Intelligence agencies using “custom audiences” of uploaded ids to surveil targeted user activity
Twitter thread with a good explanation of this scary attack; essentially Chinese “advertisers” were uploading custom audiences containing a bunch of random ids and one actually-targeted user’s id, then pinpointing the user activity that way
(tags: custom-audiences targeting twitter china surveillance intelligence-agencies)
Justin Mason's Weblog Posts
-
‘my attempt to put use cases for clean hydrogen – whether it be green, blue, pink, turquoise or whatever – into some sort of merit order, because not all are equally likely to succeed. […] Clean hydrogen will have to win its way into the economy, use case by use case. It could do so on its merits, or it could do so because of supportive policy (including carbon prices). But it will have to do so in competition with every other clean technology that could solve the same problem. And that is where the dreams of the hydrogen economy hit reality: in almost all use cases there is a good reason why hydrogen is not currently used – because other solutions are cheaper, simpler, safer or more convenient.’ (via Chris Adams)
(tags: hydrogen renewables power future h2 green-hydrogen)
Event-Driven Architecture Patterns
Part 1 of a 2-part series from Natan Silnitsky in Wix Engineering. The patterns are: * Consume and project, for very popular services that become a bottleneck; * Event-driven from end to end, for easy business flow status updates; * In memory KV store, for 0-latency data access; * Schedule and Forget, when you need to make sure scheduled events are eventually processed; * Events in Transactions, when idempotency is hard to achieve; * Events Aggregation, when you want to know that a complete batch of events have been consumed. Quite Kafka-specific, but still useful for some general patterns.
(tags: architecture kafka design-patterns streaming events eda wix)
Mobile 3G / 4G / 5G coverage in Ireland – nPerf.com
crowdsourced data of mobile 3G/4G/5G network coverage across the country, with zoomable map of measurement points; great for figuring out options for rural internet access
(tags: country ireland rural internet network coverage 3g 4g 5g nperf crowdsourced maps via:itc)
29 best games on Xbox Game Pass (August 2022) – Polygon
jaysus, I’ve had Game Pass for ages and hadn’t noticed half of these!
How Discord Supercharges Network Disks for Extreme Low Latency
Similar to a trick we used to use at Swrve to do roughly the same thing with EBS on AWS
(tags: discord google disks performance optimization scylladb md raid ops)
-
Eric Topol on some recent research publications regarding Long Covid:
I’m going to briefly review here the new reports on (1) prevalence; (2) mechanisms and biomarkers; and (3) potential treatments […] Much new information for Long Covid was reported in a matter of days. It would be great to keep up this momentum, now that we are pushing onto 3 years of the pandemic. I have many colleagues who have been severely affected, and have seen multiple patients in my clinic in recent weeks who are debilitated. I wish I had something to offer them, but hopefully over time we’ll build on this recent spurt of knowledge. While we have no treatment or biomarker, the CDC relaxation of Covid guidelines is totally unhelpful— staying Covid cautious is the right move, and we desperately need better tools to block infections and transmission. There’s some hope that the first completed 4,000 participant nasal vaccine randomized trial could be the start of patching up the leak of vaccines against the Omicron subvariants (currently BA.5). Prof Iwasaki and I have called for an urgent Operation Nasal Vaccine initiative. There’s only one surefire way to prevent Long Covid: not to get Covid.
(tags: long-covid covid-19 treatments health medicine research)
-
I love this idea — repurpose ancient phones as a DC for energy efficiency:
It requires significant energy to manufacture and deploy computational devices. Traditional discussions of the energy-efficiency of compute measure operational energy, i.e. how many FLOPS in a 50MW datacenter. However, if we consider the true lifetime energy use of modern devices, the majority actually comes not from runtime use but from manufacture and deployment. In this paper, then, we suggest that perhaps the most climate-impactful action we can take is to extend the service lifetime of existing compute. We design two new metrics to measure how to balance continued service of older devices with the superlinear runtime improvements of newer machines. The first looks at carbon per raw compute, amortized across the operation and manufacture of devices. The second considers use of components beyond compute, such as batteries or radios in smartphone platforms. We use these metrics to redefine device service lifetime in terms of carbon efficiency. We then realize a real-world “junkyard datacenter” made up of Nexus 4 and Nexus 5 phones, which are nearly a decade past their official end-of-life dates. This new-old datacenter is able to nearly match and occasionally exceed modern cloud compute offerings.
