- Written by Alison
- Category: Community
Probably because I do IT stuff for a living, which includes IT Security, I've been asked by a few people will I be downloading the Australian Government's "CovidSafe" app?
This is an evolving topic, but I'd like to give a level-headed answer as of today. It might be different tomorrow.
First off, I'm not the sort of person that wants everything to return to "normal" urgently. Our planet is getting a well-deserved break from the worst ravages of humanity, and it would be great to take advantage of this time to make things better afterwards. So the argument that "just download the app already so I can go get my hair cut and play the pokies again" isn't really that compelling. I do watch on sadly at the personal impact on people's jobs, the arts scene, the cafe culture and our assumed freedom to roam. But I don't think downloading and installing an app that potentially takes away our liberties is worth it, until someone proves otherwise.
(Tech friends, this won't be a hyper-tech post. Go check out my Twitter if you want more details and sources).
So, there's three parts to this CovidSafe app:
- A terrible name. Just to make the point, the app is poorly named. Installing it won't make you safe from COVID-19. Poor marketing. but will make some people feel warm and fuzzy I imagine, which appears to be one of the key reasons for it being released
- A phone app that you download to your Android or Apple smartphone, assuming you have one and it is recent enough for the app to install. This software may (or may not) have the source code released soon so that we can be completely sure of what it does, but preliminary analysis shows that it seems fairly benign in day to day operation, at least until you elect to upload what it has captured to the backend server (see 3 below). The issue is that unless you do upload what this app captures to the backend server, the data on your phone is worthless. It doesn't help you, or contact tracers in any way.
- A backend server. This is the part that the government has been assuring us only the NSW Health officials have access to do, as it holds the output of everybody's apps.
One issue is that it is hosted on Amazon Web Services, a generally excellent platform in wide use. But ultimately this backend software is running on physical servers that are not under your control. They aren't under NSW state government control. They aren't under Australian federal government control. There will be some staff working for Amazon (based in the US) who have sufficient administration rights to get to that data, and they are bound by United States laws, not Australian government promises.
We have also heard no announcement of the source code for the backend being released, but it needs to be if we are to understand the end to end security of the system.
So, at this point I'll install the app when:
- Someone who works in contact tracing can clearly articulate why it is needed. Note that being blackmailed into "thinking of the hard-working health workers" doesn't count, because as above this app "only complements, rather than replaces the existing contact tracing process".
- Parties involved release source code for all components for review by independent researchers
- The backend is moved to physical (and virtual) servers provided by a company bound by Australian laws and paying tax in Australia
As for the "but Facebook and Google already know everything about you anyway, so why not" argument:
- These two companies are already working together to produce an app that does the same thing, but world wide. Given most of Australia's infection hasn't been through local community transmission but imported, wouldn't utilising that if you are comfortable with those companies tracking you be better anyway, rather than Australia building our own? They also do location-based app development stuff all the time, so are likely considerably more competent at it.
- I try pretty hard to block that. You can disable much of this, and reduce or cease your use of those platforms
But like I opened with, who knows what tomorrow will bring.
Other great sources:
- Written by Alison
- Category: Electric Vehicles
To preface this, we never expected to be doing this in the middle of a pandemic when so many people around us are out of work, unwell, or generally struggling. I'll post about that separately because we are also affected.
However the opportunity to get a second electric car that could travel further than our trusty Nissan LEAF presented itself, which we expected might actually happen around May or June. Imagine my surprise when the call came from Tesla delivery earlier this week saying they had matched my order to a car, and would I like to collect it this weekend?! With so much uncertainty it wasn't a straightforward decision to say yes, but after much soul-searching we decided to do so.
I remember saying to Liz when news of the first Roadster came out back in 2008 that I had just found my mid-life crisis car. Well here I am 12 years later, somewhat closer to mid-life and while it isn't a Roadster it's a far more practical Model 3. Pretty much the safest car on the planet, the absolute most efficient, one of the fastest (even this base model is faster than the WRX I once lusted after), and basically a computer on wheels that we can fill up for free from our home solar system then drive for around 380kms. For longer trips we can top up at the Superchargers appearing around the place while we have a break from the driving.
Unlike every other car manufacturer, there are no dealers (I ordered it online), it was handed over without anyone from Tesla present to maintain social distancing (they linked my phone to it and rang me to talk through opening it and setting it up), and new software is released constantly so the car gets better all the time - like adding auto-steering functionality, extra power and torque from the motor, improved safety features and even the ability to "summon" the car to me in the carpark if I get parked in. The cameras all around it have a "sentry" mode that records any carpark incidents when unattended for later handover to police - like this one.
Of course I woke up this morning and local wildlife had walked on it for an explore, so the real-world is still around us, but there's no denying the vision of Elon Musk and his desire to move the world to sustainable transportation. (and yes, his at times insanity).
(As is now customary, I must share my Tesla referral link. If you are considering buying one, do so via this link and we both get some free Supercharging!).
The kids went hunting for the engine, but there isn't one! Extra storage under the bonnet instead.
Other Teslas were waiting in the service center at Alexandria.
