1. Forum
  2. Usenet
  3. COMP.RISKS

  • Risks Digest 32.45 (2/2)

    From RISKS List Owner@21:1/5 to All on Mon Jan 18 22:24:15 2021
    [continued from previous message]

    Some of the Pfizer and Moderna data indicates that, over a longer period of time, even a single dose of the vaccine can confer protection over 90%. But you can, at this point, get the second, booster, dose of the vaccine.
    Following the booster dose, after some time (possibly a week, possibly six weeks), your protection level can rise to around 95%.

    A couple more points to note. I said “at this point.” Vaccine studies
    in the past have clearly shown that, if you give the booster shot too early,
    it is basically a waste of vaccine. There is a minimum time, after the
    primer shot, before a booster shot gives any booster effect. This minimum
    time seems to be three weeks, in the case of Pfizer, and four weeks, in the case of Moderna.

    Another factor to consider is that, while there is a definite minimum time period between shots in terms of maximum effect, the maximum time between
    shots is much more open ended. If the minimum time is three weeks, then
    there is no diminution of effect if you wait until four weeks to give the booster. In fact, many studies seem to indicate that, to a certain extent,
    the longer you wait for the second, booster, shot, the stronger the
    protection and the longer the duration of protection. (Again, the
    coronavirus vaccines simply haven't been in existence long enough for us to have really good data on the timing, but studies or existing vaccines show
    that this is very likely.)

    Yet another consideration goes back to those numbers. You will recall that
    I said 80% was pretty good protection. It is. 90% is better, and 95% is better still. But even 95% isn't that much better than 80%, and 80% is a
    whole lot better than nothing.

    So, back to the controversy. When we start giving vaccines, we can stick
    with the minimum time regime, and give everyone a second dose as soon as
    they hit the three week mark. That way we get more people up to 95%
    protection sooner.

    Or, we can delay the second dose out to five weeks. The downside is that
    those people spend an extra two weeks at 80% protection before they get the booster dose. But, during those two weeks, we can start bringing even more people to 80% protection (rather than leaving them with nothing). Which
    means we start building herd immunity faster. And the early lot are not,
    after all, being left with no protection. They are probably at 80%, and may
    be building, themselves, towards 90%. And they are still well within the
    time period during which they are going to get the booster effect. They may even get a better booster effect for the delay.

    The calculus involved here is complex. It involves the infectiousness of
    the virus, the effectiveness of the vaccine, the total numbers of cases, and
    a number of other considerations. However, in our situation, the answer
    seems to fall on the *delay* side of the equation.

    ------------------------------

    Date: Fri, 15 Jan 2021 11:35:30 -0800
    From: Rob Slade <rmslade@shaw.ca>
    Subject: Different kinds of security

    For years, no, actually decades, I have read, with pleasure and reliance, a certain columnist's columns on politics in BC. He has been knowledgeable, analytical, and educational. Due to his taking on a field outside his expertise in 2020, that of the pandemic, I am rapidly losing any and all of
    the respect that I ever had for his journalistic abilities.

    https://vancouversun.com/opinion/columnists/vaughn-palmer-dix-ducks-and- covers-before-fessing-up-on-care-home-covid-outbreaks

    His latest column chides Health Minister Adrian Dix for being careful in his answer about a question involving the rise of infections in long term care homes. Yes, Dix might have answered earlier and more directly that staff is responsible for most outbreaks in long term care. But that is a loaded question right now. Staff are responsible for outbreaks because they are
    the ones moving between the community and the homes. What do you want to do about that? Ban the staff? Leave the homes unattended, and let the
    residents shift as best they can from their beds?

    But the columnist isn't content to raise that nonsensical issue. He then
    goes on to blame the "second wave" surge on the election. Anyone who takes
    the time to look at the case numbers can see that the election made almost
    no contribution to the surge, which clearly dates from Thanksgiving dinners
    and parties.

    The columnist then takes up the cudgel on behalf of the idea of "routine" testing for staff. As he has been told many times when he raises the (same) question on "The Dr. Bonnie Show (co-starring Adrian Dix and Nigel Howard)," there *is* routine testing of medical staff. It's just that the routine
    varies depending upon the level of medical and public health risk, and not
    at the call of some political columnist.