(via the Environment Variables podcast)
durability – How can I extend the life of my SD card? – Raspberry Pi Stack Exchange
A few good suggestions here. Absolutely to nobody’s surprise, it turns out systemd quietly sets up swapping to /var/swap, so that’s a good one to turn off if your RPIs are not RAM-bound
(tags: sd-cards lifetime raspberry-pi hardware linux systemd)
[monitor] Reliable, Multi-User, Distributed Bluetooth Occupancy/Presence Detection
A HomeAssistant integration to enable automations based on room occupancy (“is X in the front room? turn on the lights” etc)
(tags: homeassistant bluetooth ble room-automation home-automation hacks)
How to travel from Dublin to London by ferry and rail
This is way more complicated than it should be, compared to the easy option of a quick flight :(
Glutamate build-up is associated with mental weariness
Thinking hard for several hours can leave us feeling mentally tired – and now we may know why. Prolonged concentration leads to the build-up of a compound called glutamate in regions at the front of the brain. This may provide an explanation as to why we avoid difficult tasks when mentally fatigued: the glutamate overload makes further mental work difficult. Too much glutamate is potentially harmful, says Antonius Wiehler at the Paris Brain Institute in France, who led the research. “The brain wants to avoid this, so it is trying to reduce activity.” Many of us have experienced mental weariness after a hard day of thinking, but until now, we didn’t know why. The brain doesn’t seem to run out of energy after working hard and even when we aren’t deliberately thinking about anything specific, some brain regions, called the “default mode network”, are as active as ever. To learn more, Wiehler and his team used a technique called magnetic resonance spectroscopy (MRS), which measures levels of various chemicals in living tissue harmlessly. They focused on a region towards the front and sides of the brain called the lateral prefrontal cortex […] Levels of eight different brain chemicals were measured, including glutamate, which is the main signalling chemical between neurons. After completing the memory tasks for 6 hours, those doing the harder version had raised levels of glutamate in their lateral prefrontal cortex compared with the start of the experiment. In those doing the easier task, levels stayed about the same. Across all participants, there was no rise in the other seven brain chemicals that were measured. Among the participants doing the harder tasks, their glutamate level rise tallied with dilation of the pupils in their eyes, another broad measure of fatigue. Those doing the simpler task reported feeling tired, but had no glutamate rise or pupil dilation.
(tags: glutamate neurochemistry brain weariness tiredness sleep thinking)
What the Science on Gender-Affirming Care for Transgender Kids Really Shows – Scientific American
Data from more than a dozen studies of more than 30,000 transgender and gender-diverse young people consistently show that access to gender-affirming care is associated with better mental health outcomes—and that lack of access to such care is associated with higher rates of suicidality, depression and self-harming behavior. (Gender diversity refers to the extent to which a person’s gendered behaviors, appearance and identities are culturally incongruent with the sex they were assigned at birth. Gender-diverse people can identify along the transgender spectrum, but not all do.) Major medical organizations, including the American Academy of Pediatrics (AAP), the American Academy of Child and Adolescent Psychiatry, the Endocrine Society, the American Medical Association, the American Psychological Association and the American Psychiatric Association, have published policy statements and guidelines on how to provide age-appropriate gender-affirming care. All of those medical societies find such care to be evidence-based and medically necessary.
(tags: trans gender science biology transgender)
OnlyFans Bribed Meta to Put Thousands of Adult Entertainers on Terrorist Watch List, Lawsuits Allege
This is a crazy story. The allegation is that OnlyFans used a secret Hong Kong subsidiary company to funnel bribes to crooked Meta employees in order to get competitors’ social media content blocked by the GIFCT blocklist, ‘a watch list managed by the Global Internet Forum to Counter Terrorism, a non-profit intended to “stop the spread of mass shooting videos and other terrorist content across social media sites” that was co-founded by Meta, Microsoft, Twitter and YouTube.’
(tags: porn onlyfans social-media blocklists blocking youtube meta terrorism gifct)
JRC Photovoltaic Geographical Information System (PVGIS)
official EU estimates for home solar PV output
-
“Scrape and Monitor Data from Any Website with No Code” — looks like an interesting approach to web scraping, with a free plan
(tags: scraping web monitoring http)
Uses for an old Android device
Interesting HN thread with a few suggestions — replacing the battery with a direct soldered PSU connection is interesting, if a little scary
(tags: android hacks devices phones mobile hardware recycling)
Experiments with Far Infrared Heating
Electrically-powered, wall-mounted heating panels which provide heat through direct emission of infrared radiation. Tuya-based, so compatible with Home Assistant and various other gadgets. Intriguing as a super-cheap way to exploit solar PV power and avoid fossil fuels
Key Takeaways from the DynamoDB Paper
Alex DeBrie’s commentary on the “10 years of DynamoDB” paper published recently by AWS. Together with Marc Brooker’s commentary (at https://brooker.co.za/blog/2022/07/12/dynamodb.html), this is a good review.
