Blank no longer: Garmin has “solved” a ransomware attack, but won’t say how CC-licensed photo by otama on Flickr.
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 9 links for you. The joke edition. I’m @charlesarthur on Twitter. Observations and links welcome.
The scourge of hygiene theatre • The Atlantic
Derek Thompson on why scrubbing tables won’t save you (because you’re not actually going to catch it from a “fomite”, or virus-laden gunk on a surface):
»
hygiene theatre builds a false sense of security, which can ironically lead to more infections. Many bars, indoor restaurants, and gyms, where patrons are huffing and puffing one another’s stale air, shouldn’t be open at all. They should be shut down and bailed out by the government until the pandemic is under control. No amount of soap and bleach changes this calculation.
Instead, many of these establishments are boasting about their cleaning practices while inviting strangers into unventilated indoor spaces to share one another’s microbial exhalations. This logic is warped. It completely misrepresents the nature of an airborne threat. It’s as if an oceanside town stalked by a frenzy of ravenous sharks urged people to return to the beach by saying, We care about your health and safety, so we’ve reinforced the boardwalk with concrete. Lovely. Now people can sturdily walk into the ocean and be separated from their limbs.
By funneling our anxieties into empty cleaning rituals, we lose focus on the more common modes of COVID-19 transmission and the most crucial policies to stop this plague. “My point is not to relax, but rather to focus on what matters and what works,” Goldman said. “Masks, social distancing, and moving activities outdoors. That’s it. That’s how we protect ourselves. That’s how we beat this thing.”
«
Hygiene theatre being the followup to security theatre, as seen in airports everywhere after September 2001.
unique link to this extract
Are we in an AI overhang? • LessWrong 2.0
Andy Jones:
»
An overhang is when you have had the ability to build transformative AI for quite some time, but you haven’t because no-one’s realised it’s possible. Then someone does and surprise! It’s a lot more capable than everyone expected.
I am worried we’re in an overhang right now. I think we right now have the ability to build an orders-of-magnitude more powerful system than we already have, and I think GPT-3 is the trigger for 100x-larger projects at Google and Facebook and the like, with timelines measured in months.
GPT-3 is the first AI system that has obvious, immediate, transformative economic value. While much hay has been made about how much more expensive it is than a typical AI research project, in the wider context of megacorp investment it is insignificant.
GPT-3 has been estimated to cost $5m in compute to train, and – looking at the author list and OpenAI’s overall size – maybe another $10m in labour, on the outside.
Google, Amazon and Microsoft all each spend ~$20bn/year on R&D and another ~$20bn each on capital expenditure. Very roughly it totals to ~$100bn/year. So dropping $1bn or more on scaling GPT up by another factor of 100x is entirely plausible right now. All that’s necessary is that tech executives stop thinking of NLP as cutesy blue-sky research and start thinking in terms of quarters-till-profitability.
«
If GPT-3 has really only cost $5m, then I’d expect all of Google, Amazon and Microsoft (and even Apple) to have much better AI by now. But they don’t. It’s a sort of anti-existential proof, because they all have good reasons to build such systems.
unique link to this extract
The doctor behind the disputed Covid data • The New York Times
Ellen Gabler and Roni Caryn Rabin on the peculiar case of Sapan Desai, the man behind Surgisphere, the company behind the nonexistent Covid-19 case data in the cases testing the efficacy of hydroxychloroquine:
»
Over the next five years [from 2006], his performance and a pattern of behaviour at the North Carolina hospital worried colleagues, according to physicians who worked with him there.
In interviews, Drs. Olcese, Mani Daneshmand, Dawn Elfenbein and 10 others — who spoke on the condition of anonymity because they were not authorized to talk to the media or feared retribution from their employers or Duke — said there were broad concerns inside the surgery department about Dr. Desai.
The doctors, many of whom were also residents, said they could not trust information he provided about patients’ medical conditions or test results. Several doctors said it became standard practice to double check anything Dr. Desai said about a patient, such as how the person had fared overnight or whether a test had been ordered.
Several former colleagues said that often he did not follow through on directives about treating patients, and that when he was questioned about it, he sometimes passed blame or offered implausible explanations.
