Kőnig's Lemma and Forking Paths #3
Newsletter #3
- 2024年3月23日前夕的文章,關於10年前在倫敦看過的展覽︰

- 一本關於矛盾的書︰
未睇嘅書︰How to Sell a Contradiction
How to Sell a Contradiction, Franesco Berto

- 記協提出司法覆核,挑戰運輸署署長今年 1 月就車牌查冊實施的新安排︰
記協入禀司法覆核 挑戰運輸署收緊記者查車牌 指違言論及新聞自由 - 法庭線 The Witness
香港記者協會(記協)周五(5日)入禀高等法院提司法覆核,挑戰運輸署署長今年 1 月就車牌查冊實施的新安排。

- 看了這篇報導才知道現時生產晶片所需要的矽都來自北卡羅萊納州的兩個石英礦,一切源自3億8千萬年前非洲與北美洲板塊的碰撞︰
Two mines in North Carolina are the world’s only producer of the quartz necessary for semiconductor manufacturing
Spruce Pine is a small town about two hours drive northwest of Charlotte, NC. You can get to the general area via a number of ways, depending…

How did this unassuming North Carolina town gain such an outsized role in the global semiconductor supply chain? The answer is its unique mineral deposits, which formed 380 million years ago during the collision of Africa and North America. The intense heat and lack of water during their formation created quartz rock of unparalleled purity. These rocks are extracted from the ground and turned into quartz gravel, which is then processed into a fine sand. The silicon is separated from other minerals and then goes through a final milling. The final product is a powder that is shipped to refineries.
- 有接觸過Linux的人應該對xz Utils不陌生,近日有Microsoft人員發現當中被用戶JiaT75刻意加入漏洞,整個過程歷時數年︰
What we know about the xz Utils backdoor that almost infected the world
Malicious updates made to a ubiquitous tool were a few weeks away from going mainstream.

It would appear that this backdoor was years in the making. In 2021, someone with the username JiaT75 made their first known commit to an open source project. In retrospect, the change to the libarchive project is suspicious, because it replaced the safe_fprint funcion with a variant that has long been recognized as less secure. No one noticed at the time.
The following year, JiaT75 submitted a patch over the xz Utils mailing list, and, almost immediately, a never-before-seen participant named Jigar Kumar joined the discussion and argued that Lasse Collin, the longtime maintainer of xz Utils, hadn’t been updating the software often or fast enough. Kumar, with the support of Dennis Ens and several other people who had never had a presence on the list, pressured Collin to bring on an additional developer to maintain the project.
In January 2023, JiaT75 made their first commit to xz Utils. In the months following, JiaT75, who used the name Jia Tan, became increasingly involved in xz Utils affairs. For instance, Tan replaced Collins' contact information with their own on oss-fuzz, a project that scans open source software for vulnerabilities that can be exploited. Tan also requested that oss-fuzz disable the ifunc function during testing, a change that prevented it from detecting the malicious changes Tan would soon make to xz Utils.
In February of this year, Tan issued commits for versions 5.6.0 and 5.6.1 of xz Utils. The updates implemented the backdoor. In the following weeks, Tan or others appealed to developers of Ubuntu, Red Hat, and Debian to merge the updates into their OSes. Eventually, one of the two updates made its way into the following releases, according to security firm Tenable...
- 手機成癮越來越受關注,Android及iOS早已加入screen time供用戶了解自己的使用習慣,這篇文章則認為screen time是過份簡化的指標,而且當一些研究使用自我匯報的數據時,往往會誇大負面影響︰
Scroll on: why your screen-time habits aren’t as bad as you think they are
The increasing use of digital technology has inspired many scare stories, but is it reducing our attention span, does smartphone addiction actually exist – and should we even be feeling bad about it?

