
????
Re: Rounding errors could make certain stop-watches pick wrong race winners
Jim Garrison
Re: YouTube fined 100 000 Euros delaying court order to restore video
Dick Mills
Re: A secret algorithm is transforming DNA evidence. This defendant could be the first to scrutinize it.
Michael Black
Re: Some locals say a bitcoin mining operation is ruining one of the Finger Lakes. Here's how.
David B. Horvath
Re: RFI on scientific integrity
David B. Horvath
Info on RISKS (comp.risks)

Russia Disconnects from Internet in Tests as It Bolsters Security (Reuters)

ACM TechNews <technews-editor@acm.org>
Mon, 26 Jul 2021 11:56:56 -0400 (EDT)

Alexander Marrow and Dmitry Antonov, Reuters, 22 Jul 2021, via ACM TechNews, 26 Jul 2021

Russia reportedly disconnected from the global Internet during tests in June and July, according to a report by the RBC daily that cited documents from the working group responsible for strengthening Russia's Internet security under the 2019 sovereign Internet law, which aims to prevent Russia from being cut off from foreign infrastructure. A working group source said the purpose of tests was “to determine the ability of the ‘Runet’ to work in case of external distortions, blocks and other threats.'' The Internet Research Institute's Karen Kazaryan said, “Given the general secrecy of the process and the lack of public documents on the subject, it is difficult to say what happened in these tests.'' https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2c0d1x22c833x072256&


‘Advanced’ Nuclear Reactors? Don’t Hold Your Breath (Scientific American)

“Richard Stein” <rmstein@ieee.org>
Sun, 25 Jul 2021 10:35:53 +0800

https://www.scientificamerican.com/article/lsquo-advanced-rsquo-nuclear-reactors-don-rsquo-t-hold-your-breath/

The essay discusses current commercial interests that promote sodium metal-cooled nuclear reactors in the ~300 Mwatt range, but argues against them based on historical evidence.

“Nuclear Plant Accidents: Sodium Reactor Experiment” discusses this ~60 year old experimental failure based on an analogous design. https://allthingsnuclear.org/dlochbaum/nuclear-plant-accidents-sodium-reactor-experiment/

While nuclear fission is carbon-free, there's no US-approved repository to safely and permanently dispose of radioactive reactor effluence. Sweden's is operational, and Finland is finishing construction of theirs: See “Into Eternity,” https://www.amazon.com/Into-Eternity-Entos-aioniotitas-Onkalo/dp/B07Q39FQV3/ref=sr_1_9 (retrieved on 25JUL2021).

Machinery failure (Three Mile Island) or human error (Chernobyl), or combinations of both, contribute to nuke plant accidents.

If “fat fingers” in a control room are a cause for concern, what about AI to safely operate a fission reactor? See “AI finds a place in nuclear O&M,”

https://www.reutersevents.com/nuclear/ai-finds-place-nuclear-om

“While AI and machine learning offer a number of benefits for the nuclear power industry as it moves toward a new generation of reactors, its range, for the moment, is limited.”

“A lack of real, operational data from operating nuclear power stations, a varying degree of opinion as to which systems would work best, and the sometimes-mysterious mechanizations within a so-called ‘intelligent’ system, or its ‘black box’ nature, pose potential problems for AI’s use in nuclear.”

[A machine-based lesson learned can be hazardous to your health.]


Space Data Integrator (faa.gov)

“Richard Stein” <rmstein@ieee.org>
Tue, 13 Jul 2021 09:47:50 +0800

https://www.faa.gov/news/fact_sheets/news_story.cfm?newsId=23476

Ever experience a commercial flight ground stop? Here's the tool that will minimize delay attributed to an exo-atmospheric vehicle launch or re-entry in the vicinity of your next flight.

“The SDI operational prototype is designed to accept launch and reentry vehicle state vector data gathered from operators such as vehicle position, altitude, and speed. SDI will then process the data, display it, and distribute it to Traffic Flow Management System (TFMS). SDI allows the FAA to track the actual versus planned trajectory of launch and reentry operations, the status of various mission events, and the display of Aircraft Hazard Areas (AHAs). SDI sends vehicle position and AHAs to the TFMS for display on the TFMS Traffic Situation Display at the Command Center.”

Risk: Protracted vehicle launch or reentry delay


What Ever Happened to IBM's Watson? (NYTimes)

“Gabe Goldberg” <gabe@gabegold.com>
Fri, 16 Jul 2021 18:27:49 -0400

A decade ago, IBM’s public confidence was unmistakable. Its Watson supercomputer had just trounced Ken Jennings, the best human “Jeopardy!” player ever, showcasing the power of artificial intelligence. This was only the beginning of a technological revolution about to sweep through society, the company pledged.

“Already,” IBM declared in an advertisement the day after the Watson victory, “we are exploring ways to apply Watson skills to the rich, varied language of health care, finance, law and academia.”

