The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 31 Issue 84

Wednesday 20 May 2020


Piper and Garmin Certify Autoland on Halo M600SLS
Julie Boatman
The ultimate Turing test
Henry Baker
The FBI Just Unlocked an iPhone Without Apple's Help
Fairfax schools' switch to Google didn't stop harassment
Florida scientist fired for refusing to ‘manipulate’ COVID-19 data
USA Today
Being offline is the new luxury
Matthew Kruk
AI gets the attention, but biotechnology is poised to change the world
Humans are complicated; do we need behavioral science to get through this
Ars Technica
Wall Street traders fight over milliseconds in mmWave transmission battle
Light Reading
China's New Outbreak Shows Signs the Virus Could Be Changing
Bloomberg Law
Why the coronavirus hits kids and adults so differently
The Atlantic
The Chaos of Asynchronous Grief
Quarantine and a monitoring bracelet for Hong Kong returnees
How the ‘Plandemic’ Movie and Its Falsehoods Spread Widely Online
Covidiots: R_nought's are naughty not nice
Henry Baker
Re: Stimulus check delays when accounts were overdrawn!
John Levine
Re: Coronavirus New York Shock: Two-Thirds Of Recent Patients Infected While Staying At Home
David Lesher
Re: Meaningless “review” of Imperial COVID codebase
Chiaki Ishikawa Henry Baker William Brodie-Tyrrell Henry Baker
Info on RISKS (comp.risks)

Piper and Garmin Certify Autoland on Halo M600SLS (Julie Boatman)

Gabe Goldberg <>
Tue, 19 May 2020 20:29:51 -0400

Julie Boatman, 18 May 2020 The final FAA blessing came following a last round of test flights.

The Piper M600SLS is the first certification platform for Autoland, with other airplanes to follow.

Piper Aircraft and Garmin International announced on Monday, May 18, 2020, the final FAA certification on the Halo-equipped Piper M600SLS, which uses Garmin's Autoland feature to land the airplane without human intervention in the event of a pilot-incapacitating emergency. The last push to finish flight tests on the innovative system consisted of validation and coordination with air traffic control, among other scenario-based events. Piper conducted the final series of tests in M600 in Vero Beach, Florida, and Garden City, Kansas, concluded on May 5.

Garmin's Autoland system forms the basis for the Piper's version of the automated system, which also incorporates several recent updates to the aircraft, including an autothrottle, and rounding out the Autonomí suite of safety protocols, including emergency descent management (EDM), and electronic stability and protection (ESP).

Unique among those systems, however, Autoland takes the airplane all the way to the conclusion of landing on a runway. How it does this combines an intricate ballet of GPS-based situational awareness on the part of the Garmin G3000 flight deck, voice and data communication with air traffic control, and mechanical functions normally operated by the pilot but automated within the airplane once the system is activated.

Autoland features a unique passenger-centric interface to communicate what the system is doing at all times.

Autoland, as executed in the Halo system, can only be initiated by an occupant of the airplane—typically a passenger—so its interface was designed to be transparent and straightforward to non-pilots. Once the passenger presses the activation button (a guarded installation on the instrument panel), the system calculates through a wide range of performance, operational, and weather data and criteria to conclude the nearest safe airport at which to land the airplane. Autoland communicates with ATC over standard frequencies so that not only are controllers alerted but also other pilots flying in the area. The autothrottle is used to control speed, and manage engine performance and power, allowing the M600 to climb, descend, or stay at a given altitude as appropriate as Autoland guides the airplane to the chosen airport.

The full report on Autoland was published in the January/February 2020 issue of Flying. Garmin expects certification of the system on board the Cirrus Vision Jet and the Daher TBM 940 to follow.

The ultimate Turing test

Henry Baker <>
Wed, 20 May 2020 08:03:57 -0700

I'm aware of a company that made their first ‘virtual hire’ due to COVID-19: this person was interviewed, hired, and started working from home without ever being met in person!

With Zoom virtual backgrounds, real-time facial animations, etc., someone is certain to use these capabilities to become a fake virtual employee at a major company—perhaps more than one virtual employee simultaneously!

While I was an undergraduate at MIT in the 1960's, I heard about a gentleman who couldn't afford all 4 years of tuition & boarding, so he signed up for a double load of courses, and managed to get through MIT in only 2 years by skipping lectures and only taking the exams.

In this new ‘gig’ economy, someone could sign up for 2,3,4 ‘virtual’ jobs, and with suitable scheduling of Zoom conferences, survive for months or years before anyone ever found out.

