Jump to content

Recommended Posts

Posted
On 9/30/2018 at 10:15 PM, Igor said:

This talks to AR100

 

That's a bit of a concern these days...

 

We have a ipblock/processor (the AR100) that has better than root access to memory that can read/write at will

 

I repeat - having access to memory is having access to OS and IO at a layer deeper than root...

 

@chwe - yes, interesting indeed...

 

Note the bloomberg thing with BMC's on servers...

 

https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

 

Allwinner probably needs to be clear on what that AR100 does - not just a blob, but source...

 

 

Posted
19 hours ago, sfx2000 said:

We have a ipblock/processor (the AR100) that has better than root access to memory that can read/write at will

Which arm SoC doesn't have 'unknown'/undescribed IP blocks? Amlogic calls it powermanagement processor which does the whole frequency scaling stuff (cause blob only, you've no idea what else it can do). See:

 

Raspberry has the VC4 with threadX which does everything expect what it allows that the kernel can do.. And, they regularly 'update' the 'firmware', you've to trust that the RPi guys do sane things there, otherwise no RPi for you.

Intel calls it management engine highly undocumented.. And cisco calls it their whole business model..  :lol: At least in Allwinner-world, you don't need it. Everything which was done by this IP block in the BSP kernel is now done by the arm cores. The core is there happily doing nothing. But if blobs concern you, you probably couldn't use any wifi/modems (see the new wifi chip for the iPhone which has an x86 core inside it's baseband chip https://lcq2.github.io/x86_iphone/).

Besides 32KiB brom blob, there's nothing left on Allwinner. You probably might save some ZX81 boards from ebay? :D 

300px-Sinclair-ZX81.png

Guess how this dual link up displays in those days do what they do? The whole display output goes likely to a 'unknown' SoC which you've no idea what it is capable to do. Monitor network traffic is likely the only thing you can do to 'get some sort of security'.. 

Who of you gets your dsl modem from the ISP? Who has access to the firmware there? Likely all your network traffic goes over this box, do you really know what this box is doing? Is your whole local network traffic encrypted to ensure the ISPs modem/wifi AP doesn't listen to it? I can't even access my modem, configuration is only possible over a webform on their website, if you don't have internet access - no configuration (anyway very limited)... :lol:

I could buy a media converter or an SBC with SFP cage with the corresponding transceivers and then manage it with an arm board but they don't give you any support for such a configuration. Happy debugging when something is messed up... :lol:

The time were you could have 'full' control over your hardware is likely to be over... :ph34r: But hey at least your hardware is 'smart' now.. :P 

 

Splitted this part into daily tech news.. I think it fits better here cause a way off-topic for high temps in mainline.. :) 

Posted
25 minutes ago, chwe said:

Who of you gets your dsl modem from the ISP? Who has access to the firmware there? Likely all your network traffic goes over this box, do you really know what this box is doing? 

You kind of have to trust your ISP, all your internet traffic goes through them, regardless of the router.

If you don't use its built-in switch and simply connect the ISP router to another switch, it doesn't have the ability to see any local traffic, other than what the switch directs to it.

Even if you do use its built in switch, not all routers have the capability to sniff other traffic.  It depends on what chip they use for the switch.

Posted
1 hour ago, chwe said:

Which arm SoC doesn't have 'unknown'/undescribed IP blocks? Amlogic calls it powermanagement processor which does the whole frequency scaling stuff (cause blob only, you've no idea what else it can do). See:

 

The whole Bloomberg article raises some interesting points however...

 

Dropping a "spy chip" on the board seems like more effort than needed, when the board actually has at least two processors that have sub-Ring0 access - the BMC (Aspeed's AST family is very common), and then of course the ARC or x86 cores in Intel (and Tensilica on AMD, along with the ARM on the Zen/Epyc chip itself). BMC's on servers recently had an interesting run of problems - if you have Dell in your data center, might want to check if DRAC updates are available, as folks found a way to hack that...

 

https://www.servethehome.com/idracula-vulnerability-impacts-millions-of-legacy-dell-emc-servers/

 

Would be easier to hack the firmware in those that develop some dedicated microcontroller and firmware that Bloomberg asserts... heck, on x86, because of the mess that it is, just fuzzing the chip can find undocumented instructions that give one god mode

 

https://github.com/xoreaxeaxeax/rosenbridge

 

As you mentioned, on RPi, why not go after VCOS/ThreadX - 10M plus devices out there make that a sweet target for those who would have the resources.

 

On the low end - AllWinner, Rockchip, and others - keeping in mind that they generally pull in IP blocks and assemble them - it's not just the ARM cores, and GPU's from ARM/Imagination, etc, but IP blocks from Cadence and others for UART, USB, SD, I2C, SPI, Power Management, etc...

 

It is quite literally like Lego's - snap the parts together in VHDL, and ship it to a fab - pay for whatever process one wants (28nm, 40nm, 7nm Finfet), and some QA afterwords...

