Buy shares in a small publicly traded company. Pump/dump shares. One tweet from musk stating he was adding such and such to all Teslas would send the target company through the roof.
The post you're replying to is suggesting that manipulating the market like that draws the attention of some very powerful organizations. It'll likely be investigated swiftly and they'll come down on you harshly when compared to the consequences of some Bitcoin scamming.
US federal agencies actually investigate market activity around big events like 9/11. Very likely to be caught doing that unless you have some way of shuffling money in and out of the market anonymously.
Though I was the one who suggested this would be easily catchable - Tesla is probably the one company where you could get away with this. There is no shortage of random Robin Hood users making pretty big plays on it constantly.
Assuming children do not spread covid-19 as much as adults, it would be fair to say they still do spread at some degree. Therefore, the question is what is the risk tolerance that is acceptable to society? Are we as a society willing to accept that some adults will be infected and/or die as a result of children going to school? What's the acceptable risk tolerance for teachers? If there is an assumption that some teachers will die, how many is too many?
There is an acceptable risk because we already accept the risk from children being vectors for spreading annual seasonal diseases that do end up killing adults and children. What is that level? Doubt anyone wants to specify an exact number because then they will be forever tarred with that number of deaths. One thing is very obvious about this pandemic: the degree to which it has been politicized has made it impossible to respond in a manner that is similar to other threats of similar risk.
It could be argued that the response to the Spanish Flu, Polio, HK Flu, H1N1, Zika, Swine etc. It appears by most measures this is an order of magnitude less lethal than Spanish Flu. THIS one, however, is political.
The update the CDC made is interesting. AS the footnote in the estimate table states, the IFR is taken from the pre-print _A systematic review and meta-analysis of published research data on COVID-19 infection-fatality rates_ by Meyerowitz-Katz, G., & Merone, L. et. al. The conclusion of their paper states:
> Based on a systematic review and meta-analysis of published evidence on COVID-19 until May, 2020,
the IFR of the disease across populations is 0.68% (0.53-0.82%). However, due to very high
heterogeneity in the meta-analysis, it is difficult to know if this represents the ‘true’ point estimate..._
There have been several reports that the IFR has lowered since late May, so it will be interesting to see if they rerun their metanalysis with June/July data. Their paper also makes the point that this could be an underestimate due to reporting issues (under-reported deaths). But likewise it could be an overestimate due to under-reporting infections (with so many asymptomatic cases). I am a little concerned over the lack of mention of that fact in the paper, which to me is as important as the under-reported deaths.
I understand your concern regarding long-term impacts. While we can't dismiss those concerns, it would be the only coronavirus in the history of known coronaviruses to do anything like that. So with our knowledge of this virus and the family of viruses, we can say that is "unlikely".
There are going to be a lot of deaths. I can't argue out of that reality. It is really unfortunate. We will all known somebody who dies from this, or at least are within a free degrees. The debate, in my opinion, isn't on preventing all deaths, it won't happen. It is how do we minimize death while preventing long term societal and economic damage. And how do we protect the most vulnerable without causing those damages elsewhere.
I know it sounds weird, but the age stratification of the IFR is a HUGE gift of this virus. It is more age stratified than the flu or other common pandemic sources. We are very lucky. Next time we may not be, so I hope we can learn from this on how to prepare for what we feared this was.
The polio waves in the 40s and 50s I'd argue were handled pretty optimally. Public accommodations were (for over a decade!) shut down when needed to control the epidemic in their area, and the government pushed hard to fund vaccine development. But as far as I've read, there were no significant voices arguing either "polio is just a bad flu" or "we'd better shut down schools until the vaccine is ready".
> There is an acceptable risk because we already accept the risk from children being vectors for spreading annual seasonal diseases that do end up killing adults and children.
This seems to be a common thought, but it is an error to assume that incidence of death = acceptance of death.
