Monday 18 May, 2020

Food deliveries continue

This morning, outside our kitchen window.

The poor chap needs a haircut — like every other male at the moment.


Keith Thomas: Working methods

The London Review of Books has a nice idea for the pandemic: publishing an article or a review from its amazing archives and putting it outside the paywall for a day. The criterion for choosing pieces that there should be nothing in them about pandemics.

It’s like a breath of fresh air. Here is one of them: a lovely essay by Keith Thomas on how a great historian does his work. Riveting, revealing, inspiring and utterly charming. Thomas is the most unpretentious of scholars.


Zoom: The Seven Commandments

  1. Thou shalt not forget about the agenda or deviate from it.
  2. Thou shalt not cancel meetings shortly before they start.
  3. Thou shalt not all speak at the same time.
  4. Thou shalt not keep your mic on when you are typing.
  5. Thou shalt not abandon the chat.
  6. Thou shalt not assume people can see your presentation clearly – or at all.
  7. Thou shalt not scribble on whiteboards and assume people can follow.

I would add one more, which I consider a cardinal sin: checking and replying to email while on a call and leaving the sound on. Yes, we can hear your Outlook or Apple Mail sounds when the email is sent.

Om Malik


Samuel Pepys: the very first pandemic blogger

Lovely column by Andrew Sullivan, who’s been reading Pepys’s diary for the plague year of 1665. 

There’s a certain Monty Python Black Knight vibe to Pepys’s equanimity. Does he think he’s immune? Even when the plague reaches his own parish, with 40 suddenly dead, Pepys stays up and about, with “a pleasant going and a good discourse … But Lord! to see in what fear all the people here do live. How they are afraid of us that come to them, insomuch that I am troubled at it, and wish myself away.” Even in his bedroom, as he works “undressed all day long,” the plague cannot be avoided: “It was a sad noise to hear our bell to toll and ring so often today, either for deaths or burials; I think five or six times.” Nonetheless, he attends a wedding — getting there late — and has a blast in the middle of it all: “Thus I ended this month with the greatest joy that ever I did any in my life, because I have spent the greatest part of it with abundance of joy, and honor, and pleasant journeys, and brave entertainments.”

I’m a little dumbstruck at the stoicism of it all. In the middle of a nightmare, he’s having the best month of his life! He’s not in denial. He’s somehow capable of finding an equilibrium so that even in the face of mass death, he can let himself go and enjoy a massive party. Here in the 21st century, we’re finding that not so easy. And Pepys faced horrors far worse than ours. His friends endure terror: “And poor Will, that used to sell us ale at the Hall-door, his wife and three children died, all, I think, in a day.” The press of corpses gets so great, there’s a citywide decision to carry them to burial at night, “the town growing so unhealthy, that a man cannot depend upon living two days.”

And then just a little moment that gives us a sense of how lucky, in comparison, we are: “It was dark before I could get home, and so land at church-yard stairs, where, to my great trouble, I met a dead corpse of the plague, in the narrow ally … But I thank God I was not much disturbed by it. However, I shall beware of being late abroad again.” Maybe it’s just the English stiff upper lip as far back as 1665, but the tenacity and composure of the man are impressive, even as he passes by mounds of corpses lying out in the open, piled up against the walls of houses in the streets, dumped into mass graves, and all the doctors dead in Westminster, leaving the dying to fend for themselves.

Typical Sullivan: original fresh, perceptive. When, at the beginning if all this, I was looking for books on previous pandemics, it never occurred to me to reach for Pepys. Growl.


162 benefits of Coronavirus

Yeah, I know this might look like tasteless trolling, but it isn’t. The virus is terrible, sure; but it also forces us to do things we ought to have done decades ago. So it’s an interesting and thought-provoking list that includes stuff that I at least hadn’t thought about.

Call it creative contrarianism.


Atul Gawande on how to keep the virus at bay

Fascinating and sobering New Yorker piece on what you have to do to keep a hospital safe.

The Boston area has been a COVID-19 hotspot. Yet the staff members of my hospital system here, Mass General Brigham, have been at work throughout the pandemic. We have seventy-five thousand employees—more people than in seventy-five per cent of U.S. counties. In April, two-thirds of us were working on site. Yet we’ve had few workplace transmissions. Not zero: we’ve been on a learning curve, to be sure, and we have no way to stop our health-care workers from getting infected in the community. But, in the face of enormous risks, American hospitals have learned how to avoid becoming sites of spread. When the time is right to lighten up on the lockdown and bring people back to work, there are wider lessons to be learned from places that never locked down in the first place.

These lessons point toward an approach that we might think of as a combination therapy—like a drug cocktail. Its elements are all familiar: hygiene measures, screening, distancing, and masks. Each has flaws. Skip one, and the treatment won’t work. But, when taken together, and taken seriously, they shut down the virus. We need to understand these elements properly—what their strengths and limitations are—if we’re going to make them work outside health care.

Four basic ‘pillars’ of the strategy: hygiene, distancing, screening and masks. They won’t return us to normal life, he says,

but, when signs indicate that the virus is under control, they could get people out of their homes and moving again. As I think about how my workplace’s regimen could be transferred to life outside the hospital, however, I have come to realize that there is a fifth element to success: culture. It’s one thing to know what we should be doing; it’s another to do it, rigorously and thoroughly.

Great piece. He’s the best writer on medicine that I know.


What comes after Zoom?

