Rolandt

Who are the research groups currently doing interesting work in evidenced-base software engineering (academics often use the term empirical software engineering)? Interestingness is very subjective, in my case it is based on whether I think the work looks like it might contribute something towards software engineering practices (rather than measuring something to get a paper published or fulfil a requirement for an MSc or PhD). I last addressed this question in 2013, and things have changed a lot since then.

This post focuses on groups (i.e., multiple active researchers), and by “currently doing” I’m looking for multiple papers published per year in the last few years.

As regular readers will know, I think that clueless button pushing (a.k.a. machine learning) in software engineering is mostly fake research. I tend to ignore groups that are heavily clueless button pushing oriented.

Like software development groups, research groups come and go, with a few persisting for many years. People change jobs, move into management, start companies based on their research, new productive people appear, and there is the perennial issue of funding. A year from now, any of the following groups may be disbanded or moved on to other research areas.

Some researchers leave a group to set up their own group (even moving continents), and I know that many people in the 2013 survey have done this (many in the Microsoft group listed in 2013 are now scattered across the country). Most academic research is done by students studying for a PhD, and the money needed to pay for these students comes from research grants. Some researchers are willing to spend their time applying for grants to build a group (on average, around 40% of a group’s lead researcher’s time is spent applying for grants), while others are happy to operate on a smaller scale.

Evidence-based research has become mainstream in software engineering, but this is not to say that the findings or data have any use outside of getting a paper published. A popular tactic employed by PhD students appears to be to look for what they consider to be an interesting pattern in code appearing on Github, and write a thesis that associated this pattern with an issue thought to be of general interest, e.g., predicting estimates/faults/maintainability/etc. Every now and again, a gold nugget turns up in the stream of fake research.

Data is being made available via personal Github pages, figshare, osf, Zenondo, and project or personal University (generally not a good idea, because the pages often go away when the researcher leaves). There is no current systematic attempt to catalogue the data.

There has been a huge increase in papers coming out of Brazil, and Brazilians working in research groups around the world, since 2013. No major Brazilian name springs to mind, but that may be because I have not noticed that they are Brazilian (every major research group seems to have one, and many of the minor ones as well). I may have failed to list a group because their group page is years out of date, which may be COVID related, bureaucracy, or they are no longer active.

The China list is incomplete. There are Chinese research groups whose group page is hosted on Github, and I have failed to remember that they are based in China. Also, Chinese pages can appear inactive for a year or two, and then suddenly be updated with lots of recent information. I have not attempted to keep track of Chinese research groups.

Organized by country, groups include (when there is no group page available, I have used the principle’s page, and when that is not available I have used a group member page; some groups make no attempt to help others find out about their work):

Belgium (I cite the researchers with links to pdfs)

Brazil (Garcia, Steinmacher)

Canada (Antoniol, Data-driven Analysis of Software Lab, Godfrey and Ptidel, Robillard, SAIL; three were listed in 2013)

China (Lin Chen, Lu Zhang)

Germany (Chair of Software Engineering, CSE working group, Software Engineering for Distributed Systems Group, Research group Zeller)

Greece (listed in 2013)

Israel

Italy (listed in 2013)

Japan (Inoue lab, Kamei Web, Kula, and Kusumoto lab)

Netherlands

Spain (the only member of the group listed in 2013 with a usable web page)

Sweden (Chalmers, KTH {Baudry and Monperrus, with no group page})

Switzerland (SCG and REVEAL; both listed in 2013)

UK

USA (Devanbu, Foster, Maletic, Microsoft, PLUM lab, SEMERU, squaresLab, Weimer; two were listed in 2013)

Sitting here typing away, I have probably missed out some obvious candidates (particularly in the US). Suggestions for omissions welcome (remember, this is about groups, not individuals).

(This is rough, still trying to figure this out. Based on a thread in a surveillance marketing forum.)

Here's a surveillance marketing problem: some company gets a web site visitor, but can't identify them. They want to target the same person with Facebook ads or email spam.

For the company, one solution is to put some third-party JavaScript on the page that generates an email address for an anonymous visitor. Examples:

• LeadPost leverages a network of match providers to convert your anonymous bounces into actionable leads. All lead data includes fully verified name, address and email and may be used for unlimited marketing purposes.

• GetEmails offers Anonymous Website Visitor Identification, best explained in their video, How it Works In the Kitchen. We hash the email addresses in the huge f'n database, we then match the hashed email addresses in the cookies to the hashed email addresses in the big f'n database, and we pass you a record. It is magic.

There's a book about this technique, by Adam Robinson, founder of GetEmails. Permission (Sh)marketing: How the world's fastest-growing companies legally retarget website visitors using email without permission (and how you can too).

On the identification side, we could use existing technology to identify up to about 35 percent of US traffic. On the data side, we could compile an enormous list of third-party opt-ins through business developement with lead generation companies. We connected the two parts together, and lo and behold, it worked. Email-Based Retargeting was born.

This might be why I sometimes get completely inexplicable companies showing up as Advertisers using your activity or information in Facebook Ad Preferences. What if this happened?

1. User A visits a web site with some email-finding JavaScript on it.

2. Email-finding JavaScript misidentifies User A as User B.

3. Company adds User B's info to their CRM system and uses it to send spam (generally, CAN-SPAM compliant email that is spam according to norms and reputable mail server ToSs, not spam according to US Federal law) to User B, and adds User B to a Facebook Custom Audience (not a Website Custom Audience like they would have gotten by using the Facebook pixel, a Customer List Custom Audience as if they had gotten the email with consent.)

The problem is: what happens if User B had Global Privacy Control turned on? The company would have picked up on it, and set the "Do Not Sell" flag to apply to User B's information, but User B didn't visit the company's site. User A did. So now User B sees their info in a place it shouldn't be, and the company is in CCPA trouble for mishandling the information of someone who never even came to their site.

Part of the solution seems to be for the third-party vendor to keep track of everyone they have seen a Global Privacy Control for on any site, and never return that person's info in step 2 above. But I'm not sure if this covers it. Anyway, this might just be more about what the heck is that company I've never heard of doing in Facebook Ad Preferences? than anything too significant.

Or I'm seeing those weird Facebook ads because the company just bought an old spam CD and made custom audiences out of that. Probably easier.

Bonus links

Researchers show Facebook’s ad tools can target a single user

How brands are getting tricked into advertising on The Daily Wire

‘Grab ‘em by the pageviews’: Growth hacking to nowhere

Adland is an island

The errors of efficiency

Democratic group poses as conservative PAC to block Youngkin support

One of our clients is building private communities in a very technical and highly regulated field.