(tags: scalability scaling dynamodb aws storage services architecture)
Oncall Compensation for Software Engineers
A survey of the current state of SWE on-call activities and cultures across the industry. Pretty good, except the first part of this series is still unreadable as it’s subscriber-only, and I am irrationally peeved by the Irish companies tagged as “Global” whereas companies in other EU countries are named as such. Give us the credit when due :)
(tags: compensation oncall salaries on-call industry software-engineering work jobs working-culture)
-
But every bezzle ends. The Saudi royals – who provided much of the billions used to prop up the Uber bezzle in its first decades – cashed out with the company’s IPO. The company may lure in some new suckers and delay the exodus of current bag-holders with its current fantasy of infinite price-hikes and wage theft, but that’s a fantasy, too.
(tags: uber business technology scams hubert-horan tech)
Sero-Epidemiology of COVID-19 in Ireland
Good data on past COVID-19 infections in Ireland, derived from blood analysis at the Blood Transfusion Service; charts over time are broken down by age group, past vaccination status and infection status. As of this week, it seems 72.8% of the Irish population have had COVID so far….
(tags: covid-19 seropositivity blood ibts graphs open-data testing hpsc)
Researchers Discover What Attracts Mosquitoes to Humans
It’s the sebum!
The researcher found that mosquitoes that smelled a blend of decanal, which activates the human-specific glomerulus, and 1-hexanol, which activates the human-and-animals glomerulus, would fly upwind in search of the source. “Importantly, they also show that these components are behaviorally relevant to the mosquitoes—mosquitoes will track the binary blend of synthetic odorants in the same way that they respond to whole human odor,” notes Duvall. The decanal and undecanal are probably derived from sebum, an oily substance that—unlike sweat—is secreted from hair follicles regardless of physical activity. Finding a role for sebum in mosquito attraction is novel, Matthew DeGennaro, a researcher in vector-borne diseases at Florida International University who was not involved in the study, writes in an email. “Previously, most the of the focus has been on human sweat components such as lactic acid or on how the human skin microbiome processes sweat and sebum into our distinct odor.”
(tags: sebum sweat mosquitos decanal undecanal skin pests smell)
Climate endgame: risk of human extinction ‘dangerously underexplored’
William Gibson’s “Jackpot” would like a word:
A thorough risk assessment would consider how risks spread, interacted and amplified, but had not been attempted, the scientists said. “Yet this is how risk unfolds in the real world,” they said. “For example, a cyclone destroys electrical infrastructure, leaving a population vulnerable to an ensuing deadly heatwave.” The Covid pandemic underlined the need to examine rare but high-impact global risks, they added.
(tags: climate extinction climate-change future jackpot william-gibson grim-meathook-future)
Widely Mocked Anti-Piracy Ads Made People Pirate More, Study Finds
Another problem is what the study identifies as “the social proof lever.” […] Anti-piracy campaigns make piracy seem like the social norm. If everyone is doing it, the logic goes, it probably isn’t that bad. “Informing directly or indirectly individuals that many people pirate is counterproductive and encourages piracy by driving the targeted individuals to behave similarly,” the study said. “These messages provide to the would-be pirates the needed rationalization by emphasizing that ‘everyone is doing it.” The study had one last piece of advice for movie studios: stop airing anti-piracy ads in the theater. “These messages are frequently edited out by pirates before being redistributed through the internet, the study said. “Consequently, individuals who see the message are paying users […] displaying descriptive information about how widespread piracy is to paying users is ill-advised.”
