Welcome home, fellow Gator.

The Gator Nation's oldest and most active insider community
Join today!

Risks Digest

Discussion in 'Gator Bytes' started by LakeGator, Apr 25, 2015.

  1. LakeGator

    LakeGator Mostly Harmless Moderator

    4,813
    556
    368
    Apr 3, 2007
    Tampa
    Risks Digest 32.11

    RISKS List Owner

    Jul 16, 2020 8:54 PM

    Posted in group: comp.risks

    RISKS-LIST: Risks-Forum Digest Thursday 16 July 2020 Volume 32 : Issue 11

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
    Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <The RISKS Digest> as
    <The RISKS Digest, Volume 32 Issue 11>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    High-profile Twitter accounts hacked (Sundry sources)
    Russian Hackers Trying to Steal Coronavirus Vaccine Research
    Intelligence Agencies Say (NYTimes)
    Iranian Spies Accidentally Leaked Videos of Themselves Hacking (WiReD)
    NOAA storm-spotting app was suspended after being overrun with
    false and hateful reports (WashPost)
    An invisible hand: Patients aren't being told about the AI systems
    advising their care (StatNews)
    CJEU rejects EU-US Privacy Shield (EAID-Berlin)
    EU court rules U.S. servers not private enough for its citizens' data
    (WashPost)
    When tax prep is free, you may be paying with your privacy (WashPost)
    Re: Why Some Birds Are Likely To Hit Buildings (Keith Medcalf)
    Re: 24-Year-Old Australian Man Spent $2 Million After a Bank Glitch
    (Martin Ward)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Wed, 15 Jul 2020 15:10:24 -0700
    From: Paul Saffo <pa...@saffo.com>
    Subject: High-profile Twitter accounts hacked (Sundry sources)

    Biden, Gates, Musk: Bitcoin scam breaches some of world's most prominent Twitter accounts

    The Twitter accounts of Barack Obama, Jeff Bezos, Joe Biden, Elon Musk and
    many other high-profile people and companies became pawns Wednesday in one
    of the most visible cyberscams in the Internet's history.

    Suspected bitcoin scammers grabbed control of accounts belonging to the rich
    and famous, as well as lower-profile accounts, for more than two hours
    during the afternoon and tricked at least a few hundred people into
    transferring the cryptocurrency.

    A tweet typical of the attack sent from the account of Bill Gates, the
    software mogul who is the world's second-wealthiest person, promised to
    double all payments sent to his Bitcoin address for the next 30 minutes.

    ``Everyone is asking me to give back, and now is the time. You send $1,000,
    I send you back $2,000.''

    Similar tweets appeared on the accounts of rapper Kanye West, investor
    Warren Buffett and corporations including Apple, Wendy's, Uber and the money
    transfer app Cash.

    Twitter said it was looking into the attack.

    ``We are aware of a security incident impacting accounts on Twitter. We are
    investigating and taking steps to fix it. We will update everyone shortly,''
    the company said in a tweet.

    [See also
    A Brazen Online Attack Targets V.I.P. Twitter Users in a Bitcoin Scam
    Twitter lost control of its internal systems to Bitcoin-scamming hackers
    A Twitter insider was responsible for a wave of high profile account
    takeovers on Wednesday, according to leaked screenshots obtained by
    Motherboard and two sources who took over accounts. [...]
    Hackers Convinced Twitter Employee to Help Them Hijack Accounts
    After a wave of account takeovers, screenshots of an internal Twitter user
    administration tool are being shared in the hacking underground:.
    Hackers Convinced Twitter Employee to Help Them Hijack Accounts
    ]

    [Assume everything can be hacked -- and most easily by insiders.
    Perhaps the only sane policy is this: Always say/write what you believe
    to be true, because everyone may be listening or someone may hack into
    it. And damn the torpedos. The truth will out, even if it may take a
    long time. PGN]

    [Lauren Weinstein also noted (with no URL):
    Twitter shutdown of verified accounts blocked NWS from issuing tornado
    warnings. PGN]

    ------------------------------

    Date: Thu, 16 Jul 2020 15:44:54 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Russian Hackers Trying to Steal Coronavirus Vaccine Research,
    Intelligence Agencies Say

    The hackers have been targeting British, Canadian and American organizations researching vaccines using spear-phishing and malware.

    Russia Is Trying to Steal Virus Vaccine Data, Western Nations Say

    ------------------------------

    Date: Thu, 16 Jul 2020 08:32:32 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: Iranian Spies Accidentally Leaked Videos of Themselves Hacking
    (WiReD)

    Iranian Spies Accidentally Leaked Videos of Themselves Hacking

    ------------------------------

    Date: Tue, 14 Jul 2020 21:20:17 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: NOAA storm-spotting app was suspended after being overrun with
    false and hateful reports (WashPost)

    The NOAA's "mPING" application was compromised, sending false severe weather data to forecasters and the public.

    https://www.washingtonpost.com/weather/2020/07/14/noaa-app-mping-suspended/

    ------------------------------

    Date: July 16, 2020 at 22:08:12 GMT+9
    From: Richard Forno <rfo...@infowarrior.org>
    Subject: An invisible hand: Patients aren't being told about the AI systems
    advising their care (StatNews)

    Rebecca Robbins and Erin Brodwin, 15 Jul 2020, via Dave Farber

    Since February of last year, tens of thousands of patients hospitalized at
    one of Minnesota's largest health systems have had their discharge planning
    decisions informed with help from an artificial intelligence model. But few
    if any of those patients has any idea about the AI involved in their care.

    That's because frontline clinicians at M Health Fairview generally don't
    mention the AI whirring behind the scenes in their conversations with
    patients.

    At a growing number of prominent hospitals and clinics around the country,
    clinicians are turning to AI-powered decision support tools -- many of them
    unproven -- to help predict whether hospitalized patients are likely to
    develop complications or deteriorate, whether they're at risk of
    readmission, and whether they're likely to die soon. But these patients and
    their family members are often not informed about or asked to consent to the
    use of these tools in their care, a STAT examination has found.

    The result: Machines that are completely invisible to patients are
    increasingly guiding decision-making in the clinic.

    Hospitals and clinicians ``Care operating under the assumption that you do
    not disclose, and that's not really something that has been defended or
    really thought about,'' Harvard Law School professor Glenn Cohen said. Cohen
    is the author of one of only a few articles examining the issue, which has
    received surprisingly scant attention in the medical literature even as
    research about AI and machine learning proliferates.

    https://www.statnews.com/2020/07/15/artificial-intelligence-patient-conse-hospitals/

    ------------------------------

    Date: Thu, 16 Jul 2020 16:01:25 +0100
    From: Martyn Thomas <mar...@72f.org>
    Subject: CJEU rejects EU-US Privacy Shield (EAID-Berlin)

    European Academy for Freedom of Information and Data Protection

    If you are baffled by the penultimate sentence, replace "wear" by "carry".
    (with thanks to Judith Rauhofer for the explanation that "tragen" in German
    has both meanings).

    [Conversely, the German language used to uses "Sicherheit" for both
    security and safety. Perhaps that has changed with the use of
    Cyber/Kyber/...? PGN]

    ------------------------------

    Date: Thu, 16 Jul 2020 18:32:51 +0900
    From: far...@gmail.com
    Subject: EU court rules U.S. servers not private enough for its citizens'
    data (WashPost)

    https://www.washingtonpost.com/worl...c0fe06-c736-11ea-a825-8722004e4150_story.html

    ------------------------------

    Date: Wed, 15 Jul 2020 09:47:57 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: When tax prep is free, you may be paying with your privacy
    (WashPost)

    *Free* tax software is not all created equal. Some want to upsell you.
    Others want the data in your tax return.

    https://www.washingtonpost.com/tech...-is-free-you-may-be-paying-with-your-privacy/

    ------------------------------

    Date: Tue, 14 Jul 2020 21:46:33 -0600
    From: "Keith Medcalf" <kmed...@dessus.com>
    Subject: Re: Why Some Birds Are Likely To Hit Buildings (Scientific American)

    While this may be entertaining, I would point out that it is unlikely that
    the bird was responsible for the collision. I would suggest that the more
    realistic situation is that the bird was just flying along minding its own
    business when a bloody big fat and fast moving airplane that was not
    watching where it was going ran into the poor bird.

    Calling it a "bird strike" is ridiculous. The bird did not strike the
    aeroplane, the aeroplane ran down the bird. And then the aeroplane and its
    operator carried on away from the scene of the mishap -- in actual fact the
    aeroplane pilot committed a hit and run.

    I suppose we should also call pedestrian collisions with automobiles
    "pedestrian strikes" and blame it on the pedestrian deliberately striking
    the automobiles. It would certainly put an end to a lot of issues if we did
    this.

    ------------------------------

    Date: Wed, 15 Jul 2020 15:05:01 +0100
    From: Martin Ward <mar...@gkc.org.uk>
    Subject: Re: 24-Year-Old Australian Man Spent $2 Million After a Bank
    Glitch (RISKS-32.09)

    Given that the court ruled that the overdraft was perfectly legal, and Milky
    therefore had a legal right to spend the money, it may well have been the
    *bank* that acted illegally in confiscated Milky's belongings. So, writing
    off the rest of his debt and hoping that he wouldn't go after them is the
    best that they can do, under the circumstances.

    ------------------------------

    Date: Mon, 1 Jun 2020 11:11:11 -0800
    From: RISKS-...@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    => SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    => SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    => SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    => The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    ==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.11
    ************************
     
  2. LakeGator

    LakeGator Mostly Harmless Moderator

    4,813
    556
    368
    Apr 3, 2007
    Tampa
    Risks Digest 32.12

    RISKS List Owner

    Jul 20, 2020 4:50 PM

    Posted in group: comp.risks

    RISKS-LIST: Risks-Forum Digest Monday 20 July 2020 Volume 32 : Issue 12

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
    Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <The RISKS Digest> as
    <The RISKS Digest, Volume 32 Issue 12>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    `Friendliest,' not fittest, is key to evolutionary survival, scientists
    argue in their new book (The Hour)
    Russian group targeted COVID-19 vaccine research in Canada, U.S. and UK, say
    intelligence agencies (CBC)
    Cloudflare DNS goes down, taking a large piece of the Internet with it
    (TechCrunch)
    Boeing's future is cloudy as it tries to restore credibility (WashPost)
    Seven 'no log' VPN providers accused of leaking -- yup, you guessed it --
    1.2TB of user logs onto the Internet (The Register)
    Outlook Woes: I have no email and I must scream (Computerworld)
    The Anatomy of a Cisco Counterfeit Shows Its Dangerous Potential (WiReD)
    Bottleneck for U.S. Coronavirus Response: The Fax Machine (NYTimes)
    The Role of Cognitive Dissonance in the Pandemic (The Atlantic)
    Machine Learning (MIT Tech Review)
    Re: The Dark Secret at the Heart of AI (Matthew Kruk)
    Re: An invisible hand: Patients aren't being told about the AI
    systems advising their care (Amos Shapir)
    Re: When tax prep is free, you may be paying with your privacy (Amos Shapir,
    Chris Drewe)
    Re: Why Some Birds Are Likely To Hit Buildings (Richard Stein,
    Craig S. Cottingham)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Mon, 20 Jul 2020 08:41:10 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: `Friendliest,' not fittest, is key to evolutionary survival,
    scientists argue in their new book (The Hour)

    British naturalist Charles Darwin got it right, but maybe we got Darwin
    wrong.

    Most people assume that Darwin was talking about physical strength when
    referring to *survival of the fittest*, meaning that a tougher, more
    resilient species always will win out over its weaker counterparts. But
    what if he didn't mean that at all?

    Scientists Brian Hare and Vanessa Woods, both researchers at Duke
    University's Center for Cognitive Neuroscience, believe something else has
    been at work among species that have thrived throughout history,
    successfully reproducing to sustain themselves, and it has nothing to do
    with beating up the competition.

    Their new book, Survival of the Friendliest: Understanding Our Origins and
    Rediscovering Our Common Humanity <https://amzn.to/30tOgez>, posits that
    friendly partnerships among species and shared humanity have worked
    throughout centuries to ensure successful evolution. Species endure --
    humans, other animals and plants - they write, based on friendliness,
    partnership and communication. And they point to many life examples of
    cooperation and sociability to prove it.

    ``Survival of fittest, which is what everyone has in mind as evolution and
    natural selection, has done the most harm of any folk theory that has
    penetrated society,'' Hare says. ``People think of it as strong alpha males
    who deserve to win. That's not what Darwin suggested, or what has been
    demonstrated. The most successful strategy in life is friendliness and
    cooperation, and we see it again and again.''

    ``Dogs are exhibit A. They are the extremely friendly descendants of
    wolves. They were attracted to humans and became friendly to humans, and
    changed their behavior, appearance and developmental makeup. Sadly, their
    close relative, the wolf, is threatened and endangered in the few places
    where they live, whereas there are hundreds of millions of dogs. Dogs were
    the population of wolves that decided to rely on humans - rather than
    hunting - and that population won big.''

    In nature, for example, flowering plants attract animals to spread their
    pollen, forming a partnership that benefits both. ``The plants provide food
    and energy, while the animals provide transportation for the pollen,'' Hare
    says. [...]

    'Friendliest,' not fittest, is key to evolutionary survival, scientists argue in their new book

    [Tom Van Vleck suggests Darwin's statement is a tautology: the fittest
    are by definition the ones that survive! PGN]

    ------------------------------

    Date: Thu, 16 Jul 2020 19:06:09 -0600
    From: "Matthew Kruk" <mkr...@gmail.com>
    Subject: Russian group targeted COVID-19 vaccine research in Canada,
    U.S. and UK, say intelligence agencies (CBC)

    A hacker group *almost certainly* backed by Russia is trying to steal
    COVID-19-related vaccine research in Canada, the U.K. and the U.S.,
    according to intelligence agencies in all three countries.

    The Communications Security Establishment (CSE), responsible for Canada's
    foreign signals intelligence, said APT29 - also known as Cozy Bear and the
    Dukes - is behind the malicious activity.

    The group was accused of hacking the Democratic National Committee before
    the 2016 U.S. election.

    Russian group targeted COVID-19 vaccine research in Canada, U.S. and U.K., say intelligence agencies | CBC News

    [See also Julian E. Barnes, *The New York Times*, 17 July 2020,
    Hackers sought data from companies trying to eradicate coronavirus
    PGN]

    ------------------------------

    Date: Fri, 17 Jul 2020 15:13:13 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: Cloudflare DNS goes down, taking a large piece of the Internet with
    it (TechCrunch)

    Cloudflare outage takes down Discord, Shopify, Politico and others – TechCrunch

    ------------------------------

    Date: Sun, 19 Jul 2020 18:24:52 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Boeing's future is cloudy as it tries to restore credibility
    (WashPost)

    Boeing is also scrambling to prove it can fly astronauts safely to low Earth
    orbit. In December, a test flight of its Starliner spacecraft without any
    astronauts onboard ran into trouble as soon as it reached orbit. A software
    problem reminiscent of the issues with the 737 Max made the spacecraft think
    it was at a different point in the mission. As engineers moved to fix that
    problem, they uncovered another that could have caused the service module to
    collide with the crew module when they separated in flight. They were able
    to quickly send up a software fix to that problem so that the two modules
    separated cleanly.

    The problems prevented the spacecraft from docking with the International
    Space Station, and Boeing had to bring the spacecraft home after just two
    days.

    Since then, NASA and Boeing launched an investigation, and Boeing said it
    has better integrated its hardware and software teams, and has taken a hard
    look at its culture and processes. It's also reviewed all 1 million lines of
    code in the spacecraft ``resulting in increased robustness of flight
    software,'' the company said in a statement to The Post. [...]

    Nearly a decade after winning the Air Force contract to build a fleet of
    KC-46 Pegasus aerial refueling tankers, Boeing's assembly lines outside of
    Seattle have been busy. The company has delivered 34 of the planes so far.

    But the military has said it won't be able to use them for most missions
    until at least 2023 because of persistent technical flaws.

    The plane's boom, the long tube through which fuel is transferred, isn't
    flexible enough to safely link up with smaller jets. And the Defense
    Department's testing office has determined that the complex camera system
    that guides the boom into place isn't accurate enough. The Air Force also
    has repeatedly found trash, wrenches and other debris scattered inside newly
    delivered jets.

    The Washington Post

    ------------------------------

    Date: Sat, 18 Jul 2020 08:20:36 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: Seven 'no log' VPN providers accused of leaking -- yup, you guessed
    it -- 1.2TB of user logs onto the Internet (The Register)

    Seven 'no log' VPN providers accused of leaking – yup, you guessed it – 1.2TB of user logs onto the internet

    [Gabe Goldberg noted this as well: VPN with 'strict no-logs policy'
    exposed millions of user log files including account passwords
    VPN with 'strict no-logs policy' exposed millions of user log files including account passwords
    PGN]

    ------------------------------

    Date: Sun, 19 Jul 2020 15:32:35 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Outlook Woes: I have no email and I must scream (Computerworld)

    It turns out someone in Microsoft's quality assurance team (There is one,
    RIGHT!?) didn't bother to test the newest edition of Outlook with the latest
    version of Windows. I mean why would you want to check that e-mail, an
    application almost no one uses today, actually works with your main
    operating system??

    The truth is there was never anything wrong with your PST files. Somehow,
    the combination of the newest versions of Outlook and Windows led to a total
    failure. The fix required you to manually edit your registry – always a fun
    job for a user who's miles away from the closest tech support staff.

    Outlook Woes: I have no email and I must scream

    ------------------------------

    Date: Sun, 19 Jul 2020 15:39:10 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: The Anatomy of a Cisco Counterfeit Shows Its Dangerous Potential
    (WiReD)

    By tearing down bootleg network switches, researchers found ample
    opportunity for malice -- but no signs of a backdoor this time.

    The Anatomy of a Cisco Counterfeit Shows Its Dangerous Potential

    ------------------------------

    Date: Sat, 18 Jul 2020 10:32:02 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Bottleneck for U.S. Coronavirus Response: The Fax Machine (NYTimes)

    Before public health officials can manage the pandemic, they must deal with
    a broken data system that sends incomplete results in formats they can't
    easily use.

    Bottleneck for U.S. Coronavirus Response: The Fax Machine

    ------------------------------

    Date: Sat, 18 Jul 2020 12:52:48 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: The Role of Cognitive Dissonance in the Pandemic (The Atlantic)

    The minute we make any decision —- I think COVID-19 is serious; no, I'm sure
    it is a hoax -- we begin to justify the wisdom of our choice and find
    reasons to dismiss the alternative.

    The Role of Cognitive Dissonance in the Pandemic

    ------------------------------

    Date: Thu, 16 Jul 2020 18:02:25 PDT
    From: "Peter G. Neumann" <neu...@csl.sri.com>
    Subject: Machine Learning (MIT Tech Review)

    Machine learning is a black box. That makes it a double-edged sword?

    The Dark Secret at the Heart of AI

    ------------------------------

    Date: Sun, 19 Jul 2020 13:04:26 -0600
    From: "Matthew Kruk" <mkr...@gmail.com>
    Subject: Re: The Dark Secret at the Heart of AI (RISKS-32.11)

    In 2016, a strange self-driving car was released onto the quiet roads of
    Monmouth County, New Jersey. The experimental vehicle, developed by
    researchers at the chip maker Nvidia, didn't look different from other
    autonomous cars, but it was unlike anything demonstrated by Google, Tesla,
    or General Motors, and it showed the rising power of artificial
    intelligence. The car didn't follow a single instruction provided by an
    engineer or programmer. Instead, it relied entirely on an algorithm that
    had taught itself to drive by watching a human do it.

    The Dark Secret at the Heart of AI

    ------------------------------

    Date: Sun, 19 Jul 2020 11:04:29 +0300
    From: Amos Shapir <amo...@gmail.com>
    Subject: Re: An invisible hand: Patients aren't being told about the AI
    systems advising their care (RISKS-32.11)

    A somewhat apocryphal story I've heard (but now cannot verify), at the time
    when AI systems were just making their first steps in the world:

    A graduate student was tasked with generating an AI system to distinguish
    between benign and malignant cells in microscope images, for research at a
    local hospital. The hospital gave him a pile of images, and an oncologist
    doctor to help him decipher them.

    So they sat down, and the doctor started to go over the images, stating
    ``this is malignant, this is not, this is malignant...'' The student had to
    stop her ``but can you please explain a bit more about how you make the
    distinction?'' She looked at him sternly and said ``Look, young man; I've
    been doing this for 30 years now, and when I say it's malignant, it's
    malignant!.''

    I hope AI systems had improved since then!

    [AI has actually improved, but the over-hyping has not? PGN]

    ------------------------------

    Date: Sun, 19 Jul 2020 11:06:57 +0300
    From: Amos Shapir <amo...@gmail.com>
    Subject: Re: When tax prep is free, you may be paying with your privacy
    (RISKS-32.11)

    It seems that the old principle is still valid: ``If you're not paying,
    you're not the customer, you're the merchandise.''

    ------------------------------

    Date: Sun, 19 Jul 2020 18:10:02 +0100
    From: Chris Drewe <e76...@yahoo.co.uk>
    Subject: Re: When tax prep is free, you may be paying with your privacy
    (RISKS-32.11)

    No such thing as a free lunch, as the saying goes. This has been the case
    for many other topics over the years; just from my memory:

    * Since I was a kid, garages have been offering ``have a free safety check
    on your car from us'', which makes cynics wonder how the 'free' offer is
    paid for.

    * Not sure if this is still the case, but in the UK banks often used to
    provide travel insurance as one of the benefits of holding an account,
    either 'free' or with a modest additional payment. Reportedly the problem
    is that this will likely be a minimum-cost generic policy which may not
    actually meet your needs and/or may have unexpected limitations,
    e.g. 'hazardous activities', which could be anything. If you've actually
    paid for your insurance, you're more likely to get what you wanted.

    * Historically, buying a house in the UK was strictly controlled; mortgages
    were generally only obtainable from building societies (non-profit
    organisations run like credit unions) and only proper lawyers could do
    conveyancing (handling the sale contract and title deed documents). In
    the early 1980s these controls were relaxed so loads of financial
    organisations now offer mortgages. As it happened, a work colleague was
    buying his first house at the time, and a common offer was ``if you get
    your mortgage from us we'll give you free conveyancing,'' but as he said,
    if you are paying for the lawyer yourself, you know who he/she is working
    for.

    * Businesses offering maintenance and repair work may offer fixed-price
    jobs, which appear to have the attraction of avoiding any nasty surprises
    with the bill, but I have a feeling that unexpected costs may be against
    your interests and in favour of the business, in the sense that the
    business will try to do the work as cheaply as possible as this is to
    their benefit, while they may be less inclined to put in any extra effort
    to deal with unexpected difficulties.

    ------------------------------

    Date: Fri, 17 Jul 2020 18:33:28 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: Re: Why Some Birds Are Likely To Hit Buildings (RISKS-32.11)

    The *bird strike* term labels a cruel and unfortunate incident in use since
    1988 per Bird strike - Wikipedia.

    The FAA's wildlife strike reporting mechanism was a serendipitous discovery
    via web search query for *bird strike* while composing.

    I was surprised to learn of the reporting system's existence, and supposed a
    simple calculation of incident rate would inform the flying public.

    ------------------------------

    Date: Fri, 17 Jul 2020 08:14:49 -0500
    From: "Craig S. Cottingham" <cr...@cottingham.net>
    Subject: Re: Why Some Birds Are Likely To Hit Buildings (RISKS-32.11)

    While I assume that the correspondent's tongue is planted in their cheek, I
    would like to point out that according to maritime rules of the road (and I
    would guess that aviation rules are similar), the more maneuverable craft is
    supposed to give way to the less maneuverable craft should their courses
    intersect. If I, operating a personal watercraft such as what is
    colloquially referred to as a *jet ski*, were mowed down by a Panamax-class
    container ship under the command of the correspondent, the latter would
    likely not be held responsible, as I should have given way to the bloody big
    fat and fast moving other vessel.

    (Removing *my* tongue from my cheek at this point.)

    ------------------------------

    Date: Mon, 1 Jun 2020 11:11:11 -0800
    From: RISKS-...@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    => SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    RISKS Info Page

    => SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    => SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    => The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <riskinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    => OFFICIAL ARCHIVES: The RISKS Digest takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    The RISKS Digest --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: The RISKS Forum Mailing List (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    ==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <Join ACM>

    ------------------------------

    End of RISKS-FORUM Digest 32.12
    ************************
     
    Last edited by a moderator: Jul 21, 2020
  3. LakeGator

    LakeGator Mostly Harmless Moderator

    4,813
    556
    368
    Apr 3, 2007
    Tampa
    Risks Digest 32.13

    RISKS List Owner

    Jul 23, 2020 7:18 PM

    Posted in group: comp.risks

    RISKS-LIST: Risks-Forum Digest Thursday 23 July 2020 Volume 32 : Issue 13

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
    Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <The RISKS Digest> as
    <The RISKS Digest, Volume 32 Issue 13>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Russia report reveals UK government failed to investigate Kremlin (WashPost)
    Iranian state hackers caught with their pants down in intercepted videos
    (Ars Technica)
    Crooks have acquired proprietary Diebold software to jackpot ATMs
    (Ars Technica)
    Major new climate study rules out less-severe global warming scenarios (MSN)
    Is it time to reassess our relationship with nature? (BBC)
    European Public Sphere Towards Digital Sovereignty for Europe (ACATech)
    How Berkshire Hathaway May Have Been Snookered in Germany (NYTimes)
    Ongoing Meow attack has nuked >1,000 databases without telling anyone why
    (Ars Technica)
    Corporate giants shut down Trump texting program (Politico)
    Thieves Are Emptying ATMs Using a New Form of Jackpotting (WIRED)
    AT&T tells customers to change their phones or they won't work anymore
    (Android Police)
    CBP does end run around warrants, simply buys license plate-reader data
    (Ars Technica)
    Wattpad warns of data breach that stole user info (CBC-CA)
    There's a reason your inbox has more malicious spam -- Emotet is back
    (Ars Technica)
    Hackers use recycled backdoor to keep a hold on hacked e-commerce server
    (Ars Technica)
    Uber helping public health officials contact-trace riders and drivers for
    Covid-19 (Forbes)
    Banks' unique pandemic problem: Now everyone is wearing a mask (WashPost)
    The Spanish government prepares to implement facial recognition tech
    (Voz Populi)
    Phone carriers that profit from robocalls could have all calls blocked (FCC)
    CBP does end run around warrants, simply buys license-plate reader data
    (Ars Technica)
    Hackers Tell the Story of the Twitter Attack From the Inside (NYTimes)
    Re: When tax prep is free, you may be paying with your privacy
    (David E. Ross, Pete Resiak)
    Re: Boeing's future is cloudy as it tries to restore credibility
    (Martin Ward, Gabe Goldberg, Martin Ward)
    Re: Darwin's tautology? (John Harper)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Tue, 21 Jul 2020 8:09:49 PDT
    From: "Peter G. Neumann" <neu...@csl.sri.com>
    Subject: Russia report reveals UK government failed to investigate Kremlin
    interference (Dan Sabbagh]

    [I had more or less assumed this, but this is certainly damning. PGN]

    Dan Sabbagh, The Guardian, 21 Jul 2020

    Russia report reveals UK government failed to investigate Kremlin
    interference.
    <Russia report reveals UK government failed to investigate Kremlin interference>

    British government and British intelligence failed to prepare or conduct any
    proper assessment of Kremlin attempts to interfere with the 2016 Brexit
    referendum, according to the long-delayed Russia report.
    <Brexit | The Guardian>

    The damning conclusion is contained within the 50-page document from
    parliament's intelligence and security committee, which said ministers ``had
    not seen or sought evidence of successful interference in UK democratic
    processes''.

    The committee, which scrutinises the work of Britain's spy agencies, said:
    ``We have not been provided with any post-referendum assessment of Russian
    attempts at interference'' -- and contrasted the response with that of the
    US. [...] This situation is in stark contrast to the US handling of
    allegations of Russian interference in the 2016 presidential election, where
    an intelligence community assessment was produced within two months of the
    vote, with an unclassified summary being made public.''

    Committee members said they could not definitively conclude whether the
    Kremlin had or had not successfully interfered in the Brexit vote because no
    effort had been made to find out. ``Even if the conclusion of any such
    assessment were that there was minimal interference, this would nonetheless
    represent a helpful reassurance to the public that the UK's democratic
    processes had remained relatively safe,'' the report added.

    The cross-party committee noted that publicly available studies have pointed
    to ``the preponderance of pro-Brexit or anti-EU stories'' on the Russia
    Today and Sputnik TV channels at the time of the vote and ``the use of
    `bots' and `trolls' on Twitter, as evidence of Russian attempt to influence
    the process.

    Committee members complained that when they asked for written evidence from
    MI5 at the start of their inquiry, the domestic spy agency ``initially
    provided just six lines of text'' prompting criticism from the committee.

    It accused MI5 of operating with ``extreme caution'' and said its ``attitude
    is illogical'' because the issue at hand was ``the protection of the process
    and mechanism from hostile state interference, which should fall to our
    intelligence and security agencies''.

    The keenly anticipated document was completed last October, but was sat on
    by Boris Johnson before the general election and only declassified and
    cleared for release by the prime minister in December.

    It could not be released until No 10 had nominated Conservative members to
    the committee, although its nominee for chair Chris Grayling was ambushed by
    opposition members who voted instead for Julian Lewis.

    Downing Street is expected to publish its own response shortly.

    ------------------------------

    Date: Wed, 22 Jul 2020 08:35:48 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Iranian state hackers caught with their pants down in intercepted
    videos (Ars Technica)

    IBM researchers steal 40GB of data from group targeting presidential campaigns.

    Iranian state hackers caught with their pants down in intercepted videos

    ------------------------------

    Date: Wed, 22 Jul 2020 08:27:56 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Crooks have acquired proprietary Diebold software to jackpot ATMs
    (Ars Technica)

    ATM maker is investigating the use of its software in black boxes used by
    thieves.

    Crooks have acquired proprietary Diebold software to “jackpot” ATMs

    ------------------------------

    Date: Wed, 22 Jul 2020 14:39:06 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Major new climate study rules out less-severe global warming
    scenarios (MSN)

    The current pace of human-caused carbon emissions is increasingly likely to
    trigger irreversible damage to the planet, according to a comprehensive
    international *study*
    <Error - Cookies Turned Off>
    released Wednesday. Researchers studying one of the most important and
    vexing topics in climate science -- how sensitive the Earth's climate is to
    a doubling of the amount of carbon dioxide in the atmosphere -- found that
    warming is extremely unlikely to be on the low end of estimates.

    These scientists now say it is likely that if human activities -- such as
    burning oil, gas and coal along with deforestation -- push carbon dioxide
    to such levels, the Earth's global average temperature will most likely
    increase between 4.1 to 8.1 degrees Fahrenheit (2.3 and 4.5 degrees
    Celsius). The previous and long-standing estimated range of climate
    sensitivity, as first laid out in a 1979 report, was 2.7 to 8.1 degrees
    Fahrenheit (1.5 to 4.5 Celsius).

    If the warming reaches the midpoint of this new range, it would be extremely
    damaging, said Kate Marvel, a physicist at NASA's Goddard Institute of Space
    Studies and Columbia University, who called it the equivalent of a
    *five-alarm fire* for the planet. [...]
    https://www.washingtonpost.com/weather/2020/07/22/climate-sensitivity-co2/

    Major new climate study rules out less severe global warming scenarios

    ------------------------------

    Date: Wed, 22 Jul 2020 14:40:05 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Is it time to reassess our relationship with nature? (BBC)

    *Western societies tend to see nature and humanity as separate. But are
    there other ways of relating to the natural world?* [...]
    Is it time to reassess our relationship with nature? - BBC Ideas

    ------------------------------

    Date: Thu, 23 Jul 2020 08:02:59 +0900
    From: Dave Farber <far...@gmail.com>
    Subject: European Public Sphere Towards Digital Sovereignty for Europe
    (ACATech)

    https://www.acatech.de/wp-content/uploads/2020/07/aca_IMP_EPS_en_WEB_FINAL.pdf

    Executive Summary

    Europe can strengthen its digital sovereignty by creating a sovereign
    European digital ecosystem that is democratically accountable to its
    citizens. A digital ecosystem that observes European values such as
    transparency, openness and privacy protection, even in its technical design,
    can create a digital public sphere that offers fair terms of access and use,
    strengthens the public debate and safeguards the plurality that forms a key
    part of Europe's identity. This sphere would be open to everyone, both
    within Europe and beyond -- the key to Europe's digital sovereignty lies not
    in isolationism but in the creation of ambitious alternatives.

    The current coronavirus crisis has shone a light not only on how digital technology is increasingly penetrating every area of our lives, but also on just how dependent Europe has become on non-European platform operators. Europe is losing its influence over the digital public sphere at a time when it has taken on a central role in the continent's economic and social life. As well as diminishing Europe's economic competitiveness and thus the prosperity of European society, this poses a particularly serious threat to people's individual freedom and privacy and to Europe's democratic values. The time has come for both the member state and European Union levels to demonstrate the common political will to actively shape a digital public sphere that provides a basis for democratic debate, public opinion-forming and respect for European values, and to develop and establish an open European digital ecosystem that offers a genuine alternative. If incorporated into the special funding!
    measures to overcome the coronavirus crisis, this European Public Sphere (EPS) can also provide a huge opportunity for European companies and start-ups, thereby helping to boost value creation in Europe.

    This paper describes how a European Public Sphere can be established as an alternative European ecosystem, and sets out
    the concrete measures that will be necessary in order to do so. These include:

    * Design of a technology infrastructure for delivering the digital public
    sphere as a public service.

    * Formulation of a technology strategy characterised by modularity,
    interoperability, openness and transparency that enables continuous
    development and a diverse range of business models.

    * Establishment of a governance entity such as a European Digital Agency or
    agency network, together with an alliance of European actors including
    content, service and infrastructure component providers, civil society
    initiatives and research institutions.

    * Government funding coupled with European regulation to kick-start the
    establishment of an open, European digital ecosystem for the development
    and operation of the key technological components and products for a
    digital public sphere.

    * Requirement for all the digital ecosystem's actors to adopt a *values
    by design* approach.

    These measures will enable the establishment of a trusted digital public
    sphere for the citizens of Europe that puts European values first and that
    facilitates cross-border services and a dialogue between people who live in
    different countries and speak different languages.

    Together with key partner France, and in conjunction with the European
    Commission and European Parliament, the Trio Presidency of Germany, Portugal
    and Slovenia can initiate the European Public Sphere as an ambitious,
    pan-European development project. Provided that they receive the necessary
    backing and financial support from government, stakeholders from the private
    sector, culture, civil society and academia are ready to create an
    alternative European digital ecosystem.

    ------------------------------

    Date: Tue, 21 Jul 2020 12:08:48 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: How Berkshire Hathaway May Have Been Snookered in Germany (NYTimes)

    A unit of Warren Buffett's empire paid an inflated price for a pipe maker
    that used fake sales to look profitable, an arbitration panel concluded. The
    firm was close to bankruptcy.

    https://www.nytimes.com/2020/07/01/business/berkshire-hathaway-fraud-germany.html

    ------------------------------

    Date: Thu, 23 Jul 2020 08:36:47 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Ongoing Meow attack has nuked >1,000 databases without telling
    anyone why (Ars Technica)

    Ongoing attack hitting unsecured data leaves the word "meow" as its calling card.

    https://arstechnica.com/information...bases-have-been-nuked-by-mystery-meow-attack/

    ------------------------------

    Date: Tue, 21 Jul 2020 12:20:47 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Corporate giants shut down Trump texting program (Politico)

    It took days to resolve anti-spam concerns that halted a 4 July 2020 test
    run, costing Trump donations and raising GOP fears about November.

    https://www.politico.com/news/2020/07/20/trump-massive-texting-program-suspended-372302

    ------------------------------

    Date: Wed, 22 Jul 2020 23:23:28 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Thieves Are Emptying ATMs Using a New Form of Jackpotting (WIRED)

    The new hardware-based attack, which has targeted machines across Europe,
    can yield a stream of cash for the attacker.

    https://www.wired.com/story/thieves-are-emptying-atms-using-a-new-form-of-jackpotting/

    ------------------------------

    Date: Thu, 23 Jul 2020 08:19:21 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: AT&T tells customers to change their phones or they won't work anymore
    (Android Police)

    Even recent unlocked phones like the Galaxy S10e or the Nokia 6.1 are
    affected

    Amid an economy-crushing pandemic, AT&T has decided that now is the best
    time to send a scaremongering email to some customers, telling them that
    their device "is not compatible with the new network and you need to replace
    it to continue receiving service." The email conveniently doesn't explicitly
    mention that this will only affect customers as late as February 2022, only
    linking to that information. [...]

    https://www.androidpolice.com/2020/...hange-their-phones-or-they-wont-work-anymore/

    [Lauren Weinstein commented that AT&T email about phone shutoffs was so
    confusing some users thought it was a scam.
    https://arstechnica.com/information...ut-network-change-in-bid-to-sell-more-phones/
    Also noted by Gabe Goldberg. PGN]

    ------------------------------

    Date: Tue, 21 Jul 2020 23:49:30 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: CBP does end run around warrants, simply buys license plate-reader
    data (Ars Technica)

    How does "unreasonable search" work when any agency can buy data from
    anywhere?

    https://arstechnica.com/tech-policy...rrants-simply-buys-license-plate-reader-data/

    ------------------------------

    Date: Tue, 21 Jul 2020 22:37:10 -0600
    From: "Matthew Kruk" <mkr...@gmail.com>
    Subject: Wattpad warns of data breach that stole user info (CBC-CA)

    Wattpad Corp. has provided more details about a breach of user data provided
    to its online storytelling platform. The Toronto-based company has sent out
    a note to users that says hackers may have had access to email addresses,
    birth dates, the gender of members and encrypted passwords.

    It says user stories, private messages, and phone numbers were not part of
    this incident.

    https://www.cbc.ca/news/business/wattpad-data-breach-1.5657724

    ------------------------------

    Date: Wed, 22 Jul 2020 08:30:37 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: There's a reason your inbox has more malicious spam -- Emotet is
    back (Ars Technica)

    After taking a five-month break, the botnet returns with a short burst of
    activity.

    https://arstechnica.com/information...eturns-with-250k-strong-blast-of-toxic-email/

    ------------------------------

    Date: Wed, 22 Jul 2020 08:22:26 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Hackers use recycled backdoor to keep a hold on hacked e-commerce
    server (Ars Technica)

    Easy-to-miss script can give attackers a new access should they ever be
    booted out.

    https://arstechnica.com/information...or-to-keep-a-hold-on-hacked-ecommerce-server/

    ------------------------------

    Date: Wed, 22 Jul 2020 01:55:32 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Uber helping public health officials contact-trace riders and
    drivers for Covid-19 (Forbes)

    Uber said Monday that it had established a service to give public health
    officials access to data within hours on riders and drivers who are presumed
    to have come in contact with someone infected with Covid-19, helping to fill
    in a gap in the coronavirus response of the U.S., which does not have a
    federal contact tracing program.

    https://www.forbes.com/sites/elanag...riders-and-drivers-for-covid-19/#a067c957b07e

    ------------------------------

    Date: Thu, 23 Jul 2020 09:47:00 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: Banks' unique pandemic problem: Now everyone is wearing a mask
    (WashPost)

    https://www.washingtonpost.com/business/2020/07/22/face-mask-banks/

    "There have already been 'recent reports of face-covering-related robberies
    at bank branches...make clear that broadly applicable face mask requirements
    are not safe or sustainable on a permanent basis.'"

    A new bank visitation protocol to deter the criminally inept:

    a) Remove face mask for a photograph to gain unobstructed bank entry.
    Assumes one does not wear a 2nd disguise.
    b) If undeterred, pass the "Abt natural, I have a gub" note (per Woody
    Allen's "Take the Money and Run") to the teller.

    ------------------------------

    Date: Wed, 22 Jul 2020 14:43:12 -0400
    From: =?iso-8859-1?Q?Jos=E9_Mar=EDa?= Mateos <ch...@rinzewind.org>
    Subject: The Spanish government prepares to implement facial recognition tech
    (Voz Populi)

    Original article:
    https://www.vozpopuli.com/economia-...to-facial-causas-pendientes_0_1375363234.html.

    Automatic translation:
    https://translate.google.com/transl...to-facial-causas-pendientes_0_1375363234.html

    > The Ministry of the Interior wants a solution based on facial recognition
    > to be installed in large sporting or cultural shows football matches,
    > concerts ... that allows detecting people with pending cases with the
    > Justice.

    ------------------------------

    Date: Wed, 22 Jul 2020 08:33:31 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Phone carriers that profit from robocalls could have all calls
    blocked (FCC)

    Safe harbor lets phone companies block all calls from bad-actor telecoms.

    https://arstechnica.com/tech-policy...-from-robocalls-could-have-all-calls-blocked/

    ------------------------------

    Date: Wed, 22 Jul 2020 08:32:29 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: CBP does end run around warrants, simply buys license-plate
    reader data (Ars Technica)

    How does "unreasonable search" work when any agency can buy data from
    anywhere?

