I disagree with this guy that HTML is real programming (it's formatting, not programming, and if formatting work is programming then Wikipedia's editors are some of the world's most prolific coders!).

However, I do agree with him that spreadsheet programming is real programming (as well as other programming done using similar tools), and that programming done by an amateur is still real programming/coding, even if no "code" is involved (and frankly, there usually is some code involved even if it's dressed up as something else).

After all, I was programming at age 14, long before I was a professional, and while my old work is terrible it was still real programming. We don't want to make programming even harder for new people to learn with an unwelcome attitude towards learners and people who are not as serious. Having more technical people in the world makes it a better place.

I once had a professional task that was most easily solved by a spreadsheet, so that's the tool I used. We then spent the next few years properly developing the software that replaced said spreadsheet, but in the meantime it was able to shamble along and get the work done, and it served as a template for the final system which has endured. It was also critical at freeing up time to work on the real system. There's nothing wrong with getting a prototype out there that can solve a business problem now, even if the limitations keep it from being more than a temporary solution.

Plus, sometimes that really is all you need, as what really matters in the end is getting the work done. Our profession's typical obsession over long-term maintenance has grown out of the fact that we spend most of our professional time on maintenance, and having software built on solid foundations reduces that burden dramatically. Plus, you never know what "temporary" thing might become permanent ahead of time. However, this general rule of thumb about what's important isn't always applicable, such as when we need software that solves a temporary problem.

Anyway, the "problem" with amateur software isn't the tools being used. A good developer can make clean and effective software even using spreadsheets, while someone who doesn't know what they're doing will make a mess of software even with the best tools and languages.

This is one of the key areas where rules systems messed up, they put a big emphasis on getting domain experts to develop the rules, since it was tempting to the people paying for these systems to only have to pay wages for the domain expert, and it seemed plausible. However, what really happened is that you had people who didn't know how to write logical rules about their domain making a huge mess of amateur code, even when they had domain-specific languages and rule systems to help them out. Once these complex systems of rules got too large and unruly, they simply couldn't be maintained anymore and evolving domains rapidly made these rules systems obsolete.

While rules systems do have other issues, especially for sufficiently complex domians, having the domain experts working with professional programmers leads to a far better outcome, because the programmers know how to keep the system from getting cancerous. They can see when decisions are going to lead to maintenance problems and bring them under control by abstracting them or phrasing the problem in terms of easier to maintain data (or bringing in some relevant hardcore math that a non-expert wouldn't even know about).

The problems this article talks about have the same kind of "professional amateur" problems that rules systems faced. Domain experts are having to write their own software to solve immediate and real domain problems, and since they don't know how to develop software their solutions are hot messes that barely shamble along for now. You know what though, that's okay, the problems they are throwing together this software to solve are not going to go on forever and ever. Even if we continue to face the underlying problems for years, eventually some professional developers will develop tools to solve these very specific problems. So, it's not really a problem at all.

Go domain experts!

Just don't forget the value of the professional software developer! This writer can get off his high horse, tarring our whole profession as something simple that we're somehow complicating so we can make more money...

How is what you're talking about any different than herd immunity? If broad immunity caused by 70% of the population having gotten the virus prevents the last 30% or so from becoming infected, then those remaining uninfected people are being protected by the immunity of the herd. It's herd immunity.

If it weren't for that broad immunity, then the virus could relatively easily spread even to remote and isolated individuals if they have any contact with the outside world.

It should also be noted that even people who are relatively isolated often have to regularly come to central locations (supermarkets, etc.). This will help the virus spread more deeply than an ideal situation where most people aren't coming in to central locations. Even remote places have their central locations tied to even more central locations, meaning that the virus can suddenly hit a small community through their economic hubs (as well as people coming in from hotter areas to visit). This happened recently in a small rural community that I personally know about, one family in the community came down with the virus and spread it to pretty much everyone else because the community wasn't taking the threat of the virus all that seriously (since nobody had been getting sick up to that point, as it was a remote rural community). The people who I know there are in the hospital now.