Answer: conversations and spontaneity. Zoom is fine in its way, but really it’s just reinforcing one of the most pernicious aspects of organisational life — an addiction to group meetings. But because we’re all working for home, there’s no place for the random conversations that are often the key to productive working and creative endeavour.There’s no such thing as planned creativity. So the search is on — predictably — for a technology that might make that kind of serendipitous conversation possible in a remote-working context. There’s currently a lot of noise about this idea — and of course venture-capital involvement.

Here’s a good survey of emerging apps.


Quarantine diary — Day 58

Link


This blog is also available as a daily email. If you think this might suit you better, why not subscribe? One email a day, delivered to your inbox at 7am UK time. It’s free, and there’s a one-click unsubscribe if your decide that your inbox is full enough already!


Friday 8 May, 2020

Quote of the Day

“The TV business is a cruel and shallow money trench, a long plastic hallway where thieves and pimps run free, and good men die like dogs. For the most part, they are dirty little animals with huge brains and no pulse”

  • Hunter S Thompson

From blood clots to ‘Covid toe’: the medical mysteries of coronavirus

Terrific FT explainer — outside the paywall. If you think SARS-CoV-2 is just “another kind of flu,” think again.


Contact tracing (contd.)

It’s one of those areas where it’s genuinely difficult to know what’s the best approach. The problem that the UK has is that its government failed at the outset (for reasons we can debate endlessly) to adopt a classic track and trace approach. So it’s trying to play catch-up.

Struggling with the topic this morning I made some notes. Here they are:

  1. There’s a dangerous aura of tech-solutionism about the idea that an app is the thing that will solve our problems. That’s clearly baloney. But…

  2. It’s an inventive way to approach the problem in a society like the UK with a large population — provided that it’s complemented by more human resources than the UK currently possesses.

  3. There seem to be only two broad paradigms here for app design — roughly described as decentralised and centralised. The decentralised approach keepts the data on the phone; the other keeps it on a centralised database of some kind.

  4. Up to now, I’ve tended to side with the decentralised approach, on the grounds of (i) avoiding state surveillance and the dangers of ‘mission-creep’ that we’ve seen after other crises (like 9/11); (ii) concerns about the security of such a centralised database (surely a juicy target for state-level hackers); (iii) it gives individuals more agency; and (iv) a hunch that the Apple-Google API was likely to be better than other approaches, partly because of their intimate knowledge of their two smartphone platforms but also because they would know how to mitigate battery-draining properties of BLE (Bluetooth Low Energy) apps.

  5. But since this was mainly half-informed guesswork on my part, I decided to read up on the NHSx approach.

(The FT has a really good explanation of the NHSx app, btw. And it’s outside the paper’s paywall.

Ian Levy from the National Cyber security Centre has provided a pretty thorough briefing on it which is worth reading in its entirety. The key difference between decentralised and centralised approaches, he says, is that in the first approach every user of the app gets some understanding of who is declared ill (and that list keeps being updated) but the public health authority – by design – knows pretty much nothing about who’s ill.

Crucially, while the health authority would know the anonymous identity of the app that’s reported symptoms (or sometimes just a Bluetooth broadcast value) it wouldn’t know any of the contacts (even anonymously), and so won’t know anything about how that user may have spread the disease.

In the centralised approach, on the other hand,

an ill user reports their symptoms, but also gives all their anonymous contacts to the public health authority, along with some details about the type of contact they’ve had (duration and proximity for example). The health authority can use risk modelling to decide which contacts are most at risk, and then notify them to take some action – again probably self isolation to start with. Importantly, the public health authority has anonymous data to help it understand how the disease appears to be spreading, and has the anonymous contact graphs to carry out some analysis. So the health authority could discover that a particular anonymous person seems to infect people really well. While the system wouldn’t know who they are, encounters with them could be scored as more risky, and adjust the risk of someone being infected by a particular encounter appropriately.

The fundamental argument underpinning the NHSx team’s decision to go for the centralised model is that they believe that it offers better public health benefits. To which sceptics will retort, pace Mandy Rice-Davies, well, they would, wouldn’t they?

There are lots of differences [between the decentralised approach and the NHSx one], but given the epidemiological model the NHS is using to manage the coronavirus spread in the UK, the fully decentralised model just doesn’t seem to work.

There’s an analogy with Typhoid Mary and the Broad Street water pumps examples. If all you knew was that there were some typhoid cases in New York (or some cholera cases in a bit of London) you’d never see the pattern. But if the fact that Mary (or the pump) were implicated in all of the cases, then it becomes obvious. Obviously, users are anonymous in the app (so you can’t identify the person) and it doesn’t have location, but it’s only an analogy! You need to look at the aggregate data (anonymously in our case) to be able to see these patterns.

In the end, the choice you have to make is a balance between individual, group and national privacy, and the public health authorities having the minimum information necessary to manage the spread of the virus. The NHS app is designed to balance those things, minimizing the data the health authorities get to that necessary to respond with protecting the privacy of our users. There are many ways of implementing these things, but the NHS app is a good balance in the team’s view.