An even better hack will be to use an ‘AI’ to become a virtual employee and get away with it for a non-trivial amount of time.

The FBI Just Unlocked an iPhone Without Apple's Help (Lifewire)

Gabe Goldberg <>
Tue, 19 May 2020 14:32:10 -0400

What does the FBI's success mean for your iPhone?

Fairfax schools' switch to Google didn't stop harassment (WashPost)

Gabe Goldberg <>
Sun, 17 May 2020 17:29:23 -0400

The incident is only the latest snarl in Fairfax’s troubled rollout of online learning, which began in mid-April when the sprawling Northern Virginia system tried to launch a learning platform called Blackboard. That effort dissolved into chaos after students and teachers suffered technical troubles, privacy issues and harassment.

A second failed attempt a week later led to the resignation of the school system's longtime information technology chief and to the announcement that Fairfax was moving away from Blackboard. Instead, officials switched at warp speed to Google’s online learning platform. […]

“Basically kids have zero issue getting content from the open Internet into and back out,” said Tim Schaad, a Fairfax parent and cybersecurity specialist who raised the alarm about G Suite to Fairfax’s top brass in late 2017. “Kids are running circles around administrators.” […]

Over the years, Schaad reached out to local officials, to state lawmakers, to news outlets, trying to keep attention on the issue. But no one acted. “It was crickets,” he said.

Though the pandemic has gotten schools’ attention, he remains convinced Fairfax is ignoring the risks and best practices of technology implementation he follows every day in his profession. It is an “ironclad rule of IT,” he said. “When you give people tech, they will do whatever they can with it.”

Florida scientist fired for refusing to ‘manipulate’ COVID-19 data (USA Today)

Lauren Weinstein <>
Tue, 19 May 2020 11:47:27 -0700

Apparently she coded and maintained Florida's COVID-19 info site, but when she refused to manipulate data dishonestly, she was fired.

Being offline is the new luxury

“Matthew Kruk” <>
Mon, 18 May 2020 16:53:37 -0600

AI gets the attention, but biotechnology is poised to change the world (Axios)

geoff goodfellow <>
Sat, 16 May 2020 13:38:31 -1000

Why it matters: This bio revolution could lead to a world that is more sustainable and even extend human lifespans. But its full extent is dependent on social acceptance—and carries serious risks as well.

What's happening: The scientific reaction to COVID-19 illustrates the rapid change in the biological sciences, says Michael Chui, a partner at McKinsey Global Institute (MGI). “For SARS-CoV-2, it took a matter of weeks between identifying the new disease and sequencing it, compared to months for the original SARS virus.”

But the response to COVID-19 only scratches the surface of what the bio revolution may make possible. […]

Humans are complicated; do we need behavioral science to get through this (Ars Technica)

geoff goodfellow <>
Sat, 16 May 2020 13:36:30 -1000

Some scientists think social science isn't ready for the COVID-19 crisis

In mid-March, just before President Trump declared COVID-19 a national emergency <>, Stanford psychology professor Robb Willer posted a call to arms <> on Twitter, asking for suggestions on how the social and behavioral sciences could help to address the pandemic. “What ideas might we have to recommend? What research could we do?” he asked. “All ideas, half-baked or otherwise, are welcome!”

Given the importance of our social interactions to the spread of the pandemic, behavioral sciences should have a lot to tell us. So Willer got a large response, and the result was a huge team effort coordinated by Willer and New York University social psychology professor Jay van Bavel <>. The goal: to sum up all the best and most relevant research from psychology, sociology, public health, and other social sciences. Published in the journal Nature Human Behaviour <> last week—a lightning-fast turnaround for academia—the resulting paper highlights research that addresses behavioral questions that have come up in the pandemic, from understanding cultural differences to minimizing scientific misinformation.

Different sections, each written by researchers with expertise in that particular field, summarize research on topics from social inequality to science communication and fake news. Responding to the crisis requires people to change their behavior, the paper's authors argue, so we need to draw on behavioral research to “help align human behavior with the recommendations of epidemiologists and public health experts.”

