RISKS Forum mailing list archives
Risks Digest 31.65
From: RISKS List Owner <risko () csl sri com>
Date: Thu, 9 Apr 2020 15:19:49 PDT
RISKS-LIST: Risks-Forum Digest Thursday 9 April 2020 Volume 31 : Issue 65 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/31.65> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Problems With Zoom Are Mounting (TechCrunch) Thousands of Zoom video calls left exposed on open Web (WashPost) A Surge It Didn't Expect Has Zoom Rushing Fixes (NYTimes) Zoom Meetings Do Not Support End-to-End Encryption (The Intercept) Boeing 787s must power cycle every 51 days (The Register) Can *Solid* Save The Internet? (Hackaday) Turning Back the Clock on Aging Cells (NYTimes) Online Credit Card Skimmers Are Thriving During the Pandemic (WiReD) Marriott data breach, Millions of records spilled (CNBC) Can artificial intelligence fight elderly loneliness? (bbc.com) Autonomous weapons, AI and Facial Recognition, Pandemic priorities (Diego Latella) Cloudflare launches mass censorship product (Lauren Weinstein) Domain Name Registration Data at the Crossroads (Interisle) Content Delivery Networks and clouds join MANRS Internet security effort (ZDNet) A first-world 2020 issue... (geoff goodfellow) David Reed comment on models (via Dave Farber) Reminder on Planning for the Future (PGN) Measurement units risk in those Open Source ventilators? (Tony Harminc) Russia's Planned Coronavirus App is a State-Run Security Nightmare (Gizmodo) How to Refuel a Nuclear Power Plant During a Pandemic (WiReD) NJ's 40-year-old system increases delays for unemployment checks amid coronavirus crisis (Philip L. Lehman) Touch-screens in rental and other shared vehicles for COVID-19 (PGN) U.S. government & tech industry discussing ways to use smartphone (WashPost) Broadband engineers threatened due to 5G coronavirus conspiracies (The Guardian) An unprecedented wave of personal data could be heading to federal agencies (FedScoop) Re: Risks of Leap Years, and depending on WWVB (Bob Wilson) Re: What happens when Google loses your address? (Steve Golson, Dan Jacobson) Re: MIT Will Post Free Plans Online for an Emergency Ventilator That Can Be Built for $100 (Amos Shapir) Re: Mathematics of life and death (Amos Shapir) Re: A computer virus expert looks at CoVID-19 (Dan Jacobson) Masking the CoVID-19 problem (via PGN) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 1 Apr 2020 16:19:43 -0400 From: Charles Dunlop <cemdunlop () gmail com> Subject: Problems With Zoom Are Mounting (TechCrunch) Both Windows and Macs are affected: https://techcrunch.com/2020/04/01/zoom-doom/ ------------------------------ Date: Fri, 3 Apr 2020 10:22:59 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Thousands of Zoom video calls left exposed on open Web (WashPost) Many of the videos include personally identifiable information and deeply intimate conversations, recorded in people's homes. https://www.washingtonpost.com/technology/2020/04/03/thousands-zoom-video-calls-left-exposed-open-web/ ------------------------------ Date: Thu, 9 Apr 2020 10:09:29 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: A Surge It Didn't Expect Has Zoom Rushing Fixes (NYTimes) Natasha Singer, Nicole Perlroth and Aaron Krolik *The New York Times* business section front page today A Council of Chief Info Officers from other companies is helping! [Windows patches 9 Apr, Macs 10 Apr. PGN] ------------------------------ Date: Wed, 1 Apr 2020 12:52:47 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Zoom Meetings Do Not Support End-to-End Encryption (The Intercept) ``When we use the phrase `End to End' in our other literature, it is in reference to the connection being encrypted from Zoom end point to Zoom end point,'' the Zoom spokesperson wrote, apparently referring to Zoom servers as ``end points'' even though they sit between Zoom clients. ``The content is not decrypted as it transfers across the Zoom cloud'' through the networking between these machines. Matthew Green, a cryptographer and computer science professor at Johns Hopkins University, points out that group video conferencing is difficult to encrypt end to end. That's because the service provider needs to detect who is talking to act like a switchboard, which allows it to only send a high-resolution videostream from the person who is talking at the moment, or who a user selects to the rest of the group, and to send low-resolution videostreams of other participants. This type of optimization is much easier if the service provider can see everything because it's unencrypted. https://theintercept.com/2020/03/31/zoom-meeting-encryption/ ------------------------------ Date: Thu, 2 Apr 2020 9:44:15 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Boeing 787s must power cycle every 51 days (The Register) [Noted by Tom Van Vleck. I thought RISKS has noted this before, but I did not find it. PGN] Boeing 787s must be turned off and on every 51 days to prevent 'misleading data' being shown to pilots *The Register* https://www.theregister.co.uk/2020/04/02/boeing_787_power_cycle_51_days_stale_data/ ------------------------------ Date: Sun, 5 Apr 2020 09:37:19 -1000 From: the keyboard of geoff goodfellow <geoff () iconia com> Subject: Can *Solid* Save The Internet? (Hackaday) EXCERPT: We ran an *article on Solid this week* <https://hackaday.com/2020/03/30/solid-promises-a-new-approach-to-how-the-web-works/>, a project that aims to do nothing less than change the privacy and security aspects of the Internet as we use it today. Sir Tim Berners-Lee, the guy who invented the World Wide Web as a side project at work, is behind it, and it's got a lot to recommend it. I certainly hope they succeed. The basic idea is that instead of handing your photos, your content, and your thoughts over to social media and other sharing platforms, you'd store your own personal data in a Personal Online Data (POD) container, and grant revocable access to these companies to access your data on your behalf. It's like it's your own website contents, but with an API for sharing parts of it elsewhere. This is a clever legal hack, because today you give over rights to your data so that Facebook and Co. can display them in your name. This gives them all the bargaining power, and locks you into their service. If instead, you simply gave Facebook a revocable access token, the power dynamic shifts. Today you can migrate your data and delete your Facebook account, but that's a major hassle that few undertake. Mike and I were discussing this on *this week's podcast* <https://hackaday.com/2020/04/03/hackaday-podcast-061-runaway-soldering-irons-open-source-ventilators-3d-printed-solder-stencils-and-radar-motion/>, and we were thinking about the privacy aspects of PODs. In particular, whatever firm you use to socially share your stuff will still be able to snoop you out, map your behavior, and target you with ads and other content, because they see it while it's in transit. But I failed to put two and two together. The real power of a common API for sharing your content/data is that it will make it that much easier to switch from one sharing platform to another. This means that you could easily migrate to a system that respects your privacy. If we're lucky, we'll see competition in this space. At the same time, storing and hosting the data would be portable as well, hopefully promoting the best practices in the providers. Real competition in where your data lives and how it's served may well save the Internet. (Or at least we can dream.) [...] https://hackaday.com/2020/04/04/can-solid-save-the-internet/ ------------------------------ Date: Sun, 5 Apr 2020 09:38:36 -1000 From: the keyboard of geoff goodfellow <geoff () iconia com> Subject: Turning Back the Clock on Aging Cells (NYTimes) *Researchers report that they can rejuvenate human cells by reprogramming them to a youthful state.* EXCERPT: Researchers at Stanford University report that they can rejuvenate human cells by reprogramming them back to a youthful state. They hope that the technique will help in the treatment of diseases, such as osteoarthritis and muscle wasting, that are caused by the aging of tissue cells. A major cause of aging is thought to be the errors that accumulate in the epigenome, the system of proteins that packages the DNA and controls access to its genes. The Stanford team, led by Tapash Jay Sarkar, Dr. Thomas A. Rando and Vittorio Sebastiano, say their method, designed to reverse these errors and walk back the cells to their youthful state, does indeed restore the cells' vigor and eliminate signs of aging. In their report, published on Tuesday in Nature Communications, they described their technique as ``a significant step toward the goal of reversing cellular aging'' and could produce therapies ``for aging and aging-related diseases.'' Leonard P. Guarente, an expert on aging at M.I.T., said the method was ``one of the most promising areas of aging research'', but that it would take a long time to develop drugs based on RNA, the required chemical. The Stanford approach utilizes powerful agents known as Yamanaka factors, which reprogram a cell's epigenome to its time zero, or embryonic state. Embryonic cells, derived from the fertilized egg, can develop into any of the specialized cell types of the body. Their fate, whether to become a skin or eye or liver cell, is determined by chemical groups, or marks, that are tagged on to their epigenome. In each type of cell, these marks make accessible only the genes that the cell type needs, while locking down all other genes in the DNAs. The pattern of marks thus establishes each cell's identity. As the cell ages, it accumulates errors in the marking system, which degrade the cell's efficiency at switching on and off the genes needed for its operations. In 2006 Dr. Shinya Yamanaka, a stem-cell researcher at Kyoto University, amazed biologists by showing that a cell's fate could be reversed with a set of four transcription factors -- agents that activate genes -- that he had identified. A cell dosed with the Yamanaka factors erases the marks on the epigenome, so the cell loses its identity and reverts to the embryonic state. Erroneous marks gathered during aging are