But inside the company, the star scientist behind Watson had a warning: Beware what you promise.

David Ferrucci, the scientist, explained that Watson was engineered to identify word patterns and predict correct answers for the trivia game. It was not an all-purpose answer box ready to take on the commercial world, he said. It might well fail a second-grade reading comprehension test.

His explanation got a polite hearing from business colleagues, but little more.

“It wasn’t the marketing message,” recalled Mr. Ferrucci, who left IBM the following year.

It was, however, a prescient message.

https://www.nytimes.com/2021/07/16/technology/what-happened-ibm-watson.html


A Severe Drought Is Threatening the Hoover Dam Reservoir—and Water Throughout the West (Mother Jones)

“Gabe Goldberg” <gabe@gabegold.com>
Fri, 16 Jul 2021 18:23:36 -0400

Things will be fine: The governor of Utah has resorted to asking <https://www.deseret.com/utah/2021/6/7/22522740/utah-gov-cox-called-on-utahns-to-pray-for-rain-some-criticized-him-heres-how-responded-lgbt-drought> people to pray for rain.

Except: The west has gone through periods like this “megadrought”, with only occasional respite, for the past two decades. But scientists have made clear the current conditions would be virtually impossible without human-caused climate change, pointing to a longer-term “aridification <https://www.pnas.org/content/117/22/11856.short>” of the region. All of the water conservation efforts that have kept shortages at bay until now risk being surpassed by the rising heat. […]

Even with these adaptions, however, the decline of Lake Mead has caused the amount of hydropower generated by the dam to drop by around 25 percent. The drought is expected to cause https://www.cnn.com/2021/06/17/us/california-drought-oroville-power/index.html the hydro facility at Lake Oroville, California, to completely shut down, prompting a warning from the United States Energy Association that a “megadrought-induced electricity shortage could be catastrophic, affecting everything from food production to industrial manufacturing”. The association added that such a scenario could even force people to move east, in what is called a “reverse Dust Bowl exodus”.

https://www.motherjones.com/environment/2021/07/a-severe-drought-is-threatening-the-hoover-dam-reservoir-and-water-throughout-the-west/


The end of open source? (Shaun O'Meara)

Dewayne Hendricks <dewayne@warpspeed.com>
July 26, 2021 2:13:53 JST
[Note: This item comes from friend David Rosenthal. DLH (via Dave Farber)

Shaun O’Meara, TechCrunch, 18 Jul 2021 <https://techcrunch.com/2021/07/18/the-end-of-open-source/>

Several weeks ago, the Linux community was rocked by the disturbing news that University of Minnesota researchers had developed (but, as it turned out, not fully executed) a method for introducing what they called “hypocrite commits” to the Linux kernel — the idea being to distribute hard-to-detect behaviors, meaningless in themselves, that could later be aligned by attackers to manifest vulnerabilities.

This was quickly followed by the — in some senses, equally disturbing — announcement that the university had been banned, at least temporarily, from contributing to kernel development. A public apology from the researchers followed.

Though exploit development and disclosure is often messy, running technically complex “red team” programs against the world’s biggest and most important open-source project feels a little extra. It’s hard to imagine researchers and institutions so naive or derelict as not to understand the potentially huge blast radius of such behavior.

Equally certain, maintainers and project governance are duty bound to enforce policy and avoid having their time wasted. Common sense suggests (and users demand) they strive to produce kernel releases that don’t contain exploits. But killing the messenger seems to miss at least some of the point — that this was research rather than pure malice, and that it casts light on a kind of software (and organizational) vulnerability that begs for technical and systemic mitigation.

I think the “hypocrite commits” contretemps is symptomatic, on every side, of related trends that threaten the entire extended open-source ecosystem and its users. That ecosystem has long wrestled with problems of scale, complexity and free and open-source software’s (FOSS) increasingly critical importance to every kind of human undertaking. Let’s look at that complex of problems:

Meanwhile, the threat landscape keeps evolving:

The net result is that projects of the scale and utter criticality of the Linux kernel aren't prepared to contend with game-changing, hyperscale threat models. In the specific case we’re examining here, the researchers were able to target candidate incursion sites with relatively low effort (using static analysis tools to assess units of code already identified as requiring contributor attention), propose “fixes” informally via email, and leverage many factors, including their own established reputation as reliable and frequent contributors, to bring exploit code to the verge of being committed.


Niemoeller's Boiled Frog; Weaponization of App Data

“Henry Baker” <hbaker1@pipeline.com>
Fri, 23 Jul 2021 10:02:27 -0700

The heat on Niemoeller's Frog is being turned up as we speak…

First they came for the gay priests […] and [by then] there was no one left to speak for me.

https://www.vice.com/en/article/pkbxp8/grindr-location-data-priest-weaponization-app

The Inevitable Weaponization of App Data Is Here

Joseph Cox 21 Jul 2021 A Substack publication used location data from Grindr to out a priest without their consent.

