The NHS Covid app averted an estimated 600,000 cases – and so perhaps 1,500 deaths. CC-licensed photo by Simon James on Flickr.
You can sign up to receive each day’s Start Up post by email. You’ll need to click a confirmation link, so no spam.
A selection of 10 links for you. You can’t hurry, love. I’m @charlesarthur on Twitter. Observations and links welcome.
Huawei founder and CEO Ren Zhengfei has called for a reset in relations between the US and the Chinese tech giant. Speaking to international media in China for the first time in more than a year, Ren expressed willingness to speak with President Biden and said he hoped for “open policies” from the new administration.
“I would welcome [a call from Biden]” Ren said in translated comments provided to The Verge and reported by CNBC, AFP, and the South China Morning Post. “I would talk with him about common development. Both the US and China need to develop their economies, as this is good for our society and financial balance.”
“Allowing US companies to supply goods to Chinese customers is conducive to their own financial performance,” Ren said. “If Huawei’s production capacity expanded, that would mean US companies could sell more. It’s a win-win situation. I believe the new administration will weigh and balance these interests as they consider their policies. We still hope to be able to buy a lot of US components, parts, and machinery so that US companies can also develop with the Chinese economy.”
Huawei is currently unable to do business with US companies because the Trump administration placed it on the Department of Commerce’s trade blacklist, citing national security fears. Among other issues, this means Huawei is unable to license Android from Google, severely hampering its smartphone business outside of China.
This prompted Huawei to sell off its Honor subsidiary in order to protect the brand and allow it to keep on producing smartphones, but Ren dismissed rumors that Huawei might do the same for its own smartphone division. “We will never sell our device business,” he said.
A researcher managed to breach over 35 major companies’ internal systems, including Microsoft, Apple, PayPal, Shopify, Netflix, Yelp, Tesla, and Uber, in a novel software supply chain attack.
The attack comprised uploading malware to open source repositories including PyPI, npm, and RubyGems, which then got distributed downstream automatically into the company’s internal applications.
Unlike traditional typosquatting attacks that rely on social engineering tactics or the victim misspelling a package name, this particular supply chain attack is more sophisticated as it needed no action by the victim, who automatically received the malicious packages.
This is because the attack leveraged a unique design flaw of the open-source ecosystems called dependency confusion.
For his ethical research efforts, the researcher has earned well over $130,000 in bug bounties.
Last year, security researcher Alex Birsan came across an idea when working with another researcher Justin Gardner.
Gardner had shared with Birsan a manifest file, package.json, from an npm package used internally by PayPal.
Birsan noticed some of the manifest file packages were not present on the public npm repository but were instead PayPal’s privately created npm packages, used and stored internally by the company.
On seeing this, the researcher wondered, should a package by the same name exist in the public npm repository, in addition to a private NodeJS repository, which one would get priority?
That is indeed sneaky. The enormous dependency on open source packages that can be altered maliciously (or accidentally badly) at pretty much any time is being demonstrated again and again.
unique link to this extract
“Water facilities are particularly problematic,” said Suzanne Spaulding, the former chief cybersecurity official at the Department of Homeland Security under former President Barack Obama. “When I first came into DHS and started getting the sector-specific briefings, my team said, ‘here’s what you’ve got to know about water facilities: when you’ve seen one water facility, you’ve seen one water facility.’”
There’s approximately 54,000 drinking systems in the U.S., which are run independently, either by local governments or small corporations. And that means thousands of different security setups, often run by generalists who are responsible for the technology of their particular water system.
“I’ve been to numerous water treatment facilities where there is one IT person or two IT people,” said Lesley Carhart, a principal threat analyst at the cybersecurity company Dragos. “And they have to handle everything from provisioning computers and devices that keep the infrastructure running to trying to do security.”
“Most are very conscious of it, but they’re just drowning,” she said. “They don’t know how to accomplish all the things they’re required to do to both keep things running from an IT perspective and also fill compliance checkboxes.”
All of the city’s cybersecurity services, including that of the water treatment plant, are managed by one man, city manager Al Braithwaite, Assistant City Manager Felicia Donnelly said in an email.