 

 

Posted
5 minutes ago, sfx2000 said:

As you mentioned, on RPi, why not go after VCOS/ThreadX - 10M plus devices out there make that a sweet target for those who would have the resources.

Likely cause there are a bunch of easier targets... https://en.wikipedia.org/wiki/Mirai_(malware)

And.. the IoT hype just starts.. Everyone needs a smart coffee machine those days.. :lol: Mine is 100% save from getting hacked.. 

244-78004438-ES060200_M?$PDP_M_ALL$

:lol: and, it makes a good coffee too..

 

17 minutes ago, chrisf said:

If you don't use its built-in switch and simply connect the ISP router to another switch, it doesn't have the ability to see any local traffic, other than what the switch directs to it.

then it comes to, do you trust the router/switch more than your ISP? Questions over questions.. :lol: Cause I'm not the only one using my local network, I need a system which 'just works'.. No fancy configuration no cool defined vlans to separate everything, quite sure it would fail for one of the other users. My ISP is the biggest player here.. and it's their only fiber modem they offer for private usage.. So I hope, they know what they're doing and hopefully don't fail hardly (even when they showed that they're able to brick DNS resolution, so that I had to configure all devices in the local network with external DNS servers and when tech. support doesn't know what dns resolution means it's getting funny to explain them 'what doesn't work' :lol:).. At least when they do, the whole country is affected.. :lol:

 

25 minutes ago, sfx2000 said:

if you have Dell in your data center

I'm really happy that I don't have to manage data-centers... :lol: My workplace looks more like this one (having so many solvent/waste bottles in your 'experimental' fume hood isn't recommended but lab-space is expensive so it's often not your decision.. and an prepared opened separation funnel just asks for getting filled without closing the tap frist :lol: but different people have different work-flows in their hood - some may prefer cleaning more than doing experiments...):

bench.jpg

 

a digital hotplate means it has a LCD display... :lol: And a few of them have serial ports which would make it possible to access them via some outdated software but 'nobody' does this.  You don't want that it looks like this, cause your quick and dirty programmed temperature profile had a small typo.. :D 

HotplateFire.jpg

 

Posted
4 minutes ago, chwe said:

And.. the IoT hype just starts.. Everyone needs a smart coffee machine those days.. :lol: Mine is 100% save from getting hacked.. 

244-78004438-ES060200_M?$PDP_M_ALL$

 

Hehe - we're an alexa free-zone here... (there's Siri, but that's extremely set back in settings on the devices)

 

I have the same coffee maker - and yes, it's old-school, but it works :D

 

The lab-space looks a bit scary, IMHO - data centers seem to be a bit safer (less problems on one, but multiplied by many)

Posted

One of the fun things...

 

Make a tin-foil hat and be ready for this...

 

American Hackers, Russian Hackers, China and Israel... I think he somehow missed Iran and North Korea, who are also very accomplished there, along with the French and UK agencies...

 

https://danrl.com/blog/2016/travel-wifi/

travel-wifi-many-firewalls.jpg

Posted
9 minutes ago, sfx2000 said:

The lab-space looks a bit scary, IMHO

well, here's some PR stuff how people think a lab should look like..

58771481-desk-in-chemistry-lab-with-samp

better? :D But, we don't use plastic molecule models in our lab.. Acetone for cleaning will likely f*ck them up (a bunch of plastics get dissolved by acetone, and acetone is common to clean stuff in the lab).. 

 

We don't dissolve potassium permanganate that often to get those nice purple solutions (we do it.. but then to oxidize TLC plates).. Or Copper sulfate for the blue one, or basic phenolphthalein for pink and methyl orange for the orange one..  That's not how chemistry looks like.. :lol: Your products are mostly brown, or yellow, or ocher, or tones of those colors before purification.. sticky brown residue describes the product often best.. :lol: Such nice looking crystals 

crystals1.jpg

is something you only grow if you do x-ray for structure determination and you didn't run out of budget (x-ray is done by other experts, and they're expensive and the whole process is time consuming).. 

The fume hood I showed isn't a perfect one, and I would change several things, but it's a realistic one. I saw a bunch of worse fume hoods during my career.. 

There are even people proudly show their mess on reddit.. :ph34r:

Have fun to explain your insurance company that this is an appropriate work place if you burn something down.. If you didn't have time to clean your mess partly during a 14h prep session, you did IMO something wrong.. But well, chemists tend to be messy..  :lol:

 

 

Posted
16 minutes ago, chwe said:

Have fun to explain your insurance company that this is an appropriate work place if you burn something down.. If you didn't have time to clean your mess partly during a 14h prep session, you did IMO something wrong.. But well, chemists tend to be messy..  :lol:

 

 

With Telco - errors have a lot of magnitude - 10LogR level...

 

Up until the M&A with ATT - I ran Leap Wireless' AAA/HSS, OTASP, and Messaging platforms as the Systems Engineer that scaled a platform for 20M customers...