    Testing of every staff member twice a week would still leave at least a four day window every week during which people could become infected and
    infectious. In fact the window would be longer, since test results take
    about 24 to 48 hours to be processed. And who is it that would do these
    tests (by the way, how many LTC staff are there in the entire province of
    BC?), and what work would *not* be done while they are doing them? Risk management is obviously not the columnist's field.

    It may just be CoVID fatigue and increased irritability on my part, but I am growing distressed with the poor quality of the Sun's coverage of the
    pandemic, and it's seeming pursuit of the scandalous over the informative.
    And so I fired off this rant to some of my friends in security.

    And got a response back:

    Did you send this to the wrong mailing list?

    So, I definitely did not make the point I wanted to make properly. I
    suppose a bit more detail (and a bit less rant) is in order.

    Lemme start with a seminar I did some time back. Unusually, it was actually
    in Vancouver. I had two candidates, sitting next to each other, as it happened, who both worked for government, but came from radically divergent security situations, as became obvious when we discussed the good old CIA
    triad of Confidentiality, Integrity, and Availability.

    One worked for E-Comm. These are the people who, among other things, answer the phones when you call 911. The E-Comm people don't exactly broadcast
    their calls, but confidentiality is not their first concern. That's availability. When somebody in trouble calls 911, somebody *has* to answer
    the phone. (I had a tour through E-Comm one time, and their business continuity and resilience planning is *really* impressive.)

    Sitting beside him was a candidate from one of the business development
    banks of the federal government. These agencies provide loans to businesses that want to expand their business. Since the idea is expansion, most of
    the loans aren't exactly secured by traditional equity. In order to ensure that the money (mostly) goes to actually building business, the companies
    have to provide masses of information about themselves, their markets, and their plans. This data is *highly* confidential: if it ever got into the
    hands of their competitors, the companies could be in real trouble. So everything is kept strictly confidential, and almost all their security is directed that way. But availability? As he said himself, "Hey, we're the federal government. If we disappeared for a month, who would even notice?"

    I guess what the columnist doesn't see (and what I didn't really allow for),
    is that he has worked for decades in politics. Politics is definitely a
    long game. It doesn't really happen all that fast. It's important to have
    a really good memory, going back decades. You need to analyse. And you've
    got all the time in the world to analyse, because nothing is going to happen very quickly. You need to look, in minute detail, at what the government,
    and political figures, are doing, while they are doing it, to point out
    minor flaws so that, by the time an act *is* passed, it's perfect. (It
    never actually *is* perfect, but that's what you are aiming for.)

    But a pandemic isn't politics, even though a lot of political work is
    involved. A pandemic is emergency management. You have to do *something*, because, if you don't, people will die. And, often, anything you do is
    better than doing nothing, because if you do nothing, people will die. So, delaying things while you look for a perfect solution is wrong, because, in emergency management, "the best" is very definitely the enemy of the good. Pandemics are fluid, and you make the best choice you can, at the time, with limited information, and change plans when the information changes, and
    hope, rather desperately, that the first plans you made don't run completely counter to later information. But you make a choice, and do it, because, if you don't, people will die.

    In emergency management, you do try to get divergent opinions, to try and
    make sure that you don't make a drastic mistake. But the very last thing
    you need, in the middle of a pandemic or other disaster, is someone publicly second-guessing what you are doing. That can wait for the "after action" debriefings. During the crisis, having some political columnist (with no training in emergency management, or even risk management) saying that you
    are making a mistake is just messing with the messaging you are trying to
    get out to the public. And, if that happens, people might die.

    There are different types of security. They are useful in different types
    of situations. There is no "one size fits all." We need to apply the right security to the right situation. And we definitely don't want to apply the wrong security to the wrong situation.

    ------------------------------

    Date: Mon, 11 Jan 2021 14:12:54 -0500
    From: Larry Werring <lwerring@nrtco.net>
    Subject: Hacker Locks Internet-Connected Chastity Cage

    The risks seem obvious...<br>

    https://www.vice.com/en/article/m7apnn/your-cock-is-mine-now-hacker-locks-internet-connected-chastity-cage-demands-ransom

    ------------------------------

    Date: Sun, 10 Jan 2021 21:39:04 -0500
    From: Larry Werring <lwerring@nrtco.net>
    Subject: Re: Scope of Russian Hacking Far Exceeds Initial Fears (RISKS-32.44)