Our research noted two contradictory themes.

The first was members wanted to know who else was a member of the community. This suggests building out a good member directory where people can browse profiles and contact one another if needed.

The second was members often held back from participating because of strict regulations within the industry and the potential ramifications of being seen to speak officially on behalf of the company.

At first, these two issues seem impossible to reconcile. We couldn’t allow members to use pseudonyms and still make it possible for members to see who else is in the community.

But diving a little deeper into the data, we realised even though members want to know who else was a member, they didn’t need to know specifically who was replying to their posts. The desire to know who else was there was simply to know they’re in a group of trusted peers (i.e. we’re letting in the right kind of people).

Discourse, the platform we’re using, has a little-known feature called ‘anonymous mode’. This mode enables any registered member to reply anonymously. This means they can share advice and ask questions without their reputation being on the line.

The problem with this mode, as you can see here, is Discourse buries this option 3-clicks deep (after you ask them to enable it) where no member would find it.

So we hired someone to develop a simple button positioned next to the very place where people would usually post a new topic.

This makes it almost impossible to miss as you can see here.

I really like the balance of this. The community is private. Everyone has been approved to join. So the anonymous mode is unlikely to be abused to spam or troll members. Yet, at the same time, it opens the door for everyone to participate without putting their reputation on the line.

This is one of the data-driven solutions which combines the best of user research and technology to create something unique. I’m not sure any other community offers this right now. It’s a feature I’d love to see offered by other platform vendors.

p.s. If you’re on Discourse, you can now pull the component from here for free.

The post A Unique Solution To Overcoming Fear of Participation first appeared on FeverBee.

Looking straight up while walking underneath the Eemhuis cultural center, Amersfoort, last weekend.

Last week, the great psychologist Mihaly Csikszentmihalyi died. Csikszentmihalyi (pronounced chik-sent-mee-hai-ee) advanced our understanding of happiness and creativity enormously by codifying the concept of “flow,” a highly pleasurable and concentrated state of mind in which people are enormously productive. Every writer needs to know about flow — what it is, why it is important, and … Continued

The post Mihaly Csikszentmihalyi showed us flow. Writers need flow. And tech destroys it. appeared first on without bullshit.

Add-ons are a powerful way to extend and customize Firefox. At Mozilla, we are committed not only to supporting WebExtensions APIs, but also ensuring the safety and reliability of the ecosystem for the long term.

In early June, we discovered add-ons that were misusing the proxy API, which is used by add-ons to control how Firefox connects to the internet. These add-ons interfered with Firefox in a way that prevented users who had installed them from downloading updates, accessing updated blocklists, and updating remotely configured content.

In total these add-ons were installed by 455k users.

This post outlines the steps we have taken to mitigate this issue as well as provide details of what users should do to check if they are affected. Developers of add-ons that use the proxy API will find some specific instructions below that are required for future submissions.

What have we done to address this?

The malicious add-ons were blocked, to prevent installation by other users.

To prevent additional users from being impacted by new add-on submissions misusing the proxy API, we paused on approvals for add-ons that used the proxy API until fixes were available for all users.

Starting with Firefox 91.1, Firefox now includes changes to fall back to direct connections when Firefox makes an important request (such as those for updates) via a proxy configuration that fails. Ensuring these requests are completed successfully helps us deliver the latest important updates and protections to our users. We also deployed a system add-on named “Proxy Failover” (ID: proxy-failover@mozilla.com) with additional mitigations that has been shipped to both current and older Firefox versions.

As a Firefox user, what should I do next?

It is always a good idea to keep Firefox up to date, and if you’re using Windows to make sure Microsoft Defender is running. Together, Firefox 93 and Defender will make sure you’re protected from this issue.

First, check what version of Firefox you are running. Assuming you have not disabled updates specifically, you should be running at minimum the latest release version, which is Firefox 93 as of today (or Firefox ESR 91.2). If you are not running the latest version, and have not disabled updates, you might want to check if you are affected by this issue. First, try updating Firefox. Recent versions of Firefox come with an updated blocklist that automatically disables the malicious add-ons. If that doesn’t work, there are a few ways to fix this:

• Search for the problematic add-ons and remove them.
  1. Visit the Troubleshooting Information page.
  2. In the Add-ons section, search for one of the following entries:

     Name: Bypass

     ID: {7c3a8b88-4dc9-4487-b7f9-736b5f38b957}

     Name: Bypass XM

     ID: {d61552ef-e2a6-4fb5-bf67-8990f0014957}

     Please make sure the ID matches exactly as there might be other, unrelated add-ons using  those or similar names. If none of those IDs are shown in the list, you are not affected.

     If you find a match, follow these instructions to remove the add-on(s).

• Try refreshing Firefox, which will reset your add-ons and settings.
• You can also head over to download a new copy of Firefox if needed.

As a Firefox add-on developer, what should I do next?

Note: The following only applies to add-ons that require the use of the proxy API.

We are asking all developers requiring the proxy API to start including a strict_min_version key in their manifest.json files targeting “91.1” or above as shown in this example:

“browser_specific_settings”: {   “gecko”: {     “strict_min_version”: “91.1”   } }

Setting this explicitly will help us to expedite review for your add-on; thank you in advance for helping us to keep Firefox users secure.

In Summary

We take user security very seriously at Mozilla. Our add-on submission process includes automated and manual reviews that we continue to evolve and improve in order to protect Firefox users.

If you uncover a security vulnerability, please report it via our bug bounty program.

The post Securing the proxy API for Firefox add-ons appeared first on Mozilla Security Blog.

One of the promises of unregulated extreme capitalism is that problems of supply and demand will always “work themselves out” in an unregulated market, and hence that any market regulation will necessarily make things worse.

The idea is that where the supply curve (how much sellers are willing to sell at various prices, a curve with a positive slope) intersects the demand curve (how much buyers are willing to buy at various price points, a curve with a negative slope), determines how much of each commodity will be sold (how far along the x axis the supply/demand intersection is), and at what average price (how high up the y axis the intersection is). (See left-most chart above.)

This utopian presumption of course assumes an equitable distribution of wealth (which determines demand) and an unlimited access to resources (which determines supply). When you have a grossly inequitable distribution of wealth, you end up with a high demand for multi-million dollar mansions and extravagant sports cars (billionaires with nothing better to do with their excess wealth), and a low ‘demand’ for the necessities of life because most people can’t afford to buy them.

Likewise, when you have serious resource and supply constraints, you end up with no supply, at any price, or, worse, you end up supplying only those willing and able to pay an insane price (by most people’s standards) for the scarce resource, and everyone else doing without. (See middle chart above.)