That’s the bird’s eye view. On the ground, however, there’s a lot of mundane detail to be sorted out with either approach. For example:

  • Do the apps drain smartphone batteries? If they do then people won’t use them, or won’t keep using them for long enough. Ian Levy’s paper claims that the NHSx app won’t drain batteries. There seems to be some controversy about this
  • Will the app run on older smartphones that many people are likely to use? An investigation by Privacy International found a number of Android phones on which it wouldn’t run.
  • Both the decentralised and centralised approaches rely on Bluetooth LE. Since Bluetooth goes through, for example, plasterboard walls, there’s a likelihood (or at least a risk) of getting misleading results (false positives) in crowded environments.
  • Finally, there’s the fact that none of these apps will be mandatory. At least that’s the position for now, and it’s difficult to see how governments in democracies could change it. Moreover, the take-up needs to be substantial — maybe 60% — before the real benefits kick in.

So overall, probably the critical thing is whether users will trust an app enough to install and use it. After all, all smartphone-based approaches require people to confide to the app that they think they might be infected. Such a confession will have socially-differentiated consequences: for middle-class people, who can easily self-isolate and work from home, etc, no problem; but for those for whom confession might mean staying away from work, it’s tougher — unless the government moves firmly to support them while they’re under quarantine. My other conclusion from spending a day reading and thinking about this is that the surveillance/privacy aspects of this will not be a major consideration for most citizens, no matter how exercised Privacy International and civil liberties groups (and, for that matter, this blogger) might say or think. The virus is so terrifying that most people will do anything that might reduce its spread and the possibility that they themselves might catch it. So, in a way, Paul Romer (quoted in yesterday’s blog) is probably right when he said this:

I’m not worried about the privacy issues, because it’s kind of, like, “Compared to what?” I think we’ve got enormous problems with surveillance right now. This doesn’t seem to me to make it much worse. But I was participating in digital discussions about response to the crisis, and the meeting would go like this: “We need more testing.” Financial people said, “Yep, we got it.” “We need masks and protective equipment.” “Yep, fine.” “And then we need to have the digital contact tracing.” And then, all of a sudden, the whole meeting is taken up with hand-wringing and anxiety and all kinds of fears.


Google pulls out of Toronto ‘Sidewalk’ project

Amazingly good news. Looks that they jumped before they were pushed. Campaigning works.

_________________________________________________________________ 

The Ivy League will be ok. It’s public universities — and their students — who will suffer most from the pandemic and its aftermath

Great New Yorker piece .

______________________________________________________________________ 

Finding endless video calls exhausting? You’re not alone

I was musing about this in yesterday’s Quarantine Diary. This piece by Andre Spicer suggests that I was on the right track.

_____________________________________________________________________ 

And in case you’re depressed by what’s going on in the US

Why not try this — from McSweeney’s.

Good send-up of the Trump mindset. It’s witty and clever. But, sadly, it’s not a joke.

Thanks to Charles Arthur for the link.


Quarantine diary — Day 48

Link


This blog is also available as a once-a-day email. If you think this might suit you better why not subscribe? One email a day, delivered to your inbox at 7am UK time. (And there’s a one-click unsubscribe button if you decide your inbox is full enough already!)


Tuesday 5 May, 2020

The office of the future?


The skillset needed to run online meetings

Effective chairing of a meeting is one of the most valuable (and rarest) arts in organisational life. One of the things I’ve learned from the Zoom and WebEx meetings I’ve been participating in since lockdown is that, if anything, the skills of effective chairing are even more important now.

But in addition to the skillset necessary for the effective running of face-to-face meetings, one now also needs:

  • a really good internet (fast and stable) connection
  • up to date kit with (ideally) a big screen
  • familiarity with the technical details and interface of the conferencing tool you’re using
  • making sure that the conventions for speaking and intervening are understood by all participants before the meeting proper commences
  • ensuring that you and the speaker at any moment are the only ones with un-muted microphones
  • ensuring that every participant understands how to share (and un-share) their screens

Experience so far indicates that not every chairperson has these skills.

On the other hand, chairing an online meeting does give you one power that would be very useful in face-to-face meetings: you have the power to mute other people’s microphones!


Cory’s epiphany

Cory Doctorow is one of the most gifted and productive writers I know. I still remember an essay he wrote many years on how to write which contained a simple rule: Write for 20 minutes every day, rain or shine. I often cite this when students ask me for advice on writing — particularly about how to overcome writer’s block. In fact, it’s a rule that many great writers have always obeyed. Graham Greene, for example, wrote every morning — often no more than 250 words. But in his prime he was producing a novel a year. (Just do the maths and you’ll see how.)

Cory’s just published some new reflections (in Locus magazine) on ‘rules for writing’, and on what he’s learned from running classes for aspiring writers. Here’s the money quote from that essay:

Take exposition, which is something I love to read and love to write – when it’s done well. From Stephenson’s Cryptonomicon to Westerfeld’s Peeps, to Moby-Dick, I will happily read intensely technical, intensely interesting exposition all day long. The injunction against exposition isn’t a rule, but a warning: as delightful as good exposition is to read, most exposition isn’t good, and bad exposition is terrible.

It took me an admittedly very long time to reach this conclusion, and I think it’s because the standard wisdom goes something like, “In order to break the rules, you must first master them.” That threw me off. If, instead, the writers and books I’d learned from had said, “These things are much harder to get right, so if your story goes wrong, try replacing them with something easier,” I’d have come to my epiphany far earlier.

Spot on.


Why did Boris Johnson & Co screw up the UK’s response to the Coronavirus?

I’ve just been reading the extraordinary Guardian account of the shambolic attempt by the administration to overcome the country’s desperate shortage of ventilators to equip the NHS for the coming pandemic.