Also, I'm not making a judgement call here about what "should" happen, I don't want anyone to get the virus, and I take it relatively seriously myself, even when others are not taking it seriously. This is just the situation on the ground here in the US. Many, perhaps even most people are not taking it seriously, and now that an appreciable percentage of the population has it, it's able to spread at an incredible rate. It's not unrealistic that by late winter (or spring of next year) that the virus will have reached most of the population of the US, even with the measures we are taking in the bigger cities (ex. mask wearing being mandatory).

At that point, even if the virus remains endemic like you're suggesting, there's not much we can do about it until a vaccine arrives. Most people will be protected by the herd most of the time, so the risk of getting (and dying from) COVID-19 will plummet. Once vaccines are available, then we'll need to get them like we do for flu shots to help protect the vulnerable, especially as the virus mutates over the years.

We should be taking COVID-19 seriously right now though. As I mentioned, we likely have 3x-6x as many deaths ahead of us if we let it spiral out of control. At 167k deaths right now, that's 668,000-1,169,000 dead overall. While this is way better than the 11,133,000 deaths that the current official numbers would suggest (where only 1.5% have become infected) for letting it max out, it would still give it the same US death toll as the 1918 flu pandemic. By taking it as seriously as many other countries, we could save perhaps 330,000-835,000 American lives over the next year, at which point we are likely to have vaccines available.

While I agree with you on the 10x thing (and it might actually be as high as 15x), 1.5%x10=15%+ of the population is probably not currently infectious, because many people have recovered. This was in fact the whole point of the flatten the curve thing.

If we assume the active/recovered ratio for asymptomatic/unreported cases is the same as for known cases, then as of right now:
2,537,108 active cases / 5,191,762 total cases = 48.87% of cases are active cases

Therefore, assuming 10x then the true proportion of the population that's actively sick is approximately 7.3%.

If 15x is used, it's nearly 11% (With 22.5% infected at some point).

Though I suppose you're right in your point that it's getting really hard to not catch it now, assuming you managed to avoid it up until now. If nearly 1 in every 14 people is actively sick right now then our supermarkets are basically virus-catching free for alls, even with mandatory masks, as people don't really social distance properly among other issues.

We still have 3x-6x as many deaths ahead of us, most of which will probably be in the next few months with the way things are going...

That said, I think you're also right that we'll reach herd immunity much sooner than the official numbers would indicate. At the current rate, we'll reach 70% of the population infected by March 2021 (at 10x) or even December 2020 (15x), and if things continue to accelerate it may be even sooner at the cost of more lives (thanks to overwhelmed medical systems).

If you're old or otherwise at risk, please be exceptionally careful right now. It's everywhere, and I've seen even socially-conscious young healthy people becoming less vigilant as they struggle with the sustained stress, not to mention the folks who don't care or disbelieve.

Old people aren't just chopped liver!

The idea that just because the fatalities are concentrated in the old, COVID-19 isn't a national tragedy on the scale of a major war or 9/11 is even more galling once you consider that there's a decent number of middle aged people (there's about as many middle aged fatalities as old fatalities) and some younger people caught up in all this too.

So, if you don't like a direct comparison, why not look at YLL (Years Life Lost)? Here's a paper that does the comparisons for YLL and DALYs in Korea back in April: https://www.ncbi.nlm.nih.gov/p... I'm going to focus on YLL because the YLL numbers are the vast majority of the DALYs and the disability part of the DALYs are primarily shouldered by the relatively few young people (and also YLL is easier to understand and closer to the direct fatality comparison).

If you use the numbers from this paper, the average YLL per fatality is around 9-10. This makes sense because a 75 year old male actually has a 10 year remaining life expectancy, and the younger people would bring that number up even higher. I suspect from back of the envelope calculations that the YLL is closer to 15-16 per fatality in the US due to more middle aged people dying compared to these Korean numbers.

So, if you scale those numbers up to today, you have 707,158 deaths worldwide = 7,071,580 Years Life Lost (conservatively) or 10,607,370 YLL (less conservatively). In the US those numbers are 160,988 deaths in the US = 1,609,880 Years Life Lost (conservatively) or 2,414,820 YLL (less conservatively).