also lost in the process, restoring the cell to its state of youth. Dr. Yamanaka shared the 2012 Nobel Prize in medicine for the work. But the Yamanaka factors are no simple panacea. Applied to whole mice, the factors made cells lose their functions and primed them for rapid growth, usually cancerous; the mice all died. In 2016, Juan Carlos Izpisua Belmonte, of the Salk Institute for Biological Studies in San Diego, found that the two effects of the Yamanaka factors -- erasing cell identity and reversing aging -- could be separated, with a lower dose securing just age reversal. But he achieved this by genetically engineering mice, a technique not usable in people. In their paper on Tuesday, the Stanford team described a feasible way to deliver Yamanaka factors to cells taken from patients, by dosing cells kept in cultures with small amounts of the factors. If dosed for a short enough time, the team reported, the cells retained their identity but returned to a youthful state, as judged by several measures of cell vigor. [...] https://www.nytimes.com/2020/03/24/science/aging-dna-epigenetics-cells.html ------------------------------ Date: Tue, 31 Mar 2020 19:03:58 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Online Credit Card Skimmers Are Thriving During the Pandemic (WiReD) Unfortunately, there's not much you can do to protect yourself. A site infected with a skimmer looks and acts no different from one that's not. Researchers suggest sticking to big retailers that have a good track record of maintaining site security. Organizations without the resources for dedicated IT teams are more likely to miss the software updates and routine maintenance that keep sites secure over time. This is especially worth considering during the current pandemic, as small retailers and other groups rush to transition more of their business online. When possible, use crowdsourcing platforms like GoFundMe or third-party payment processors like Paypal to handle transactions rather than filling out payment forms directly from small organizations. And for older sites that are getting more use now, Segura suggests checking the copyright tag that's often floating around at the bottom of the page. "Check as best you can whether a site has been maintained or not," he says. "If the copyright notice is from 2017 it could mean that somebody hasn't looked at the template in awhile. You can't eliminate the risk completely, but you can reduce it." https://www.wired.com/story/magecart-credit-card-skimmers-coronavirus-pandemic/ ------------------------------ Date: Wed, 1 Apr 2020 5:50:57 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Marriott data breach, Millions of records spilled (CNBC) https://www.cnbc.com/2020/03/31/what-to-do-if-you-were-affected-by-the-latest-marriott-data-breach.html ------------------------------ Date: Wed, 1 Apr 2020 09:37:33 +0800 From: Richard Stein <rmstein () ieee org> Subject: Can artificial intelligence fight elderly loneliness? (bbc.com) https://www.bbc.com/worklife/article/20200325-can-voice-technologies-using-ai-fight-elderly-loneliness "In the current climate, in which billions of pensioners around the world are in social isolation due to the risk of spreading coronavirus, Astell believes smart speakers could prove to be an increasingly useful tool." A skilled conversationalist, welcome in your home. Easy to trust and known to supply free information (weather, traffic, top headlines, music, etc.) and tells jokes when asked. Risk: Psychological manipulation of isolated or emotionally vulnerable individuals via digital truth default. ------------------------------ Date: Wed, 01 Apr 2020 11:28:56 +0200 From: "Diego.Latella" <diego.latella () isti cnr it> Subject: Autonomous weapons, AI and Facial Recognition, Pandemic priorities A few links of interest 1) Interview by Lucas Perry with Paul Scharre: AI Alignment Podcast: On Lethal Autonomous Weapons with Paul Scharre https://futureoflife.org/2020/03/16/on-lethal-autonomous-weapons-with-paul-scharre/?cn-reloaded=1 2) AI and Facial Recognition: Challenges and Opportunities https://edps.europa.eu/press-publications/press-news/blog/ai-and-facial-recognition-challenges-and-opportunities_en 3) It is useful to circulate this message from ACA https://www.armscontrol.org/act/2020-04/focus/pandemic-reveals-misplaced-priorities ------------------------------ Date: Wed, 1 Apr 2020 10:15:45 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Cloudflare launches mass censorship product [Not an April Fools' Joke] (From Network Neutrality Squad) Cloudflare, long the home of many right-wing hate and other disreputable sites, has announced that their DNS product now includes "Family" flavors with malware and "adult" blocking. Reports are already coming in of LGBTQ and other sex education resources being blocked by these versions of their DNS servers. It was bad enough news when Mozilla switched Firefox users by default to Cloudflare DNS servers. But the irony of a firm that continues to happily host hate speech also running a vast censorship service is beyond disgusting. And yes, Cloudflare