 

SBC's are a bit of a hobby now - did a stint with a startup that did Robotics up until last May (yes, it's complicated)

Posted

https://www.bbc.com/news/technology-45792349

 

byebye google+ I won't miss you, the 5-6 times I was on my google+ site which I got without asking for it. I guess every gmail user had a google+ site right? No idea, it was just a mess to get back to my gmail account..  :lol: But going down with private info of 500k users accessible by third parties.. Sounds like they deserved that it's going down... 

Posted
2 hours ago, chwe said:

byebye google+ I won't miss you, the 5-6 times I was on my google+ site which I got without asking for it. I guess every gmail user had a google+ site right? No idea, it was just a mess to get back to my gmail account..  :lol: But going down with private info of 500k users accessible by third parties.. Sounds like they deserved that it's going down... 

 

THat one was odd... and a very small group that was exposed - around 500k users

 

Compare that to the total number of gmail users, it's a small number actually

 

If anythings, it shows the overall success (or not) of G+

Posted

Going back to the whole BMC issue....

 

Was odd that Servethehome.com brought up BMC's and the DRAC thing just before the Bloomberg article popped up...

 

First was their BMC discussion...

 

https://www.servethehome.com/explaining-the-baseboard-management-controller-or-bmc-in-servers/

 

And then the iDRAC disclosures...

 

https://www.servethehome.com/idracula-vulnerability-impacts-millions-of-legacy-dell-emc-servers/

 

https://www.servethehome.com/broader-implications-of-idracula-vulnerability-a-perspective/

 

Were they tipped off? Timing here is interesting...

 

SuperMicro took the hit - bloomberg.com is a financial site at the end of the day, and SuperMicro along with the two scalers (Amazon and Apple) were mentioned.

 

A few weeks back - somebody wanted to expose HP ILO to the internet for remote management... and I strongly warned them against it.

 

BMC"s are a raging tire fire with regards to security. so many providers do keep them on a more secured management LAN outside of production.

 

Anyways - look at the vendor provided BSP's - only the Shadow knows what code is there... better bet is here perhaps, rather than the board/chip BSP's...

 

This sub-thread came from discussion on the AR100 on the AllWinner H3 chip - to actually use it, one has to enable the ARM trust stuff, otherwise not...

 

 

Posted

sub-buzz-5714-1495010070-1.jpg?downsize=

https://www.sec-consult.com/en/blog/2018/10/millions-of-xiongmai-video-surveillance-devices-can-be-hacked-via-cloud-feature-xmeye-p2p-cloud/

 

Todays funny one: Crappy camera with crappy cloud. You probably don't even know that your *IoT camera toy* is from xiongmai cause those are sold under various names... Due to 'sane security settings' your default credentials for the camera is:

Admin/no password, and even you set a password there's a 'hidden account'  with NAME/PW = default/tluafed (which has at least have permissions to access/view video streams). Cloud IDs are generated from: 

Quote

So how does this “XMEye P2P Cloud” feature work in practice? Each device has a unique ID, called cloud ID or UID. Here is an example: 68ab8124db83c8db. Using this ID, the user can connect to the device through one of the supported apps. One would assume that the cloud ID is sufficiently random and complex to make guessing correct cloud IDs hard. Well, it’s not!

We reverse engineered parts of the Xiongmai firmware and found that the cloud ID is derived from the device’s MAC address. The MAC address is not a good source of randomness. It has a well-defined structure: a 3-byte OUI (organizationally unique identifier of the vendor) + 3-byte NIC ID (Interface ID). Xiongmai uses a few different OUIs and assigns interface IDs in ascending order. Further details can be found in our technical security advisory. This makes it easy for attackers to enumerate potential MACs/cloud IDs … and find valid ones. E.g. by trying the cloud ID for MAC  001210FF0000, 001210FF0001, 001210FF0002 and so on.

 

and they estimate that there are a bunch of devices using xiongmai hardware

  • Hop server location China: 5,438,000 online devices
  • Hop server location Germany: 1,319,000 online devices
  • Hop server location USA: 742,000 online devices
  • Hop server location Singapore: 697,000 online devices
  • Hop server location Japan: 577,000 online devices
  • Hop server location Turkey: 189,000 online devices

further funny:

Quote

MAC OUIs are assigned by the IEEE. Registering an OUI costs money ($2,820). Interestingly Xiongmai does not own a single OUI, but instead just appropriates the OUIs of other companies.

 

If you now look into this list:

Quote

001210 WideRay Corp

001211 Protechna Herbst GmbH & Co. KG

001212 PLUS Corporation

001213 Metrohm AG

001214 Koenig & Bauer AG

001215 iStor Networks, Inc.