Nearly seven weeks later, things look very different. The NHS has neither needed 30,000 ventilators, nor has it come close to calling on the 18,000 that health secretary Matt Hancock set as a revised target in early April.

The inside story of what happened in this period is one of early panic and confusion, of companies with expertise clashing with those seizing the limelight with ambitions to innovate, of questionable designs, and the desperation of a government setting targets and then deciding it didn’t need to meet them after all.

At the root of it all was a government in a state of blind panic (understandable) issuing a ‘challenge’ to British engineering firms which had never made sophisticated medical equipment to switch overnight to designing and making them. Among other things, this suggests an administration which knew bugger-all about how complex machines are made, but was nevertheless confident that native British ingenuity would be able to rise to the challenge.

Aside from the panic, though, there was an air of gung-ho lunacy about the idea that a vacuum-cleaner manufacturer or a manufacturer of mechanical diggers would be able to magic-up some of the desperately-needed ventilators. So where, I wondered, did this mindset originate?

Here’s a clue.

On February 3 Boris Johnson, fresh from minting a new coin to celebrate Brexit, made a speech in Greenwich on making clear his views on Wuhan-style lockdowns.

“We are starting to hear some bizarre autarkic rhetoric,” he said,

“when barriers are going up, and when there is a risk that new diseases such as coronavirus will trigger a panic and a desire for market segregation that go beyond what is medically rational to the point of doing real and unnecessary economic damage.”

“Then, at that moment”, he goes on, “humanity needs some government somewhere that is willing at least to make the case powerfully for freedom of exchange, some country ready to take off its Clark Kent spectacles and leap into the phone booth and emerge with its cloak flowing as the supercharged champion of the right of the populations of the Earth to buy and sell freely among each other.”

Like I said, gung-ho lunacy, coming from the very top.

At the time, I thought that this was just another example of Johnson’s pathological frivolity. But a remarkable blog post by David Edgerton, one of Britain’s leading historians, who has published a number of works over 20 years which challenge conventional analyses of science and technology, puts it in a more illuminating context.

Edgerton’s thesis is that the government’s response to Covid-19 and Brexit are intimately connected. “Recognising this”, he says, “is vital to understanding the politics of both. Indeed as the trade expert David Henig has noted, we will know that the UK is really serious about Covid 19 at the moment in which is prepared to say that a Brexit extension is needed. That moment has not yet come, indeed it has been ruled out”.

At the beginning Boris Johnson stood behind ‘the science’ to justify a UK-only policy of ‘delay’ of the Covid-19 virus. This involved minimal intervention in what Johnson took to reminding us are the ‘freedom-loving’ proclivities of those ‘born in England’. Too late, what looked like a cunning plan to exemplify the virtues of the British way collapsed utterly. The UK is now broadly speaking following Europe and much of the rest of the world. ‘Following the science’ now sounds like a way of not answering legitimate questions.

But when it comes to ventilators, Edgerton says, “a Brexiter innovation-fixated logic applies”.

The current crisis has been an opportunity to illustrate the argument that the UK was a powerful innovation nation that could do very well without the EU. The government launched a programme, the details of which are still murky, to create new emergency ventilators. First off the stocks in the PR blitz was the Brexiter Sir James Dyson, who was teaming up with another Brexiter capitalist, Lord Bamford of JCB, to make many thousands. This, it turned out was just one of many projects to design new ventilators, and to modify others for mass production. There were lots of allusions to the second world war as if Spitfires had been conjured out of thin air in the heat generated by patriotic enthusiasm. It is telling too that the government decided not to take part in the EU ventilator procurement programme. This had to be a British programme for PR purposes, even though many of the companies making the components in the UK are European, like Siemens, Airbus, Thales ….

Edgerton points out an inconvenient truth about the wartime analogy, by the way: it’s baloney. The UK was a world leader in aircraft before the Battle of Britain. It had been making Spitfires since the late 1930s, and had huge long-planned specialist factories making them. “What is clear is that we are not in 1940. The UK is not a world leader in ventilator manufacture, far from it.”

It’s a great piece, worth reading in full. And it compellingly suggests that when Johnson & Co were claiming to be ‘following the science’, in fact they were simply expounding the ideology of British exceptionalism that underpinned the entire Brexit campaign.


Quarantine diary — Day 45

Link


This blog is also available as a daily email. If you think this would suit you better, why not subscribe? One email a day, in your inbox at 7am UK time. And there’s a one-click unsubscribe button if you decide your inbox is full enough already.


Sunday 3 May, 2020

Data-protection laws are great. Shame they’re not being enforced.

This morning’s Observer column:

So we’re faced with a paradox: on the one hand, there’s massive abuse of personal data by a global data-broking industry; on the other, we have a powerful legal instrument that is not being brought to bear on the abusers. How come? Is it because national DPAs are corrupt? Or indolent? Or just plain incompetent? The answer, it seems, is none of the above. They’re simply overwhelmed by the scale of the task – and lamentably under-resourced for it.

Non-enforcement makes a mockery of the rule of law. Was the GDPR really just an aspiration?

Do read the whole thing


The centralisation of power on Zoom

Source


Is the ‘urge to splurge’ a thing of the past?

Nice FT column (possibly behind a paywall, alas) by Pilita Clark.

Last weekend I was lolling on the sofa reading the papers in the afternoon sun when I was struck by an awful thought.

I realised I am so dull that, even though I have spent more than a month in Covid captivity, I miss remarkably little of the life I led before.