confirms that this is not a joke. ------------------------------ Date: Wed, 1 Apr 2020 15:07:49 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Domain Name Registration Data at the Crossroads (Interisle) http://www.interisle.net/domainregistrationdata.html "Overall, there is a failure to provide the domain name registration data access, predictability, and reliability that ICANN exists to deliver, and registrars are obligated to provide. For the past 15 years ICANN has tried, and failed, to deliver domain name data policies that balance legitimate needs, applicable legal obligations, and ICANN's Commitments and Core Values. The findings of this study clearly illustrate the extent to which the current regime is broken. ICANN and its community stand at a crossroads: can they develop and implement policies that meet the vital needs of the Internet?" ------------------------------ Date: Sat, 4 Apr 2020 00:33:47 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Content Delivery Networks and clouds join MANRS Internet security effort (ZDNet) With the Internet being hammered as never before, CDNs and cloud are joining with the Internet Society to help secure vital Internet routing. https://www.zdnet.com/article/content-delivery-networks-and-clouds-join-manrs-internet-security-effort/ ------------------------------ Date: Tue, 31 Mar 2020 09:53:25 -1000 From: geoff goodfellow <geoff () iconia com> Subject: A first-world 2020 issue... "2020. I cannot change the temperature in my house because the my thermostat provider is having a global outage." https://twitter.com/andyetc/status/1243647392517414912 ------------------------------ Date: Sat, 4 Apr 2020 18:19:34 +0900 From: Dave Farber <farber () gmail com> Subject: David Reed comment on models I agree with David and have said the same to my colleagues "The ability to make such forecasts accurately is not there. These forecasts are like hurricane path forecasts, except the data for this is far worse, and the inherent variability of results are much bigger. Most of them being made, if not all of them, don't use Monte Carlo methods, which run many simulations with randomized inputs to calculate the variability of results. Hurricane path forecasts do. So all of the stuff to te right of the peak is inherently wildly uncertain. But it "looks" to a layman like the right hand side of the graph sort of gets more predictable! That's because Monte Carlo models weren't used! Because the uncertainty is bigger than that. One clue: there is clearly an assumption that immunity is created long term. But how long term is the immunity? We have NO data that discusses immunology long term, and some for short term. But there are other issues: premature reduction of social distancing may happen, because the causality is not indicated at all. If everyone sighs with relief after "turning the corner" and just starts hugging all their friends, disease will spread and the curve will stretch out or go up. If "immune" people go out and hug everybody because they feel invulnerable, they WILL spread it much faster, and they may feel no responsibility at all, if they have a certificate of immunity, many will fight any restraints in their "freedom". This latter will be justified by this VERY graph! Printing this permanently on a chart , and not showing how it changes with every new learning, that's what may kill us. Sticking to a plan is dangerous. Businesses that "stay on plan" by pretending new data doesn't exist and adjusting their accounting to meet The Street eventually die, suddenly. Like Enron. Or more importantly, the "perfectly hedged" financial system in 2007. As they realized that risks were not independent gaussians, but dependent non-gaussian" ------------------------------ Date: Sat, 4 Apr 2020 16:56:30 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Reminder on Planning for the Future The maintenance contract for the Federal stockpile expired a while back. It should not be surprising that many of the procured ventilators don't work. PGN https://www.nytimes.com/2020/04/01/us/politics/coronavirus-ventilators.html ------------------------------ Date: Wed, 8 Apr 2020 15:52:30 -0400 From: Tony Harminc <tony () harminc net> Subject: Measurement units risk in those Open Source ventilators? I've been following a couple of these projects, and while I completely support the idea, I am dismayed by the muddle of units being used for various mockups and prototypes and in discussions. Notably, for gas (air/oxygen) pressure I have seen all of mm of water, inches of water, the same but using "H2O" instead of "water", mm of Hg, kPa, 1000s of kPa (!), bar, millibar, and PSI. Nowhere have I seen Absolute or Gauge mentioned. For volume and flow there have been L, ml, and cc, each per second, per minute, and per hour. Doubtless there are more. Clinical -- and to a lesser extent, research -- medicine has been highly resistant to full SI compliance for many years, and I don't want to restart that argument; perhaps there are good reasons to keep using units like mm Hg for blood pressure that are based closely on actual