But while Willer, van Bavel, and their colleagues were putting together their paper, another team of researchers put together their own, entirely opposite, call to arms: a plea, in the face of an avalanche of behavioral science research on COVID-19, for psychology researchers to have some humility. This paper—currently published online in draft format <> and seeding <> avid <> debates <> on social media <>—argues that much of psychological research is nowhere near the point of being ready to help in a crisis. Instead, it sketches out an evidence readiness framework to help people determine when the field will be. […]

Wall Street traders fight over milliseconds in mmWave transmission battle (Light Reading)

geoff goodfellow <>
Sat, 16 May 2020 13:40:28 -1000

The U.S. Securities and Exchange Commission (SEC) is expected to decide later this month whether the New York Stock Exchange's (NYSE) plans to offer a new, high-speed wireless connection is anti-competitive.

The situation highlights the financial value of high-speed, low-latency connections, as well as how seemingly minor technological details—such as the difference between a wired connection and a wireless one, or the distance between a data center and a cell tower—can have significant implications.

At issue is the new 160-foot-tall E-Band millimeter wave (mmWave) cell tower that NYSE's parent company, Intercontinental Exchange Inc. (ICE), built at its data center in Mahwah, New Jersey, where NYSE's electronic trades are executed.

ICE, through its data services division, provides the wireless connectivity between third-party data centers and the Mahwah, NJ, data center. Its new tower transmits in the E-Band, a slice of mmWave spectrum that sits between 71GHz and 86GHz and is ideal for carrying ultra-high capacity traffic a very short distance (typically just one or two miles). Such connections can be even faster than wired, optical networks because sending signals through the air can be faster than sending signals through glass.

An anticompetitive connection? […]

China's New Outbreak Shows Signs the Virus Could Be Changing (Bloomberg Law)

geoff goodfellow <>
Wed, 20 May 2020 12:29:50 -1000

Patients in new cluster take longer to show symptoms, recover. Uncertainty over virus mutation is hindering control efforts.

Chinese doctors are seeing the coronavirus manifest differently among patients in its new cluster of cases in the northeast region compared to the original outbreak in Wuhan, suggesting that the pathogen may be changing in unknown ways and complicating efforts to stamp it out.

Patients found in the northern provinces of Jilin and Heilongjiang appear to carry the virus for a longer period of time and take longer to test negative, Qiu Haibo, one of China's top critical care doctors, told state television on Tuesday.

Patients in the northeast also appear to be taking longer than the one to two weeks observed in Wuhan to develop symptoms after infection, and this delayed onset is making it harder for authorities to catch cases before they spread, said Qiu, who is now in the northern region treating patients. […]

Why the coronavirus hits kids and adults so differently (The Atlantic)

geoff goodfellow <>
Sat, 16 May 2020 13:35:30 -1000

COVID-19 is much less severe in children, and it could have to do with a child's still-developing immune system

Only after New York City passed its current coronavirus peak did pediatricians notice a striking, new pattern: Dozens of kids who had been exposed to COVID-19 were coming in sick, but they weren't coughing. They didn't have severe respiratory distress. Instead, they had sky-high inflammation and some combination of fever, rashes on their hands and feet, diarrhea, vomiting, and very low blood pressure. When ICU doctors around the world gathered for a weekly online COVID-19 call on May 2, doctors elsewhere began sharing similar observations. “The tenor of the meeting completely changed,” says Steven Kernie <>, the chief of critical-care medicine at New York—Presbyterian Morgan Stanley Children's Hospital, who was on the call.

Until then, the news about children and COVID-19, the disease caused by the novel coronavirus, had been largely good: Kids can get seriously sick, but they rarely do. They can spread the disease, but they do it less than adults. Study after study—in China <>, Iceland <>, Australia < NSW Schools COVID_Summary_FINAL public_26 April 2020.pdf> , Italy <>, and the Netherlands <>—has found that children get less sick and are less contagious.

But a very small number of children seem to have a delayed reaction to the novel coronavirus —one that takes many weeks to manifest. What pediatricians first saw in Europe and New York is now named “pediatric multi-system inflammatory syndrome” (PMIS) or, per the Centers for Disease Control and Prevention <>, “multisystem inflammatory syndrome in children.” Since the New York City Health Department issued an alert on May 4 <> , 82 such cases <> have been confirmed in the city. Most patients have recovered or are recovering, but one child has died. Across the country, doctors are finding similar cases. PMIS does seem to be a phenomenon unique to kids <>.