(tags: piracy ads you-wouldnt-steal-a-car advertising fail social-norms)
Sectoral Budgets must align with legal requirements | An Taisce
An Taisce, the National Trust for Ireland, responds to the government’s new sectoral ceilings for carbon emissions:
“By agreeing to these sectoral ceilings the Government is potentially signing up to something which is not aligned with the Climate Act from the very get go. Where has the 2025 budget gone? Why does it only add up to 43% when the law itself requires 51%? It seems like they’re making it up as they go along, but this whole process has to be aligned to the legal requirements of the Climate Act, you can’t simply fudge it. This is a truly chaotic way to budget for the future”
Well said.(tags: an-taisce climate-change co2 ireland)
Can You Trust a Pro-Beef Professor? It’s Complicated
Profile of Frank Mitloehner, the Irish beef and dairy industry’s favourite scientist where climate change is concerned. An Taisce have noted: “Scientists from Johns Hopkins University took the highly unusual step of issuing a public rebuttal to Dr. Mitloenher’s mis-statements, particularly in noting that cutting total emissions is the only meaningful measure of climate action and that animal agriculture has an enormous environmental impact, therefore focusing on product efficiency as Mitloehner does is a misdirection.” — https://clf.jhsph.edu/sites/default/files/2019-04/frank-mitloehner-white-paper-letter.pdf
(tags: academia astroturfing frank-mitloehner research uc-davis jhu climate-change beef dairy cows farming emissions)
Taking The ZimaBoard For A Spin | LinuxServer.io
Good review for the ZimaBoard, a pretty hefty looking SBC microserver platform with a real x86_64 CPU
hg64: a 64-bit histogram data structure
Tony Finch has “written a proof-of-concept histogram data structure called hg64 […] It can load 1 million data items in about 5ms (5ns per item), and uses a few KiB of memory.” In C, looks nifty!
(tags: c c++ histograms storage data-structures via:fanf hg64)
Range Extenders for Nissan Leafs
Installing Muxsan power pack extension kits in Ireland, to add 11kWh, 22kWh and 33kWh extensions giving an additional range of +75km, +140km and +210km on top of the basic 24/30/40kWh Leaf battery packs. Very tempted!
The Oral History Of The Poop Emoji (Or, How Google Brought Poop To America)
“Darren: I thought it was a joke that they were pushing for the [poop emoji] to be in the first cut, but I quickly learned that it was not a joke at all. It’s basically like having all of the letters in the English alphabet, but getting rid of random ones. Like, “Let’s take out ‘B’ because ‘B’ kind of offends me.” In Japanese, emoji are more like characters than random animated emoticons, so we pushed back really hard. We said, “We can’t launch emoji without the poop.” Not only is it extremely popular in Japan—like extremely popular—you can’t just arbitrarily take letters out of the alphabet.”
DynamoDB’s metastable cache load workaround
Marc Brooker on the latest DynamoDB USENIX paper — good paper and commentary. He picks out this very interesting tidbit:
‘When a router received a request for a table it had not seen before, it downloaded the routing information for the entire table and cached it locally. Since the configuration information about partition replicas rarely changes, the cache hit rate was approximately 99.75 percent.’ What’s not to love about a 99.75% cache hit rate? The failure modes! ‘The downside is that caching introduces bimodal behavior. In the case of a cold start where request routers have empty caches, every DynamoDB request would result in a metadata lookup, and so the service had to scale to serve requests at the same rate as DynamoDB’ So this metadata table needs to scale from handling 0.25% of requests, to handling 100% of requests. A 400x potential increase in traffic! Designing and maintaining something that can handle rare 400x increases in traffic is super hard. To address this, the DynamoDB team introduced a distributed cache called MemDS. ‘A new partition map cache was deployed on each request router host to avoid the bi-modality of the original request router caches.’ Which leads to more background work, but less amplification in the failure cases. The constant traffic to the MemDS fleet increases the load on the metadata fleet compared to the conventional caches where the traffic to the backend is determined by cache hit ratio, but prevents cascading failures to other parts of the system when the caches become ineffective.
(tags: aws dynamodb metastability caching caches production failure outages load memds marc-brooker papers usenix)
-
Very impressed by Fairphone, the greener mobile option. Here’s more info on their open source commitments — “On every smartphone we produce and sell – we publish as much source code as we legally can. And we share all of this information publicly with our users and community on our Fairphone Code website.”
(tags: fairphone open-source phones mobile android)
-
Via Nelson; webapp to analyze CPAP machine data logs
(tags: cpap sleep-apnea health sleep medicine)
-
“argumentation theory” is an interesting idea in the age of weaponised memes:
The Covid-19 pandemic has offered some notable examples of how public communication may backfire, in spite of the best intentions of the actors involved, and what role poor argumentative design plays in such failures, in the context of the current digital media ecology. In this chapter, I offer some preliminary considerations on the ongoing struggle to make sense of the new communication technologies in our media reality, analyze a concrete example of argumentative failure in anti-Covid vaccine communication in the European Union, and leverage this case study to issue a call to arms to argumentation scholars: argumentative competence is sorely needed for an effective response to the pandemic, yet argumentation theory will need to join forces with other areas of expertise to realize its societal impact. When it comes to arguments, self-isolation is not a viable strategy to fight Covid-19.