001216 ICP Internet Communication Payment AG

001217 Cisco-Linksys, LLC

001218 ARUZE Corporation

003E0B Not assigned

is seems they've a preference for German sounding companies (except Metrohm, they're Swiss-based and they do in analytical chemistry) or they were just lazy cause the numbers are ascending from 1210 to 1218... :lol:

 

Lessons learned: every crap accessible from outside of your network should be bought by a trusted resource. Whereas 'trusted' for 'cloud cameras' IMO seems to be not possible. The only reason I still use RPis is to get a 'security camera' which can be 'more or less' trusted (e.g. replace default pi user, manage it over SSH keys and send the pictures encrypted to a dump 'free cloud storage provider' encrypted locally when I have a look at them - sounds insane but I think they don't need my pictures for their algorithms.. :D ). 

Posted
9 hours ago, chwe said:

sub-buzz-5714-1495010070-1.jpg?downsize=

https://www.sec-consult.com/en/blog/2018/10/millions-of-xiongmai-video-surveillance-devices-can-be-hacked-via-cloud-feature-xmeye-p2p-cloud/

 

Todays funny one: Crappy camera with crappy cloud. You probably don't even know that your *IoT camera toy* is from xiongmai cause those are sold under various names... Due to 'sane security settings' your default credentials for the camera is:

Admin/no password, and even you set a password there's a 'hidden account'  with NAME/PW

 

Weren't these 'things' also part of the mirai (and derivate botnets)?

 

Folks were always concerned a bit on the end devices, but that cloud is a pretty sweet target for folks....

Posted

After all those bad news.. It's time again to show a nice one. :) 

https://solar.lowtechmagazine.com

They host their blog now on an olimex lime2 with Armbian and a solar cell. Besides switching to a static website they also used dithering to reduce the image size (and a nice retro look for those who like it).  I really appreciate that they provide a detailed article with the technical details as well:

https://homebrewserver.club/low-tech-website-howto.html

with how to's and a bunch (or everything?) of scripts open-sourced. For me it looks like a well crafted setup. But I'm neither a EE nor @tkaiser (for the OS related reduction of power consumption) to give a proper statement. But they're open for improvements, so let them know if you spot something. :) 

 

Posted

one for the Americans here (unfortunately the article is in German):

https://www.heise.de/newsticker/meldung/Genetikdatenbanken-erlauben-bald-Identifizierung-fast-aller-weissen-US-Amerikaner-4193094.html

but based (partly) an a science article:

https://www.sciencemag.org/news/2018/10/we-will-find-you-dna-search-used-nab-golden-state-killer-can-home-about-60-white

 

Do you guys really think upload your DNA profile to a 'unknown' DNA database is a good idea? Really? 

Quote

Research

We may use your data in our own research, to develop or improve applications.

Quote

Updates to This Policy

We may update the GEDmatch.Com Terms of Service and Privacy Policy at any time. We will inform you of updates by emailing you at the email address you have provided to GEDmatch, and/or by posting an announcement on the Site. You agree to review the updated terms and policy, and by continuing to use the Site after we have emailed you or posted a notice on the Site about the update, you accept the changes to the GEDmatch.Com Terms of Service and Privacy Policy.

or

Quote

We cannot predict what the future holds for DNA or genealogy research. We cannot predict what the future will be for GEDmatch. It is possible that, in the future, GEDmatch will merge with, or operations will be transferred to other individuals or entities. If that happens, the operating personnel at GEDmatch will change. GEDmatch reserves the right to provide access to your data (including Raw Data, Genealogy Data, profile information, and other personal information) to those other individuals or entities, which may include people not currently involved in GEDmatch operations....

 

well GEDmatch.. it's quite easy.. your service might soon be merged with Facebook or Google.. :lol: Suggest new friends by DNA match Facebooks new super hyper feature... :ph34r: Please don't share your DNA results with *random website* it might bite people you don't even think about.. Soon we'll be in a time where determining your whole genome is available for *average joe* for an affordable price. Background: the current DNA kits only fingerprint some regions of your DNA.  Mostly regions we think are 'interesting'(depending on the question, the 'interesting' regions differ am I getting breast cancer differs from is @TonyMac32 my daddy.. :lol:).. The more regions you test, the more it costs (you need more/different primers to amply the target DNA pieces and/or 'cut' it differently depending on the test you do - this stuff is highly automatized in those days but BOM is higher). If you determine now the whole genome the technique differs (buzz-word next generation sequencing). You don't only determine region of our DNA, you determine the whole DNA, once you have it you can look into the interesting regions without any limits. Cause your genome is roughly 99% the same than mine loss less data compression for your genome is ~4MB (if you're differ more than 40% from me you're likely a banana.. - basic functions of cells are similar solved in a banana and a human). The price for sequencing your genome dropped a lot since 2001 (that's when the first genome was more or less finished):

costpergenome2015_4.jpg

so now we're in the 1000$/genome region and we assume something like ~100$/genome to be realistic (depending of allowed error) in the next years.