    US Customs and Border Protection can track everyone's cars all over the
    country thanks to massive troves of automated license plate scanner data, a
    new report reveals -- and CBP didn't need to get a single warrant to do it.
    Instead, the agency did just what hundreds of other businesses and
    investigators do: straight-up purchase access to commercial databases.

    CBP has been buying access to commercial automated license plate-reader
    (ALPR) databases since 2017, TechCrunch reports, and the agency says bluntly
    that there's no real way for any American to avoid having their movements
    tracked. [...]

    https://arstechnica.com/tech-policy...rrants-simply-buys-license-plate-reader-data/

    ------------------------------

    Date: Thu, 23 Jul 2020 16:03:37 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Hackers Tell the Story of the Twitter Attack From the Inside
    (NYTimes)

    [Re: High-profile Twitter accounts hacked (RISKS-32.11)]

    Several people involved in the events that took down Twitter this week spoke
    with *The Times*, giving the first account of what happened as a pursuit of
    Bitcoin spun out of control.

    OAKLAND, Calif. A Twitter hacking scheme that targeted political, corporate
    and cultural elites this week began with a teasing message between two
    hackers late Tuesday on the online messaging platform Discord.

    ``yoo bro,'' wrote a user named Kirk, according to a screenshot of the
    conversation shared with The New York Times. ``i work at twitter / don't
    show this to anyone / seriously.''

    He then demonstrated that he could take control of valuable Twitter accounts
    -- the sort of thing that would require insider access to the company's
    computer network.

    https://www.nytimes.com/2020/07/17/technology/twitter-hackers-interview.html

    ------------------------------

    Date: Mon, 20 Jul 2020 17:11:46 -0700
    From: "David E. Ross" <da...@rossde.com>
    Subject: Re: When tax prep is free, you may be paying with your privacy,
    (RISKS-32.11)

    For several years now, I have been an unpaid AARP (American Association of
    Retired Persons) volunteer doing U.S. and California income tax returns.
    Our clients do not pay for the service. Their returns are filed
    electronically over encrypted Internet connections. Even before the returns
    are filed, we print paper copies of their returns at the time of service for
    them to take home.

    We retain NO client data when we do taxes, not one piece of paper brought by
    a client or generated by our volunteers. If a client forgets to take all
    paper, we contact that client to return to the facility to collect it.
    Otherwise, the paper is shredded.

    We ask our clients whether they want to be contacted by AARP regarding other
    services, but we do not urge them to say "yes". We ask our clients whether
    they want their tax returns made available electronically to other AARP
    locations the following year to simplify data entry, but we do not urge them
    to say "yes". We ask our clients whether they want their tax returns made
    available electronically to other authorized free services authorized by the
    Internal Revenue Service the following year, but we do not urge them to say
    "yes".

    Overall, the AARP Tax-Aide service operates with strict rules protecting the
    client's data. Using those data for any purpose other than completing a tax
    return is prohibited.

    On top of all that, the state of California's Franchise Tax Board has a Web
    site where taxpayers can enter their own data and file their returns
    electronically for free. California has very stringent laws protecting the
    privacy of its residents. The state is not in the business of selling
    personal data.

    ------------------------------

    Date: Tue, 21 Jul 2020 10:22:25 +0300
    From: Amos Shapir <amo...@gmail.com>
    Subhect: Re: The Dark Secret at the Heart of AI (RISKS-32.12)

    > "it relied entirely on an algorithm that had taught itself to drive by
    > watching a human do it."

    Does this mean that it learned about traffic lights, "Red = stop, Green =
    go, Yellow == charge forward at top speed to catch it before it turns red"?

    ------------------------------

    Date: Tue, 21 Jul 2020 17:13:00 +0200
    From: Pete <d...@resiak.org>
    Subject: Re: When tax prep is free, you may be paying with your privacy
    (RISKS-32.11)

    > It seems that the old principle is still valid: ``If you're not paying,
    > you're not the customer, you're the merchandise.''

    The canton of Zurich provides free tax preparation software for private
    persons: you can do it online, with access to your previous tax records, or
    you can download the software and do it offline on your own computer --
    Windows, Mac, or Linux. There the software can pick up and use last year's
    data if you've kept it; and you generate PDF to print and mail the completed
    tax forms.

    The name of the software is "Private Tax". It works, and it saves time and
    money for the tax office as well as for individual taxpayers. I have a hard
    time thinking of any down side to this.

    ------------------------------

    Date: Tue, 21 Jul 2020 17:43:05 +0100
    From: Martin Ward <mar...@gkc.org.uk>
    Subject: Re: Boeing's future is cloudy as it tries to restore credibility
    (WashPost)

    > It's also reviewed all 1 million lines of code in the spacecraft
    > ``resulting in increased robustness of flight software''

    That sounds reassuring, but is actually rather worrying. Boeing found
    problems with their software, then uncovered another problem when fixing the
    first. So they reviewed all 1 million lines of code which resulted in
    "increased robustness".

    If the review had not found any further problems then the result would have
    been "increased confidence". "Increased robustness" on the other hand meant
    that *even more* problems were found!

    As any software engineer knows, anyone who says "I have just fixed the last
    bug" is wrong.

    ------------------------------

    Date: Tue, 21 Jul 2020 13:47:35 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Re: Boeing's future is cloudy as it tries to restore credibility
    (Ward, RISKS-32.12)

    Right. Also, what does "reviewed" mean? And by whom?

    Original developer(s)? People see what they want/expect to see. (That's
    surely true trying to edit my own writing).

    And if they don't like what they see -- they "fix" it? How many times are
    new problems introduced when fixing (maybe) old ones?

    Combine that with being rushed through the million lines. As you say, it's
    not reassuring.

    ------------------------------

    Date: Tue, 21 Jul 2020 22:02:29 +0100
    From: Martin Ward <mar...@gkc.org.uk>
    Subject: Re: Boeing's future is cloudy as it tries to restore credibility
    (Goldberg, RISKS-32.13)

    Probably junior programmers get this boring grunt work: senior programmers
    get to do more interesting jobs, like writing new code!

    I think it was IBM's OS/360 operating system that, after release,
    consistently had several thousand bug fixes per month. There are two
    possible explanations for this phenomena:

    (1) The software contained an infinite number of bugs

    (2) Each month the programmers fixed 2,000 bugs and in the process
    introduced another 2,000 bugs.

    ------------------------------

    Date: Tue, 21 Jul 2020 10:00:42 +1200 (NZST)
    From: John Harper <har...@msor.vuw.ac.nz>
    Subject: Re: Darwin's tautology? (RISKS-32.12)

    Tautologies often need to be pointed out. Mathematics textbooks from
    Euclid's Elements onward are full of them, but millions still buy them
    because they are useful.

    ------------------------------

    Date: Mon, 1 Jun 2020 11:11:11 -0800
    From: RISKS-...@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    => SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    => SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    => SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    => The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    ==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.13
    ************************
     
  4. LakeGator

    LakeGator Mostly Harmless Moderator

    4,813
    556
    368
    Apr 3, 2007
    Tampa
    Risks Digest 32.14

    RISKS List Owner

    Jul 26, 2020 7:58 PM

    Posted in group: comp.risks

    RISKS-LIST: Risks-Forum Digest Sunday 26 July 2020 Volume 32 : Issue 14

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
    Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <The RISKS Digest> as
    <The RISKS Digest, Volume 32 Issue 14>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Anatomy of an Election `Meltdown' in Georgia (NYTimes)
    Intel's Stunning Failure Heralds End of Era for U.S. Chip Sector (Bloomberg)
    Russia's GRU hackers hit U.S. government and energy targets (Ars Technica)
    Unsolicited Chinese seeds? (Washington State Dept of Agriculture)
    Homeland in Portland? No, USAF. (The Intercept)
    Finally there's a handbook on voting (Kimberly Wehle)
    Conflict Over a Rental Car Leads to Elusive ATM Skimming Suspect (NYTimes)
    Letting Your Insurer Ride Shotgun, for a Discounted Rate (NYTimes)
    The three worst things about email, and how to fix them (WashPost)
    PDF signatures useless (ZDNet)
    Google is aware of 'w5' Wi-Fi failures on some Nest thermostats and
    providing replacements (Android Police)
    Re: Boeing's future is cloudy as it tries to restore credibility
    (Joseph Gwinn)
    Re: European Public Sphere Towards Digital Sovereignty for Europe
    (Drew Dean)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Sun, 26 Jul 2020 12:44:01 -0700
    From: Peter Neumann <neu...@csl.sri.com>
    Subject: Anatomy of an Election `Meltdown' in Georgia (NYTimes)

    .. Was the Result of Cascade of Failures
    Danny Hakim, Reid J. Epstein, and Stephanie Saul
    *The New York Times*, 26 July 2020
    National Edition front page continued in pp.22-23.

    Stuggles to get the new high-text voting system working, failures to detect
    check marks instead of 'X', a huge management problem, barrage of partisan
    blame-throwing, Reps blame Fulton County (Atlanta, Dems), Dems blame just
    another Rep effort to disenfranchizes Dems, problems still unresolved six
    weeks later, with no signs of any improvements for November. "It has become
    increasingly clear that what happened in June was a collective collapse.''
    [Seriously PGN-ed, but the entire article is really scary and ominous.]

    ------------------------------

    Date: Sat, 25 Jul 2020 17:36:53 +0900
    From: David Farber <far...@keio.jp>
    Subject: Intel's Stunning Failure Heralds End of Era for U.S. Chip Sector
    (Bloomberg)

    Intel ‘Stunning Failure’ Heralds End of Era for U.S. Chip Sector

    ------------------------------

    Date: Sat, 25 Jul 2020 09:59:08 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Russia's GRU hackers hit U.S. government and energy targets
    (Ars Technica)

    Russia's GRU military intelligence agency has carried out many of the most
    aggressive acts of hacking in history: destructive worms, blackouts, and --
    closest to home for Americans -- broad hacking-and-leaking operation
    designed to influence the outcome of the 2016 U.S. presidential
    election. Now it appears the GRU has been hitting U.S. networks again, in a
    series of previously unreported intrusions that targeted organizations
    ranging from government agencies to critical infrastructure.

    Russia’s GRU hackers hit US government and energy targets

    Russia's GRU Hackers Hit US Government and Energy Targets

    ------------------------------

    Date: Sat, 25 Jul 2020 15:37:40 -0700
    From: Paul Saffo <pa...@saffo.com>
    Subject: Unsolicited Chinese seeds? (Washington State Dept of Agriculture)

    This from Facebook. Anyone know the background? Any guesses what this is
    about? Cover for drug deals? There don't seem to be any explanations on the
    web.

    People are receiving an unsolicited package of seeds from China in the mail


    Washington State Department of Agriculture, with Stephanie Marshall and 14
    others.

    Today we received reports of people receiving seeds in the mail from China
    that they did not order. The seeds are sent in packages usually stating
    that the contents are jewelry. Unsolicited seeds could be invasive,
    introduce diseases to local plants, or be harmful to livestock.

    Here's what to do if you receive unsolicited seeds from another country:

    1) DO NOT plant them and if they are in sealed packaging (as in the photo
    below) don't open the sealed package.

    2) This is known as agricultural smuggling. Report it to USDA and maintain
    the seeds and packaging until USDA instructs you what to do with the
    packages and seeds. They may be needed as evidence.

    https://www.aphis.usda.gov/=E2=80=A6/impor=E2=80=A6/sa_sitc/ct_antismuggling

    [APHIS = Animal and Plant Health Inspection Service. I don't find the
    item on the aphis site. Maybe this is the symbiosis between the Chinese
    A(u)nts and the Aphi(d)s? PGN]

    ------------------------------

    Date: Sat, 25 Jul 2020 15:36:57 -0700
    From: Paul Saffo <pa...@saffo.com>
    Subject: Homeland in Portland? No, USAF. (The Intercept)

    The Air Force Spy Plane Over Portland

    ------------------------------

    Date: Sat, 25 Jul 2020 14:23:46 -0400
    From: David Lesher <wb8...@8es.com>
    Subject: Finally there's a handbook on voting (Kimberly Wehle)

    [In need of VV education? DL]

    <https://www.washingtonpost.com/opinions/2020/06/19/finally-theres-handbook-voting/>

    Kim Wehle: Congress needs to appropriate money to the states every year
    exclusively for elections. The last serious influx of federal funding for
    equipment occurred in 2002. How many of us are using computers or flip
    phones from 18 years ago? I would like to see modern encryption technology
    brought to bear on voting so that, just like we conduct private and
    sensitive bank transactions on our phones, we vote on our phones safely and
    securely. This would address much of the fraud and the suppression concerns
    from both sides of the aisle.

    [Disclosure: She is not a RISKS reader. PGN]

    ------------------------------

    Date: Fri, 24 Jul 2020 23:31:37 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Conflict Over a Rental Car Leads to Elusive ATM Skimming Suspect
    (NYTimes)

    https://www.nytimes.com/2020/07/17/business/credit-card-skimmer-arrest-alaska.html

    The risks? Greed, hubris, patterns, personality...

    ------------------------------

    Date: Sat, 25 Jul 2020 19:06:43 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Letting Your Insurer Ride Shotgun, for a Discounted Rate (NYTimes)

    Most big car insurers offer apps that monitor your driving, and one start-up
    requires it. The trade-off in privacy is a premium that could be
    substantially cheaper for safe drivers.

    https://www.nytimes.com/2020/07/16/business/car-insurance-app-discounts.html

    Same old, same old: except here you're the product *and* the customer.

    ------------------------------

    Date: Sat, 25 Jul 2020 10:33:33 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: The three worst things about email, and how to fix them (WashPost)

    https://www.washingtonpost.com/technology/2020/07/21/gmail-alternative-hey

    The inconveniences of convenience.

    "Problem 1: Anybody can email you. And they do." True. Email account content
    can resemble a litter box. Delivery, while not 100%, surpasses snail mail
    speed and cost-effectiveness. Caveat emptor for anything that is
    free. Without authenticated credential provenance, via a nationalized (or
    global) identity, authorization, and maintenance mechanism, random and
    arbitrary recipient address email transmission is no-go.

    "Problem 2: Important stuff gets lost." True. Check your SPAM folder for
    important content mischaracterized by the latest attempt to automatically
    pick fly poop from a pepper pile. Filters are like rocket science: they
    intimidate the unskilled and uninitiated discouraging use.

    "Problem 3: Your email isn't really private." True. Corporate email service
    provider terms of service (aka, privacy policies) routinely authorize
    collection, exploitation, followed by the unfortunate involuntary breach
    (via hack or negligence) of said collected or transmitted email content.

    The privacy policy entitles the service to potentially gain from the content
    (if there's anything of value or merit) in exchange for convenient and free
    public access.

    Some entities (government security agencies specifically) might find
    interest in the names/email addresses of dissidents -- see the recent
    Twitter hack of Geert Wilders.
    https://www.washingtonpost.com/worl...79af96-ccd2-11ea-99b0-8426e26d203b_story.html.

    That "Hey" may partially mitigate these foundational email features to suit
    certain clientele (or their investors) does not diminish technological risk
    exposure.

    ------------------------------

    Date: Sat, 25 Jul 2020 14:13:58 +0930
    From: William Brodie-Tyrrell <william.br...@gmail.com>
    Subject: PDF signatures useless (ZDNet)

    It turns out that PDF cryptographic signatures do not protect the entire
    contents or visual appearance of the file. Which makes them utterly
    pointless.

    https://www.zdnet.com/google-amp/ar...eplace-content-in-digitally-signed-pdf-files/

    ------------------------------

    Date: Sat, 25 Jul 2020 09:48:23 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Google is aware of 'w5' Wi-Fi failures on some Nest thermostats
    and providing replacements (Android Police)

    If troubleshooting doesn't work, it's a known issue and you can get a
    replacement

    https://www.androidpolice.com/2020/...-nest-thermostats-and-providing-replacements/

    ------------------------------

    Date: Sat, 25 Jul 2020 16:50:15 -0400
    From: Joseph Gwinn <joeg...@comcast.net>
    Subject: Re: Boeing's future is cloudy as it tries to restore credibility
    (Ward, RISKS-32.13)

    > Probably junior programmers get this boring grunt work: senior programmers
    > get to do more interesting jobs, like writing new code! [...]

    Ahh, no. This was the customer tolerance level, to which IBM managed. As I
    recall, IBM alternated fixup releases (nothing new add, so more stable) and
    improvement releases (sorta beta test).

    ------------------------------

    Date: Sat, 25 Jul 2020 20:51:10 -0700
    From: Drew Dean <drew...@gmail.com>
    Subject: Re: European Public Sphere Towards Digital Sovereignty for Europe
    (ACATech, RISKS-32.13)

    I think there's an unmentioned risk: that of an EU boondoggle. :)

    ------------------------------

    Date: Mon, 1 Jun 2020 11:11:11 -0800
    From: RISKS-...@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    => SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    => SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    => SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    => The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    ==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.14
    ************************
     
  5. LakeGator

    LakeGator Mostly Harmless Moderator

    4,813
    556
    368
    Apr 3, 2007
    Tampa
    Risks Digest 32.15

    RISKS List Owner

    Jul 28, 2020 3:36 PM

    Posted in group: comp.risks

    RISKS-LIST: Risks-Forum Digest Tuesday 28 July 2020 Volume 32 : Issue 15

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
    Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <The RISKS Digest> as
    <The RISKS Digest, Volume 32 Issue 15>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    EncroChat (ZDNet)
    China's Huawei holds a 5G trump card (Reuters)
    Elon and Jeff are brilliant! Surely *they* can solve our broadband issues.
    (Amitel)
    Why Scientists Stored "The Wizard of Oz" in DNA (Popular Mechanics)
    Coronavirus misinformation goes wild again (NYTimes Tech)
    The dishonest reporting on the riots is breathtaking. The crisis in our
    media deepens... (Twitter)
    NIST study finds that masks defeat most facial recognition algorithms
    Only those with plastic visors were infected: Swiss government warns
    against face shields (TheLocal.ch)
    Long-Lost Computation Dissertation of Unix Pioneer Dennis Ritchie
    (Rebecca Mercuri via PGN)
    PDF signatures *worse than* useless (Anthony Thorn)
    Re: Darwin's tautology? (Martin Ward)
    Re: The three worst things about email (Dmitri Maziuk)
    Re: Unsolicited Chinese seeds? (Devon McCormick)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Mon, 27 Jul 2020 16:54:54 -0700
    From: Peter Neumann <neu...@csl.sri.com>
    Subject: EncroChat (ZDNet)

    Law enforcement in the United Kingdom has touted the takedown of encrypted
    communications platform EncroChat as its "biggest ever" operation, so far
    resulting in the arrest of 746 individuals, the seizing of 54 million pounds
    in cash, 77 firearms, and over two tons of drugs.

    EncroChat was one of the largest providers of encrypted communications and
    offered a secure mobile-phone instant-messaging service. Its sole use was
    for coordinating and planning the distribution of illicit commodities, money
    laundering, and plotting to kill rival criminals, the UK's National Crime
    Agency said.

    Police take down encrypted criminal chat platform EncroChat | ZDNet

    ------------------------------

    Date: July 28, 2020 at 08:16:44 GMT+9
    From: geoff goodfellow <ge...@iconia.com>
    Subject: China's Huawei holds a 5G trump card (Reuters)

    Huawei is not so easy for Western countries to rip out. The Chinese
    telecommunications-equipment giant founded by Ren Zhengfei owns a huge trove
    of next-generation wireless patents. As a global standard for 5G emerges,
    Huawei technology may become essential to carriers.

    For years, the Shenzhen-based company has dominated the mobile
    infrastructure market, outselling rivals Nokia and Ericsson by offering
    cheaper alternatives. But U.S. concerns that Huawei equipment could be used
    by Beijing for espionage has gained traction: officials in the UK and France
    are purging their own networks of Chinese-made kit. A similar reaction
    elsewhere will seriously dent a business that generated nearly $43 billion
    in revenue for Huawei last year, roughly a third of the company's
    total.

    Replacing antennas and mast towers is one thing, though. Even if the likes
    of Britain's Vodafone and BT remove all existing Huawei equipment -- a move
    the UK government conservatively estimates will cost 2 billion pounds --
    global carriers will still be dependent on technology from Huawei to roll
    out next generation networks. Research firm IPlytics has found that the
    Chinese outfit owns the most 5G-related patents, and of that, roughly 15% of
    the essential ones.

    Simply put, these are technical specifications global carriers can build to
    in order to ensure different networks are compatible with each other. Having
    one unified standard will be vital for 5G, which is meant to seamlessly link
    up billions of machines, cars, and gadgets around the world. [...]

    Breakingviews - China's Huawei holds a 5G trump card

    ------------------------------

    Date: Mon, 27 Jul 2020 13:14:51 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Elon and Jeff are brilliant! Surely *they* can solve our broadband
    issues. (Amitel)

    Much has happened since we last visited the wacky world of low-earth orbit
    (LEO) satellite constellations and their use in providing improved broadband
    service to Canada's rural and remote users. This past Tuesday, July 21, all
    of Iqaluit, the capital of the Territory of Nunavut was without
    communication services; no Internet, no landline, no cell service, no cable
    TV -- simply because it was raining! In a first-world country like Canada
    this is unacceptable. We need better broadband service in Canada's North
    NOW.

    There is a rash of breathless newspaper stories in the mainstream media
    touting LEO service as arriving soon to resolve our remote and rural
    broadband issues. I wrote about it before <Elon is not coming to rescue Canada’s remote broadband>,
    that Elon Musk is not coming to save us any time soon. I also wrote about
    the Chapter 11 bankruptcy of the early leader to provide LEO service to the
    Arctic, OneWeb, here <Sat Firm OneWeb Files for Bankruptcy>.
    <Sat Firm OneWeb Files for Bankruptcy> So where do we stand now on July 27, 2020?

    Well on July 10, the U.S. bankruptcy court of the Southern District of New
    York (SDNY) approved a joint $1 billion bid for OneWeb by Britain and Bharti
    Airtel. The UK government and Bharti Global, an arm of Bharti Enterprises,
    which part owns India's Airtel, will each have roughly 45 per cent of
    OneWeb. The existing secured creditors, including SoftBank of Japan,
    OneWeb's former biggest shareholder, will own the balance.

    But the landscape has changed from before OneWeb's descent into Chapter 11
    in the spring. OneWeb's original mission was to *connect the unconnected*;
    ie it wanted to provide broadband service to the millions of people around
    the world that do not have access to the Internet. The UK has invested $500M
    into OneWeb for other strategic reasons, mainly to mitigate the effects of
    Brexit on British industry. I sure hope they realize that it is going to
    cost them more, much more and that $500M was just the table stakes to play
    in the LEO game. [...]

    Elon and Jeff are brilliant ! Surely THEY can solve our broadband issues.

    ------------------------------

    Date: Mon, 27 Jul 2020 13:13:51 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Why Scientists Stored "The Wizard of Oz" in DNA (Popular Mechanics)

    *DNA Is Millions of Times More Efficient Than Your Computer's Hard Drive*

    - DNA can store far more data than a magnetic hard drive, but the
    technology is limited because the genetic material is prone to errors.
    <External Hard Drives 2020 - 6 Best Hard Drives To Store Anything>

    - Scientists at the University of Texas at Austin have come up with a
    way to store information in strands of DNA, while also correcting those
    errors.
    <Power of DNA to Store Information Gets an Upgrade>

    - To prove it, they've put the entirety of *The Wizard of Oz --
    translated into Esperant -- into strands of DNA, with greater accuracy
    than prior methods.

    When the Voyager spacecrafts launched in 1977, ready to study the outer
    limits of our solar system, they brought with them two golden phonograph
    records that each contained an assemblage of sounds and images meant to
    represent life on Earth. But in the future, the perfect next-gen space
    capsule could be found within our bodies.
    <Voyager 2 | Voyager 2 Location, Speed | What Did Voyager 2 Find>

    That's because DNA is millions of times more efficient at storing data than
    your laptop's magnetic hard drive. Since DNA can store data far more
    densely than silicon, you could squeeze all of the data in the world inside
    just a few grams of it. "Because DNA has been chosen by all of life as the
    information storage medium of choice...it turns out to be very robust," Ilya
    Finkelstein, an associate professor of molecular biosciences at the
    University of Texas at Austin, tells *Popular Mechanics. "*Long after our
    magnetic storage becomes obsolete, nature will still be using DNA."
    <Catalog claims DNA data storage is economically feasible for the first time – Blocks and Files>
    <How To Wipe a Computer | Reset Computer Guide 2019>

    Finkelstein is part of a team at the University of Texas at Austin who are
    pushing the limits on DNA-based storage methods. While this research area at
    the intersection of molecular biology and computer science has been around
    since the 1980s, scientists have struggled to find a way to correct the
    errors that DNA can be so prone to making.

    In a new paper published this week in the journal *Proceedings of the
    National Academy of Sciences*, Finkelstein and company detail their new
    error correction method, which they tested out on a classic novel. They were
    able to store the entirety of *The* *Wizard of Oz*, translated into
    Esperanto, with more accuracy than prior DNA storage methods ever could
    have. We're on the yellow brick road toward the future of data storage.

    A Brief History of DNA Storage. [...]
    What is DNA Storage? | "The Wizard of Oz" Stored In DNA

    ------------------------------

    Date: Tue, 28 Jul 2020 10:19:19 -0700
    From: Peter Neumann <neu...@csl.sri.com>
    Subject: Coronavirus misinformation goes wild again (Shira Ovide)

    Shira Ovide [PGN-excerpted from a piece called `Amazon is Jeff Bezos', *The
    New York Times* online On Tech Newsletter, 28 Jul 2020. Another timely
    item for our coverage of misinformation and truthiness. PGN]]

    Amazon Is Jeff Bezos

    In just a few hours yesterday, another video with false information about
    the coronavirus spread like wildfire on Facebook before the company started
    to stamp it out.

    The video -- which I won't link to here, but you can find on Breitbart News
    -- showed a group of purported doctors touting unproven treatments.

    One of the videos racked up 14 million views in six hours, my colleague
    Kevin Roose tweeted. A few months ago, another video filled with coronavirus
    conspiracies, called *Plandemic* was watched more than eight million times
    on YouTube, Facebook and other spots over multiple days.

    Some of you may be wondering why it's so bad for people to watch a couple of
    videos that go against the consensus of health experts. After all, there's a
    lot about the virus we don't understand.

    The problem is that it's not so easy to correct the record once someone sees
    bogus ideas. We've seen that good information doesn't necessarily undo bad
    information. Doses of falsehoods can make people doubt the recommendations
    of proven health experts -- or even, the validity of elections.

    That's why Facebook, YouTube and other Internet companies, which have
    highlighted coronavirus information from authoritative sources such as the
    Centers for Disease Control and Prevention, have said they also would be
    aggressive about deleting false information related to the virus. (On
    Tuesday, Twitter temporarily limited some functions of the account of Donald
    Trump Jr., one of the president's sons, as punishment for posting the video
    with misleading information.)

    And yet, this latest bogus video went wild, again making me wonder whether
    Facebook and other popular Internet sites are so sprawling that the
    companies can't control even the most high-profile kinds of false
    information.

    ------------------------------

    Date: Mon, 27 Jul 2020 13:11:57 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: The dishonest reporting on the riots is breathtaking. The crisis in
    our media deepens... (Twitter)



    ------------------------------

    Date: Mon, 27 Jul 2020 10:26:12 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: NIST study finds that masks defeat most facial recognition algorithms
    (VentureBeat)

    NIST study finds that masks defeat most facial recognition algorithms

    [As kids in the 1940s, some of us learned that some masked men were good
    -- e.g, The Lone Ranger!]

    ------------------------------

    Date: Mon, 27 Jul 2020 11:31:08 +0900
    From: far...@keio.jp
    Subject: Only those with plastic visors were infected: Swiss government
    warns against face shields (TheLocal.ch)

    https://www.thelocal.ch/20200715/on...d-swiss-government-warns-against-face-shields

    ------------------------------

    Date: Tue, 28 Jul 2020 14:19:52 -0400
    From: Rebecca Mercuri <not...@mindspring.com>
    Subject: Long-Lost Computation Dissertation of Unix Pioneer Dennis Ritchie

    Great article, especially for Ritchie fans -- check it out!

    The Long-Lost Computation Dissertation of Unix Pioneer Dennis Ritchie – The New Stack

    Poll: Should he have been awarded the Ph.D. posthumously? Yes / No

    [(Please to not submit your vote to RISKS.)
    Back-story: Dennis's thesis was never properly entered into the Harvard
    dissertation archives, because he did not submit a bound copy, although
    his PhD was indeed properly awarded. Risks? Having archaic rules that do
    not adapt to online submission, where today the bound copy would not have
    to be manually torn up in order to be scanned in -- assuming it could
    instead now be submitted online as a pdf! How does one submit a bound
    copy online? Unless the rule has changed, we might presume an online
    might today be optional rather than mandatory? PGN]

    ------------------------------

    Date: Mon, 27 Jul 2020 07:53:50 +0200
    From: Anthony Thorn <anthon...@atss.ch>
    Subject: PDF signatures *worse than* useless (Re: RISKS-32.14)

    Thanks to Mr Brodie-Tyrrell -- and of course the researchers -- for bring
    this to our attention.

    I just want to make a small correction ;-)

    The title should be PDF signatures WORSE THAN useless, because they give the
    appearance of security without providing it, whereas although an unsigned
    PDF has the same "layers" vulnerability, it dose not claim to be authentic.

    ------------------------------

    From: Martin Ward <mar...@gkc.org.uk>
    Date: Tue, 28 Jul 2020 10:56:37 +0100
    Subject: Re: Darwin's tautology? (Harper, RISKS-32.12)

    > Tautologies often need to be pointed out. Mathematics textbooks from
    > Euclid's Elements onward are full of them, but millions still buy them
    > because they are useful.

    There are useful tautologies, such as mathematical theorems, and
    content-free tautologies such as "Brexit means Brexit!". An argument such
    as the following is viciously circular and therefore fallacious: "God exists
    because the Bible says so. The Bible is true because it is the Word of
    God". A similar fallacious argument is: "Miracles don't happen. Therefore,
    any actual report of a miracle must be false. Therefore, there are no true
    reports of miracles. Therefore, miracles don't happen".

    On the other hand, an argument such as the Ontological Argument (for
    example, as formalised by mathematician Kurt Gödel) is a valid argument and
    tells us something useful about God: that if it is possible that God exists,
    then God does in fact necessarily exist. The argument is often criticised
    by saying "The conclusion is implicit in the premises": but this is just a
    property of every valid mathematical argument.

    "Survival of the fittest" is often defined in a way that is viciously
    circular: the "fittest" are defined as "those best fitted to survive" and
    "those best fitted to survive" are determined by looking at survival
    rates. The statement then becomes the content-free assertion "survival of
    those that survived". However, we can define "fittest" in terms of
    heritable characteristics, then the statement becomes "survivors survive,
    reproduce and therefore propagate any heritable characters which have
    affected their survival and reproductive success" which is a meaningful
    statement with a testable hypothesis: that such heritable characteristics
    actually exist.

    ["A rose is a rose is a rose" is arisen. PGN]

    ------------------------------

    Date: Sun, 26 Jul 2020 21:04:17 -0500
    From: dmaziuk <dma...@bmrb.wisc.edu>
    Subject: Re: The three worst things about email (RISKS-32.14)

    This is all very interesting I'm sure, but what does it have to do with
    e-mail?

    The article is using "issues" with 3 major web-based "e-mail providers":
    Microsoft, Google, and Yahoo, as a promo for the new "e-mail provider"
    startup who will get Everything Right(tm).

    It's just a promo piece for something called "Hey", the only risk here is
    someone might believe it has anything to do with RISKS.

    ------------------------------

    Date: Sun, 26 Jul 2020 23:36:11 -0400
    From: Devon McCormick <devo...@gmail.com>
    Subject: Re: Unsolicited Chinese seeds? (RISKS-32.14)

    I received an email like this but in my case, I have actually ordered seeds
    online that came to me from China. Each delivery was in a squarish grey
    non-rip plastic envelope with the contents listed as "stud earrings". The
    whole thing looked very amateurish, from the unlabeled enclosed tiny ziploc
    bag to the return address which was something like "the south side of the
    <something> gate, <some city>..."

    I wonder if this alert is simply the result of mis-delivered seed packages
    that were actually ordered by people. Given the slap-dash appearance of
    what I've received, that does not seem far-fetched.

    ------------------------------

    Date: Mon, 1 Jun 2020 11:11:11 -0800
    From: RISKS-...@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    => SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    RISKS Info Page

    => SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    => SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    => The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <riskinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    => OFFICIAL ARCHIVES: The RISKS Digest takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    The RISKS Digest --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: The RISKS Forum Mailing List (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    ==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.15
    ************************
     
    Last edited by a moderator: Jul 29, 2020
  6. LakeGator

    LakeGator Mostly Harmless Moderator

    4,813
    556
    368
    Apr 3, 2007
    Tampa
    Risks Digest 32.16

    RISKS List Owner

    Jul 31, 2020 1:20 AM

    Posted in group: comp.risks

    RISKS-LIST: Risks-Forum Digest Thursday 30 July 2020 Volume 32 : Issue 16

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
    Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <The RISKS Digest> as
    <The RISKS Digest, Volume 32 Issue 16>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Theoretical Physicists Say 90% Chance of Societal Collapse Within Several
    Decades (VICE)
    The Panopticon Is Already Here: Chinese AI Creating Axis of Autocracy
    (The Atlantic)
    Let a thousand poppies bloom, thanks to cheap solar power (Areu)
    Hackers broke into real news sites to plant fake stories (WiReD)
    How Government Entities Use Geolocation Data To Identify Everyone (Shtfplan)
    Scientists Goofed and Accidentally Created a New Kind of Fish
    (Popular Mechanics)
    Apple's CEO Just Made This Extraordinary Statement About the Company's Most
    Important Product (INC)
    An unprecedented Nintendo leak turns into a moral dilemma for archivists
    (The Verge)
    Hospital lab tests delayed by "Twilight Zone" births (Paul Eggert)
    In Portland, getting out of jail requires relinquishing constitutional
    rights (ProPublica)
    Here's Trump's Plan To Regulate Social Media (Forbes)
    Trump's ... new Postmaster General wants your mail to be late or lost ...
    (NPR)
    America's *Frontlline Doctors*? (Gizmodo)
    Re: When tax prep is free, you may be paying with your privacy (Greg Searle)
    Re: Long-Lost Computation Dissertation of Unix Pioneer Dennis Ritchie
    (Bob Wilson)
    Re: Darwin's tautology? (Henry Baker, Bob Wilson, Martin Ward)
    CFIA investigating mysterious shipments of seeds landing in mailboxes (CBC)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Tue, 28 Jul 2020 10:46:20 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Theoretical Physicists Say 90% Chance of Societal Collapse Within
    Several Decades (VICE)

    *Deforestation and rampant resource use is likely to trigger the
    'irreversible collapse' of human civilization unless we rapidly change
    course.*

    Two theoretical physicists specializing in complex systems conclude that
    global deforestation due to human activities is on track to trigger the
    *irreversible collapse of human civilization within the next two to four
    decades.

    If we continue destroying and degrading the world's forests, Earth will no
    longer be able to sustain a large human population, according to a
    peer-reviewed paper <Deforestation and world population sustainability: a quantitative analysis | Scientific Reports>
    published this May in Nature Scientific Reports. They say that if the rate
    of deforestation continues, ``all the forests would disappear approximately
    in 100 to 3200 years.''

    "Clearly it is unrealistic to imagine that the human society would start to
    be affected by the deforestation only when the last tree would be cut
    down," they write.

    This trajectory would make the collapse of human civilization take place
    much earlier due to the escalating impacts of deforestation on the
    planetary life-support systems necessary for human survival -- including
    carbon storage, oxygen production, soil conservation, water cycle
    regulation, support for natural and human food systems, and homes for
    countless species.

    In the absence of these critical services, ``it is highly unlikely to
    imagine the survival of many species, including ours, on Earth without
    [forests]. The progressive degradation of the environment due to
    deforestation would heavily affect human society and consequently the human
    collapse would start much earlier.''

    The paper is written by Dr Gerardo Aquino, a research associate at the Alan
    Turing Institute in London currently working on political, economic and
    cultural complex system modeling to predict conflicts; along with Professor
    Mauro Bologna of the Department of Electronic Engineering at the University
    of Tarapac=C3=A1 in Chile.

    Both scientists are career physicists. Aquino has previously conducted
    research at the Biological Physics Groups at Imperial College, the Max
    Planck Institute of Complex Systems and the Mathematical Biology group at
    the University of Surrey.

    Their research models current rates of population growth and deforestation
    as a proxy for resource consumption, to calculate the chance of
    civilization avoiding catastrophic collapse.

    Point of no return. [...]
    Theoretical Physicists Say 90% Chance of Societal Collapse Within Several Decades

    ------------------------------

    Date: Thu, 30 Jul 2020 09:22:15 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: The Panopticon Is Already Here: Chinese AI Creating Axis of Autocracy
    (The Atlantic)

    *Xi Jinping is using artificial intelligence to enhance his government's
    totalitarian control -- and he's exporting this technology to regimes around
    the globe.* [...]
    The Panopticon Is Already Here

    ------------------------------

    Date: Wed, 29 Jul 2020 20:43:12 -0700
    From: Henry Baker <hba...@pipeline.com>
    Subject: Let a thousand poppies bloom, thanks to cheap solar power (Areu)

    Oops! Cheap solar power makes Afghan poppy farmers profitable.

    It's nice to see how cheap Chinese solar panels are being used to combat
    global warming, by replacing diesel.

    BTW, a similar-sized solar system installed at my home in California would
    cost $40,000 instead of $4,000 (including the Taliban tax). Perhaps I need
    to bring over some Afghan solar installers to the U.S. ?

    ``farmers began to experiment with solar power as early as 2014, a time when
    many were experiencing losses on their opium crop. By 2018, there were more
    than 50,000 solar deepwells, and projections indicate that there were at
    least 63,000 in 2019.''

    ``This farmer reported paying the equivalent of US$12,200 to install a solar
    deepwell, complaining that the recurrent costs on his diesel deepwell had
    been $1,757 per year for maintenance and diesel.''

    ``Whereas in 2013, all of those interviewed in Bakwa fueled their deepwells
    with diesel and none used solar power, by 2017, 68 percent were using solar,
    and 98 percent of respondents had solar tubewells in 2018.''

    ``For example, when solar was first introduced, farmers used as many as 60
    of the smaller 150 Amp (1.5 metre) panels to power their deepwells. By
    2017, there were signs of much larger panels in use, typically 300 Amp (2.5
    metre). Thirty of these panels generate more power and allow a greater
    amount of water to be pumped, an advantage given the falling water table.''

    ``more recent improvements in technology have also led to integrated
    systems, including the ability to store solar power in batteries, making
    solar a more attractive and reliable energy source than ever before. The
    result is, after an initial outlay of around $5,000 to $7,000 (depending on
    depth and the number of panels), solar technology can be used with very few
    recurrent costs (see Table 2).''

    ``There was consensus of a notable change in the water table since the
    increase in the uptake of solar technology. For example, while farmers
    reported that the water table was falling from one-half to one metre per
    year when diesel was the primary method for pumping ground water, they
    report that the water table fell by as much as two to three metres per year
    in 2018. There was little doubt that the fall in the water table was a
    direct function of the significant uptick in the number of farmers using
    solar technology.''

    https://areu.org.af/wp-content/uploads/2020/06/2010E-When-the-Water-Runs-Dry-WB.pdf.pdf

    ------------------------------

    Date: Thu, 30 Jul 2020 09:56:26 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Hackers broke into real news sites to plant fake stories (WiReD)

    A disinfo operation broke into the content management systems of Eastern European media outlets in a campaign to spread misinformation about NATO.

    Hackers Broke Into Real News Sites to Plant Fake Stories

    ------------------------------

    Date: Thu, 30 Jul 2020 09:23:16 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: How Government Entities Use Geolocation Data To Identify Everyone
    (Shtfplan)

    How Government Entities Use Geolocation Data To Identify Everyone

    ------------------------------

    Date: Tue, 28 Jul 2020 10:45:20 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Scientists Goofed and Accidentally Created a New Kind of Fish
    (Popular Mechanics)

    *In an effort to save the Russian sturgeon, scientists accidentally created
    a fish hybrid while breeding the endangered species in captivity.*

    - A new paper <Hybridization of Russian Sturgeon (Acipenser gueldenstaedtii, Brandt and Ratzeberg, 1833) and American Paddlefish (Polyodon spathula, Walbaum 1792) and Evaluation of Their Progeny> in *Genes*
    describes how two different types of fish (sturgeon and paddlefish) bred
    to create hybrid offspring.