But the virus is the same, whether it infects adult or child. The question is, why does COVID-19 affect them so differently? Both striking patterns in kids—the fact that most do not get very sick but a small number still end up with a delayed inflammation syndrome—may be rooted in a child's still-developing immune system. And although COVID-19 is a new disease, these patterns are seen with other viruses too. […]

The Chaos of Asynchronous Grief (Allegra)

geoff goodfellow <>
Sat, 16 May 2020 13:37:30 -1000

Spoiler: I hate to say it, but Americans have only begun the five stages of grief, and we aren't all going through it in the same way and at the same time. This can be problematic for cooperation—something we need if we are going to get through a global pandemic.

For the first time in our lived memory, the entire planet has experienced the same horror and the same fear at the same time in a broad and deep way. Yes, many of us have been concerned about climate change, but the immediacy of COVID-19, and its threat of sudden death, shocked us into compliance with our local health departments and authorities. At the start of the worldwide infection, most of the globe was on the same page for how to stay safe. All over the world, we were scared, and we stayed home as much as we could. This mostly worked in the United States—until recently, when it suddenly didn't, and some people hit the streets to protest, claiming a burning need for, of all things, haircuts.

This action came on the tail of US politicians and the powerfully wealthy seemingly more concerned about ‘The Economy’ than human lives, <> publicly urging us to risk infection for the good of commerce, rather than staying home as advised. That didn't play well for those of us who were scared and staying home, and many of us were outraged by this declaration. However, for some people, it sparked something, enough so that the people who liked these new ideas began to organise.

This organising seemed manufactured, and in many ways it began that way. The websites that posted information about how or where to protest the “lockdowns” were coordinated efforts <>, with many of the domains registered to the same person. The protest turnouts were eerily similar, and seemed to be occurring in key political states in which voters of either party could be harmed by an increase of COVID-19 cases (pretty much all states, really), or states where the President is against a Governor (nearly all Democratic ones). But it may not just be about the President's preferences. Some have rightly argued that structural racism has played a huge part in who gets COVID-19 <>. Proportionally, the virus is taking a higher toll in lower income, disadvantaged communities, and racism may be part of where the impetus for some to protest comes from: the idea from those protesting the lockdown that the spread of the virus could result in the eradication of certain minority members of society, who are on their lists to remove.

The protests mimic the audience participation portion of Trump's campaign rallies. Just as the President misses his podium, the crowds miss being there as well. Trump's rallies offered his supporters camaraderie, and the chance to yell and join together against common enemies.

In psychological parlance, a Narcissist like Trump needs both an Apath (an enabler) and an Empath (a victim). Apaths are dangerous because their actions normalise “the toxic individual and their harmful behaviours towards others <>.” The rallies have provided a place for these dangerous Apath enablers to get support and strokes for pleasing the Narcissist, whilst being able to vent, scapegoat and blame his (their) victims, who do not conform to the Narcissist's whims. With sporting events shut, many people lack the constructive ways to express themselves and their feelings that games and playoffs can provide, and with Trump's campaign rallies currently suspended, his supporters also lack the public space they usually have to get that emotional charge—as well as to scapegoat, blame, and bully others. Trump's Apaths are simultaneously suppressed and powder kegs about to blow. They need a regular outlet, so they've created one: protesting against the lockdown offers them a way to let off steam, please their leader, and get those emotional strokes they rely on from him, and from banding together.

However, what people are protesting seems odd. They are protesting change, and this is realised by them protesting having to stay home. Cloaked in the label of Freedom, these gun-toting, flag-waving folk are crowding together in public <>. Some of these protestors are likely COVID-19 positive but asymptomatic, creating disease vectors, which at best could further imprison them at home or in a ICU hospital ward, and at worst, kill them and their loved ones. That aspect doesn't seem to matter as they chant displeasure towards the rational common sense enacted by health departments and state governments, as well as a dislike for the rest of us who choose to stay home, potentially denying the protestors sources for the goods and services that they desire and imagine will be accessible to them when things open. It doesn't make sense, as acts of passion rarely do, to those not directly involved.

Perhaps these protests aren't about freedom at all, but are leveraging the concept to validate other, more irrational actions. The protestors aren't for everyone else's freedom, for they don't seem to want some subset of the population (hairdressers to name one group <>) to be at home, either, which would be an expression of another's freedom to choose. No, these protests are about something else underneath their chants.