Back at home we are now a two-EV family.
- Written by Alison
- Category: Community
- Written by Alison
- Category: Privacy
At a medical imaging place, and they asked me to review and then sign their updated "privacy agreement". This entitles them to share our records with, among other entities, any random offshore subcontractors they choose to engage with.
Politely declining, they wrote Declined on the agreement, and proceeded to inform me that even our referring doctor could then not access the images online.
Thinking this would mean we wouldn't have any images to show the doctor at the upcoming appointment, imagine my surprise when we were instead handed the hard copy images less than 3 minutes after they were taken.
Pro-tip: actually read privacy agreements, decline anything you aren't comfortable with, and you may end up getting even BETTER service than the default few hours we were told we'd have to wait for hard copies if accepting the agreement.
- Written by Alison
- Category: Meta
The recent apocalyptic weather seems as good a time as any to sweep away bad ways of doing things, and move to a new publishing model. Well, actually an old way, as I ran a blog from around 1999 onwards until Facebook made it difficult to get externally-hosted content into their platform.
Several sessions I attended at linux.conf.au 2020 in Brisbane reminded me just how terrible the large internet companies really are. They allow us to access their massive platform for free, and yet make billions of dollars. How, exactly? Well, we aren't the customers - advertisers are. We are the products being sold. Don't get me wrong - the reason I've moved away from the blogging I did in the past was the same as everyone else - it's easy and social to just use their platform. But then there's the ads. The fact that anything you have searched recently suddenly appears as ads. Perhaps (not conclusive) even things you have said around your phone. And I've become complacent.
Of course we can put photos up there and anyone can see them, be tagged in them, and even facial recognition software can scan and store that you were in them, where and when. Still convenient, but at what cost. I already knew all this, but had just used their closed-source code that does random things I can't audit anyway.
So I'm moving back to the POSSE model - Publish on your Own Site, Syndicate Elsewhere. This means I'll be posting here on a server I pay for and administer, and then linking into Twitter (@FemmeOnAFarm) and - for a while at least - Facebook as well. I'm working on scripts to move all my old content out of various old blogging software and Facebook, just so everything is in one place, and I can control it. The backlog is considerable, so this will take some time.
It is un-doubtably ugly (I'm not a web designer). It will be somewhat less convenient, and more clunky. But I can't keep selling myself out for less than I'm worth, and just like everything else in life, I'm going to lead by example (both failures and triumphs), and work out how to make this simpler for everyone to control their own content, and take back their privacy.
- Written by Alison
- Category: Travel
We had planned a school holiday trip away in our caravan for mid-January, to coincide with me attending linux.conf.au. All went well for the length of the conference, until the following morning when Liz and I were awake early, and noticed two things after the utterly insane rain we had had overnight:
- We weren't wet! Well done squashy the wind-up caravan!
- Lots of people seemed to be moving around the caravan park very early, very quickly.
Turns out that the approximately 300ml of rain overnight was considerably more than the river could hold, so it happily broke its banks and started flooding campsites. It's far from unusual for caravan parks to be built on flood plains. Since they are temporary dwellings then they can be moved with enough warning away from the danger zone far easier than a house or cabin could be. That part of the logic is sound, however it relies on that warning part.
And the warnings never came. Some people closest to the river had flooded already by 4am, however as of 5am the water was still rising and most people were still asleep. About that time people started leaving in a rush, tearing out power cables, destroying parts of their vans like stabilisers and awnings that hadn't been retracted properly. We looked at each other and decided to act.
Luckily for us, we had booked one of the highest sites in the area. When we turned up they had actually moved us to another much lower site, presumably so a group could be together. But I insisted on getting the site we asked for, as we had stayed there before and knew it worked well for our five humans and two dogs. So they agreed to move us back, and we were set up on a hill of sorts.
We first tried to pack the van up (not a fast action with the style of van we have, unfortunately) so that we could drive through a small amount of water, but between 5am and 6am the water apparently rose about 4 feet, and there was no chance of us driving out. Instead, we moved the car and van as high as we could get them, and put the two youngest kids on other helpful camper's shoulders, took one bag of valuables, and waded through the water. I carried one dog, and the other swam the best swim of his life. Liz had our son on her back.
It actually didn't occur to me until afterwards that the power that runs to a box on every site that vans plug into and lights sit on top of was on the entire time. It would only have taken one dodgy cable in one van (a very common occurance) for the water to go live. We wandered up to the office, only to find nobody but other cold and wet campers there. After some time staff arrived and appeared to start some basic steps like opening the common room, finding some food and beverages, etc.
So, to recap - we had 400 people camping in a flood plain, a predicted epic downpour, no warnings, no water level alarm (I have these on my property and they cost <$100!), no evacuation procedure to wake campers and take basic steps like switching off power, no staff visible on site for hours after the event started, and, rumour has it, this isn't the first time it has flooded so reporters were kicked out by security lest they ask questions.
After that we elected to leave the park a day earlier than planned, and head towards home. A holiday cut short, but one that could have had a far worse outcome.
Page 1 of 7