It finally happened. After years of warning from researchers, journalists, and even governments, someone used highly sensitive location data from a smartphone app to track and publicly harass a specific person. In this case, Catholic Substack publication The Pillar said it used location data ultimately tied to Grindr to trace the movements of a priest, and then outed him publicly as potentially gay without his consent. The Washington Post reported on Tuesday that the outing led to his resignation.

The news starkly demonstrates not only the inherent power of location data, but how the chance to wield that power has trickled down from corporations and intelligence agencies to essentially any sort of disgruntled, unscrupulous, or dangerous individual. A growing market of data brokers that collect and sell data from countless apps has made it so that anyone with a bit of cash and effort can figure out which phone in a so-called anonymized dataset belongs to a target, and abuse that information.

“Experts have warned for years that data collected by advertising companies from Americans' phones could be used to track them and reveal the most personal details of their lives. Unfortunately, they were right,” Senator Ron Wyden told Motherboard in a statement, responding to the incident. “Data brokers and advertising companies have lied to the public, assuring them that the information they collected was anonymous. As this awful episode demonstrates, those claims were bogus—individuals can be tracked and identified.”

In short, The Pillar says that Msgr. Jeffrey Burrill, who was the general secretary of the U.S. bishops' conference (USCCB) before his resignation, visited gay bars and other locations while using gay dating app Grindr. “An analysis of app data signals correlated to Burrill's mobile device shows the priest also visited gay bars and private residences while using a location-based hookup app in numerous cities from 2018 to 2020, even while traveling on assignment for the U.S. bishops' conference,” the outlet wrote. The Pillar says the location data is “commercially available records of app signal data,” and that it obtained the records from “a data vendor” and then authenticated them with a data consulting firm.

The data itself didn't contain each mobile phone user's real name, but The Pillar and its partner were able to pinpoint which device belonged to Burrill by observing one that appeared at the USCCB staff residence and headquarters, locations of meetings that he was in, as well as his family lake house and an apartment that has him listed as a resident. In other words, they managed to, as experts have long said is easy to do, unmask this specific person and their movements across time from an supposedly anonymous dataset.

A Grindr spokesperson told Motherboard in an emailed statement that “Grindr's response is aligned with the editorial story published by the Washington Post which describes the original blog post from The Pillar as homophobic and full of unsubstantiated innuendo. The alleged activities listed in that unattributed blog post are infeasible from a technical standpoint and incredibly unlikely to occur. There is absolutely no evidence supporting the allegations of improper data collection or usage related to the Grindr app as purported.”

It is not clear what Grindr sees as “infeasible from a technical standpoint.” In January the Norwegian Data Protection Authority fined Grindr $11.7 million for providing its users' data to third parties, including their precise location data. Almost prophetically, Norwegian authorities said at the time that Grindr users could be targeted with this sort of information in countries where homosexuality is illegal.

Researchers have repeatedly shown that it is possible to figure out who a phone in an allegedly anonymized set of location data belongs to sometimes with a few points of reference, such as their home or place of work. The spokesperson did not respond to a request to elaborate on what Grindr believes is technically infeasible.

“The research from The Pillar aligns to the reality that Grindr has historically treated user data with almost no care or concern, and dozens of potential ad tech vendors could have ingested the data that led to the doxxing,” Zach Edwards, a researcher who has closely followed the supply chain of various sources of data, told Motherboard in an online chat. “No one should be doxxed and outed for adult consenting relationships, but Grindr never treated their own users with the respect they deserve, and the Grindr app has shared user data to dozens of ad tech and analytics vendors for years.”

Journalists have also used location data in similar ways before in their reporting. In February, The New York Times' opinion section married location and advertising data to reveal the movements and identities of specific people who attended the January 6 Capitol riots.

“While there were no names or phone numbers in the data, we were once again able to connect dozens of devices to their owners, tying anonymous locations back to names, home addresses, social networks and phone numbers of people in attendance. In one instance, three members of a single family were tracked in the data,” the piece read.

Last week, Motherboard reported on the so-called “identity resolution” industry, in part by posing as a customer looking to buy sensitive data. These companies promise to match mobile advertising IDs—unique codes assigned to mobile phones by their operating systems, and which tech companies have repeatedly assured consumers are anonymous, or at least pseudonymous—to real-world identities. This makes unmasking people in datasets even easier; why bother trying to figure out which phone belongs to who when you can just buy that information instead.

“Anyone and everyone who has a phone and has installed an app that has ads, currently is at risk of being de-anonymized via unscrupulous companies,” Edwards told Motherboard at the time when presented with our findings.

Senator Wyden called for the Federal Trade Commission to act on the data broker industry. “Last year, I led a bipartisan letter to the FTC calling for a broad probe of the industry. The FTC needs to step up and protect Americans from these outrageous privacy violations, and Congress needs to pass comprehensive federal privacy legislation,” he added.