 

Have fun when your uncles and aunts (or their kids) decide it's cool now to upload their genome to some garbage page. From there we can make assumptions if Tony is not only your daddy.. We'll also see if your family has bigger chances for *insert random illness here*. Not 100% precise but who cares..  When I'm 50% sure that your family is prone to get breast cancer the insurance which catches the newest therapies for breast cancer is so expensive that you'll likely not paying for it (breast cancer is just a school bock example cause a lot of research was done in this field, you can replace it with every sort of cancer cause those are interesting topics in genetics at the moment - and for sure interesting for your insurance company too.. modern cancer treatments are expensive as hell :rolleyes:). 

 

It's likely a bit a pessimistic opinion here.. But well, once your data is uploaded it must be seen as 'made public' chances that *random collecting web-page* loses your data cause not being able to protect them or their terms allows it explicit is high enough. What happens to your data once the company goes out of business is also not cleared. Hint: they sell everything they can to make some last bucks, DNA profiles of millions of people could be worth a few bucks.. :lol:

 

Posted

No one has gotten a sample of my blood since 2004 or so. I don't want to risk that they recognize any modifications...

Sent from my Pixel using Tapatalk

Posted
2 hours ago, TonyMac32 said:

No one has gotten a sample of my blood since 2004 or so.

well if it's in a samples freezer at -80°C it's not much an issue.. And I don't need a blood sample to determine if you're my daddy.. :lol: In theory 1 random cell with DNA will do it. In practice something like 5-20 cells will do it (when needed)..  One mL of saliva has roughly 500k cells.. so chances are high that an old beer of you will do it.. :lol: Depending how much I'm interested to get your DNA. Blood samples here are more regulated, that's why DNA profiling is mostly done with saliva.. 

 

And the funny story.. If I have your brothers-, or your uncles-, or your aunts son's- DNA I still can partly determine yours without even meet you. 

jpeg&ignoreAspectRatio&resize=559%2B270&

it's just going down the rabbit hole.. :D and combine it with your FB account.. :lol:

 

https://en.wikipedia.org/wiki/Red_hair#Genetics :ph34r: (sometimes we don't even need DNA to be 'quite sure' where you've some modifications.. :D - and sometimes those assumptions are wrong, that's why I'm not a fan of phenotype characterization based on DNA for forensic analysis, rumors claim that the US authorities partly disagrees with my view but not my business :lol: It's up to you to make clear that you don't want this.. here in Switzerland I need 100k signatures to bring it to the table, in the US you might need the *fill in an organization which has enough power to influence your politicians* on your side).  Big data meets genomics/proteomics is not the future, it's happening since years.. Some countries have more regulations others less.

 

well I assume he throws also some of those regulations under the bus.. :ph34r: Economically such a data collection makes somehow sense. :rolleyes: It might bite you back and you've not much an impact on your genome.. 

Posted
On 10/17/2018 at 1:02 PM, chwe said:

And I don't need a blood sample to determine if you're my daddy.

 

I agree...

 

Hehe - so the real question is - "Who's your daddy?" in American vernacular...  gingers vs. blondes - blue eyes vs brown...

 

Thing is with commercial DNA testing, once one's DNA is in the database, folks are using Big Data techniques and AI/ML to find all sorts of things - many of these are positive towards discovering disease trends, genetic concerns, and the like... and more than a few cold case crimes have been solved by groups combing thru the commercial DNA databases...

 

There's more than a few startups promising connections/etc... - and 1 out of 10 might be a viable business - the rest, once investors pick thru the bones, the data is the big prize, and will be sold to the highest bidder.

 

FWIW - chatting with a friend of mine who works in that field - DNA sequencing is much like Sudoku - patterns are predictable otherwise life fails - so folks look at pareto vs markov chains to find the differences.

Posted
15 minutes ago, sfx2000 said:

Males have a strong link thru the Y chromosome - but interestingly enough is mitochondrial DNA is equally as strong, as that is inherited by the mother exclusively...

mitochondrial DNA is interesting indeed, but cause you share it with your brothers and sisters, it's not as clear as cell nucleus DNA for identification. Currently we assume that mitochondrial DNA came from bacteria. Probably there was a fusion with bacteria during evolution. :P Well we have roughly 50% of our fathers and mothers DNA so the link is anyway here, actually as men we have a bit more DNA from our mother (in %), than women cause the Y is smaller than X.

 

57 minutes ago, sfx2000 said:

DNA sequencing is much like Sudoku - patterns are predictable otherwise life fails

a few deletions and things mess up. Sequencing is a large field.. Most famous method is chain termination (you add ~10% building-blocks which stop the chain from building). With gel electrophoresis it's then like those ipad pianogames.. you just look witch base follows:

220px-Radioactive_Fluorescent_Seq.jpg (https://en.wikipedia.org/wiki/DNA_sequencing#Early_DNA_sequencing_methods)

problem, with billions of basepairs this becomes hard.. :P

Modern methods are quite different and actually a bit an overkill to explain here (it also differs which method you use). DNA sequencing isn't 100% my field as well to explain them perfectly.