I argue that this new faction of protestors taking action arises from people being at various stages in a grief cycle, combined with different imagined realities of outcomes for the future. Throughout the 20th century, scholars and psychologists have developed models for understanding and processing the complex human emotions that arise as we are able to extend the human life span. As we live longer, we live with illnesses that can last decades. As a result, we have had to come to terms with slower processes of dying. COVID-19 has created conditions where we are all Schrödinger's Cat: sequestered in our homes, unsure if we are ill or not ill, and lacking ways to get reliable confirmation one way or another. <ödinger's_cat>

This produces feelings. Lots of them. One of the more well known volumes on the subject of grieving is Kübler-Ross' 1969 book, On Death and Dying <übler-Ross_model>. In it, Kübler-Ross outlines the stages of a grief and/or bereavement as a process and offers a psychological tool for humans to understand and accept terminal illness and death. […]

Quarantine and a monitoring bracelet for Hong Kong returnees (Fox5NY)

geoff goodfellow <>
Wed, 20 May 2020 12:28:50 -1000

It sits on your wrist, just as a wristwatch would. And in a moment when the world fears infections more than almost anything, it knows exactly where you are.

Since late March, residents returning to Hong Kong have been required to undergo a two-week quarantine at home, in a hotel or at a government facility as part of stepped-up efforts to curb the spread of the coronavirus.

To ensure people don't flout quarantine, the semi-autonomous Chinese city issued mandatory wristbands to all arrivals, to be worn for the entirety of the two-week period.

Those required to go through the two-week quarantine are unable to leave their homes and must rely on food or grocery delivery for meals. Government officers also conduct random checks on their homes to make sure they have not broken quarantine. […]

How the ‘Plandemic’ Movie and Its Falsehoods Spread Widely Online (NYTimes)

Monty Solomon <>
Wed, 20 May 2020 12:01:51 -0400

Conspiracy theories about the pandemic have gained more traction than mainstream online events. Here’s how.

Virus Conspiracists Elevate a New Champion

If Someone Shares the ‘Plandemic’ Video, How Should You Respond?

Coronavirus, ‘Plandemic’ and the seven traits of conspiratorial thinking

Covidiots: R_nought's are naughty not nice

Henry Baker <>
Wed, 20 May 2020 12:27:24 -0700

I'm surprised that the century-old Ross/Kermack-McKendrick “R0” differential equation models are still being (ab)used, even though they are fatally flawed in our 21st Century when we know a lot more about “fat-tailed” — i.e., large or infinite variance—distributions.

I think the paper below does a pretty good job of destroying the nonsense about “R0” being superspread by the covidiot talking heads appearing on cable TV.

Before wasting additional trillions of dollars on bad policy choices, perhaps we need to retire the R_nought models in favor of models with the tiniest bit more fidelity to real life, and the covidiot talking heads need to quietly disappear with their fat tails between their legs.

Transmission T-024: Cristopher Moore on the heavy tail of outbreaks April 27, 2020

R-naught is just an average: the transmission rate varies widely, and outbreaks can be surprisingly large even when the epidemic is subcritical.

Much of the coverage of COVID-19 talks about R0, the average number of people each sick person infects. If R0 is bigger than 1, cases grow exponentially, and an epidemic spreads across the population. But if we can keep R0 below 1, we can limit the disease to isolated outbreaks and keep it under control.

But R0 is only an average. Your ability to practice social distancing depends on whether you are a first responder or healthcare worker, whether you have to work in close quarters, or whether you can work comfortably from home. (I'm one of the lucky few getting paid to work from my garden.) It depends on how seriously you take your government's warnings and how seriously your government takes the warnings of public health experts. And it depends on the structure of your family and your home.

As a result, R0 varies wildly, not just from region to region, but across social space, as well. In New Mexico, Santa Fe has very few new cases, but there has been an explosion of cases in rural areas due to lack of running water, multi-generational homes, and other factors. As of April 26, 47 percent of our confirmed cases are in Native American communities, even though Native Americans make up only 11 percent of New Mexico's population. Clearly R0 is larger in some parts of the state and of society than others.

Even if R0 < 1, outbreaks can be surprisingly large. Suppose you meet 10 people while you are contagious, and you infect each one with a probability of 8 percent. The average number of people you infect is 10�—0.08 = 0.8, less than 1. But those you infect may infect others in turn, and so on. If an outbreak starts with you, how many “descendants” will you have? A classic calculation shows that, if R0= 0.8, then the average number of people in this chain reaction is 1/(1 - 0.8) = 1/0.2 = 5. But, like R0 itself, this is only an average. Like earthquakes and forest fires, outbreaks have a “heavy tail” where large events are common.