And, in the worst case scenario, when you have both inequitable distribution of wealth and serious resource and supply constraints, you end up with a market collapse — the maximum price buyers can afford to pay is lower than the minimum price sellers can afford to charge without losing money, so sellers stop producing new supplies (that they can’t sell) and buyers run out of everything. (See right-most chart above.)

This will soon become a permanent problem in the energy sector, as increasing extraction costs, despite massive subsidies, mean that producers need to earn at least $50/bbl to stay in business, and that amount is rising, while consumers can only afford to pay at most $80/bbl to remain solvent, and that amount is falling (as real disposable income for all but the richest continues its 50-year slide). Current bottlenecks in many areas have driven oil prices up to $85/bbl, twice what they were a year ago, which means the coming winter (which is expected to be unusually cold in much of North America) is going to be brutal for many. Natural gas has undergone a similar doubling of price in the last year, partly due to shortages caused by the uneconomically low prices a year ago leading to layoffs and production cuts. This whipsawing is likely to continue.

We’re seeing a bit of an advance look at this these days in what is being called a “supply chain” crisis, much as we did during the economic crisis and collapse of 2008. For a host of reasons largely resulting from the pandemic, supplies of all kinds of goods have been disrupted. The previous drop in demand has meant that suppliers laid people off and reduced inventories, and imports and exports slowed. The laid off workers had less money to spend, reducing demand further. And as hiring then increased and more emergency money was given to citizens to help them deal with the loss of employment, there was a sudden jump in consumer demand that could not be met by the reduced workforce with the lower levels of shipping.

Suddenly, shipping containers are piling up in some places and completely unavailable in others. Employers paying inadequate wages for the risk and stress of the work, a situation exacerbated by the pandemic, find themselves without necessary workers, and many transport vehicles are also off the road due to scarcity of repair parts. As a recent Atlantic magazine article reports, “Supply chains depend on containers, ports, railroads, warehouses, and trucks [and workers]. Every stage of this international assembly line is breaking down in its own unique way.”

In Vancouver, ocean-going containers of cheap manufactured crap from Asia arrive bulging, and make the trip back home mostly empty (a lot of their “cargo” on the return trip is plastic trash and scrap textiles). And containers of raw materials (much of it phosphates, sulphates and nitrates destined for Latin America to be used as fertilizer to support the continued massive clearcutting of the rainforest to plant crops) leave Vancouver bulging and return largely empty. Higher fuel costs now mean the ships have to travel at half-speed to use less fuel so they can “break even” cost-wise, adding to the vehicle shortage and hence the shortages and stock-outs of everything else.

If this were just a temporary phenomenon, we would be able to live with it. But there’s considerable evidence we’re seeing what will emerge as a permanent, slowly deepening problem, as a precursor to a broader economic collapse. The following chart shows how the supply chains are now fraying and in danger of permanently breaking:

In a “normal” industrial economy, the growth and collapse cycles balance each other out, keeping supply, demand, prices and production in equilibrium. However, because of the “limits to growth”, two parts of the growth cycle will inevitable start to break as the industrial economy comes up against the reality of unsustainability, in two ways:

1. When resource supplies become scarce, such that they are uneconomic to produce relative to the spending power of consumers, it becomes impossible to increase production in response to an increase in demand.
2. When products become unaffordable for many at any price, no amount of ‘discounting’ will be sufficient to increase sales, and hence there will be no incentive to increase production. The ‘demand’ is there, but those needing the goods and services can’t pay for them.

What we are seeing now are early glimpses of what will happen as those chains in the growth cycle continue to fray and finally break. The equilibrium will be lost, the growth cycle (yellow in the chart above) will cease, and we will be permanently caught in the collapse cycle (grey in the chart above).

This is what has happened in previous depressions and severe recessions, though in every case there was enough slack in the system to repair the ‘breaks’ and move the economic system back into equilibrium.

There is no longer any significant slack in the system. Bailouts of corporations and industries that cannot operate profitably because their products require scarce, expensive resources can only work when there is the potential of less expensive resources coming on line, or the potential of dramatically increasing most consumers’ spending power, and when the government can pump trillions of dollars into the financial system to bail them out until that happens, without collapsing the currencies, the financial systems, and the governments that rely on faith in the value of their currencies.

Once we realize that there is no short term “innovation” fix for (1) the ever-diminishing energy return on energy invested in the resource sectors (especially oil) on which the entire growth cycle and growth economy are based, (2) the chasm of inequality between the extremely rich and the increasingly impoverished vast majority, and (3) the current dependence on artificially-suppressed interest rates and the skyrocketing levels of unsustainable debt by citizens, corporations and governments, then the market will wake up to the reality of its overextendedness and unsustainability.

Then, the collapse cycle will become the only game in town — supply shortages driving up prices to the level consumers can’t afford to buy, yet still not high enough that producers can afford to produce and sell, endlessly lower ‘demand’ (not because products aren’t needed, but because very few can afford to buy them at any economically viable price), and collapsing production, aggravating the shortages. We’ve seen it many times before. It’s probably been a part of every civilizational collapse in one way or another. And we’re nowhere near ready for it, and won’t be until we realize these “supply chain problems” are early evidence of permanent economic collapse, and not just something we have to put up with for a while until the supply chains are magically “fixed”.

…is no-one thinks they’re being a jerk.

They think they are:

• Being funny and irreverent.
• Responding fairly to provocation.
• Doing what they’ve seen other members do.
• Behaving as they behave elsewhere.
• Etc…

It’s tempting to reduce a complicated set of expectations to a simple ‘don’t be a jerk’ command. But it fails for the same reason telling kids to ‘just behave’ fails. People try to just be themselves and the results naturally follow.

This is why you need to be more specific, have clear examples, and set very clear expectations of what is and isn’t acceptable. This means you need to get into the messy field of defining clearly what’s ‘funny’ and what’s ‘jerk behavior’.

Good luck!

The post The Problem With “Don’t be a Jerk” Guidelines… first appeared on FeverBee.

Walking around town this weekend while it was beautifully sunny, I enjoyed this view of the Eem river harbour with the autumn colored trees.

Amersfoort’s Eem river harbour, in front of the medieval water gate

We got an incredible window into Facebook yesterday. Adrienne LaFrance, executive editor of The Atlantic, published “History Will Not Judge Us Kindly,” after her exhaustive reading of the leaked internal documents known as the Facebook Papers. LaFrance’s piece clarifies something that too many people are missing. Zuckerberg and his company do not serve users, shareholders, … Continued

The post Read the Facebook Papers as the algorithm defending itself. Then you’ll understand. appeared first on without bullshit.