 

1 hour ago, sfx2000 said:

and more than a few cold case crimes have been solved by groups combing thru the commercial DNA databases...

for me, here ther may be legal and ethic questions. For which kind of crime is it okay to collect information from such "find my family" databases? As the article showed. You don't need everyone's DNA to get a clue who might be the bad guy. It's just connect all available data. Once the data is uploaded.. It's out of your control. Similar to social networks. Internet barely forgets.. :P Same counts then for research. What happens to my samples once a research project is finished? Data needs to be there for a proper peer-review but this also means that this data may be reused for something which you didn't thought when you accepted to give a sample.

Posted
21 hours ago, chwe said:

mitochondrial DNA is interesting indeed, but cause you share it with your brothers and sisters, it's not as clear as cell nucleus DNA for identification. Currently we assume that mitochondrial DNA came from bacteria. Probably there was a fusion with bacteria during evolution. :P Well we have roughly 50% of our fathers and mothers DNA so the link is anyway here, actually as men we have a bit more DNA from our mother (in %), than women cause the Y is smaller than X.

 

Yep - think we're both on the same page there...

 

21 hours ago, chwe said:

 

a few deletions and things mess up. Sequencing is a large field.. Most famous method is chain termination (you add ~10% building-blocks which stop the chain from building). With gel electrophoresis it's then like those ipad pianogames.. you just look witch base follows:

220px-Radioactive_Fluorescent_Seq.jpg (https://en.wikipedia.org/wiki/DNA_sequencing#Early_DNA_sequencing_methods)

problem, with billions of basepairs this becomes hard.. :P

Modern methods are quite different and actually a bit an overkill to explain here (it also differs which method you use). DNA sequencing isn't 100% my field as well to explain them perfectly.

 

It's incredibly complex, and I think my friend was trying to simplify things for my benefit... I was a simple EE with a background on analog RF, he was on his post-grad on applied mathematics. He was involved back when Ventner was doing the whole shotgun approach to DNA sequencing for the Human Genome Project - and I saw things similar to Shannon with information theory working on wireless comms...

 

Quite a few interesting discussions over drinks...

 

21 hours ago, chwe said:

 

for me, here ther may be legal and ethic questions. For which kind of crime is it okay to collect information from such "find my family" databases? As the article showed. You don't need everyone's DNA to get a clue who might be the bad guy. It's just connect all available data. Once the data is uploaded.. It's out of your control. Similar to social networks. Internet barely forgets.. :P Same counts then for research. What happens to my samples once a research project is finished? Data needs to be there for a proper peer-review but this also means that this data may be reused for something which you didn't thought when you accepted to give a sample.

 

Yep - and that's a complex topic well beyond the forums here perhaps - but as a commercial product, just interesting to note that companies that used to just related personal memories of family trees now do the DNA thing - and I mentioned previously linkage to cold cases, it can also be disruptive to families, aka "who's your daddy" kind of disruptions...

 

Once samples are submitted - it's basically out of one's control, and IMHO, it's the worse kind of privacy exposure in a commerce environment.

 

Posted

https://ifixit.org/blog/11986/iphones-are-allergic-to-helium/

 

LMAO, clowns and scientists shouldn't have an iPhone.

Background, to reduce the footprint, the quatz is replaced by an MEMS timing oscillators instead of a quartz. If this thingie gets now flushed with Helium, the MEMS micro-mechanics doesn't work properly anymore and the iPhone crashes.. :lol: Only solution:

Quote

“Exposing iPhone to environments having high concentrations of industrial chemicals, including near evaporating liquified gasses such as helium, may damage or impair iPhone functionality. … If your device has been affected and shows signs of not powering on, the device can typically be recovered.  Leave the unit unconnected from a charging cable and let it air out for approximately one week. The helium must fully dissipate from the device, and the device battery should fully discharge in the process.  After a week, plug your device directly into a power adapter and let it charge for up to one hour.  Then the device can be turned on again.” (Emphasis added.)

 

 

Edit: might be interesting what happens when you flush your iPhone with Argon.. (heavier than air) Someone has one spare? I can test it.. :lol::ph34r:

Posted

https://boingboing.net/2018/11/03/balkanizing-the-balkanizers.html

Elsevier sues Swedish ISP so that they've to block Sci-Hub. ISP blocks Sci-Hub and Elsevier... :lol: For those doing in science, Elsevier may be well known, for the others they are one of the world's major provider of scientific, technical, and medical information (wiki quote). Full access to their journals is unbelievable expensive, and mostly published by universities which get their funding (partly) from the govt. So, the research is payed by your taxes and and libraries/universities pay a lot of money to access them. The whole business model got some attention due to their high prices. That's were Sci-Hub came into the game, they offer a bunch of those articles for free (for sure not legal). Well, obviously Elsevier doesn't like to lose money (well, I assume most of the people wouldn't pay the 50$ fee for an 10 pages article if they don't get it from SciHub but that''s not my field, my university has free access to most of their publications - we pay for it).