measurement. And it may be that by good luck none of the plausible real-life ranges for the above units actually overlap. But given that customary medical units vary from country to country (notably blood glucose, measured in mmol/l or mg/dl, which scales *do* overlap at the extremes), and that the target users for these ventilators are in many countries likely to be minimally trained "barefoot doctors" rather than specialist clinicians, surely some consistency is called for. Maybe most important - input and display of these values needs to always have a unit label attached. Air and space craft have failed because of unit mixups; let's hope we don't have very ill patients being over or under ventilated because of someone's assumptions. ------------------------------ Date: Wed, 1 Apr 2020 14:18:01 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Russia's Planned Coronavirus App is a State-Run Security Nightmare (Gizmodo) https://gizmodo.com/russias-planned-coronavirus-app-is-a-state-run-security-1842617429 ------------------------------ Date: Sat, 4 Apr 2020 16:18:38 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: How to Refuel a Nuclear Power Plant During a Pandemic (WiReD) https://www.wired.com/story/how-to-refuel-a-nuclear-power-plant-during-a-pandemic/ ------------------------------ Date: April 5, 2020 9:25:14 JST From: "Philip L. Lehman" <Philip.Lehman () cs cmu edu> Subject: NJ's 40-year-old system increases delays for unemployment checks amid coronavirus crisis [via David Farber] It turns out New Jersey needs COBOL programmers! https://amp.northjersey.com/amp/2944985001 NJ's 40-year-old system increases delays for unemployment checks amid coronavirus crisis New Jersey officials vowed Saturday to speed up the processing of unemployment claims despite relying on a 40-year-old computer system that has been overwhelmed by the record number of requests due to the coronavirus crisis. Labor Commissioner Robert Asaro-Angelo said a plan to increase phone lines, train additional staff to handle claims and provide laptops to workers at home will help ease the crushing amount of claims being sought amid the economic meltdown brought upon by the virus. "There is nothing I want more than to put your hard-earned benefits into your family budget sooner," he said at Gov. Phil Murphy's daily coronavirus briefing. Recently jobless New Jerseyans have experienced heavy lag times or issues while trying to collect unemployment insurance, partly due to a "clunky" 1980s computer system that the Department of Labor still depends upon to process claims and issue checks. "We literally have a system that is forty-plus years old," Murphy said. "There will be lots of postmortems and one of them on our list will be: how did we get here when we literally need COBOL programmers," Murphy said of the outdated computer language. [...] ------------------------------ Date: Wed, 1 Apr 2020 14:44:41 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Touch-screens in rental and other shared vehicles for COVID-19 Think of all the places you have to touch to drive a car. Apparently high-end Mercedes are eliminating touchscreens. Controls for shifting, hand brakes, steering, touch pads, lights, windshield-wipers, just about everything else. Do we need voice-only controls that have to be trained before renting a car? Stay home. ------------------------------ Date: Tue, 17 Mar 2020 15:06:29 -0400 From: Jan Wolitzky <jan.wolitzky () gmail com> Subject: U.S. government & tech industry discussing ways to use smartphone (WashPost) https://www.washingtonpost.com/technology/2020/03/17/white-house-location-data-coronavirus/ [Duane Thompson: Apparently they are already doing this in Colorado:] https://www.coloradocitizenpress.com/colorado-is-tracking-your-location-using-metadata-from-your-cell/ ] Also: To Track Coronavirus, Israel Moves to Tap Secret Trove of Cellphone Data https://www.nytimes.com/2020/03/16/world/middleeast/israel-coronavirus-cellphone-tracking.html ------------------------------ Date: Sat, 4 Apr 2020 01:19:09 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Broadband engineers threatened due to 5G coronavirus conspiracies (The Guardian) EE suspects telephone mast engulfed by fire in Birmingham was an arson attack as celebrities claim Covid-19 caused by new network https://www.theguardian.com/technology/2020/apr/03/broadband-engineers-threatened-due-to-5g-coronavirus-conspiracies ------------------------------ Date: Sat, 4 Apr 2020 11:31:40 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: An unprecedented wave of personal data could be heading to federal agencies (FedScoop) https://www.fedscoop.com/coronavirus-federal-data-collection-privacy/ ------------------------------ Date: Wed, 1 Apr 2020 12:00:52 -0500 From: Bob Wilson <wilson () math wisc edu> Subject: Re: Risks of Leap Years, and depending on WWVB (Seaman, RISKS-31.64) There is a nice detective story, /The Wyndham Case/, by Jill Paton Walsh, where a major component of the story has to do with both the change in when the year officially starts and the "loss" of days when the