Motherboard has also shown how wide spanning the customer base for this sort of location data is, with the U.S. military and various law enforcement agencies also purchasing it, skirting the need to obtain a warrant. And although the data was based on that generated by telecom networks and not apps, we also previously spoke to Ruth Johnson, a woman who was stalked and harassed by someone who gained access to her phone's location. Johnson said T-Mobile put her “life in danger.” Motherboard also tied black market location data to the spot of a triple murder.


Hoe no! Facebook snafu spells trouble for gardening group (AP News)

“Gabe Goldberg” <gabe@gabegold.com>
Sat, 24 Jul 2021 23:51:05 -0400

https://apnews.com/article/lifestyle-technology-oddities-business-gardening-9c9f431f91ba450537974758de4f14d2


Hackers Turning to ‘Exotic’ Programming Languages for Malware Development (The Hacker News)

geoff goodfellow <geoff@iconia.com>
Tue, 27 Jul 2021 12:33:46 -1000

Threat actors are increasingly shifting to “exotic” programming languages such as Go, Rust, Nim, and Dlang that can better circumvent conventional security protections, evade analysis, and hamper reverse engineering efforts.

“Malware authors are known for their ability to adapt and modify their skills and behaviors to take advantage of newer technologies,” said <https://www.blackberry.com/us/en/forms/enterprise/report-old-dogs-new-tricks> Eric Milam, Vice President of threat research at BlackBerry. “That tactic has multiple benefits from the development cycle and inherent lack of coverage from protective products.”

On the one hand, languages like Rust are more secure as they offer guarantees like memory-safe programming <https://en.wikipedia.org/wiki/Rust_(programming_language)#Memory_safety>, but they can also be a double-edged sword when malware engineers abuse the same features designed to offer increased safeguards to their advantage, thereby making malware less susceptible to exploitation and thwart attempts to activate a kill-switch <https://thehackernews.com/2020/08/emotet-botnet-malware.html> and render them powerless.

Noting that binaries written in these languages can appear more complex, convoluted, and tedious when disassembled, the researchers said the pivot adds additional layers of obfuscation, simply by virtue of them being relatively new, leading to a scenario where older malware developed using traditional languages like C++ and C# are being actively retooled with droppers and loaders written in uncommon alternatives to evade detection by endpoint security systems. […]

https://thehackernews.com/2021/07/hackers-turning-to-exotic-programming.html


Disinformation for Hire, a Shadow Industry, Is Quietly Booming (Max Fisher)

Dewayne Hendricks <dewayne@warpspeed.com>
July 26, 2021 21:57:01 JST

Back-alley firms meddle in elections and promote falsehoods on behalf of clients who can claim deniability, escalating our era of unreality.

Max Fisher, The New York Times, 25 Jul 2021 <https://www.nytimes.com/2021/07/25/world/europe/disinformation-social-media.html>

In May, several French and German social media influencers received a strange proposal. A London-based public relations agency wanted to pay them to promote messages on behalf of a client. A polished three-page document detailed what to say and on which platforms to say it. But it asked the influencers to push not beauty products or vacation packages, as is typical, but falsehoods tarring Pfizer-BioNTech’s Covid-19 vaccine. Stranger still, the agency, Fazze, claimed a London address where there is no evidence any such company exists.

Some recipients posted screenshots of the offer. Exposed, Fazze scrubbed its social media accounts. That same week, Brazilian and Indian influencers posted videos echoing Fazze’s script to hundreds of thousands of viewers.

The scheme appears to be part of a secretive industry that security analysts and American officials say is exploding in scale: disinformation for hire.

Private firms, straddling traditional marketing and the shadow world of geopolitical influence operations, are selling services once conducted principally by intelligence agencies. They sow discord, meddle in elections, seed false narratives and push viral conspiracies, mostly on social media. And they offer clients something precious: deniability. “Disinfo-for-hire actors being employed by government or government-adjacent actors is growing and serious,” said Graham Brookie, director of the Atlantic Council's Digital Forensic Research Lab, calling it “a boom industry.”

Similar campaigns have been recently found promoting India's ruling party, Egyptian foreign policy aims and political figures in Bolivia and Venezuela. Mr. Brookie's organization tracked one operating amid a mayoral race in Serra, a small city in Brazil. An ideologically promiscuous Ukrainian firm boosted several competing political parties.

In the Central African Republic, two separate operations flooded social media with dueling pro-French and pro-Russian disinformation. Both powers are vying for influence in the country.

A wave of anti-American posts in Iraq, seemingly organic, were tracked to a public relations company that was separately accused of faking anti-government sentiment in Israel. Most trace to back-alley firms whose legitimate services resemble those of a bottom-rate marketer or email spammer.

Job postings and employee LinkedIn profiles associated with Fazze describe it as a subsidiary of a Moscow-based company called Adnow. Some Fazze web domains are registered as owned by Adnow, as first reported by the German outlets Netzpolitik and ARD Kontraste. Third-party reviews portray Adnow as a struggling ad service provider.