In the case of the Oldsmar attack, all the hackers needed to gain access was to log in to a TeamViewer account, which lets remote users take full control of a computer, which was associated with the plant. That let them open and toy with a computer with a program that sets the chemical content for the underground water reservoir that provides the drinking water for nearly 15,000 people.
One person for the water system’s cybersecurity. Aaaargh.
unique link to this extract
Tim Bradshaw and Siddharth Venkataramakrishnan:
Gauging the effectiveness of Bluetooth-based proximity detection apps, which have been released by governments all over the world, has been complicated by the privacy protections built into the Google/Apple system.
The app’s anonymity means that it is impossible to say how many people have complied with its orders to isolate.
The Turing/Oxford researchers used the limited location information that users are asked to enter when they download the app — the first half of their area’s postcode — to compare app uptake between neighbouring local authorities.
That data was then compared with the overall number of Covid-19 cases reported by each local authority. The researchers found a strong correlation between app usage, which varies between 15 to 45% of the overall population, and case numbers in a given region.
The paper said that a statistical comparison of neighbouring areas with similar socio-economic or geographic properties suggested that there were 594,000 “averted infections”, but gave a range of 317,000 and 914,000 with a confidence interval of 95%.
Extrapolating from normal case fatality rates, that suggests thousands of deaths may have been prevented by the app, the researchers estimate.
“The main limitation of our analysis is that it is an observational study: no randomized or systematic experiment resulted in different app uptake in different places,” the paper noted. “It remains possible that changes in app use over time and across geographies reflect changes in other interventions, and that our analysis incorrectly attributes the effect to the app.”
Those under 64 – let’s assume that includes all the smartphone users – have 25% of deaths (New York data). So at 600,000 cases averted, if we assume a 1% overall death rate, that’s about 0.25 * 0.01 * 600,000 = 1,500 deaths averted.
unique link to this extract
Sennett Devermont was at the department to file a form to obtain body camera footage from an incident in which he received a ticket he felt was unfair. Devermont also happens to be a well-known LA area activist, who regularly live-streams protests and interactions with the police to his more than 300,000 followers on Instagram.
So, he streamed this visit as well—and that’s when things got weird.
In a video posted on his Instagram account, we see a mostly cordial conversation between Devermont and BHPD Sgt. Billy Fair turn a corner when Fair becomes upset that Devermont is live-streaming the interaction, including showing work contact information for another officer. Fair asks how many people are watching, to which Devermont replies, “Enough.”
Fair then stops answering questions, pulls out his phone, and starts silently swiping around—and that’s when the ska music starts playing.
Fair boosts the volume, and continues staring at his phone. For nearly a full minute, Fair is silent, and only starts speaking after we’re a good way through Sublime’s “Santeria.”
Assuming that Fair wasn’t just trying to share his love of ’90s stoner music with the citizens of Beverly Hills, this seems to be an intentional (if misguided) tactic to use social media companies’ copyright protection policies to prevent himself from being filmed.
Instagram in particular has been increasingly strict on posting copyrighted material. Any video that contains music, even if it’s playing in the background, is potentially subject to removal by Instagram.
Most people complain about these rules. Beverly Hills law enforcement, however, seems to be a fan.
For every measure bringing accountability, there’s a countermeasure that seeks to evade it.
unique link to this extract
Naftali Bennett, the former defense minister who coordinated much of the nation’s initial virus response and is now running to replace [PM Benjemin] Netanyahu, accused the government of adopting a strategy that, in his words, can be summed up as, “We’re not going to manage the crisis in this country, we’re going to put all our eggs in the one basket: vaccines,” he told Intelligencer. [Israel is using the Pfizer vaccine.]
“Israel’s entire strategy relies on the hope that no variant will escape the vaccine,” he continued. “If a mutation that can bypass the vaccine appears tomorrow, we’re in trouble.”
On Thursday, at a cabinet meeting convened to debate the future of a partial, fraying lockdown, which is scheduled to end on Sunday, Netanyahu acknowledged that “the British mutation is running amok in Israel,” driving 80% of Israel’s recent COVID-19 fatalities.