    - The creation of these hybrid *sturddlefish* was accidental and occurred
    in a lab in Hungary while researchers were trying to breed Russian
    sturgeons in captivity because the fish is endangered (with some sturgeon
    species being critically endangered.)
    <Sturgeon>

    [Sturdlefish? or Padgeon if it nibbles at morsels? PGN]

    In a wild turn of events, a new kind of fish has been born in a lab
    *entirely by accident*. The sturddlefish is a hybrid between a Russian
    sturgeon (*Acipenser gueldenstaedtii*) and an American paddlefish and came
    into existence by accident. [...]
    https://www.popularmechanics.com/sc...9/scientists-accidentally-create-hybrid-fish/

    ------------------------------

    Date: Thu, 30 Jul 2020 09:25:15 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Apple's CEO Just Made This Extraordinary Statement About the
    Company's Most Important Product (INC)

    *Is the App Store a product or a feature?*

    The biggest tech news this week is the antitrust hearing before Congress
    that involved the CEOs of four of the largest tech companies in the world,
    Apple, Facebook, Google, and Amazon. I'm generally not someone who thinks
    these hearings do much to advance the cause of, well, anything beyond
    scoring political points.
    <https://www.inc.com/jason-aten/why-...e-to-hold-big-tech-companies-accountable.html>
    <https://www.inc.com/jason-aten/4-th...ou-know-about-privacy-what-you-should-do.html>

    To that end, the format left plenty to be desired, including the fact that
    more than one of the most powerful tech leaders in the world had technical
    difficulties with their Cisco WebEx connection. The hearing even stopped at
    one point to fix a "problem with the connection."
    <https://www.inc.com/jason-aten/worried-about-zoom-here-are-some-alternatives.html>

    There were plenty of bad questions, this being Congress after all. That
    doesn't mean that everyone's motivation was wrong, it's just that for the
    most part, Congress isn't that great at understanding or investigating
    anything related to technology and the Internet.
    <https://www.inc.com/jason-aten/the-...why-there-wont-be-any-winners-if-they-do.html>

    Still, there was one extraordinary statement from Apple's CEO, Tim Cook,
    that's worth a deeper look.

    The first question for Cook was quite pointed, and remarkably simple:
    ``Apple is the sole decision-maker as to whether an app is made available
    through the App Store, isn't that correct?'' Representative Hank Johnson
    from Georgia asked.

    "Sir ... the App Store is a feature of the iPhone much like the camera is,
    and much like the chip is," said Cook before Johnson repeated the same
    question.

    Think about that for a moment. Theater aside, that's the most insightful
    answer I've heard for how Apple views the App Store. I'm not saying it's
    necessarily a good reason, but it certainly sheds light on why Apple exerts
    the level of control that it does, including its review process.

    To Apple, the App Store is a feature. It isn't a platform for developers,
    it's a part of the product Apple sells, just like the camera. According to
    Apple, that justifies the level of control it exerts.

    "Because we care so deeply about privacy and security and quality, we do
    look at every app," said Cook to another of Johnson's questions. [...]
    https://www.inc.com/jason-aten/appl...bout-companys-most-controversial-product.html

    ------------------------------

    Date: Thu, 30 Jul 2020 13:21:52 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: An unprecedented Nintendo leak turns into a moral dilemma for
    archivists (The Verge)

    For the past week, Nintendo fans have resembled digital
    archaeologists. Following a massive leak of source code and other internal
    documents — appropriately dubbed the gigaleak — previously unknown details
    from the company’s biggest games have steadily trickled out. Those poring
    over the code have uncovered a new Animal Crossing villager, early
    prototypes for games like Pokémon Diamond, cut characters from Star Fox, a
    very weird Yoshi, and strange titles like a hockey RPG. Perhaps the biggest
    discovery has been a Luigi character model from Super Mario 64.

    >From a historical and preservationist perspective, the leak is an
    incredible find. It’s a rare look into the process and discarded ideas of
    one of the most influential — and secretive — companies in video games. But
    for those preservationists digging through the data, that excitement is
    tainted by a moral dilemma. The origins of the code leak are still largely
    unknown, but it’s likely that it was obtained illegally. That presents a
    pertinent question: does the source of the leak tarnish all that historians
    can learn from it? [...]

    https://www.theverge.com/2020/7/30/...eak-controversy-history-preservation-archives

    ------------------------------

    Date: Thu, 30 Jul 2020 09:14:38 -0700
    From: Paul Eggert <egg...@cs.ucla.edu>
    Subject: Hospital lab tests delayed by "Twilight Zone" births

    In a paper published today by the Journal of Applied Laboratory Medicine,
    Andrew Lyon and collaborators describe a series of crashes in a hospital lab
    information system that used handheld wireless devices to identify patients
    in the Jim Pattison Children's Hospital, which opened last year in
    Saskatoon, Saskatchewan. JPCH has pediatric and maternal services, and also
    has an emergency room. The SoftID-based system first crashed 19 days after
    installation, and continued to crash roughly every two weeks thereafter. Lab
    staff reverted to paper procedures during crashes.

    To help diagnose the crashes, the hospital's support team sent logs to the
    SoftID developers, who eventually tracked the problem down to elderly
    patients with birthdays like April 13, 1941, a day when most of
    Saskatchewan's clocks sprang forward at midnight due to a daylight-saving
    time transition. A patient with birthday on that date would have their birth
    time default to 00:00, a time that did not exist in Saskatoon because the
    clocks had already been switched to 01:00. The Joda-Time software within
    SoftID used the IANA time zone database to translate times, and crashed
    because the local time was invalid.

    Lyon et al. suggest several takeaways from this software glitch, including:

    * A DST transition can disrupt hospital operations long after the transition.

    * Hospital software and hardware systems should be validated by test-patient
    records with birth dates on daylight-saving transitions.

    My own takeaway for politicians and legislators is:

    * Do not mess with the clock at midnight.

    Lyon AW, Delayen K, Reddekopp R. "No Lab Tests" When You Are Born in The
    Twilight Zone: A Clinical Informatics Case Report [published online ahead of
    print, 2020 Jul 30]. J Appl Lab Med. 2020;jfaa080.
    https://doi.org/10.1093/jalm/jfaa080

    ------------------------------

    Date: Thu, 30 Jul 2020 09:24:16 -1000
    From: the keyboard of geoff goodfellow <ge...@iconia.com>
    Subject: In Portland, getting out of jail requires relinquishing
    constitutional rights (ProPublica)

    *A dozen protesters facing federal charges are barred from going to *public
    gatherings* as a condition of release from jail -- a tactic one expert
    described as ``sort of hilariously unconstitutional.''*

    Federal authorities are using a new tactic in their battle against
    protesters in Portland, Oregon: arrest them on offenses as minor as *failing
    to obey* an order to get off a sidewalk on federal property -- and then tell
    them they can't protest anymore as a condition for release from jail.

    Legal experts describe the move as a blatant violation of the
    constitutional right to free assembly, but at least 12 protesters arrested
    in recent weeks have been specifically barred from attending protests or
    demonstrations as they await trials on federal misdemeanor charges.

    ``Defendant may not attend any other protests, rallies, assemblies or public
    gathering in the state of Oregon,'' states one *Order Setting Conditions of
    Release* for an accused protester, alongside other conditions such as
    appearing for court dates. The orders are signed by federal magistrate
    judges.

    For other defendants, the restricted area is limited to Portland, where
    clashes between protesters and federal troops have grown increasingly
    violent in recent weeks. In at least two cases, there are no geographic
    restrictions; one release document instructs, ``Do not participate in any
    protests, demonstrations, rallies, assemblies while this case is pending.''

    Protesters who have agreed to stay away from further demonstrations say they
    felt forced to accept those terms to get out of jail. [...]
    https://www.propublica.org/article/...-requires-relinquishing-constitutional-rights

    ------------------------------

    Date: Wed, 29 Jul 2020 10:24:01 +0900
    From: far...@keio.jp
    Subject: Here's Trump's Plan To Regulate Social Media (Forbes)

    https://www.forbes.com/sites/robpegoraro/2020/07/28/heres-trumps-plan-to-regulate-social-media/

    ------------------------------

    Date: Wed, 29 Jul 2020 11:35:06 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: Trump's ... new Postmaster General wants your mail to be late
    or lost (NPR)



    ------------------------------

    Date: Wed, 29 Jul 2020 11:06:33 PDT
    From: "Peter G. Neumann" <neu...@csl.sri.com>
    Subject: America's *Frontlline Doctors*? (Gizmodo)

    https://gizmodo.com/who-are-americas-frontline-doctors-the-pro-trump-pro-1844528900

    [This one is really amazing. PGN]

    ------------------------------

    Date: Tue, 28 Jul 2020 15:25:17 -0400
    From: Greg Searle <greg....@gmail.com>
    Subject: Re: When tax prep is free, you may be paying with your privacy
    (RISKS-32.11)

    The IRS guarantees that you can file your taxes for free if you are under a
    certain income level. You can do it directly through the IRS or through
    another service. These services will really attempt to "recommend" a product
    that is more "suitable" for you (that they charge a fee for), but they can't
    charge you at all for the free option.

    https://www.irs.gov/filing/free-file-do-your-federal-taxes-for-free

    ------------------------------

    Date: Tue, 28 Jul 2020 17:33:00 -0500
    From: Bob Wilson <wil...@math.wisc.edu>
    Subject: Re: Long-Lost Computation Dissertation of Unix Pioneer Dennis Ritchie
    (RISKS-32.15?)

    When I submitted my dissertation (1969), we were required not just to submit
    a hard copy to the university (UW-Madison) but also to sign a form giving
    permission for it to be copied and recorded at a national repository: I
    think that was maintained at the University of Michigan. We had to give
    them permission to use it, under our copyright prerogatives.

    Quite a few people did not like being required to "give away" some of their
    copyright ownership. (It did not make too much difference for folks like me,
    in mathematics, but in many of the humanities subjects people at least hoped
    to turn their theses into books they could sell, where copyright ownership
    could really matter.) We were told that the requirement to sign that form
    was essentially universal in U.S. graduate education, mandatory before your
    degree would be granted. So I am surprised it was not required at Harvard!

    ------------------------------

    Date: Tue, 28 Jul 2020 13:42:10 -0700
    From: Henry Baker <hba...@pipeline.com>
    Subject: Re: Darwin's tautology? (Ward, RISKS-32.15)

    The evolution(!) of terminology which converts meaningful statements into
    tautologies happens all the time in math and science, and is almost always a
    'good thing'(tm), as it signifies 'progress'.

    The terms 'survival' and 'fit, fitter, fittest' preceded Darwin and
    'evolution', so there was a bit of carving and sanding required to 'fit'
    these terms into Darwin's evolutionary theory. However, now that Darwin's
    evolutionary theory has been mostly accepted, the terms 'survival' and 'fit,
    fitter, fittest' are now (re)defined in terms of this evolutionary theory;
    hence 'survival of the fittest' has now *become* a tautology.

    Ditto in the world of mathematics. Prior to Cardano, Fermat, Pascal and
    Laplace, 'probability' was a very elusive term. Modern probability theory
    (due to Kolmogorov) has been so successful that the notion of 'probability'
    is now identical to the mathematical definition, so many previously
    meaningful statements about probability have been converted into
    tautologies.

    Ditto in the engineering world. Prior to Claude Shannon, an 'error' in
    communications was an imprecise term; however, post-Shannon, it's almost
    impossible to discuss non-Shannon-like 'errors', e.g., errors that correlate
    widely separated bits/characters, because the definition of the terms have
    changed to make Shannon-like errors the easiest to discuss.

    All this is progress, because it converts PhD theses into undergraduate
    exercises; thence to high school exercises; and finally into definitions.
    We now 'see' the world using terminology and definitions that make
    previously difficult concepts blindingly obvious. Only those in the
    transition period old enough to remember the previous confusion will fully
    appreciate the clarity produced by these new ways of perceiving.

    ------------------------------

    Date: Tue, 28 Jul 2020 17:39:47 -0500
    From: Bob Wilson <wil...@math.wisc.edu>
    Subject: Re: Darwin's tautology? (Ward, RISKS-32.15)

    The comment that
    > "The conclusion is implicit in the premises": but this is just a
    > property of every valid mathematical argument.
    correctly tells us that any mathematical proof amounts to discarding
    information, or at best copying it over! I have always loved that. (It does
    not say that proofs are useless: Presumably they lay clear(er) why something
    might have been obvious!)

    ------------------------------

    Date: Wed, 29 Jul 2020 12:00:12 +0100
    From: Martin Ward <mar...@gkc.org.uk>
    Subject: Re: Darwin's tautology? (Baker, RISKS-32.15?)

    > The evolution(!) of terminology which converts meaningful statements into
    > tautologies happens all the time in math and science, and is almost always
    > a 'good thing'(tm), as it signifies 'progress'.

    This is true, as long as you are not implying that the meaningful statement
    becomes *less* meaningful when it is "converted" into a tautology.

    Fermat's Last Theorem was always a meaningful statement, and since Andrew
    Wile proved it we now know it is a tautology: but still just as meaningful.
    The statement "God exists" is (with a suitably precise definition of "God")
    a meaningful statement, and Plantinga's Ontological Argument uses Model
    Logic to prove that it is a tautology: it is true in all possible worlds.
    But it is still just as meaningful, if not even more so!

    ------------------------------

    Date: Wed, 29 Jul 2020 17:10:38 -0600
    From: "Matthew Kruk" <mkr...@gmail.com>
    Subject: CFIA investigating mysterious shipments of seeds landing in mailboxes
    (CBC)

    U.S. residents are not the only ones:
    https://www.cbc.ca/news/canada/warning-about-unauthorized-seeds-in-mail-1.5667883

    ------------------------------

    Date: Mon, 1 Jun 2020 11:11:11 -0800
    From: RISKS-...@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    => SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    => SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    => SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    => The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    ==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.16
    ************************
     
  7. LakeGator

    LakeGator Mostly Harmless Moderator

    4,813
    556
    368
    Apr 3, 2007
    Tampa
    Risks Digest 32.17

    RISKS List Owner

    Aug 1, 2020 7:34 PM

    Posted in group: comp.risks

    RISKS-LIST: Risks-Forum Digest Saturday 1 August 2020 Volume 32 : Issue 17

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
    Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <The RISKS Digest> as
    <The RISKS Digest, Volume 32 Issue 17>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Florida Teen Arrested in Twitter Hack (The New York Times)
    How self-driving cars can alter consumer morality (JCR)
    PayPal and Venmo QR payments are coming to CVS Pharmacies (Engadget)
    Data isn't just being collected from your phone. It's being used to score
    you. (WashPost)
    Google accused by developer of retaliation for cooperating with House
    antitrust investigation (WashPost)
    Twitter hackers used "phone spear phishing" in mass account takeover
    (Ars Technica)
    MRI study reveals all mammals, including humans, share equal brain
    connectivity (StudyFinds)
    Global methane emissions soar to record high (Stanford)
    A concert is being held to learn how COVID-19 spreads at large events.
    Here's how? (Miami Herald)
    The "Cubic Model" (Martin Ward)
    Re: Theoretical Physicists Say 90% Chance of Societal Collapse Within
    Several Decades (Amos Shapir)
    Re: Let a thousand poppies bloom, thanks to cheap solar power (Scott Dorsey)
    Re: When tax prep is free, you may be paying with your privacy (
    Re: Darwin's tautology? (Amos Shapir)
    Re: Long-Lost Computation Dissertation of Unix Pioneer Dennis Ritchie
    (Al Stangenberger, John Levine)(
    Photo Deposit (xkcd)
    Quote of The Day (Thomas Sowell)
    Quote of The Day (Sven Henrich)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Fri, 31 Jul 2020 18:09:47 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Florida Teen Arrested in Twitter Hack (The New York Times)

    The authorities arrested a 17-year-old who they said ran a scheme that
    targeted the accounts of celebrities, including former President Barack
    Obama and Elon Musk. Two others were also charged.

    OAKLAND, Calif. The authorities said on Friday that a Florida teenager was
    the *mastermind* of a recent high-profile hack of 130 Twitter accounts,
    including the accounts of celebrities like former Vice President Joseph
    R. Biden Jr. and the Silicon Valley mogul Elon Musk.

    Graham Ivan Clark, 17, was arrested in his Tampa home early Friday, state
    officials said. He is believed to be the linchpin of a hack that turned into
    an embarrassment for Twitter and called into question the security measures
    of a range of tech companies. Two other people were also charged with taking
    part in the hack. [...]

    The hackers tweeted from 45 of the accounts, gained access to the direct
    messages of 36 accounts, and downloaded full information from seven
    accounts. They gained access to internal Twitter systems by stealing login
    information from employees, then used their access to reset passwords on the
    accounts.

    Florida Teenager Is Charged as ‘Mastermind’ of Twitter Hack

    Where to start? Employees losing internal system credentials, Twitter not
    validating login location or requiring VPN, and people responding to
    tweets offering to double their bitcoins. Comments are interesting -- half
    condemning the kid, half praising him and suggesting he work as
    IT/security consultant.

    ------------------------------

    Date: Fri, 31 Jul 2020 12:35:54 -0400
    From: George Mannes <gma...@gmail.com>
    Subject: How self-driving cars can alter consumer morality (JCR)

    A paper by Tripat Gill in the August 2020 issue of *Journal of Consumer
    Research* addresses how people in an autonomous vehicle might resolve the
    dilemma of harm to themselves vs. harm to a pedestrian. From the abstract:

    ...participants considered harm to a pedestrian more permissible with an
    AV as compared to self as the decision agent in a regular car. This shift
    in moral judgments was driven by the attribution of responsibility to the
    AV and was observed for both severe and moderate harm.... However, the
    effect was attenuated when five pedestrians or a child could be
    harmed. These findings suggest that AVs can change prevailing moral
    norms.... Blame It on the Self-Driving Car: How Autonomous Vehicles Can Alter Consumer Morality

    Note to self: When the glorious age of self-driving cars arrives, be sure
    to walk around in large groups...or dress in a onesie. Maybe then the
    "driver" will grab the wheel.

    ------------------------------

    Date: Fri, 31 Jul 2020 12:58:51 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: PayPal and Venmo QR payments are coming to CVS Pharmacies
    (Engadget)

    CVS pharmacies will soon let you do touch-free payments using your PayPal or
    Venmo accounts by using PayPal's QR code payment system, PayPal has
    announced. The system will let shoppers ``securely pay for their items
    without needing to touch a keypad or sign a receipt,'' according to PayPal.

    PayPal supports various means of payment, including stored debit or credit
    cards, bank accounts, a PayPal balance or a PayPal credit. On Venmo (which
    is owned by PayPal), ``customers can pay using their stored debit or credit
    cards, bank account, Venmo balance or Venmo rewards'' without any user fees,
    according to PayPal. [...]

    PayPal and Venmo QR payments are coming to CVS Pharmacies

    ------------------------------

    Date: Sat, 1 Aug 2020 02:04:14 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Data isn't just being collected from your phone. It's being used to
    score you. (WashPost)

    It's called surveillance scoring. And everybody's doing it.

    https://www.washingtonpost.com/opin...ollected-your-phone-its-being-used-score-you/

    ------------------------------

    Date: Sat, 1 Aug 2020 02:08:35 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Google accused by developer of retaliation for cooperating with
    House antitrust investigation (WashPost)

    Blix, Inc., the maker of an email app, has been on Google's Play Store for
    six years. On Friday, just two days after a Capitol Hill hearing on
    antitrust issues, Google kicked the app off the store. Blix says it's
    because the company cooperated with lawmakers.

    https://www.washingtonpost.com/technology/2020/07/31/google-accused-antitrust-retaliation/

    ------------------------------

    Date: Fri, 31 Jul 2020 10:26:34 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Twitter hackers used "phone spear phishing" in mass account takeover
    (Ars Technica)

    The hackers behind this month's epic Twitter breach targeted a small number
    of employees through a *phone spear phishing attack*, the social media site
    said on Thursday night. When the pilfered employee credentials failed to
    give access to account support tools, the hackers targeted additional
    workers who had the permissions needed to access the tools. [...]

    https://arstechnica.com/information...hone-spear-phishing-in-mass-account-takeover/

    ------------------------------

    Date: Sat, 1 Aug 2020 01:14:00 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: MRI study reveals all mammals, including humans, share equal brain
    connectivity (StudyFinds)

    Mankind's collective ego may be about to take a big hit. Humans have always
    reigned supreme on planet Earth when it comes to intelligence. Indeed, it's
    our intellect and capacity for critical thinking that primarily separates us
    from the rest of this planet's inhabitants. That's why the findings of a
    new study are so surprising. Researchers from Tel Aviv University, after
    examining and comparing brain connectivity across 130 different mammalian
    species (including humans), conclude that brain connectivity is equal among
    *all* mammals. <https://www.studyfinds.org/mammals-poop-feces-study/>

    These findings, reached via MRI brain scans, oppose long-standing beliefs
    and assumptions among medical and scientific professionals
    <https://www.studyfinds.org/covid-19-gender-gap-academia/>.

    ``We discovered that brain connectivity -- namely the efficiency of
    information transfer through the neural network -- does not depend on
    either the size or structure of any specific brain,'' says Professor Yaniv
    Assaf, of the School of Neurobiology, Biochemistry and Biophysics, in a
    release. In other words, the brains of all mammals, from tiny mice
    through humans to large bulls and dolphins, exhibit equal connectivity,
    and information travels with the same efficiency within them. We also
    found that the brain preserves this balance via a special compensation
    mechanism: when connectivity between the hemispheres is high, connectivity
    within each hemisphere is relatively low, and vice versa.''

    <https://www.aftau.org/press-release---brain-connectivity---july-20-2020>

    Brain connectivity compared via MRI scans. [...]
    https://www.studyfinds.org/mri-stud...luding-humans-share-equal-brain-connectivity/

    ------------------------------

    Date: Sat, 1 Aug 2020 01:13:00 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Global methane emissions soar to record high (Stanford)

    *The pandemic has tugged carbon emissions down, temporarily. But levels of
    the powerful heat-trapping gas methane continue to climb, dragging the
    world further away from a path that skirts the worst effects of global
    warming.*

    Global emissions of methane have reached the highest levels on record.
    Increases are being driven primarily by growth of emissions from coal
    mining, oil and natural gas production, cattle and sheep ranching, and
    landfills.

    Between 2000 and 2017, levels of the potent greenhouse gas barreled up
    toward pathways that climate models suggest will lead to 3-4 degrees Celsius
    of warming before the end of this century. This is a dangerous temperature
    threshold at which scientists warn that natural disasters, including
    wildfires, droughts and floods, and social disruptions such as famines and
    mass migrations become almost commonplace. The findings are outlined in two
    papers published July 14 in *Earth System Science Data*
    <https://doi.org/10.5194/essd-12-1561-2020> and *Environmental Research
    Letters* <https://doi.org/10.1088/1748-9326/ab9ed2> by researchers with the
    Global Carbon Project <https://www.globalcarbonproject.org/>, an initiative
    led by Stanford University scientist Rob Jackson
    <https://profiles.stanford.edu/jackson>.

    In 2017, the last year when complete global methane data are available,
    Earth's atmosphere absorbed nearly 600 million tons of the colorless,
    odorless gas that is 28 times more powerful than carbon dioxide at trapping
    heat over a 100-year span. More than half of all methane emissions now come
    from human activities. Annual methane emissions are up 9 percent, or 50
    million tons per year, from the early 2000s, when methane concentrations in
    the atmosphere were relatively stable.

    In terms of warming potential, adding this much extra methane to the
    atmosphere since 2000 is akin to putting 350 million more cars on the
    world's roads or doubling the total emissions of Germany or France. ``We
    still haven't turned the corner on methane,'' said Jackson, a professor of
    Earth system science in Stanford's School of Earth, Energy & Environmental
    Sciences <https://earth.stanford.edu/> (Stanford Earth).

    *Growing sources of methane*. [...]
    https://earth.stanford.edu/news/global-methane-emissions-soar-record-high

    ------------------------------

    Date: Sat, 1 Aug 2020 01:12:00 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: A concert is being held to learn how COVID-19 spreads at large
    events. Here's how? (Miami Herald)

    One of the worst activities you can do in the middle of a pandemic is attend
    a large gathering with thousands of attendees -- but researchers in Germany
    want people to do just that.

    It's not for recreation: The goal is to examine just how dangerous those
    events really are, especially as parts of the world prepare to return to
    normalcy.

    For a project called *RESTART-19*, scientists with the University Medical
    Center Halle (Saale) plan on throwing a concert with 4,000 fans and a German
    music artist in an indoor arena to simulate how people move, gather and
    spread potentially coronavirus-infected germs.
    <https://restart19.de/das-projekt/#1594374092971-9e179e0a-f140>

    But there's a catch: participants must test negative for SARS-CoV-2, the
    virus driving the pandemic, and wear a mask at all times aside from snack
    and outdoor breaks, according to their website.

    The team says data on how respiratory diseases spread in large events is
    ``sparse overall and practically nonexistent for COVID-19,'' so they want to
    fill in the gaps.

    ``The corona pandemic paralyzes the event industry. As long as there is a
    risk of contagion, no major concerts and trade fairs or sports events are
    allowed to take place.''
    <https://www.medizin.uni-halle.de/in...]=6410&cHash=40a36e8e42d018d4f4ca42fa135a6378>
    Dr. Armin Willingmann, minister of economics for the German state of
    Saxony-Anhalt and a science professor, said in a news release. ``That is
    why it is so important to find out which technical or organizational
    framework can effectively minimize the risk of infection.'' [...]

    https://www.miamiherald.com/news/coronavirus/article244375897.html

    ------------------------------

    Date: Fri, 31 Jul 2020 13:18:08 +0100
    From: Martin Ward <mar...@gkc.org.uk>
    Subject: The "Cubic Model"

    Do you remember the Trump administration's "cubic model" of coronavirus
    deaths? On 4th May a Washington Post report said "people with knowledge of
    that model say it shows deaths dropping precipitously in May -- and
    essentially going to zero by May 15". The "model" turned out to be a stock
    Excel function, which fits a cubic polynomial to the data (hence the name
    "cubic model").

    With the data at the time, the best fitting cubic model has a negative
    coefficient for x^3: meaning that the model will show deaths rapidly
    dropping the zero. (Note that you have to avoid plotting the model *beyond*
    that date since the number of deaths then rapidly goes negative as the model
    predicts a huge Zombie Apocalypse, or something!)

    But now look at today's figures, e.g., here:

    https://ourworldindata.org/grapher/daily-covid-deaths-per-million-7-day-average

    or here (scroll down for graphs):

    https://www.worldometers.info/coronavirus/country/us/

    I haven't run the model, but I am pretty sure that the uptick in deaths over
    the last month or so means that the best fit cubic will now have a
    *positive* x^3 coefficient: meaning that the model will predict deaths
    rapidly rising with a quadratically increasing slope. I would be interested
    to know the exact date when the cubic model predicts the death of the last
    remaining person in the USA.

    I wonder if the Trump administration is still using their "cubic model"?

    ------------------------------

    Date: Sat, 1 Aug 2020 12:22:24 +0300
    From: Amos Shapir <amo...@gmail.com>
    Subject: Re: Theoretical Physicists Say 90% Chance of Societal Collapse
    Within Several Decades (RISKS-32.16)

    This prediction sounds like those made during the 1890's, predicting
    precisely when civilization is going to collapse because of excess
    accumulation of horses dung on the streets...

    It's rather easy to extrapolate current trends, but it's obvious that in
    matters of human welfare and survival, it's safe to assume that people are
    going to intervene to change such trends. I suspect however that a
    prediction of collapse within a 100 years might delay intervention to no
    earlier than 90 years later.

    ------------------------------

    Date: 31 Jul 2020 14:43:37 -0000
    From: klu...@panix.com (Scott Dorsey)
    Subject: Re: Let a thousand poppies bloom, thanks to cheap solar power
    (Baker, RISKS-32.16)

    > BTW, a similar-sized solar system installed at my home in California would
    > cost $40,000 instead of $4,000 (including the Taliban tax). Perhaps I
    > need to bring over some Afghan solar installers to the U.S.?

    Perhaps this is because the writers of the original article appear to have
    confused amps and watts. A 1.50-meter solar panel is apt to be 150 watts,
    not 150 amps.

    ------------------------------

    Date: 31 Jul 2020 14:43:37 -0000
    From: klu...@panix.com (Scott Dorsey)
    Subject: Re: When tax prep is free, you may be paying with your privacy
    (RISKS-32.11)

    I don't get this. The IRS guarantees anyone can file their taxes for free
    on paper. I don't know anyone who has ever paid a fee to the IRS for
    submitting their taxes... only people who have paid a fee to the IRS because
    they did not submit them.

    You fill out the forms, you put them in the mail, it costs maybe a dollar in
    stamps. I do not understand why people are willing to pay any money to do
    it online when doing it by hand is simple and cheap unless you have a lot of
    income or very complex deductions.

    ------------------------------

    Date: Sat, 1 Aug 2020 13:23:08 +0300
    From: Amos Shapir <amo...@gmail.com>
    Subject: Re: Darwin's tautology? (Ward, Risks 32.16)

    Tautology is a term in logic defined as a statement which is true
    unconditionally, determined just by its formulation, e.g., "A or not A".
    Thus when a statement is a tautology, its truthfulness requires no proof. A
    statement cannot "become a tautology" by a proof.

    > The statement "God exists" is (with a suitably precise definition of
    > "God") a meaningful statement.

    Let's not step into this quagmire, which stems mainly from the fact that
    what constitutes a "suitably precise" definition of God depends a lot on
    whether the person making the definition believes in God or not.

    ------------------------------

    Date: Thu, 30 Jul 2020 22:51:25 -0700
    From: Al Stangenberger <for...@sbcglobal.net>
    Subject: Re: Long-Lost Computation Dissertation of Unix Pioneer Dennis
    Ritchie (RISKS-32.15)

    All Berkeley dissertations are now filed electronically as PDF's.

    https://grad.berkeley.edu/academic-progress/dissertation/#formatting-your-manuscript

    ------------------------------

    Date: 31 Jul 2020 16:03:59 -0400
    From: "John Levine" <jo...@iecc.com>
    Subject: Re: Long-Lost Computation Dissertation of Unix Pioneer Dennis
    Ritchie (RISKS-32.15)

    I think it was required at Harvard. The story says the issue was that
    Ritchie wasn't willing to pay to have a copy bound for the library. I would
    be surprised if they didn't also have the usual form allowing them to
    provide a copy to University Microfilms.

    When I got my PhD from Yale in 1984 I was living in Cambridge, so I took my
    thesis to the bindery that was probably the same place that Ritchie didn't
    take his. I submitted my thesis to Yale, who rejected it because
    (inevitably) it was bound according to Harvard rules which were different
    from Yale rules. Fortunately, the difference boiled down to Harvard wanted
    only the author's last name on the spine while Yale wanted initials before
    the name. So I got a gold ink pen at the stationery store, carefully added
    my initials, and now I have my PhD.

    Ritchie's approach to day to day life was famously flaky and it is not out
    of the question that he just never got around to going to the bindery. At
    Bell Labs he chronically failed to cash his paychecks. I talked to someone
    who told me a story that one time they voided all the uncashed checks, wrote
    him a check for something like $20,000 (a lot of money in the 1970s), and
    personally walked him to the bank to deposit it.

    ------------------------------

    Date: Fri, 31 Jul 2020 20:26:57 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: xkcd: Photo Deposit

    https://xkcd.com/2335/

    ------------------------------

    Date: Fri, 31 Jul 2020 12:04:20 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Quote of The Day (Thomas Sowell)

    *"The first lesson of economics is scarcity: there is never enough of
    anything to fully satisfy all those who want it. The first lesson of
    politics is to disregard the first lesson of economics."*



    ------------------------------

    Date: Sat, 1 Aug 2020 01:11:00 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Quote of The Day (Sven Henrich)

    *"Can't wait to take a vaccine that's been rushed through the system with
    none of the established safety protocols in place that require years of peer
    review and testing for side effects knowing that big pharma companies stand
    to make huge profits from it in a race to be first."*



    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-...@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    => SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    => SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    => SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    => The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    ==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.17
    ************************
     
  8. LakeGator

    LakeGator Mostly Harmless Moderator

    4,813
    556
    368
    Apr 3, 2007
    Tampa
    Risks Digest 32.18

    RISKS List Owner

    Aug 7, 2020 7:40 PM

    Posted in group: comp.risks

    RISKS-LIST: Risks-Forum Digest Friday 7 August 2020 Volume 32 : Issue 18

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
    Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <The RISKS Digest> as
    <The RISKS Digest, Volume 32 Issue 18>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Omniviolence Is Coming and the World Isn't Ready (Nautilus)
    Massive 20GB Intel IP Data Breach Floods the Internet, Mentions Backdoors
    (Intel Responds)
    Cyberattack causes Lafayette, CO city computer outage (Jim Reisert)
    Gabrmin reportedly paid multimillion-dollar ransom after suffering
    cyberattack (The Verge)
    U.S. FAA proposes requiring key Boeing 737 MAX design changes (Reuters)
    Beirut explosion (Lauren Weinstein)
    NSA Warns Cellphone Location Data Could Pose National-Security Threat (WSJ)
    Dickson Yeo and spying in the time of social networking (Straits Times)
    Coleorado police apologize over viral video of officers handcuffing Black
    girls in a mistaken stop (WashPost)
    Measure twice, sculpt once. (Atlas Obscura)
    Dutch Hackers Found a Simple Way to Mess With Traffic Lights (WiReD)
    Inside the Courthouse Break-In Spree That Landed Two White-Hat Hackers in
    Jail (WiReD)
    Inaccurate Mailing Sent To Fairfax County Voters (Patch)
    WHO just gave us the worst possible coronavirus prediction (BGR)
    California virus-fighting efforts hampered by data delays (sfgate.com)
    Do Animals Really Anticipate Earthquakes? Sensors Hint They Do
    (Scientific American)
    Despite an unexpected monkey wrench, now is the time to install the July
    Wirndows and Office patches (Computerworld)
    Adapting the user to the software (The Verge)
    The case for banning law enforcement from using facial recognition
    technology (TJCI)
    Why a Data Breach at a Genealogy Site Has Privacy Experts Worried (NYTimes)
    Computers on verge of designing their own programs (Techxplore)
    AI bias detection; aka the fate of our data-driven world (ZDNet)
    The Truth Is Paywalled But The Lies Are Free (Current Affairs)
    A very good fake message from Facebook (Mike Alexander)
    Job-related scams and frauds (CBC)
    Cheap, Easy Deepfakes Are Getting Closer to the Real Thing (WiReD)
    Blackbaud breach (Gabe Goldberg)
    Ajit Pai calls for vigorous debate on Trump's social media crackdown
    (Ars Technica)
    Sensitive to claims of bias, Facebook relaxed misinformation rules for
    conservative pages (NBC News)
    A Bug In Instagram's Hashtag Has Been Favoring Donald Trump (BuzzfeedNews)
    Big Problem: Twitter users attempting to expose @realDonaldTrump lies are
    being blocked for surfacing his lies! (CNN)
    >From Minecraft Tricks to Twitter Hack: A Florida Teen's Troubled Online Path
    (NYTimes)
    FBI Used Information From An Online Forum Hacking To Track Down One Of The
    Hackers Behind The Massive Twitter Attack (TechDirt)
    Pranksters Stream Porn During Zoom Hearing for Alleged 17-Year-Old Twitter
    Hacker (gizmodo)
    Re: Darwin's tautology? (Peter Bernard Ladkin, PGN)
    Re: When tax prep is free, you may be paying with your privacy
    (Douglas Lucas, Chris Drewe)
    Bill English (Matthew Kruk)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Wed, 5 Aug 2020 12:09:02 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: Omniviolence Is Coming and the World Isn't Ready (Nautilus)

    Omniviolence Is Coming and the World Isn’t Ready - Facts So Romantic - Nautilus

    "Technology is, in other words, enabling criminals to target anyone anywhere
    and, due to democratization, increasingly at scale. Emerging bio-, nano-,
    and cybertechnologies are becoming more and more accessible. The political
    scientist Daniel Deudney has a word for what can result: 'omniviolence.' The
    ratio of killers to killed, or 'K/K ratio,' is falling. For example,
    computer scientist Stuart Russell has vividly described how a small group of
    malicious agents might engage in omniviolence: 'A very, very small
    quadcopter, one inch in diameter can carry a one-or two-gram shaped charge,'
    he says. 'You can order them from a drone manufacturer in China. You can
    program the code to say: 'Here are thousands of photographs of the kinds of
    things I want to target.'' A one-gram shaped charge can punch a hole in nine
    millimeters of steel, so presumably you can also punch a hole in someone's
    head. You can fit about three million of those in a
    semi-tractor-trailer. You can drive up I-95 with three trucks and have 10
    million weapons attacking New York City. They don't have to be very
    effective, only 5 or 10% of them have to find the target."

    Cluster bombs are horrifying Cold War relics. The Convention on Cluster
    Munitions has been signed by 108 nations (see
    UNTC).
    Non-state actors are not bound by treaty. An autonomous cluster bomb would
    be unconscionable to say the least.

    Artificial swarm intelligence
    (Swarm intelligence - Wikipedia) technology emerged
    several years ago. ASI deployed as a weapon of mass destruction (WMD)
    represents a significant force multiplier. An autonomous cluster bomb would
    be unconscionable and terrifying.

    Fortunately, domestic public safety services, and international
    intelligence, and military are employed to proactively deter, detect, and
    suppress WMD deployment.

    Anthony Burgess' novel, "A Clockwork Orange," introduced 'ultra-violence' as
    a label for extreme delinquency. As a headline, 'omniviolence' earns a rank
    of eleven on the eyeball attracting scale.

    A bad sci-fi movie template: (Enemy du jour, favorite criminal organization,
    or script kiddie cutout) blackmails a city, state, or nation into paying
    X. It backs the threat to pay ransom (click here to view WMD video) by
    fabricating 1 million plastique-equipped micro-drones, fuels them, ships
    them via containerized cargo from Elbonia to a port where the load
    'accidentally' jackknifes during transit to launch the autonomous payload
    toward preset destination...Amateur weather buff observes atypical Doppler
    weather patterns...alerts situation room authorities who scramble to
    home-on-jam intra-swarm communications...emergency broadcast signal
    (electromagnetic pulse) clears threat from the sky (and, possibly, a few
    civilian aircraft)...another day, another dollar in the situation
    room. "Round up the usual suspects" following drone triage. Roll credits,
    including
    Worldwide - container throughput 2019 | Statista
    which shows ~802M cargo containers -- twenty-foot equivalent units (TEUs) --
    shipped globally in 2019.

    ------------------------------

    Date: August 7, 2020 5:53:06 JST
    From: Richard Forno <rfo...@infowarrior.org>
    Subject: Massive 20GB Intel IP Data Breach Floods the Internet, Mentions
    Backdoors (Intel Responds)

    [via Dave Farber]

    Massive 20GB Intel IP Data Breach Floods the Internet, Mentions Backdoors (Intel Responds) | Tom's Hardware

    ------------------------------

    Date: Tue, 4 Aug 2020 13:19:57 -0600
    From: Jim Reisert AD1C <jjre...@alum.mit.edu>
    Subject: Cyberattack causes Lafayette, CO city computer outage

    This is the part I found particularly interesting:

    "In a cost/benefit scenario of rebuilding the City's data versus paying
    the ransom, the ransom option far outweighed attempting to rebuild."

    Does this mean that the attackers requested too little ransom for the key to
    unlock the data? Certainly at some higher level of ransom, the cost/benefit
    analysis could tip the other way.

    Lafayette, CO

    Posted on: August 4, 2020
    Cyberattack causes City computer outage

    In the early morning hours of July 27, a ransomware cyberattack on the
    City's computer system disabled network services resulting in disruptions
    to phone service, email, and online payment and reservation systems. 9-1-1
    and emergency dispatch services were not affected. Staff detected the
    infection and ransom notification at approximately 6:50am and disabled all
    network connections to contain the malware spread. Mutual aid from
    neighboring jurisdictions was brought onsite to assist, and a
    cybersecurity analyst was contracted to provide forensic investigation and
    recovery. Additional resources were deployed from the Boulder Office of
    Emergency Management and the State Office of Information Technology.

    ------------------------------

    Date: Tue, 4 Aug 2020 13:17:06 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Garmin reportedly paid multimillion-dollar ransom after suffering
    cyberattack (The Verge)

    Fitness brand Garmin paid millions of dollars in ransom after an attack took
    many of its products and services offline last month, Sky News reports. The
    payment was reportedly made through a ransomware negotiation company called
    Arete IR, in order for Garmin to recover data held hostage as a result of
    the attack.

    BleepingComputer reported last week that Garmin had received a decryption
    key to access data encrypted by the virus, and that the initial ransom
    demand was for $10 million. [...]