In one instance, Dr. Desai did not respond to pages from nurses during an overnight shift while on call, recalled Dr. Olcese. When she asked about the missed pages, he said he had been resuscitating an infant by performing a rare, complicated procedure — an incident the charge nurse said never occurred, according to Dr. Olcese and another doctor present for Dr. Desai’s explanation.
“He was essentially a giant roadblock that you had to work around,” said Dr. Olcese, now a neurocritical care doctor at Wexner Medical Center in Columbus, Ohio. “You didn’t want him to bring you down with him.”
«
And a reminder, once more, that the Surgisphere fabulism was exposed not by the two peer-reviewed journals which published HCL articles, but by a journalist at The Guardian (Australia) puzzled by the fact that the papers cited more cases and deaths in Australia than had been recorded.
If that’s stopped a liar, that’s a good job done.
unique link to this extract
Google to keep employees home until summer 2021 amid coronavirus pandemic • WSJ
Rob Copeland:
»
The move will affect nearly all of the roughly 200,000 full-time and contract employees across Google parent Alphabet Inc, and is sure to pressure other technology giants that have slated staff to return as soon as January.
Alphabet Chief Executive Sundar Pichai made the decision himself last week after debate among Google Leads, an internal group of top executives that he chairs, according to a person familiar with the matter. A small number of Google staffers were notified later in the week, people familiar said.
Mr. Pichai was swayed in part by sympathy for employees with families to plan for uncertain school years that may involve at-home instruction, depending on geography. It also frees staff to sign full-year leases elsewhere if they choose to move.
“I know it hasn’t been easy,” Mr. Pichai wrote in a note to staff Monday, after The Wall Street Journal reported the impending extension. “I hope this will offer the flexibility you need to balance work with taking care of yourselves and your loved ones over the next 12 months.”
«
Feels reasonable; by this time next year I’d hope we’ll have a working vaccine that is rolling out on a wide scale. (Let’s come back and check, shall we?)
unique link to this extract
Twitter’s security woes included broad access to user accounts • Bloomberglaw
Jordan Robertson, Kartikay Mehrotra and Kurt Wagner:
»
Twitter’s oversight over the 1,500 workers who reset accounts, review user breaches and respond to potential content violations for the service’s 186 million daily users have been a source of recurring concern, the employees said. The breadth of personal data most of those workers could access is relatively limited — including such things as Internet Protocol addresses, email addresses and phone numbers — but it’s a starting point to snoop on or even hack an account, they said.
The controls were so porous that at one point in 2017 and 2018 some contractors made a kind of game out of creating bogus help-desk inquiries that allowed them to peek into celebrity accounts, including Beyonce’s, to track the stars’ personal data including their approximate locations gleaned from their devices’ IP addresses, two of the former employees said.
…According to the former security employees, Twitter management has often dragged its heels on upgrades to information security controls while prioritizing consumer products and features, a source of tension for many businesses.
Efforts to better govern Twitter’s user-support staff and contractors have also gotten short shrift, resulting in a workplace where too many people have access to too many powerful tools, the former employees said. Even with some basic tracking systems in place, contractors have found workarounds to explore details about former lovers, politicians, favorite brands and celebrities, they added.
«
This is such a mess. Twitter has clearly been a mess that nobody has been willing to clear up for years. The longer it goes on, the harder to clear up.
unique link to this extract
Coronavirus: Lewis Hamilton deletes vaccine conspiracy theory post • BBC News
Marianna Springfield:
»
Formula 1 champion Lewis Hamilton has issued a statement “clarifying his thoughts” and confirming he is not anti-vaccine after sharing a video linked to unfounded conspiracy theories about a coronavirus vaccination.
Hamilton originally shared the post about Bill Gates and vaccine trials on his Instagram story to his 18 million followers. It stayed up for 13 hours before he deleted it.
The F1 driver has now issued a statement on the same platform, explaining that he “hadn’t actually seen the comment attached” to the post in question, saying that he’s “only human”.
…He said he had not seen the comment attached to the video he shared and “has a lot of respect for the charity work Bill Gates does”.
He added: “I also want to be clear that I’m not against a vaccine and no doubt it will be important in the fight against coronavirus” – although he did express concerns about potential side effects and how a vaccine might be funded.