European officials say they are investigating who hired Adnow. Sections of Fazze's anti-Pfizer talking points resemble promotional materials for Russia’s Sputnik-V vaccine.

For-hire disinformation, though only sometimes effective, is growing more sophisticated as practitioners iterate and learn. Experts say it is becoming more common in every part of the world, outpacing operations conducted directly by governments.

The result is an accelerating rise in polarizing conspiracies, phony citizen groups and fabricated public sentiment, deteriorating our shared reality beyond even the depths of recent years.

The trend emerged after the Cambridge Analytica scandal in 2018, experts say. Cambridge, a political consulting firm linked to members of Donald J. Trump’s 2016 presidential campaign, was found to have harvested data on millions of Facebook users.

The controversy drew attention to methods common among social media marketers. Cambridge used its data to target hyper-specific audiences with tailored messages. It tested what resonated by tracking likes and shares.

The episode taught a generation of consultants and opportunists that there was big money in social media marketing for political causes, all disguised as organic activity.

Some newcomers eventually reached the same conclusion as Russian operatives had in 2016: Disinformation performs especially well on social platforms.

At the same time, backlash to Russia’s influence-peddling appeared to have left governments wary of being caught—while also demonstrating the power of such operations.

“There is, unfortunately, a huge market demand for disinformation,” Mr. Brookie said, “and a lot of places across the ecosystem that are more than willing to fill that demand.”

Commercial firms conducted for-hire disinformation in at least 48 countries last year — nearly double from the year before, according to an Oxford University study. The researchers identified 65 companies offering such services.

Last summer, Facebook removed a network of Bolivian citizen groups and journalistic fact-checking organizations. It said the pages, which had promoted falsehoods supporting the country’s right-wing government, were fake.

Stanford University researchers traced the content to CLS Strategies, a Washington-based communications firm that had registered as a consultant with the Bolivian government. The firm had done similar work in Venezuela and Mexico.

A spokesman referred to the company’s statement last year saying its regional chief had been placed on leave but disputed Facebook’s accusation that the work qualified as foreign interference.

Eroding Reality

New technology enables nearly anyone to get involved. Programs batch generate fake accounts with hard-to-trace profile photos. Instant metrics help to hone effective messaging. So does access to users’ personal data, which is easily purchased in bulk.

The campaigns are rarely as sophisticated as those by government hackers or specialized firms like the Kremlin-backed Internet Research Agency.

But they appear to be cheap. In countries that mandate campaign finance transparency, firms report billing tens of thousands of dollars for campaigns that also include traditional consulting services.

The layer of deniability frees governments to sow disinformation more aggressively, at home and abroad, than might otherwise be worth the risk. Some contractors, when caught, have claimed they acted without their client's knowledge or only to win future business.

Platforms have stepped up efforts to root out coordinated disinformation. Analysts especially credit Facebook, which publishes detailed reports on campaigns it disrupts.

Still, some argue that social media companies also play a role in worsening the threat. Engagement-boosting algorithms and design elements, research finds, often privilege divisive and conspiratorial content.

Political norms have also shifted. A generation of populist leaders, like Rodrigo Duterte of the Philippines, has risen in part through social media manipulation. Once in office, many institutionalize those methods as tools of governance and foreign relations.

In India, dozens of government-run Twitter accounts have shared posts from India Vs Disinformation, a website and set of social media feeds that purport to fact-check news stories on India.

India Vs Disinformation is, in reality, the product of a Canadian communications firm called Press Monitor.

Nearly all the posts seek to discredit or muddy reports unfavorable to Prime Minister Narendra Modi's government, including on the country’s severe Covid-19 toll. An associated site promotes pro-Modi narratives under the guise of news articles.


What Should Happen to Our Data When We Die?] (NYTimes)

Peter G Neumann <neumann@csl.sri.com>
Sun, 25 Jul 2021 21:25:41 PDT

… expect to be victimized by deep fakes, simulations, and questionable ethical practices … What could possibly go wrong? PGN

https://www.nytimes.com/2021/07/24/style/what-should-happen-to-our-data-when-we-die.html


Breast Cancer Patient Attacked by Violent Anti-Mask Protest Outside Los Angeles Clinic (Vice)

“Lauren Weinstein” <lauren@vortex.com>
Fri, 23 Jul 2021 08:42:16 -0700

[Enough!!! LW]

https://www.vice.com/en/article/pkbxmg/breast-cancer-patient-attacked-anti-mask-protest


‘STFU’ is anti-science

“Henry Baker” <hbaker1@pipeline.com>
Mon, 26 Jul 2021 12:52:06 -0700

‘Science’ is an institution dedicated to improving human knowledge about natural phenomena, and this institution must progress through amplifying the tiniest bits of ‘signal’ drowned in vast amounts of ‘noise’. For example, the LIGO experiment amplifies its signals at least 21 orders of magnitude to produce a legitimate reading.