calendar was changed. Their relevance gradually appears as the story progresses. It includes the comment that anyone doing historical research from that period has to remember their effect, and I know it can also be important for genealogists. ------------------------------ Date: Wed, 1 Apr 2020 13:57:31 -0400 From: Steve Golson <sgolson () trilobyte com> Subject: Re: Risks of Leap Years, and depending on WWVB (Seaman, RISKS-31.64) The watch is receiving a 60kHz signal broadcast by WWVB. The time indicated is UTC, but also encoded in the signal is the current status of DST in the US. https://www.nist.gov/pml/time-and-frequency-division/radio-stations/wwvb/help-wwvb-radio-controlled-clocks So if the watch misses a DST adjustment, it *could* be the fault of WWVB. But that's highly unlikely, and I suspect the watch applied the DST correction on the correct day, but at the wrong time. RISK: things that are highly unlikely, sometimes actually happen. ------------------------------ Date: Thu, 02 Apr 2020 17:53:25 +0800 From: Dan Jacobson <jidanni () jidanni org> Subject: Re: What happens when Google loses your address? (RISKS-31.64) Yup, even one's prestigious "11 Nerdsburg Estates" address one ends up hastily taking off of all one's advertisements. As the moment Google starts sending one's customers to the wrong end of town, and your Feedback to Google going into a black hole, you'll go back to just giving out a latitude longitude pair. ------------------------------ Date: Fri, 3 Apr 2020 10:44:03 +0300 From: Amos Shapir <amos083 () gmail com> Subject: Re: MIT Will Post Free Plans Online for an Emergency Ventilator That Can Be Built for $100 (Weinstein, RISKS-31.64)
There's no good reason that ventilators have to be so expensive and complex as the ones routinely used today, when not having any kind of ventilator means DEATH for so many patients.
Coming to think of it, "not having ... a ventilator means DEATH" is *exactly* why "ventilators have to be so expensive"... ------------------------------ Date: Fri, 3 Apr 2020 10:59:36 +0300 From: Amos Shapir <amos083 () gmail com> Subject: Re: Mathematics of life and death (RISKS-31.64) This article is a textbook example of the risks of relying blindly on mathematical models, especially in life threatening situations. Even the best models may implicitly rely on hidden assumptions and have many unknown variables. Unfortunately, the results of such policies are now obvious, written in blood: The Netherlands is now at the top of the table of deaths per 1 million people (right behind Italy, Spain and France); and Sweden, which had taken a similar policy, suffers three times the death rate than neighboring Norway. ------------------------------ Date: Fri, 03 Apr 2020 23:23:15 +0800 From: Dan Jacobson <jidanni () jidanni org> Subject: Re: A computer virus expert looks at CoVID-19 (Slade, RISKS-31.64) https://www.nytimes.com/interactive/2020/04/03/science/coronavirus-genome-bad-news-wrapped-in-protein.html "The coronavirus genome ends with a snippet of RNA that stops the cell's protein-making machinery. It then trails away as a repeating sequence of aaaaaaaaaaaaa" ------------------------------ Date: Wed, 1 Apr 2020 9:07:37 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Re: A computer virus expert looks at COVID-19 (Slade, RISKS-31.64) I received a few comments. Here's one set. The article is riddled with errors and incorrect information, but has a lecturing tone as if it comes from an expert. I am not a molecular biologist or virologist, but I know enough to recognize the many inaccuracies in Mr Slade's article. He doesn't even get the name of the virus correct, calling it CoVID-19, which is the name of the disease, not the name of the virus. No virologist would make that basic mistake. The unfortunate use of the same word for a molecular virus and computer virus does NOT qualify someone to lecture on the virology of SARS-CoV-2, which he points out, but he then proceeds to do exactly that himself, and not very well. There are far too many errors in the article for me to address individually, nor would I have the time or motivation to do so if challenged by Mr Slade, I will just say please don't allow the high frequency of contribution by a regular contributor lend a credibility to the quality of the contribution that isn't there when the topic is outside the contributor's expertise. (Perhaps this is a RISK in itself? A halo effect arising from contribution frequency?). I realize that screening posts is a monumental task and again I am grateful for everything you do... not trying to add to your workload... but this matters. The seriousness of COVID-19 and the wide audience seeking information and advice on how to protect one's health makes it imperative that misinformation from unqualified people apparently trying to sound knowledgeable and important be rejected and not published to the extent possible, as it can do actual harm to people. ------------------------------ Date: Thu, 2 Apr 2020 08:29:44 -0800 From: "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <rmslade () shaw ca> Subject: