Monthly Archives: January 2015

An End to Peanut Allergies?

An End to Peanut Allergies?

About 15 million children in the United States suffer from peanut allergies. Now, a team of Australian researchers have made some significant inroads in possibly reprogramming this immune response.

The Murdoch Children’s Research Institute has completed an 18 month study on 62 children with peanut allergies. The patients received either a probiotic strain in conjunction with peanut protein or a placebo. Out of those children who received the probiotic and protein combination, 80% were able to consume peanuts at the end of the trial. By contrast, only 4% of the children receiving the placebo were able to tolerate peanuts. According to MCRI, the children receiving the treatment had a resolution rate that was 20 times higher than the natural resolution rate.

Researchers from the Institute state that, although the long term tolerance has not yet been documented, they will continue to follow up with these children to determine just how long the benefits last. While this is not being touted as a ‘cure’ for peanut allergies, the study results appear to be very positive. In fact, there is a seven in nine chance of success that the probiotic and peanut therapy would work.

The probiotic used in this study was lactobacillus rhamnosus given in a fixed dosage equivalent to eating about 44 pounds of yogurt each day. The peanut protein was administered in increasing doses every two weeks over the trial until the maintenance dose of 2 grams was reached. The tolerance assessment was performed two to five weeks after the treatment ended.

Researchers caution that this treatment should only be given under close medical supervision since it entailed giving peanuts to children who were already shown to have a peanut allergy. In fact, some of the patients did have allergic reactions during the trial.

In the end though, over 80% of the participants were able to tolerate peanuts and include them in their diet. It appears that the allergic response to peanuts has been modified so the immune system no longer produces a harmful response to the peanut proteins.

It is hopeful that these children will continue to be able to tolerate peanuts in the coming years. Further research and follow up studies will determine how effective this treatment is in the long term.

One Fish, Mall Fish, Free Them All Fish

Mall Fish

For over a decade, Bangkok’s New World Mall has been housing approximately 3,000 fish. These fish are not part of some exotic display or planned attraction but are, in fact, swimming free in the building’s basement. The fish are a mélange of koi, catfish, carp, and tilapia. They were introduced to the mall somewhere around 2003 by local vendors.

The shopping center has been shut down since 1997 when it was determined that the top seven stories were illegally built and subsequently demolished. While the lowest four floors remain, the demolition crew had neither reason nor impetus to replace the roof. Not unsurprisingly, without a roof and open to the elements, the mall soon began to take on water. It was at this point that the abandoned building went from being an eerie reminder of illegal building practices to a breeding ground and haven for mosquitos.

Reports indicate that, in order to deal with the potentially hazardous (and certainly annoying) influx of mosquitos, local vendors introduced a number of fish to the building’s stagnant water. Between the mosquitos and occasional feedings from humans, the fish began to thrive and their population began to increase. Soon, what is now a self-sustaining aquatic population rose to the current level of approximately 3,000 fish.

The Bangkok Metropolitan Administration has barred entry to the building since 2011 and in July 2014 officially declared the building condemned. Barricades were installed to keep out the public but still many people came to view and feed the fish.

Now, the BMA has contracted with the Fisheries Department to move the fish. Using large nets, workers began the fish removal on January 13, 2015. The fish will be relocated to a number of Thailand’s Department of Fisheries research and development labs for about three weeks before being released in a number of reservoirs, rivers, and canals. The water is scheduled to be drained from the abandoned mall and the owner, Kaew Pooktuanthong, will be required to bear the financial responsibility.

At this time, the future of the roofless and defunct shopping center is unclear. The BMA will not be replacing the roof on the structure. Demolition may be imminent but it appears to be up to the owner to decide the building’s fate. If no roof is placed over the structure and it isn’t scheduled for demolition, the 1,600 square foot lower level could potentially refill with water. Once the water is reintroduced, the mosquitos will reappear. Once the mosquitos reappear, could it possibly be long before the fish reappear as well?

Google angers Microsoft by revealing vulnerability

google angers microsoft

Let’s not for a minute attempt to deny the fact that Google and Microsoft have a long history of feuding. In this instance, the feud is about how discovered vulnerabilities were handled. If Google discovers a security flaw, they report the bug to the software vendor regardless of whether the vendor is Microsoft or anyone else. While not stated in the Project Zero announcement from July 15, 2014, it appears that Google typically allows a vendor 90 days to formulate a patch. Once the 90 days have elapsed, then Google makes the vulnerability public. Microsoft believes they have a right to not only request more time but to castigate Google if they adhere to their 90 day policy.

In this particular instance, Google has made public information on the NtApphelpCacheControl bug found in Windows 8.1.

Funnily enough, or perhaps not-so-funnily, it appears that most of the reports being filed about this feud seem to have some rather basic information incorrect. Just like in a game of ‘telephone’ once one reporter got the story wrong, a lot of the rest simply followed suit. While I love finding source information, it never fails to irritate me when I find that in most of the trending articles, the information is simply a rehash of what someone else wrote an hour or two earlier. While these incorrect articles may pass Copyscape, what they don’t do is pass on the correct information.