More cynically, science progresses by a first scientist coming up with an hypothesis, and then amplifying this signal by 10 orders of magnitude until a majority of the O(10 billion) people on the planet are convinced.

Unfortunately, this amplification process has to deal not only with noise from Nature, but also active jamming from people with political agendas. Jamming is, of course, the active attempt to drown out a signal by brute force: overpowering the signal with counteracting signals which starve the new signal for attention (and funding).

Unfortunately, for some scientists, the Hippocratic Oath ('first do no harm') has been replaced by the Hypocritic Oath ('first shoot the messenger').

The famous evolutionary biologist Matt Ridley has been calling out this jamming (albeit without using this term) regarding the so-called COVID ‘lab leak hypothesis’ (LLH). It's not as if LLH hasn't happened before—Google sheep in Dugway, Utah and ask the victims from a SARS leak in Beijing in 2004 (see www.cdc.gov).

Under the previous administration, the Chinese govt and the main-stream media excoriated everyone who seriously considered LLH. However, MSNBC hosts nearly broke their necks with an Orwell-like whiplash when the Biden administration broke ranks and decided to investigate LLH further.

The following is a long article, behind a paywall, but Matt Ridley hasn't been shy about these issues, so there are plenty of other places to read his uncomfortable thoughts.

https://www.wsj.com/articles/covid-china-media-lab-leak-climate-ridley-biden-censorship-coronavirus-11627049477

Tunku Varadarajan 23 Jul 2021 How Science Lost the Public's Trust

From climate to Covid, politics and hubris have disconnected scientific institutions from the philosophy and method that ought to guide them.

‘Science’ has become a political catchword. “I believe in science,” Joe Biden tweeted six days before he was elected president.“ Donald Trump doesn't. It's that simple, folks.“

But what does it mean to believe in science? The British science writer Matt Ridley draws a pointed distinction between “science as a philosophy” and “science as an institution.” The former grows out of the Enlightenment, which Mr. Ridley defines as “the primacy of rational and objective reasoning.” The latter, like all human institutions, is erratic, prone to falling well short of its stated principles. Mr. Ridley says the Covid pandemic has “thrown into sharp relief the disconnect between science as a philosophy and science as an institution.”

Mr. Ridley, 63, describes himself as a “science critic, which is a profession that doesn't really exist.” He likens his vocation to that of an art critic and dismisses most other science writers as “cheerleaders.”[…] With the Canadian molecular biologist Alina Chan, [Ridley is] finishing a book called “Viral: The Search for the Origin of Covid-19,” to be published in November.

It will likely make its authors unwelcome in China. As Mr. Ridley worked on the book, he says, it became “horribly clear” that Chinese scientists are “not free to explain and reveal everything they've been doing with bat viruses.” That information has to be “dug out” by outsiders like him and Ms. Chan. The Chinese authorities, he says, ordered all scientists to send their results relevant to the virus for approval by the government before other scientists or international agencies could vet them: “That is shocking in the aftermath of a lethal pandemic that has killed millions and devastated the world.”

Mr. Ridley notes that the question of Covid's origin has “mostly been tackled by people outside the mainstream scientific establishment.” People inside not only have been “disappointingly incurious” but have tried to shut down the inquiry “to protect the reputation of science as an institution.” The most obvious reason for this resistance: If Covid leaked from a lab, and especially if it developed there, “science finds itself in the dock.”

Other factors have been at play as well. Scientists are as sensitive as other elites to charges of racism, which the Communist Party used to evade questions about specifically Chinese practices “such as the trade in wildlife for food or lab experiments on bat coronaviruses in the city of Wuhan.”

Scientists are a global guild, and the Western scientific community has “come to have a close relationship with, and even a reliance on, China.” Scientific journals derive considerable “income and input” from China, and Western universities rely on Chinese students and researchers for tuition revenue and manpower. All that, Mr. Ridley says, “may have to change in the wake of the pandemic.”

In the U.K., he has also noted “a tendency to admire authoritarian China among scientists that surprised some people.” It didn't surprise Mr. Ridley. “I've noticed for years,” he says, “that scientists take a somewhat top-down view of the political world, which is odd if you think about how beautifully bottom-up the evolutionary view of the natural world is.”

He asks: “If you think biological complexity can come about through unplanned emergence and not need an intelligent designer, then why would you think human society needs an ‘intelligent government’?” Science as an institution has “a naive belief that if only scientists were in charge, they would run the world well.” Perhaps that's what politicians mean when they declare that they “believe in science.” As we've seen during the pandemic, science can be a source of power.