Health experts, who have grown accustomed to being ignored by the government, oppose lifting the lockdown, imperfect as it is. The government’s COVID czar, Nachman Ash, warned that “if we leave this lockdown with the figures as they are, we will need another lockdown in two weeks.”
The advent of the British strain has been a game-changer for Israel. “The vaccines are a big success,” Ayman Seif, Israel’s deputy corona czar in charge of anti-COVID measures in the Arab community, told Intelligencer. “We began to see their effects, but it is not enough to curb the rise in contagion brought by the mutation.”
Netanyahu dubbed the mission to vaccinate the nation “Operation Getting Back to Life,” and promised Israelis they’d be COVID-free by late March, which is, coincidentally, when they will head to the polls in what is shaping up to be a tight race. On Thursday, he tweeted out that among those ages 60 and over, he said, referring to a group that has almost universally received the second dose of vaccine, “there has been a 26% decrease in the critical-care hospitalizations.”
While true, the numbers don’t seem as unequivocal as the prime minister indicated. A government study showed that 44% of cases diagnosed in Israel between Thursday and Friday were found among citizens younger than 19. Only 6.2% were found in those ages 60 and older. Rahav said that hospital beds left free by the inoculated over-60 population are being filled by the under-50 crowd. “The British variant of the coronavirus brought us to our knees,” she said. Her hospital’s COVID wards remain at capacity, with ever younger patients.
I wondered about this. And here’s the answer. But if Israel is struggling against the “British strain”, how is Britain going to cope? [Thanks G for the link.]
unique link to this extract
While other driverless car developers — including General Motors’ Cruise, Ford’s Argo AI, Amazon’s Zoox, Alphabet’s Waymo, and independent Aurora — all take an incremental, slow rollout approach with professional test drivers at the wheel, Tesla is “beta testing” its driverless technology on public roads using its customers as test drivers.
Musk said last month that Tesla cars will be able to fully drive themselves without human intervention on public roads by late this year. He’s been making similar promises since 2016. No driverless car expert or auto industry leader outside Tesla has said they think that’s possible.
Although [Bryant Walker] Smith, [a professor and expert in autonomous vehicle law at the University of South Carolina] is impressed by Tesla’s “brilliant” ability to use Tesla drivers to collect millions of miles of sensor data to help refine its software, “that doesn’t excuse the marketing because this is in no way full self-driving. There are so many things wrong with that term. It’s ludicrous. If we can’t trust a company when they tell us a product is full self-driving, how can we trust them when they tell us a product is safe?”
[Paul] Eisenstein [publisher of the Detroit Bureau industry news site] is even harsher. “Can I say this off the record?” he said. “No, let me say it on the record. I’m appalled by Tesla. They’re taking the smartphone approach: Put the tech out there, and find out whether or not it works. It’s one thing to put out a new IOS that caused problems with voice dictation. It’s another thing to have a problem moving 60 miles per hour.”
As the article points out, the Trump administration simply punted on this; there wasn’t a proper director for the National Highways Traffic Safety Administration for the past four years. Now things need sorting out.
unique link to this extract
Potsdam Institute for Climate Impact Research:
“Coal has been hit harder by the pandemic than other power sources—and the reason is simple,” explains lead author Christoph Bertram from the Potsdam Institute for Climate Impact Research (PIK). “If demand for electricity drops, coal plants are usually switched off first. This is because the process of burning fuels constantly runs up costs. The plant operators have to pay for each single ton of coal. In contrast, renewable power sources such as wind and solar plants, once built, have significantly lower running costs—and keep on operating even if the demand is reduced.”
This way, fossil fuels were partly squeezed out of the electricity generation mix in 2020 and global CO2 emissions from the power sector decreased around 7%. By looking at India, the U.S. and European countries alone, a more dramatic picture emerges: In these key markets, where monthly electricity demand declined by up to 20% compared to 2019, the monthly CO2 emissions decreased by up to 50%.