In war, most of the soldiers killed are in their early 20's, so they have around 55 years of life expectancy. It's actually surprisingly hard to find these records, as I was only able to find the ages of enlisted men killed in Vietnam, which was around 3/5ths of the fatalities. Let's conservatively say that it's 50 YLL per casualty once the officers are included. In that case, the overall US Military Vietnam War YLL was 2,995,250 YLL, so in terms of YLL we're 50-80% of our way to a Vietnam War thus far this year depending on whether you use the conservative or less conservative numbers. It'll almost certainly be a Vietnam War's worth of YLL by the end of 2020.

Even this is not a fair comparison though, as COVID-19 is FAR more intense than the Vietnam War. COVID-19 has been active between 5-7 months, depending on whether you count it from the first case or when it started to get really intense. The Vietnam War ran for 20 years, 8 of which were high intensity. The worst year of the Vietnam War was 16,899 casualties for the US military, which comes out to 844,950 YLL. Even the conservative YLL for COVID-19 is 190% of the YLL for the worst year of the Vietnam war, but in 5-7 months instead of 12 months.

During WWII, an average of 220 military personnel died per day, so when adjusted for the 5x higher YLL of younger soldiers, that comes out to any day with 1,100 US casualties to COVID-19 being more intense in terms of YLL than WWII, and there have been many days like that, especially recently.

The comparisons to 9/11 are even more apt, as there was a much wider age mix involved in 9/11. Even if we assume the average age mix for 9/11 was the same as for soldiers in a war, we're still experiencing a 9/11 worth of carnage every 15 days! It's probably realistically more like every 6-10 days.

If we're going to lose our shit over a single 9/11, and decide to "never forget", then why should we be calm about repeated 9/11s every week or two? Why should we be calm about the level of carnage experienced during WWII happening almost every day?

Most of the people dying, while old, are not just "waiting to die" (especially the middle-aged deaths), and the sheer number of fatalities more than makes up for any reduction in tragedy per person. A lot of golden years are being wiped out here.

I'm doubtful that the US government will actually do what Trump is saying here.

If it does then it's a big problem because that is serious corruption under its own laws, but I think that once this is out of the Trump limelight that the administrators that are actually running the Treasury and other regulatory bodies involved will do the correct, non-corrupt process. Even if they do participate in this corruption, it'll probably go to court and get overturned. This has played out over and over again over the past 4 years.

I do worry about another 4 years of assaults on our institutional norms though. Trump and his supporters inside the government have become bolder and resistance to this kind of craziness has been slowly weakening. While I think our institutions would survive another 4 years, the damage in the last 4 years may be substantial, especially since he won't have to worry about re-election.

I'm also unsure just how big of a regional/global impact it would really have, since as mentioned before I'm not really an expert here, I'm just saying that it's an effect we need to watch out for and do more research on.

Even if plant transpiration is just 10%, a 10% global difference in moisture could have a profound effect, in the same way that the seemingly small increase of global temperature by 4C would also be completely catastrophic. As I mentioned earlier, it could be that the 1%-3% initial effect triggers knock-on effects elsewhere that leads towards higher percentages. The fact that we're also grappling with a temperature increase at the same time certainly won't help either.

I don't think the worst case scenario will fully wipe out humanity, as we can adapt to living on a desert world, but the damage from such a scenario would be catastrophic. Billions of humans would die, essentially all of wild nature as it exists today would be wiped out. As the world dies, the conflicts between different groups of people over the few spots that can survive longer (as well as over any engineered life support systems we manage to build before things hit the fan) would be intense. It's reasonably likely that this could lead to a nuclear war as nations with nuclear weapons that experience complete desertification lash out, and even if not the gigadeath from famine and heat waves, as well as the intense instability and war caused by mass migration and desperate countries trying to survive would make everything we've ever been through as species seem like a cakewalk in comparison, both in relative and absolute terms.

That is, of course, the worst case scenario. Will it actually come to pass?

Well, thanks to global warming, even without deforestatation we are heading in that direction over the next century or two. Our planet really "wants" to become a desert, and the only thing stopping it are the (rain)forests and glaciers that were formed during earlier eras (as well as deliberate human action in areas to reverse desertification, though on the whole we are causing more desertification than we are offsetting at the moment).