It turns out I can live easily without Friday nights in a restaurant or Saturdays in a bar. I always thought I loved going out to the cinema but apparently I am just as happy at home with Netflix. The hundreds of pounds I spend each year on the gym also look increasingly pointless. I can get by with a bike ride involving hills and the odd lope around the block.

It was while I was on one of those lopes, down the local high street, that a more profound realisation dawned. Shop after shuttered shop existed to sell stuff for a rushed, commuting office life that I — and millions like me — may never lead again.

There must be a lot of people thinking like this at the moment.


Self-isolation is not penance

From Dave Winer’s blog:

The frustration [Don] McNeil feels, and I feel, having heard the same story at least four times, the questions assume that all we have to do is penance, stay home for a while, and we will be able to go back to normal, having done our time. This is what Trump seems to think too, and the other Repubs. Maybe some Dems. That’s not it.

Isolating is like plowing a fire line in the middle of a city being inundated by fire. It slows the spread. But you don’t get to resume life, a very altered life, until there are no new cases, until the fire is out. Until you’ve shut down transmission of the disease. This is not a punishment, it’s how we save ourselves.

Yep.


Quarantine diary — Day 43

Link


This blog is also available as a once-a-day email. If that would suit you better why not subscribe? One email a day, delivered to your inbox at 7am. And there’s a one-click unsubscribe if you decide you already have enough email!)


Tuesday 21 April, 2020

If you need cheering up, how about this?

Link

One of the great comedians of his generation. I love his epitaph: “I told you I was ill”.


Politico’s daily summary

One of the joys (well, sometimes) of my early morning is finding Politico’s daily London Playbook (i.e. newsletter) by Jack Blanchard in my inbox. This is how it opens today:

THEY’RE BACK! Parliament returns today from its extended Easter recess to lead a country utterly changed from just one month before. When the House rose on March 25, Britain had been in lockdown for less than 48 hours, and fewer than 500 U.K. citizens had died from COVID-19. Boris Johnson was still running the country and a picture of jovial health; Jeremy Corbyn was leader of the opposition and taking part in his final PMQs. The Premier League was due to resume from its brief hiatus on April 30, and most people thought “Zoom” was an ice lolly from 1986.

Fast-forward 4 weeks … and Zoom has become such a crucial part of our lives that MPs will be using it to hold debates in the Commons chamber as of tomorrow. More than 16,500 Britons have died from the illness; a fierce debate is underway about when to lift a lockdown now destroying the U.K. economy; Johnson is recuperating at Chequers after almost losing his life to COVID-19, and Keir Starmer is leading a Labour Party already plunged into fresh civil war. Dominic Raab has the nuclear codes in his pocket; Liverpool’s title charge has been suspended indefinitely, and NHS nurses have been dressing in bin bags after supplies of protective kit ran out. So MPs shouldn’t be short of things to talk about when proceedings get underway.

If you’re a politics junkie you can subscribe here


Zoom’s security woes were no secret to business partners like Dropbox

Well, well. On the day that the UK House of Commons ‘returns’ using Zoom (the House of Lords is apparently going to use a Microsoft system), the New York Times reports that Dropbox became so concerned about Zoom’s security holes that the company commissioned a number of hackers to find the holes, which they then reported to Zoom.

Zoom’s defenders, including big-name Silicon Valley venture capitalists, say the onslaught of criticism is unfair. They argue that Zoom, originally designed for businesses, could not have anticipated a pandemic that would send legions of consumers flocking to its service in the span of a few weeks and using it for purposes — like elementary school classes and family celebrations — for which it was never intended.

“I don’t think a lot of these things were predictable,” said Alex Stamos, a former chief security officer at Facebook who recently signed on as a security adviser to Zoom. “It’s like everyone decided to drive their cars on water.”

Motherboard is reporting that there are currently two Zoom zero-day exploits, one for Windows and one for MacOS, on the market.

And there’s a report that over 500,000 Zoom accounts are being sold on the dark web and hacker forums for less than a penny each, and in some cases, given away for free.

But still…amphibious cars — now there’s a good idea!


Another previously-profitable business is suddenly defunct

The big in-person conferencing event is suddenly passé. As someone who has always loathed conferences, this troubles me not at all. But to those who are addicted to them, it’s obviously depressing news. Here’s one gloomy take on it all:

At the same time, it’s becoming increasingly clear that conferences won’t be returning to normal anytime soon. Mark Zuckerberg said Thursday that Facebook won’t host any events with 50 people or more until June 2021; Microsoft announced that it won’t be having in-person conferences until at least July 2021. California Gov. Gavin Newsom said this week that large gatherings in the state are “unlikely” until the availability of a coronavirus vaccine, and Los Angeles Mayor Eric Garcetti suggested that his city won’t see large-scale events until 2021. Some in the tech industry are already predicting that CES in January will be canceled, as well.

Brightcove’s Larsen acknowledged that she wouldn’t send her own team members to in-person events right now, adding: “Until there is a vaccine that works, it is going to be really hard to get 10,000 people together in a space.”

The trouble is that while Zoom and streaming technology can replace some of what people get from in-person gatherings, there are still things that will be missing. As Ben Evans says in his current newsletter:

Conferences are a bundle: the content (which works as video, mostly), but also the chance meetings & networking, and the meetings you book because everyone’s in town, and sometimes also a trade fair, and none of those work as video, far less a random text chat room. And if you do switch the in-person meeting in a hotel room in that particular city to a video call from across the world, why do you need to do it on that particular date? There’s a second wave of products to be created here, I suspect.