(tags: memes social-media medicine public-health argumentation communication covid-19 society)
-
running a Raspberry Pi Zero off solar panels alone
(tags: solar-power raspberry-pi raspberry-pi-zero hacks hardware power)
-
tolower() using SWAR (SIMD within a register) techniques — nice hacks from Tony Finch
(tags: c optimization performance hacks tolower swar simd)
America Is in the ‘Figure It Out Yourself’ Era of the Pandemic – The Atlantic
In 2018, while reporting on pandemic preparedness in the Democratic Republic of Congo, I heard many people joking about the fictional 15th article of the country’s constitution: Débrouillez-vous, or “Figure it out yourself.” It was a droll and weary acknowledgment that the government won’t save you, and you must make do with the resources you’ve got. The United States is now firmly in the débrouillez-vous era of the COVID-19 pandemic.
… same here, unfortunately.(tags: atlantic covid-19 debrouillez-vous pandemics government public-health)
DALL-E mini has a mysterious obsession with women in saris
“What we might be seeing is a weird side effect of […] filtering or pre-processing, where images of Indian women, for example, are less likely to get filtered by the ban list, or the text describing the images is removed and they’re added to the dataset with no labels attached.” For instance, if the captions were in Hindi or another language, it’s possible that text might get muddled in processing the data, resulting in the image having no caption.
(tags: saris india dall-e-mini pictures images ai ml preprocessing training input)
The stages of COVID-19 infection
_The Importance of Understanding the Stages of COVID-19 In Treatment And Trials_, as covered regularly by Dr. Daniel Griffin on TWiV — COVID-19 infection can progress through several defined phases; “three periods: pre-exposure, incubation, and detectable viral replication; and five phases: the viral symptom phase, the early inflammatory phase, the secondary infection phase, the multi-system inflammatory phase, and the tail phase.”
(tags: covid-19 disease infection daniel-griffin papers twiv)
eXtreme Go Horse Methodology (XGH)
By talking about Agile Marketing, and Agile in general, with a foreign friend, I figured out that people outside Brazil are not familiar with the eXtreme Go Horse Methodology. Even though we’ve seen it applied to many companies (like Tesla), apparently this widely used global methodology was only formally detailed by Brazilian Devs.
Example XGH methodology: “In XGH you don’t think, you do the first thing that comes to your mind. There’s not a second option as the first one is faster.”(tags: satire agile programming coding xgh tesla methodologies process)
Is ‘Long Covid’ similar to ‘Long SARS’? | Oxford Open Immunology | Oxford Academic
‘Sufficient similarities exist between Long SARS and Long Covid (PASC) in symptoms, findings and course over time (so far) that one can predict that it is very highly likely that some Long Covid disability will persist permanently.’
Zuboff’s Cycle of Dispossession
‘The Cycle of Dispossession describes an anti-democratic pattern, which [Shoshana] Zuboff [in _The Age Of Surveillance Capitalism_, 2019] lays out as a four-stage process: incursion, habituation, adaptation, and redirection.’
(tags: capitalism tech dispossession shoshana-zuboff future democracy embrace-extend-extinguish)
-
ooh, kinda cool (though very geeky) — trigger NFC activity using a ring on your hand, including POS terminals, activating doors, and public transport
What causes Long Covid? Here are the three leading theories | Science | AAAS
Good state-of-the-art writeup on where science is with Long Covid at the moment.
Increasingly, researchers want to fine-tune how they classify people with Long Covid, differentiating subsets based on symptoms, biology, or both. In a way, “the biggest obstacle that we are facing is we gave it one name, we gave it the name of Long Covid, which implies that it is one disease,” says Chahinda Ghossein, a physician and heart disease researcher at Maastricht University and co-leader of a 15,000-patient Long Covid study in the Netherlands. “All the studies being performed show us that it is not.”