    Garmin reportedly paid multimillion-dollar ransom after suffering cyberattack

    [See also:
    Garmin reportedly paid millions to resolve its recent ransomware attack
    (Engadget)
    Garmin reportedly paid millions to resolve its recent ransomware attack
    ]

    ------------------------------

    Date: Tue, 4 Aug 2020 07:09:21 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: U.S. FAA proposes requiring key Boeing 737 MAX design changes
    (Reuters)
    U.S. FAA lays plan for Boeing 737 MAX's return; hurdles remain

    "The agency is issuing a proposed airworthiness directive to require updated
    flight-control software, revised display-processing software to generate
    alerts, revising certain flight-crew operating procedures, and changing the
    routing of some wiring bundles."

    I believe the proposal includes revisions to automatic test equipment and
    test program software applied for line replaceable unit (LRU)
    maintenance. The FAA's draft proposal can be found here:
    https://www.faa.gov/news/media/attachments/19_035n-R3-8-3-20.pdf. I found
    this on page 24: "Note 1 to paragraph (g): Guidance for doing the
    installation and installation verification of the FCC OPS software can be
    found in Boeing 737-7/8/8200/9/10Aircraft Maintenance Manual (AMM), Section
    22-11-33." I gather the AMM includes provisions for ATE/TPS
    updates/revisions.

    These proposals will require significant investment to successfully
    complete. Apparently they incur less expenditure than would be required to
    undertake a new air-frame design and re-certification effort. Cheaper to
    keep a ~50 year old air-frame in the product catalog, and hack than start
    from scratch.

    "The changes are designed to prevent the erroneous activation of a key
    system known as MCAS tied to both crashes, to alert pilots if two AOA
    sensors are receiving conflicting data and to ensure flight crew can
    recognize and respond to erroneous stabilizer movement.

    "The FAA said the changes minimize 'dependence on pilot action and the
    effect of any potential single failure' and added that design changes
    address seven safety issues, including several involving MCAS."

    ------------------------------

    Date: Tue, 4 Aug 2020 18:47:51 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: Beirut explosion

    REPORT: Beirut explosion caused by welding operations at unsecured
    warehouse holding over 2700 tons of ammonium nitrate accumulated over
    six years.

    [The risks? Utter stupidity, long-term storage of volatile substance,
    arc-welding, lack of security, oblivious of oblivion... PGN]

    ------------------------------

    Date: Wed, 5 Aug 2020 01:13:00 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: NSA Warns Cellphone Location Data Could Pose National-Security
    Threat (WSJ)

    *Disable location-sharing on apps, agency says in new guidance for military
    and intelligence personnel*

    The National Security Agency issued new guidance on Tuesday for military and
    intelligence-community personnel, warning about the risks of cellphone
    location tracking through apps, wireless networks and Bluetooth technology.

    The detailed warning from one of the nation's top intelligence agencies is
    an acknowledgment that Silicon Valley's practice of collecting and selling
    cellphone location information
    <WSJ News Exclusive | House Investigating Company Selling Phone Location Data to Government Agencies>
    for
    advertising and marketing purposes poses a serious national-security risk
    to many inside the government.

    ``Location data can be extremely valuable and must be protected. It can
    reveal details about the number of users in a location, user and supply
    movements, daily routines (user and organizational), and can expose
    otherwise unknown associations between users and locations,'' the NSA
    bulletin warned.

    Among its recommendations, the NSA advises disabling location-sharing
    services on mobile devices, granting apps as few permissions as possible
    and turning off advertising permissions. The NSA also recommends limiting
    mobile web browsing, adjusting browser options to not allow the use of
    location data, and switching off settings that help track a misplaced or
    stolen phone.

    Apps often collect and share anonymized location data with third-party
    location data brokers who in turn sell their commercial products to
    government and corporate customers
    <Digital Group Urges Controls on Flow of Cellphone Data to Government>,
    The Wall Street Journal has reported. The sale of the data, especially to
    the government, is generally done without consumer awareness.

    Other services can estimate a phone's location based on its proximity to
    other Bluetooth devices or Wi-Fi networks. More invasive technologies used
    by law-enforcement and intelligence services -- such as Stingray cell-tower
    simulators often used by police to collect location information, as well as
    Wi-Fi sniffers that can extract information about a phone based on network
    information -- can collect a phone's location without user permission.

    The agency's warning extended beyond phones, noting that fitness trackers,
    smartwatches, Internet-connected medical devices, other smart-home devices
    and modern automobiles all contain location-tracking potential. [...]
    NSA Warns Cellphone Location Data Could Pose National-Security Threat

    ------------------------------

    Date: Mon, 3 Aug 2020 12:41:41 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: Dickson Yeo and spying in the time of social networking (Straits Times)

    Dickson Yeo and spying in the time of social networking
    (behind paywall).

    Note:
    https://www.nytimes.com/reuters/2020/07/25/world/asia/25reuters-usa-china-spy-singapore.html
    details the arrest.

    The Straits Times author details how Yeo was recruited by PRC Intelligence.
    In turn, Yeo recruited and paid multiple U.S. persons as sources to author
    reports on non-public (but sensitive) strategic, tactical and/or technical
    information on the F-35 sale to Japan, South China Sea foreign policy, trade
    policy, etc.

    "At the behest of a Chinese intelligence operative, two years ago,
    Singaporean Dickson Yeo conjured up a consultancy firm and posted a fake job
    posting on professional networking site LinkedIn.

    "The response floored him.

    "He got over 400 resumes, most of them from U.S. military and government
    employees with security clearances. He sent on those he found interesting to
    a Chinese operative."

    "The Financial Times, in a report last Friday
    (Subscribe to read | Financial Times, also
    behind paywall), said Yeo's case underscores 'growing fears among
    intelligence agencies around the world that they are unable to parry China's
    increasingly astute online espionage efforts aimed at officials with
    high-level security clearances.'"

    Social media, while convenient for advertising goods and gigs, also
    facilitates espionage recruiting. Correlate candidate CV content against the
    U.S. office of personnel management (OPM) breach (or the HR breach du jour)
    to cherry-pick targets. Plan to hook them into your network via compromise
    (financial problems, addiction, embarrassing personal information).

    A smartphone and a file-share (Dropbox) are all that's needed to boost and
    relay information. No more dead drops, no more snail mail. Employ a cutout,
    a mutually trusted intermediary, to shield network handler origin if/when
    cover is blown.

    Spying is an age-old problem. Effective counter-intelligence can suppress
    human sources, and cyber-security can limit surreptitious digital data
    exfiltration.

    A hypothetical "spy versus spy" social media human intelligence recruiting
    entrapment effort might consist of the following:

    1) Use GPT-3 to author a few thousand phony CVs and credentials for "fake
    worker background" with clearances, and periodically update recruiting sites
    to trap human intelligence recruiters. Might be difficult to fake the
    existence of a student at XYZU having written a thesis on "Pulsed-quantum
    computation adiabatic decoherence mitigation" that successfully vets against
    an adversary's alumnus network correlation tool. 2) Include "I speak and
    write ABC" in the adversary's native character set to elevate profile
    "optional" correlation assessment points. Add a few bogus project code words
    (lifted from 'Dilbert' cartoons). Include a few phony roles, dates, and
    locations (a business park hosting a front company) to goose up the
    candidate score: Procurement and sourcing manager for sub-decibel hypersonic
    anti-submarine warfare flotation technology. Lead investigator on simulation
    of quantum network micro-satellite deployment with impulse drive propulsion.
    3) Author a social media page, and post a few items to various blogs of
    interest with faked photos from mountain climbs, botanical gardens,
    high-school proms, etc.

    ------------------------------

    Date: Wed, 5 Aug 2020 09:03:43 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Colorado police apologize over viral video of officers handcuffing
    Black girls in a mistaken stop (WashPost)

    Two of the family's Black children were handcuffed by police at gunpoint,
    and all four, including a six-year-old, were ordered to lay face-down on the
    parking lot.

    https://www.washingtonpost.com/nation/2020/08/04/aurora-pd-handcuffs-family-gunpoint/

    ------------------------------

    Date: Wed, 5 Aug 2020 19:50:26 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Measure twice, sculpt once. (Atlas Obscura)

    Coade Stone Caryatids ó London, England - Atlas Obscura

    A measuring mishap led to these artificial stone ladies losing their
    stomachs.

    Coade Stone Caryatids

    ------------------------------

    Date: Fri, 7 Aug 2020 00:46:50 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Dutch Hackers Found a Simple Way to Mess With Traffic Lights (WiReD)

    By reverse engineering apps intended for cyclists, security researchers
    found they could cause delays in at least 10 cities from anywhere in the
    world.

    Dutch Hackers Found a Simple Way to Mess With Traffic Lights

    ------------------------------

    Date: Thu, 6 Aug 2020 00:34:57 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Inside the Courthouse Break-In Spree That Landed Two White-Hat
    Hackers in Jail (WiReD)

    When two men were hired to break into Iowa judicial buildings, they thought
    it was just another physical security audit -- until they were charged with
    burglary.

    Inside the Courthouse Break-Ins that Landed 2 White Hat Hackers in Jail

    ------------------------------

    Date: Thu, 6 Aug 2020 14:34:00 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Inaccurate Mailing Sent To Fairfax County Voters (Patch)

    The Center for Voter Information sent out absentee ballot applications
    with an incorrect return address.

    Fairfax County, VA -- A mailing going out to Fairfax County voters from a
    nonprofit organization has incorrect information, according to Fairfax
    County's Office of Elections.

    The mailing from the Center for Voter Information includes pre-filled
    absentee ballot applications with return envelopes. The problem is, the
    return address is the City of Fairfax's registrar, not Fairfax County's.

    "This mailing is causing great confusion and concern among voters who have
    been contacting our office," said Fairfax County General Registrar Gary
    Scott in a news release. "While the mailing may appear to be from an
    official government agency, the Fairfax County Office of Elections did not
    send it."

    A county statement says the absentee ballot application went out to voters
    without their request. The mailing is also causing confusion among voters
    who already requested ballots from Fairfax County.

    The county is working with the City of Fairfax to ensure applications
    received from the inaccurate mailing will be processed by Fairfax County.

    The Center for Voter Information shared the following statement:

    The Center for Voter Information recently sent vote by mail applications
    to voters in Virginia, encouraging them to safely participate in
    democracy. We are aware that some of the mailers may have directed the
    return envelopes to the wrong election offices, particularly in the
    Fairfax area of northern Virginia.

    Approximately half a million applications sent to eligible voters in
    Virginia included incorrect information, and we are working diligently to
    address the issues. Mistakes in our programming are very rare, but we take
    them seriously, and our methods overall are extraordinarily effective. In
    fact, we have worked with our partner, the Voter Participation Center, to
    successfully generate nearly 800,000 vote by mail applications across the
    country, and helped over 5-million people register to vote in our history.

    We know voters are on high alert as the November election approaches, and
    we regret adding to any confusion. Please rest assured that we are working
    with local election officials in Virginia to re-direct the vote by mail
    applications to the proper locations, and will rectify any errors at our
    own expense.

    Inaccurate Mailing Sent To Fairfax County Voters

    Brilliant. Nice favor this organization did. It's so comforting that their
    programming mistakes are rare. This is a very Blue area -- and I understand
    one must first assume incompetence when something worse might be
    suspected. Still...

    ------------------------------

    Date: Mon, 3 Aug 2020 01:17:00 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: WHO just gave us the worst possible coronavirus prediction (BGR)

    - The coronavirus transmission risk remains high, warned the World
    Health Organization during a meeting of its emergency committee.

    - WHO chief Tedros Adhanom Ghebreyesus said that the COVID-19 pandemic is a
    ``once-in-a-century health crisis'' with effects that will be felt for
    ``decades to come.''

    - The health crisis already taught us that some COVID-19 patients will
    take weeks or even months to recover and may sustain internal damage from
    the infection that could lead to long-lasting medical conditions.

    The novel coronavirus is here to stay, even once vaccines are widely
    available. It's still too early to tell how long COVID-19 immunity lasts,
    but infectious disease experts think the new virus will behave just like
    other human coronaviruses. That means reinfection could be possible as soon
    as six to twelve months after the first bout, and vaccine protection will be
    limited without regular booster shots. Even if vaccines are approved this
    fall or winter, it will be months until public immunization campaigns can
    start
    <Fauci explains why you’re not getting a coronavirus vaccine anytime soon>
    in earnest. The initial vaccine supply will not meet demand, as the entire
    world might need 15 billion doses to inoculate everyone -- and some people
    will always resist vaccines, while others are in remote regions that may not
    be accessible. Therefore, it will be years before a large percentage of the
    world's population is vaccinated against COVID-19, and that's assuming the
    current candidates are effective. Other drugs are also in human trials
    <https://bgr.com/2020/07/08/coronavi...monoclonal-antibodies-cure-regn-cov2-5852677/>
    and they could provide new effective therapies to prevent COVID-19
    complications or death.

    With all that in mind, it seems unlikely for the novel coronavirus to
    disappear anytime soon and the world will have to learn to live with it,
    just like it did with other infectious diseases. The World Health
    Organization (WHO) made this prediction several months ago
    <https://bgr.com/2020/05/14/coronavi...ever-go-away-but-well-have-treatment-5829547/>,
    as researchers learned more details about the new illness. But now, the WHO
    just gave the world the worst possible forecast about the novel coronavirus.

    WHO chief Tedros Adhanom Ghebreyesus spoke to reporters on Friday as the
    organization's emergency committee evaluated the situation six months after
    declaring COVID-19 an international emergency. [...]

    https://bgr.com/2020/08/01/coronavirus-transmission-risk-high-effects-felt-for-decades/

    ------------------------------

    Date: Fri, 7 Aug 2020 11:02:50 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: California virus-fighting efforts hampered by data delays (sfgate.com)

    https://www.sfgate.com/news/article/California-virus-fighting-efforts-hampered-by-15462869.php
    and
    https://www.latimes.com/california/...esults-collecting-hampering-pandemic-response

    CalREDIE -- California Reportable Disease Information Exchange -- embodies
    the core data collection platform licensed for access and disease incidence
    reporting from laboratories, hospitals, public health agencies. State public
    health officials and the elected governance functions are operating under a
    high-latency reporting condition.

    A root cause for the sluggishness has not been disclosed. Estimates claim
    50% of COVID-19 case counts are missing from public reports. Probably a
    huge XML payload to database insert backlog. Deficient elasticity scale-up
    in the infrastructure.

    Risk: Inaccurate reporting of disease statistics reduces public vigilance to
    apply safeguards against infection. If the latency remained undiscovered,
    public health spending priorities would be irresponsibly reduced.

    ------------------------------

    Date: Mon, 3 Aug 2020 13:18:48 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: Do Animals Really Anticipate Earthquakes? Sensors Hint They Do
    (Scientific American)

    https://www.scientificamerican.com/...-anticipate-earthquakes-sensors-hint-they-do/

    Reliable earthquake precursors are challenging to identify. A few seconds
    advanced warning can save lives. A few hours advance notice, enough to
    evacuate a vulnerable city, would be miraculous. Instrumented animals, and
    their environmentally-adapted swarm intelligence, might hold the key to
    early quake detection.

    "For example, 'we did a study on Galápagos marine iguanas, and we know
    that they are actually listening in to mockingbirds’ warnings about the
    Galápagos hawks,' he adds. 'These kinds of systems exist all over the
    place. We’re just not really tuned in to them yet.'"

    "Wendy Bohon, a geologist at the Incorporated Research Institutions for
    Seismology in Washington, D.C., who was not involved with the new study, is
    skeptical of the air ionization idea. Numerous geologists have
    unsuccessfully tried to find such a precursory signal of impending
    earthquakes, she notes. Bohon does allow that Wikelski and his co-authors
    did some 'cool things' to explore the possibility of animals predicting
    earthquakes. But she wonders whether there were instances in which the
    creatures showed unusual activity and there was no earthquake or did not
    react before one did occur. 'My cat could act crazy before an earthquake,'
    she says. 'But my cat also acts crazy if somebody uses the can opener.' In
    order to use the animals as prognosticators, it would be imperative to
    establish that they exhibited unusual behavior only in reaction to upcoming
    seismic events, Bohon says. 'Otherwise,' she adds, 'it becomes the ‘'Boy
    Who Cried Wolf’' problem.'”

    Risk: Alarm fatigue.

    [Earthquake sensor-equipped birds fowl detection?]

    [Bill Kautz, one of my colleagues at SRI in the 1970s, was part of a
    California-based project that had sensors scattered around the state, but
    also had farmers linked up to report unusuual animal behavior. The
    Chinese also claimed back then that they evacuated an entire city based on
    abnormal animal behavior. PGN]

    ------------------------------

    Date: Mon, 3 Aug 2020 15:19:39 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Despite an unexpected monkey wrench, now is the time to install the
    July Windows and Office patches (Computerworld)

    If it weren't for the schizophrenic behavior of Microsoft's preview patches,
    July updating would be a slam dunk. As things stand, you'd be well advised
    to go ahead and patch -- but be aware of the odd behavior.

    https://www.computerworld.com/artic...tall-the-july-windows-and-office-patches.html

    Rhetorical questions:

    How are normal people supposed to cope with nonsense like this?

    How has Microsoft let patches -- previously largely reliable -- deteriorate
    to this egregious level of complexity and risk?

    ------------------------------

    Date: Thu, 06 Aug 2020 23:37:47 -0400
    From: s...@eskimo.com (Steve Summit)
    Subject: Adapting the user to the software (The Verge)

    We've probably all had our frustrations with Microsoft Excel: powerful,
    ubiquitous, often pretty useful, occasionally insanely frustrating. It
    would never have occurred to me to make formal redefinitions across an
    entire industry just to coddle its peculiar predilections, though:

    https://www.theverge.com/2020/8/6/21355674/human-genes-rename-microsoft-excel-misreading-dates

    A string like "MARCH1" -- which to a geneticist used to be the accepted
    abbreviation for the Membrane Associated Ring-CH-Type Finger 1 gene -- is
    taken by default by Excel as a date, and while there's a way to force it to
    be treated as a regular string, it's easy enough to forget to that errors
    have been unacceptably prevalent. So the Membrane Associated Ring-CH-Type
    Finger 1 gene is now "MARCHF1", and several dozen other genes have been
    similarly reabbreviated.

    ------------------------------

    Date: Fri, 07 Aug 2020 13:47:29 +0200
    From: "Diego.Latella" <diego....@isti.cnr.it>
    Subject: The case for banning law enforcement from using facial recognition
    technology (TJCI)

    The Justice Collaborative Institute
    The Case for Banning Law Enforcement from Using Facial Recognition Technology
    https://tjcinstitute.com/research/t...ent-from-using-facial-recognition-technology/

    "The Justice Collaborative Institute is home to a collection of the nation's
    top scholars and thinkers bound together by a common mission to produce
    rigorous, practical research that contributes to an America with more
    dignity and freedom for all of us, starting with those who are the most
    vulnerable. We translate our research into pragmatic resources for public
    officials, reporters, advocates, and other scholars, including polling
    memos, policy briefs, model laws and policies, and amicus briefs."

    https://tjcinstitute.com/about/

    ------------------------------

    Date: Sat, 1 Aug 2020 18:00:33 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Why a Data Breach at a Genealogy Site Has Privacy Experts Worried
    (NYTimes)

    Nearly two-thirds of GEDmatch's users opt out of helping law enforcement.
    For a brief window this month, that didn't matter.

    https://www.nytimes.com/2020/08/01/technology/gedmatch-breach-privacy.html

    ------------------------------

    Date: Tue, 4 Aug 2020 13:08:18 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: Computers on verge of designing their own programs (Techxplore)

    https://techxplore.com/news/2020-08-verge.html

    "Gottschlich explained, 'Intel's ultimate goal for machine programming is to
    democratize the creation of software. When fully realized, machine
    programming will enable everyone to create software by expressing their
    intention in whatever fashion that's best for them, whether that's code,
    natural language or something else. That's an audacious goal, and while
    there's much more work to be done, MISIM is a solid step toward it."

    MISIM relies on AI to compare "correct programs" against a candidate
    specification. Correctly transliterating this specification, as per formal
    methods, should satisfy user expectations when the cooked code runs. I
    wonder if MISIM would succeed in a transliteration of a multi-threaded
    process specification per Hoare's communicating sequential processes?

    Would be interesting to see if Machine Inferred Code Similarity could
    eventually detect and triage race conditions, kernel or interruptible sleep
    state deadlock. Significant specification and test cases are needed
    (http://www.cs.uky.edu/ai/benchmark-suite/deadlock-detection.html retrieved
    on 04AUG2020) to identify these conditions.

    Someday, the app you buy might be authored and qualified by a bot. MISIM
    portends a solution, however partial, to the Turing Halting Problem.

    MISIM does not demand royalties -- a piece of the action -- from app license
    and sale. No sick leave, vacation, or retirement benefits are paid as
    carbon-based authors are largely out-of-the-loop: it codes for virtual
    peanuts, until it decides if it can or cannot.

    ------------------------------

    Date: Fri, 7 Aug 2020 01:11:00 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: AI bias detection; aka the fate of our data-driven world

    *Rooting out implicit bias in AI is fundamental to ensuring an equitable
    society. Is it even possible?*

    Here's an astounding statistic: Between 2015 and 2019, global use of
    artificial intelligence grew by 270%
    <https://venturebeat.com/2019/01/21/...ementation-grew-270-over-the-past-four-years/>.
    It's estimated that 85% of Americans
    <https://news.gallup.com/poll/228497/americans-already-using-artificial-intelligence-products.aspx>
    *are already using* AI products daily, whether they now it or not.

    It's easy to conflate *artificial* intelligence with *superior*
    intelligence, as though machine learning based on massive data sets leads to
    inherently better decision-making. The problem, of course, is that human
    choices undergird every aspect of AI
    <https://www.zdnet.com/topic/artificial-intelligence/>, from the curation of
    data sets to the weighting of variables. Usually there's little or no
    transparency for the end user, meaning resulting biases are next to
    impossible to account for. Given that AI is now involved in everything from
    jurisprudence to lending, it's massively important for the future of our
    increasingly data-driven society that the issue of bias in AI be taken
    seriously.

    This cuts both ways -- development in the technology class itself, which
    represents massive new possibilities for our species, will only suffer from
    diminished trust if bias persists without transparency and accountability.
    In one recent conversation
    <https://www.zdnet.com/article/5-rea...opted-at-your-organization-and-how-to-fix-it/>,
    Booz Allen's Kathleen Featheringham
    <https://www.boozallen.com/e/insight/blog/kathleen-featheringham-tells-stories-through-data.html>,
    Director of AI Strategy & Training, told me that adoption of the technology
    is being slowed by what she identifies as historical fears:

    Because AI is still evolving from its nascency, different end users may
    have wildly different understandings about its current abilities, best uses
    and even how it works. This contributes to a blackbox around AI
    decision-making. To gain transparency into how an AI model reaches end
    results, it is necessary to build measures that document the AI's
    decision-making process. In AI's early stage, transparency is crucial to
    establishing trust and adoption.

    While AI's promise is exciting, its adoption is slowed by historical fear
    of new technologies. As a result, organizations become overwhelmed and
    don't know where to start. When pressured by senior leadership, and driven
    by guesswork rather than priorities, organizations rush to enterprise AI
    implementation that creates more problems.

    One solution that's becoming more visible in the market is validation
    software. Samasource <https://www.samasource.com/>, a prominent supplier of
    solutions to a quarter of the Fortune 50, is launching AI Bias Detection, a
    solution that helps to detect and combat systemic bias in artificial
    intelligence across a number of industries. The system, which leaves a
    human in the loop, offers advanced analytics and reporting capabilities
    that help AI teams spot and correct bias before it's implemented across a
    variety of use-cases, from identification technology to self-driving
    vehicles. [...]
    https://www.zdnet.com/article/ai-bias-detection-and-the-fate-of-our-data-driven-world/

    ------------------------------

    Date: Mon, 3 Aug 2020 08:19:33 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: The Truth Is Paywalled But The Lies Are Free (Current Affairs)

    https://www.currentaffairs.org/2020/08/the-truth-is-paywalled-but-the-lies-are-free/

    ------------------------------

    Date: Tue, 04 Aug 2020 20:11:37 -0400
    From: "Mike Alexander" <risks...@msalexander.com>
    Subject: A very good fake message from Facebook

    I have turned on the option on Facebook to encrypt all messages from them
    using GPG. I recently got a message that came from a Facebook domain (based
    on the first Received: header) and was signed with their GPG key, but was
    apparently not from them. It appeared to be a notification of a private
    message from a friend of mine, but she says she didn't send me a message on
    Messenger, and the links that purport to open the message go to www.m.me and
    try to open a Flash movie (I don't have Flash installed). I really can't
    think of a good explanation for this that doesn't involve something bad
    happening at Facebook.

    ------------------------------

    Date: Fri, 7 Aug 2020 06:43:47 -0600
    From: "Matthew Kruk" <mkr...@gmail.com>
    Subject: Job-related scams and frauds (CBC)

    Job scams are on the rise and becoming more sophisticated, said Jeff
    Thomson, senior RCMP intelligence analyst at the Canadian Anti-Fraud Centre.

    In 2019, the centre received more than 2,400 job-related fraud reports, he
    said. The number of reports counted in 2020 is already more than 2,300 -
    and that's only up to July.

    With more people losing their jobs during the COVID-19 pandemic and seeking
    work, as well as shifting to doing business primarily online, "it's sort of
    ripe for job scams right now," Thomson said.

    https://www.cbc.ca/news/canada/toronto/fake-company-job-scam-gux-it-1.5677217

    ------------------------------

    Date: Thu, 6 Aug 2020 01:10:00 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Cheap, Easy Deepfakes Are Getting Closer to the Real Thing (WiReD)

    Using open-source software and less than $100, a researcher was able to
    create plausible images and audio of actor Tom Hanks.

    There are many photos of Tom Hanks, but none like the images of the leading
    everyman shown at the Black Hat computer security conference Wednesday:
    They were made by machine-learning algorithms, not a camera.

    Philip Tully, a data scientist at security company FireEye, generated the
    hoax Hankses to test how easily open-source software from artificial
    intelligence labs could be adapted to misinformation campaigns. His
    conclusion:

    ``People with not a lot of experience can take these machine-learning
    models and do pretty powerful things with them.''

    Seen at full resolution, FireEye's fake Hanks images have flaws like
    unnatural neck folds and skin textures. But they accurately reproduce the
    familiar details of the actor's face like his brow furrows and green-gray
    eyes, which gaze cooly at the viewer. At the scale of a social network
    thumbnail, the AI-made images could easily pass as real.

    To make them, Tully needed only to gather a few hundred images of Hanks
    online and spend less than $100 to tune open-source face-generation
    software to his chosen subject. Armed with the tweaked software, he cranks
    out Hanks. Tully also used other open-source AI software to attempt to
    mimic the actor's voice from three YouTube clips, with less impressive
    results.

    By demonstrating just how cheaply and easily a person can generate passable
    fake photos, the FireEye project
    <https://www.fireeye.com/blog/threat...nthetic-media-for-information-operations.html>
    could
    add weight to concerns that online disinformation could be magnified by AI
    technology that generates passable images or speech. Those techniques and
    their output are often called deepfakes, a term taken from the name of a
    Reddit account that late in 2017 posted pornographic videos modified to
    include the faces of Hollywood actresses.

    Most deepfakes observed in the wilds of the Internet are low quality and
    created for pornographic
    <https://www.wired.com/story/most-deepfakes-porn-multiplying-fast/> or
    entertainment purposes. So far, the best-documented malicious use of
    deepfakes is harassment of women
    <https://www.wired.com/story/forget-politics-deepfakes-bullies/>. Corporate
    projects or media productions
    <https://www.wired.com/story/covid-drives-real-businesses-deepfake-technology/>
    can create slicker output, including videos, on bigger budgets. FireEye's
    researchers wanted to show how someone could piggyback on sophisticated AI
    research with minimal resources or AI expertise. Members of Congress from
    both parties have raised concerns that deepfakes could be bent for political
    interference. [...]
    https://www.wired.com/story/cheap-easy-deepfakes-closer-real-thing/

    ------------------------------

    Date: Thu, 6 Aug 2020 14:41:44 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Blackbaud breach

    ``We deeply appreciate your generous support of the Freedom Forum and our
    affiliates, the Newseum and the Freedom Forum Institute, and our mission
    to foster First Amendment freedoms for all. As part of our efforts to
    share important updates with our valued supporters, we are writing to
    inform you about a data incident involving one of our long-time vendors,
    Blackbaud, that may have affected some of your personal information.
    Blackbaud is the global market leader in not-for-profit software, and
    their products are commonly used to manage relationships and
    communications with constituents and donors.''
    https://www.blackbaud.com/
    http://engage.newseum.org/site/MessageViewer?dlv_id=10606&em_id=6687.0

    This is at least my fourth such notice from some organization using
    Blackbaud. Of course, there's no way for people to tell who else might be a
    victim of an outsourcing vendor. How many more? It's tough doing due
    diligence with such invisible infrastructure.

    ------------------------------

    Date: Mon, 3 Aug 2020 19:17:19 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Ajit Pai calls for vigorous debate on Trump's social media
    crackdown (Ars Technica)

    "Tell the FCC to reject this," Democrat says as agency seeks public comment.

    https://arstechnica.com/tech-policy...rumps-attempt-to-punish-twitter-and-facebook/

    ------------------------------

    Date: Fri, 7 Aug 2020 15:13:20 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: Sensitive to claims of bias, Facebook relaxed misinformation rules
    for conservative pages (NBC News)

    https://www.nbcnews.com/tech/tech-n...information-rules-conservative-pages-n1236182

    ------------------------------

    Date: Wed, 5 Aug 2020 19:42:02 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: A Bug In Instagram's Hashtag Has Been Favoring Donald Trump
    (BuzzfeedNews)

    ``A technical error caused a number of hashtags to not show related
    hashtags. We've disabled this feature while we investigate.''

    https://www.buzzfeednews.com/article/ryanmac/instagram-related-hashtags-favoring-trump-over-biden

    A bug they call it, a poisonous bug...

    ------------------------------

    Date: Thu, 6 Aug 2020 09:48:12 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: Big Problem: Twitter users attempting to expose @realDonaldTrump
    lies are being blocked for surfacing his lies! (CNN)

    https://www.cnn.com/2020/08/06/politics/twitter-democratic-national-committee-trump/index.html

    ------------------------------

    Date: Sun, 2 Aug 2020 16:52:11 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: From Minecraft Tricks to Twitter Hack: A Florida Teen's Troubled
    Online Path (NYTimes)

    https://www.nytimes.com/2020/08/02/technology/florida-teenager-twitter-hack.html

    ------------------------------

    Date: Tue, 4 Aug 2020 10:36:13 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: FBI Used Information From An Online Forum Hacking To Track Down
    One Of The Hackers Behind The Massive Twitter Attack (TechDirt)

    https://www.techdirt.com/articles/2...e-hackers-behind-massive-twitter-attack.shtml

    ------------------------------

    Date: Wed, 5 Aug 2020 19:44:42 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Pranksters Stream Porn During Zoom Hearing for Alleged
    17-Year-Old Twitter Hacker (gizmodo)

    Pranksters disrupted judicial hearings on Wednesday for the 17-year-old
    Florida kid who allegedly hijacked the accounts of prominent Twitter users
    last month, according to multiple
    <> people
    <> on the
    teleconference call. There were several intrusions during the first attempt
    at the hearing, and it was finally stopped after pornography was streamed
    via Pornhub. [...]

    ``How the judge in charge of the proceeding didn't think to enable settings
    that would prevent people from taking over the screen is beyond me. My guess
    is he didn't know he could,'' security expert Brian Krebs tweeted Wednesday
    morning. ``This guy's reaction sums it up.''

    The reaction, of course, was one of shock and bewilderment.

    https://gizmodo.com/pranksters-stream-porn-during-zoom-hearing-for-alleged-1844618440

    ------------------------------

    Date: Sun, 2 Aug 2020 10:42:00 +0200
    From: Peter Bernard Ladkin <lad...@causalis.com>
    Subject: Re: Darwin's tautology? (RISKS-32.12,15,16,17)

    It is somewhat unkind of Amos Shapir (Risks 32.17) to suggest that a
    940-year-old problem in logic is a "quagmire". 141 years ago, someone could
    have said the same about the distribution of terms, which was then solved
    elegantly and definitively by Herr Frege in his Begriffschrift pamphlet in
    1879. (See Peter Geach, Logic Matters, Basil Blackwell 1972 for extensive
    discussion of distribution, and Jean van Heijenoort, From Frege to
    G=C3=B6del: A Source Book in Mathematical Logic, 1879-1931, Harvard
    University Press, 1967 for an english translation of the Begriffschrift.)

    Whether a RISKS reader wants to "step into" the subject of Anselm's argument
    in the Proslogion depends on whether she is interested in logic. An interest
    in conceptions of gods is secondary (although not for Anselm).

    Martin Ward cites Goedel's formulation of an Ontological Argument for the
    existence of a god. The version written down by Dana Scott appears to be
    formally correct (Benzm=C3=BCller and Woltzenlogel Paleo, ECAI Proceedings
    2014 http://page.mi.fu-berlin.de/cbenzmueller/papers/C40.pdf ) Paul
    Oppenheimer and Ed Zalta had looked somewhat earlier at other versions and
    showed some were formally provable (see, e.g., Australasian Journal of
    Philosophy, 2013,
    https://mally.stanford.edu/Papers/ontological-computational.pdf). John
    Rushby verified a version of the Oppenheimer-Zalta proof in PVS (CAV
    Proceedings, 2013 http://page.mi.fu-berlin.de/cbenzmueller/papers/C40.pdf ).

    I have even done a little twiddling myself, though with traditional analysis
    of premises and arguments, not with ATPs. Peter Millican (a philosopher at
    Oxford) claimed to have found a fatal flaw in Anselm's argument (in Mind
    113, 2004, http://millican.org/papers/2004OntArgMind.pdf ). I didn't agree
    with Millican that the flaw is "fatal". I think I found some missing
    premises and supplied them (preprint January 2017). I had some discussion
    with Millican and my former tutor Ralph Walker, a Kant specialist, about
    it. (Kant had some thoughts about Anselm's argument also.)

    Shapir also defines "tautology"

    > Tautology is a term in logic defined as a statement which is true
    > unconditionally, determined just by its formulation, e.g., "A or not A" --
    > Thus when a statement is a tautology, its truthfulness requires no proof.
    > A statement cannot "become a tautology" by a proof.

    He thereby contradicts Ward (RISKS-32.15), who thinks that all valid
    mathematical theorems are tautologies, whereas you could surely only claim a
    few of them are "determined just by [their] formulation". Fermat's Last
    Theorem certainly wasn't. Its formulation is in the language of +, x and
    exp, and no one I know finds it remotely plausible that there is a proof in
    that language alone.

    The term "tautology" is wider than what Shapir suggests. Wikipedia
    https://en.wikipedia.org/wiki/Tautology indicates at least three different
    meanings. Looking just at "term in logic", per Shapir, one can wonder
    whether a tautology is a statement (1) "true in virtue of its form"
    (Shapir), or one (2) "true in every possible interpretation" (Wikipedia
    https://en.wikipedia.org/wiki/Tautology_(logic) ). Those are by no means the
    same: Fermat's Last Theorem is true in every possible interpretation, so
    fulfills (2) but, as I just observed, not (1).

    Ward, for his part (in RISKS-32.15), calls "circular" arguments out as being
    "fallacious". Whatever bad things might come with being "fallacious", some
    circular arguments are both valid and good. "A, therefore A" is as circular
    as you can get. It is also an inference rule of Natural Deduction and an
    axiom of Sequent Calculus, two of the most useful formulations of logic(s).

    ------------------------------

    Date: Sun, 2 Aug 2020 12:48:20 PDT
    From: "Peter G. Neumann" <neu...@csl.sri.com>
    Subject: Re: Darwin's tautology? (Ladkin, RISKS-32.18)

    My long-time colleague John Rushby in the SRI Computer Science Laboratory
    has been studying what Peter Ladkin refers to in the above RISKS item,
    and John has two papers. See his website:
    http://www.csl.sri.com/users/rushby/biblio.html

    * The Ontological Argument in PVS
    Fun With Formal Methods, Invited paper presented at the CAV Workshop,
    St. Petersburg, Russia, 13 July ‎2020
    An 11th Century proof of the existence of God is revisited, and proven
    using the SRI PVS proof system.

    * Mechanized Analysis of Anselm's Modal Ontological Argument
    International Journal of the Philosophy of Religion, 2020, in press.

    [I'm blowing the whistle on this topic, which quickly gets outside the
    realm of logic, although the subsequent still-ongoing private exchanges
    are quite interesting. PGN]

    ------------------------------

    Date: Sun, 2 Aug 2020 02:22:50 +0000
    From: Douglas Lucas <d...@riseup.net>
    Subject: Re: When tax prep is free, you may be paying with your privacy
    (Dorsey, RISKS-32.17)

    > I do not understand why people are willing to pay any money to do
    > it online when doing it by hand is simple and cheap unless you have a
    > lot of income or very complex deductions.

    Imagine not people but ideas and actions. Then imagine a protagonist who
    begun hiking the Appalachian Trail prior to COVID-19's arrival in the United
    States. 2/3 through the hike, he begins hearing from other hikers of some
    virus, some disease, that might be fake news or ancient ideograms. It is now
    time for him to leave the Appalachian Trail, and as the climactic moment
    arrives, night before tax day in the United States (14 April 2020), we are
    passed through a single flux capacitor like a f(x) chain rule from Mars.

    I argue to myself and but few others in person that any frozen image,
    whether the paragraphs above or a painting in a gilded frame of a gilded
    museum, can be analyzed by applying 4 criteria: 'holistic context'
    (oxymoronic, but bear with me); changes in distance; changes in time; and
    changes in emotions (e.g., love/shame battling through yap stones and
    Catholic indulges and dolla dolla bills; prisoner dilemmas; and ethics vs
    moral compasses)...

    And lo, the capacitor fluxes a second time: from Mars, seen are immigrants,
    lumpenproles, refugees, political prisoners, criminals, traffickers of
    armaments of all shapes and colors, in a word, the neurodivergent.

    The final flux of this capacitation is that I performed zero background
    research on who 'Scott Dorsey' is, who 'klu...@panix.com' is, what his
    primary second or third language is, and so on, meaning I am earnestly
    attempting to abstract from my above argument, ad hominem, ad authoritatem.

    Does the passing the above through the quoted focal lens of "I do not
    understand why..." make the understanding better or worse, or do we simply
    wait for more or less dire RISKS digest headlines to tell us that answer?

    ------------------------------

    Date: Wed, 5 Aug 2020 22:04:36 +0100
    From: Chris Drewe <e76...@yahoo.co.uk>
    Subject: Re: When tax prep is free, you may be paying with your privacy.
    (RISKS-32.17)

    Similar in the UK (I can't speak from experience); however, legend has it
    that the UK tax system is the most complicated in the world, although it's a
    highly-competitive field and many other countries may claim the title.
    Therefore there's plenty of potential for errors and differences of opinion,
    and that's apart from the constant changes of course. As the old joke says,
    if you get a gas bill for a million pounds then everybody has a good laugh,
    but if you get a tax bill for a million pounds, you need a good accountant
    and lawyer, and fast.

    Part of the problem seems to be that UK tax policy is as much about
    punishing and rewarding behaviour as raising funds for government spending,
    so the basic approach is high basic tax rates with loads of exemptions,
    reliefs, concessions, etc. to show how caring they are for letting you do
    the right thing. And part of *this* problem is politicians coming up with
    kludges and tweaks to fix this month's headline worry, forgetting that the
    fixes usually stay around much longer after the original problem has been
    forgotten. Some people have suggested a 'flat tax' policy, i.e. add up your
    income on one side and your deductions on the other, then pay a straight tax
    of, say, 20% on the difference. Wonderfully simple, but the UK policy is
    the complete opposite.

    One possible problem for me is tax on interest and share dividends.
    Historically, if you saved money in a bank deposit account, then tax was
    deducted from the interest at a standard rate, and the bank sent periodic
    statements saying "your account has earned X pounds of interest, we have
    deducted Y pounds of tax, and paid X-Y pounds into your account"; if you
    paid higher tax then you declared this on your tax form, or if you didn't
    pay tax then you could claim it back. A similar arrangement applied to
    share dividends and suchlike. Hence the vast majority of people paid tax at
    the right rate by default.

    Nowadays, this doesn't apply -- any payments are given without deductions,
    and you have to declare these if they exceed your allowance, currently 1,000
    pounds for interest and 2,000 pounds (was 5,000 pounds) for dividends. So
    in my case I would have to keep an eagle eye out for all of these payments
    during the year and then be ready to 'fess up if the thresholds are reached.
    Retired people often rely on investment income to supplement their pensions,
    and commentators have pointed out that many of them many have gone through
    their entire working lives without having to worry about filing tax details,
    then may well unexpectedly find themselves having to grapple with taxation
    bureaucracy in their advancing years.

