security research, software archaeology, geek of all trades
546 stories
·
9 followers

Is Someone Making Artificial Earthquakes under La Palma?

1 Share

There’s a plot afoot. It’s a plot that involves a grid of earthquake locations, under the island of La Palma.

Conspiracy theory would be hysterically funny if it weren’t so widespread and so incredibly dangerous. Today it threatens democracy, human health, and world peace, among many other things. In the internet age, scientists and rational bloggers will have no choice but to take up arms against it on a regular basis.

The latest conspiracy theory involves the ongoing eruption of the Cumbre Vieja volcanic system on the island of La Palma. This eruption, unlike the recent one in Iceland, is no fun and no joke; it is occurring above a populated area. Over the past month, thousands of homes have been destroyed by incessant lava flows, and many more are threatened. The only good news is that, because the eruption is relatively predictable and not overly explosive, no one has yet been injured.

The source of the latest conspiracy theory is a graph of earthquakes associated with the eruption. You can check this yourself by going to www.emsc-csem.org and zooming in on the island of La Palma. You’ll see something like the plot below, which claims to show earthquake locations. You can see something is strange about it: the earthquakes are shown as occurring on a grid.

Earthquakes occurring under the island of La Palma, as plotted by the emsc website.

Clearly there’s something profoundly unnatural about this. That is exactly what thousands and thousands of people are concluding around the world. They are absolutely correct. There’s no way this could be natural.

When faced with something unnatural like this, there are two possible conclusions that a human can draw.

  1. The earthquakes are natural, but their positions appear on a grid because of something unnatural about the way the data is plotted.
  2. The data is plotted correctly, and the earthquakes really are happening on a grid — which suggests that the earthquakes can’t be made by nature, and must be human-made.

Now, when faced with these two options, what does a reasonable person guess is more likely? Option 2 requires a spectacular technology that can set off huge explosions five to twenty miles (10-30 km) underground without anyone noticing, by a group of people who are evil enough to want to set off earthquakes miles underground and clever enough to keep their super-high-tech methods secret, but dumb enough to set off the earthquakes in a grid so that a simple look at the earthquake’s locations by non-experts perusing the internet reveals their dastardly plot. Option 1 requires a tiny amount of human error or computer error.

No research is needed to conclude Option 1 is more plausible, but five minutes’ research confirms it’s true. First, other websites plotting the same earthquakes do not show the grid pattern. Second, as this video pointed out and as you yourself can check, the same website, plotting earthquakes in other locations such as Hawaii, again shows the grid pattern — so it’s a fact of the emsc website, not of the La Palma earthquakes. Third, as pointed out by the excellent Volcano Discovery website, looking at the actual data that the emsc website uses, one sees that the latitude and longitude are rounded off to the nearest 1/100th, and thus north-south and east-west locations on the map are rounded off to (roughly) the nearest kilometer. This “rounding off” moves each earthquake location to the nearest point on a grid. That’s the cause. No conspiracy, no magical technology, just a plotting issue. There’s nothing more here than nature doing its thing: making earthquakes, just as it does with every volcanic eruption on Earth.

This effect, where writing numbers to a particular choice of significant figures leads to a plot with a grid pattern, is well known to every scientist. Here’s an example of how it works. Below are thirty points chosen at random in a small region, shown at left. I plotted them using a wide range at the top, and then zoomed in to make the lower plot.

Left: 30 random data points. Top: the data points plotted on a wide scale. Bottom: the same data, zoomed in.

Next, the points are rounded to one significant figure after the decimal point, using the same methods we are all taught in school, and the points are replotted. Instant grid.

Left: the same data as above, rounded to one significant figure after the decimal point. Right: the plot of the rounded data; the lower plot of the previous figure is shifted into a grid pattern.

In short, we’re not looking at a plot to destroy La Palma and set off a tsunami. We’re looking at a plot of rounded-off locations. I agree that’s not nearly as exciting; but as any scientist with some experience will tell you, boring explanations are usually true and conspiracies, especially wild ones, are usually not.

What’s the point of this post? Well, aside from being a source that you can send to any friends, relatives or acquaintances who are falling for this ridiculous conspiracy theory, it’s an apolitical context in which to contemplate the real problem.

The real problem is that we face an increasing flood of half-reasoned badly-researched pseudo-science, combined with irrational knee-jerk conspiratorialism, the whole thing driven by an unholy mixture of fear, maliciousness, narcissism and greed. It’s a war between calm reason and emotional darkness, a war in which people are actually dying, and in which nations are actually at risk. At this rate, the voices of rationality may soon be drowned. So perhaps we might consider this question: how can an apolitical conspiracy such as this one be used as an example, one from which we can learn lessons that we can apply more broadly, in territory that’s much more complex and dangerous?