For kids who came of age in the 1980s, the 2020s are proving to be the best decade for music since their teens. Synth pop is back. Michael Bolton is back. Even cassettes—the sometimes-dysfunctional format pushed aside by the CD—have made a comeback. But while there’s no denying the visceral thrill of ’80s-style synthesizers or the seductiveness of the decade’s most soulful balladeer, the renewed interest in cassettes has left audio experts puzzled and record-store owners scrambling to figure out a format that some people are too young to remember.

Zhang2021a Jingxuan Zhang, He Jiang, Zhilei Ren, Tao Zhang, and Zhiqiu Huang: "Enriching API Documentation with Code Samples and Usage Scenarios from Crowd Knowledge". IEEE Transactions on Software Engineering, 47(6), 2021, 10.1109/tse.2019.2919304.

As one key resource to learn Application Programming Interfaces (APIs), a lot of API reference documentation lacks code samples with usage scenarios, thus heavily hindering developers from programming with APIs. Although researchers have investigated how to enrich API documentation with code samples from general code search engines, two main challenges remain to be resolved, including the quality challenge of acquiring high-quality code samples and the mapping challenge of matching code samples to usage scenarios. In this study, we propose a novel approach named ADECK towards enriching API documentation with code samples and corresponding usage scenarios by leveraging crowd knowledge from Stack Overflow, a popular technical Question and Answer (Q&A) website attracting millions of developers. Given an API related Q&A pair, a code sample in the answer is extensively evaluated by developers and targeted towards resolving the question under the specified usage scenario. Hence, ADECK can obtain high-quality code samples and map them to corresponding usage scenarios to address the above challenges. Extensive experiments on the Java SE and Android API documentation show that the number of code-sample-illustrated API types in the ADECK-enriched API documentation is 3.35 and 5.76 times as many as that in the raw API documentation. Meanwhile, the quality of code samples obtained by ADECK is better than that of code samples by the baseline approach eXoaDocs in terms of correctness, conciseness, and usability, e.g., the average correctness values of representative code samples obtained by ADECK and eXoaDocs are 4.26 and 3.28 on a 5-point scale in the enriched Java SE API documentation. In addition, an empirical study investigating the impacts of different types of API documentation on the productivity of developers shows that, compared against the raw and the eXoaDocs-enriched API documentation, the ADECK-enriched API documentation can help developers complete 23.81 and 14.29 percent more programming tasks and reduce the average completion time by 9.43 and 11.03 percent.

My kids hold beef. And they hold it forever. If one kid in the neighborhood did something they’ll talk about it every other day like it happened yesterday. The friend’s neighbor who is slightly younger but was annoying once? Annoying forever! Even if you’ve played with him since! That new friend who said she saw a dinosaur in her backyard? A liar. Forever.

I don’t get it. I try to counsel them out of their beef. Maybe that girl who saw the dinosaur was just pretending, she has a big imagination (and that’s good!), or maybe someone in a dinosaur suit really ran thru the yard. I have one hundred potential scenariors for why she might have said that. We don’t know. And it doesn’t matter, because first of all, seeing a dinosaur sounds bad ass, so why not say it.

Oh, but they’ll undo my words and Wormtongue each other the next day saying “But remember that time…”

I don’t get it. I don’t see myself as a beef holder. Not forever anyways. My wife isn’t a beef holder either. She’s one of the most pleasant people I know. Who taught these kids to hold beef? From whomst was the beef holding begotten? Why hold beef forever? It goes bad. Let the beef go, kid.

Many email providers were hit with a Distributed Denial of Service attack last week. For Fastmail customers, no mail has been lost and, as always, your data remains safe.

What happened: in a nutshell

Over the last week, Fastmail and other email providers were subject to ongoing Distributed Denial of Service (DDoS) attacks from someone demanding payments. We have experienced attacks like this in the past (read about the last big attack in 2015) and have protection in place at multiple levels to weather these intrusions.

We believe that there is no specific reason that Fastmail was attacked. DDoS attackers have just chosen to attack a set of email providers at this current moment.

DDoS network "owners" have a resource (a large network of compromised computers) with a limited lifetime until they lose access, and they target companies to extort for bitcoin payments.

We never pay extortionists. Doing so encourages further ransom payments and future threats to us and to others.

What is a DDoS attack?

A denial of service attack is where an individual or organization tries to overwhelm a computer system by sending through so many requests that it can't cope, and it crashes. Identifying a flood of messages from a single location and blocking that location is relatively simple to detect and protect against.

A distributed denial of service attack is where the individual or organization sends these requests from a lot of different locations making it much harder to isolate the bad requests from the good.

In simple terms: think of your Fastmail account like a shop down the road. When a DDoS attack happens, the attacker creates a big traffic jam by filling the entire road with cars. The shops are still there, and everything inside the shops is functioning normally, but the roads are all blocked and your car can't get you to the store.

An attack normally consists of a number of different approaches:

• A volume-based attack is when attackers send a flood of traffic to overwhelm a website's available bandwidth. If there's more traffic coming than the link can handle, then it doesn't matter how good the server is at handling the requests, because the network link is full. For instance, we saw traffic coming at us in excess of 270Gb/sec (our normal load is usually under 10Gb/sec);
• A Protocol attack, such as a SYN-flooding attack, is when attackers send just the initial piece of a connection (a network packet tagged as "SYN" or synchronize, asking the server to start a connection). Servers use resources to track connections, and a large number of SYN packets without continuing the rest of the connection can use up server resources while they wait for the rest of the connection, which never comes;
• An application attack makes repeated requests to resources that are expensive for the server to generate. Unlike the other two attacks, they require some knowledge of the specific site being targeted.

An attacker will often use a network of computers to generate the attack, such as a botnet. These are compromised computers around the world, which respond to remote commands to send requests.

How we manage an attack

Effectively managing a DDoS attack requires work at multiple levels.

• On the Fastmail service itself, we have defenses within our code to detect and prevent inappropriate requests from clogging up our server - such as caching, rate limiting, and local block lists;
• In our data center, they are able to route and defend against bad traffic by detecting behaviors, and rate-limiting specific regions that are producing excessive traffic flows before they reach our systems;
• At the network edges, we use a DDoS mitigation service that detects and scrubs botnet traffic before it enters our data center. The challenge for this service is distinguishing between valid and invalid traffic so that it can keep the traffic small enough to fit through our "street" (the link between our systems and the internet) without interrupting legitimate customers—so this is only switched on when the traffic quantity gets higher than we can handle internally.