    In my case I'm donating my modest holdings of shares to charity (there's a
    'Sharegift' scheme to do this on a no-cost basis, avoiding the usual hefty
    trading fees on tiny shareholdings), and today's interest rates ("high
    interest" means anything >0.0%) mean that I'm unlikely to earn much here.
    Luckily I don't have any dependents as the UK welfare system is at least as
    complex as tax, with a good deal of interaction between them, so that's one
    can of worms avoided.

    The UK tax authorities accept more and more information on-line only, which
    may require access to expensive dedicated software and/or a steep learning
    curve, so not much scope for DiY there. People with a regular income from
    employment or a pension normally have this done for them by their employer
    or pension provider; this is more problematic for those with irregular
    sources of money. One instance mentioned in the news a few years ago
    concerned those working in the broadcasting industry. As their work is
    usually erratic, they often form themselves into companies and contract
    themselves to programme makers or whoever, so are paid by company rules
    instead of as employees, with lower tax rates. The authorities declared one
    of these schemes operated by the BBC to be illegal, so not only did the
    stars have to pay large unexpected tax bills, but they complained that the
    BBC had demanded this arrangement as a condition of gaining work with them,
    assuming that it had all been cleared beforehand.

    ------------------------------

    Date: Wed, 5 Aug 2020 18:41:59 -0600
    From: "Matthew Kruk" <mkr...@gmail.com>
    Subject: Bill English

    Bill English, the computer engineer who built the very first prototype
    mouse, was the behind-the-scenes mastermind of the "Mother of All Demos" and
    later assisted Alan Kay in building the Xerox Parc Alto computer, has died
    at the age of 91.

    https://www.i-programmer.info/news/82/13892.html

    "The Mother of all Demos" included at URL. 1968 - wow.

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-...@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    => SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    => SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    => SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    => The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    ==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.18
    ************************
     
    Last edited by a moderator: Aug 8, 2020
  9. LakeGator

    LakeGator Mostly Harmless Moderator

    4,813
    556
    368
    Apr 3, 2007
    Tampa
    Risks Digest 32.19

    RISKS List Owner

    Aug 14, 2020 9:21 PM

    Posted in group: comp.risks

    RISKS-LIST: Risks-Forum Digest Friday 14 August 2020 Volume 32 : Issue 19

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
    Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <The RISKS Digest> as
    <The RISKS Digest, Volume 32 Issue 19>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    The Iconic Arecibo Telescope Goes Quiet After Major Damage (WiReD)
    The Tragic Physics of the Deadly Explosion in Beirut (WiReD)
    North Korean Hacking Group Attacks Israeli Defense Industry (NYTimes)
    Researchers discovered significant vulnerability in Amazon's Alexa
    (The Hill)
    Bald eagle attacks government drone and sends it to bottom of Lake Michigan
    (The Guardian)
    Vulnerabilities in Qualcomm Chips Expose Billions of Devices to Attacks
    (You Tube)
    Snapdragon chip flaws put >1 billion Android phones at risk of data theft
    (Ars Techica)
    Flaws in Samsung Phones Exposed Android Users to Remote Attacks
    (The Hacker News)
    Microsoft plugs at least 120 Windows security holes (Krebs on Security)
    Coming Next: The Greater Recession (Paul Krugman via Randall Head)
    Social media and misinformation (Rob Slade)
    Deepfakes or not??? (Mark Thorson)
    A protester tried to ID a police officer on Twitter. Now he faces a felony
    -- along with four who retweeted him. (WashPost)
    Scientists rename human genes to stop Microsoft Excel from misreading them
    as dates (The Verge)
    You do know you are being tracked, right? (WSJ)
    Thousands of cases went unreported in California when a computer server
    failed (NYTimes)
    Blackstone to acquire Ancestry.com for $4.7 billion (Oguh)
    USG Contractor Embedded Software in Apps to Track Phones (WSJ)
    Illiterate cell phone user experience (Dan Jacobson)
    Photoshop Will Help ID Images That Have Been Photoshopped (WiReD)
    Is it the AI That's Racist, or is it the Humans That Create the AI?
    (AI Daily)
    AI bias detection ... (PGN)
    Leaked Documents Reveal What TikTok Shares with Authorities -- in the U.S.
    (The Intercept via Richard Forno)
    Why & Where You Should You Plant Your Flag (Krebs on Security)
    Postal Service warns 46 states their voters could be disenfranchised by
    delayed mail-in ballots (WashPost)
    Mailer To DC Voters Prompts Widespread Confusion (DCist)
    Trump's lapdog Postmaster General wants to more than double costs for states
    to mail ballots to voters! Crooked through and through. (Law and Crime)
    Unwanted Truths: Inside Trump's Battles With U.S. Intelligence Agencies
    (NYTimes)
    The quest to liberate $300,000 of bitcoin from an old ZIP file
    (Ars Technica)
    Risk of driving while Black in conjunction with computer risks (anon)
    Why climate change is about to make your bad commute worse (WashPost)
    Chrome will start hiding most of URLs, but you can opt-out -- AND YOU
    SHOULD! (Lauren Weinstein)
    How romance scams are thriving during quarantine. (The Verge)
    No to Blockchain Credentials of COVID-19 Test Results for Entry to Public
    Spaces (EFF)
    Virginia launches contact-tracing app COVIDWISE using Apple, Google
    technology (WashPost)
    The nuclear mistakes that could have ended civilisation (bbc.com)
    Re: Omniviolence Is Coming and the World Isn't Ready (Eric Sosman)
    Re: Blackbaud breach (A Michael W Bacon)
    Re: City outage (A Michael W Bacon)
    Re: Beirut explosion (A Michael W Bacon)
    Re: Beirut Blast (3daygoaty)
    Re: Tom's Hardware goes dark/side/ (Steve Singer)
    Re: When tax prep is free, you may be paying with your privacy
    (David Damerell)
    Abridged info on RISKS (comp.risks)
    ----------------------------------------------------------------------

    Date: Wed, 12 Aug 2020 15:52:12 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: The Iconic Arecibo Telescope Goes Quiet After Major Damage (WiReD)

    A cable cut a large gash into the radio telescope this week and it's
    uncertain when it will be back in working order.

    The Iconic Arecibo Telescope Goes Quiet After Major Damage

    ------------------------------

    Date: Sat, 8 Aug 2020 21:14:45 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: The Tragic Physics of the Deadly Explosion in Beirut (WiReD)

    A blast injury specialist explores the chemistry -- and history -- of
    explosions like the one captured in videos that swept across the world.

    The Tragic Physics of the Deadly Explosion in Beirut

    ------------------------------

    Date: Wed, 12 Aug 2020 20:56:34 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: North Korean Hacking Group Attacks Israeli Defense Industry
    (NYTimes)

    Israel says the attack was thwarted, but a cybersecurity firm says it was
    successful. Some officials fear that classified data stolen by North Korea
    could be shared with Iran.

    North Korean Hacking Group Attacks Israeli Defense Industry

    ------------------------------

    Date: Thu, 13 Aug 2020 13:38:45 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Researchers discovered significant vulnerability in Amazon's Alexa
    (The Hill)

    Researchers at cybersecurity provider Check Point uncovered a flaw in
    Amazon's Alexa virtual assistant that left owner's personal information
    vulnerable before it was patched in June.

    The researchers detailed the vulnerability in a report released Thursday,
    saying potential hackers could have hijacked the voice assistant devices
    using malicious Amazon links.

    Once those links were clicked, hackers would be able to install or remove
    "Skills" -- essentially apps -- from Alexa devices.

    They would also be able to access the user's voice history with their
    device as well as personal information as sensitive as banking data and home
    addresses. [...]

    Researchers discovered significant vulnerability in Amazon's Alexa

    Also:
    An Alexa Bug Could Have Exposed Your Voice History to Hackers

    ------------------------------

    Date: Fri, 14 Aug 2020 11:24:48 -0700
    From: Peter Neumann <neu...@csl.sri.com>
    Subject: Bald eagle attacks government drone and sends it to bottom of Lake
    Michigan (The Guardian)

    There is something appropriately symbolic in this ....

    Bald eagle attacks government drone and sends it to bottom of Lake Michigan

    ------------------------------

    Date: Mon, 10 Aug 2020 12:10:10 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Vulnerabilities in Qualcomm Chips Expose Billions of Devices to
    Attacks (You Tube)

    *Security researchers have identified hundreds of vulnerabilities that
    expose devices with Qualcomm Snapdragon chips to attacks.*

    During a presentation
    <> at DEF CON
    last week, Check Point security researcher Slava Makkaveev revealed how
    vulnerabilities in the compute digital-signal processor (DSP) -- a subsystem
    that enables the processing of data with low power consumption -- could open
    the door for Android applications to perform malicious attacks.

    The proprietary subsystem is licensed for programming to OEMs and a small
    number of application developers, and the code running on DSP is signed,
    but the security researchers have identified ways to bypass Qualcomm's
    signature and run code on DSP.

    Vendors can build software for DSP using the Hexagon SDK, and serious
    security flaws in the development kit itself have resulted in hundreds of
    vulnerabilities being introduced in code from Qualcomm and partner vendors.

    According to Makkaveev, almost all of the DSP executable libraries that
    come embedded in Qualcomm-based smartphones are exposed to attacks through
    the issues identified in the Hexagon SDK.

    The discovered flaws, over 400 in total, are tracked as CVE-2020-11201,
    CVE-2020-11202, CVE-2020-11206, CVE-2020-11207, CVE-2020-11208 and
    CVE-2020-11209 and have already been acknowledged by Qualcomm.

    Check Point has yet to publish technical details on these vulnerabilities,
    but says
    <Achilles: Small chip, big peril. - Check Point Software> that
    attackers able to exploit them would require no user interaction to
    exfiltrate large amounts of information, including users' photos and
    videos, and GPS and location data, or to spy on users by recording calls or
    turning on the microphone.

    Denial of service attacks are also possible, with the device remaining
    permanently unresponsive, thus making the information stored on it
    unavailable. Furthermore, malicious code installed on the device could hide
    activities entirely and become unremovable.

    With Qualcomm's chips present in approximately 40% of the smartphones out
    there, including high-end devices from Google, LG, OnePlus, Samsung,
    Xiaomi, and others, at least 1 billion mobile users are affected by these
    vulnerabilities. [...]
    Vulnerabilities in Qualcomm Chips Expose Billions of Devices to Attacks | SecurityWeek.Com

    ------------------------------

    Date: Sun, 9 Aug 2020 14:57:23 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Snapdragon chip flaws put >1 billion Android phones at risk of data
    theft (Ars Techica)

    There's no word on when Google and phone makers will incorporate fix from
    Qualcomm.

    A billion or more Android devices are vulnerable to hacks that can turn them
    into spying tools by exploiting more than 400 vulnerabilities in Qualcomm's
    Snapdragon chip, researchers reported this week.

    The vulnerabilities can be exploited when a target downloads a video or
    other content that's rendered by the chip. Targets can also be
    attacked by installing malicious apps that require no permissions at all.

    >From there, attackers can monitor locations and listen to nearby audio in
    real time and exfiltrate photos and videos. Exploits also make it possible
    to render the phone completely unresponsive. Infections can be hidden from
    the operating system in a way that makes disinfecting difficult. ...

    Snapdragon chip flaws put >1 billion Android phones at risk of data theft | Ars Technica

    ------------------------------

    Date: Thu, 13 Aug 2020 13:37:45 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Flaws in Samsung Phones Exposed Android Users to Remote Attacks
    (The Hacker News)

    New research disclosed a string of severe security vulnerabilities in the
    'Find My Mobile' -- an Android app that comes pre-installed on most Samsung
    smartphones -- that could have allowed remote attackers to track victims'
    real-time location, monitor phone calls, and messages, and even delete data
    stored on the phone.

    Portugal-based cybersecurity services provider Char49 revealed its findings
    <https://char49.com/tech-reports/fmmx1-report.pdf> on Samsung's Find My
    Mobile Android app at the DEF CON conference last week and shared details
    with the Hacker News.

    "This flaw, after setup, can be easily exploited and with severe
    implications for the user and with a potentially catastrophic impact:
    permanent denial of service via phone lock, complete data loss with factory
    reset (SD card included), serious privacy implication via IMEI and location
    tracking as well as call and SMS log access," Char49's Pedro Umbelino said
    in technical analysis.

    The flaws, which work on unpatched Samsung Galaxy S7, S8, and S9+ devices,
    were addressed by Samsung after flagging the exploit as a "high impact
    vulnerability."

    Samsung's Find My Mobile <Find My Mobile> service allows
    owners of Samsung devices to remotely locate or lock their smartphone or
    tablet, back up data stored on the devices to Samsung Cloud, wipe local
    data, and block access to Samsung Pay.

    According to Char49, there were four different vulnerabilities in the app
    that could have been exploited by a malicious app installed on the targeted
    device, thus creating a man-in-the-disk attack
    <New Man-in-the-Disk attack leaves millions of Android phones vulnerable> to
    hijack communication from the backend servers and snoop on the victim. [...]
    Flaws in Samsung Phones Exposed Android Users to Remote Attacks

    ------------------------------

    Date: Tue, 11 Aug 2020 16:40:45 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Microsoft plugs at least 120 Windows security holes
    (Krebs on Security)

    Microsoft today released updates to plug at least 120 security holes in its
    Windows operating systems and supported software, including two newly
    discovered vulnerabilities that are actively being exploited. Yes, good
    people of the Windows world, it's time once again to backup and patch up!
    [...]

    Microsoft Patch Tuesday, August 2020 Edition — Krebs on Security

    ------------------------------

    Date: August 8, 2020 at 8:48:42 PM EDT
    From: Randell Head <rv...@insightbb.com>
    Subject: Coming Next: The Greater Recession (Paul Krugman)

    [Via Dewayne Hendricks]

    Paul Krugman, *The New York Times*, 6 Aug 2020

    The suspension of federal benefits would create damage almost as terrifying as the economic effects of the coronavirus.
    <Opinion | Coming Next: The Greater Recession>

    "Greater Recession"? Dr. K is too shy by a long shot.

    Pretty much every multi-tenant office building and almost all shopping malls
    in this country are owned by REITs, almost exactly all of which are
    mortgaged to the limits of their bankers' tolerance.

    Those mortgages are based on the assessed value of the real estate. Those
    assessments assume a roughly 80% occupancy rate.

    The malls are undergoing a calamity of their own, which everyone knows about
    - Shopped at Sears, lately?

    But the office buildings - ah, the office buildings!

    Many of their tenants will not survive. Of those who do survive, all will
    have noticed how much cheaper it is to give every employee a laptop and
    cable modem than it is to pay rent on those downtown or suburban office
    towers.

    Yeah, perhaps most of them will keep some sort of office, but when it comes
    time to renew the leases, they will be able to point to the hundreds of
    thousands of square feet of empty space in the neighboring towers, so they
    will reduce their leased space and they will largely get a lower price per
    square foot. (If they don't get a reduction, they need to fire whoever is
    negotiating on their behalf).

    This means the office buildings are assessed too high.

    If they are reassessed, most of the loans against them are suddenly unsecured.

    Those REITs I mentioned?

    THey're not going to be able to make their mortgage payments, once 25% of
    their tenants go under or break (or fail to renew) their leases, which means
    that the banks and hedge funds which hold those mortgages are suddenly
    insolvent.

    Few people have any sympathy for hedge funds, thinking no one they know has
    any money with them, but a very large percentage of pension funds have some
    money with hedge funds.

    That's not the big deal, though. The big deal is the insolvent banks.

    Remember the early days of the 2008 Crash? Banks were refusing to make
    Guaranteed Student Loans.

    Reading this, I assumed that was just your usual "Rich Folks, sticking up
    the government" scam, but I was wrong - they didn't make Guaranteed Student
    Loans because they COULDN'T -- insolvent banks can't lend any money, not
    even when they have the Full Faith and Credit of the US Government backing
    the loans.

    A middling-sized bank which in January had twenty billion dollars of
    commercial loans, secured by liens against $25B of office towers and
    shopping malls, now has twenty billion dollars of commercial loans, secured
    by liens against $18B of real property.

    Sure, the property is still assessed at $25B, but what would it bring on the
    open market? $18B is probably too generous.

    If you thought it was fun, bailing out the FSLIC, you're gonna *love*
    bailing out the FDIC, especially when every advanced economy on the planet
    is busy bailing out its own banks.

    ------------------------------

    Date: Sat, 8 Aug 2020 17:41:05 -0700
    From: Rob Slade <rms...@shaw.ca>
    Subject: Social media and misinformation

    This article provides laudable and important sentiments:
    PressReader.com - Your favorite newspapers and magazines.

    And the authors are dangerously over-optimistic. I've been waiting 40
    years (since before the Internet was called the Internet) for people to wake
    up, and it hasn't happened yet.

    ------------------------------

    Date: Sat, 8 Aug 2020 12:07:19 -0700
    From: Mark Thorson <e...@dialup4less.com>
    Subject: Deepfakes or not???

    I have noticed a lack of tight synchronization between the audio and picture
    on commercial over-the-air broadcast television is surprisingly common, and
    I'm wondering whether this may be a marker for video that has been faked.

    I first noticed this around the time of conversion from analog to digital,
    when one channel was particularly annoying with its poor synchronization.
    The problem becomes more obvious when you develop some ability to read lips.
    Certain sounds, especially "p" and "b", require the lips to come together,
    and they make tracking the audio against the picture much simpler. It does
    not take much practice to become proficient, though I still can't tell what
    words are being said from the picture alone. Any video passing through Zoom
    cannot be analyzed this way because there isn't enough temporal resolution
    to make this comparison.

    An argument against deepfakes is that this phenomenon is very widespread. I
    can't give you anything approaching a number based on data, but my
    impression is at least 20% of all broadcast television exhibits this problem
    -- including a large amount for which there would be no obvious motive. Why
    would you fake the talking heads on a news broadcast or the presentation of
    a comedy routine? I suspect it may be a weakness of the digital video
    standard, though I suppose there may be other explanations. It's either
    that, or we are awash in fake video.

    ------------------------------

    Date: Fri, 7 Aug 2020 17:42:11 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: A protester tried to ID a police officer on Twitter. Now he faces a
    felony -- along with four who retweeted him. (WashPost)

    Kevin Alfaro and four people who retweeted the post have been charged with
    cyber harassment, a 4th degree felony with up to 18 months of incarceration
    and a $10,000 fine.

    https://www.washingtonpost.com/nation/2020/08/07/black-lives-matter-tweet-police-felony/

    ------------------------------

    Date: Fri, 7 Aug 2020 15:13:47 -0700 (PDT)
    From: Thomas Dzubin <dzu...@vcn.bc.ca>
    Subject: Scientists rename human genes to stop Microsoft Excel from
    misreading them as dates (The Verge)

    "Excel is a behemoth in the spreadsheet world and is regularly used by
    scientists to track their work and even conduct clinical trials. But its
    default settings were designed with more mundane applications in mind, so
    when a user inputs a gene's alphanumeric symbol into a spreadsheet, like
    "MARCH1" which is short for "Membrane Associated Ring-CH-Type Finger 1",
    Excel converts that into a date: "1-Mar"

    Scientists rename human genes to stop Microsoft Excel from misreading them as dates

    And yes, I know that people can set the formatting of cells, rows & columns
    of cells to be 'don't change what I entered' format, it's the defaults that
    are supposed to make our lives easier which is breaking things.

    ------------------------------

    Date: Thu, 13 Aug 2020 11:37:28 +0200
    From: Anthony Thorn <anthon...@atss.ch>
    Subject: You do know you are being tracked, right? (WSJ)

    "The Wall Street Journal." 7 Aug 2020
    WSJ News Exclusive | U.S. Government Contractor Embedded Software in Apps to Track Phones

    "U.S. Government Contractor Embedded Software in Apps to Track Phones
    Anomaly Six has ties to military, intelligence agencies and draws location
    data from more than 500 apps with hundreds of millions of users

    The U.S. government is using app-generated marketing data based on the
    movements of millions of cellphones around the country for some forms of law
    enforcement. We explain how such data is being gathered and sold.

    WASHINGTON -- A small U.S. company with ties to the U.S. defense and
    intelligence communities has embedded its software in numerous mobile apps,
    allowing it to track the movements of hundreds of millions of mobile phones
    world-wide, according to interviews and documents reviewed by The Wall
    Street Journal. Anomaly Six LLC a Virginia-based company founded by two
    U.S. military veterans with a background in intelligence, said in marketing
    material it is able to draw location data from more than 500 mobile
    applications, in part through its own software development kit, or SDK, that
    is embedded directly in some of the apps. An SDK allows the company to
    obtain the phone's location if consumers have allowed the app containing the
    software to access the phone's GPS coordinates. App publishers often allow
    third-party companies, for a fee, to insert SDKs into their apps. The SDK
    maker then sells the consumer data harvested from the app, and the app
    publisher gets a chunk of revenue. But consumers have no way to know
    whether SDKs are embedded in apps; most privacy policies don't disclose that
    information. Anomaly Six says it embeds its own SDK in some apps, and in
    other cases gets location data from other partners. Anomaly Six is a
    federal contractor that provides global-location-data products to branches
    of the U.S. government and private-sector clients. The company told The
    Wall Street Journal it restricts the sale of U.S. mobile phone movement
    data only to nongovernmental, private-sector clients. Numerous agencies of
    the U.S. government have concluded that mobile data acquired by federal
    agencies from advertising is lawful. Several law-enforcement agencies are
    using such data for criminal-law enforcement, the Journal has reported,
    while numerous U.S. military and intelligence agencies also acquire this
    kind of data."

    ------------------------------

    Date: Sat, 8 Aug 2020 21:29:21 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Thousands of cases went unreported in California when a computer
    server failed. (NYTimes)

    https://www.nytimes.com/2020/08/07/world/covid-19-news.html

    As California surpassed 10,000 coronavirus deaths this week, the head of the
    state's Health and Human Services Agency, Dr. Mark Ghaly, said a breakdown
    in the main disease reporting system had undercounted as many as 300,000
    test results. ``Our data system failed, and that failure led to inaccurate
    case numbers.''

    The malfunctions in the data system were compounded in recent days by huge
    backlogs in testing -- in some California counties results are taking more
    than two weeks to process -- muddying the overall picture of the virus's
    progression in the nation's most populous state.

    ------------------------------

    Date: August 6, 2020 20:36:27 JST
    From: Richard Forno <rfo...@infowarrior.org>
    Subject: Blackstone to acquire Ancestry.com for $4.7 billion (Oguh)

    (You likely do NOT want your genetic data owned by China *or* a private
    equity firm, even one based in America. --rick) <via Dave Farber>

    Chibuike Oguh, Reuters, Blackstone to acquire Ancestry.com for $4.7B

    Blackstone to acquire Ancestry.com for $4.7 billion

    (Reuters) - Blackstone Group Inc (BX.N) said on Wednesday it agreed to
    acquire genealogy provider Ancestry.com Inc from private equity rivals for
    $4.7 billion, including debt, placing a big bet on family-tree chasing as
    well as personalized medicine.

    Ancestry.com is the world's largest provider of DNA services,
    allowing customers to trace their genealogy and identify genetic health
    risks with tests sent to their home.

    Blackstone is hoping that more consumers staying at home amid the COVID-19
    pandemic will turn to Ancestry.com for its services.

    ``We believe Ancestry has significant runway for further growth as people of
    all ages and backgrounds become increasingly interested in learning more
    about their family histories and themselves,'' David Kestnbaum, a Blackstone
    senior managing director, said in a statement.

    The deal is Blackstone's first acquisition out of Blackstone Capital
    Partners VIII, the largest-ever private equity fund that raised $26 billion
    from investors last year.

    Ancestry.com has more than 3 million paying customers in about 30 countries,
    and earns more than $1 billion in annual revenue. Launched in 1996 as a
    family history website, it harnessed advances in DNA testing and mobile
    phone apps in the following two decades to expand its offerings.

    Blackstone is buying Ancestry.com from private equity firms Silver Lake,
    Spectrum Equity and Permira. Singapore's sovereign wealth fund GIC, another
    Ancestry.com investor, said it will continue to maintain a significant
    minority stake in the company.

    The acquisition's price tag represents a significant jump to Ancestry.com's
    valuation from four years ago, when Silver Lake and GIC invested in the
    Lehi, Utah-based company at a $2.6 billion valuation.

    ------------------------------

    Date: Mon, 10 Aug 2020 9:33:38 PDT
    From: "Peter G. Neumann" <neu...@csl.sri.com>
    Subject: USG Contractor Embedded Software in Apps to Track Phones (WSJ)

    *The Wall Street Journal*, 7 Aug 2020
    Anomaly Six has ties to military, intelligence agencies and draws location
    data from more than 500 apps with hundreds of millions of users

    Consumers have no way of knowing whether software-development kits that can
    track their locations are embedded in their apps.

    WSJ News Exclusive | U.S. Government Contractor Embedded Software in Apps to Track Phones

    Washington -- A small U.S. company with ties to the U.S. defense and
    intelligence communities has embedded its software in numerous mobile apps,
    allowing it to track the movements of hundreds of millions of mobile phones
    world-wide, according to interviews and documents reviewed by The Wall
    Street Journal.

    ------------------------------

    Date: Thu, 13 Aug 2020 07:26:20 +0800
    From: Dan Jacobson <jid...@jidanni.org>
    Subject: Illiterate cell phone user experience

    A web search finds lots of articles about illiterate cellphone users.
    Usually the elderly or people in undeveloped countries.

    My first experience instructing one over the phone: "OK, under my picture
    there should be a Add Friend button." "Probably red and green
    buttons... push the green one." They said: "Oops, I already pushed the red
    one." (Which blocked me. The block list being within a menu that they
    needed to be literate to find. Alas...)

    ------------------------------

    Date: Thu, 13 Aug 2020 18:36:54 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Photoshop Will Help ID Images That Have Been Photoshopped (WiReD)

    Adobe is adding technology to tag images with metadata, part of an effort to
    identify deepfakes and other efforts at manipulation.

    Photoshop Will Help ID Images That Have Been … Photoshopped

    ------------------------------

    Date: Tue, 11 Aug 2020 16:38:45 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Is it the AI That's Racist, or is it the Humans That Create the AI?
    (AI Daily)

    Racism is a poison in our society, one which until recently, AI was thought
    immune to. Underlying this is the notion that AI are incapable of conscious
    thought, so they cannot consciously discriminate. However, much like humans
    can have unconscious bias, so can AI. Over the last decade there have been
    countless examples of racial bias displayed in AI algorithms, or AI learning
    racism through machine learning. As a mixed-race individual, I want to know
    where AI has been racist and why this was the case.

    MIT were embarrassed in July this year, when they were forced to take
    offline an AI training data-set which, following an investigation by *The
    Register*, was found to be describing people with racist, misogynistic and
    discriminatory language. The data-set had been used to train machine
    learning models to identify people and items in images. However, the
    descriptions of those people were often highly derogatory and contained
    highly offensive language. The issue here was, due to a lack of oversight,
    that the models were accidentally trained using discriminatory data. While
    this problem is easily rectified once identified, it does highlight the risk
    that machine learning algorithms with poorly constructed data-sets pose,
    especially if the *racism* in those data-sets is more subtle, such as an
    machine learning algorithm which scores negative points for *non-British
    names* on CVs.

    Google was forced to apologise in April after its *Vision AI*, an algorithm
    which labels images based on their content, was found to come up with very
    different results dependent on the skin colour of people in the image. This
    is demonstrable by the image below, where when a black person holds a
    thermometer, it is labeled as a *gun* but when a white person holds the
    same thermometer, it is labeled as a *tool*. This result purports the
    racial stereotype that black people are violent, leading to concerns that
    the algorithm was racially biased. Yet again, we see an issue with a poor
    dataset used to train the algorithm unintentionally leading to racial bias,
    which further affirms just how important it is that the datasets are
    properly curated before training. [...]
    Is the AI Racist, or is it the Humans That Create it? — AI Daily - Artificial Intelligence News

    ------------------------------

    Date: Sat, 8 Aug 2020 11:24:48 -0700
    From: Peter Neumann <neu...@csl.sri.com>
    Subject: AI bias detection ... (RISKS-32.18)

    I had a complaint out of band, which applies to all items that deal
    broadly with specific aspects of AI:

    It would be very nice if the people who post numbers like these would
    provide the definition of *AI* that they are using. A definition that
    allows us to look at a program and tell whether it is AI or not is
    necessary to make such numbers meaningful.

    More generally, I think it is difficult to argue about trustworthiness of
    AI overall, especially when the systems in which it is embedded are not
    trustworthy. PGN

    ------------------------------

    Date: August 11, 2020 8:52:32 JST
    From: Richard Forno <rfo...@infowarrior.org>
    Subject: Leaked Documents Reveal What TikTok Shares with Authorities -- in
    the U.S.

    [Via Dave Farber]

    A glimpse at what the social media platform does in the U.S. underscores
    that data privacy issues extend beyond China.

    https://theintercept.com/2020/08/10/blueleaks-tiktok-law-enforcement-privacy/

    ------------------------------

    Date: Thu, 13 Aug 2020 13:36:41 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Why & Where You Should You Plant Your Flag (Krebs on Security)

    Several stories here have highlighted the importance of creating accounts
    online tied to your various identity, financial and communications services
    before identity thieves do it for you. This post examines some of the key
    places where everyone should plant their virtual flags.

    As KrebsOnSecurity observed back in 2018
    <https://krebsonsecurity.com/2018/06/plant-your-flag-mark-your-territory/>,
    many people -- particularly older folks -- proudly declare they avoid using
    the Web to manage various accounts tied to their personal and financial
    data -- including everything from utilities and mobile phones to retirement
    benefits and online banking services. From that story:

    ``The reasoning behind this strategy is as simple as it is alluring: What's
    not put online can't be hacked. But increasingly, adherents to this mantra
    are finding out the hard way that if you don't plant your flag online,
    fraudsters and identity thieves may do it for you.''

    ``The crux of the problem is that while most types of customer accounts
    these days can be managed online, the process of tying one's account number
    to a specific email address and/or mobile device typically involves
    supplying personal data that can easily be found or purchased online -- such
    as Social Security numbers, birthdays and addresses.''

    In short, although you may not be required to create online accounts to
    manage your affairs at your ISP, the U.S. Postal Service, the credit
    bureaus or the Social Security Administration, it's a good idea to do so
    for several reasons.

    Most importantly, the majority of the entities I'll discuss here allow just
    one registrant per person/customer. Thus, even if you have no intention of
    using that account, establishing one will be far easier than trying to
    dislodge an impostor who gets there first using your identity data and an
    email address they control.

    Also, the cost of planting your flag is virtually nil apart from your
    investment of time. In contrast, failing to plant one's flag can allow
    ne'er-do-wells to create a great deal of mischief for you, whether it be
    misdirecting your service or benefits elsewhere, or canceling them
    altogether.

    Before we dive into the list, a couple of important caveats. Adding
    multi-factor authentication (MFA) at these various providers (where
    available) and/or establishing a customer-specific personal identification
    number (PIN) also can help secure online access. For those who can't be
    convinced to use a password manager, even writing down all of the account
    details and passwords on a slip of paper can be helpful, provided the
    document is secured in a safe place. [...]

    https://krebsonsecurity.com/2020/08/why-where-you-should-you-plant-your-flag/

    ------------------------------

    Date: Fri, 14 Aug 2020 12:11:57 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: Postal Service warns 46 states their voters could be
    disenfranchised by delayed mail-in ballots [as desired by Trump]

    https://www.washingtonpost.com/loca...=wp_main&utm_source=twitter&utm_medium=social

    ------------------------------

    Date: Thu, 13 Aug 2020 19:36:49 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Mailer To DC Voters Prompts Widespread Confusion (DCist)

    A mailer from the DC Board of Elections was supposed to help registered
    voters confirm that their address was correct. Instead, it has prompted
    confusion over how exactly voters can notify the board that their address
    has changed or that a person listed at their address no longer lives there.

    And that could raise additional concerns ahead of the city's plan to mail
    every registered voter -- there are more than 460,000 of them on file -- a
    ballot ahead of November's election.

    The mailer started hitting mailboxes across D.C. in recent days, and seemed
    straightforward enough. People who received it at the address where they
    live did not need to take further action -- that's where the ballot will be
    sent in the coming weeks. But it was flummoxing for people who need to
    update their address (if, for instance, they want the ballot forwarded
    elsewhere, or would be moving in the coming weeks) or want to let the
    elections board know the mailer was sent to someone who once lived at the
    address but is no longer there.

    The instructions prompt voters to fill out one half of the mailer, detach it
    from the other half, and send it back to the elections board. But some
    voters started noticing that in so doing, they'd be sending the board the
    part of the mailer that has no information identifying who it was sent to to
    begin with. That's because that information -- the recipient's name, address
    and a unique barcode -- is on the half of the mailer that isn't supposed to
    be sent back in. ...

    Terrible design by [the D.C. Board of Elections] that is going to cause a
    lot of problems. Do they not test/review these?'' tweeted Southwest D.C.
    resident Stacy Cloyd.

    Rachel Coll, a spokeswoman for the elections board, said in an email that
    problem was a ``design flaw'' from an outside vendor that produced the
    mailers. She said the board had already gotten at least 100 of the mailers
    back from voters with no issues, but the board was forced to tweet out new
    instructions on Wednesday. ...

    This isn't the first time the elections board has had issues with official
    documents it has mailed to voters. Earlier this year, the board sent new
    voter registration cards to more than 25,000 voters with the wrong primary
    date listed on them. In 2018, it failed to notify absentee voters that they
    had to include postage on their envelopes to send ballots back in. And in a
    particularly infamous error in 2014, the board sent out hundreds of
    thousands of official voter guides with an upside-down D.C. flag ---
    commonly known as a sign of distress -- on the cover.

    https://dcist.com/story/20/08/13/dc-elections-board-mailer-confusion/

    ------------------------------

    Date: Sat, 8 Aug 2020 10:00:38 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: Trump's lapdog Postmaster General wants to more than double costs
    for states to mail ballots to voters! Crooked through and through.

    https://lawandcrime.com/opinion/if-...e-that-could-be-an-unconstitutional-poll-tax/

    ------------------------------

    Date: Sat, 8 Aug 2020 23:24:37 -0600
    From: "Matthew Kruk" <mkr...@gmail.com>
    Subject: Unwanted Truths: Inside Trump's Battles With U.S. Intelligence
    Agencies (NYTimes)

    Last year, intelligence officials gathered to write a classified report on
    Russia's interest in the 2020 election. An investigation from the magazine
    uncovered what happened next.

    https://www.nytimes.com/2020/08/08/...tion=click&module=Top Stories&pgtype=Homepage

    ------------------------------

    Date: Sun, 9 Aug 2020 19:00:12 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: The quest to liberate $300,000 of bitcoin from an old ZIP file
    (Ars Technica)

    A few quintillion possible decryption keys stand between a man and his
    cryptocurrency.

    In October, Michael Stay got a weird message on LinkedIn. A total stranger
    had lost access to his bitcoin private keys -- and wanted Stay's help
    getting his $300,000 back.

    https://arstechnica.com/information...erate-300000-of-bitcoin-from-an-old-zip-file/

    https://www.wired.com/story/quest-to-liberate-bitcoin-from-old-zip-file/

    ------------------------------

    Date: Sun, 9 Aug 2020 10:50:07 PDT
    From: "Peter G. Neumann" <neu...@csl.sri.com>
    Subject: Risk of driving while Black in conjunction with computer risks

    [This was submitted by someone who did not want to be identified. PGN]

    An automated scanner recorded a vehicle's plate number but the scanner
    determines neither the issuing state nor the type of vehicle. The plate
    number was flagged because just the number matched a USA national list of
    stolen vehicles. Computer risk 1 is a device by design gathering less than
    the full set of data needed. In this case the police user of scanner data is
    allocated the task of checking the further details of the plate, i.e.,
    comparing the state on the theft report *Montana* with the state on the
    plate of the scanned vehicle *Colorado* and comparing the sort of vehicle on
    the report *motorcycle* with the vehicle observed *passenger car*. This
    design assumption is computer risk 2. The manual comparison reportedly did
    not occur. The driver said she asked the police to compare her name on her
    driver licence to her name on the car registration but the police continued
    to assume that the car was stolen. Perhaps the usual blind faith in the
    computer (risk 3).

    The woman's children, as young as six years, were in the car and were
    ordered to lie on the street facedown. Two were handcuffed. The family is
    black. The risk here is not a computer risk but rather being black while
    driving.

    https://www.denverpost.com/2020/08/04/aurora-police-handcuff-children-video/
    Note that the Denver Post newspaper's site does not allow using a private or
    incognito mode of a browser. It litters the browser with cookies, a file
    system, database storage, local storage, service workers. It will attempt to
    sign up the browser for notification spam.

    ------------------------------

    Date: Sun, 9 Aug 2020 15:24:20 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Why climate change is about to make your bad commute worse
    (WashPost)

    ``Everything that is built around you is built with some consideration for
    how much environmental exposure it's going to be able to tolerate,'' Chester
    explained. ``When it comes to roads, for example, the American Association
    of State Highway and Transportation Officials has guidelines that say
    asphalt should be engineered to withstand the hottest week on record during
    a certain historical period — say, 1970 and 2000. In Arizona,
    that might be 115 degrees, and in Chicago, it might be 105 degrees.''

    The problem is, thanks to climate change, past is no longer prologue.
    ``We're not going to shut off CO2 emissions overnight, so the climate is
    going to continue changing. The question is, by how much and in which
    direction?'' Chester said.

    ``Let's say you design a road in Chicago for the hottest week on record,
    which might be 105 degrees. Well, the hottest week going forward might be
    108 degrees, or it could be 120 degrees,'' he said.

    Faced with uncertainty, civil engineers can do little but guess. And the
    wrong guess could be costly.

    https://www.washingtonpost.com/loca...d97ba8-d5b6-11ea-aff6-220dd3a14741_story.html

    ------------------------------

    Date: Fri, 14 Aug 2020 09:35:20 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: Chrome will start hiding most of URLs, but you can opt-out -- AND
    YOU SHOULD!

    Google is moving ahead with what I've long considered to be a poorly-conceived
    plan to hide most of Chrome brower URLs by default. My original blog posts
    regarding this issue began two years ago, at:

    https://lauren.vortex.com/2018/07/10/chrome-is-hiding-url-details-and-its-confusing-people-already

    and you can read those posts to see my discussion of the problems involved
    with this move.

    The current situation is summarized in:

    Google resumes its attack on the URL bar, hides full addresses on Chrome 86

    https://www.androidpolice.com/2020/...-bar-hides-full-addresses-on-chrome-canary/#2

    The one saving grace is that reportedly (at least for now) a right click
    menu item will provide an opt-out for this behavior, and I'd urge you to
    take advantage of that opt-out when these versions of the browser reach
    you. Unfortunately, the users most at risk from this new default behavior
    are also probably the most unlikely to ever hear about this opt-out or use
    it.

    ------------------------------

    Date: Fri, 14 Aug 2020 16:09:31 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: How romance scams are thriving during quarantine

    https://www.theverge.com/21366576/dating-app-scams-romance-women-quarantine-coronavirus-scheme

    ------------------------------

    Date: Sun, 9 Aug 2020 20:27:17 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: No to Blockchain Credentials of COVID-19 Test Results for Entry to
    Public Spaces (EFF)

    An ill-conceived California bill endorses a blockchain-based system that
    would turn COVID-19 test results into permanent records that could be used
    to grant access to public places.

    https://www.eff.org/deeplinks/2020/...als-covid-19-test-results-entry-public-spaces

    ------------------------------

    Date: Sun, 9 Aug 2020 15:21:22 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Virginia launches contact-tracing app COVIDWISE using Apple, Google
    technology (WashPost)

    ``If enough Virginians use this app, we can identify cases early and slow
    the spread of this virus. We have to continue to fight #COVID19 from every
    possible angle -- COVIDWISE is another tool we have to protect ourselves,
    our families, and our communities during this pandemic.''

    The reaction:

    ``Not falling for this one? keep your tracker!'' read one response.

    ``Why would I willingly give the VDH permission to track who I have spent 15
    minutes with?'' read another, using the initials for the Virginia Department
    of Health. ``No thanks, Hard pass. I value both my privacy and liberty.''

    ``This is ridiculous,'' read yet another. ``Never gonna happen here.'' ...

    And yet, people are still refusing to put a slip of cloth over their faces
    because they'd rather make a political statement than protect the most
    vulnerable around them.

    They'd rather immediately dismiss an app as an invasion of their privacy
    than take a moment to consider that maybe it will help keep some people
    around them from getting sick or worse.

    https://www.washingtonpost.com/loca...-contain-coronavirus-cases-will-they-blow-it/

    ------------------------------

    Date: Mon, 10 Aug 2020 09:27:06 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: The nuclear mistakes that could have ended civilisation (bbc.com)

    https://www.bbc.com/future/article/20200807-the-nuclear-mistakes-that-could-have-ended-civilisation

    "From invading animals to a faulty computer chip worth less than a dollar,
    the alarmingly long list of close calls shows just how easily nuclear war
    could happen by mistake."