Read the whole story
zwol
32 days ago
reply
Pittsburgh, PA
Share this story
Delete

Police, The Future, and Biometric Security

1 Share
I have tremendous respect for Troy Hunt and have learned loads about cybersecurity from him. That's why it surprised me so much to read his recent piece on biometric credentials.

I agree with much of his piece. The password regime has many, many flaws! I agree with Hunt that, right now, for a lot of people, it provides more utility with less downside to use biometric auth to protect their devices than it does to use PINs and passphrases! "And when you do unlock your biometric-enabled device, you can do so in front of people whom you wouldn't want to know your PIN....The risks associated with biometrics can only ever be fairly assessed when viewed alongside the risks of not using biometrics." Agreed.

But it surprised me that Hunt missed two important nuances here since he's usually so sensible; thus this post to add them in.

One has to do with how policing and police-related violence and coercion work, in the United States and elsewhere. "For the vast majority of people, this whole thing about US law enforcement and PIN versus biometrics is a non-event and often ends up with increasingly absurd arguments," Hunt writes. He does say, "if the cops are your threat actor, then don't use biometrics" -- e.g., activists/protesters who are forewarned about a fraught situation -- but he dismisses concerns about police coercion to unlock as more-or-less absurd and unrealistic (and implies that they're US-centric), and ignores or handwaves away those concerns in ways I found unconvincing.

For example, he notes that federal judges have ruled that police are not legally allowed to coerce people into biometrically unlocking a phone. That does not mean that they will not do it! Police routinely do things that they are not legally allowed to do, and -- what with police unions closing ranks against accountability, the qualified immunity doctrine, and so on -- they often get away with it, especially in the US.

He also mentions a scenario in which the user is videorecording a police shooting and "then they demand you hand over your unlocked phone so they can erase the evidence." He calls this scenario unrealistic, and further says that in that case, "They're going to shoot you too and take your phone". This response badly misunderstands the dynamics of police violence in (at least) the United States. Put baldly, cops have an easier time getting away with hurting some people than with hurting others. It is easier for cops in the US to evade responsibility for killing Black, Latino/Latina, and Native American people than to evade responsibility for injuring white people. It is easier for cops to successfully argue in court that they were afraid for their lives, and thus shoot someone 41 times, than to argue that a nearby witness was also a threat to their lives (especially when they're not certain how much surveillance footage will survive and from which angles). Darnella Frazier lived to post her video and Diamond Reynolds lived to post hers.

This is why bystanders, especially those of us whom the cops will hesitate to treat badly, leverage our status and get into the habit of taking a moment to watch and record police interactions when we see them happening nearby.*

Hunt bases his argument on an assumption that a user will rarely be concerned with cops as a threat actor, and that this tiny percentage of people can know ahead of time and configure their phones accordingly. This assumption does not hold.

Second: Even if you completely disagree with me on that point, one other part of Hunt's argument also doesn't make sense to me. Hunt discusses how very difficult it is for nearly any bad actor to obtain and use a fingerprint, and to fool the verifier in biometric authentication. But attacks only get easier. And this is where the "you can't change your fingerprints" problem (which Hunt dismisses early on) gets more dire. Depending on how the manufacturer/platform has configured things, if I sign up for biometric-based auth on a device, I may be irrevocably sharing my fingerprint data into a database that will stick around for long enough for the attacks to get easier -- five or ten or fifteen years from now, when it is easy for neighborhood ne'er-do-wells to reproduce my fingerprint to fool a verifier.

These are two places where the risks of using biometric auth are more complicated than in Hunt's assessment. Knowing the trade-offs helps us make better decisions.

Thanks to Jacob Kaplan-Moss for giving this post a look before I published it.


* Shortcuts make this easier. Also: since, yes, law enforcement might take witnesses' phones away, streaming/backups, crowds of witnesses, and redundancy are also helpful. The Mobile Justice app makes it easier to livestream "to your closest contacts and your local ACLU"; rapid response networks get groups of people to document immigration enforcement actions to monitor for unconstitutional activity.

Read the whole story
zwol
67 days ago
reply
Pittsburgh, PA
Share this story
Delete

Chekhov's gun for academic writing

1 Share
A portrait of Anton Chekhov (1860–1904), painted by Osip Braz in 1898.

A portrait of Anton Chekhov (1860–1904), painted by Osip Braz in 1898.

There are two problems I see over and over in academic papers and presentations. The first is that the audience is told too much; the second is that they’re told too little. Opposite problems, it would seem, but they tend to crop up together. And they can both be avoided by observing a simple principle—what I think of as “Chekhov’s gun” for scholarly writing and presenting [1].