America’s ‘underlying conditions’

Terrific, long essay by George Packer, whose book [The Unwinding: Thirty Years of American decline] (https://amzn.to/3eF7fc6) set the scene for what the country is now experiencing. This is how the essay begins:

When the virus came here, it found a country with serious underlying conditions, and it exploited them ruthlessly. Chronic ills—a corrupt political class, a sclerotic bureaucracy, a heartless economy, a divided and distracted public—had gone untreated for years. We had learned to live, uncomfortably, with the symptoms. It took the scale and intimacy of a pandemic to expose their severity—to shock Americans with the recognition that we are in the high-risk category.

The crisis demanded a response that was swift, rational, and collective. The United States reacted instead like Pakistan or Belarus—like a country with shoddy infrastructure and a dysfunctional government whose leaders were too corrupt or stupid to head off mass suffering. The administration squandered two irretrievable months to prepare. From the president came willful blindness, scapegoating, boasts, and lies. From his mouthpieces, conspiracy theories and miracle cures. A few senators and corporate executives acted quickly—not to prevent the coming disaster, but to profit from it. When a government doctor tried to warn the public of the danger, the White House took the mic and politicized the message.

Every morning in the endless month of March, Americans woke up to find themselves citizens of a failed state. With no national plan—no coherent instructions at all—families, schools, and offices were left to decide on their own whether to shut down and take shelter. When test kits, masks, gowns, and ventilators were found to be in desperately short supply, governors pleaded for them from the White House, which stalled, then called on private enterprise, which couldn’t deliver. States and cities were forced into bidding wars that left them prey to price gouging and corporate profiteering. Civilians took out their sewing machines to try to keep ill-equipped hospital workers healthy and their patients alive. Russia, Taiwan, and the United Nations sent humanitarian aid to the world’s richest power—a beggar nation in utter chaos.

If you read nothing else today, read this.


Quarantine diary — Day 31

Link


This blog is now also available as a once-a-day email. If you think this might work better for you why not subscribe here? (It’s free and there’s a 1-click unsubscribe if you subsequently decide you need to prune your inbox!) One email a day, in your inbox at 07:00 every morning.


Monday 6 April, 2020

Is it any wonder that the UK currently has such a mediocre government?

After all, the main criterion for appointment to the Cabinet was to have been wrong about the most important question that faced the UK since 1946. As a result we have a squad of econd-raters.


How long can we continue to live like this?

Abhijit Banerjee (AB) and Esther Duflo (ED), a married couple, shared this year’s Nobel Prize for economics with Michael Kremer. Here’s part of a transcript of a conversation in which the couple discussed one of the issues — how long can we live like this?

AB: So, what do you propose to do about it?

ED: At this moment, we can listen to what the doctor says or try to make sense of what the doctor says. We know it is bad and we know we do not have a cure, and anybody who says he has a cure is lying. People are working for a cure but it will take time. All we can do is to isolate ourselves. Another thing we can do is to practice good hygiene in particular washing of hands. So if we get in contact with affected people we can prevent a transmission.

AB: It is extremely hard for people to practise such an unnatural lifestyle in the foreseeable future. For how long? People are not working, they are not earning, they are not going out, they are not meeting their loved ones. Is this a realistic enterprise for six months? Do you think that causes some challenges?

ED: It would be unsustainable for two weeks. Almost sure it would be unsustainable for six months. On the top of the uncertainties caused by the virus itself, there are uncertainties caused by the uncertainties. I am now turning the question to you. If you were in charge, of US to begin with, when would you have started this curfew and so many restrictions… you can do this, you cannot do this?

AB: It is a tough call. The model says five months and the model is based on the numbers which people plucked out from the air. Five months for full shutdown strategy. It is frightening to contemplate. A realistic (option) is to pick a shorter window and work around the peak and to make sure the peak is not as bad. Keeping the window significantly short and more focussed. I do not know which way I would have gone if I was in the hot seat because that involves making a choice that I will let some people die. More people will die in the scenario we shut it down later unless we believe that the whole thing is not sustainable. Then of course… That must be the case in many countries, because five months shutting down means people will stop believing there is a centre of policy. There is a trade-off between saving real lives and possibly at an enormous enforcement cost and enormous cost to the economy… Possibly it is easier to save the economy… I do not know.

He doesn’t know. Neither do we.


Bruce Schneier and Ben Evans on Zoom and its weaknesses/problems

Everybody’s piling in on Zoom. Bruce Schneier, one of my favourite security gurus, is particularly fierce. He sees three kinds of problems with the service: (1) bad privacy practices, (2) bad security practices, and (3) bad user configurations.

Privacy first: Zoom spies on its users for personal profit. It seems to have cleaned this up somewhat since everyone started paying attention, but it still does it.

The company collects a laundry list of data about you, including user name, physical address, email address, phone number, job information, Facebook profile information, computer or phone specs, IP address, and any other information you create or upload. And it uses all of this surveillance data for profit, against your interests.

On security, Schneier says that “Zoom’s security is at best sloppy, and malicious at worst”. And its encryption is “awful. First, the company claims that it offers end-to-end encryption, but it doesn’t. It only provides link encryption, which means everything is unencrypted on the company’s servers.” (I wrote about this in my Observer column yesterday.)