But there's a “tension between scientists wanting to present a unified and authoritative voice,” on the one hand, and science-as-philosophy, which is obligated to “remain open-minded and be prepared to change its mind.” Mr. Ridley fears “that the pandemic has, for the first time, seriously politicized epidemiology.” It's partly “the fault of outside commentators” who hustle scientists in political directions. “I think it's also the fault of epidemiologists themselves, deliberately publishing things that fit with their political prejudices or ignoring things that don't.” […]

The politicization of science leads to a loss of confidence in science as an institution. The distrust may be justified but leaves a vacuum, often filled by a “much more superstitious approach to knowledge.” To such superstition Mr. Ridley attributes public resistance to technologies such as genetically modified food, nuclear power—and vaccines. […]

Vaccines have been central to the question of “misinformation” and the White House's pressure campaign against social media to censor it. Mr. Ridley worries about the opposite problem: that social media “is complicit in enforcing conformity.” It does this “through 'fact checking,' mob pile-ons, and direct censorship, now explicitly at the behest of the Biden administration.” He points out that Facebook and Wikipedia long banned any mention of the possibility that the virus leaked from a Wuhan laboratory.

“Conformity,” Mr. Ridley says, “is the enemy of scientific progress, which depends on disagreement and challenge. Science is the belief in the ignorance of experts, as [the physicist Richard] Feynman put it.” Mr. Ridley reserves his bluntest criticism for “science as a profession,” which he says has become “rather off-puttingly arrogant and political, permeated by motivated reasoning and confirmation bias.” Increasing numbers of scientists “seem to fall prey to groupthink, and the process of peer-reviewing and publishing allows dogmatic gate-keeping to get in the way of new ideas and open-minded challenge.” […]

In Mr. Ridley's view, the scientific establishment has always had a tendency “to turn into a church, enforcing obedience to the latest dogma and expelling heretics and blasphemers.”


The Problem With Stealing High-End Electronics and Beer (Now I Know)

“Gabe Goldberg” <gabe@gabegold.com>
Sun, 25 Jul 2021 16:26:31 -0400

If you’re reading this on a smartphone, you have something valuable in your hands — and I’m not talking about the story you’re about to read. The device you’re holding weighs less than 200 grams (7 ounces) and retails for as much as $1,000. It’s not quite worth its weight in gold, but it’s worth more than its weight in silver, which it to say, it’s both valuable and easily portable.

As a result, it’s a good target for thieves. In fact, most high-end electronics are. They’re expensive when sold through proper channels and there’s a lot of demand for them. So if you’re able to steal a lot of tech, you can probably find buyers simply by offering a discount. All you need is an easy target and you’ll find yourself a nice, albeit illegal, payday.

That’s likely what a couple of thieves were thinking when they learned about a tech startup in their area. Called “Roambee,” the company probably didn’t have a lot of money for things like office security or the like. In June of 2017, they rather easily broke into Roambee's offices. As Roambee'os co-founder, Vidya Subramanian, told the Verge, they simply “jimmied the lock” and gained intro into “the room where we charge our devices, and needless to say there’s computer equipment everywhere, so they thought it was a good place to steal stuff.” The robbers stole computers and boxes filled with what they probably thought were cellphone chargers. Then they grabbed a beer from Roambee's office refrigerator to celebrate.

That was a mistake.

http://nowiknow.com/the-problem-with-stealing-high-end-electronics-and-beer/


Re: Traffic Analysis and Herd Immunity (Slade, RISKS-32.77)

anthony <antmbox@youngman.org.uk>
Fri, 23 Jul 2021 17:15:09 +0100
> Once we reach herd immunity, the number of cases will drop quite
> dramatically.

By that measure, we will NEVER reach herd immunity. The number of people being RE-infected is rising.

Getting infected, or vaccinated, there's not much difference, only protects you from being (re-)infected by THAT SPECIFIC variant.

> It prevents the development of new and more dangerous variants.

NOT true! Be it a new or old variant, the biggest indicator of danger is whether you've met CoVid-19 before. The new variants are “more transmissible”, i.e., easier to catch. They have to be, given the number of people who are partially or completely immune, if they want to stand a chance of spreading.

So yes, get vaccinated. Tell your friends and family to get vaccinated. It will protect you and them. What it won't do is protect you from catching CoVid (again (and again)). What it will do is protect you from ending up in hospital — or worse. […]

Unfortunately, I don't think vaccination has any effect on whether you will suffer long haul CoVid. I suspect I may be one of the UK's earliest CoVid victims. I didn't even realise it was likely to have been CoVid until long after, it was that minor. And the doctor now suspects I may be suffering from long CoVid.

We need to drop this focus on how many cases we have, and look at how many of those cases end up in hospital. We're not going to eradicate CoVid, we need to live with it. We need to stop thinking of it as a pandemic that will go away, and think of it as what it is—a new endemic illness—JUST LIKE THE COMMON COLD. And we've been here before—it's now thought that the 1890 pandemic was a previous occasion when a corona virus “jumped species”. A few years later it had mostly disappeared, and is now thought to be the most common cause of the common cold.


Re: Rounding errors could make certain stop-watches pick wrong race winners (RISKS-32.77)

“Jim Garrison” <jhg@jhmg.net>
Sat, 24 Jul 2021 12:00:01 -0700
> Where rounding errors occurred, they usually resulted in changes of one
> one-hundredth of a second. One raw time of 28.3194 was converted to a
> displayed time of 28.21.