You’ve likely heard of “Chekhov’s gun.” The term is shorthand for a nugget of advice about writing from Anton Chekhov, maven of short-form fiction. He seems to have articulated the principle only in correspondence. In one letter, he wrote: “Remove everything that has no relevance to the story. If you say in the first chapter that there is a rifle hanging on the wall, in the second or third chapter it absolutely must go off. If it's not going to be fired, it shouldn't be hanging there.”

I’m not sure whether this is good advice for fiction writing—frankly, I suspect not (and others agree.) But I’m completely convinced that, gently adapted, it’s indispensable advice for academic articles and presentations. I’m thinking primarily of writing and presenting empirical work in the social and cognitive sciences, but I’m betting the principle has much broader relevance. Let’s zoom in on those two problems I mentioned.

The too-much problem. The first problem is that the reader is presented with too much information at the start. For simplicity I’ll also just talk about “readers” and “writing” here but all also applies to presentations [2]. Introductions to empirical work are often rich with new-to-the-audience terms, distinctions, past findings, and open questions. Sometimes too rich: they can have the flavor of a general survey of a topic area, a broad literature review. What an introduction should be, in my view, is a compact motivation for what you did—an efficient and engaging setting-up of your specific question and approach.

But, hold on, you ask: “What could be the harm in providing a fuller context?” As the writer, it’s not so easy to see, but as the reader the harm is clear. Let’s say I’m reading your introduction and I encounter five new-to-me terms, four recent findings, three new questions, and two open questions. Naturally, I’ll assume all these must be important, crucial to understanding where things are eventually going. So I’ll carry all this with me (or, more often, try to carry it and fail). By the end, it may become apparent I only really needed three of those terms, that only one of those open questions was really focal. Imagine how much effort the beleaguered reader could have been spared if none of this extraneous stuff had been introduced in the first place. “But it’s so interesting!” you say. Yes, of course it’s interesting. But it’s not worth the cost of distracting and over-taxing your audience. An over-taxed reader won’t be able to engage deeply with your key contributions. That’s a shame.

So why does the “too much” problem arise? Partly because writers suffer the “curse of knowledge” [3]. They know the idea-terrain they’re writing about very well; it’s not hard for them to flit from one familiar idea to the next, and to pack in a sequence of such ideas in the span of a breath. And so they don’t see how effortful all this flitting about and idea-density is for their less-knowledgeable audience. Writers also suffer another curse, which we might call the “curse of enthusiasm.” Not only do writers know more about the topic at hand, they likely find it inherently more interesting than their audience does. This gives rise to digressions, expansiveness, and other forms of self-indulgence.

The too-little problem. The second problem is that ideas pop up out of nowhere in the middle of a paper, particularly in the methods or results. There might be a manipulation in an experiment that was never really motivated in the introduction, or an analysis that the audience could not have anticipated [4]. There will certainly be times when you need to introduce a new idea later in the exposition—either to avoid overloading the introduction or because it simply wouldn’t make sense until a later juncture. But late-breaking elements should be minimized. Perhaps the best formulation of this part of the principle is: If an idea can be introduced early, introduce it early.

So why does this second problem arise? The same sort of “curse of knowledge” dynamics are at play here. Since the late-emerging idea is well-known to the writer, it doesn’t put them off their footing to have it suddenly come into play. From the writer’s perspective, after all, it was lurking in the background all along! But there’s another source of this problem, I think, which we could call the “lure of chronology.” There’s a tendency for writers to unfold ideas in a way that mirrors how those ideas actually emerged chronologically, over the history of the project. So, for instance, if there was an analysis that didn’t occur to the researchers until late in the process of doing the work, it’s tempting to have it also emerge late in the presentation of the work. In some cases there are clear and engaging ways to do this, to sneak some storytelling into the exposition. But, generally, it’s good to keep in mind that—provided the work is accurately described—the communication of an idea need not recapitulate the development of the idea.

A perhaps-useful analogy: Think of a paper as a journey you’re sending your audience on. The intro is where you give them the equipment they need. Anything you give them is something they’ll carry with them (or try to), whether or not they really need it. Because, again, you are the only one that knows what they really will or won’t need. The reader doesn’t know this, can’t know this, because they haven’t seen the whole journey. In this analogy, the first problem is basically over-packing.  

But, naturally, you can also under-pack. Your reader may arrive at a point in the journey where they really need a piece of equipment that they simply aren’t equipped with. In many such cases they can make do and get by, but why put readers through that? Why cause them that surprise and strain? Why not make their lives easier?