The truth is, the socially and politically acceptable incidence of death from seasonal communicable diseases is 0. Yes, deaths still occur, but that is in spite of absolutely tremendous investment of resources to try our very best to get it down to 0.
To pick on the flu, for example, there is no tactic or resource that we have available that we have not deployed. We have invested many $billions to create an annual national vaccination program that aims for 100% uptake and is even backed by a special liability regime to manage lawsuit risk. It is the largest vaccine program we have for any disease.
We have also invested (and continue to invest) additional $billions in studying every aspect of the disease, how it invades the body, how it spreads, how it harms people, etc. We have spent even more to create public awareness of flu symptoms, treatments, and appropriate behaviors.
The fundamental difference between the flu and COVID-19 is the possibility of significant asymptomatic or presymptomatic contagion. With the flu, you're not really contagious until you are symptomatic, so getting people (including kids) to stay home when they feel sick does as much good as a lockdown would. We don't really know for sure with COVID-19. So far it seems like a big possibility, hence the emphasis on masks, separation, stay at home, etc.
Also unlike the flu, we don't know what COVID-19 does to the human body. We don't know how long post-infection immunity lasts, and we don't know what chronic ailments might linger with survivors.
The reality is that we can't compare it with "other threats of similar risk" because we don't know what the risk is yet. That's why it is appropriate for the current response to COVID-19 to differ from the way we fight the flu and other more well-understood communicable diseases.
My wife is a teacher and my daughter will have to return to day care if schools resume.
What bothers me the most is that just like retail / grocery store workers we put people with the lowest earning potential and generally worst benefits directly in the path of this. I don’t want to get COVID but unless I convince my wife to quit her job my odds of getting it greatly increase due to situations out of my control.
I don't want to get covid either but the risk is low enough that it doesn't bother me at all. I try to live my life as it was before pandemic as much as i can.
It does seem that way, and I hope it remains so. The demographics have shifted younger. I do worry about my parents, grandparents and friends who have preexisting conditions and the increase risk with so many more cases around.
They take existing, established chefs or restaurants and clone the cuisine so that the food can be produced in a larger kitchen, potentially reaching a wider delivery area.
A better solution might be to start the archiving process from the beginning. Having a main page that links to content stored on 2020.website.com. The following year, publish new content on 2021.website.com, etc.
Timezones. It’s hard enough scheduling meetings across multiple timezones (and boy are there a lot of meetings in FAANG), but going more than +/- 6 is a huge pain (I meet with east asia and europe on a fairly regular basis).
Yes. Reduced motion in accessibility still leaves you with a slow cross fade. With a jailbreak you can disable the animations entirely and apps will open instantly.
I work remote from a quiet neighborhood with dedicated office. I’m still distracted half the time with other things and often get bored sitting in my office by myself. I wander around the house a lot — which is full right now with kids remote learning.
IANAL but this type of websocket port scan seems inherently different from what Shodan does.
Shodan is outside your network's firewall, therefore only able to access services you've exposed to the wider web.
If I understand the article, the websocket scan eBay is doing is trying to connect to local listeners on your laptop, behind your network's firewall and possibly even behind your laptop's firewall.
This is such an obvious consequence of web sockets that I wonder how anyone could have entertained the idea long enough to sober up and write the code. This is worse than letting a web page script have access to the clipboard, record mouse movements, and similar information leaks, because instead of just stealing information, now a web page can actively compromise any host on your network.
It does not, however, sound like an attacker can establish arbitrary TCP connections (at least using the technique from the article). Instead, the attacker can determine if something is listening on a port because it will take a different amount of time to negotiate/drop a connection to a port when there is a listener than when there is not a listener.
In other words, this sounds like a variant of a timing attack. As such, presumably, this particular avenue of attack can be mitigated by the browser vendor inserting a delay s.t. no information can be gleaned from how long it takes to negotiate/drop a websocket connection.
EDIT: I also wonder if it would be possible to do a similar port scan using the timing of XHR requests to localhost (e.g. http://localhost:[port]).