Here is a visualization of 100 random outbreaks. The average size is indeed 5, and most outbreaks are small. But about 1 percent of those outbreaks have size 50 or more, ten times the average, and in this simulation the largest of these 100 outbreaks has size 82. This tail gets heavier if R0 is just below the phase transition at R0 = 1. If R0=0.9, the average outbreak size is 10, but 1 percent have size 140 or more.

Figure 1. A hundred random outbreaks in a scenario where each sick person interacts with 10 others, and infects each one with probability 8 percent. Here R0 = 0.8 and the average outbreak size is five, but 1 percent of the outbreaks have size 50 or larger, and in this run the largest has size 82.

This tail has real effects. Imagine 100 small towns, each with a hospital that can handle 10 cases. If every town has the average number of cases, they can all ride out the storm. But there's a good chance that one of them will have 50 or 100, creating a “hot spot” beyond their ability to respond.

The tail of large events gets even heavier if we add superspreading. We often talk of “superspreaders” as individuals with higher viral loads, or who by choice or necessity interact with many others. But it's more accurate to talk about superspreading events and situations—like the Biogen meeting, the chorus rehearsal, or the pork processing plant, as well as prisons and nursing homes—where the virus may have infected many of those present.

Suppose that 20 percent of cases generate one new case, 10 percent generate 2, 4 percent generate 5, and 1 percent “superspread” and generate 20 (and the remaining 65 percent infect no one). The average number of new cases is again R0= 0.8. Let's generate 100 random outbreaks with this new scenario.

Figure 2. A hundred random outbreaks in a scenario with superspreading, where 1 percent of the cases infect 20 others. As in Figure 1, we have R0 = 0.8 and the average outbreak size is 5, but now the heavy tail of outbreaks is much heavier. In this run the largest outbreak has size 663.

The average outbreak size is still 5, but now the tail is much heavier. If just one of the 100 original cases is involved in superspreading, we get a large outbreak. If there are several generations of superspreading, the size multiplies. As a result, large outbreaks are quite common, and the largest one in this simulation has 663 people in it.

What does all this mean? First, it can be misleading to look at statewide or national averages and celebrate if R0 seems to be falling below 1. The epidemic could still be raging in particular places or among particular groups.

Second, even if R0 is below 1, we need to prepare for hot spots. Even if the average outbreak is small, large outbreaks will occur due to superspreading or simply by chance. If we do a fantastic job at testing and contact tracing — using both technology and human effort—we will get this pandemic under control, but for the foreseeable future there will be times and places where it flares up and strains local resources. And through those flare-ups, we have to do our best to help each other, and hope that intelligent, generous voices prevail.

Cristopher Moore, Santa Fe Institute


Laurent Hébert-Dufresne, Benjamin M. Althouse, Samuel V. Scarpino, and Antoine Allard, “Beyond R0: Heterogeneity in secondary infections and probabilistic epidemic forecasting.”

J. O. Lloyd-Smith, S. J. Schreiber, P. E. Kopp, and W. M. Getz, “Superspreading and the effect of individual variation on disease emergence.” Nature 438 (2005) 355“359.

T-024 (Moore) PDF

Read “Coronavirus Doesn't Care About Your Data Points” in Bloomberg (May 11, 2020).

Re: Stimulus check delays when accounts were overdrawn! (RISKS-31.83)

“John Levine” <>
17 May 2020 15:18:05 -0400

This article misses the key point that for the most part the entire US tax preparation industry is predatory and unnecessary.

For people with simple tax returns, which likely includes everyone described in that article, the IRS (the tax authority) already has enough information to prepare their returns. The IRS could send you a tentative return, you say it's OK or make corrections, and send it back and you're done. I gather this is common in other countries. (There aren't a lot of new privacy issues here, since this is the same info they already have to check that the return you file is correct.)

The commercial tax prep industry knows this and has been fighting for decades to keep it from happening. Since it's hard to make a persuasive argument for why people should pay private tax prep for a service the government can do better for free, there has been a great deal of smoke and mirrors and “compromises.” The current compromise is that eight of the commercial tax preparers have a free online version you can use if your income is below a threshold ($69K for most of them) and otherwise simple, and if you know about it and you can find this link on the IRS web site:

In a scandal last year, one of the prep companies had a different “free” site which charged for most returns, and coded their web pages to hide the real free site from search engines. In fact only about 3% of the US taxpayers eligible to use free file do so.

The people described in the article also all sound like they'd have been eligible to use free file and get 100% of their refund and their Corona payment directly into their own accounts, had they known about it. If the tax prep companies were honest they'd tell people you don't need to pay us, you can get our service for free online, but fat chance.