(tags: covid-19 long-covid health medicine disability)
-
A nice compact, readable, sortable unique ID string algorithm, eg. “01BX5ZZKBKACTAV9WEVGEMMVRZ” — 128 bits, 1.21e+24 unique ULIDs per millisecond, case insensitive, with a URL safe character set. Very nice. (via Nelson) There’s a java implementation here: https://github.com/huxi/sulky/tree/master/sulky-ulid
(tags: ulid uuid unique-ids java algorithms via:nelson unique ids)
-
a fascinating alternative numeric representation used during the European Middle Ages
(tags: cistercian numerals writing history middle-ages)
“Taking the Win over COVID-19”
Here’s why the US government have decided that “Covid is over” — a PR firm did some market research and decided that the public were bored of it:
Recognize that people are “worn out” and feeling real harm from the years- long restrictions and take their side. Most Americans have personally moved out of crisis mode. Twice as many voters are now more concerned about COVID’s effect on the economy (49%) than about someone in their family or someone they know becoming infected with the coronavirus (24%). […] Don’t set “COVID zero” as the victory condition. Americans also don’t think victory is COVID Zero. They think the virus is here to stay, and 83% say the pandemic will be over when it’s a mild illness like the flu rather than COVID being completely gone, and 55% prefer that COVID should be treated as an endemic disease. […] Americans also assume they will get COVID: 77% agree that “it is inevitable that most people in the US will eventually get COVID-19”, and 61% of Americans who have never tested positive think they are likely to be infected over the next year. […]
As jwz says — “In other words: facts don’t matter, only feelings matter, and what’s the point in saving lives if you’re just going to lose the midterms anyway?”(tags: america covid-19 us-politics pandemics diseases public-opinion market-research)
-
It’s not just a flu (in hamsters):
The host response to severe acute respiratory syndrome coronavirus 2 (SARS-CoV-2) infection can result in prolonged pathologies collectively referred to as post-acute sequalae of COVID-19 (PASC) or long COVID. To better understand the mechanism underlying long COVID biology, we compared the short- and long-term systemic responses in the golden hamster following either SARS-CoV-2 or influenza A virus (IAV) infection. Results demonstrated that SARS-CoV-2 exceeded IAV in its capacity to cause permanent injury to the lung and kidney and uniquely impacted the olfactory bulb (OB) and epithelium (OE). Despite a lack of detectable infectious virus, the OB and OE demonstrated myeloid and T cell activation, proinflammatory cytokine production, and an interferon response that correlated with behavioral changes extending a month post viral clearance. These sustained transcriptional changes could also be corroborated from tissue isolated from individuals who recovered from COVID-19. These data highlight a molecular mechanism for persistent COVID-19 symptomology and provide a small animal model to explore future therapeutics.
(tags: hamsters long-covid covid-19 papers pasc)
Massive podcast outage caused by Spotify’s failure to renew SSL
SSL cert expiration dates strike again:
“Megaphone experienced a platform outage due to an issue related to our SSL certificate. During the outage, clients were unable to access the Megaphone CMS and podcast listeners were unable to download podcast episodes from Megaphone-hosted publishers. Megaphone service has since been restored.”
(tags: ssl tls fail security ux certificates expiration spotify)
A quick rage-thread about credentials
Great Twitter thread from Colm MacCarthaigh about security credentials, keeping them safe, and why time-based key expiry sucks: “When security auditors just say things like “Critical credentials need to be rotated every 90 days” you need to fire them into the sun with urgency. Here’s what you actually need … First rule of credential management: Rotation does nothing. It’s revocation that matters. You always need a well-tested mechanism to make sure that you can remove or invalidate a credential that has been compromised. Second rule of credential management: Have closed loops. Deactivated credentials are a common source of outages. When introducing a new credential you see it everywhere it needs to be before using it. When you remove one, you need to see it gone from use before deactivating. Though you can’t make that last part impossible to over-ride, because you do need to be able to lock out an attacker. Which brings up the next rule … Third rule of credential management: logging and detective controls are key. You need to be able to see when and where a credential is being used. This is important for operational safety and security. How would you even detect a stolen credential without this? Fourth rule of credential management: be INCREDIBLY wary of time-based expiry. Use only when there is no other option (e.g. public SSL certificates). There’s really no way to win with time-based expiry. If your expiry time is something like a year, you don’t get much security. Are you ok with an attacker using that cred for a year? So you still need revocation. If your expiry time is very short, like hours, are you *always* going to beat that renewal deadline? got good clocks? Super short ephemeral credentials can be done, we do it at AWS, but it takes a *lot* of resources and diligence that most organizations don’t have. Even we prefer to use real closed loops where we can. Fifth rule about credentials: Store credentials only where they are needed. This seems obvious but is rarely done. In particular it’s common to see “treasure trove” secret-distribution control-planes that know all of the credentials. Distribution planes for secrets could use one or more of end-to-end, multi-party, or threshold encryption, so that those systems themselves don’t know the secrets. We do this in places, but it’s not a common pattern in industry that I’ve seen. Sixth rule of credentials: if there is no reason to suspect credential disclosure or mis-use, leave it alone. Replacing credentials usually exposes them to more systems, at least temporarily. How do you know that’s not more risky? Seventh rule of credentials: asymmetric cryptography when you can, if not then choose between either memory-hard compute-hard hashing or derived-key symmetric auth depending on what fits your use-case. Avoid storing valuable secrets server side. Eight rule of credentials: keep credentials inside one-way enclaves like TPMs, TEEs, HSMs, when you can. Best line of defense is to keep credentials inaccessible. Ninth rule of credentials: If you can’t write down a common password comparison side-channel from memory, do not implement your own authentication. Yes this is gatekeeping. Sorry, but no. Tenth rule of credentials: Check for all-zeroes creds, and repeated values. You can do this with hashing, you don’t need to record the secrets. Coding errors, failures of entropy systems, and erasure mistakes are common enough to make this check worth doing. I’ll stop there for now, maybe add more later. These are just some of the points I go through in reviews. Would love to hear from others about their own lessons and learnings. CYA-culture shallow audits drive my crazy, I hate to see customers trapped by them.”