And then there’s Zoom’s “bad user configuration. Zoom has a lot of options. The defaults aren’t great, and if you don’t configure your meetings right you’re leaving yourself open to all sort of mischief.”

Even without screen sharing, people are logging in to random Zoom meetings and disrupting them. Turns out that Zoom didn’t make the meeting ID long enough to prevent someone from randomly trying them, looking for meetings. This isn’t new; Checkpoint Research reported this last summer. Instead of making the meeting IDs longer or more complicated — which it should have done — it enabled meeting passwords by default. Of course most of us don’t use passwords, and there are now automatic tools for finding Zoom meetings.

In short: Schneier really doesn’t like Zoom.

Benedict Evans has an interesting and more sympathetic take on it in his (invaluable) weekly newsletter.

Zoom has gone from 10m to 200m daily users in the past few weeks (!), and that comes with pain. On one hand, since it was designed for the enterprise it wasn’t hardened against abuse, so ‘Zoom-bombing’ (eg crashing random open group calls and putting obscene things onto everyone’s screen) is now a thing. On the other hand, it’s now getting a lot more privacy and security scrutiny, and some… issues have come up. These are two sides of the same coin: you have to ask ‘what would malicious people do with our software?’ and the answer might be both human engineering and software engineering. A lot of the flaws people found look like simple product decisions to make installing and using easier – for example, it used the Facebook SDK so you could log-in with Facebook, but that sends some device data to Facebook. But it also claimed it was end-to-end encrypted and isn’t, and some of the traffic goes through Chinese servers, and so one has to assume that the Chinese state could listen in to anything if it wanted to. To its credit, Zoom has responded pretty well to most of these concerns, and some of this can be over-played (it seems pretty silly for a school system to ban it in case the Chinese intelligence agencies are listening to drama class), but I’m not sure the UK cabinet should carry on using this.

Agreed. But then Evans has this interesting thought.

Stepping back, it’s striking that Zoom has made such a big impact despite every tech giant having a big mature product in this space (or even several – how many of these apps does Google have? That would be a good interview question). It’s really not as hard to displace these companies as some would think, if you can find the right wedge. This also reminds me of the founding legend of Dropbox: everyone told Drew Houston ‘there are dozens of these’ and he said ‘yes, but do you use any of them?’ Links: Zoom goes to 200m users, Zoom response to issues


Superyachts: depreciating quarantine machines

This was the headline on a lovely FT piece about the problems of the mega rich in their floating gin-palaces.


Google searches for “I can’t smell” seem to be good predictors of where the virus is

As this pandemic rages, it becomes ever clearer that the UK government is flying blind. This is because we’re not testing enough people for the simple reason that we don’t have the capacity to do it. So we’re in a radically different position to Germany — another large country which seems to be doing much better. And because the UK started so late in the pandemic, it’s now run up against the global shortage of reagents which is reducing capacity to create huge numbers of test kits. Is there anything we could do at the moment to improve our knowledge of where the virus is striking hardest?

An intriguing OpEd in today’s New York Times suggests that there might be. The article is by Seth Stevens-Davidowitz, who some years published an insightful book with the intriguing title Everybody Lies: what the Internet can tell us about who we really are. The point of the book is that people’s Google searches are amazingly revealing, because they will confide anxieties to Google they would not dare express to even their nearest and dearest.

In his NYT article, Seth suggests that analysis of the location of Internet users searching Google for “I can’t smell” could provide valuable information about outbreaks of COVID-19.

To see the potential information lying in plain sight in Google data, consider searches for “I can’t smell.” There is now strong evidence that anosmia, or loss of smell, is a symptom of Covid-19, with some estimates suggesting that 30-60 percent of people with the disease experience this symptom. In the United States, in the week ending this past Saturday, searches for “I can’t smell” were highest in New York, New Jersey, Louisiana, and Michigan — four of the states with the highest prevalence of Covid-19. In fact, searches related to loss of smell during this period almost perfectly matched state-level disease prevalence rates, as the accompanying chart shows.

Other researchers have found that a bevy of symptom-related searches — loss of smell as well as fever and shortness of breath — have tracked outbreaks around the world.

Because these searches correlate so strongly with disease prevalence rates in parts of the world with reasonably good testing, says Stephens-Davidowitz, we can use these searches to try to find places where many positive cases are likely to have been missed.

It’s possible that this correlation won’t be stable over a long time. (There was a surge of excitement a few years ago when it was discovered that Google searches provided earlier advance warning of ordinary flu outbreaks in the US than the CDC could produce; but that turned out to be a fluke.) This particular correlation, though, seems to hold across some parts of the world.

There is already some evidence that clues to this symptom were evident earlier in search data. Joshua Gans, a professor at the Rotman School of Management at the University of Toronto, found that searches for “non sento odori” (“I can’t smell”) were elevated in Italy days before the symptom was reported in the news. Iran also saw an enormous rise in searches related to loss of smell weeks before media reports of the symptom became common.

Anyway, worth trying for the testing-challenged UK.


Quarantine diary — Day 16

Link


This blog is now also available as a once-a-day email. If you think this might work better for you why not subscribe here? (It’s free and there’s a 1-click unsubscribe if you subsequently decide you need to prune your inbox!) One email a day, in your inbox at 07:00 every morning.


Sunday 5 April, 2020

Zoom needs to up its game — it’s playing in the big league now

This morning’s Observer column:

Then there’s the issue of security, and of encryption in particular.