- 近年網絡上常見加州「零元購」的說法,這篇文章分析背後的源頭,包括對 Black Lives Matter 的反撲以及與加州2014年公投通過47號提案的關係,有趣的是「零元購」一詞實際上來自中國而非美國。
有關說法把加州搶劫案歸咎於47號提案的原因,是這提案把「盜竊重罪門檻」(felony theft thresholds)——當偷取的物品價值低於此門檻時屬輕罪(misdemeanors),否則屬重罪(felony)——由400美元提升至950美元,不過正如文章所指出,被判輕罪刊期仍可達6個月。文章未有提及的是「盜竊重罪門檻」絕非加州獨有,而且加州的門檻在美國各州而言偏低,德州於2015年把該門檻由1500美元提升至2500美元,比加州寬鬆得多。有關數據可參考Pew Research在2017年的分析,結論是提升門檻並未增加相應的竊盜罪案比率。
零元購:暢遊中美的「加州第一謠言」|端傳媒 Initium Media

在用戶分享平台 Reddit 的熱門板塊、有四百多萬追蹤者的「NoStupidQuestions」上,一位自我介紹是台灣人的用戶問了一個問題:「你們怎麼看加州的零元購(Zero-dollar Shopping)?」他解釋自己在媒體上看到這個問題,覺得很驚訝。為了向英文網友解釋什麼是「 Zero-dollar Shopping」,他援引以國際新聞為主的台灣媒體《轉角國際》登載的專欄文章《好心辦壞事?從美國加州「零元購」看粗糙立法的惡果反撲》,和台灣《工商時報》的國際產業板塊文章《真實版犯罪之城!「零元購」為何重挫美零售商獲利?》。
《轉角國際》的專欄文章主旨是批判加州司法改革中推行的公共政策,開篇先立論,「過去幾年,許多美國的連鎖商店像是Target、沃爾瑪(Walmart)、Apple Store、CVS藥局等,出現了所謂的「零元購」(Zero-dollar Shopping)——這並非商店跳樓大拍賣,而是有人推著滿滿的購物車,沒有結帳就大搖大擺走出店門口。」作者在「零元購」這三個字這裡附上中文維基百科的條目鏈接。打開維基這一頁,短短的正文下列出的21個索引中,沒有一家英文媒體或研究,而是從《新華網》到《網絡流行大全》的各種中國大陸新聞網站、商業營銷號。這兩篇台灣媒體正文中的案例分析,也和我們之前列舉的中英文假新聞內容一樣,混淆了談論案件的犯罪類型(有組織犯罪 vs. 個體偷竊)、犯罪金額(幾十萬上百萬vs.950美金以下)。
- 1972年,《花花公子》(Playboy)模特兒Lena Forsén的照片被掃描成數碼檔案,用作測試壓縮演算法。這張圖片變成業界標準參考圖片,IEEE在今年4月1日宣佈(並非愚人節玩笑),考慮到IEEE承諾促進包容和公平的文化以及當事人意願,旗下期刊將不再接受使用此照片的論文︰
Institute bans use of Playboy test image in engineering journals
Lena Forsén picture used as reference photo since 1970s, but professional association says it now breaches code of ethics

- 在FB見到這篇講述中國雞蛋歷史的文章,頗為有趣,當中也提及到營養學進入中國時的影響︰
你今天吃蛋了嗎?回到鴨蛋風行年代,揭開雞蛋崛起之謎! - 研之有物 │ 串聯您與中央研究院的橋梁

這位將營養學帶入中國的學者名為吳憲(1893-1959 年),他出生在福建閩侯,是鴨蛋的重要產地。1911 年,吳憲透過庚子賠款留學美國,主修化學、副修生物,並於 1920 年後回到中國,進入北京協和醫學院任職。
回國後的吳憲開始對營養學感興趣,他調查了北京 30 戶中等家庭的膳食,另採用山東齊魯大學竇威廉教授以濟南為單位做的類似調查,透過研究這兩份資料,在 1926 年 9 月發表了論文〈從現代營養學的角度來看中國飲食〉(Chinese diet in the light of modern knowledge of nutrition)。這是第一次有人用科學方法分析中國的飲食。
之後,吳憲出版了一本經典著作《營養概論》,詳細分析中國飲食的特色、缺點與改善方式。首先,他發現中國人的飲食「總熱量或許雖有餘,但蛋白質則欠佳。」人們的主食多為玉米、大麥、稻米等以澱粉為主的穀物,少從魚肉蛋奶獲取豐富的動物性蛋白。而這也導致人們「維生素 B、C 兩種或許敷用,A、D 兩種有缺乏之慮」,嚴重影響人體的生長發育。