The problem is, to get attention for your research you've to publish it in high impact factor journals, some of Elseviers journals are such high impact factor publications so it might be interesting for your research career to publish them there, on the other hand this makes then your research inaccessible for the poor people which is IMO not fair. It's a balance between pushing your research career & make your research accessible for everyone. What's more important? Depends on the point of view.. A publication in a well respected journal may push your research career but on the other hand, your institution and others pay a lot of money to have such stuff accessible for their researcher and students (money which then doesn't go into research). Open access journals aren't that common in science, some offer that you pay for open access publication (you pay that others can read it for free - but mostly your research budget doesn't allow it or they are of questionable revenue --> just pay enough and we will publish whatever garbage you present to us).

I hope this changes in the future. Cause the peer review process is mostly done by other researcher (to keep the journal happy, a prof. has to review x articles per year for free... if you don't do it you might be not able to publish in their journal anymore). Normally, you don't read printed journals anymore in those days (e.g. I've a small python crawler which looks for topics I'm interested and I download then PDFs to have a look into it). So a lot of the fees which might make sense in the past are questionable now but it didn't change much (well the fees get higher :D).

At least the Swedish ISP made a clear statement to Elsevier that they don't like their practice... Even if this means blocking websites, something I don't like either.. But it might get some attention that we've to rethink our way of making our research accessible for the public. IMO the taxpayers should be able to see how we spend their money (even when the majority of them doesn't understand what we do). On the other hand a proper peer review process is important to keep your publication on a high standard, otherwise it's not worth to read (there are a few publications I mostly avoid cause they're known to publish a lot of garbage, so even if there's a good one there, I probably miss it cause I don't trust the whole journal at all - I can't spend the whole day reading journals, sometimes I've to do some experiments as well :lol:).

Posted

https://areomagazine.com/2018/10/31/gender-controversy-comes-to-physics-a-response-to-the-statement-against-alessandro-strumia/

 

an interesting blog entry towards a controversial talk given by a High Energy Theory presented at a CERN workshop towards gender and its public response from a bunch of physicists, pointing out that they disagree on certain points of this talk. Without checking all linked references, for me it looks the anonymous response/summary in this blog entry seems to be 'well crafted'. It looks like he spent a lot of time to check the references from both sides.

Such topics tend to be a 'hot topic' in those days. As a researcher it's a way less 'risky' to make controversial statement in physics or chemistry than to make one in gender related topics. One of the main arguments I see quite often in such 'public responses' are based on "He isn't an expert on *random topic* so he can't use the metrics used in his field to analyze a question in *random other topic* which does use different metrics...". A statement which I don't like. It implies that only experts on a field should make statements. This is somehow a technocratic point of view, which doesn't work well with my democratic point of view. As soon as we come to issues which don't only affect one field it becomes even harder. There aren't many experts for *random topic in science* and *random hot topic*. Should we only rely on the opinion of those few or should we allow others to be also part of the discussion. It's a fact that less women do in STEM and I think it's worth to investigate why this is so. But should we really smash down everyone which has a 'not mainstream'/controversial opinion or analysis of the topic? If it means that you've to fear, that your research career ends 'only' cause you gave a controversial talk, science will be boring in the future.

Science is sometimes speculative, the knowledge isn't there from the beginnings, it grows over time. Quite often our model 'how things work' change over the time of a project. If we would know the answer before we start our experiments it wouldn't make sense to burn money to make those experiments. :lol: The goal is to prove or disprove your hypothesis. IMO disprove your own hypothesis is a way harder than find arguments to prove it. We are more confident to find evidence for our *unicorn hypothesis* than accept that it might be wrong. :lol: And sometimes, controversial inputs from other people also from other fields can help you to get a broader view.

I remember a nice reaction (on paper) which I thought would fit really well in my research project. I wasted a bunch of time trying to get my unicorn working. The results were sometimes promising sometimes bad but never reliable. It was never clear (to me) why it doesn't work properly. During a coffee with someone 'out of chemistry' since years, he brought up an idea which I thought was boring, for sure not better than my unicorn and likely unreliable as well. Going back to the lab, reading a few papers and gave it a shot. Whereas my unicorn gave yields between 10-40% (not really reliable), the boring one over two steps gave yields between 80-85%. My unicorn was dead, but for the overall research topic, those 80-85% yield in this reaction made the difference between having enough material to answer a whole set of questions or having only one shot.

If we want to understand if there's a systematic issue why there are less women in STEM and if there's a bias, we should investigate arguments/hypotheses which back ours, but also the one which who question ours. Tear down the arguments of the others but don't tear down the people behind them. Otherwise we might miss an important argument/idea cause they don't feel confident to share their opinions or findings in public anymore.