That said, we know about global warming and it's a very slow but fairly predictable process (over the long term). It could take a century or more for a mass die off to occur, and hopefully we'll curb our emissions and figure out effective geoengineering measures by then. The danger with deforestation is that it could trigger this scenario on a much faster timescale, in decades and not centuries, and give us far less time to react. We would reach a tipping point and only realize a few years later just how screwed we are, as things spiral out of control shockingly rapidly.

More research into this topic is definitely a must. After all, if Brazil's internal policies are putting the whole world at risk, wouldn't we want to know about it before it's too late?

Also, even if it is a purely local problem, the consequences could be horrific. A desertified South and Central America would probably kill around a quarter to a half billion people, destroy nearly $7 trillion in yearly economic value, along with perhaps $100 trillion in direct damages. It would trigger an unprecedented refugee crisis in North America (and worldwide), as hundreds of millions of refugees poured out of South and Central America. This refugee crisis would be in the middle of North America suffering from any regional climate effects, which could cause crop failures and thus reduce how many people North America can take on, leading to severe conflict and famine. Since North America is currently a major food exporter, it may be able to cope depending on just how bad the regional effects are, but it would likely cut those food exports off from the rest of the world, creating suffering and death worldwide in a hard to predict pattern. It would be the worst catastrophe we've ever experienced, even if the world as a whole manages to cope and not collapse.

While the guy who responded that there might not be enough oxygen is misinformed, and this study is hugely oversimplified, the threat of an Amazon rainforest collapse to ecosystems even in North America is not unfounded due to the vast impact that the Amazon has on the water cycle. Basically, without the Amazon, the region and nearby regions would not be nearly as wet as they are today, because the rainforest trees create the wet conditions.

https://www.researchgate.net/p...

A completely deforested Amazon would at a minimum turn Brazil and most of the surrounding countries into vast deserts in a shockingly short period of time. The current rivers and other freshwater sources that most South American communities rely on would dry up too. It would basically be the end of the world within the region, with the only communities surviving having major alternate sources of water, like glacial ice and Andes rainfall in Chile.

It's hard for me as a non-expert to evaluate how far the desertification would reach, but it's reasonable that it could cause heavy desertification and deforestation as far away as North America and Africa, if not worldwide. Secondary desertification could then cause further deforestation and desertification, until in the worst case we end up with most of the world as more or less one huge desert, especially if these trends are accelerated by global warming.

So, even if the US and Canada are doing responsible forest husbandry, it's quite plausible that events elsewhere in the world could send the world over a tipping point that local action can't halt.

Side note: one more possibility for making solar viable early on is that it might be possible to build tall solar towers at the poles that can rotate to face the sun constantly. This is made even more plausible by the fact that the moon has far lower gravity, permitting much higher towers. Even space ladders are plausible with normal construction, so such tall solar towers shouldn't be a problem. The poles are also excellent sites for a variety of other reasons.

The main downsides with this approach are that it drastically limits the acceptable sites to just two, it's a pain in the butt to get into a lunar polar orbit that would permit landing at these sites, and building huge polar solar towers is a big space industry project that would probably be more difficult than assembling a prefabricated nuclear reactor on the moon.

The initial power source is solar. You're right that solar is actually a better power source in general on the moon, and in the long run the moon will mostly run on solar, but nuclear has some advantages even on the moon, especially right now.

The first major advantage is that nuclear will run constantly while solar will run for 14 earth-days straight before not running 14 earth-days straight. This issue with solar can be fixed either with batteries or a moon-wide electrical grid that can transmit power from daytime to night-time areas. There might be other clever solutions, like huge space-based mirrors that reflect solar energy back to the ground station consistently, but there's a lot of issues with that idea, such as how these mirrors would have to be pretty huge or like how there's only 4 stable lunar orbits (https://en.wikipedia.org/wiki/Lunar_orbit).

The second major advantage is that one of the major goals here is to build a space economy to help colonize the rest of the solar system, and having nuclear power proved out on the moon will make it far easier to jump off to the outer planets, where solar is not a good option. Plus, with a stock of material available on the moon, it'll be able to produce and launch outer system ships without needing to source it from Earth.

Here too, in the long term fusion and space-based fuel sources will take over, but for now fissionable sources from Earth can help jump-start the construction of the space economy that will make these long-term options viable.

https://www.youtube.com/watch?...