(tags: security credentials authentication tls expiry ssl expiration keys key-rotation key-revocation colmmacc)
How fast are Linux pipes anyway?
Very enjoyable Linux hyper-optimization through splice and huge pages
(tags: kernel linux performance pipes vmsplice splice optimization syscalls unix)
Vectorized and performance-portable Quicksort
This is a super-cool building block from Google Open Source: “We’ve created the first vectorized Quicksort: – Sorts arrays of numbers ~10x as fast as C++ std:sort – Outperforms state-of-the-art specific algorithms – Is portable across all modern CPU architectures We are interested to see what new applications and capabilities will be unlocked by being able to sort at 1 GB/s on a single CPU core.” Part of their Highway library of vectorized code, https://github.com/google/highway , “a C++ library that provides portable SIMD/vector intrinsics.” Low-level, hyperoptimized libs like this will be very important to ameliorate climate change impact of datacenter usage, so it’s a great idea.
(tags: algorithms sorting quicksort vectorization simd avx512 avx2)
Two million people in UK living with long Covid
Prof Danny Altmann, an immunologist and expert on long Covid at Imperial College London, described the latest figures as alarming:
“They put to rest any vestige of hope that long Covid would somehow be just a thing of the early waves, would diminish in times of vaccination or ‘milder’ variants, or would just trail off. We’ve now created a far larger cohort of the chronically unwell and disabled than we previously had, say, within the entire national burden of rheumatoid arthritis, its healthcare costs, associated loss to quality of life and to the workplace. This couldn’t be further from ‘living with Covid’. It does necessitate some policy discussions, nationally and internationally.”
Sadly, I think the same applies here in Ireland too.(tags: epidemic health medicine covid-19 sars-cov-2 long-covid disability)
Intrahost evolution and forward transmission of a novel SARS-CoV-2 Omicron BA.1 subvariant
This is an incredible pre-print — “We describe a persistent SARS-CoV-2 Omicron BA.1 infection in an immuno-compromised individual during a 12-week period, and document the accumulation of eight additional amino acid substitutions in the already antigenically-distinct Omicron BA.1 spike protein.” A SARS-CoV-2 variant evolving in a single person in real time!
Persistent SARS-CoV-2 infections have been reported in immune-compromised individuals and people undergoing immune-modulatory treatments. It has been speculated that the emergence of antigenically diverse SARS-CoV-2 variants such as the Omicron variant may be the result of intra-host viral evolution driven by suboptimal immune responses, which must be followed by forward transmission. However, while intrahost evolution has been documented, to our knowledge no direct evidence of subsequent forward transmission is available to date. Here we describe the emergence of an Omicron BA.1 sub-lineage with 8 additional amino acid substitutions within the spike (E96D, L167T, R346T, L455W, K458M, A484V, H681R, A688V) in an immune-compromised host along with evidence of 5 forward transmission cases. Our findings show that the Omicron BA.1 lineage can further diverge from its exceptionally mutated genome during prolonged SARS-CoV-2 infection; highlighting an urgent need to employ therapeutic strategies to limit duration of infection and spread in vulnerable patients.
