> Public health officials say it started when an international traveller attended a wedding in New Brunswick last October. New Brunswick's outbreak ended in January, but guests at that wedding had already brought the virus to southwestern Ontario, where that province's outbreak was concentrated among closely knit Mennonite communities.
International travel + spread among low-vaccination communities.
Certain religious and cultural groups, including Mennonite populations — where the first outbreak began on Oct. 27, 2024, after an international traveller from Thailand attended a wedding in New Brunswick and guests then returned to southwestern Ontario — and Amish populations, were disproportionately affected.
> Measles, a dangerous illness that for decades has rarely infected Canadians, is back – and spreading. [...] Robert F. Kennedy, Jr., left, now the United States Secretary of Health and Human Services, stands with protesters in Olympia, Wash., in 2019, opposing a bill to tighten measles, mumps and rubella vaccine requirements for school-aged children.
Reading this, it's a challenge to feel empathy. Everyone deserves some degree of empathy, idiots too. Yet this topic seems so needlessly self inflicted. Maybe it's a more nuanced topic than I'm aware of, is there a strong argument against vaccination?
There are different sources of antivax attitudes in different communities. For some, there's a religious or cultural basis. For others, they are simply the victims of a well-funded and concerted misinformation campaign.
A good example if the ultra-orthodox Jewish community in Brooklyn for whom a gloosy booklet seems to bear a lot of responsibility [1] and this predates Covid. It's particularly interesting because certain preventable diseases can cause male infertility.
This became such a big problem that Israel had to counter this misinformation so ultra-Orthodox communities would get Covid vaccines [2].
The outbreak then spread to Alberta where travelers returned from a wedding in southwestern Ontario. However, there was at least 6 unique entries into Alberta so it wasn't a single outbreak, but in fact, 6 separate outbreaks. Some entered the province following travel to Mexico, again to attend weddings I believe.
Historically, these outbreaks have nothing to do with "MAHA"/RFK types. It's religious fundamentalist groups that lack herd immunity (because nobody in the community is vaccinated) every time.
And yet, the parent of one such child who died of measles because of being unvaccinated went on video for Children’s Health Defense (RFK's anti-vaccine group) to claim how vaccines are bad and measles are good.
The claim that these the religious fundamentalist groups have nothing to do with anti-vaccine propaganda inflicted by MAHA types is disingenuous or simply poorly informed.
Please go ahead and find me a transmission chain of any of these nearly eradicated infectious diseases that went through someone involved in MAHA or Children's Health Defense. If you go looking, you will find that every single outbreak of Measles, Polio, or any similar disease in North America goes through a fundamentalist religious community. The Wakefield/RFK groups are really not large or tightly-connected enough to do this.
What you can blame RFK for (and what you should blame him for) is cutting funding to identify these possible transmission events and intercept them. This is an area where the Trump admin made severe cuts, on the back of RFK's ideological bent against the concept of infectious disease and the "government efficiency" wave. As a result, responses to outbreaks in these religious communities are much, much slower. It is not a "MAHA wave" that is causing outbreaks like this, it's the loss of funding.
RFKjr and the 2019 Samoa measles outbreak comes to mind where he went to Samoa to boost vaccine hesitancy after some kids died due to a mistakenly adulterated vaccination.
This kind of messaging is why Samoa had 30% vaccination rate while nearby islands had 99% vaccination when measles infected the island later that same year.
I don’t see how you can dismiss RFKjr’s messaging. Are you claiming he has no impact on public opinion?
Sorry, can you point to where Samoa is on a map of North America?
The messaging gets a few thousand kooks riled up, and it's been going back decades to the Wakefield study and all the random kooks who think their child got autism from a vaccine. RFK is not new. His message is marginally more popular in the US, but it is not causing a huge wave of vaccine hesitancy.