«
Perhaps a multi-millionaire who lives abroad in order to avoid tax might be able to help fund it? Then he couldn’t have any concerns about it.
unique link to this extract
Sick of AI engines scraping your pics for facial recognition? Here’s a way to Fawkes them right up • The Register
Thomas Claburn:
»
Researchers at the University of Chicago’s Sand Lab have developed a technique for tweaking photos of people so that they sabotage facial-recognition systems.
…Fawkes consists of software that runs an algorithm designed to “cloak” photos so they mistrain facial recognition systems, rendering them ineffective at identifying the depicted person. These “cloaks,” which AI researchers refer to as perturbations, are claimed to be robust enough to survive subsequent blurring and image compression.
The paper [PDF], titled, “Fawkes: Protecting Privacy against Unauthorized Deep Learning Models,” is co-authored by Shawn Shan, Emily Wenger, Jiayun Zhang, Huiying Li, Haitao Zheng, and Ben Zhao, all with the University of Chicago.
“Our distortion or ‘cloaking’ algorithm takes the user’s photos and computes minimal perturbations that shift them significantly in the feature space of a facial recognition model (using real or synthetic images of a third party as a landmark),” the researchers explain in their paper. “Any facial recognition model trained using these images of the user learns an altered set of ‘features’ of what makes them look like them.”
«
Wonder how long it will take for this to be an option in smartphones. “Distort selfies” as a preference setting.
unique link to this extract
Pre-existing and de novo humoral immunity to SARS-CoV-2 in humans • bioRxiv
(A very big UK-based team of researchers):
»
Zoonotic introduction of novel coronaviruses is thought to occur in the absence of pre-existing immunity in the target human population. Using diverse assays for detection of antibodies reactive with the SARS-CoV-2 spike (S) glycoprotein, we demonstrate the presence of pre-existing humoral immunity in uninfected and unexposed humans to the new coronavirus.
SARS-CoV-2 S-reactive antibodies were readily detectable by a sensitive flow cytometry-based method in SARS-CoV-2-uninfected individuals and were particularly prevalent in children and adolescents. These were predominantly of the IgG class and targeted the S2 subunit. In contrast, SARS-CoV-2 infection induced higher titres of SARS-CoV-2 S-reactive IgG antibodies, targeting both the S1 and S2 subunits, as well as concomitant IgM and IgA antibodies, lasting throughout the observation period of 6 weeks since symptoms onset.
«
If I’m reading this right, it says that children and teenagers have effective antibodies despite not having been exposed to the virus that causes Covid-19. That explains a lot of things, though it then offers up the puzzle of why that resistance diminishes with age, since you’d expect people to be continually exposed to various coronaviruses through their life.
unique link to this extract
Garmin obtains decryption key after ransomware attack • Sky News
Alexander Martin:
»
Last week, Garmin’s services were taken offline after hackers infected the company’s networks with a ransomware virus known as WastedLocker.
A number of the company’s services are operational again and the business has now confirmed the “cyber attack” for the first time, stating: “Affected systems are being restored and we expect to return to normal operation over the next few days.”
…Security sources who spoke to Sky News said WastedLocker is believed to be developed by Evil Corp, a hacking group based in Russia which was sanctioned by the US Treasury last December.
The sanctions mean that “US persons are generally prohibited from engaging in transactions” with the cyber criminals, although the US Treasury did not respond to questions about whether the general prohibition applied in the circumstances of extortion.
Sources with knowledge of the Garmin incident who spoke to Sky News on the condition of anonymity said that the company – an American multinational which is publicly listed on the NASDAQ – did not directly make a payment to the hackers.
«
That last bit raises so many questions. Did a middleman carry the bag with the money? Or did someone crack the encryption for them (highly unlikely)? The bigger question is whether their paying the middleman breaches US sanctions. I’d guess that if Garmin is necessary enough to the US military, it’ll be decided that it doesn’t.
Dad joke: Q: where did the hackers go? A: I dunno, they ransomware.
unique link to this extract
Errata, corrigenda and ai no corrida: none notified
The Overspill: when there's more that I want to say 