Beyond that are the issues of all the ways the tax prep companies prey on their customers so they don't get the money they should, but the article described that pretty well.

Re: Coronavirus New York Shock: Two-Thirds Of Recent Patients Infected While Staying At Home (Elinsky, RISKS-31.83)

David <>
Sun, 17 May 2020 02:27:00 -0400

Besides the very real fire issue, you also some have residents smoking, cooking lutefisk, etc. And sound transmission between units.

But more important to the builder, those required large ducts will be non-revenue space, the last thing any developer wants. Far smaller pipes will carry equal KW's of heating/cooling.

Re: Meaningless “review” of Imperial COVID codebase (RISKS-31.83)

“ISHIKAWA,chiaki” <>
Sun, 17 May 2020 06:57:45 +0900

> Meaningless “review” of Imperial COVID codebase (Wordpress)

Although I generally agree with that assessment, there ARE problems with Imperial code.

- The lack of reproducibility: Even with a simulation program, reproducibility using the same series of pseudo-random numbers is very important for verification/debugging. Imperial code does not seem to have it. I think the lack of reproducibility on the same hardware seems to be caused by the following bug.

- Memory access errors: I notice a few git patches mentioned in and/or articles that can be reached from it, that there are uninitialized memory accesses, and possibly out of bound memory accesses. Very bad. Anything goes with the code before the fixes when the outcome of the program was used to estimate the # of infections and possibly deaths in UK.

I feel it would be interesting to see current release of Imperial code run under valgrind/memcheck memory access checker. I suspect MS programmers realized these issues right away when they had access to the about-to-be-released Imperial code using some internal tool.

I think the lack of reproducibility using the same series of pseudo random numbers on the SAME HARDWARE poses great doubt on the correctness of the Imperial code. There may be genuine logic error(s) or random errors caused by incorrect memory access. GIGO.

If the above issues are fixed, ONLY THEN we can begin to evaluate Imperial code in terms of evaluation metrics in the expert field, in this case epidemiology.

My credential: Trained as a physics student who used to write lousy code from the viewpoint enterprise software developer. Now I have been working as software developer for quite some time. So I can tell I WROTE CORRECT BUT LOUSY CODE when I was grad student.:-)

Anecdotal evidence about scientist's writing CORRECT BUT LOUSY code from the viewpoint of software developers.

Stephen Wolfram of Mathematica fame, was a physicist by education. He received Ph.D. from Caltech in 1979. He was interested in cellular automata for a while in the 1980/1990's to study bifurcation caused by some such automata when their behavior is plotted on computer screen (as in LIFE game), and wrote a code that simulates such automata behavior. I can't recall the name of the exact program, but his program source file was included in Sun Microsystems User Group software tape (not floppy, not CD, but magnetic tape back then.) I was already a software developer after quitting my grad study when I noticed Wolfram's name in the list of the programs (he had already been known for a symbolic manipulation system, a precursor of Mathematica of a sort), I looked at the code. I was horrified. It was a C code, but the indentation was horrible. And there WERE compiler warnings when I tried to compile it. I wonder where Wolfram learned C programming. It was written as if the code was, hmm, Fortran. No indentation. All source code lines started on the first column. No type safety. Pointers were stored in integers and vice versa (it was OK on a byte-addressable 32 bit computers. But my experience with Data General Eclipse 32-bit computer with word-addressable operation mode, the mixing of pointers and integers was a no no.). BUT important point here is that his program WAS a CORRECT program on Sun hardware that simulates cellular automata that behaves according to some parameters based on user input and not only that, it plots the behavior of cells on then Sun workstation's black and white screen using sunview toolkit. The horrible indentation could be simply improved by running the source code through |indent| program, and after throwing some type casts to shut up compiler warnings, it was easy to verify that the code did what it was advertised to do correctly. My point here is that the LOUSY looking code Wolfram wrote was CORRECT.

I don't think we can say that for Imperial code before the heavy bug fixes visible at github. I would say there had been a GIGO situation.

Another anecdotal evidence about the rigor necessary for software used in academic work.