Posted

enough about reading, everybody listen to music now and then, why not to a podcast?

 

what can you expect, what shall you expect and what can you do?

A call for kindness in open source, if you don't find the time, go to minute 32 and listen for 5-8 minutes. A thought, a lot of interesting points they come up, worth to consider, one or the other.

https://changelog.com/podcast/318

 

Posted

https://www.popsci.com/crispr-twin-babies-genetic-engineering

 

we finally made it!!! :rolleyes: just give people the right tools and they'll take care that we start to play with our genes... I'm a bit surprised that it happened that fast.. I expected that they'll wait a bit. But 'seems' it's never early enough to mess with stuff we don't fully understand.. :thumbup:

Well one one hand it's like flying to moon in the 60thies.. I'm quite sure they weren't sure 100% if it works but their goal was to be first.. Same counts for crispr babies.. Speculation it might be 'interesting' came up quite soon as the 'proof of concept' that this technique works was there.

 

For the crispr Cas technique you should read wikipedia: https://en.wikipedia.org/wiki/CRISPR

They're better in explaining that I could probably do it... The concept and the technique which came up with crispr/cas9 is amazing and a great piece of science but it has the potential to be dangerous/misused and it seems this first takes it all mentality ended now in twins which may or may not be resistant to the HI virus, but for sure they've to deal with it and nobody could ask them if they agree on such a 'modification'..

Posted
1 hour ago, chwe said:

we finally made it!!! :rolleyes: just give people the right tools and they'll take care that we start to play with our genes...

You can see it positive, but also negative. For example...
First these twins are human lab rats. We don't know enough of the process to ensure their health. Taking away that gen (that prevents HIV from attacking the system) makes them voulnerable to other diseases. We know this from many people who don't have this gen. But those people got so on a natural way.
Second. Is this something what will devide the world a lot more? People who can affort it will modify their baby's in their benefit. This will make them "better" than "normal" people, and they may believe that too. We all know what happens when people think they are better than others.
Third. Should we even do this? Don't we first need to find out what the effect will be on the long term. These changes will also be present in their children. They have children with others also with modified dna. We don't know how these will mix. What will become of them? Will they still be human?
What with the mistakes the gen programmers will make? We all know programmers or far from perfect.

Just a thought.
It's one person making the choice for the world to do this. Now the genie is out of the bottle. The debate has gotten useless.
I don't care much, too old to be able to profit from it(I'm born since a while). And by the time there could be problems because of it I'll be sleeping under the ground.
Cheers.

Posted
27 minutes ago, NicoD said:

I don't care much, too old to be able to profit from it(I'm born since a while). And by the time there could be problems because of it I'll be sleeping under the ground.

or frozen for cryonics... :lol: Well, we may should care sometimes a bit more.. We got this nice little ball with a thin little film of atmosphere for a limited time - means basically we rented it.. Normally you should give back rented stuff in a good shape and don't fuck it up. Not sure if humans are trusted renters... (yep there's a bit of sarcasm in it)

 

It's clear, only the experiment can tell us if those researchers assumptions work. Question is, are those assumptions worth to start such an experiment? Experiments were partly made on animals, for me it was obvious that the 'ultimate goal' will then be to  go to humans as well. Do I think it's a god idea? I assume I didn't thought long enough about it but I tend to say no at all. Genetics is a lottery.. you get it partly from your mother, partly from your father, the whole cocktail is mixed up and then you've to deal with what you got. With such a modification there's a third party involved which might be right or completely wrong with his or her assumptions what should be beneficial for you. There are genetic combinations which don't fit 'well'. E.g. couples with enhanced chances that their kids won't be healthy. Is it fair? I don't think so. Should we try to 'fix' it? I don't think so either... Well, it's easy to say that as long as you're not affected (or at least not knowingly affected) by such a 'mismatch'.

But 'playing' with life before it was even born just sounds wrong to me.

Even a baby can partly express itself if it agrees on certain actions you take as parents. A cell can't - it dies if you messed the cell up too much but otherwise there's no way for the cell to say no to your modification. Okay, there are a few 'repair mechanisms' but I would assume that such a big modification can't be 'reverted' by the cells.

 

[this part is 'a bit' speculative]

At the moment there's only the statement from the researcher claiming what he did, but as far as I followed the news, there's no proof that he actually did it. With proof I mean independent check of his research. It could also be a 'bad joke' - means he just claims he did it. It might need some time until the situation is more clear. In case they did it, I hope the Chinese government may overthink their stand point on genetics. Their laws allows much more than western countries accept but even there, such an experiment was never approved and I assume if the researcher would apply for such an experiment it would be rejected. But their 'more open' standpoint on genetic modification ended in an atmosphere where someone thought he could try it. Maybe they should make it more clear where the "red line" is so that such experiments don't happen again...

 

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

Terms of Use - Privacy Policy - Guidelines