For clarification, the master key can only be read with an electron microscope if it's used for key enrollment. To enroll a new key, you need the private key locally, so you can read the newly enrolled key. Since the private key is available locally, any attacker that can read it out of the hardware can then enroll any key they want, even if they initially lack the public key, because they can derive it from the private key. You can make the process of analysis to get said private key out really tough, but in order for the computer to self-unlock and start working it has to have some mechanism to access the private key embedded into the hardware, and any sort of user-specified secret inputs (ex. initial password) will be under the control of the attacker. These user-specified secret inputs are how an individual device can be secure from this kind of attack.

The ability to hide the master key entirely is (presumably) one of the pluses of the "one master key unlocks all communications" method that has gotten more attention. In that case, we can hide the master key because the vulnerability of generated keys to the master key is hidden in the algorithm that generates new keys locally, or perhaps the master key is involved in the creation of individual keys. Either way, not only is this method more dangerous in a breach (attackers get access to all past and future communications) but if the algorithm design has the key then it may be possible to reverse engineer the key from the algorithm, and if the master key has to be used to create individual keys, then it will get more exposure and thus be harder to secure. Still, it might be conceivable that it could work as long as the master key is kept secret.

Don't let me stop you if you think you've got this figured out. From a purely technical perspective, it would be a valuable problem to solve and have several other applications. For instance, it would be valuable for being able to send out extremely well trusted updates. It would allow for other forms of highly trusted communication as well.

That said, it seems like it all still relies on the uber-valuable key (or relatively small set of keys) that is distributed across all devices and which is not easy to change if compromised. Furthermore, said key would allow attackers to hijack the system entirely.

Let's say we had a system that directly relied on a single uber-powerful key, and it was compromised. A successful attacker would gain access to all encrypted communication, as well as all past communication. However, while compromised the system would continue to otherwise work as intended, it's just that the attacker would have a transparent view into all secret communication.

Let's say the uber-powerful key was instead used as you propose, to register new keys. A successful attacker would be able to replace all the keys across the board. They wouldn't automatically get all previous communication, which is a nice property. However, they would also be in control of the new keys, so they would be able to see all communication done with these keys while also locking out the originally intended recipients out as long as the system was compromised. What happens next would depend on other systems put into place, but if there's some way for the system to lock down in the face of a compromised key, the attackers would use that system to lock the original party out, unless it was similarly secure and not compromised as part of the same attack (and due to the widely deployed nature of the system, you are not going to be able to keep a parallel security system secret, so any pre-planned attack will try to compromise both systems). On the other hand, if devices continue to haplessly accept new keys as long as they're given the right master key, then you'd get into a constant game of cat and mouse, with the attackers and the original party changing the keys back and forth in an attempt to wrest control of the system from each other. Worse yet, if the encryption used to send the new key is the compromised encryption, then the attackers get the new key, so they continue to see future communication even if the system is restored to being usable by the original party.

The real achilles heel here though is the lack of trust between the user and the authorized party. Not only does the lack of trust make a breach expensive to fix (baking the key into the hardware is ideal from a tamper-proof perspective, but then all devices have to be replaced after a breach), but in addition if there ever was a breach, not only would there be immediate fallout, but you'd also have to make it illegal to own and operate old devices with the compromised key (and for that matter, going from today to this new situation would lead to a similar problem, all current hardware and software using encryption would become illegal and have to be replaced).

Consider the situation where there's a hardware key baked into all devices, and a breach allows attackers to hijack the encryption system (but not the underlying devices). In order to go back to things being secure, we have to replace all devices with new devices containing the new key (or at least a new hardware encryption module, if it were modular). However, what's to stop devices using the old compromised key from continuing to circulate, both innocently and on purpose? Criminals and spies would definitely use the compromised systems, as they can provide plausible deniability about their activities (oh, I didn't realize my device needed replacement!) while still maintaining control over their encryption and locking out law enforcement. The only way to plug this hole is if it were made illegal to possess these devices after a replacement period was over. However, this would be even more burdensome on the public, you could go to jail over some old dusty computer in your attic or businesses could be penalized due to embedded devices that were overlooked. And who's going to pay to replace every computer in the country? We're talking in the ballpark of $1 trillion here.