Sorry, but rounding 28.3194 to 28.21 is not a “rounding error”, it's just bad arithmetic due to some other programming error. Unless of course the article is misquoting or misinterpreting the actual numbers.


Re: YouTube fined 100 000 Euros delaying court order to restore video (RISKS-32.77)

“Dick Mills” <dickandlibbymills@gmail.com>
Mon, 26 Jul 2021 11:08:37 -0400

It seems like hubris for the “Higher Regional Court at Dresden” to expect that everyone in the world will recognize that title and recognize the court's authority. A global outfit like Google may receive dozens of official sounding crackpot mail messages every day. It could even come from another Dresden rather than Dresden Germany. It should take a reasonable time to investigate such a message for authenticity.

Dresden, Kansas, Dresden, Maine, Dresden, Missouri, Dresden, New York, Dresden, North Dakota, Dresden, Ohio, Dresden, Tennessee, Dresden, Ontario, Canada, Dresden, Staffordshire, England


Re: A secret algorithm is transforming DNA evidence. This defendant could be the first to scrutinize it. (RSKS-32.77)

“Black Michael” <mdblack98@yahoo.com>
Fri, 23 Jul 2021 04:13:23 +0000 (UTC)

The article on the DNA testing reminds me of working on weighted non-linear least squares problems years ago where I learned how to distrust this process which is used in multiple disciplines to this day (like chemical analysis and I suspect DNA analysis too). I started with doing gamma ray spectroscopy and fitting libraries of radioactive elements to find the best “fit” for a collected spectrum. This was the technique used by the Naval Research Laboratory for decades to do such fitting on nuclear collections done by them. Without going into the math it's like finding the best combination of coins to make a certain $ amount. So to get $1.01 you would get 4 quarters and 1 penny. And if all you know is quarters and pennies that's the only answer. But when you add dimes and nickels the number of possible solutions grows dramatically. Mind you in the real world fits aren't as exact as this example. I was in a meeting with leading people from USAF, NRL, LANL, PNL, SRI, and DOE and a rather aggressive argument broke out between NRL's representative who was doing the least-squares approach and a mathematician from PNL who said he didn't care what the underlying data was but that weighted linear least squares was the wrong way to do it. NRL took offense as they (he) had been doing it for 30 years and was the national expert on the matter. Our PNL dude ended up creating software to do “all possible combinations” which had been considered intractable but he had a special technique from a Russian mathematician to do it…I wish I still had that reference/software. What the PNL software did was produce a binary matrix and used an F-Test for a cutoff. So imagine you have a library of 4 elements and you get this matrix where 1 represents the presences of a library element in the fit. Rank ordered by residual value.

1 0 1 1
— what a least square solution will find
0 1 0 1
1 1 0 1
0 0 1 1
— last item in f-test cutoff
0 0 1 0
0 1 1 0
1 1 1 0
1 0 1 0
1 1 1 1
0 1 1 1
0 0 0 1
0 0 1 1
0 1 0 0
1 0 0 1
1 0 0 0

What we found was if the column was ALWAYS present in all good fits than it was in the sample — which in the sample above would be element#4. And it turned out to be true in every test we did. If the items drops in and out of the good solutions presence in the sample was questionable. One thing the PNL software did not do was try to estimate how much was in the sample as it could not be supported by statistics. Generally not enough good solutions to provide a valid standard deviation.


Re: Some locals say a bitcoin mining operation is ruining one of the Finger Lakes. Here's how. (NBC News, RISKS-32.78)

“David B. Horvath, CCP” <dhorvath@cobs.com>
Fri, 23 Jul 2021 20:18:49 -0400

On 10 Jul 2021 18:30:46 -0400, “John Levine” <<mailto:johnl@iecc.com>johnl@iecc.com> mentions:

> A bill to ban fossil fuel powered cryptocoin
mining has passed the NY Senate and is currently in front of the house.

Given that electric power (whether created through the use of fossil fuel or other means—renewable or not) is a fungible commodity, how does the State of New York actually plan on banning it? While they could ban a power plant dedicated to creating power for mining, the fossil plant could sell power to the grid while the mining operation buys power from another state off the grid. Or the power could be sold to the grid and the mining occur in another state. Yet another meaningless law that seems to do good but is really just the wizard hidden behind the curtains.

Just to be clear: I'm not complaining about the purpose of the bill, just the implementation or ability to cause a good outcome.


Re: RFI on scientific integrity (Baker, RISKS-32.77)

“David B. Horvath, CCP” <dhorvath@cobs.com>
Fri, 23 Jul 2021 20:19:53 -0400
> Innovation in science is a messy, chaotic business …

Thomas Kuhn's “The Structure of Scientific Revolutions” should be mandatory reading.

Please report problems with the web pages to the maintainer

x
Top