    I am getting very tired of reading stories like this. I worked IT security
    for many years in Government (now retired) expending much effort to stop
    this kind of activity. One of the reasons I retired early was the lack of
    will to really do anything about this type of activity.  If the
    Russians or the Chinese or anyone else, for that matter, flew over and
    dropped troops into our major centers with orders to break into key
    Government and commercial buildings, sabotage critical infrastructure, and steal sensitive information and other valuables, we would immediately
    retaliate in an appropriate manner that would discourage future similar activities. Doing it electronically is the same as doing it the old
    fashioned way (analog). Why isn't anyone dealing with it as such? As far as
    I know, there has been no retaliation for the numerous intrusions that have occurred over the years. Why are we still letting them get away with
    it?  Unless we treat this like an electronic war and appropriately
    defend ourselves with a good offence, they will keep doing it with
    impunity.  If you are going to do nothing then you might as well
    throw open the doors and let them in (i.e. surrender). At the very least,
    take control of or destroy their access to the Internet so they can't access their targets.<br> <br> Maybe it's a good thing that I am retired. My frustration and bitterness at doing so much over the years with so little effect is beginning to show through.  I can see from this and other
    similar posts that my peers are having very little success in dealing with
    the many crooks and enemies conducting these intrusions. Were I still
    working, I would be even more frustrated than I am reading about
    it. Continue to do nothing and they'll reap your reward.

    ------------------------------

    Date: Sun, 10 Jan 2021 14:26:08 +1100
    From: 3daygoaty <threedaygoaty@gmail.com>
    Subject: Re: Voting Systems: The Cherry and the Cream (RISKS-32.44)

    At anytime after I'd voted, I could check my vote online by entering my registration number.

    I ran one of these pilots in 2007, the one in Swindon.

    It is illegal for the voting authority to issue any kind of binding proof of your vote that you could use to trade, sell or demonstrate your voting
    choices to a third party. The challenge is to show you something convincing that is not your vote, but which also can be independently verified.

    One of the best that has been achieved to date and not torn to shreds (so to speak) -- for which I was the project manager -- is vVote (2014) due to
    Teague, Schneider, Culnane, Hook and Ryan, and this is a supervised polling place system based on Pret a Voter. I am not aware of a remote votingscheme in the world used or proposed for high stakes public elections that
    has withstood even a fairly brief spotlight by the voting security
    community.

    ------------------------------

    Date: Sun, 10 Jan 2021 07:31:33 -0600
    From: Stephen Fierbaugh <stephen@fierbaugh.org>
    Subject: Re: One Minute Left": Hockey, CoVID-19 ...vs hacking (Drewe,
    RISKS-32.43)

    We "wait" until total monthly deaths from all causes decrease to <= 1
    standard deviation from normal.

    The benefit is this calculation is easy to make from readily available civil data collection processes which have been in place for a long time, doesn't require any special testing, and can't really be manipulated.

    For my Smith County, Texas, USA, mortality is currently at 7.351 standard deviations.

    ------------------------------

    Date: Wed, 13 Jan 2021 22:24:07 +0000
    From: "Chris D." <e767pmk@yahoo.co.uk>
    Subject: Re: One Minute Left": Hockey, CoVID-19 ...vs hacking
    (Fierbaugh, RISKS-32.45)

    Thanks, but I'm not sure if it's that simple. Reportedly, what panics politicians is people dying from Covid-19 in hospital corridors or parking lots, so much routine health treatment has virtually stopped to leave room
    for these people. "Total monthly deaths from all causes" will include those who may have died from delayed investigation and/or treatment but it's difficult to say how many there were, and people who die quietly at home
    aren't so conspicuous. We are deluged with figures on daily/weekly/monthly deaths, but often measured in different ways or time periods, and then
    there's the annual panic over 'winter'. There are constant demands over
    making lockdown restrictions stricter, or if this would make things better
    or worse...

    Hope that helped but it probably didn't. CD

    ------------------------------

    Date: Wed, 13 Jan 2021 16:46:55 -0600
    From: Stephen Fierbaugh <stephen@fierbaugh.org>
    Subject: Re: One Minute Left": Hockey, CoVID-19 ...vs hacking
    (Drewe, RISKS-32.45)

    Clarification: I didn't mean that we stay locked down until then. 
    Rather, the public health emergency will be over then. That the metric
    measures all deaths, not just explicitly COVID-19 is an intentional feature, not a bug.

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.45
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)