    ------------------------------

    Date: Mon, 10 Aug 2020 18:02:11 -0400
    From: Eric Sosman <eso...@comcast.net>
    Subject: Re: Omniviolence Is Coming and the World Isn't Ready (Nautilus)

    In RISKS 32.18, Richard Stein quotes Nautilus concerning the possibility
    of using bomb-carrying drones against populations: "A [mini-quadcopter]
    can carry a one-or two-gram shaped charge [...] You can drive up I-95
    with three trucks and have 10 million weapons attacking New York City."

    How much does it cost to acquire, program, and arm ten million drones?
    Perhaps the RISK here is not so much the damage New York might suffer,
    but the attackers' likely bankruptcy, plus the dangers inherent in
    fitting ten million bombs to ten million drones ...

    Maybe the lure of technological overkill (sorry) is not really a RISK, but a
    mitigation? Probably not: Attackers aren't *that* stupid, and will likely
    seek cheaper and deadlier weapons.

    ------------------------------

    Date: Sun, 9 Aug 2020 13:29:22 +0100
    From: A Michael W Bacon <amichae...@gmail.com>
    Subject: Re: Blackbaud breach (RISKS-32.18)

    Writing about the Blackbaud breach, Gabe Goldberg cites a notification email
    from "the Freedom Forum and our affiliates, the Newseum and the Freedom
    Forum Institute". I was amused by this part: 'Blackbaud is the global
    market leader in not-for-profit software, and their products are commonly
    used to manage relationships and communications with constituents and
    donors'; the style of which is (rather predictably) emerging as the excuse:
    "Don't blame us; they are the 'global market leader' so we didn't bother
    validating their security."

    ------------------------------

    Date: Sun, 9 Aug 2020 13:30:24 +0100
    From: A Michael W Bacon <amichae...@gmail.com>
    Subject: Re: City outage (RISKS-32.18)

    In 'Cyberattack causes Lafayette, CO city computer outage', Jim Reisert AD1C
    asks, "Does this mean that the attackers requested too little ransom for the
    key to unlock the data?"

    Maybe one should wonder whether the "kidnappers" are estimating the cost of
    the disruption and rebuilding, and asking below that figure to encourage
    payment.

    ------------------------------

    Date: Sun, 9 Aug 2020 13:31:32 +0100
    From: A Michael W Bacon <amichae...@gmail.com>
    Subject: Re: Beirut explosion (RISKS-32.18)

    Although details of the immediate events leading to the detonation of some
    2,750 tons of Ammonium Nitrate (AN) are unclear, and might remain so, some
    facts are established.

    The AN was unloaded from a Russian-owned ship the MV Rhosus, following the
    owner's inability to pay mooring and other fees. Out of Batumi, Georgia, in
    late September 2013 the Rhosus was loaded with AN and reportedly bound for
    Beira, Mozambique. The vessel stopped in Athens for some four weeks while
    the owner sought additional carbo to pay the fee for the Suez Canal. It then
    detoured to Beirut to pick up one such new cargo, road-making equipment.
    However, the 27-year old ship was poorly-maintained and the rusting deck
    hatches began to buckle under the weight of a road-roller. That cargo was
    then refused loading by the worried captain.

    Captain Prokoshev decided to head for Cyprus to sort things out with the
    owner, Cyprus-based Russian businessman, Igor Grechushkin. But before the
    MV Rhosus could set sail, the Lebanese authorities intervened and seized it
    on 4 February 2014, with unpaid bills reportedly totaling 100,000 USD.

    The aging Rhosus was by now taking on water that had to be bailed out every
    day. After a lengthy court process, the remaining crew closed all the
    compartments, locked them and handed the keys to immigration at the port,
    and Prokoshev and his colleagues left Beirut in September 2014, one year
    after the ship's arrival.

    Some [as yet unclear] time afterward, with the Rhosus deteriorating further
    and taking on more water, the authorities unloaded the cargo into a dockside
    warehouse, the port authorities of Beirut forbid the unloading or reloading
    of cargo from one vessel to another. Reportedly, the vessel subsequently
    sank, but its resting-place is unclear.

    Fast forward to 4 August 2020 and the currently revealed facts are that a
    fire was burning for some time near, on or in the warehouse, some flashes
    were observed, then there was the detonation. What started the fire remains
    speculation.

    The Lebanese government moved quickly to announce they would find whoever
    was responsible, but later began to raise the spectre of a deliberate attack
    by rocket or bomb ... possibly once they realised they were responsible for
    the AN being stored there.

    The ensuing denials of responsibility reminded me inversely (and perversely)
    of British Nuclear Fuel's claim following the 'Act of God' explosion in the
    late, great Douglas Adam's book, The Long Dark Teatime of the Soul.

    ------------------------------

    Date: Sat, 8 Aug 2020 13:58:23 +1000
    From: 3daygoaty <threed...@gmail.com>
    Subject: Re: Beirut Blast (RISKS-32.18)

    Nice back story covering a range of processes and risks that led to the
    blast.

    To me it looks like the judiciary failing to grant permission to move the
    chemical in a timely manner greatly increased the risk.

    https://www.bbc.com/news/extra/x2iutcqf1g/beirut-blast

    ------------------------------

    Date: Fri, 7 Aug 2020 21:01:04 -0400
    From: Steve Singer <s...@dedicatedresponse.com>
    Subject: Re: Tom's Hardware goes dark/side/ (RISKS-32.18)

    If one follows Forno's / Farber's link with NoScript enabled on Firefox, the
    following message appears:

    AD BLOCKER INTERFERENCE DETECTED

    Thank you for visiting this site. Unfortunately we have detected that you
    might be running custom adblocking scripts or installations that might
    interfere with the running of the site.

    We don't mind you running adblocker, but could you please either disable
    these scripts or alternatively whitelist the site, in order to continue.
    Thanks for your support!

    It's possible to work around this, but not worth the risk or bother to me.
    My Tom's Hardware bookmark: poof!

    ------------------------------

    Date: Mon, 10 Aug 2020 12:14:46 +0100
    From: David Damerell <dame...@chiark.greenend.org.uk>
    Subject: Re: When tax prep is free, you may be paying with your privacy.
    (Drewe, RISKS-32.18)

    He omits mentioning that around 2/3 of UK taxpayers never interact with the
    complications. Of the UK's circa 32 million taxpayers, only around 10
    million fill out tax returns. An ordinary employee has tax deducted and sent
    to HMRC by their employer, and has nothing to do save read their payslips.

    Furthermore, those 10 million are disproportionately likely to be wealthy
    (the criteria for self-assessment include earning over £100,000 per
    annum); and while legend may say the system here is the most complicated,
    I'm told by friends fortunate enough to be in that group that they do not
    find it difficult to fill out their own forms, whereas I understand the
    process is nightmarish in the US.

    Hence I think essentially no-one is being put in the position of being
    snooped on by "free" tax preparation services because they need a service
    but cannot afford it.

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-...@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    => SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    => SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    => SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    => The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    ==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.19
    ************************
     
    Last edited by a moderator: Aug 15, 2020
  10. LakeGator

    LakeGator Mostly Harmless Moderator

    4,813
    556
    368
    Apr 3, 2007
    Tampa
    Risks Digest 32.21

    RISKS List Owner

    Aug 21, 2020 8:24 PM

    Posted in group: comp.risks

    RISKS-LIST: Risks-Forum Digest Friday 21 August 2020 Volume 32 : Issue 21

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
    Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <The RISKS Digest> as
    <The RISKS Digest, Volume 32 Issue 21>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Groundbreaking new material 'could allow artificial intelligence to merge
    with the human brain' (The Independent)
    What would happen to Earth if humans went extinct? (Live Science)
    Would you like to live forever? (The Sun)
    A typo created a 212-story monolith in Microsoft Flight Simulator (Engadget)
    Microsoft Put Off Fixing Zero Day for 2 Years (Krebs on Security)
    "Driverless cars are coming soon." (The Telegraph)
    How Your Phone Is Used to Track You, and What You Can Do About It (NYTimes)
    Tokyo's latest attraction: Transparent public toilets (cnn.com)
    DC No Longer Has Online Voter Registration (DCist)
    GOP-led Senate panel details ties between 2016 Trump campaign and Russian
    interference (NYTimes)
    Trump's 2016 campaign chair was a 'grave counterintelligence threat'
    (WashPost)
    Postal Service backs down on changes as at least 20 states sue over
    potential mail delays ahead of election (CNN)
    America Has Two Feet. It’s About to Lose One of Them. (NYTimes)
    U.S. Secret Service buys location data that would otherwise need a warrant
    (Ars Technica)
    Booze and cruise providers are the latest to be hit by ransomware scourge
    (Ars Technica)
    Researchers Can Duplicate Keys from the Sounds They Make (Kottke)
    Bluetooth update could turn wearables into COVID-19 trackers (Engadget)
    USPS filed a patent for Blockchain voting system (Decrypt)
    Russian opposition leader Alexei Navalny 'poisoned' (BBC)
    Bottleneck for U.S. Coronavirus Response: The Fax Machine (NYTimes)
    U.S. COVID-19 and World War 2 mortality rates, interim comparison
    (Richard Stein)
    Israeli gargle trial gives COVID results in 1 sec., 95% accuracy
    (Henry Crun)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Mon, 17 Aug 2020 17:15:56 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Groundbreaking new material 'could allow artificial intelligence to
    merge with the human brain' (The Independent)

    Technology could enable new health diagnostics and achieve Elon Musk's
    goal of integrating with artificial intelligence

    Scientists have discovered a ground-breaking bio-synthetic material that
    they claim can be used to merge artificial intelligence with the human
    brain.

    The breakthrough, presented today at the American Chemical Society Fall
    2020 virtual expo, is a major step towards integrating electronics with the
    body to create part human, part robotic "cyborg" beings.

    Connecting electronics to human tissue has been a major challenge due to
    traditional materials like gold, silicon and steel causing scarring when
    implanted.

    Scars not only cause damage but also interrupt electrical signals flowing
    between computers and muscle or brain tissue. The researchers from the
    University of Delaware were able to overcome this after various types of
    polymers. [...]

    Material found by scientists 'could merge AI with human brain'

    ------------------------------

    Date: Mon, 17 Aug 2020 17:09:42 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: What would happen to Earth if humans went extinct? (Live Science)

    *Nature always finds a way*

    Deep within Guatemala's rainforest sits one of the most famous remnants of
    the *Maya* <The Maya: History, Culture & Religion | Live Science> civilization: a
    roughly 2,000-year-old citadel turned to ruins called *Tikal*
    <Tikal: Capital of Maya Civilization | Live Science>. When Alan
    Weisman hiked through the surrounding region, he discovered something
    fascinating along the way: "You're walking through this really dense
    rainforest, and you're walking over hills," said Weisman, author and
    journalist. "And the archaeologists are explaining to you that what you're
    really walking over are pyramids and cities that haven't been excavated."

    In other words, we know about sites like Tikal because humans have gone to
    great efforts to dig up and restore their remains. Meanwhile, countless
    other ruins remain hidden, sealed beneath forest and earth. "It's just
    amazingly thrilling how fast nature can bury us," Weisman told *Live
    Science*.

    This scene from the rainforest allows us a glimpse of what our planet could
    look like, if humans simply stopped existing. Lately, that idea has been
    especially pertinent, as the global COVID-19 *pandemic*
    <What is a pandemic? | Live Science> has kept people inside, and
    emboldened animals to return to our quieter urban environments -- giving us
    a sense of what life might look like if we retreated further into the
    background. Weisman, who wrote "The World Without Us" (Thomas Dunne Books,
    2007), spent several years interviewing experts and systematically
    investigating this question: What would happen to our planet -- to our
    cities, to our industries, to nature -- if humans disappeared?

    *A different kind of skyline*. [...]
    What would happen to Earth if humans went extinct? | Live Science

    ------------------------------

    Date: Mon, 17 Aug 2020 17:18:48 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Would you like to live forever? (The Sun)

    BIO-UPGRADABLE: Meet the super-rich biohackers turning into cyborgs
    with in-built armour and injecting teenagers' *blood* to stay young

    >From daily sessions in sub-zero cryo-chambers to stem cell injection and
    transfusions of teenagers' blood, their bizarre attempts to become
    superhuman have fueled a multi-million dollar industry.

    It may sound like something out of a sci-fi novel, but there's a growing
    band of Silicon Valley billionaires who believe they can achieve eternal
    life through *biohacking* -- the process of making alterations to your body
    to keep it younger.

    Netflix's new drama Biohackers, released on Thursday, (20 Aug) seizes on the
    terrifying trend by imagining a secretive lab where a young student, played
    by Luna Wedler, discovers a sinister experiment using the techniques on an
    entire town.

    Here we meet the real Silicon Valley biohackers - the men who want to be
    immortal. [...]

    Meet the super-rich ‘biohackers’ turning into cyborgs with in-built armour and injecting teenagers’ BLOOD to stay young

    ------------------------------

    Date: Fri, 21 Aug 2020 14:39:41 +0800
    From: Dan Jacobson <jid...@jidanni.org>
    Subject: A typo created a 212-story monolith in Microsoft Flight Simulator
    (Engadget)

    Flight Simulator users recently found an unusual landmark: a 212-story
    monolith towering over an otherwise nondescript suburb in Melbourne,
    Australia.

    After some sleuthing, the title's community found what had caused the tower
    to appear in Flight Simulator. When developer Asobo Studio built its
    detailed recreation of the globe, they pulled data from OpenStreetMap, a
    free map of the world to which anyone can contribute. About a year ago, a
    user named nathanwright120 added a tag that said this one building in
    Melbourne had 212 floors instead of two. Based on their other contributions,
    it appears the edit was a simple typo, not them trying to mislead
    anyone. The error was later corrected by another OpenStreetMap contributor,
    but not before it made its way into Flight Simulator.

    A typo created a 212-story monolith in ‘Microsoft Flight Simulator’

    ------------------------------

    Date: Mon, 17 Aug 2020 17:12:47 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Microsoft Put Off Fixing Zero Day for 2 Years (Krebs on Security)

    A security flaw in the way *Microsoft Windows* guards users against
    malicious files was actively exploited in malware attacks for two years
    before last week, when Microsoft finally issued a software update to correct
    the problem.

    One of the 120 security holes Microsoft fixed on the 11 Aug Patch Tuesday
    [NOTED IN RISKS-32.20. PGN] was CVE-2020-1464, a problem with the way every
    supported version of Windows validates digital signatures for computer
    programs.
    <Microsoft Patch Tuesday, August 2020 Edition — Krebs on Security>
    <{{windowTitle}}>

    Code signing <Code signing - Wikipedia> is the method of
    using a certificate-based digital signature to sign executable files and
    scripts in order to verify the author's identity and ensure that the code
    has not been changed or corrupted since it was signed by the author.

    Microsoft said an attacker could use this spoofing vulnerability to bypass
    security features intended to prevent improperly signed files from being
    loaded. Microsoft's advisory makes no mention of security researchers having
    told the company about the flaw, which Microsoft acknowledged was actively
    being exploited. [...]

    Microsoft Put Off Fixing Zero Day for 2 Years — Krebs on Security

    ------------------------------

    Date: Wed, 19 Aug 2020 22:16:44 +0100
    From: Chris Drewe <e76...@yahoo.co.uk>
    Subject: "Driverless cars are coming soon." (The Telegraph)

    Old news for RISKS readers, but just announced in the UK.

    Driverless cars are coming soon, and will bring a host of ethical and
    moral dilemmas with them

    Driverless cars are coming soon, and will bring a host of ethical and moral dilemmas with them

    A driverless future is not far away, but what are the implications for
    passengers and pedestrians?

    Whether drivers like them or not, autonomous cars are coming soon to a
    road near you. Well, actually, they are already here. Many modern
    vehicles have the ability to 'see' white lines, kerbs, pedestrians, other
    cars and obstacles, and can steer, brake and accelerate in accordance with
    the road and surrounding traffic. They already have all the hardware
    needed for Level 3 autonomy (although a software update would likely be
    needed before it could be fully activated) but legislation prohibits the
    use of it. Currently, a driver must be in control of the vehicle at all
    times regardless of how clever the vehicle's autonomous systems may be.
    That could be about to change. Ministers in the UK are considering plans
    that could see drivers being allowed to take their hands off the wheel in
    Level 3 autonomous cars, as early as next spring.

    This is what puzzles me. When I'm driving a car, the driving takes my full
    attention (I have to explain to passengers that my conversation may be a
    little erratic), whereas if I'm a passenger then I try to avoid looking at
    the road so as not to be a mental back-seat driver. If I'm riding in an
    autonomous vehicle, I would have difficulty in keeping close-enough
    attention to be able to take over instantly if needed. If I have a crash,
    who is liable?

    One example that springs to mind is if the car was approaching a red traffic
    light; I would initially assume that the car will stop, but if it doesn't, I
    may not realise until it's too late.

    ------------------------------

    Date: Fri, 21 Aug 2020 07:00:00 -0600
    From: "Matthew Kruk" <mkr...@gmail.com>
    Subject: How Your Phone Is Used to Track You, and What You Can Do About It
    (NYTimes)

    Smartphone location data, often used by marketers, has been useful for
    studying the spread of the coronavirus. But the information raises troubling
    privacy questions.

    How Your Phone Is Used to Track You, and What You Can Do About It

    ------------------------------

    Date: Tue, 18 Aug 2020 23:59:09 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: Tokyo's latest attraction: Transparent public toilets (cnn.com)

    Tokyo's latest attraction: Transparent public toilets

    Light valves control opacity electrically or optically. When not energized,
    the valve is dark.

    Energize the valve to expose the toilet interior when the door is unlocked.

    Lock the door to power-down the valve, and the walls darken in ~1-3 seconds.

    Not hard to imagine a lock bypass when occupied. There might be a backup
    interlock using an motion detector to defeat door lock shorts/bypasses.

    Doubt this prank would arise in Tokyo given civility and group cohesion.
    Regardless of culture or country, an uneventful bio-break should be a
    guaranteed human right.

    [Smart loos? What could possibly go wrong? PGN]

    ------------------------------

    Date: Tue, 18 Aug 2020 17:33:38 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: DC No Longer Has Online Voter Registration (DCist)

    But as Jackson, 27, tried to use the app and its companion portal online,
    neither would work. And he soon learned why: In a move that wasn't widely
    publicized, the D.C. Board of Elections recently discontinued the
    long-troubled app, killing the only means for residents to register online
    to vote in the process. ``I was just frustrated that there was no
    information online. There was no clear communication.''

    Election officials say the app was notoriously buggy and no longer
    reliable. And they concede it isn't likely that the elections board will be
    able to roll out a new app before the Nov. 3 election, potentially making it
    more difficult for new residents to register to vote or for existing voters
    to change their information. ``We are working to identify a new possible
    vendor, but significant testing would need to be done prior to launch, and
    we’re not sure this will be doable before the general [election],'' said
    Rachel Coll, a spokeswoman for the elections board, in an email. ``We're
    actively looking, though.''

    D.C. No Longer Has Online Voter Registration | DCist

    ------------------------------

    Date: Tue, 18 Aug 2020 14:02:54 PDT
    From: "Peter G. Neumann" <neu...@csl.sri.com>
    Subject: GOP-led Senate panel details ties between 2016 Trump campaign and
    Russian interference (NYTimes)

    G.O.P.-Led Senate Panel Details Ties Between 2016 Trump Campaign and Russia

    ------------------------------

    Date: Tue, 18 Aug 2020 09:14:28 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: Trump's 2016 campaign chair was a 'grave counterintelligence
    threat' (WashPost)

    Trump's 2016 campaign chair was a 'grave counterintelligence threat,' had
    repeated contact with Russian intelligence, Senate panel finds

    https://www.washingtonpost.com/nati...a7573e-e093-11ea-b69b-64f7b0477ed4_story.html

    ------------------------------

    Date: Tue, 18 Aug 2020 11:45:23 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: Postal Service backs down on changes as at least 20 states sue over
    potential mail delays ahead of election (CNN)

    USPS backs down on changes as at least 20 states sue - CNNPolitics

    ------------------------------

    Date: Wed, 19 Aug 2020 15:05:30 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: America Has Two Feet. It’s About to Lose One of Them. (NYTimes)

    For decades, U.S. metrologists have juggled two conflicting measurements for
    the foot. Henceforth, only one shall rule.

    America Has Two Feet. It’s About to Lose One of Them.

    [Who's going to foot the bill? Or, do we need a bill for the foot?
    Could this become a partisan issue in the U.S. Congress? PGN]

    ------------------------------

    Date: Tue, 18 Aug 2020 17:59:01 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: U.S. Secret Service buys location data that would otherwise need a
    warrant (Ars Technica)

    Agencies' ability to purchase any data on the open market is a big loophole.

    Secret Service buys location data that would otherwise need a warrant

    ------------------------------

    Date: Tue, 18 Aug 2020 17:53:48 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Booze and cruise providers are the latest to be hit by ransomware
    scourge (Ars Technica)

    Jack Daniel's distiller and Carnival cruise operator both warn of personal
    data theft.

    Booze and cruise providers are the latest to be hit by ransomware scourge

    ------------------------------

    Date: Wed, 19 Aug 2020 10:05:56 -0400
    From: Tom Van Vleck <th...@multicians.org>
    Subject: Researchers Can Duplicate Keys from the Sounds They Make (Kottke)

    Researchers Can Duplicate Keys from the Sounds They Make in Locks

    ------------------------------

    Date: Wed, 19 Aug 2020 12:44:19 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Bluetooth update could turn wearables into COVID-19 trackers
    (Engadget)

    Bluetooth update could turn wearables into COVID-19 trackers

    ------------------------------

    Date: Thu, 20 Aug 2020 9:03:54 PDT
    From: "Peter G. Neumann" <neu...@csl.sri.com>
    Subject: USPS filed a patent for Blockchain voting system (Decrypt)

    USPS blockchain voting patent not ready for primetime, experts say - Decrypt

    [This keeps getting sillier. PGN]

    ------------------------------

    Date: Thu, 20 Aug 2020 13:07:07 PDT
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: Russian opposition leader Alexei Navalny 'poisoned' (BBC)



    Why is this relevant to RISKS? Because the truth is a precursor to
    avoiding risks. Dissent into hell? PGN]

    ------------------------------

    Date: Fri, 21 Aug 2020 14:26:57 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Bottleneck for U.S. Coronavirus Response: The Fax Machine (NYTimes)

    Before public health officials can manage the pandemic, they must deal with
    a broken data system that sends incomplete results in formats they can't
    easily use.

    Bottleneck for U.S. Coronavirus Response: The Fax Machine

    Doesn't mention eFax and similar services which at least eliminate paper
    mountains. But they cost $ for these volumes. GG

    ------------------------------

    Date: Tue, 18 Aug 2020 17:40:53 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: U.S. COVID-19 and World War 2 mortality rates, interim comparison

    [Note: I undertook this historical comparison out of curiosity. I am not
    an epidemiologist. The calculations yield average mortality rate measures
    based on accumulated public epidemiological reports and historical US
    government sources.]

    COVID-19 represents a mortal threat, analogous to an enemy combatant in
    battle.

    nUS involvement in World War 2, per Congressional Research Service (see
    https://fas.org/sgp/crs/natsec/RL32492.pdf), identifies 291,557 battle
    deaths between 07DEC1941 and 14AUG1945 (192 weeks and 2 days). Total deaths
    are much higher: 405,399 (which includes 113,842 "Other Deaths" arising from
    accidents, disease, and infections).

    The arithmetic yields: 291,557 battle deaths/192.29 weeks ~= 1516 battle
    deaths per week.

    Since 22JAN2020 until 18AUG2020 (29 weeks, 6 days), Johns Hopkins
    (https://coronavirus.jhu.edu/data/new-cases active since 22JAN2020, see
    US tracker) reports 170,584 deaths from COVID-19.

    These casualty rate figures shock my senses.

    Consider the reporting time interval ratio (COVID-19 29.86 weeks/WW2
    192.29 weeks) ~= 0.16, or ~1/6th the total duration of World War 2.

    The ratio of COVID-19 to WW2 battle deaths per week: 5712/1516 ~= 3.77.

    The casualty rate ratio shatters my senses!

    Without a viable and effective vaccine, the US COVID-19 casualty risk will
    accumulate until effective disease prophylactic measures are adopted and
    applied with civility.

    ------------------------------

    Date: Tue, 18 Aug 2020 13:58:05 +0300
    From: Henry Crun <mi...@rechtman.com>
    Subject: Israeli gargle trial gives COVID results in 1 sec., 95% accuracy

    Championing it as instant, cheap and reliable, innovators at Israel's
    largest hospital say their invention could become the world's standard COVID
    screening method.

    [No source given. PGN]

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-...@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    => SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    => SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    => SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    => The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    ==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.21
    ************************
     
    Last edited by a moderator: Aug 22, 2020
  11. LakeGator

    LakeGator Mostly Harmless Moderator

    4,813
    556
    368
    Apr 3, 2007
    Tampa
    Risks Digest 32.22

    RISKS List Owner

    Aug 24, 2020 5:45 PM

    Posted in group: comp.risks

    RISKS-LIST: Risks-Forum Digest Monday 24 August 2020 Volume 32 : Issue 22

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
    Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <The RISKS Digest> as
    <The RISKS Digest, Volume 32 Issue 22>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Why Does California Have So Many Wildfires?
    Lithium-ion battery caused Loudoun Co. house fire, nearly $1M in damages
    (WTOP)
    Depth of White House tampering with Postal Service revealed (NYTimes)
    Washington Postal workers defy USPS orders and re-install mail sorting
    machines (Forbes)
    Windows 10 v.2004 messes with Windows Credentials Manager (Gabe Goldberg)
    On-line banking errors revisited (Jared Gottlieb)
    How One Man Broke Through Google's Election Ad Defenses (WiReD)
    Google also blurs power tower ID plate (Dan Jacobson)
    Date and time synchronization (Paul Robinson)
    DiceKeys Creates a Master Password for Life With One Roll (WiReD)
    Re: Driverless cars are coming soon (A Michael W Bacon, Bob Wilson)
    Re: Groundbreaking new material 'could allow artificial intelligence to
    merge with the human brain' (Richard Stein)
    Re: How Your phone is used to track you, and what you can do about
    (Amos Shapir)
    Re: Saliva Test for Covid-19 (Peter Bernard Ladkin)
    Re: Israeli gargle trial gives COVID results in 1 sec., 95% accuracy
    (John Levine)
    Re: U.S. COVID-19 and World War 2 mortality rates, interim comparison
    (Henry Baker, Richard Stein)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Mon, 24 Aug 2020 8:27:30 PDT
    From: "Peter G. Neumann" <neu...@csl.sri.com>
    Subject: Why Does California Have So Many Wildfires? (NYTimes)

    Kendra Pierre-Louis and John Schwartz, *The New York Times, 22 Aug 2020
    Why Does California Have So Many Wildfires?
    [NOTE: This article appeared originally in 2018. It was just updated.
    PGN-ed]

    There are four key ingredients to the disastrous wildfire seasons
    in the West, and climate change figures prominently.

    ------------------------------

    Date: Sun, 23 Aug 2020 23:39:15 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Lithium-ion battery caused Loudoun Co. house fire, nearly $1M in
    damages (WTOP)

    The Loudoun County fire marshal determined a faulty lithium-ion battery in a
    remote-control car started a fire in Aldie, Virginia, on Friday that
    displaced a family of four and caused almost a million dollars in damages.

    The flames began at about 7 p.m. in the 25000 block of Trilobite Court.

    Fire and rescue crews from Kirkpatrick Farms, Dulles South, Aldie,
    Brambleton, Moorefield, Sterling and Fairfax County were dispatched. One
    person suffered minor injuries and about $958,000 of damage was caused, the
    fire department said.

    Lithium-ion batteries power many everyday devices, including smartphones,
    laptops, scooters, toys, even cars.

    Care should be taken when using them to avoid a fire or explosion, according
    to authorities.

    Lithium-ion battery caused Loudoun Co. house fire, nearly $1M in damages | WTOP

    ------------------------------

    Date: Sat, 22 Aug 2020 18:16:02 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: Depth of White House tampering with Postal Service revealed
    (NYTimes)

    Mnuchin Paved Way for Postal Service Shake-Up

    ------------------------------

    Date: Sat, 22 Aug 2020 18:19:00 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: Washington Postal workers defy USPS orders and re-install mail
    sorting machines (Forbes)

    Washington Postal Workers Defy USPS Orders And Reinstall Mail Sorting Machines

    ------------------------------

    Date: Sun, 23 Aug 2020 20:24:07 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Windows 10 v.2004 messes with Windows Credentials Manager

    Windows 10 comes with a feature called `Credentials Manager' that stores
    your sign-in information for websites, apps, and also networks, including
    the VPN connections. Windows Credentials feature isn't new and it's been
    around for a long time, and it is designed to save your login usernames and
    passwords.

    Windows 10 version 2004 has a bug that interferes with Credentials Manager
    and it breaks Chrome, Edge, Windows apps, or VPN's ability to authenticate
    users or let them sign in to their accounts. Users have also reported that
    they are being logged out of their browser or apps every time they restart
    their computers.

    Windows 10 2004 messes with Windows Credentials Manager

    ------------------------------

    Date: Sat, 22 Aug 2020 23:06:40 -0600
    From: jared gottlieb <ja...@netspace.net.au>
    Subject: On-line banking errors revisited

    In 2006 the risk of on-line banking at the customer level included typos in
    the payee account number, The RISKS Digest, Volume 24 Issue 43

    Nowadays the scenario is fraud. Alice wants to make a payment to Bob. Eve
    spoofs an e-mail to Alice giving Eve's account details instead of Bob's. To
    address this problem of *Authorised Push Payment fraud* the UK introduced
    *Confirmation of Payee* which is an account name-checking service. That is,
    Alice when making the transfer, in addition to Bob's banking details, must
    also supply Bob's name.

    A risk of name-matching is reported in the Guardian:
    Spelling out the problems as banks' name-checker rejects vital payments.

    ``Personal and company names can be written in a variety of formats,
    including initials, middle names, hyphens and ampersands. People who are
    known by a nickname or middle name in day-to-day life are likely to have
    their legal name on their bank accounts, and the trading name of a firm is
    not always the same as the account name. Systems should be flexible enough
    to recognise a broad match with the account number. [...] it's up to banks
    how they implement matching criteria, and some are stricter than others.''

    The newspaper investigated a payment rejected with a message *name does not
    match*. The sending bank used a different format than the receiving bank
    expected; in this case, placement of a comma.

    ------------------------------

    Date: Sun, 23 Aug 2020 21:05:47 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: How One Man Broke Through Google's Election Ad Defenses (WiReD)

    A Long Island search marketer found a way to exploit Google search ads and
    spread misinformation about candidates. The company pledges to fix the
    issue.

    How One Man Broke Through Google's Election Ad Defenses

    ------------------------------

    Date: Sat, 22 Aug 2020 22:37:23 +0800
    From: Dan Jacobson <jid...@jidanni.org>
    Subject: Google also blurs power tower ID plate

    Here we see Google's
    "Method for detecting and blurring plate number in street view image rapidly"
    CN102831419B - Method for detecting and blurring plate number in street view image rapidly - Google Patents
    is a double edged sword, also accidentally blurring some power tower ID
    plates. Potentially hindering rescue operations:
    Google Maps

    ------------------------------

    Date: Mon, 24 Aug 2020 01:29:23 +0000 (UTC)
    From: Paul Robinson <rfc...@yahoo.com>
    Subject: Date and time synchronization

    "Then you're in trouble. The computer has a long memory."
    Dr. Charles Dutton (David Wayne), "The Andromeda Strain" (1971)

    And so do I. In an article I wrote in Risks, Volume 16, Issue 70, dated 03
    Jan 1995 titled "Dates and Times Not Matching in COBOL" I discussed problems
    with date and time synchronization, i.e., if you collect time in one call
    and date in another, how do you prevent the possibility of the date changing
    after the time call is made (or the reverse, the time changing after the
    date was collected) because of the clock / date rollover at exactly
    midnight?

    The easiest answer is never to run jobs at midnight, but as the saying goes,
    "Every hour of the day, somewhere it's midnight." (And more than this for
    the time zones that advance 1/2 an hour.) This may not be an option and you
    have to prepare for the possibility, in systems where a request for time and
    date are not a single, atomic operation, there is a small probability that
    the date could roll over to the next day between the time request and the
    date request. Even if the probability is minuscule.

    In my 1995 article I pointed out how, even then, in interpreted Basic on an
    80386DX 40MHZ MSDOS machine, it could make over 3,000Ѓ date/time requests in
    one second. In Turbo Pascal 6, it could do over 6,000, meaning if this
    program was run near midnight every day for eight years (for the Basic
    program) or for 16 years (for the compiled program), odds are a date/time
    synchronization failure might happen once.

    Let'sЃ say once in 16 years isn't good enough, it has to be pacemaker or
    nuclear plant reliable, it can't ever fail. We have to make it that this
    solution must be absolutely perfect. And we can.

    The person I was replying to was worried, that if you wanted
    certainty. you'd have to keep doing date/time requests in a loop. I have
    since thought of this, and came up with a solution, which requires no
    looping, requires one date request, one time request, one comparison, and
    possibly a second date and time request. And the two will be
    synchronized. And I'll prove it, not just "beyond a reasonable doubt" as is
    required for criminal convictions, but "beyond a shadow of a doubt,"
    i.e., to an absolute certainty.

    The assumptions are that a time request, a date request, and a comparison
    and branch can all be done in a reasonable period, e.g., completed within
    one minute (a typical computer would do all of this in probably less than
    1/1000 of a second).

    Here is the procedure:
    1. Get time.
    2. Get date.
    3. If the hour is not 11 (for systems that preformat time to AM/PM) or is
    not 23, exit procedure, date and time are synchronized and nothing more
    needs to be done.
    4. Get the time again
    5. Get the date again.
    6. If the hour is the same as the first time, use the first time and date,
    exit, time and date are synchronized.
    7. Use the second time and date. They are synchronized.

    Why this procedure is absolutely bulletproof:

    In step 3, if the time isn't 11 (or isn't 23), the date cannot be anything
    but the same as the one when the time was collected, so the date and time
    are synchronized.

    In step 6, if the hour is the same in the first and second request, we use
    the first time and date request, since the day has not changed between the
    previous day request and this time. But the date could have changed after
    the second request for the time, so we don't use the second one.

    In step 7, the hour has changed, but it's no longer 11 (or 23), so the
    second date cannot have changed after the second time request (but it could
    have changed after the first time request), so we use the second time and
    date request.

    No looping, a simple integer (or 2 character) comparison, in most cases only
    1 request for date and time, and in any case, we can know with not just
    confidence, but with absolute certainty it's right.

    It doesn't get any better than that.

    ------------------------------

    Date: Sat, 22 Aug 2020 19:56:33 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: DiceKeys Creates a Master Password for Life With One Roll (WiReD)

    A new kit leaves your cryptographic destiny up to 25 cubes in a plastic box.

    Modern cybersecurity, done with properly paranoid best practices, requires
    meeting some tough demands: Carry a physical two-factor key to plug in and
    authenticate yourself on a new computer, but if you lose or break that tiny
    piece of plastic you could be locked out of your accounts. Use different,
    totally unguessable passwords for every website, without repeating them or
    writing them down. And even if you opt for a password manager -- as you
    should -- you'll need to remember a long master password for years, or risk
    losing access to the rest of them.

    Or you could reduce all of that complexity to a single roll of 25 dice into
    a plastic box. This week Stuart Schechter, a computer scientist at the
    University of California, Berkeley, is launching DiceKeys, a simple kit for
    physically generating a single super-secure key that can serve as the basis
    for creating all the most important passwords in your life for years or even
    decades to come. With little more than a plastic contraption that looks a
    bit like a Boggle set and an accompanying web app to scan the resulting dice
    roll, DiceKeys creates a highly random, mathematically unguessable key. You
    can then use that key to derive master passwords for password managers, as
    the seed to create a U2F key for two-factor authentication, or even as the
    secret key for cryptocurrency wallets. Perhaps most importantly, the box of
    dice is designed to serve as a permanent, offline key to regenerate that
    master password, crypto key, or U2F token if it gets lost, forgotten, or
    broken.

    ‘DiceKeys’ Creates a Master Password for Life With One Roll

    [One key for life? And if it is compromised, there goes your life? PGN]

    ------------------------------

    Date: Sat, 22 Aug 2020 09:27:22 +0100
    From: A Michael W Bacon <amichae...@gmail.com>
    Subject: Re: Driverless cars are coming soon (RISKS-32.21)

    On the day RISK-32.21 arrived in my inbox, *The Daily Telegraph* carried a
    letter commenting that the state of [many of] the UK's roads provides the
    chief obstacle to the [safe and effective] deployment of driverless
    vehicles. [My qualifications.]

    The writer points out that: "The system relies on clear road markings њфту but
    temporary ones are left in place long after road works are finished; surface
    repairs obscure them, and inner-lane markings are worn out by heavy goods
    vehicles."

    These aspects are blindingly evident to all observant drivers, but not, it
    seems, to politicians and civil servants.

    But then, an ever-present risk is that those in government live in, see and
    experience an entirely different world to the rest of us.

    ------------------------------

    Date: Sat, 22 Aug 2020 13:26:49 -0500
    From: Bob Wilson <wil...@math.wisc.edu>
    Subject: Re: Driverless cars are coming soon (RISKS-32.21)

    I want to agree with Chris Drewe and push a little further, where he says
    "When I'm driving a car, the driving takes my full attention..." Years ago
    I had a competition license entitling me to drive in certain sports car
    races. I knew that on the track my full time job was driving. I also knew
    that on the track I was a lot safer than on the public roads: Not only was I
    wearing fire-resistant clothing all over, but my car had been inspected for
    safety before I was allowed on to the track. In some ways even more
    important was the fact that I could believe all the other drivers knew their
    100% full-time job was driving. (And also that they, like me, had passed
    real exams, not like the toy ones for state driver's licenses, and their
    cars had also been inspected, and that all around the track flags were being
    used to tell me of conditions around the next corner...) I have always told
    my family and anyone else riding with me that my attention was first and
    foremost on my driving, and that I might well go silent in the midst of a
    conversation, and if I did they should consider what was going on around us.

    But cars these days are being built expressly to pull us away from safety.
    Yes, lots of neat safety features. But *infotainment* systems are being sold
    both as ways to protect us if we don't pay enough attention, so letting us
    think it is OK not to pay attention, and as ways to entertain us and thus
    make sure we don't pay attention. Competition between car makers to see who
    can provide us the most distraction moves the industry in exactly the wrong
    direction!

    ------------------------------

    Date: Sat, 22 Aug 2020 12:58:13 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: Re: Groundbreaking new material 'could allow artificial
    intelligence to merge with the human brain' (RISKS-32.21)

    "Could" is the operative word.

    In The RISKS Digest, Volume 31 Issue 18, a summary of FDA MAUDE
    reports on product codes for implanted deep brain stimulation devices is
    given for the period 01JAN2017-31MAR2019.

    Coupling signal processing hardware and software to a high-voltage battery
    with electrodes, and implantation, may yield unexpected and unpleasant
    outcomes.

    Deaths, injuries, and malfunctions characterize implanted medical device
    report events. Inappropriate shocks constitute one type of device life cycle
    event tracked by the FDA's Total Product Life Cycle tools
    (TPLC - Total Product Life Cycle). Heart
    implants (defibrillators and pacemakers) are also known to generate
    inappropriate shock events.

    When a therapeutic shock is delivered to living tissue, it cauterizes in
    place at the tissue-electrode interface. The tissue's impedance changes
    which can affect programmed therapeutic prescription. The electrode-tissue
    cauterization process is sometimes described by the term "electrode
    seasoning."

    An adjustment -- usually in a doctor's office -- is performed to correct
    device over-sense or under-sense conditions that arise from seasoned
    electrode exposure.

    This MAUDE MDR URL:
    https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfmaude/detail.cfm?mdrfoi__id=10049073&pc=MFR
    (06MAY2020
    was the reported event date) describes an implanted
    neuro-stimulator (ins) malfunction event. Typical medical device report
    event description (submitted by a Medtronic representative to MAUDE on
    12MAY2020 and published in MAUDE on 01JUN2020):

    "It was reported that the ins was showing less than 3 months battery
    lifetime with battery level at 82% after 3 weeks being implanted. Device
    explant was scheduled, but had not been performed yet. The patient had about
    40% symptom relief for their obsessive compulsive disorder (ocd). There
    were high impedances on the left side in a range of 5000-8000 ohms on all
    pairs involving contact 0 and monopolar contact 0. Monopolar impedance c/11
    on the right side was also high at 2122 ohms. At the time of this report,
    the patient was programmed at 3.0 ma, 120 usec pulse-width (pw) and 160 hz
    on left side and 3.4 ma, 120 usec pw, and 160 hz on the right side."