Zooming out a bit, it should be clear that the “Chekhov’s gun” principle I’m advocating here is just one piece of a much more general piece of advice: make your scholarly writing and presenting as easy to understand as possible. The goal is not just to make your writing possible to understand. The point is not just that you should write in a way that readers and audience members can ultimately—perhaps after mental contortions and re-reading—figure out what you’re actually saying. The point is that you should strive to spare them any unnecessary cognitive effort [5]. This is not just good for them, it’s good for your ideas. Scholarship that is easier to understand is also easier to remember, easier to engage with, easier to tell your colleagues about, and much more fun to teach.

 

Notes

[1] It’s tempting to give the principle a less violent shorthand. Perhaps “Chekhov’s gum”? “If someone starts chewing gum in the first chapter, they must blow a bubble a bubble or spit it out in the second or third.”

[2] Narrative economy is perhaps even more critical in a live presentation than it is in a written text. The demands on a live audience’s memory are greater, and they don’t have the luxury of revisiting parts of the presentation they didn’t quite get. This is one of the reasons I always like presenting a version of any writing I’m doing: it forces you to think extra hard about economy.

[3] This term was first introduced in 1989 by Camerer and colleagues. Steven Pinker has written about how the curse of knowledge contributes to bad prose—see also Chapter 3 of The Sense of Style.

[4] I may be going beyond Chekhov a bit. He seemed focused on the idea that if a gun is introduced early, it should go off later. Here I’m also advocating the converse: if a gun goes off at some point, we should have been told about its existence earlier on. Again, probably not great advice for fiction.

[5] On the idea of saving readers cognitive effort, see Joe Moran’s insightful book First You Write a Sentence.

Read the whole story
zwol
75 days ago
reply
Pittsburgh, PA
Share this story
Delete

Germany wants Apple to offer iPhone updates and parts for 7 years

2 Comments
Smartphone producers including Apple should be required to provide security patches and spare parts for iPhones and other devices for seven years, according to a proposal from the German government to the European Union, in a bid to make the product category better for the environment.
The German federal government has entered negotiations with the European Commission to alter proposals affecting smartphone and tablet repairs and servicing. While the European Commission is working to push device vendors into offering parts and support for five years, Germany wants more to be done.The EU intends for the five years of updates to apply to smartphones and tablets, but while parts for smartphones could be offered for five years, tablets could have parts available from manufacturers for six. Heise.de reports the Federal Ministry of Economics wants the periods to stretch to seven years.

Read more...
Read the whole story
zwol
84 days ago
reply
Seven years makes total sense to me. In fact, I think I could make a case for ten.
Pittsburgh, PA
lamontcg
84 days ago
10 years plus user replaceable batteries
Share this story
Delete
1 public comment
JayM
84 days ago
reply
?!?!? 5-years I could understand. 7? Ummm.
Atlanta, GA
acdha
83 days ago
I think that’s reasonable – my iPhones have lasted that long anyway and it’d be nice if Android could get anywhere near that range for the average person given how many devices end up in landfills due to software issues. Unless you’re a gamer, the hardware has hit a point where most people do not need frequent upgrades.

"Does Induced Demand Apply to Bike Lanes?" and Other Questions

3 Shares

Read the whole story
zwol
92 days ago
reply
Pittsburgh, PA
Share this story
Delete

Mystical secrets of the bookworm

2 Comments

unmerged /usr is unsupported in bookworm and sid has been feeding bookworm since 2021-08-14,

unmerged /usr is also unsupported in sid since 2021-08-14,

no one using any portion of either bookworm or sid since 2021-08-14 should have any expectation that things should function correctly with unmerged /usr ,

∴ anyone using any portion of either bookworm or sid should execute apt install usrmerge or perform its equivalent on or prior to 2021-08-14.

Posted on 2021-08-23
Tags: ranticore
Read the whole story
zwol
96 days ago
reply
After having waded through the entirety of the argument over this, currently taking place on debian-devel, I strongly recommend you do the exact opposite: uninstall usrmerge on every system that has it, run dpkg-fsys-usrunmess on every system that has /bin a symlink into /usr, and when performing new installations of either buster or bullseye, override the installer's defaults and choose *not* to merge /usr.

hopefully the situation will be less of a dumpster fire by the time bookworm is released but i don't have high hopes right now
Pittsburgh, PA
Screwtape
96 days ago
Thank you for wading through mailing lists, and reporting your findings to save the rest of us from having to do it.
Share this story
Delete
1 public comment
jepler
96 days ago
reply
I guess I'll have to install usrmerge on my fresh laptop. as for other systems, maybe they'll get a reinstall when switching to bookworm in 2023 or so
Earth, Sol system, Western spiral arm
Next Page of Stories