Wednesday 19 May, 2021

How to play the market

Quote of the day

”For the first time I was aware of that layer of blubber which encases an English peer, the sediment of permanent adulation.”

  • Cyril Connolly in Enemies of Promise

Musical alternative to the morning’s radio news

Loose Marbles | Burgundy trees Blues


Long Read of the Day

 The 60-Year-Old Scientific Screwup That Helped Covid Kill

This long piece in Wired by Megan Molenti is truly wonderful. It gives the historical background to how the WHO and the CDC (and public health authorities everywhere) came to be so focussed on droplets and so sceptical about aerosol transmission of Covid-19 for so long — and with such deadly consequences.

How to make Russian hackers think again

Intriguing blog post by security guru Brian Krebs.

DarkSide and other Russian-language affiliate moneymaking programs have long barred their criminal associates from installing malicious software on computers in a host of Eastern European countries, including Ukraine and Russia. This prohibition dates back to the earliest days of organized cybercrime, and it is intended to minimize scrutiny and interference from local authorities.

In Russia, for example, authorities there generally will not initiate a cybercrime investigation against one of their own unless a company or individual within the country’s borders files an official complaint as a victim. Ensuring that no affiliates can produce victims in their own countries is the easiest way for these criminals to stay off the radar of domestic law enforcement agencies.

But here’s the thing: Digital extortion gangs like DarkSide take great care to make their entire platforms geopolitical, because their malware is engineered to work only in certain parts of the world.

DarkSide, like a great many other malware strains, has a hard-coded do-not-install list of countries which are the principal members of the Commonwealth of Independent States (CIS) — former Soviet satellites that mostly have favorable relations with the Kremlin.

Since a lot of cybercrime gangs are based in Russia, they have a visceral appreciation of the fact that attracting the attention of Putin’s goons is not a good career move. So if their malware detects that the compromised machine has a Russian keyboard, they self-delete and exit, pronto.

Which of course leads to the thought that installing a Russian keyboard mapping to your computer’s operating system might be a useful way of making those intruders flee.

‘Might’ being the operative word, of course.

Will installing one of these languages keep your Windows computer safe from all malware? Absolutely not. There is plenty of malware that doesn’t care where in the world you are. And there is no substitute for adopting a defense-in-depth posture, and avoiding risky behaviors online.

But is there really a downside to taking this simple, free, prophylactic approach? None that I can see, other than perhaps a sinking feeling of capitulation. The worst that could happen is that you accidentally toggle the language settings and all your menu options are in Russian.

Helpful advice for Windows 10 users: To install a different keyboard language hit the Windows key and X at the same time, then select Settings, and then select “Time and Language.” Select Language, and then scroll down and you should see an option to install another character set. Pick one, and the language should be installed the next time you reboot. And if for some reason you need to toggle between languages, Windows+Spacebar is what you need.

Haven’t checked what Mac users need to do.

Thanks to Charles Arthur (Whom God Preserve).

End CAPTCHAs now

Guess how much time we humans collectively spend doing these reverse Turing tests — solving puzzles in order to persuade a machine that we are real people rather than machines.

Go on, have a guess.

According to this post on the Cloudflare blog it’s 500 years per day.

Based on our data, it takes a user on average 32 seconds to complete a CAPTCHA challenge. There are 4.6 billion global Internet users. We assume a typical Internet user sees approximately one CAPTCHA every 10 days.

This very simple back of the envelope math equates to somewhere in the order of 500 human years wasted every single day — just for us to prove our humanity.

Today, we are launching an experiment to end this madness. We want to get rid of CAPTCHAs completely. The idea is rather simple: a real human should be able to touch or look at their device to prove they are human, without revealing their identity. We want you to be able to prove that you are human without revealing which human you are! You may ask if this is even possible? And the answer is: Yes! We’re starting with trusted USB keys (like YubiKey) that have been around for a while, but increasingly phones and computers come equipped with this ability by default.

Today marks the beginning of the end for fire hydrants, crosswalks, and traffic lights on the Internet.

Er, hopefully. Cloudflare is a serious outfit, and this is an interesting article.

This blog is also available as a daily email. If you think this might suit you better, why not subscribe? One email a day, Monday through Friday, delivered to your inbox at 7am UK time. It’s free, and there’s a one-click unsubscribe if you decide that your inbox is full enough already!