Places like Samoa have additional problems with vaccination in that the standard of care isn't that high and sometimes those errors cause people to avoid care. In the Samoa case you cited there, the inciting incident involved two kids dying due to a nurse's error which wasn't investigated. If getting a vaccine involves some risk of getting poisoned by an incompetent nurse, you might also think twice about getting a vaccine. This is very different than the RFK situation of yelling about things that don't happen (vaccines causing autism, birth defects, etc.).
What changed was less funding to the agencies that surveil for disease spread so they can intercept outbreaks. The US CDC funded these programs all over the world.
What changed was that they were free-riders on the rest of the population and one day the rest of the population no longer met the threshold.
One could say it is because of the spread of misinformation and that might be the proximate cause.
But if a drug addict periodically overdoses and needs naloxone, and one day a supply chain issue makes it hard to access and he dies, did the supply chain kill him or his drug addiction? Perhaps monocausal explanations are insufficient.
It's a little hard to believe that people who famously don't use computers were infected by an "misinformation", a rather loathsome neologism. There was famously a really serious outbreak in the NYC Orthodox community from 1989 to about 1991. Unvaccinated communities are a sort of immunological tinder box, and you never know when a stray spark might land.
This is the result of a failure of public health to reach out to these religious communities in effective ways for decades.
That stray spark’s survival is heavily influenced by the herd immunity of the rest of the population.
Put another way if the overall population sees an average of 0.5 or 0.95 infections per case there’s zero chance of a huge outbreak. But odds of a case making it to a vulnerable population is wildly higher in the second case.
I'm not sure about Mennonites. One of their communities writes about it and seems to suggest only 1 of the 40 or so communities is hardliners against vaccination. But I also note this is written in a really neutral way (could be to placate government, dunno): https://www.mennoniteusa.org/measles/
Mass immigration from countries where measles is endemic? India has over 10,000 cases per year and makes up the plurality of Canada's immigration intake. Canada has a very high two-shot vaccination rate, but there are pockets like the Mennonite communities that are vulnerable.
Only for stays greater than six months. So an unvaccinated person can fly in from wherever and stay for 180 days legally, or just overstay their visa. That's plenty of time to spread measles.
this is a racist dog whistle. Stop with the "mass immigration" BS.
India, contrary to what the racists believe, has a long and successful vaccination program. A country of 1.5 billion people has around a 70% MMR vaccination rate among infants. Canada's in the 80% range and dropping.
Canada had eliminated measles, it was reintroduced by travel from a country where measles was endemic. This is not rocket science. High-volume international travel from countries where measles is endemic, like India, poses a public health risk to countries that have eliminated the disease. The same goes for tuberculosis, hepatitis, etc.
Pass is great, but GPG keys are complicated and add a lot of extra overhead if you don't have one already. Frankly I cannot recommend anyone use GPG today for any purpose. I wrote a much simpler CLI password manager instead that meets explicit security models.
> Notably, pass fails both of these requirements, ... , and the files themselves do not use authenticated encryption.
With pass you can turn authentication on by setting an option to sign the files by default. That comes at the cost of requiring an extra entry of the passphrase so most do not turn this on. Few people are concerned with the idea that an attacker might modify their passwords so they don't work. There is no real benefit to an attacker. They could just delete the files.
Even if signatures are not turned on the regular PGP integrity protection would still be in effect so in the unlikely event that an attacker changed the file an error would be generated and presumably passed on to the user.
This article goes into some of the deficiencies of using GPG with pass. In particular, GPG uses asymmetric keys, so someone could encrypt a new password file with your public key and you wouldn't know.
Yes, that is specifically what enabling signatures prevents. You would know when the stored password stopped working and the content of the rest of the file changed.
That article is fairly rough. For one thing it references "The PGP Problem":
Yes signatures would prevent that, but as you noted it isn't enabled by default so most people don't use it. Optional security features don't count in my book :)
For the rebuttal you posted, I'll respond to one thing:
> The entire rant is basically about how OpenPGP is old and therefore bad and how new things, sometimes only vaguely defined, are good. So let's address this first.