When supernova 1987A generated a flurry of neutrinos that reached the solar system, some of them were observed by Japanese underground neutrino detector, called Kamiokande. The research crew never saw such clusters of neutrinos, but learning of 1987A was observed in the southern hemisphere (not visible from Japan), they figured that the neutrinos may be from the supernovae traveling through the earth from the southern sky. The research facility's program never meant to detect something from the invisible southern sky. So the researchers including graduate students decided to create a quick program to see if the direction of the incidental neutrinos match that of 1987A. It did. They wrote a paper about the observation quickly and it was sent out by airmail. (It was before the Internet.) After the envelope was handed over to the counter at the post office near the main gate of the U. of Tokyo, someone at the Koshiba lab which manages Kamiokande realized there was an incorrect sign (+/-) used in a formula to calculation of the direction. I think someone forgot that they needed now to look DOWN toward the southern hemisphere instead of looking UP at the northern hemisphere sky. The recalculation using the corrected formula was done, and luckily the conclusion was the same. However, Prof. Koshiba (later Nobel laureate) rushed to the post office and demanded to see the office chief to retrieve the envelope already in the possession of the post office and replaced the paper with a corrected formula. The rest is history. I think in today's culture, the initial paper reaches the office of Physical Review and quickly be replaced with a revised version, etc. The retrieving of envelope at the post office is a bit embarrassing story both for Prof. Koshiba AND the post office chief of that time, but Prof. Koshiba talked about this in public, which was later published, I think it is OK for me to quote it.

I am afraid that the authors of Imperial code lacked the rigor to verify the original code operation and correctness of it using whatever correctness criteria they may have in mind. I sense this lack of rigor based on the failure to achieve reproducibility (as I suspect may be due to the incorrect memory access.). When there is no reproducibility, how can one expect to be confident of the “correctness” of simulation?

OTOH, I commend that the code albeit with dubious history (it may not reflect the original code at all) is made available to the public. This makes scientific scrutiny possible after all.

Re: Meaningless “review” of Imperial COVID codebase (RISKS-31.83)

Henry Baker <>
Sun, 17 May 2020 10:07:40 -0700

Following Fermat, there isn't enough space in this margin to fully address the problems in Covid models, but I will list some major issues:

  1. Differential equation models—e.g., Ross/Kermack-McKendrick—the original “R0”/“R_nought” models. Problem: there may be no reasonable single estimate of R0, as the variance in R0 may be exceedingly large — e.g., “super-spreaders” who infect 50-100 people. Fractals and fat tails and fragility, oh my! Oops!
  2. Monte Carlo models. By definition, epidemics depend upon positive feedback loops which produce exponential behavior. Such exponential behavior guarantees that the system is ill-conditioned, hence minuscule differences in inputs—e.g., noise or round-off errors—produce dramatic and/or overwhelming differences in results: garbage-in, garbage-out.

E.g., suppose that you use your Monte Carlo method to compute N independent samples of a random variable X in order to estimate mean(X). Then var(avg(X_i)) = var(X)/N. But what if var(X) is extremely large and/or infinite? Then N has to also be exceedingly large and/or infinite, else no convergence, hence garbage answer! Oops!

Once again, policies having trillion-dollar effects should require substantially better and more perspicuous models than the Imperial Covid-Sim model.

Re: NOTSP Re: Meaningless “review” of Imperial COVID codebase (Baker, RISKS-31.84)

William Brodie-Tyrrell <>
Mon, 18 May 2020 09:16:04 +0930

Again, this criticism is all true but entirely misses the point and purpose of these models. Their purpose is not to say “this will be the exact outcome”—which is impossible because critical and sensitive inputs are not measurable accurately - but to predict the relative impact and effectiveness of public policy controls.

If the model predicts 1M fatalities with no action and 10k fatalities with specific controls in place, that is the desired outcome: it provides some evidence that the control should be enacted. Absolutely no one cares - except people who try to look smart by “reviewing” code and models outside of their domain - that the true answer was either 700k or 2M fatalities without the control in-place.

Controls and environmental factors and human behaviours are constantly-changing during an epidemic and no epidemiologist pretends that their model is precisely predicting outcomes, so yay for setting fire to yet another strawman I guess?

Re: Meaningless “review” of Imperial COVID codebase (RISKS-31.84)

Henry Baker <>
Sun, 17 May 2020 21:31:53 -0700

What about garbage out can't you comprehend?

Please Google “ill-conditioned” and see me in the morning.

You keep presuming that these models output useful information because they happen to produce graphs that are sometimes reminiscent of actual data.

I have some cheese mold that happens to look like a picture of Jesus. So what?

A “model” can't predict anything when it outputs zero significant bits.

Such an ill-conditioned model can't even get the order of magnitude of the exponent right.

Please report problems with the web pages to the maintainer