The researchers estimate that it’s likely that emissions will not reach the all-time high of 2018 again. “Due to the ongoing crisis, we expect that 2021 electricity demand will be at about 2019’s levels, which, given ongoing investments into low-carbon generation, means lower fossil generation than in that year,” says co-author Gunnar Luderer from PIK. “As long as this clean electricity generation growth exceeds increases in electricity demand, CO2 emissions from the power sector will decline. Only if we saw unusually high demand for electricity along with surprisingly few additions of renewable power plants from 2022-2024 and beyond, fossil fuel generation would rebound to pre-pandemic levels.”
Ray Dalio is the founder of Bridgewater, which is a financial analysis company (as far as I can make out – its website is pretty vague):
Regarding privacy, it appears that Bitcoin will unlikely be as private as some people surmise. It is, after all, a public ledger and a material amount of Bitcoin is held in a non-private manner. If the government (and perhaps hackers) want to see who has what, I doubt that privacy could be protected. Also, it appears to me that if the government wanted to get rid of its use, most of those who are using it wouldn’t be able to use it so the demand for it would plunge. Rather than it being far-fetched that the government would invade the privacy and/or prevent the use of Bitcoin (and its competitors) it seems to me that the more successful it is the more likely these possibilities would be. Starting with the formation of the first central bank (the Bank of England in 1694), for good logical reasons governments wanted control over money and they protected their abilities to have the only monies and credit within their borders. When I a) put myself in the shoes of government officials, b) see their actions, and c) hear what they say, it is hard for me to imagine that they would allow Bitcoin (or gold) to be an obviously better choice than the money and credit that they are producing. I suspect that Bitcoin’s biggest risk is being successful, because if it’s successful, the government will try to kill it and they have a lot of power to succeed.
There’s plenty in there, plus some excellent graphs about the value of bitcoin compared to gold, and how much extra is being added compared to existing assets.
unique link to this extract
Depending on which source you consult, Substack might be “reinventing publishing,” “pioneering a new ‘business model for culture,’ ” or “attempting to build an alternative media economy that gives journalists autonomy.” It is “writers firing their old business model” or “a better future for news.” Substack’s C.E.O., Chris Best, has said that the company’s intention is “to make it so that you could type into this box, and if the things you type are good, you’re going to get rich.” Hamish McKenzie, one of Substack’s co-founders, told me that he sees the company as an alternative to social-media platforms like Facebook and Twitter. “We started Substack because we were fed up about the effects of the social-media diet,” McKenzie said. Substack’s home page now reads, “Take back your mind.”
Substack, like Facebook, insists that it is not a media company; it is, instead, “a platform that enables writers and readers.” But other newsletter platforms, such as Revue, Lede, or TinyLetter (a service owned by Mailchimp, the e-mail-marketing company), have never offered incentives to attract writers. By piloting programs, like the legal-defense fund, that “re-create some of the value provided by newsrooms,” as McKenzie put it, Substack has made itself difficult to categorize: it’s a software company with the trappings of a digital-media concern. The company, which currently has twenty employees, has a lightweight content-moderation policy, which prohibits harassment, threats, spam, pornography, and calls for violence; moderation decisions are made by the founders, and, McKenzie told me, the company does not comment on them. Best has suggested that Substack contains a built-in moderation mechanism in the form of the Unsubscribe button.
It’s an interesting time for such a hands-off, free-market approach. The Internet is flooded with disinformation and conspiracy theories. Amazon’s self-publishing arm has become a haven for extremist content. The flattening effect of digital platforms has led to confusion among readers about what is reporting and what is opinion. Newsrooms at the Times and the Wall Street Journal have taken pains to distinguish their work from that found in the op-ed sections. Substack has advertised itself as a friendly home for journalism, but few of its newsletters publish original reporting; the majority offer personal writing, opinion pieces, research, and analysis.
Original reporting is expensive, and time-consuming, and just as with the blogosphere, few are going to take the risk. Though at least it monetises a bit better than blogs.
unique link to this extract
Errata, corrigenda and ai no corrida: none notified