Attackers modify their strategy during attacks, so it's never just a matter of set-and-forget when dealing with an active attacker.

When an attack happens, we are in constant communication with our providers to coordinate our responses and adapt to the changing shape of the traffic being sent our way. Sometimes, this means that some of our customers can see significant slowdowns, while others may not even be aware that an attack is underway.

For instance, during volume-based attacks, we need to work with our providers to implement filters further out in the network so that they don't overwhelm the capacity of the network links inside our data center. In terms of the car analogy above, we need the provider to make sure that cars that don't intend to make purchases at our shop don't enter the road in the first place! The filter doesn't have to be perfect, but it does need to keep the traffic down to a manageable amount while producing as little impact as possible on legitimate customers and visitors.

What our customers see during an attack

Depending on the nature of the attack at any given moment, customers might:

• not be able to access us at all for a period of time, you're stuck in the gridlock traffic jam, because there's just too much traffic, or they live in the region where a large amount of botnet traffic is coming from;
• be able to access us, but slowly, you're crawling along the interstate during peak hour, because there's still a lot of traffic, but we're processing requests still;
• be able to access us normally, the street isn't too busy at the moment you showed up, and they don't notice anything is wrong.

Why were we targeted?

We don't believe we were specifically targeted, just that the attackers decided to target email providers. Others also saw attacks from the same person, as reported by The Record. We are all independent mail providers with a small enough network presence that a powerful botnet could overwhelm our service if directed at us.

• Runbox blogged about their experience.
• Posteo blogged about their response.
• Mailbox.org blogged about their experience.
• Tutanota tweeted about a DDoS attack in the past week as well.

None of us have paid the ransom, and we are working together and with our respective law enforcement to prevent this attack and anything like it in the future, to us or to anyone else.

Here's the first ransom note to us, which we received to multiple of our contact email addresses on Friday:

From: Cursed Patriarch <cursed.patriarch@[...]>
Subject: DDoS Attack

Hi,

I will start 1-2 hours attack on your site. It will not be hard as I don't want to impact your business now. Just check your logs to see that I'm for real.

Pay me 0.06 BTC to [...] and I will never attack you again.

If you don't pay within until Monday, total shut down is coming, cheap protection will not help my fee will increase and if you refuse you will lose much more then that.

Pay 0.06 now to prevent suffering.

Best regards,
Cursed Patriarch

*P.S. This is disposable email. Do not reply.*

They contacted us from multiple email accounts, including a Fastmail trial account, which was used to contact both our support and some of their other victims. In all their interactions with our service, connections were made via Tor—a networking service used for anonymity, meaning that their actual location and identity are hidden from us.

Our next steps

Fighting off DDoS attacks can be like trying to fight spam. The moment one technique becomes effective at detecting and quarantining bad content, the attackers shift to a new approach.

Obviously, this also means that we do not want to detail the entire scope of our countermeasures, or the response times that each of them requires, as that information is useful to a motivated attacker.

During this attack, we developed several new tools to mitigate future similar kinds of behavior we saw. We are also continuing to discuss improvement strategies with our network providers and DDoS specialists.

Even once this current set of attacks finishes, new attackers can come at any time. Keep an eye on our Twitter account and on our status page to stay up to date with any service availability changes.

Lastly...

We know that Fastmail is a tool that people rely on to stay connected. Especially during an attack, but at all times, we work around the clock to keep you up and running. We're sorry to those who were impacted by the work of this bad actor. The whole team at Fastmail appreciates the messages of support and solidarity we were sent during this time over Twitter and through support tickets as we worked hard to remain available. Thank you for your patience and understanding.

Slate and Mozilla’s Pocket have extended their ‘Behind The Podcasts’ collaboration, partnering on a series of new Pocket Collections to provide podcast and Pocket fans with even more opportunities to explore the behind-the-scenes stories that inspired some of Slate’s most successful podcasts.

This November, Pocket readers can look forward to all-new collections curated by Slate’s podcast hosts, coinciding with new seasons of One Year, Decoder Ring and the highly anticipated sixth season of Slow Burn, one of the most-popular podcast series in Slate’s portfolio, garnering more than 65M+ downloads since its launch in 2017. The curated Pocket Collections, which offer deep-dive reads, down-the-rabbit-hole research, and commentary straight from the hosts’ notes, are the perfect ‘companion pass’ to round out new episodes of Slate’s fan favorites. 

“Pocket is the ideal place to host our curated collections because it’s easy and seamless for readers and listeners to discover, manage, and go deep with the podcasts they love,” said Bill Carey, Director of Strategy at Slate. “We know there are many Pocket readers interested in the topics these shows cover who haven’t yet discovered Slow Burn or our other podcasts, which we think presents an exciting opportunity for audience growth.”

Pocket initially partnered with Slate in early August when the hosts of Slate podcasts One Year, Decoder Ring, How To! and Thrilling Tales of Modern Capitalism curated their own unique lists of recommended reads, videos and content, offering avid listeners an in-depth look into the research that inspired the creation of these podcasts. The additions to the ‘Behind The Podcasts’ collections will continue to publish on getpocket.com/slate, starting with the premiere of Slow Burn: L.A. Riots on November 3rd. New Slow Burn collections will be available every Wednesday and select forthcoming episodes from One Year, hosted by Josh Levin and Decoder Ring, hosted by Willa Paskin, will be available starting in November as well.

The award-winning Slow Burn podcast has turned into a bonafide franchise, inspiring both a docuseries on EPIX and a scripted series coming to Starz, starring Julia Roberts. Hosting this season is journalist and podcaster Joel Anderson, who will share with Pocket readers what he read, listened to, and watched as he investigated one of the most consequential moments in 20th century America: the 1992 Los Angeles riots following the acquittal of four LAPD officers in the brutal beating of Rodney King. This collection will serve as a guide to the season, providing listeners a list of the people, places, and moments that helped define this moment in history.  

“Partnering with Slate on these collections has been such a delight and really showcased the expertise of their hosts and the reach and flexibility of the Pocket collection format,” said Carolyn O’Hara, Director of Editorial at Pocket. “We are avid listeners to Slate’s podcasts ourselves, and it’s been gratifying to help deliver these behind-the-scenes deep dives that we know listeners often crave.”

Pocket has long been the go-to place to discover, save, and spend time with the most thought-provoking and entertaining content from around the web. Discover the best of the web by downloading the latest Pocket for Android on Google Play and App Store.

The post More Stories Behind the Podcasts: Slate’s latest curated Collections on Pocket appeared first on The Mozilla Blog.