> It does not, however, sound like an attacker can establish arbitrary TCP connections
Maybe not, but what if the ports you have open actually are HTTP servers for development purposes? In that case wouldn't a website be able to crawl your unreleased work, and/or mess with what you're doing, with requests seemingly "out of nowhere"?
IANAL, but more likely it depends on intent and context. So shodan.io is okay because it’s not explicitly malicious, and they have clear paths to contact them if you suspect abuse. Whereas, if you’re suspected of hacking a website, the fact that you port scanned it a week prior to password spraying it might serve as evidence against you. That is, it seems unlikely anyone would be prosecuted for port scanning alone, but it could be an act that demonstrates intent of a later action.
One time, I port scanned my public IP (of my ISP) from an EC2 box, and I got an email from EC2 saying they received an abuse complaint from the ISP for port scanning activity.
What's Shodan.io's legitimate use? Sounds like the "torrents can be used for legitimate content" type argument where in reality you a rounding error the use is not lawful??
There are plenty of legitimate uses of port scanning, and specifically, a port scanning database like Shodan. For example:
- Monitoring your own network or that of your clients for exposed ports
- Researching Internet topology, or performing aggregate queries like “how many nginx servers are connected to the Internet”
Can you use it maliciously? Yes. But, most of the time, if you have a target it would make more sense to do the port scan yourself. And if you’re just dragnet searching for vulnerabilities, most you find will probably already have been exploited. Sites like shodan are good for the overall health of the web because they force website owners to maintain security posture. If you know that foregoing a wordpress upgrade means you’re one script kiddy with a shodan account away from getting hacked, you’re going to keep your site up to date. This saves you from script kiddies, but also from the more sophisticated hackers who would run a port scan themselves anyway.
>There are plenty of legitimate uses of port scanning, and specifically, a port scanning database like Shodan. //
Any legitimate security service is going to be doing there own scans, surely.
Statistics, yes, but I can't see those stats being especially good. You could probably get equally good nGinx data from netcraft, who IIUC get the data from http responses banners on :80 :443.
I'm not sure I buy the "security posture" line, isn't it circular. Tools to help crack your site are good because it means to have to have counter-measures to combat tools for cracking your site?
Only legitimate use of port scanning for me has been testing access to my own/clients computers, I feel. That's not too say I've not used it for illegitimate things ...
If I were a serious baddie, I'd be afraid of using Shodan. Who knows who has what logging on that, and what honeypots may have been seeded into it for just such an occasion? It's not that hard to get that information yourself, from sources you control yourself.
Legitimate usage from researchers and people reading about infrastructure they have the right to do security testing on may be a larger percentage than you think.
Shodan is used by most of the Fortune 100 companies for a variety of use cases. Here are the most common ones:
1. External network monitoring: know what you have connected to the Internet and get notified if anything changes unexpectedly. This has actually gotten significantly more challenging with services deployed to the cloud where your IT department might not even know which IPs to keep track of.
2. 3rd-party risk assessment: understand the security exposure of your partners, vendors, supply chain or other 3rd-parties. For example, lets say you're an insurance company that wants to provide cyber insurance. Shodan data can help you understand what sort of risk you'd be taking on. The data has also been used in M&A as part of due diligence to get a metric on the security of the IT department of the company they're thinking of acquiring.
3. Market intelligence: basically Netcraft on steroids. Shodan doesn't just have web information but also for many other protocols. This information is used by hedge funds and vendors to understand which products are purchased and deployed to the Internet. The data is skewed due to the nature of public IPs but there are still things you can do.
4. Policy impact: get a measure for how policies at the country-level are impacting Internet connectivity. For example, the OECD used Shodan to get a measure of Internet-connectivity per capita.
5. Fraud detection: is your customer trying to make a purchase from a machine that's been compromised? Or running a a VPN/ proxy? Shodan is used in transactional fraud detection to flag suspicious payments.
Fuse driver wrapper