Microsoft is seemingly ticked off that Google has made public a bug that was reported to them over 90 days ago. The vast majority of the reports indicate that Microsoft is up-in-arms because they ever so politely asked Google to refrain from making the NtApphelpCacheControl vulnerability public because they plan to release the patch in 92 days (on Tuesday, January 13, 2015) as opposed to the 90 day deadline that they were given.

There are so many things wrong with this that I’m not even sure where to begin.

The NtApphelpCacheControl vulnerability was an issue sent to Microsoft on September 30, 2014. Keeping to their 90 disclosure deadline, Google released the information publicly on December 29, 2014 and not January 11, 2015.

So, just to be perfectly clear, the NtApphelpCacheControl vulnerability about which everyone is reporting does not appear to be the catalyst for this recent bashing of Google by Microsoft.

Microsoft, in case you didn’t know, has a rather well known “Update Tuesday” schedule where security patches are released on a scheduled time frame, typically the second Tuesday of each month. Yep, that’s what I said, typically once a month. For more information on Microsoft’s approach to Windows updates, feel free to read this InfoWorld Tech Watch article.

Since the newest “Update Tuesday” isn’t scheduled until tomorrow (January 13th) simple math indicates that the vulnerability must be a different one.

Enter the second bug, reported to Microsoft on October 13, 2014, involving an elevation of privilege issue. This vulnerability was made public yesterday on January 11, 2015. THIS appears to be the issue in contention as there is notification that Microsoft requested an extension on this bug’s 90 day deadline.

“Okay,” you are probably thinking. “What difference, really, does it make whether the reporters have the information on the specific vulnerability correct or incorrect?”

Notwithstanding my abhorrence of shoddy and/or lazy reporting, it makes a difference because not only have the news reports got the actual vulnerability incorrect, but they have failed to report that there are two issues, not just one, past the 90 day disclosure. Additionally, I have found no indication that the NtApphelpCacheControl issue publicly reported in December has been fixed, or rather, will be fixed with a patch tomorrow.

Does it occur to no one else that these bugs might not actually be addressed when the patches are released tomorrow? Most of the news articles that I have read seem to take for granted that Microsoft has some basis for being angry at Google for adhering to their stated 90 day disclosure deadline because the problems are already solved.

Call me cynical if you will but until the patches are actually released, I can’t believe they exist. It seems to me that Microsoft might be attempting to escalate the feud between the two companies. While it has been said that there is no such thing as bad publicity, by publicly decrying Google’s policy, the company has merely brought these security issues more into the limelight. How long does it take for vulnerabilities to be exploited?

On the other hand, it also occurs to me that Microsoft, by focusing media attention on a vulnerability which could be patched tomorrow, 92 days after being reported, they keep the eyes of the public off the issue which has now remained unfixed for over 100 days.

One of Microsoft’s biggest arguments is that they plan to release a patch for the one issue “only two days late” during their monthly security update. This monthly update is scheduled for Tuesday, January 13th . The company, as far as I can tell, has not released any statements about the NtApphelpCacheControl issue. There is no outcry about Google making that vulnerability public, nor is there any indication that a patch will be released anytime soon. If the NtApphelpCacheControl vulnerability does not get addressed during tomorrow’s update then most likely it will not be fixed until the February update.

Perhaps, if Microsoft were as hell-bent on actually fixing these bugs as they seem to be about creating additional dissension, then perhaps they might have sent out the patches before causing a public stir. Regardless of which company you agree with, there remain several truths. Google found a vulnerability and gave the vendor 90 days to release a patch before making it public. Microsoft did not release a patch within that time frame. Google made the issues public.

Each company has differing opinions about correct procedure and arguments to back up those beliefs. I’m certain that each reader will have his own opinion. Which company is more in the right? Who is the ‘bad guy’ here? What should or should not have happened? I plan on leaving these questions open to debate. Your opinions and comments are more than welcome.

One final word, though. Software vendors across the industry have adopted a set of practices sometimes known as Coordinated Vulnerability Disclosure (CVD). This means that not only Google, but Microsoft – as well as other vendors – routinely inform each other of vulnerability issues privately. This allows the vendor to work on a fix before the bug becomes public knowledge, thereby not creating an environment that eases exploitation. Google has taken the stand that issues should be fixed within a set amount of time once the vendor has been informed. Microsoft appears to have a different policy.

Again, who do you think is right?


Ecstasy becomes agony

Gray mist swirls through my mind in a tantalizing vortex
Beckoning, enticing me with a blessed surcease of pain
I am tempted

Hold fast to consciousness, hold fast to you

Sallow skin, icy and trembling in the moonlight
Fighting, losing, the rules have suddenly changed
I am tempted

Break the rules, break the ties that bind

Amaranthine blossoms contrast with the pale canvas of my skin
Receding, fading slowly, only to effloresce again
I am tempted

Discard this reality, discard all sanity

Scarlet on white, my pulse throbs to the cadence of your heart
Enrapturing, torturing me into compliance
I am tempted

Become infinitely more, become infinitely less

Gray mist explodes with a lightning bolt of white
Creating death, creating life, a shift between here and now
Tempted… I am