> If someone, while trying to sell you some high security mechanical system, told you that the system had remained unbreached for the last 20 years you would take that as a compelling argument. You would be unlikely to demand a newer design. Normally old designs that have stood the test of time are valued. Cryptography is based on mathematical/logical principles. Such principles don't age out on any sort of a schedule and are valued in some cases for thousands of years.
The "unbreached for the last 20 years" conclusion about mechanical security systems does not immediately apply to mathematical ones, and we can indeed see that it is empirically incorrect. The cryptographic world is littered with the corpses of cryptographic algorithms that were secure for decades and are now broken (MD5, SHA1, DES, small RSA keys, TLS 1.0), and their C implementations that had horrible vulnerabilities (HeartBleed, etc). Mathematical proofs will not help us here either, since e.g. there is no proof that GPG is IND-CCA. (Which is unlike new systems, which do have proofs!) GPG had its day, and now it should be retired.
Also, the quantum threat is a reasonable one in the "store now, decrypt later" model. A lot of people presumably use git to store their password store online and would be vulnerable to this. The passwords in the files would probably not be important anymore once quantum computers are created, but any other long term data or other personal information that people store in there could be decrypted.
Well yes but this is also a feature: you can store passwords without having the private key available. That can be handy.
I don't really see the value in an attacker being able to store new passwords anyway. Besides, in order to do that they'd already have to have breached my private git server too.
This is interesting. But does this program have some model or approach for using it in several devices? Is the database syncable in some way, or would you need to remote in to the master location to run it?
For use with multiple devices you can copy the database file to each of them, a smarter approach using syncing is very complicated and not one I considered here.
It's also an SUID binary so in theory the same thing could happen. However it's much simpler than sudo so the odds of a bug creeping in like this are much smaller.
> As usual, there was a lot of cleaning up going on, and there notably, a good chunk of this year’s Google Summer of Code project to clean out the issues reported by Coverity Scan is already in.
Yup, they're working on coreboot support. If you're in Europe Tuxedo Linux is also working on coreboot, and the Purism laptops ship with it out of the box.
I'm optimistic about the OLinuXino boards from Olimex. They're certified open source hardware by OSHWA, with all the bootloader code, schematics, and even CAD files on Github. I think the Mali firmware is the last holdout, but with the new Lima and Panfrost drivers landing in Linux we may soon have replacements for that too.
I'd even recommend Aegis [1]. Also open source with encrypted backups, but has better crypto than andOTP (both devs talk a bit about it here [2]). Plus, it can do imports from other OTP apps for easy migration.
Thanks for this, I really like the discourse between these two in the second link. The andOTP author is open about their crypto being sub-optimal and giving the Aegis dev a thumbs up, reason enough for me to give Aegis a shot to replace it. Perhaps they'll join forces going forward and we all win. :)
I personally agree with the philosophy of the author: I think all software should be free, and in the perfect world, I would license everything I do under the GPL. However, not everyone in the open source world has this philosophy. A lot of people prefer more permissive licenses like Apache and MIT, and using the GPL excludes these people and projects from using the code - by its viral nature, any single usage of the GPL would force the entire project to be under the GPL as well. Cooperation is the greatest strength of the FOSS world, and so I'm willing to compromise a bit to make that possible. As such, I personally prefer the MPL - it is a weak copyleft license that enforces all modifications to the source code itself are released back (important for me), but unlike the GPL is not viral and will not spread outside its own source files to other projects (important for others). This way I can keep the project and all modifications to it free, but also allow it to be used by others who don't share that point of view.
I made a similar switch to Lineage about a year ago, and it's also been absolutely great. No regrets whatsoever. Also, AFAIK you can root your phone to fool play store checks, using something like Magisk if that's important enough.
> Public health officials say it started when an international traveller attended a wedding in New Brunswick last October. New Brunswick's outbreak ended in January, but guests at that wedding had already brought the virus to southwestern Ontario, where that province's outbreak was concentrated among closely knit Mennonite communities.
International travel + spread among low-vaccination communities.
https://www.cbc.ca/news/health/livestory/canada-measles-elim...