We suspect that one of these buildings may be the oldest still standing in its original location in the city. That’s the building on the right at 320 W Cordova, today home to the Old Faithful Shop, (selling ‘well-designed, unfussy, and beautiful homegoods’) but back in the 1960s image, partly occupied by the Dressmakers and Milliner’s Supply House. This location is across the street from the 1888 Springer-Van Bramer block, designed by N S Hoffar. They commissioned another building a year earlier, probably on West Cordova, also designed by Mr. Hoffar.

It appears that this building predates the partner’s development on the north side of the street. It is clearly an early building, and in the 1887 Elector’s list, the owner of the lot that the building sits on was an architect, Thomas C Sorby. This was the only parcel of land that he owned in Vancouver. In August 1886 he placed a notice in the Colonist newspaper “Parties desirous of tendering for a two-storey Brick Block to be erected in Cordova Street, Vancouver, for Messrs Springer and Van Bremer can see the drawings in my office. The proprietors reserve the liberty of declining any or all tenders”. So it seems reasonable to conclude that Ben Springer and James Van Bramer funded the building on the site owned by Thomas Sorby, who also drew up the design.

Immediately after the 1886 fire a number of enterprising developers got to work on building fireproof buildings very quickly – in this case just two months after the city had been almost totally destroyed. Something similar happened with the Byrnes Block, which housed the Alhambra Hotel on Water Street. Rand Brothers, real estate promoters, commissioned the construction the handed the development to George Byrnes before it was complete – and his name was added to the cornice.

When it was built this was the 200 block, and lot 5 was numbered as 220 and 222. The 1889 insurance map shows a bakery with an oven on the western side of the building. By 1901 this had been renumbered as 314 and 316, with a clothing store on a building already enlarged to double its depth. On the 1912 map this was 320, the number it still has today.

Ben Springer was from Ontario, and in the city before the fire. After mining in the Cariboo in the 1860s he became book-keeper for the Moodyville sawmill on the north shore of Burrard Inlet in 1874, marrying in that year and becoming mill manager in 1882, moving to ‘the big house’ and retiring in 1890. Captain James Van Bramer was from New York, and was here from around 1860. He was part of the syndicate that built the Moodyville mill on the north shore. From 1866 he operated the Sea Foam, a steam tug which began regular ferry service between Brighton and Moodyville across the Burrard Inlet. His business interests included mines and property, and he settled in Granville, and then on the north shore, with his Katzie wife and three daughters. He ‘retired’ to California around 1888, and continued to visit his old haunts in his steam schooner, Eliza Edward. He was fined $1,400 for a voyage from Victoria to Santa Barbara, where he landed and left again without reporting to authorities. He was accused of smuggling opium and Chinamen, but with no proof, he was only fined for the non-reporting. The Captain died in the Cottage Hospital in Santa Barbara in June 1895 aged about 60, not long after returning a further mysterious voyage to the Cocos Islands to search for buried treasure he believed was there.

Springer partnered Van Bramer in his 1860s steamship business, and as well as the Vancouver buildings they developed. They also shared ownership of the BC District Telegraph and Delivery Company, obtaining a 50 year franchise for the operation of district telegraph systems in Vancouver and Victoria

314 West Cordova on lot 6 was a mystery. The building was built a little later, probably in 1905. The site, unusually, appears to have been vacant until it was developed. While that unfortunately puts it into the ‘lost permit’ era, Patrick Gunn has traced the permit to R McLeod, who hired McDonald and McKenzie to build the $12,000 ‘brick and stone store & warehouse’ in 1905. There was a Roderick McLeod who was a carpenter, and by 1906 was a contractor, with a number of significant houses that he built in the early 1900s. If it was a local, rather than an absentee investor, Roderick is the most likely candidate. By 1911 there were four Roderick McLeods in Vancouver, so we have no was of being sure if the developer was still in the city when the census was taken.

A few years later, in 1912, the building was owned by ‘Thompson Bros’, and in 1923 ‘The Thompson Estate’ still owned it. In fact both buildings came into their ownership; they carried out repairs to 320 in 1914 and in 1920 and 1921. Thompson Bros were really Thomson Bros; James and Melville Thomson, who had extensive property interests in this part of town, as well as running a stationery business.

In the 1960s, when our ‘before’ shot was taken, it was home to a Danish furniture store, but today it’s come full circle and is home to clothing store Frank and Oak.

Image source: City of Vancouver Archives CVA 780-510

1124

With the release of iOS 15.1 today, you can now add your PEI Vax Pass to the Wallet app on your iPhone for easy access. As it’s not immediately obvious how to do this, here’s how:

1. From the My COVID-19 Proof of Vaccination page, get a copy of your PEI Vax Pass QR code and make a screen shot of it, saving the screen shot to Photos.

2. In the Photos app, open the screen shot, tap on the “recognize text” icon in the bottom right, and then tap on the QR code: you should see a “Open in Health” option pop up. Tap that.

3. Your vaccination record will be added to the Health App, and to your Apple Wallet.

That’s it.

Now when you need to show your PEI Vax Pass, double-tap on the home button to open your Wallet: it will be right there with any other credit cards, tickets, etc. you’ve added.

(from a helpful pointer from DNA Lounge—this all works because PEI, like many jurisdictions, is using the SMART Health standard for QR codes)

Today was a march down Parkside Drive to protest the unsafe conditions along this stretch for all road users. High speed caused the tragic crash two weeks ago that took the lives of the Avilas.

Getting ready to march at Bloor and Parkside.

The “slow down” signs don’t seem to do much, but a whole crowd walking down the drive does.

Ironically, biking a bit ahead of the crowd, this is the first time I feel safe biking down Parkside.

At Howard Park. The bike brigade was assisting at side intersections.

Dave

and David (read his blog post about the lack of safety on Parkside)

and Janet Joy.

Closing off the intersection at Spring St.

A moment of silence to pay our respects to the Avila Family.

One of the organizers, Genevieve, thanks us for coming, and asks us to safely move out of the intersection. There is also a petition being circulated, along with a online survey on road safety that will be launched fairly soon.

One hopes that these events show the community’s engagement on the issue of slowing down traffic on Parkside to make is safer for all users: pedestrians, cyclists, and motorists alike.

Global TV coverage.

CBC Coverage

As many people have already pointed out, the diagrams make it quite likely that these dies are designed to both chopped and binned (i.e., an M1 Max that fails some tests can still be repurposed as a Pro, even as a low end one), which is a pretty clever way to keep usable yields high on such a high density chip. Kudos to whomever designed this.