Masking the CoVID-19 problem Properly fitting, and properly filtering, face masks are an important part of medical personal protective equipment for keeping front line medical staff safe if they are in areas or situations of high viral load. (Or, indeed, in many other situations where they may be encountering any number of infectious agents.) Otherwise, having a piece of paper or fabric in front of your mouth does almost nothing in keeping you from getting infected with the CoVID-19 virus. The trouble is that, at the moment, and in the midst of a crisis, a lot of people, some authoritative but with specialized agendae, some not authoritative, and some merely visible and persuasive, are saying, on the basis of very limited evidence, that masks *might* be good for you, and, besides, what could it hurt? Let's look at the (remarkably few) benefits, and the (much greater) risks. There are *quite a number* of reasons that it might hurt a *lot*. The first is, what do you mean by "masks"? There are dust masks, that are intended to keep you from breathing in relatively large particles like sawdust. There are surgical masks, which look almost identical to dust masks, but are made differently and of different materials and to different standards, intended to keep you from breathing (or, more realistically, spitting) out droplets of who-knows- what over patients with open wounds. There are slightly form fitting masks made of specially porous materials that provide a larger surface to breath through and so filter smaller particles, droplets, and some aerosols out of the air you are breathing in. (These also tend to catch most droplets that you are breathing out, but probably not all, and not aerosols, since, when you breath out, your breath tends to push the mask away from your face, and allow your breath, aerosols, and some droplets to escape above, below, and to the sides of the mask. The same happens with dust and surgical masks.) Then there are extended form fitting respirators, many with integrated face or eye shields, and with filters to deal with specific particle sizes. And then there are home made masks, fashioned from whatever fabric is to hand, to whatever design comes to mind, with little or no regard for porosity, size of weave, or the ability to trap whatever particles are being breathed in or out. Just last night, on the nightly news, the news anchor proudly showed off a face mask that his wife had crafted. It had a lovely pattern on the fabric, and was lined with plastic from a bag. Excuse me? *Plastic*? Non-breathable, non-porous plastic? I'm not sure what that is supposed to do. Any breathing is going to take place around the edges of the mask. A normal person, under no effort or stress, is probably not going to be harmed by it, but anybody with respiratory problems who uses it may be in serious difficulty. It may, almost accidentally, trap droplets that are breathed out, but otherwise I can't see any possible benefit at all. The second major issue is the "evidence" for the benefit of masks. There seem to be two points of evidence. The first piece of evidence is that nurses and medical techs wear masks. You can see them. They are the "face" of the medical system, and, these days, that face is covered with a mask. Obviously, masks are important. "Obvious", as we say in mathematics, is what you say when you can't prove it. You do see nurses, medical techs, emergency first responders (on the news), and staff in intensive care units (on the news) wearing masks. You can't help but notice the masks. You *don't* notice gowns (changed between patients), gloves (changed between patients), face shields, and constant, everlasting hand-washing. You also don't see the vastly higher probabilities that these people will encounter the virus, nor the fact that the gowns (changed between patients), gloves (changed between patients), and masks (changed between patients) are intended as much to protect you as the medical staff. (Nor the "public relations" and "social engineering" aspects of "security theatre" intended to sooth fears in a time of poorly understood crisis. There *are* non-medical reasons to wear masks in some situations.) The second piece of evidence is an "observation" (one cannot call it a study) that some populations with a high incidence of mask-wearing have significantly lower transmission rates of the virus. (You cannot call the observation a "study," since the sample size is very small. We are talking about whole countries (of which there are less than 200), and not just countries, but "countries with high rates of CoVID-19" which takes you down to a double handful. "A double handful" is not a statistically valid sample set.) There are two additional (and easily observable) factors that may affect the transmission rate without recourse to the idea that masks prevent infection. The first is that masks are, demonstrably, effective at reducing the probability that those who have the virus (and twenty-five to fifty percent of those who are infected show few or no symptoms and don't know they are infected) will directly pass