    Battery depletion from severe electrode seasoning likely prevented
    therapeutic stimulus application at the pre-programmed current and
    pulsewidth duration. More worrisome, from a patient quality of life
    perspective, is this report language: "Device explant was scheduled, but had
    not been performed yet." This means extraction from the patient -- more
    surgery -- is likely. Possibly the device and electrodes, will be replaced
    with a new model and electrodes at a new location(s), depending on patient
    illness, long-term prognosis, and available alternative therapies.

    Palliating OCD symptoms with an INS is a relatively new application.

    A *miracle material* for implanted electrodes might mitigate impedance
    changes by minimizing or eliminating tissue cauterization altogether. Every
    patient will welcome fewer unplanned trips to the doctor, emergency room, or
    avoid device explantation due to malfunction or injury.

    ------------------------------

    Date: Sat, 22 Aug 2020 17:40:36 +0300
    From: Amos Shapir <amo...@gmail.com>
    Subject: Re: How your phone is used to track you, and what you can do about
    it (RISKS-32.21)

    What privacy? We never had it on the Net, and even less on smartphones.

    Last month, Israel's Knesset had approved a law which enables Shabak
    (General Security Service, parallel to UK's MI5 and USA's Homeland Security)
    to use phone location data for tracking COVID-19 carriers and people who
    came into contact with them.

    An application was ready for download (voluntary, so far) the next day.
    This fact, as well as the swiftness in passing the law, indicate that Shabak
    has had the ability to do this -- and probably has been already doing this
    covertly for a long time now; and that MK's are well aware of this.

    ------------------------------

    Date: Sat, 22 Aug 2020 11:02:36 +0200
    From: Peter Bernard Ladkin <lad...@causalis.com>
    Subject: Re: Saliva Test for Covid-19 (RISKS-32.21 Item 22)

    It might mean this. Reuters reports on 2020-08-13 on initial testing of a
    saliva test for CoVid-19 at Sheba Medical Center.
    Israeli hospital trials super-quick saliva test for COVID-19
    The device has been developed by company Newsight Imaging. The device
    irradiates a sample using EM of the wavelength of light, and the results are
    analysed. "Machine learning" is used to improve the analysis. No other
    technical details are given.

    "The center said in an initial clinical trial involving hundreds of
    patients, the new artificial intelligence-based device identified evidence
    of the virus in the body at a 95% success rate." -- whatever a "95% success
    rate" means.

    There are already saliva tests for Covid-19, five of them authorised by the
    US FDA under EUA. Yale University has developed one called SalivaDirect,
    which received a EUA from the FDA on August 15 or before
    Coronavirus (COVID-19) Update: FDA Issues Emergency Use Authorization to Yale School of Public Health for SalivaDirect, Which Uses a New Method of Saliva Sample Processing

    A report on SalivaDirect can be found at
    COVID-19 Spit Tests Used by NBA Are Now Authorized by FDA

    Most of them chemically manipulate the saliva constituents. The Israeli test
    appears not to do so.

    ------------------------------

    Date: 22 Aug 2020 22:28:55 -0400
    From: "John Levine" <jo...@iecc.com>
    Subject: Re: Israeli gargle trial gives COVID results in 1 sec., 95% accuracy
    (Rechtman, RISKS-32.21)

    July report in Jerusalem Post:
    Sheba to test ‘less-than-one-second’ coronavirus detection technology

    Reuters report:
    Israeli hospital trials super-quick saliva test for COVID-19

    Times of Israel story:
    In trial, Israeli gargle test gives COVID results in 1 second, at 95% accuracy

    They say it's in tests, seems promising.. The machine shines light through
    the sample and its "spectral signature" is compared with a profile that
    seems to be generated by machine learning from prior samples from infected
    and uninfected people. Each test costs about 25c (US), machine costs a few
    hundred.

    I can't tell whether this is real or just gobbledygook. The Sheba Medical
    Center where they're testing it is real, machines are made by Newsight
    Imaging, a local startup. The hyperspectral imaging technology is not new
    but the implementation in an inexpensive chip is.

    ------------------------------

    Date: Fri, 21 Aug 2020 17:57:08 -0700
    From: Henry Baker <hba...@pipeline.com>
    Subject: Re: U.S. COVID-19 and World War 2 mortality rates, interim
    comparison (Stein, RISKS-32.21)

    That disease kills more than war isn't at all new or surprising. The
    'Spanish Flu' in 1918-19 killed more world-wide than did WWI itself.
    Wikipedia says "Of those who died [in the U.S. Civil War], by far the
    leading cause of death was disease."

    It now appears that the diseases brought to the 'New World' by Columbus &
    successors killed far more Native Americans than any battles -- perhaps 90%
    of the Native American population circa 1500 may have been wiped out by
    European diseases by ~1700.

    In more ancient times, even Ghengis Khan's mass murders and genocide
    couldn't kill as fast as a garden-variety epidemic.

    ------------------------------

    Date: Sat, 22 Aug 2020 09:59:10 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: U.S. COVID-19 and World War 2 mortality rates, interim comparison
    (Baker, RISKS-32.22)

    Agreed. The estimated pandemic v. war death rate multiplier was
    heartbreaking to calculate. Proactive public health measures, when widely
    embraced by a population, can effectively mitigate pandemics.

    The mosquito has been, and remains, humankind's supreme mortal enemy.
    Timothy Winegard's "The Mosquito: A Human History of Our Deadliest Predator"
    testifies to their evolutionary effectiveness as a killer.

    I wonder what will become of Florida's release of a genetically engineered
    mosquito to combat dengue?
    Florida Approves Mosquito Release to Curb Spread of Viruses

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-...@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    => SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    RISKS Info Page

    => SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    => SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    => The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <riskinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    => OFFICIAL ARCHIVES: The RISKS Digest takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    The RISKS Digest --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: The RISKS Forum Mailing List (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    ==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <Join ACM>

    ------------------------------

    End of RISKS-FORUM Digest 32.22
    ************************
     
    Last edited by a moderator: Aug 26, 2020
  12. LakeGator

    LakeGator Mostly Harmless Moderator

    4,813
    556
    368
    Apr 3, 2007
    Tampa
    Risks Digest 32.23

    RISKS List Owner

    Aug 25, 2020 8:05 PM

    Posted in group: comp.risks

    RISKS-LIST: Risks-Forum Digest Tuesday 25 August 2020 Volume 32 : Issue 23

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
    Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <The RISKS Digest> as
    <The RISKS Digest, Volume 32 Issue 23>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Grading by algorithm results in UK debacle (Adam Satariano)
    Surge staff and electronic records (Health in AU)
    Commissioner of FDA admits he provided false information about COVID-19
    treatment (MedicalXpress)
    Profs and loss - China is killing academic freedom in Hong Kong China
    (The Economist)
    A Chrome feature is creating enormous load on global root DNS servers
    (Ars Technica)
    Mike Godwin, the Creator of Godwin's Law, Is Suing Trump Over His TikTok
    Executive Order (Reason.com)
    COVID-19 When Less is More (The Atlantic)
    Re: Fiddling with the environment (A Michael W Bacon)
    Re: Driverless cars are coming soon followup (Peter Houppermans)
    Re: Date and time synchronization (Terje Mathisen)
    Re: Washington Postal workers defy USPS orders and re-install mail,
    sorting machines (Jack Christensen)
    Re: Dicekeys (Arthur T.)
    Re: Why Does California Have So Many Wildfires? (Henry Baker)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Tue, 25 Aug 2020 15:55:05 PDT
    From: "Peter G. Neumann" <neu...@csl.sri.com>
    Subject: Grading by algorithm results in UK debacle (Adam Satariano)

    Adam Satariano, *The New York Times*, National Edition, 21 Aug 2020
    (60% of Page A10, PGN-ed)

    *Automation pitfalls hit poor hardest.
    Scores are thrown out, but damage is already done.*

    The British government used a computer-generated score to replace exams that
    were canceled due to Covid-19. This resulted in nearly 40% of students in
    England having their earned A-level exam grades lowered. By the time the
    policy was changed, many students had lost their accepted university slots.
    The new score ``included in its calculations a school's past performance on
    tests and a student's earlier results on `mock' exams.''

    ``Critics say the experience shows the risks ahead as more sophisticated
    tools like artificial intelligence become available and companies pitch them
    to public agencies.''

    [My own oversimplified summary is that this seems to have been another
    risk of government oversimplification, bordering on a combination of
    naivety, stupidity, and possible political motives. A colleague suggests
    that this is because the government was horribly afraid that students
    might get marks they *didn't deserve* -- preferring to throw away any
    actual data from the schools, and just manufacture a curve. Although not
    really addressed in Satariano's article, the new score seems to have been
    a reaction to the loss of international students resulting from COVID-19.
    But it is also just one more example of a short-sighted policy that
    trusted an artificially questionable algorithm to replace human
    intelligence. Furthermore, The effects on disadvantaged students have
    been very profound. PGN]

    ------------------------------

    Date: Tue, 25 Aug 2020 11:40:20 +1000
    From: James Cameron <qu...@laptop.org>
    Subject: Surge staff and electronic records (Health in AU)

    At an aged care facility in Sydney, pandemic surge staff did not know how to
    use the electronic resident-record system, which led to diminished care both
    inside the facility and by local doctors outside the facility.

    https://www.health.gov.au/sites/def...-outbreak-independent-review-final-report.pdf
    (page 21)

    ------------------------------

    Date: Tue, 25 Aug 2020 09:59:02 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: Commissioner of FDA admits he provided false information about
    COVID-19 treatment (MedicalXpress)

    https://medicalxpress.com/news/2020-08-health-touting-false-plasma.html

    ------------------------------

    Date: Tue, 25 Aug 2020 08:29:42 +0900
    From: far...@gmail.com
    Subject: Profs and loss - China is killing academic freedom in Hong Kong
    China (The Economist)

    https://www.economist.com/china/2020/08/23/china-is-killing-academic-freedom-in-hong-kong

    ------------------------------

    Date: Tue, 25 Aug 2020 12:33:43 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: A Chrome feature is creating enormous load on global root DNS
    servers (Ars Technica)

    A Chrome feature is creating enormous load on global root DNS servers
    A Chrome feature is creating enormous load on global root DNS servers

    Chromium's impact on root DNS traffic
    https://blog.apnic.net/2020/08/21/chromiums-impact-on-root-dns-traffic/

    ------------------------------

    Date: Tue, 25 Aug 2020 16:38:44 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Mike Godwin, the Creator of Godwin's Law, Is Suing Trump Over
    His TikTok Executive Order (Reason.com)

    Godwin: "I know what moral panics look like; they look kind of like this."

    Mike Godwin, the Creator of Godwin's Law, Is Suing Trump Over His TikTok Executive Order

    ------------------------------

    Date: Mon, 24 Aug 2020 22:28:23 -0400
    From: Sheldon <sheldo...@gmail.com>
    Subject: COVID-19 When Less is More (The Atlantic)

    The Plan That Could Give Us Our Lives Back

    The Plan That Could Give Us Our Lives Back

    The U.S. has never had enough coronavirus tests. Now a group of
    epidemiologists, economists, and dreamers is plotting a new strategy to
    defeat the virus, even before a vaccine is found.

    ... In the past several weeks, he [Michael Mina, a professor of epidemiology
    at Harvard], has become an evangelist for a total revolution in how the
    U.S. controls the pandemic. Instead of restructuring daily life around the
    American way of testing, he argues, the country should build testing into
    the American way of life.

    The wand that will accomplish this feat is a thin paper strip, no longer
    than a finger. It is a coronavirus test. Mina says that the U.S. should
    mass-produce these inexpensive and relatively insensitive tests -- unlike
    other methods, they require only a saliva sample -- in quantities of tens of
    millions a day. These tests, which can deliver a result in 15 minutes or
    less, should then become a ubiquitous part of daily life. Before anyone
    enters a school or an office, a movie theater or a Walmart, they must take
    one of these tests. Test negative, and you may enter the public space. Test
    positive, and you are sent home. In other words: Mina wants to test nearly
    everyone, nearly every day.

    The tests Mina describes already exist: They are sitting in the office of
    e25 Bio, a small start-up in Cambridge, Massachusetts; half a dozen other
    companies are working on similar products. But implementing his vision will
    require changing how we think about tests. These new tests are much less
    sensitive than the ones we run today, which means that regulations must be
    relaxed before they can be sold or used. Their closest analogue is rapid
    dengue-virus tests, used in India, which are manufactured in a quantity of
    100 million a year. Mina envisions nearly as many rapid COVID-19 tests being
    manufactured a day. Only the federal government, acting as customer and
    controller, can accomplish such a feat. [...]

    [Companies in India have developed a fancier version of a standalone
    COVID-19 test which is being sold for 450 rupees ($6). This test uses the
    swab up the nose until you sneeze and has a nice cassette and is harder to
    use than the test from e25 bio. About half the tests in India use these $6
    antigen tests. Sadly, there's a fair amount of push back on using these
    tests rather than PCR.] There is no way that school kids will tolerate a
    daily swab up your nose until you scream.

    To begin to learn more start at rapidtests.org.

    ------------------------------

    Date: Tue, 25 Aug 2020 08:37:35 +0100
    From: A Michael W Bacon <amichae...@gmail.com>
    Subject: Re: Fiddling with the environment (Stein, RISKS-32.22)

    In RISKS-32.22, Richard Stein wonders what will become of Florida's release
    of a genetically engineered mosquito intended to combat Dengue Fever.

    It's likely that the law of unintended consequences will have effect, and
    that with the clarity of hindsight many will say the effect was totally
    predictable.

    [With Greenland undergoing massive irreversible glacier melt, we can
    expect a corresponding effect of fiddling while Nome burned. PGN]

    ------------------------------

    Date: Tue, 25 Aug 2020 11:49:42 +0200
    From: Peter Houppermans <pe...@houppermans.net>
    Subject: Re: Driverless cars are coming soon followup (RISKS-32.22)

    There's more where that came from..

    > Competition between car makers to see who can provide us the most
    > distraction moves the industry in exactly the wrong direction!

    In their apparent desire to attach more bells and whistles to what used to
    be eminently sane concepts, there is also this trend to make indicators more
    fancy (at least in Europe where they're separate from brake lights) by
    implementing them as an animated strip of LEDs that *grows* by lighting more
    and more of them.

    The problem: this delays signal awareness.

    A car's brake and turn signals are there to inform other road users that
    something is about to happen that may represent a risk. It is not even
    possible to brake without brake lights flaring, but turn indicators are
    manual, and apparently still considered optional by whole tribes of road
    users.

    In the past, LED brake lights were even sold as options on the premise that
    it gave drivers more time to react as they light quicker. However, these
    *swelling* indicator lights do the exact opposite: they delay the moment by
    which the signal imparts a warning to other road users' situational
    awareness. I deem them a triumph of fashion over safety fundamentals.

    ------------------------------

    Date: Tue, 25 Aug 2020 13:11:04 +0200
    From: Terje Mathisen <terje....@tmsw.no>
    Subject: Re: Date and time synchronization (Robinson, RISKS-32.22)

    You are going to get a *lot* of responses to this one, the idea is sound but
    the implemented logic is completely broken. :-(

    > Here is the procedure:
    > 1. Get time.
    > 2. Get date.
    > 3. If the hour is not 11 (for systems that preformat time to AM/PM) or is
    > not 23, exit procedure, date and time are synchronized and nothing more
    > needs to be done.

    Since we read time first, then date, the date might have ticked over and now
    we have 2020-08-25T00:00:00 while the time read happened at
    2020-08-24T23:59:59. Combining them results in 2020-08-24T00:00:00 which is
    of course wrong.

    The easiest fix for all such "read two counters as one atomic operation" is
    to start by reading the slow one, then the fast one and then the slow one
    again, i.e. the date here. If the two dates are equal then we are done,
    otherwise read the time again and return that value together with the second
    date.

    You can of course read both counters every time and then return the second
    pair only if the dates are different, this has the small but sometimes
    useful benefit of being constant time as long as the return first pair vs
    second pair is handled with conditional moves or other branchless code.

    > 4. Get the time again
    > 5. Get the date again.

    If we always read both variables twice, then we can even use the suggested
    order by returning the first pair unless the second time is less than the
    first, i.e. it wrapped around, and then we return the second pair.

    hms1 = gettime();
    ymd1 = getdate();
    hms2 = gettime();
    ymd2 = getdate();

    hms = (hms2 < hms1)? hms2 : hms1;
    ymd = (hms2 < hms1)? ymd2 : ymd1;

    ------------------------------

    Date: Mon, 24 Aug 2020 19:29:57 -0400
    From: Jack Christensen <christen...@gmail.com>
    Subject: Re: Washington Postal workers defy USPS orders and re-install mail,
    sorting machines (RISKS-32.22)

    It would be interesting to know exactly what the "risks to the public in
    computers and related systems" are perceived to be in this item. One cannot
    help but wonder whether the item was submitted to Risks with some political
    motivation. Our expectation should be that submissions to Risks be held to a
    higher standard. Cheap political demagoguery is available anywhere.

    I propose the following test for RISKS submissions. If "risks to the public
    in computers and related systems" can be said to exist, then we should be
    able to imagine one or more solutions, *that when applied to said computers
    or related systems*, could possibly address the issue.

    In the linked article, there seems to be no hint of this sort of
    technological issue. Certainly mail sorting machines must be computerized,
    but these days most everything is, so that in itself is too low a standard
    to be useful.

    ------------------------------

    Date: Tue, 25 Aug 2020 11:42:49 -0400
    From: "Arthur T." <Risks2020...@xoxy.net>
    Subject: Re: Dicekeys (RISKS-32.22)

    There is much to like about the Dicekeys concept, but there's also much to
    criticize. (Note: I am neither a mathematician nor a security professional.)

    For me, any inaccuracy makes everything else questionable. My calculations
    show 2^194 rather than 2^196 possibilities. Each die has 6 sides and 4
    orientations of the top for 24 possibilities. So there are 24^25 outcomes of
    rolling all of them. Order counts, so multiply by 25 factorial. Log base 2
    of that number is just over 193.66. I'm not sure where he's getting the
    extra bits of randomness reported.

    For non-techies, physical randomization may seem more secure than
    computer-generated. But if the dice are not extremely well made, they'll be
    a bit less random than theory suggests. Techies will easily find
    cryptographically secure random number generators, and 59 digits yields
    about 2^196 bits (as does a 32-character string made up of upper case, lower
    case, numbers, and 8 symbols).

    If you want a very long-term master password, you want to be able to back up
    its generator. You can do that by taking a picture of the dice box, but then
    you're no more (or less) secure than you were with non-physical keys. If you
    generate a long number or symbol key, you can print a more standard bar code
    that doesn't require trusting someone else's special programming. And then a
    secure hash hides your original number. I expect that readers for
    general-use bar codes will be around for a long time, whereas I'd worry
    about the longevity of the special-use scanner developed for Dicekeys.

    So I admire the concept and the work and thought that went into making it a
    real product. But I won't be a customer, and I wouldn't recommend it to
    anyone I know. In addition to the above considerations, computer-generated
    random numbers are free.

    ------------------------------

    Date: Tue, 25 Aug 2020 07:54:29 -0700
    From: Henry Baker <hba...@pipeline.com>
    Subject: Re: Why Does California Have So Many Wildfires? (NYTimes)

    This NYTimes article hasn't a clue.
    The short answer is: *fire SUPPRESSION* and too few *controlled burns*.

    As a resident of Southern California for ~40 years and having lived in the
    vicinity of at least 40 wildfires, I've studied this issue a bit.

    The white colonists who destroyed the indigenous native American way of life
    were 'know-it-alls' who never comprehended the clever and quite efficient
    fire management strategies of these 'primitive' people, and the folly of our
    'expert' mismanagement of the ecosystem in the past 300 years has sown the
    seeds of our wildfire problems today.

    Here in Southern California, you only get the following (egrep) choices
    for annual behavior for essentially all un-cultivated land:
    1. (rain/growth/){1,3}burn
    2. (rain/growth/){4,75}wildfire
    3. (rain/growth/){76,}apocalyptic firestorm

    Notice that burn|wildfire|firestorm is a necessary consequent to
    'rain/growth'.

    Of course, you can always eliminate 'rain', hence eliminating 'growth'
    and 'fire', but then you get an Atacama-like desert.

    So if we intend to continue living here in Southern California, I vote
    for option #1.

    'Fire is medicine': the tribes burning California forests to save them

    "For more than 13,000 years, the Yurek, Karuk, Hupa, Miwok, Chumash and
    hundreds of other tribes across California and the world used small
    intentional burns to renew local food, medicinal and cultural resources,
    create habitat for animals, and reduce the risk of larger, more dangerous
    *wild* fires."

    "The Spanish were the first California colonizers to prevent the indigenous
    people from burning the land. In 1850, the US government passed the Act for
    Government and Protection of Indians, which *outlawed intentional burning*
    in California even before it was a state."

    "Early National Forest Service officials considered "the Indian way" of
    "light-burning" to be a *primitive*, 'essentially destructive theory'."

    "For native people, the land is a renewing resource, and they feel a
    responsibility to keep it healthy. Light, frequent burning of the forest
    understory maintains oak tree health ... Fire clears and maintains prairie
    landscapes as habitat for elk and deer, and visibility through the dense
    woods for hunting them."

    Native American use of fire in ecosystems - Wikipedia

    "When first encountered by Europeans, many ecosystems were the result of
    repeated fires every *one to three years,* resulting in the replacement of
    forests with grassland or savanna, or opening up the forest by removing
    undergrowth."

    "By the time that European explorers first arrived in North America,
    millions of acres of 'natural' landscapes were already manipulated and
    maintained for human use. *Fires indicated the presence of humans to many
    European explorers and settlers arriving on ship.*"

    "By the 17th century, native populations were on the verge of collapse due
    to the introduction of European diseases (such as smallpox) and widespread
    epidemics (the flu) against which the indigenous peoples had no
    immunity. ... As Native people were forced off their traditional landbases
    or killed, traditional land management practices were abandoned."

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-...@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    => SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    => SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    => SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    => The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    ==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.23
    ************************
     
  13. LakeGator

    LakeGator Mostly Harmless Moderator

    4,813
    556
    368
    Apr 3, 2007
    Tampa
    Risks Digest 32.24

    RISKS List Owner

    Aug 29, 2020 7:51 PM

    Posted in group: comp.risks

    RISKS-LIST: Risks-Forum Digest Saturday 29 August 2020 Volume 32 : Issue 24

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
    Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <The RISKS Digest> as
    <The RISKS Digest, Volume 32 Issue 24>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Cosmic rays may soon stymie quantum computing (phys.org)
    Tesla with Autopilot hits cop car; driver admits he was watching a movie
    (ArsTechnica)
    A Tesla Employee Thwarted an Alleged Ransomware Plot (WiReD)
    Ransomware Has Gone Corporate -- and Gotten More Cruel (WiReD)
    Sendgrid Under Siege from Hacked Accounts (Krebs on Security)
    A bug in Windows 10 could be slowly wrecking your SSD (PC Gamer)
    Ambulance won't find mislocated addresses (Dan Jacobson)
    How algorithms keep workers in the dark (bbc.com)
    The risks of supply chain threat sharing (Federal Computer Week)
    Re: Driverless cars are coming soon followup (Wol, Michael Bacon,
    Chris Drewe)
    Re: Very old news. A Chrome feature is creating enormous load on global root
    DNS servers (John Levine)
    Re: Washington Postal workers defy USPS orders (Peter Houppermans)
    Re: Mike Godwin, the Creator of Godwin's Law, Is Suing Trump Over His TikTok
    Executive Order (Amos Shapir)
    For Election Administrators, Death Threats Have Become Part of the Job
    (ProPublica)
    Viral pro-Trump tweets came from fake African American spam accounts,
    Twitter says (NBC News)
    USPS is telling people their mail is being held 'at the request of the
    customer.' It isn't true.
    Re: Fiddling with the environment (John Levine)
    Re: What would happen to Earth if humans went extinct? (Paul Robinson)
    Re: Greenland glacier melt (R. G. Newbury)
    Re: Date and time synchronization (John Harper, David Halliwell)
    Re: Dicekeys, an additional risk (Bart Z. Lederman)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Thu, 27 Aug 2020 18:44:19 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: Cosmic rays may soon stymie quantum computing (phys.org)

    https://phys.org/news/2020-08-cosmic-rays-stymie-quantum.html

    Quantum computers are likely to require significant shielding to sustain
    coherent qubit interactions while they compute solutions. Quantum computers
    apply Josephson junctions to host qubit state. The junctions are sensitive
    to perturbations at many wavelengths, including those arising from earth
    tremor, thermal, x-ray, etc. How deep a basement, with tremor isolation,
    ionization shields, etc. will be needed, is yet to be determined. This
    experiment demonstrates qubit decoherence potential when high-energy photons
    strike.

    I am reminded of a similar issue affecting the "old" silicon-based
    supercomputers: These massively parallel machines consist of separate
    physical memory and cpu modules, each interconnected to each other via a
    speedy message-passing network. See
    Full Page Reload.

    The memory modules are prone to cosmic ray intercept. The incident radiation
    causes memory bit failures, often permanently disabling use. Extended
    computations (protein folding, nuclear weapon stockpile simulation, etc.)
    crash, as does the machine, until triage can disable a row/column of
    physical memory.

    "In the summer of 2003, Virginia Tech researchers built a large
    supercomputer out of 1,100 Apple Power Mac G5 computers. They called it Big
    Mac. To their dismay, they found that the failure rate was so high it was
    nearly impossible even to boot the whole system before it would crash.

    "The problem was that the Power Mac G5 did not have error-correcting code
    (ECC) memory, and cosmic ray-induced particles were changing so many values
    in memory that out of the 1,100 Mac G5 computers, one was always crashing.
    Unusable, Big Mac was broken apart into individual G5s, which were sold one
    by one online. Virginia Tech replaced it with a supercomputer called System
    X, which had ECC memory and ran fine."

    ------------------------------

    Date: Sat, 29 Aug 2020 00:51:49 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Tesla with Autopilot hits cop car; driver admits he was watching a
    movie (ArsTechnica)

    The driver was charged with a violation of the state's "move over" law and
    with having a television in the car.

    Tesla with Autopilot hits cop car—driver admits he was watching a movie

    ------------------------------

    Date: Fri, 28 Aug 2020 20:27:26 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: A Tesla Employee Thwarted an Alleged Ransomware Plot (WiReD)

    Elon Musk confirmed Thursday night that a ransomware gang had approached a
    Gigafactory employee with alleged promises of a big payout.

    A Tesla Employee Thwarted an Alleged Ransomware Plot

    ------------------------------

    Date: Wed, 26 Aug 2020 19:33:37 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Ransomware Has Gone Corporate -- and Gotten More Cruel (WiReD)

    The DarkSide operators are just the latest group to adopt a veneer of
    professionalism, while at the same time escalating the consequences of their
    attacks.

    Ransomware Has Gone Corporate—and Gotten More Cruel

    ------------------------------

    Date: Fri, 28 Aug 2020 13:21:35 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Sendgrid Under Siege from Hacked Accounts

    Email service provider *Sendgrid* is grappling with an unusually large
    number of customer accounts whose passwords have been cracked, sold to
    spammers, and abused for sending phishing and email malware attacks.
    Sendgrid's parent company *Twilio* says it is working on a plan to require
    multi-factor authentication for all of its customers, but that solution may
    not come fast enough for organizations having trouble dealing with the
    fallout in the meantime.

    Many companies use Sendgrid to communicate with their customers via email,
    or else pay marketing firms to do that on their behalf using Sendgrid's
    systems. Sendgrid takes steps to validate that new customers are legitimate
    businesses, and that emails sent through its platform carry the proper
    digital signatures that other companies can use to validate that the
    messages have been authorized by its customers.

    But this also means when a Sendgrid customer account gets hacked and used to
    send malware or phishing scams, the threat is particularly acute because a
    large number of organizations allow email from Sendgrid's systems to sail
    through their spam-filtering systems.

    To make matters worse, links included in emails sent through Sendgrid are
    obfuscated (mainly for tracking deliverability and other metrics), so it is
    not immediately clear to recipients where on the Internet they will be taken
    when they click.

    Dealing with compromised customer accounts is a constant challenge for any
    organization doing business online today, and certainly Sendgrid is not the
    only email marketing platform dealing with this problem. But according to
    multiple emails from readers, recent threads on several anti-spam discussion
    lists <sendgrid>
    <MailingLists - SPAMASSASSIN - Apache Software Foundation>, and
    interviews with people in the anti-spam community, over the past few months
    there has been a marked increase in malicious, phishous and outright spammy
    email being blasted out via Sendgrid's servers. [...]

    https://krebsonsecurity.com/2020/08/sendgrid-under-siege-from-hacked-accoun
    ts/


    ------------------------------

    Date: Fri, 28 Aug 2020 23:54:14 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: A bug in Windows 10 could be slowly wrecking your SSD (PC Gamer)

    Fortunately a fix is on the way.

    Microsoft is currently testing a fix for Windows 10 bug that could cause the
    operating system to defragment solid state drives (SSDs) more often than is
    needed. While periodic defragging of a mechanical hard disk drive (HDD) is a
    good thing, doing it too often on SSDs can actually degrade their integrity
    and shorten their lifespan. [...]

    As spotted by Bleeping Computer, when Microsoft rolled out the May 2020
    update for Windows 10, it introduced a bug to the Optimize Drives feature
    causing it to incorrectly determine the last time a drive has been
    optimized. When you open it up, you might notice your SSD says "Needs
    optimization" even if the routine was recently run (Windows 10 handles this
    automatically).

    A bug in Windows 10 could be slowly wrecking your SSD | PC Gamer

    ------------------------------

    Date: Fri, 28 Aug 2020 00:12:20 +0800
    From: Dan Jacobson <jid...@jidanni.org>
    Subject: Ambulance won't find mislocated addresses

    Correct address placement on the map is how the ambulance can find your
    house, in rural areas. (And no I'm not talking about G**gle Maps, I'm
    talking about official (Taiwan) government e-maps.)

    (Junior, a/k/a me, has taken it upon himself to be the unsung local hero,
    saving many potential lives as usual, asking for justice for those
    precarious misplaced address nodes scattered on the hills on the e-map on my
    computer screen.)

    So how are these addresses born? Well the applicant brings his stack of
    property deeds to the Household Bureau office, and, well, we behind the desk
    need to fill in a parcel number on the application form, so, well, just grab
    one of the deeds and use that parcel number. Oh yes, visit the site and take
    photographs for the records. So new address 35 is recorded as being located
    on parcel 1234 instead of actual 1240...

    Causing now twenty years later some addresses to be located in orchards or
    on slopes hundreds of meters from where their respective actual houses
    are. Yup, those parcel numbers are what we now used to place the address
    nodes on the spanking new e-maps. Back in the old days some dusty number in
    a ledger -- has now become a two-dimensional point on an e-map.

    "That's the parcel number they applied with. They need to bring in their
    documents to the office if they want to change the location."

    Problem is, to the homeowner, there is nothing wrong with their address,
    happily attached to their house. And indeed, let's say they are highly
    literate (and still alive.) Well they still often won't be able to tell you
    which of their stack of title deeds is the one referring to their house's
    land vs. the one referring to their orchard.

    Also who is going to tell lots of average citizens they need to march down
    to the Household Bureau to correct some internal coordinate problem on some
    obscure e-map? "Didn't your office take enough photos of my house back when
    I applied already?"

    Anyway, my suggestion to the Household Bureau is to simply connect to the
    Land Bureau's computer and see if (thankfully usually still after all those
    years) the parcel with the house belongs to the same person as the parcel
    with the orchard, and update the records accordingly.

    Or, just let it slide. And be blamed when the ambulance can't find somebody
    in need.

    And then there are those address nodes that ended up on nobody's land in the
    middle of the creek...

    ------------------------------

    Date: Fri, 28 Aug 2020 11:14:31 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: How algorithms keep workers in the dark (bbc.com)

    How algorithms keep workers in the dark

    "Giving self-learning algorithms the responsibility to make and execute
    decisions affecting workers is called 'algorithmic management.' It carries a
    host of risks in depersonalizing management systems and entrenching
    pre-existing biases."

    The essay cites an example of an algorithm at work:

    "At Amazon's fulfillment centre in south-east Melbourne, they set the pace
    for 'pickers', who have timers on their scanners showing how long they have
    to find the next item. As soon as they scan that item, the timer resets for
    the next. All at a 'not quite walking, not quite running' speed."

    Reminiscent of "John Henry" (see
    John Henry (folklore) - Wikipedia). Would the algorithm
    increase the interval if a picker tripped or was injured during item
    fulfillment? How does/would it learn of these outcomes? Are there feedback
    variables that account for injuries? At what frequency is the algorithm
    adjusted to account for under-fulfillment or over-fulfillment? Does the
    employee receive better or worse compensation?

    ------------------------------

    Date: Fri, 28 Aug 2020 21:13:09 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: The risks of supply chain threat sharing (Federal Computer Week)

    The risks of supply chain threat sharing -- FCW

    "An interim report issued by the DHS task force last year laid out a number
    of data points that could be useful in sniffing out supply chain threats,
    such as information around counterfeit parts, malicious code inserted into
    software and tips about insider threats or physical attacks on participants
    or products in the chain. It also found that intelligence around this area
    was 'unique' and that 'actionable information often requires a level of
    specificity which may create sensitivities about how it is shared' that lead
    to 'a range of legal considerations that ICT stakeholders must navigate.'"

    Recall Kaspersky Labs anti-virus product, and the door it opened to inspect
    a machine for AV diagnosis (see
    The RISKS Digest, Volume 30 Issue 48). Deployment risks from
    Huawei and ZTE network products, etc.

    Risk: Vendor identity disclosure from suspected product without sufficient
    evidence can be libelous.

    ------------------------------

    Date: Fri, 28 Aug 2020 20:11:28 +0100
    From: Wol <antl...@youngman.org.uk>
    Subject: Re: Driverless cars are coming soon followup (PH, RISKS-32.23)

    >> Competition between car makers to see who can provide us the most
    >> distraction moves the industry in exactly the wrong direction!

    Especially like, as in our car, the entertainment system is buggy, so the
    driver spends far too much FIXING the system's screw-ups when they should be
    concentrating on driving ...

    > but turn indicators are manual, and apparently still considered optional
    > by whole tribes of road users.

    That's assuming it isn't the car at fault - a light touch on the indicator
    stalk will cause it to flash three times to indicate a lane change, but I
    regularly approach a junction, indicate, and it might flash ONCE before
    auto-canceling! If I'm concentrating on an unfamiliar junction and an
    uncooperative sat-nav, I don't need the additional grief of an auto-cancel
    mechanism that keeps killing the indicators. I know on many occasions,
    driving in a roughly straight line, I've had to indicate four or five times
    approaching the junction because the indicator just won't stay on!

    ------------------------------

    Date: Sat, 29 Aug 2020 10:25:08 +0100
    From: Michael Bacon <attilath...@tiscali.co.uk>
    Subject: Re: Driverless cars are coming soon followup (PH, RISKS-32.23)

    In saying that: "It is not even possible to brake without brake lights
    flaring ", Peter Houppermans ignores the potential to brake using only the
    handbrake, which does not (in the vast majority of vehicles) cause the brake
    light(s) to illuminate.

    Whilst I happily argue that too many designers have taken the versatility of
    modern materials to the point that form trumps function, I do feel that the
    modern "growing" turn indicator light is more reliable at indicating the
    intended direction, especially at night and given the greater brilliance of
    other exterior lights.

    The above assumes that drivers use their indicators in sufficient time;
    however many seem to use them solely to remind themselves what they just
    did, rather than to advise other drivers of their intentions. When I did my
    Class 1 driver training with Greater Manchester Police Driving School it was
    impressed upon me that hand signals, indicators, brake lights and car
    positioning were all about communicating one's intentions to other road
    users. Of course that assumes others actually pay sufficient attention,
    which increasingly seems to be less the case than when I started driving.

    As to the drivers of some cars not using indicators, it has been reported
    that Audi and BMW dealers no longer stock replacement bulbs because of a
    lack of demand.

    ------------------------------

    Date: Wed, 26 Aug 2020 22:31:27 +0100
    From: Chris Drewe <e76...@yahoo.co.uk>
    Subject: Driverless cars are coming soon followup (RISKS-32.23)

    Possibly one of the most trivial posting to RISKS for a while... My problem
    is that many cars have parking/tail/turn signal/back-up/rear fog lights
    crammed into small light clusters, so if the driver brakes and signals at
    the same time, which happens quite often, it can be difficult to see the
    flashing signal light against the steady bright brake light. Some buses
    have LED lights which just show colourless white when off so there's little
    contrast between off and on indications. I haven't driven overseas very
    much, but at least with the American system of a big red rear brake/signal
    light at each side it's less ambiguous, though if only one side of the
    vehicle is visible (e.g., in a line of traffic), then it's not immediately
    obvious if the driver has tapped the brakes or has started signaling.
    There's the same problem with 4-way emergency hazard flashers, as if (again)
    the vehicle is only visible at one side, it's not clear if the hazard
    flashers or turn signals are indicating.

    ------------------------------

    Date: 25 Aug 2020 22:51:29 -0400
    From: "John Levine" <jo...@iecc.com>
    Subject: Re: Very old news. A Chrome feature is creating enormous load on
    global root DNS servers (RISKS-32.24)

    >A Chrome feature is creating enormous load on global root DNS servers

    Someone hasn't been paying attention. The ICANN Name Collision report
    written seven years ago in 2013 said the exact same thing:

    https://www.icann.org/en/system/files/files/name-collision-02aug13-en.pdf

    See section 5.4.3 on page 48. At that point the Chrome random names were
    46% of all root server traffic (see table 12 on the previous page.)

    ------------------------------

    Date: Wed, 26 Aug 2020 09:56:50 +0200
    From: Peter Houppermans <pe...@houppermans.net>
    Subject: Re: Washington Postal workers defy USPS orders (previous)

    [christen...@gmail.com responded to PH on this item:]

    > It would be interesting to know exactly what the "risks to the public in
    > computers and related systems" are perceived to be in this item.

    Easy. Three arguments:

    1. Ever tried to sort a large volume of post *without* computers involved?

    2. Voting (and associated untruths, fraud, manipulation, funding deprivation
    etc. etc.) has been a staple of RISKS for decades as it represents indeed
    a major RISK to any enterprise, people and country if not done correctly
    and democratically.

    3. As someone who integrates risks from various areas, I naturally have an
    interest that goes beyond *my* chosen area of expertise, mostly because
    the most important component (the human) has this pesky habit of not
    sticking to one category either -- they're everywhere! This shows the
    human component.

    The benefit of the RISKS mailing list has been for many years that it brings
    together professionals in all walks of life sharing experiences which may
    not always fall inside the original defined purpose, but which have a
    connection which may even be at best tangential. It allows people to widen
    their perspective.

    The items in question show a SYSTEM (hey, look, another subject matter hit)
    seeks to repair itself as the pesky humans involved still try to do the
    right thing. That's educational and instructive, hence another argument for
    its inclusion.

    For the record, one of the reasons I try to read every RISKS is exactly
    because it has remained diverse.

    I, for one, hope it remains that way.

    ------------------------------

    Date: Fri, 28 Aug 2020 11:29:35 +0300
    From: Amos Shapir <amo...@gmail.com>
    Subject: Re: Mike Godwin, the Creator of Godwin's Law, Is Suing Trump Over
    His TikTok Executive Order (RISKS-32.23)

    Maybe Godwin's Law should be updated: "as an online discussion grows longer,
    the probability of it deteriorating into a pro-Trump / anti-Trump tirades
    approaches 1"

    ------------------------------

    Date: Wed, 26 Aug 2020 19:27:03 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: For Election Administrators, Death Threats Have Become Part of the
    Job (ProPublica)

    In a polarized society, the bureaucrats who operate the machinery of
    democracy are taking flak from all sides. More than 20 have resigned or
    retired since March 1, thinning their ranks at a time when they are most
    needed.

    For Election Administrators, Death Threats Have Become Part of the Job — ProPublica

    ------------------------------

    Date: Thu, 27 Aug 2020 20:27:36 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: Viral pro-Trump tweets came from fake African American spam
    accounts, Twitter says (NBC News)

    Viral pro-Trump tweets came from fake African American spam accounts, Twitter says

    ------------------------------

    Date: Thu, 27 Aug 2020 22:34:49 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: USPS is telling people their mail is being held 'at the request of
    the customer.' It isn't true.

    https://www.washingtonpost.com/dc-md-va/2020/08/27/usps-delayed-packages/

    ------------------------------

    Date: 26 Aug 2020 13:23:32 -0400
    From: "John Levine" <jo...@iecc.com>
    Subject: Re: Fiddling with the environment (Bacon, RISKS-32.23)

    > Richard Stein wonders what will become of Florida's release
    > of a genetically engineered mosquito intended to combat Dengue Fever.

    Frankenskeeters?

    Cheap shots are fun, but in this case the costs of doing nothing are
    substantial.