The interesting things for me right now are:

• How they intend to ramp up on the M2 (both vanilla and larger, which will likely mean something like packing improved A15 cores, hopefully more of them even on the base die).
• The impact on Mac product segmentation, since the new MacBook Pros are eye-wateringly expensive and a “desktop” running these chips is also likely to be in the €2000 range once it’s kitted out.

Off the bat, and provided yields are good and the hardware supply chain mess gets sorted out, I’m betting the M1 may even slip down into “regular” iPads next year (with the M2 shipping inside a new iPad Pro, a new Air, an updated Mac mini, etc.) and the Pro/Max updates getting a “desktop grade”, more power hungry variant for a new Mac Pro next fall.

Or, putting it another way: I don’t expect the Mac mini to get a Pro or Max CPU, not unless we’re actually getting a “mid-range” Mac. And that in turn seems unlikely because Apple needs to replace the 27”iMac (and perhaps the Mac Pro) first.

This is a bit of a bummer for me given my preference for tiny, powerful desktops, but it seems like the most likely outcome, and means I need to start thinking about moving to an iPad Pro/Mac mini combo (so I can do personal stuff, media, photos, etc. faster but not break the bank) and building a beefy (likely all AMD) PC desktop for development instead (also not breaking the bank, and also hoping supply chains get sorted out).

But it’s going to be a pretty even race–just like I said to a few friends earlier, Apple doesn’t design Macs for raw CPU/GPU core counts or speed.

They design them for throughput, and now they clearly do that from the SoC on out.

Update: Here’s a follow-up piece that comes to largely the same conclusions.

If nothing else, this article should make it clear that we should be open to embracing alternative explanations, and even alternative descriptions, about things where we don't have certainty. The rise of nation-states and the emergence of civilization is certainly one such subject. And I will admit that my own discomfort with official story is similar to that of David Graeber, at least as he is depicted here. To b clear, I knew nothing about him before reading this article, though I am certainly aware of his work through its outcomes: things like Occupy Wall Street and the protests against the World Economic Forum (WEF). This article is essentially a review of The Dawn of Everything in which Graeber and David Wengrow ask, "How did we get stuck... in a world of war, greed, exploitation [and] systematic indifference to others’ suffering?" That is a good question, and really ought to be on the curriculum somewhere.

I blogged about my Blogging Kanban. This post is about the multi-step process that happens after I deem posts finished and ready to move to the actual blog. It consists of three main tools… Write Good Linter, Microsoft Edge’s Read Aloud feature, and Squoosh. It’s about 30-50 minutes worth of work and puts that final bit of polish on my posts before I ship it out to the world.

Export from Notion (1 min)

As I said in my last post, I now do all my blogging in Notion. Exporting from Notion is straightforward. It provides you with a Markdown file and a folder full of images inside a Zip file. I extract the ZIP and copy past the contents into a new draft on my blog inside VS Code.

Open in VS Code for last-minute edits. (15 minutes)

The next step is to pull the content into the local version of my site and add some last minute grammar fixes in VS Code. In VS Code I have the Write Good Linter extension installed looking at my Markdown files. I also have Error Lens installed which pairs well with Write Good.

Write Good is a Grammarly-like tool which flags a grammatical errors, passive voice, as well as weak words like “just” and “simply” which can weaken meaning. Detecting a Markdown file, Write Good starts flagging paragraphs and squiggling grammar fixes and Error Lens highlights the whole paragraph to let me know there’s a problem. Now I work to make the bitter orange highlights go away.

Initially this was time consuming work because my natural tendency is to write, think, and speak in a more passive voice. Over the years I’ve gotten better at appeasing the linter and also not caring about my use of passive voice.

Listen in Edge Read Aloud (15 minutes)

Next I open my localhost site in Microsoft Edge and use Edge’s killer Read Aloud feature to read my blog post back to me. Read Aloud is a Text-to-Speech tool that leverages Microsoft’s Cognitive Services API. CMD + Shift + U brings up the Read Aloud toolbar where you can select the voice and the speed of the screenreader.

I listen using the Microsoft Aria Online (Natural) voice option at the fastest speed. In fact, I use this feature all the time. 80% of blog posts I read are actually read to me by my robot assistant Aria. The “natural” voices Microsoft offers are pretty great at fast speeds, but for an in-depth look at some of the tradeoffs of speed vs. accuracy in synthetic speech, read this Léonie Watson post on synthetic speech.

Listening to my post helps capture obvious grammatical errors the linter didn’t catch and helps me discover terribly worded sentences. It’s not perfect (this is obvious if you’ve read my blog before) and typos and bad grammar slip through, but I trade speed for accuracy and I know that.

Occassionally this spins out into content refactors; rewording or re-organizing an idea that isn’t landing. The other day I deleted a whole five paragraph pre-ramble because it wasn’t until I listened to it did I decide I didn’t like the intro.

Without a doubt, I can say this little step of listening to my own writing has made me a better writer over the last couple years. I’m not a professional by any means, but listening has helped me find my voice. It’s been an incredible way to speed up proof-reading.

Squoosh (2 minutes)

Once the site is ready to go, I make sure all my graphics are Squoosh’d. I should probably automate this or figure out a better way, because my new 4K display is telling me I’m shooting myself in the foot a bit by sending 1200px wide compressed images, but this is my current process.

Deploy to Netlify (1 minute)

When the local build looks successful and all files committed, I push to GitHub. My changes soar over the information highway to GitHub, a webhook notifies Netlify to pull the new content and start a new build of my site. The deploy on Netlify takes ~1 minute to finish. While I wait, I start drafting a tweet.

Tweet (1 minute)

When my build completes, I grab the URL and tweet it out. This gives me a chance to preview any opengraph images I attached as well as a last chance to find any typos in my title.

Then, after I tweeted, I realize I made an enormous typo or grammatical mistake. I apologize to my more astute readers and fix and commit a half-dozen times before calling it done and moving on to the next post.

Yesterday, I posted a satiric take on the deck for Trump’s just-announced new media venture. Today, I deliver a serious assessment of what’s actually likely to happen with it. Let’s start with the credentials that let me make this assessment. Those of you who know me as a commentator on writing may not know that … Continued

The post The prospects for Trump Media & Technology Group: A realistic assessment appeared first on without bullshit.

Vaccines

This article reports that pediatric Pfizer is 90.7% effective against infection in children.

Long COVID

This preprint says that various forms of cognitive impairment are pretty common several months after “getting over” COVID-19. People who went the ER are more likely to have cognitive impairment than people who were treated as outpatients.