the virus to others. (Masks, of pretty much any kind, tend to vastly reduce the droplets breathed or spit out by those infected, simply by trapping the droplets as they come into contact with the fabric or paper of the mask.) The second factor is that those countries with low transmission rates also have some pretty authoritarian governments, who can effectively and quickly mandate that people have to stay home and isolate themselves. But, I hear you cry, while all of this calls into question the effectiveness of masks, it still doesn't show that masks (other than the plastic lined ones) are harmful. So, who's hurt if I choose to wear a mask? Well, first off, we currently have a world-wide shortage of proper masks (and other medical equipment). If you are wearing a mask and don't need it, you may be (likely are) depriving some front line worker who may actually need it. In fact, if you have a proper mask these days, you probably got it on the black market, and you are, even if only in a small way, supporting criminal activity that extends up to massive theft of hospital supplies and the fraudulent production of "certified" medical equipment that is not up to *anybody's* standard. So you are probably hurting those doing the most to keep us safe. (And from there on down to legitimate manufacturers and the legitimate economy.) And, even if you have made your own, probably ineffective, mask, you may be hurting yourself. We *know* that frequent, even obsessive, handwashing is effective. We *know* that physical distancing and self-isolation are effective. We *know* that keeping from touching your face is important. Wearing a mask gives you a feeling of security and safety. An almost certainly *false* sense of security and safety. And if wearing a mask makes you feel more comfortable and you stop, or even reduce, constant handwashing, or are less careful about physical distancing, or go out more frequently, you are putting yourself (and likely others) at greater risk. And we also *know* that properly donning and doffing a face mask is a non-trivial task, and most people don't know how to do it properly. (By the way, if you made your own mask, how many did you make? How often do you launder them? With bleach? (Where can you *find* bleach these days?) Do you change masks *every* time you go out? And do you touch your face when you put your mask on? Or take it off?) With your own, homemade masks, you *might* be protecting others, but it's not likely. Yes, masks trap droplets, but that only matters if you are infected. Even if you live in Italy, there is only one chance in 600 that you have the virus. And if you *know* you are infected, wearing a mask does nothing if you are alone at home. If you are infected, you should be home alone. What are you doing going out if you are infected? Do you *want* to kill people? Okay. You wanna wear a mask when you go out? During the virus crisis, if you must go out, note that you might get coughed on or sneezed on, and, since disinfecting fabric is much more difficult than cleaning flat surfaces, you should wear older clothing that can be discarded if necessary. (If you have old torn clothing that will not be missed, this is probably best.) Since face masks are in short supply, a scarf worn over the mouth, nose, and lower part of the face may offer some protection. If you *are* infected, and must go out for some reason, take a staff to aid you in walking, should you be overcome with respiratory distress and need something to lean on. Best to have bells hanging from the top to summon aid if needed. As you go, it is best to give some verbal warning to others not to come into close contact. Since some you may encounter may not be proficient in English, it is probably a good idea to constantly call out something simple, such as, "Unclean! Unclean!" (This is not meant to make fun of anyone who actually *has* Hansen's Disease ...) Masks are not magic. Since there is as-close-to-zero-as-makes-no-difference evidence that masks prevent normal people, in normal situations, from getting infected, those who believe that masks help obviously believe in magic. "Magical thinking" will not help us in this virus crisis. And it may do an awful lot of harm. Now go wash your hands. (And, if you have any actual, medical grade masks, go and give them to a front line medical worker.) ------------------------------ Date: Fri, 03 Apr 2020 22:12:54 +0800 From: Dan Jacobson <jidanni () jidanni org> To: Rob Slade <rmslade () shaw ca> https://www.nytimes.com/interactive/2020/04/03/science/coronavirus-genome-bad-news-wrapped-in-protein.html cguaggaauguggcaacuuuacaaacuuuacaa... As NSP12 duplicates the coronavirus genome, it sometimes adds a wrong letter to the new copy. NSP14 cuts out these errors, so that the correct letter can be added instead. gcugaaaauguaacaggacucuuuaaagauugu... ------------------------------ Date: Mon, 14 Jan 2019 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00 Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 31.65 ************************
Current thread:
- Risks Digest 31.65 RISKS List Owner (Apr 09)