“We take security seriously and we are proud to exceed industry standards when it comes to your organisation’s communications,” says the Zoom website. Any host of a meeting can “secure a meeting with end-to-end encryption”. Well, that’s not quite right, at least if by “end to end” you mean encryption where the service provider has no way of decrypting the content (as, say, with WhatsApp or Signal). The encryption on Zoom communications at the moment is the kind that protects your communications with any website with ‘https’ in its URL. But the content is unencrypted while it is passing through Zoom’s cloud servers.

There may be good reasons for this, but at the very least the company’s website shouldn’t be making exaggerated claims about encryption. It should privilege facts over marketing puffery.

And the moral of all this? Zoom is providing a service of real value in these desperate times, but it needs to grow up. It’s playing in the big league now.

Read on


It’s Zoom, Zoom, Zoom all day long

Rumours, facts, misunderstandings and hearsay about the supposed (in)security of Zoom conferencing has been rife for the last week. Lots of my friends and acquaintances have been asking me about it, in the (mistaken) belief that I know lots about it. I don’t. I only know what I read from trusted and knowledgeable sources.

The Citizen Lab report

Top of my list in this regard is the Citizen Lab at the Munk School of the University of Toronto. It was founded by Ron Deibert, who is a hero of mine, and has for years done sterling work on detecting and unearthing the tools that unscrupulous regimes and companies have developed for snooping on human rights activists, journalists and other good folks. They have now completed a pretty thorough investigation of the cryptographic protocols at the heart of Zoom’s service and published an illuminating report. It makes for fascinating reading if you’re a geek, but the gist is that their research shows that (contrary to the company’s public claims to the contrary) Zoom uses non-industry-standard cryptographic techniques with identifiable weaknesses and is thus not suitable for sensitive communications. But’s it seems ok for non-sensitive uses.

There are also potential security issues with where Zoom generates and stores cryptographic information. While based in Silicon Valley, Zoom owns three companies in China where its engineers develop the Zoom software. Its AES-128 keys, which we verified are sufficient to decrypt Zoom packets intercepted in Internet traffic, are transmitted by Zoom servers to all meeting participants. In some of our tests, our researchers observed these keys being distributed through Zoom servers in China, even when all meeting participants were outside of China. A company primarily catering to North American clients that distributes encryption keys through servers in China is very concerning, given that Zoom may be legally obligated to disclose these keys to authorities in China.

Given the sudden embrace of Zoom by a wide range of sectors across society, it is reasonable to assume that many government’s signals intelligence agencies, as well as criminals, will be subjecting Zoom to the type of analysis we did. Some of them may choose to privately exploit those weaknesses for nefarious purposes and with harmful consequences.

As a result of these troubling security issues, we discourage the use of Zoom at this time for use cases that require strong privacy and confidentiality, including:

Government communications Proprietary or confidential business activities Healthcare providers handling sensitive / confidential patient information Human rights defenders, lawyers, journalists, and others working on sensitive topics

But the good news is that

For those using Zoom to keep in touch with friends, hold social events, or organize courses or lectures that they might otherwise hold in a public or semi-public venue, our findings should not necessarily be concerning.

This is a relief because it’s more or less what I’ve been saying to friends and family. It was based on a hunch that the vulnerabilities in the Zoom system would be mainly of interest to state-level actors.

On the other hand, I hadn’t known of the extent to which Zoom’s development work is being done in China, or that data packets and encryption keys seem to pass through servers that are based there. If I were running Zoom, I’d rethink that soonest.

Good advice from Mozilla

Many of the problems that have arisen with Zoom stem from the fact that it has had massive take-up of its free offer — which means that it is now being used by millions of non-technical users who probably know relatively little about online security. So it’s good to see that the Mozilla Foundation (which provides the Firefox browsers) has published some useful tips “to make your Zoom gatherings more private”.

They are:

1. Use your account with the latest version of Zoom. Sign-in and update to the latest version of the Zoom client or app. This will give you access to the meetings that are available to invited participants and ensure that your system has up-to-date security patches.

2. Use password protection. You can make your meetings password protected to prevent people from guessing your room ID and joining.

3. Keep your Personal Meeting ID private. Don’t use your Personal Meeting ID – especially for events you’re broadly publicizing. That will stop people from trying to enter your personal room at other times. Instead, generate a unique meeting ID by scheduling the meeting.

4. “Lock out” uninvited participants. Don’t share Zoom meeting invites or Meeting IDs with anyone you don’t want to join.

5. Utilize the “mute all” feature. Using the “manage participants” function, you can mute all participants. You should not unmute them again without telling them that’s what you’re doing.

6. Stop unwanted content from being shared. You can stop participants from sharing their screen, or if necessary, stop their video. This is helpful if you’re inviting lots of people you don’t necessarily know so that someone can’t maliciously share content – a practice now known as “zoombombing.”

7. Respect chat privacy. Decide ahead of time if you will save the chat or record the video of the meeting and make sure all participants have agreed and know how you plan to use that information. Recording and saving chats may have legal implications so make sure you’ve checked into that before enabling these options.

All good advice.


Quarantine diary — Day 15

Link


This blog is now also available as a once-a-day email. If you think this might work better for you why not subscribe here? (It’s free and there’s a 1-click unsubscribe if you subsequently decide you need to prune your inbox!) One email a day, in your inbox at 07:00 every morning.