Recommended Reading

This article is about vaccine manufacturing in the developing world. Spoiler: they can make vaccines quite well, thank you very much.

This article is about the supply chain. It suggests that you can do something about it: buy less junk you don’t need.

Tonic

Really interesting library for building Web Components: it's tiny (just 350 lines of code), works directly in browsers without any compile or build step and makes very creative use of modern JavaScript features such as async generators.

Via Alex Russell

It’s been almost a year since my last confessional video. A few weeks ago I started working on a small revision control system to handle my C projects developed on my Mac and it’s now at the point where I can at least manage commits to the tool itself.

Video notes:

• Porting diff and adding a GUI to it
• memmove, though it’s been pointed out to me that the ROM function BlockMove is as performant and supports overlapping regions
• Download Amend
• First Usenet post and second one with code

Please contact me with any feedback or questions, view past videos in this series, and subscribe to my RSS feed to be notified about future videos and other posts.

Join me and others on Libera Chat in the #cyberpals channel if you are interested in following along with this series and have questions or would like to help others.

In a blog post, Twitter revealed that its algorithm promotes right-leaning content more often than left-leaning content. However, the company isn't sure why that's happening.

The findings discussed in the blog post draw from an internal study that looked at how Twitter's algorithm amplifies political content. In the study, Twitter looked at millions of tweets posted between April 1st and August 15th, 2020 from news outlets and elected officials in Canada, France, Germany, Japan, Spain, the U.K. and the U.S.

In all those countries, except Germany, Twitter found that right-leaning accounts received more algorithmic amplification than the political left. Similarly, right-leaning content from news outlets benefitted from the same bias.

Twitter says it doesn't know why the data suggests its algorithm favours right-leaning content. The company claims it's a "significantly more difficult question to answer" because it's a result of "interactions between people and the platform."

However, The Verge cites Ph. D. candidate Steve Rathje, who published research explaining that divisive content about political outgroups is more likely to go viral. Rathje told The Verge that negative posts about political outgroups tend to receive more engagement on social platforms like Facebook and Twitter. For example, if a left-leaning politician posts something negative about a right-leaning politician (or vice versa), that negative post will likely receive more engagement.

With that in mind, it's possible right-leaning posts on Twitter spark more engagement, leading to more algorithmic amplification. Further, it's worth noting that Germany -- the only country where the algorithm didn't favour right-wing content -- has an agreement with Facebook, Twitter and Google to remove hate speech within 24 hours. While the factors may not be related, if the algorithm favours divisive, negative posts, and right-leaning users post that kind of content, it could be why Twitter's seeing the algorithm favour right-leaning content everywhere but Germany, where there's an active effort to remove that content.

It's not a problem isolated to Twitter either. Frances Haugen, the Facebook whistleblower who leaked internal documents from the company, claimed Facebook's algorithm also favours divisive content and hate speech.

Source: Twitter, (2) Via: The Verge

The late  David Graeber wrote about the way forward from here before he died. In part:

Because, in reality, the crisis we just experienced was waking from a dream, a confrontation with the actual reality of human life, which is that we are a collection of fragile beings taking care of one another, and that those who do the lion’s share of this care work that keeps us alive are overtaxed, underpaid, and daily humiliated, and that a very large proportion of the population don’t do anything at all but spin fantasies, extract rents, and generally get in the way of those who are making, fixing, moving, and transporting things, or tending to the needs of other living beings. It is imperative that we not slip back into a reality where all this makes some sort of inexplicable sense, the way senseless things so often do in dreams.

It’s now been a little over six hundred days since the pandemic started and a hundred since my last update, so it’s time for another update–albeit a more cursory one, since I haven’t had much time to dive deep into the data.

This series began 50 days after the start of the pandemic and has had irregular updates 120, 200-ish, 250-ish, 300-ish, 320-ish, 333, one year, 420 and 500 days later

As usual, here’s the full timeline. Summer started out quite poorly, but plateaued after the surge, with new cases going down steeply during September, which was a good thing:

The fact that things didn’t balloon out of control upon return to work and school was quite likely linked to the massive vaccination effort done over Summer (more below, but the short of it is that right now only kids under 12 are unvaccinated).

The slight uptick in the past couple of weeks is indeed concerning, though, as days are becoming shorter, temperatures are slowly dropping (even though we’ve had 30^oC days in the latter part of that period), and people are going to start spending a lot more time indoors as we go into November.

Which hasn’t stopped throngs of people from crowding bar districts, open air cafés, newly re-opened restaurants, etc.

In fact, the recent uptick is dominated by the 20-29 demographic:

With masks having become mandatory only in enclosed spaces and increasing slackness as people become careless and start going back to restaurants, bars and other forms of entertainment, it’s hardly surprising.

Remote work is also becoming less prevalent, so people are going back to offices. One thing we’re noticing is that traffic is much worse than it was before the pandemic, likely because everyone who can avoid public transportation is doing so, even if various folk tell me there is a general sense of laxness in offices, with maskless meetings, shut windows, etc. People just don’t seem to care.

In the meantime, both of my kids have already been sent home a few times because of infections in school, which (at least in our case) seem to be mostly among younger kids. Only the youngest is unvaccinated, so that’s a bit of a concern.

This, I think, is the most positive thing–after being one of the worst countries on record where it pertained to infection rates, Portugal bounced back and became the leading country in the world in vaccinations.

The task force was recently disbanded after reaching a whopping 85% vaccination rate (which only left out sub-12 kids and a residual percentage of people who did not get vaccinated). This is pretty awesome on its own, but last week the government has also started scheduling third doses (and flu shots) for those most at risk.

The data shows that vaccination has already given a pretty big boost to hospitals, with ICUs no longer under pressure:

…and there is now a clear decoupling between new cases and deaths:

So good thing we don’t have an anti-vaxxer movement here, I guess. Those few that lurk in Facebook are (fortunately) a small, deluded minority and not (unlike a certain country) a fairly large segment of mis-informed people across the general population (there are also no political or religious biases against it).

However, over 18.000 people have died since we started keeping tabs, and I am quite worried about this Winter (as well as long-term effects).

Optimistically, I would expect to go back to using masks (or, rather, to have it mandated again–I’ve yet to stop) around late November, if only as a precautionary measure.

Realistically, and given that most people are now pretty much on “I don’t give a damn” mode (organizing events, dinner parties and lunches like there’s no tomorrow, and taking absolutely zero precautions), I expect a full-on reprise of last year’s pre-Xmas blunders and another late reaction. And that’s assuming we don’t get a new variant (although things seem quiet on that front).

I suppose only time will tell, so let’s check back again in a couple of months or so…