Putting the key in software or firmware makes this system pretty much useless, as it opens up the possibility of subverting systems. Not only would attackers subvert their own personal systems, rendering the system useless for its intended purpose, they'd also subvert any and all systems they can get their hands on in order to provide cover for themselves. If 30% of all systems have compromised keys due to malware (this is based on current figures), then they have a lot of plausible deniability for why their system is subverted.

So, since you can't trust the user (as the target user is untrustworthy by definition), you have to use a hardware key embedded into all devices, and you have to make it illegal to own a device with an old key (or no key). This means that both the initial implementation and every breach costs the US something like $1 trillion (plus any direct damages from breaches). That is, at least, if we want this idea to actually work in practice...oh, and on top of that it still won't work because target users can just encrypt their message with encryption they trust and then use the official encryption to pass as normal traffic. Unless all traffic is being inspected for illegal encryption, then this will not be noticed, and the only advantage law enforcement gets here is that they can imprison someone they catch with an illegal encryption program just for possessing it (or having used it and their message getting caught). They still won't know what was said, just that encryption happened.

So this particular application of such a system is just madness. It costs as much as 100 Mexican border walls and doesn't work. Even a well designed system would invite our enemies to pour massive resources into compromising it, even if just to cause us a trillion dollars in damages, and I am doubtful that the perfection required to protect it is possible for long. It's massively burdensome on the public, both in terms of the tax dollars required to pay for it and the legal instruments required to enforce it, not to mention the immediate havoc a breach would cause as all encryption suddenly became useless and the attackers suddenly gained access to more or less all online traffic.

This also doesn't even get into how much of a pain in the ass this will be for anything and everything international. If real encryption is legal elsewhere in the world, then how do you negotiate which encryption to use with international users? They'll want to use real encryption, but it'll be illegal for you to do so. Even if they agree to use US encryption, wouldn't they need a key? You can use your US encryption supplied private key to decrypt messages sent to you from them, but to go in the other direction they would need a private key that you or the system supplies, but how do you send them a key if they can only send you messages?

The icing on the cake is that if the hardware master key is accessible to devices that need to use it, then it'll be readable by attackers with an electron microscope. China and Russia would be able to read it without having to breach US security at all, they'd merely have to buy a piece of commodity US hardware and analyze it. There's no way we could possibly secure all US computers within the country.

That said, the kind of system you're proposing is potentially useful for situations where you can trust users (ex. official software updates), so I think it would be valuable to figure out the technical specifics anyway.

Physical security is hardly a protection for such an incredibly valuable key. This is doubly true if it's not just available to the top law enforcement agencies (ex. just the FBI), but available more widely to other police agencies.

There was a story a little while back about how a South African bank had its master key stolen and used by the thieves to take everyone's accounts for a ride. Most of the initial comments were about how they should have used HSMs, but then it turned out that they had used HSMs and otherwise done everything right, but the thieves were insiders.

The kind of master key (or set of master keys) that would be valuable to law enforcement would be baked into pretty much all of our firmware and software (maybe even hardware too so it can't be easily circumvented) nationwide. This would give the key(s) off the charts value to both criminal organizations and other nations. There's no doubt in my mind that China, Russia, and many others would pour massive resources into getting their hands on these keys, and them being in physical HSMs will not be a particular deterrent to these kinds of state actors, who can also give defectors a place to live after their defection. The fallout would cost our nation many billions or even trillions of dollars, between both the direct damages from the resulting attacks and the cost to replace the keys across all our devices.

Even if the key(s) are only available to the FBI and only brought out occasionally, it would be near impossible to keep the keys secure due to the intense spy efforts devoted to stealing them. It might last a few years if they do a really good job at securing it, but it'll get out and cause massive devastation within a few years.

If the keys are available to local police, then forget about it. No matter what technical wizardry and legal enforcement you throw at the problem, it's basically just going to lead to wave after wave of breach.

This is basically like building a gun to point at our nation's head and trusting that China and Russia aren't going to pull the trigger. It's complete madness.

Plus, on top of all this, criminals will still use real encryption, so it won't even really do what it's supposed to.

Well, at least we know the number of other players on our galactic map. Whoever set this game up really loves those absurdly long epic games.

I dunno...that sounds like a lot of work...and money, and risk.