(tags: variants sars-cov-2 covid-19 evolution papers preprints immunocompromise viruses omicron)
Docker build cache sharing on multi-hosts with BuildKit and buildx
decent speed improvements by sharing a layer cache between hosts
(tags: docker building compilation ci tweaks containers)
-
‘We have demonstrated that SARS-CoV-2 wastewater monitoring data from a single large WWTP in Dublin reflected case data in the greater Dublin area. Moreover, the surveillance of VOCs in this WWTP reflected the results of clinical sample sequencing and also preceded, further demonstrating the potential utility of this approach to SARS-CoV-2 surveillance.’
(tags: dublin ireland diseases monitoring sars-cov-2 covid-19 water poop sewage)
The Greatest Unsolved Heist in Irish History – Atlas Obscura
‘Scandal, conspiracy, and cover-ups in the theft of the “Irish Crown Jewels” from Dublin Castle’ — a fantastic historical whodunnit, even featuring a Shackleton
(tags: heists thefts ireland crown-jewels whodunnit scandals)
Vaccines provide poor protection against Long Covid
Well, this is some worrying news: based on this study of 13 million people in Nature Medicine, COVID-19 vaccines only reduce Long Covid risk by 15%, with the largest risk reduction in blood clots and pulmonary sequelae, but less protection of other organ systems. Also, post-vaccination, immunocompromised people have a higher risk of Long Covid than others. As the author says: “Now that we know that vaccines are not sufficient as a sole line of defense, we need to urgently develop and deploy additional layers of protection to reduce risk of Long Covid. These may include vaccines specifically designed to reduce risk of Long Covid, and therapeutics that could be taken in the acute phase to reduce risk. Paxlovid and other antivirals must be urgently tested in trials for Long Covid.” (via Akiko Iwasaki)
(tags: long-covid covid-19 vaccines risks disease paxlovid papers)
Interferon autoantibodies implicated in COVID-19 risk
New PNAS paper, discussed in this week’s TWiV episode — _The risk of COVID-19 death is much greater and age dependent with type I IFN autoantibodies_:
There is growing evidence that pre-existing autoantibodies neutralizing type I interferons (IFNs) are strong determinants of life-threatening COVID-19 pneumonia. It is important to estimate their quantitative impact on COVID-19 mortality upon SARS-CoV-2 infection, by age and sex, as both the prevalence of these autoantibodies and the risk of COVID-19 death increase with age and are higher in men. Using an unvaccinated sample of 1,261 deceased patients and 34,159 individuals from the general population, we found that autoantibodies against type I IFNs strongly increased the SARS-CoV-2 infection fatality rate at all ages, in both men and women. Autoantibodies against type I IFNs are strong and common predictors of life-threatening COVID-19. Testing for these autoantibodies should be considered in the general population.
I would have thought that type I interferons are a fairly critical part of the immune system, and the idea that people are happily walking about with autoantibodies to them is pretty crazy, but that seems to be the implication here.(tags: autoantibodies interferon health medicine disease covid-19 papers ifns interferons sars-cov-2)
Predatory community and affinity fraud in crypto
Groups that operate under the guise of inclusion, regardless of their intentions, are serving the greater goal of crypto that keeps the whole thing afloat: finding ever more fools to buy in so that the early investors can take their profits. And it is those latecomers who are left holding the bag in the end. With projects that seek to provide services and opportunities to members of marginalized groups who have previously not had access, but on bad terms that ultimately disadvantaged them, we see predatory inclusion. With projects that seek to create new communities of marginalized people to draw them in to risky speculative markets rife with scams and fraud, we are now seeing predatory community.
(tags: blockchain capitalism fraud community crypto web3 communities diversity greater-fool-theory bitcoin)
Dublin Airport Security Wait Times
brilliant single-page website, scraping the “current wait time for security queues” data from Dublin Airport’s own official site, and logging historical data in a graph.
(tags: security-queues queueing dublin-airport travel airports dublin ireland holidays)
Smallpox used to be less virulent
TIL: smallpox “is thought to have been a mild disease before the 17th century, and gradually evolved to become more lethal, before being eradicated by vaccines in 1980”. This is a refutation of the common preconception that viruses “naturally” evolve to become less virulent (via Tom Wenseleers – https://twitter.com/TWenseleers/status/1527695140265000960)
(tags: smallpox virulence evolution history diseases vaccines)
-
‘4% of [N=113] COVID19 patients shed viral RNA in their faeces 7 months after diagnosis and that the presence of faecal viral RNA is associated with gastrointestinal symptoms’
(tags: covid-19 sars-cov-2 poop gastrointestinal health)