Endemic Report
The latest CDC weekly stats:
The macro stats (tests, hospitalization, deaths, etc.) weren't updated over the past week
We are seeing the lowest post-wave lull in years, with only Florida showing an infection spread. The biggest news items over the past week involved FDA drug approvals.
COVID-19 news items this past week:
- "More Optimal Cardiovascular Health Linked to Lower Risk for Severe COVID-19"
- "Oral Antiviral Xocova Approved for COVID-19 Postexposure Prophylaxis"
- "New research reveals COVID-19’s long-term impact on kids"
- "New Immune System Enhancer Extends COVID-19 Vaccine Protection In Animal Models"
- "US regulator approves oral drug from Japan's Shionogi to prevent COVID-19"
- "Universal Sarbeco coronavirus vaccine proves safe in first human trial"
- Prosecution of COVID-19 relief fraud/other crimes:
- "Ex-USAID worker from Maryland pleads guilty to fraudulently collecting COVID-19 benefits"
- "New Orleans woman accused of seeking $1.3 million through Covid-19 relief fraud"
- "Former Champaign Co. board member indicted by federal grand jury for COVID unemployment benefit fraud"
- Legal/political news:
- "Georgia Supreme Court removes COVID-19 execution barrier"
- "Appeals court upholds firing of Wash. first responders who refused COVID-19 vaccine"
- "Judge sides with PeaceHealth in religious discrimination COVID-19 lawsuits"
Other Notes
The blog continues to dubiously attract almost 1000 pageviews daily (over the blog's history average). No new essay yet this month. X/Twitter followers remain stable.
I've been a Spurs fan since my undergrad days at OLLU. Last night they lost the second home game of the finals, which means they have to win 2 of a possible 3 games at the Knicks' home court to win the championship. Only 5 have come back from 0-2, and none when those were at home. Victor Wembanyama, the young phenomenal 7'4" center, the best big man I've ever seen, particularly at foul shots and 3-pointers, has had a couple of bad games. The Knicks in Game 1 seemed to force him into turnovers every time he tried to dribble the ball, and he was largely ineffectual in the first half of last night's game. He was a big factor down the home stretch, where the Spurs battled back from a double-digit deficit. The Knicks had failed to break the tie when Victor pushed the ball up court and passed to an unsuspecting teammate, leading to a turnover and a desperation foul; one foul shot scored, and the Spurs missed a final shot to win.
Another in my series of experiences of dealing with incompetent federal employees. I'll try to simplify the discussion of technical issues. Software vendors, like Oracle, often want access to a client system to diagnose issues. And they have sophisticated tools to access your network and environment. I remember working on a local Lockheed phone portability project for the Chicago area; we had a multi-master database replication with a second instance in NY. I think they had a dedicated data line, but they wanted redundancy via the Internet, which was then supported by new, advanced networking software. I tried to install, and it failed. I filed a bug. It was something stupid, like the Oracle product developer had failed to set some compile flag. (Oracle never tested the installation software before creating the product disk.) And Oracle was wary about promising the fix because the developer was unavailable, and there was a code of honor: you don't compile someone else's code. Oracle demanded access, so they could "rush" the fix. They basically bragged to me about how they could see with their sniffer and other tools.
That was not a federal project, but it provides relevant context for network security. With DB version 10G, Oracle offered an optional, extra-cost Advanced Security Option that included features such as encryption of user session data flows and encrypted data storage. Oracle, by default, doesn't encrypt (except for passwords; cf. earlier discussion of sniffers). Now, most government databases I've had access to as a DBA have sets of security and other quality standards called STIGs for which databases and their infrastructure must be in compliance. At some point, Oracle made native network encryption available at least for the enterprise edition of its DBMS software.
The point is, the Oracle STIGs required the "free" network encryption to be configured for use. More recently, they've also wanted encrypted tablespaces, which require licensed ASO — something no government agency in my experience has acquired. (There's been some ambiguity; for example, in the past, one has said tablespace encryption unconditionally, while another said if the manager takes the risk, it can be waived.) I've repeatedly raised this issue with government managers, to no avail. A further discussion: if a STIG.is serious enough (CAT-1), your production database server can be dropped from the government network. And serious STIG non-compliance must be documented with POAMs, including a documented path to full compliance.
In my experience over the past decade, no federal database environment I worked in had encrypted network traffic compliance (there are ways to, in effect, simulate sniffing via user trace files). And there are some nuances in the STIGs that specify restrictions on encryption algorithms, e.g., delisting older, weaker standards under 10G, but new algorithms for the 12C RDBMS.
I have to provide context for the 2019 gig to explain the context for the 2024 gig. The former included feeds from other databases. I enforced encryption in phases, first with an optional 12C-compliant encryption algorithm, then with it being required. A government DBA (who had been notified) running an old, unsupported Oracle version went nuts. It turned livid when he discovered his obsolete Oracle client software didn't work for the data transfer. I explained a simple workaround: install the 12C client in a separate Oracle home and source your transfer script to the relevant executable. No, he insisted, you need to downgrade the encryption to meet my client software requirements. No way was I going to cause a STIG violation to accommodate an incompetent, uncooperative federal employee when 97% of the feeds were STIG-compliant. He immediately escalated to sympathetic civilian management; it was like "Who the f*ck does this contractor think he is telling a government employee what to do?" I reported the incident to the cybersecurity gods, knowing they had to back the STIGs.
This provides the context for my 2024 gig at a DoD facility in Annapolis across the river from the Naval Academy (a bitch of a commute through the Baltimore tunnels. Typically, stop-and-go each way often takes 3 hours total, even though I live maybe 32 miles away. The security contractor was not an Oracle SME, and somehow, past STIG audits didn't identify unencrypted data flows. I didn't have access to the application server, so I didn't know about the Oracle client software on it (and the knowledgeable reader can probably guess what happened). I was not briefed on the app server, but I had assumed they had installed a 12C client for their 12C database, and the app server had been STIGged. So as soon as I enforce encryption, all hell breaks out. Memories from 2019 client error messages of the type "I don't know what to make of this algorithm". I'm absolutely convinced they had old client software on the app server. The dumbass civilian app manager immediately scapegoated me, even though I backed out the changes almost immediately and confirmed resuming the status quo. I had to surrender my CAC before leaving, and my subcontractor boss called to tell me I was done. I can only hope that Musk and Trump fired one particular ungrateful, incompetent, mediocre civilian app administrator.