    The Aedes mosquitoes they are targeting are dangerous to people. They
    spread yellow fever, dengue, chikungunya, and zika. While you may not be
    familiar with these diseases, people all over the tropics are. The keys have
    had outbreaks of dengue, which is always miserable and at its worst
    crippling or fatal. A friend of mine who lives in central America had
    chikungunya, one of the less serious ones, and it made him unable to work
    for the better part of a year. You don't want to know what yellow fever is
    like.

    At this point the mosquito treatment is to spray pesticides into breeding
    areas. We know what the consequences of that are, killing other desirable
    insects and polluting the shallow waters around the Keys.

    The mosquitoes they'll be releasing are males (only females bite) that
    produce offspring that die before they mature unless they have tetracycline
    in their diet which in the wild they don't. They've been released in Brazil
    and other places and knocked down Aedes populations by 95%.

    While it certainly possible that there is some effect that nobody has
    noticed yet, it's a lot more likely that they'll do what's expected, kill
    mosquitoes and prevent disease without toxic pesticides.

    Looking at the reports about local opposition, I don't see anything beyond
    genetically engineered == scary == bad along with some garbled complaints
    about the way the mosquitoes were created.

    [Wondering about RISKS-relevance? This item was certainly involved in
    risks to the public. Were there any computer-based models and
    analyses of long-term effects? PGN

    ------------------------------

    Date: Sat, 29 Aug 2020 20:03:30 +0000 (UTC)
    From: Paul Robinson <rfc...@yahoo.com>
    Subject: Re: What would happen to Earth if humans went extinct?
    (Goodfellow, RISKS-32.21)

    Seems like maybe The History Channel should start reruns of "Life Without
    People," the two year series that explored a world in which all people just
    suddenly disappear. The story explicitly says it does not give a reason for
    why we vanished, just the aftermath.

    "Welcome to earth: Population: zero."

    The show examines possible results of a year, five years, ten, twenty, a
    hundred, and so on to as far away as 10,000 years from now. The buildings
    turning into rust and crumbling, the refinery explosions, nuclear power
    plant meltdowns. family pets trapped indoors, sometimes dying, domesticated
    animals going extinct because they needed humans to breed them, and the
    cities becoming jungle as grass and other fauna and flora overtake them.

    In the end, the world will erase every trace of our existence. The show even
    explores this by visiting abandoned cities and settlements after 20 to 50
    years, and the process of decomposing is already well along.

    The show was created after the 2008 special of the same name did extremely
    well.

    ------------------------------

    Date: Wed, 26 Aug 2020 15:20:09 -0400
    From: "R. G. Newbury" <new...@mandamus.org>
    Subject: Re: Greenland glacier melt (RISKS-32.23)

    > [With Greenland undergoing massive irreversible glacier melt, we can
    > expect a corresponding effect of fiddling while Nome burned. PGN]

    Massive? No. Large size, but not in relation to the whole.

    [Actually, "massive" was subsequently refuted in various sources. I'm
    happy to have this item. Please remember, constructive rebuttals
    are always welcome. PGN]

    Willis Eschenbach, 3 Aug 2019
    Greenland Endures

    >From that data, we find that the 1981 to 2010 thirty-year average mass
    balance for the Greenland ice sheet was a net loss of 103 billion
    tonnes. Again, this is a very large number, it seems like a big deal that
    would demand our attention -- but is it really?

    In order to ask the question ``How big is 103 billion tonnes?'', we have to
    ask a related question:

    Compared to what?

    In this case, the answer is, ``Compared to the total amount of ice on
    Greenland''.

    Here's one way of looking at that. We can ask, *if* Greenland were to continue
    losing ice mass at a rate of 103 billion tonnes per year, how long would it
    take to melt say half of the ice sheet? Not all of it, mind you, but half of
    it. (Note that I am NOT saying that extending a current trend is a way to
    estimate the future evolution of the ice sheet -- I'm merely using it as a
    way to compare large numbers.)

    To answer our question if 103 billion tonnes lost per year is a big number,
    we have to compare the annual ice mass loss to the amount of ice

    in the Greenland ice sheet. The Greenland ice sheet contains about
    2.6E+15 (2,600,000,000,000,000) tonnes of water in the form of snow and
    ice.

    So *if* the Greenland ice sheet were to lose 103 billion tonnes per year
    into the indefinite future, it would take about twelve thousand five hundred
    years to lose half of it.

    In other terms, the Ice Cap is losing 3.96**-5 of its mass every year,
    or .00396% per year. Scary number, that is.

    The effects of this are best shown graphically: Greenland Mass Balance and
    Greenland Total Mass. It is the latter which is the reality. See attached.

    Irreversible? No. In fact, the sign of the change changes. As recently as
    3,500 BP the Greenland Ice Cap was much smaller than at present.

    >From University of Buffalo:
    Study: Greenland Ice Sheet was smaller 3000-5000 years ago than today

    And recently, the Jakobshavn Glacier has been found to be growing *again.
    If “Greenland is catastrophically melting”, how do alarmists explain NASA’s growing Greenland glacier?

    ------------------------------

    Date: Fri, 28 Aug 2020 11:56:59 +1200 (NZST)
    From: John Harper <har...@msor.vuw.ac.nz>
    Subject: Re: Date and time synchronization

    Both Robinson (RISKS-32.22) and Mathisen (RISKS-32.23) seem to have
    forgotten that midnight is not the only possible time for problems to occur.

    1. What happens in stationary computers in any place that goes in and out of
    daylight saving at various times of year? Many places do not change at
    midnight. (My country uses 2 am in in September, 3 am out in April.)

    2. What happens in a computer being used on a journey between time zones?
    The crossing could occur at any time of day or night.

    3. What happens when there is a leap second? That is usually at 23:59:60
    UTC, which is at various local times in various places.

    ------------------------------

    Date: Wed, 26 Aug 2020 17:48:52 -0400
    From: David Halliwell <dhal...@rogers.com>
    Subject: Re: Date and time synchronization (Robinson, RISKS-32.22)

    The version suggested by Terje Mathisen (RISKS-32.23) is one that I have
    used.

    I started working at a monitoring site many years ago that had a program
    that needed to do some data logging once per minute (on the minute). The
    programming environment did not have a function to return date and time, so
    data and time needed to be obtained independently. The
    logic in the program was:

    1. Ask for date, save year.
    2. Ask for date, save month.
    3. Ask for date, save day.
    4. Ask for time, save hour
    5. Ask for time, save minute.
    6. If minute has changed since last time through loop, do your stuff.
    7. Remember minute for next pass through loop
    8. Loop.

    Yes, they really did do multiple DATE and TIME calls. Probably easier
    (lazier?) to program year(now), month(now), day(now) than to create another
    variable to store (now) and do year, month and day on the stored value.

    Someone may have thought "the time it takes to get the date and time is so
    small the chances of them not matching can be ignored." They were wrong (or
    never even thought about it.) Yes, in any trip through the loop,. the
    chances are small, but in most trips through the loop, the minute isn't
    going to change and nothing is done. The only loop that triggers action is
    the small fraction of loops where the minute DOES change. When the minute
    has changed, it could have happened any time between steps 1 to 5 or going
    from step 5 back to 1, and the probability of any one of those five
    intervals is probably about equal.

    So, the chances that the minute changed between requesting the hour and
    requesting the minute is about 20%. And because you are doing things every
    minute of the day, and every hour has a minute 59, there is a 20% chance
    that at the end of the hour the routine is going to mess up. And you could
    see that in the data it requested. four or five times a day, you saw a
    sequence like this:

    * request data for 11:57
    * request data for 11:58
    * request data for 11:59
    * request data for 11:00
    * request data for 12:01

    The replacement was as Terje suggested:

    1. ask for date, save year, month, and day
    2. ask for time, save hour and minute
    3. ask for date again. If day has changed, go back to 1.
    4. If minute has changed, do your stuff.
    5. Remember minute for next trip through loop
    6. Loop.

    Step 3 avoids the date rollover. Using a single TIME call avoids the
    hour roll-over.

    I never saw a request for hour-old data again.

    ------------------------------

    Date: Wed, 26 Aug 2020 03:54:54 -0700
    From: "Bart Z. Lederman" <bz...@copper.net>
    Subject: Re: Dicekeys, an additional risk (Arthur T., RISKS-32.23)

    > For non-techies, physical randomization may seem more secure than
    > computer-generated. But if the dice are not extremely well made, they'll
    > be a bit less random than theory suggests.

    No matter how well made the dice are, as they are used they will collide with
    each other and slowly (or quickly, depending upon the material) become more
    and more deformed. This means they will become less random, and each set of
    dice will become less random in a different way.

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-...@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    => SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    RISKS Info Page

    => SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    => SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    => The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <riskinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    ==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.24
    ************************
     
    Last edited by a moderator: Aug 30, 2020
  14. LakeGator

    LakeGator Mostly Harmless Moderator

    4,813
    556
    368
    Apr 3, 2007
    Tampa
    Risks Digest 32.25

    RISKS List Owner

    Sep 7, 2020 2:21 PM

    Posted in group: comp.risks

    RISKS-LIST: Risks-Forum Digest Monday 7 September 2020 Volume 32 : Issue 25

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
    Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <The RISKS Digest> as
    <The RISKS Digest, Volume 32 Issue 25>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Blistering Consumer Reports review of Tesla's $8000 full self-driving
    package, including some serious safety concerns (Twitter)
    Research questions (Gene Spafford)
    Apple Accidentally Approved Malware to Run on MacOS (WiReD)
    Parents Face Tech Issues On First Day Of School In Wash DC and Maryland
    (DCist)
    Man blows up part of house while chasing fly (bbc.com)
    The surprising secret hidden in a pregnancy test (bbc.com)
    It Has Come to This: Ignore the CDC (NYTimes OpEd)
    Intel Slips, and a High-Profile Supercomputer Is Delayed (NYTimes)
    Amazon Drivers Are Hanging Smartphones in Trees to Get More Work
    (Bloomberg)
    Russians Again Targeting Americans With Disinformation, Facebook
    and Twitter Say (NYTimes)
    FBI worried that Ring doorbells are spying on police (bbc.com)
    The Subtle Tricks Shopping Sites Use to Make You Spend More (WiReD)
    A Saudi Prince's Attempt to Silence Critics on Twitter (WiReD)
    California: Tell Your Senators That Ill-Conceived Immunity Passports Won't
    Help Us (EFF)
    Online Voting Company Pushes to Make It Harder for Researchers to
    Find Security Flaws (Alfred Ng)
    Russian election interference continues (NYTimes)
    "Vote early, vote often?"
    Happy National Poll Worker Recruitment Day (Rebecca Mercuri)
    Re: For Election Administrators, Death Threats Have Become Part of the Job
    (Malcolm)
    Court Approves Warrantless Surveillance Rules While Scolding FBI (NYTimes)
    Blanked-Out Spots On China's Maps Helped Us Uncover Xinjiang's Camps
    (Buzzfeed)
    How Four Brothers Allegedly Fleeced $19 Million From Amazon (WiReD)
    A critical flaw is affecting thousands of WordPress sites (WiReD)
    Is Your Chip Card Secure? Much Depends on Where You Bank (EPAM)
    The Brain Implants That Could Change Humanity (NYTimes)
    Neuralink: Elon Musk unveils pig he claims has computer implant in brain
    (The Guardian)
    New parking technology aims to manage curb space virtually (WashPost)
    The Pod People Campaign: Driving User Traffic via Social Networks
    (Courtney Falk via Gene Spafford)
    Re: Humans Take a Step Closer to Flying Car (geoff goodfellow)
    Re: Driverless cars are coming soon followup (Martin Ward)
    Re: Tesla with Autopilot hits cop car; driver admits he was watching a movie
    (Barry Gold)
    Re: Date and time synchronization (David E. Ross, Terje Mathisen)a
    Re: Dicekeys, an additional risk (Craig S. Cottingham, Bob Wilson)
    Re: Greenland glacier melt (Amos Shapir, David Damerell)
    Re: Grading by algorithm results in UK debacle (John Murrell)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Fri, 4 Sep 2020 16:02:39 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Blistering Consumer Reports review of Tesla's $8000 full
    self-driving package, including some serious safety concerns (Twitter)



    ------------------------------

    Date: Tue, 1 Sep 2020 10:25:33 -0400
    From: Gene Spafford <sp...@purdue.edu>
    Subject: Research questions

    How sad that all the computing questions in Dave Farber's] list (at the URL
    in the post) are devoted to AI/ML. We have an incredibly rich and broad
    field with many important open problems in software engineering,
    cybersecurity, privacy, HPC, programming environments, HCI, robotics,
    databases, machine architecture, distributed/cloud/fog computing, IoT, and
    more. I'm surprised that at least one of the other fads didn't show up,
    such as quantum computing. (Thankfully, this was one list that didn't
    include the death cult favorite *blockchain*.)

    It seems about every 20 years the AI/ML *bug* bites people and causes a huge
    surge of interest. After all, the idea of creating *thinking* artifacts is
    rather appealing, especially to investors who would rather not be paying
    salaries of real people on an on-going basis, and to military planners who
    envision regiments of disposable killing machines. Many of the advancements
    in the area have occurred simply because we have faster processing and more
    memory than the last time we made the big investments in this area =94 which
    are not advances in AI/ML per se, but came out of more traditional research.
    Our ability to make bad decisions is now so much faster than human thought
    (even augmented with bourbon or tequila) that it has far outstripped our
    willingness to think about ethics and human good. The results are
    increasingly worrisome to those of us who believe, as a core value, precept
    1.2 of the ACM Code of Ethics: Avoid Harm.

    I remember reading Frank Herbert's Dune in about 1975. I thought the idea
    of the *Butlerian Jihad* was quite interesting, especially in light of films
    such as The Corbin Project and Terminator. The Doomsday network in
    Dr. Strangelove also comes to mind. (I could list another dozen movies and
    novels, including War Games, The Matrix, Ava, and 2001. Surely someone has
    a list of these somewhere.) When I did some of my original research on
    computer viruses, *When Harley Was One* brought another view of the issues
    to mind that was beginning to appear in the real world. One does not need
    to turn to science fiction to see some of the issues. Regular readers of
    the Risks Digest and works by Charles Perrow (e.g., *The Next Catastrophe*)
    can see real-world examples and extrapolations.

    My point in citing these works is not only that moving key decision-making
    from humans to computers is potentially dangerous, but that some of those
    same complexities and pitfalls are foreseeable -- or even predictable. Why,
    therefore, isn't the scoping, containment, and safe use of computing THE
    dominant research problem for our field -- and society, in general? Do we
    need a Skynet to emerge and a Butlerian Jihad to occur to get on that path?
    We're already flirting with self-destruction with our damage to the
    environment and some bio-engineering. Do we need to add cybernetic war to
    the mix to ensure our demise? (Hmm, tongue-in-cheek thought experiment: as
    the Russians are using social media to promote social division and turmoil,
    perhaps an extraterrestrial species is seeding our research to promote our
    self-destruction. While Elon Musk was showing off his porcine Neuralink,
    perhaps someone should have gotten a DNA sample from him to check his
    humanity?)

    Fundamentally, we are building systems that are already too complex to make
    without flaws, and we continue to add layers and nodes. The people designing
    these systems may believe in a Star Trek future, but with human nature as it
    is, Blade Runner is more where we seem to be headed. The systems being
    fielded are unsecurable and safety hazards. Devoting so much attention to
    adding further complexity that we don't fully understand and whose results
    we can't explain is only making things worse; chaos emerges, entropy wins,
    eschatology comes to the fore.

    If there is to be a list of major research challenges in CS published, let's
    have one that is representative of the breadth and richness of the field,
    and that includes problems that have profound impact on people rather than
    representing current hype.

    [Spaf's message was in response to Wendy M. Grossman's posting on Dave
    Farber's IP list. <wen...@pelicancrossing.net> I apparently overlooked
    both, but fortunately Spaf submitted it directly to RISKS. This is very
    relevant to past items on the risks of hype, AI, etc. PGN]

    > Research questions that could have a big social impact, organised by discipline

    > Research questions that could have a big social impact, organised by
    > discipline

    > Introduction

    > People frequently ask us what high-impact research in different
    > disciplines might look like. This might be because they're already working
    > in a field and want to shift their research in a more impactful
    > direction. Or maybe they're thinking of pursuing an academic research
    > career and they aren't sure which discipline is right for them.

    > In any case, below you will find a list of disciplines and a handful of
    > research questions and project ideas for each one. They are meant to be
    > illustrative, in order to help people who are working or considering
    > working in these disciplines get a sense of what some attempts to approach
    > them from a longtermist perspective might look like. They also represent
    > projects that we think would be useful to pursue from a longtermist
    > perspective.

    > The lists are not meant to be exhaustive; nor are they meant to express a
    > considered view on what we think the most valuable questions and projects
    > in each area are. Our primary strategy in compiling these lists was to
    > look through research agendas and collections others have put together
    > (linked throughout as well as at the end). We generally included questions
    > or projects that seemed both useful for informing decisions about how to
    > improve the long-term future and like good examples of research in their
    > respective disciplines. When choosing between a higher-value question or
    > project and one that struck us as more illustrative, we often chose the
    > latter.

    ------------------------------

    Date: Tue, 1 Sep 2020 01:20:41 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Apple Accidentally Approved Malware to Run on MacOS (WiReD)

    The ubiquitous Shlayer adware has picked up a new trick, slipping past
    Cupertino's *notarization* defenses for the first time.

    Apple Accidentally Approved Malware to Run on MacOS

    ------------------------------

    Date: Mon, 31 Aug 2020 18:26:32 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Parents Face Tech Issues On First Day Of School In Wash DC and
    Maryland (DCist)

    Hundreds of thousands of students in the District and Maryland powered on
    their laptops Monday for the start of a school year like no other.

    The first day of virtual classes hit some snags. In Montgomery County, error
    messages flashed on computer screens when students tried logging on to their
    first classes of the school year. In Prince George's County, two children
    missed half of their morning classes when pages on their school-issued
    Chromebooks would not load. [...]

    Gabrielle Brown, a spokeswoman for Prince George's County Public Schools,
    said two of the county's more than 200 schools experienced problems because
    too many people were using the same web server.

    Brown said the 133,000-student school system fixed the problem by moving the
    schools to different servers. She did not say which schools experienced the
    issues.

    Parents Face Tech Issues On First Day Of School In D.C., Maryland | DCist

    Scalability, what's that...

    ------------------------------

    Date: Mon, 7 Sep 2020 11:24:02 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: Man blows up part of house while chasing fly (bbc.com)

    Man blows up part of house while chasing fly

    ``The man, who is in his 80s, was about to tuck into his dinner when he
    became irritated by a fly buzzing around him. He picked up an electric
    racket designed to kill bugs and start swatting at it -- but a gas canister
    was leaking in his Dordogne home.''

    The non-electric flyswatter, perhaps less effective than the juiced-up
    model, does not possess ignition risk.

    [Perhaps he thought of Linoleum Blownapart? PGN]

    ------------------------------

    Date: Mon, 7 Sep 2020 11:11:08 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: The surprising secret hidden in a pregnancy test (bbc.com)

    The surprising secret hidden in a pregnancy test

    "A teardown of a digital pregnancy test has created a buzz after revealing
    it contained a standard paper test, similar to those used by GPs. The
    experiment has raised questions about whether the extra cost of digital
    pregnancy tests is justified. Some say the electronics give women a
    clearer answer but others point to the e-waste created by digital test
    kits. The experiment also found the digital test contained a
    microprocessor more powerful than early home computers. But the
    electronics themselves did not play a role in the hormone detection."

    The clearblue.com website (Pregnancy Tests: Digital Tests, Sticks and Kits - Clearblue) yields
    two peer-reviewed references on home-based pregnancy tests. Among them is
    "Comparison of analytical sensitivity and women's interpretation of home
    pregnancy tests" @ Comparison of analytical sensitivity and women's interpretation of home pregnancy tests - PubMed by Sarah
    Johnson, Michael Cushion, Sharon Bond, Sonya Godbert, Joanna Pike retrieved
    on 06SEP2020. I do not know if the publisher, "The Journal of Clinical
    Chemistry and Laboratory Medicine" requires reviewer conflict of interest
    disclosures.

    Their conclusion: "Many home-based pregnancy tests commonly used by women
    are not as accurate as their packaging information claims. International
    test standards which define appropriate performance characteristics for home
    pregnancy tests are urgently required."

    Computers leave no margin for doubt when they render output. Whether the
    correct result is rendered is another matter. False negative/positive rates
    of detection are considerations. The cited reference suggests that "trust,
    but verify" is the best strategy.

    There is also the matter of e-waste disposal and/or recycling.
    Learn More About E-Waste Recycling With These Facts and Figures
    estimates 50 million metric tons world-wide annually by 2020.

    ------------------------------

    Date: Tue, 1 Sep 2020 13:49:23 +0900
    From: Dave Farber <far...@keio.jp>
    Subject: It Has Come to This: Ignore the CDC (NYTimes OpEd)

    [I consider this to be non-political. Dave Farber]

    [I consider it to be right down the mainstream of RISKS items on
    science, transparency, etc. PGN]

    Harold Varmus and Rajiv Shah, *The New York Times, 31 Aug 2020

    [Harold Varmus, a professor at Weill Cornell Medicine and a former
    director of the National Institutes of Health, was a co-chair of President
    Barack Obama's Council of Advisers on Science and Technology. Rajiv Shah
    is president of the Rockefeller Foundation.]

    Opinion | It Has Come to This: Ignore the C.D.C. <Opinion | It Has Come to This: Ignore the C.D.C.>

    It Has Come to This: Ignore the CDC

    The agency's new guidelines are wrong, so states have to step up on their
    own to suppress the coronavirus.

    We were startled and dismayed last week to learn that the Centers for
    Disease Control and Prevention, in a perplexing series of statements had
    altered its testing to reduce the testing of asymptomatic people for the
    coronavirus.
    <C.D.C.’s ‘Clarification’ on Coronavirus Testing Offers More Confusion>
    <Coronavirus Disease 2019 (COVID-19)>

    These changes by the CDC will undermine efforts to end the pandemic, slow
    the return to normal economic, educational and social activities, and
    increase the loss of lives.

    Like other scientists and public health experts, we have argued that more
    asymptomatic people, not fewer, need to be tested to bring the pandemic
    under control. Now, in the face of a dysfunctional CDC, it's up to states,
    other institutions and individuals to act.
    <Covid-19 National Testing & Tracing Action Plan - The Rockefeller Foundation>

    Understanding what needs to be done requires understanding the different
    purposes of testing. Much of the current testing is diagnostic. People
    should get tested if they have symptoms -- respiratory distress, loss of
    smell, fever. There is no argument about this testing, and the altered CDC
    guidelines do not affect it.

    But under its revised guidelines, the CDC seeks to dissuade people who are
    asymptomatic from being tested. Yet this group poses both the greatest
    threat to pandemic control and the greatest opportunity to bring the
    pandemic to an end. It is with this group that our country has failed most
    miserably.

    Consider the logic. Without tests or a highly effective vaccine, the only
    certain way to prevent further spread of the virus would be to isolate
    everyone from everyone else. In theory, this would work, but it is untenable
    -- if not impossible -- because of the economic and social consequences of
    shutdowns.

    Tests, however, can reduce the number of people who need to be isolated --
    and only for as long as they are shown to be infected. If those tests were
    to be performed frequently (even daily) and widely (even universally), it is
    almost certain that the pandemic would evaporate in just a few weeks.

    That much diagnostic testing is not feasible, given the costs and logistics,
    as well as the likelihood that some would refuse to comply.

    So it makes sense to modulate the strategy by testing those who are at
    greatest risk of infection, and those who are most likely to spread the
    virus if they become infected.

    We can make well-informed predictions about those who should be given
    priority. Most obviously, testing is essential for those who are known to
    have been significantly exposed to an infected person, as determined by
    contact tracing. But testing is also important for those who have been or
    will soon be mixing with large groups in close quarters at work; entering
    the schools and colleges that are now reopening; and attending public events
    like concerts and sports matches.

    The financial and other practical demands of widespread testing can be
    lowered by making rational decisions about the optimal times for performing
    the tests -- a few days after being in contact with an infected person, for
    instance, or just before congregating with many others.

    The logistics and costs can be further reduced by simplifying the tests --
    using saliva samples collected at home, rather than uncomfortable nasal
    swabs that require trained personnel at specific locations; or by using
    so-called antigen tests, a cheap and rapid method to look for viral
    proteins, rather than expensive laboratory machines to find viral RNA. Even
    if these tests are a bit less accurate, their lower cost, higher speed and
    more frequent use make up for it.

    Some of these new methods have already been authorized for use by the Food
    and Drug Administration. And the Department of Health and Human Services has
    also committed to purchasing large quantities of antigen tests.
    <Rapid $5 Coronavirus Test Doesn't Need Specialty Equipment>
    <https://www.nytimes.com/2020/08/27/world/covid-19-coronavirus.html>

    These are practical and essential actions that need to be taken now. In the
    absence of sensible guidance from the CDC, what can the country do to
    control the pandemic? We urge at least three actions.

    State and local leaders should be emboldened to act independently of the
    federal government and do more testing. Some governors and local public
    health officials, from both parties, are already doing so and are ignoring
    the CDC's revisions
    <https://www.nytimes.com/2020/08/27/us/ca-covid-testing.html>. This position
    is legally sound, since the CDC is an advisory agency, not a regulatory
    one. Still, such discord undermines confidence in public health directives.

    Insurance companies, city and state governments, and the Center for Medicare
    and Medicaid Services should recognize the economic and health benefits of
    testing prioritized, asymptomatic populations and provide reasonable
    reimbursement for these tests. A major impediment to more widespread testing
    has been the lack of coverage in the absence of symptoms or known contacts
    with infected individuals. The costs of testing are decreasing as new
    methods, like antigen testing, are introduced, and may be further reduced as
    the pooling of samples makes testing more efficient.

    While more widespread testing for the virus is an essential factor in
    pandemic control, we need to make it part of a broad program that helps
    prevent transmission -- mask-wearing, hand-washing, quarantining and use of
    personal protective equipment.

    The CDC, the federal agency that should be crushing the pandemic, is
    promoting policies that prolong it. That means that local, state and
    organizational leaders will have to do what the federal government won't.

    ------------------------------

    Date: Tue, 1 Sep 2020 21:13:29 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: Intel Slips, and a High-Profile Supercomputer Is Delayed
    (NYTimes)

    https://www.nytimes.com/2020/08/27/technology/intel-aurora-supercomputer.html

    The exascale computer: 1E9 GFLOP == 10^15 FLOPs, or 1 exaFLOP (1 EFLOP?),
    double-precision FLOPS @ 64-bit per IEEE-754-2008.

    That Intel is tardy suggests a few foundry issues to address before they can
    cost-effectively stamp out the new "Ponte Vecchio" graphical processing
    units (GPUs) for integration. A challenge to achieve high-yields for GPUs
    chiplets stacked ~70 angstroms apart -- the diameter of ~77 hydrogen atoms.

    Aurora's paper specification can be found here:
    https://www.alcf.anl.gov/aurora. The box hosts a modest 10 petabytes of
    physical memory, a pool that will also serve as an excellent cosmic-ray
    target. Assuming 1 Tbytes of physical memory per node (10 * 1024 * 10^12 10Pbytes) yields 10240 compute+memory modules in the box.

    The chip and module packaging sophistication for cooling, signal routing,
    power distribution, and message-passing network fabric constitutes a
    considerable challenge to engineer and to operate for sustained
    uptime. Power consumption will likely be significant, and probably require a
    dedicated utility source.

    There's been a longstanding race among nations and technology companies to
    achieve and apply massively parallel processing (MPP) computation. The
    "winner" gets bragging rights, and temporarily sustains a technological edge
    that eventually translates into consumer marketplace sales. MPPs currently
    represent the only affordable means to "out compute" strategic competitors.

    MPP software is notoriously challenging to write and debug, given explicit
    message-passing dependencies (using OpenMPI), deadlock potential, and data
    load balance issues to sort out. Logical concurrency representations of the
    computation, via Tony Hoare's communicating sequential process model, is
    often applied in a single address space with multiple processes to show
    message-passing deadlock absence. It is far easier to detect and debug
    deadlock in a single virtual address space than to attempt over a physically
    distributed memory structure. Once a logically concurrent process structure
    is deadlock free, map it into the physical MPP architecture (using 10K+
    nodes) to accelerate computation against a large (multi-Pbyte) dataset. Then
    there's the I/O for results interpretation. Factor in a few cosmic ray node
    crashes along the way. Not for the faint of heart, especially for sequential
    thinkers.

    The PRC may have succeeded in being first to achieve and demonstrate an
    sustained eFLOP, though confirmation remains specious. See
    https://spectrum.ieee.org/computing/hardware/will-china-attain-exascale-supercomputing-in-2020.

    ------------------------------

    Date: Tue, 1 Sep 2020 11:03:30 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Amazon Drivers Are Hanging Smartphones in Trees to Get More Work
    ()

    Someone seems to have rigged Amazon system to get orders first.
    Operation reflects ferocious rivalry for gigs in a bad economy.
    Phones hang in a tree outside a Whole Foods store in Evanston, Illinois,
    on 29 Aug 2020.

    A strange phenomenon has emerged near Amazon.com Inc. delivery stations and
    Whole Foods stores in the Chicago suburbs: smartphones dangling from trees.
    Contract delivery drivers are putting them there to get a jump on rivals
    seeking orders, according to people familiar with the matter.

    Someone places several devices in a tree located close to the station where
    deliveries originate. Drivers in on the plot then sync their own phones
    with the ones in the tree and wait nearby for an order pickup. The reason
    for the odd placement, according to experts and people with direct
    knowledge of Amazon's operations, is to take advantage of the handsets'
    proximity to the station, combined with software that constantly monitors
    Amazon's dispatch network, to get a split-second jump on competing drivers.

    That drivers resort to such extreme methods is emblematic of the ferocious
    competition for work in a pandemic-ravaged U.S. economy suffering from
    double-digit unemployment. Much the way milliseconds can mean millions to
    hedge funds using robotraders, a smartphone perched in a tree can be the
    key to getting a $15 delivery route before someone else.

    Drivers have been posting photos and videos on social-media chat rooms to
    try to figure out what technology is being used to receive orders faster
    than those lacking the advantage. Some have complained to Amazon that
    unscrupulous drivers have found a way to rig the company's delivery
    dispatch system. [...]
    https://www.bloomberg.com/news/articles/2020-09-01/amazon-drivers-are-hanging-smartphones-in-trees-to-get-more-work
    -or-

    https://tech.hindustantimes.com/tec...in-trees-to-get-more-work-71598974024340.html

    ------------------------------

    Date: Tue, 1 Sep 2020 20:14:01 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Russians Again Targeting Americans With Disinformation, Facebook
    and Twitter Say

    The companies said the FBI had warned them that a so-called troll farm in
    St. Petersburg set up a network of fake user accounts and a website.

    https://www.nytimes.com/2020/09/01/technology/facebook-russia-disinformation-election.html

    ------------------------------

    Date: Wed, 2 Sep 2020 08:38:29 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: FBI worried that Ring doorbells are spying on police (bbc.com)

    https://www.bbc.com/news/technology-53985418

    "The 2017 incident describes how someone under investigation was able to
    'covertly monitor law enforcement activity while law enforcement was on the
    premises' and alert his neighbour and landlord. It does not name the brand
    of video doorbell used."

    IoT doorbell devices that capture surveillance photos of "suspicious"
    individuals is acceptable? Enable the device settings for that option to
    prevent indiscriminate, pervasive surveillance.

    Download the latest app that repairs the "allow cops to be photographed on
    duty" defect escape?

    ------------------------------

    Date: Wed, 2 Sep 2020 00:47:22 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: The Subtle Tricks Shopping Sites Use to Make You Spend More (WiReD)

    Through deceptive designs known as “dark patterns,” online retailers try to
    nudge you toward purchases you wouldn't otherwise make.

    https://www.wired.com/story/amazon-online-retail-dark-patterns/

    ------------------------------

    Date: Wed, 2 Sep 2020 01:01:09 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: A Saudi Prince's Attempt to Silence Critics on Twitter (WiReD)

    An ongoing investigation reveals how Mohammed bin Salman's team allegedly
    infiltrated the platform -- and got away with it.

    https://www.wired.com/story/mohammed-bin-salman-twitter-investigation/

    ------------------------------

    Date: Wed, 2 Sep 2020 13:09:27 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: California: Tell Your Senators That Ill-Conceived Immunity
    Passports Won't Help Us (EFF)

    Electronic Frontier Foundation:

    Californians should not be forced to present their smartphones to enter
    public places. But that's exactly what A.B. 2004 would do, by directing the
    state to set up a blockchain-based system for immunity passports: a
    verified health credential that shows the results of someone's last COVID-19
    test, and uses those to grant access to public places.

    By claiming that blockchain technology is part of a unique solution to the
    public health crisis we're in, AB 2004 is opportunism at its worst. We are
    proud to stand with Mozilla and the American Civil Liberties Union's
    California Center for Advocacy and Policy in opposing this bill. We
    encourage you to tell your senator to oppose it, too.

    https://www.eff.org/deeplinks/2020/...ill-conceived-immunity-passports-wont-help-us

    ------------------------------

    Date: Fri, 4 Sep 2020 12:46:12 -0400 (EDT)
    From: ACM TechNews <technew...@acm.org>
    Subject: Online Voting Company Pushes to Make It Harder for Researchers to
    Find Security Flaws (Alfred Ng)

    Alfred Ng, CNET, 3 Sep 2020, via ACM TechNews, Friday, September 4, 2020

    The Voatz electronic-voting company argued in a brief filed with the U.S.
    Supreme Court that security researchers should only seek flaws in e-voting
    systems with companies' permission. Voatz said, "Allowing for unauthorized
    research taking the form of hacks/attacks on live systems would lead to
    uncertain and often faulty results and conclusions, [and] makes
    distinguishing between true researchers and malicious hackers difficult."
    Voatz in February disputed Massachusetts Institute of Technology
    researchers' conclusions that its e-voting platform was rife with
    vulnerabilities, claiming their findings were "relatively useless" because
    the investigation was unauthorized. Researchers are pushing for the high
    court to consider such work shielded from the Computer Fraud and Abuse Act,
    which deems any intentional, unauthorized access to a computer a federal
    crime. They warned that malefactors will exploit the knowledge gap created
    if flaw detection and disclosure are allowed only with companies' explicit
    consent, rendering security research ineffective.
    "https://www.cnet.com/news/online-vo...arder-for-researchers-to-find-security-flaws/"

    [Voatz has had considerable controversy. For example, see
    https://www.supremecourt.gov/DocketPDF/19/19-783/153062/20200903122434600_Voatz Amicus Brief.pdf
    PGN]

    ------------------------------

    Date: Wed, 2 Sep 2020 15:17:23 PDT
    From: "Peter G. Neumann" <neu...@csl.sri.com>
    Subject: Russian election interference continues (NYTimes)

    Politico reported (yesterday): Russians Again Targeting Americans With
    Disinformation, Facebook and Twitter Say
    <https://www.nytimes.com/2020/09/01/technology/facebook-russia-disinformation-election.html>

    The companies said the F.B.I. had warned them that the Kremlin-backed Internet Research Agency set up a network of fake user accounts and a website.

    ------------------------------

    Date: Wed, 2 Sep 2020 13:40:22 -0700
    From: Lauren Weinstein <lau...@vortex.com>
    Subject: "Vote early, vote often?"

    Trump urges supporters to vote by mail AND in person, telling them to commit
    voter fraud

    [It's a felony. PGN]

    ------------------------------

    Date: Tue, 1 Sep 2020 08:47:43 -0400
    From: DrM Rebecca Mercuri <not...@mindspring.com>
    Subject: Happy National Poll Worker Recruitment Day

    1 Sep [was] National Poll Worker Recruitment Day -- a national awareness day
    established by the U.S. Election Assistance Commission to encourage people
    to help America vote by serving as poll workers. "By encouraging more
    people to become poll workers in their communities, National Poll Worker
    Recruitment Day aims to address the critical shortage of poll workers,
    strengthen democracy, inspire greater civic engagement and volunteerism, and
    help ensure free and fair elections in November 2020 and beyond."

    To sign up (do it soon) to get a PAID poll worker assignment in your local
    community, go to <https://www.eac.gov/help-america-vote>

    [Rebecca is perhaps best known in the election community for her 2001
    thesis on the voter-verified audit trail, Electronic Vote Tabulation
    Checks and Balances. She is now Tweeting daily (through Nov 2020) on
    election topics and voting security concerns. You can follow her at
    <https://twitter.com/NotableMercuri>. PGN]

    ------------------------------

    Date: Thu, 03 Sep 2020 21:13:50 -0400
    From: mal...@carlock.com
    Subject: Re: For Election Administrators, Death Threats Have Become Part
    of the Job (ProPublica, RISKS-32.24)

    Election officials have been dealing with death threats for a very long
    time, probably (where democracy existed) for thousands of years.

    Over a century ago, New York's Tammany Hall machine hired gang members to
    intimidate voters, political opponents and election officials. The laws
    they pushed through to "inadvertently" empower the gangs are still on the
    books today.

    https://nypost.com/2012/01/16/the-strange-birth-of-nys-gun-laws/

    If millions of voters fear or form a distaste for dealing with "correct
    voting enforcement" at the polls, does that create a RISK of a candidate
    being elected with only a tiny percentage of the population actually voting?

    https://www.cityandstateny.com/arti...d-elections/de-blasio-voter-turnout-2017.html

    ------------------------------

    Date: Sun, 6 Sep 2020 12:55:06 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Court Approves Warrantless Surveillance Rules While Scolding FBI

    The release of a newly declassified ruling follows a separate decision by an
    appeals court that a defunct National Security Agency program was illegal.

    https://www.nytimes.com/2020/09/05/...ss-surveillance-rules-while-scolding-fbi.html

    ------------------------------

    Date: Tue, 01 Sep 2020 01:14:43 +0800
    From: Dan Jacobson <jid...@jidanni.org>
    Subject: Blanked-Out Spots On China's Maps Helped Us Uncover Xinjiang's
    Camps (Buzzfeed)

    https://www.buzzfeednews.com/articl...images-investigation-xinjiang-detention-camps

    "Our breakthrough came when we noticed that there was some sort of issue
    with satellite imagery tiles loading in the vicinity of one of the known
    camps while using the Chinese mapping platform Baidu Maps. The satellite
    imagery was old, but otherwise fine when zoomed out -- but at a certain
    point, plain light gray tiles would appear over the camp location. They
    disappeared as you zoomed in further, while the satellite imagery was
    replaced by the standard gray reference tiles, which showed features such as
    building outlines and roads."

    ------------------------------

    Date: Wed, 2 Sep 2020 20:55:23 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: How Four Brothers Allegedly Fleeced $19 Million From Amazon (WiReD)

    The scheme involved 7,000 $94 toothbrushes, according to law enforcement.

    According to the indictment, the brothers swapped ASINs for items Amazon
    ordered to send large quantities of different goods instead. In one
    instance, Amazon ordered 12 canisters of disinfectant spray costing
    $94.03. The defendants allegedly shipped 7,000 toothbrushes costing $94.03
    each, using the code for the disinfectant spray, and later billed Amazon for
    over $650,000.

    In another instance, Amazon ordered a single bottle of designer perfume for
    $289.78. In response, according to the indictment, the defendants sent 927
    plastic beard trimmers costing $289.79 each, using the ASIN for the
    perfume. Prosecutors say the brothers frequently shipped and charged Amazon
    for more than 10,000 units of an item when it had requested fewer than
    100. Once Amazon detected the fraud and shut down their accounts, the
    brothers allegedly tried to open new ones using fake names, different email
    addresses, and VPNs to obscure their identity. “Open account under dummy
    names and they can go look for no one,” Yoel allegedly wrote on WhatsApp in
    the fall of 2018.

    https://www.wired.com/story/how-four-brothers-allegedly-fleeced-19-million-amazon/

    Nobody matches what's received/billed against what's ordered?

    ------------------------------

    Date: Thu, 3 Sep 2020 18:03:24 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: A critical flaw is affecting thousands of WordPress sites (WiReD)

    Hackers have been exploiting the vulnerability, which is now patched: Users
    should update to File Manager version 6.9 ASAP.

    https://www.wired.com/story/a-critical-flaw-is-affecting-thousands-of-wordpress-sites/

    ------------------------------

    From: the keyboard of geoff goodfellow <ge...@iconia.com>
    Date: Wed, 2 Sep 2020 12:32:25 -1000
    Subject: Is Your Chip Card Secure? Much Depends on Where You Bank (EPAM)

    Chip-based credit and debit cards are designed to make it infeasible for
    skimming devices or malware to clone your card when you pay for something by
    dipping the chip instead of swiping the stripe. But a recent series of
    malware attacks on U.S.-based merchants suggest thieves are exploiting
    weaknesses in how certain financial institutions have implemented the
    technology to sidestep. [...]
    https://www.epam.com/about/newsroom...ip-card-secure-much-depends-on-where-you-bank

    ------------------------------

    Date: Mon, 31 Aug 2020 14:50:31 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: The Brain Implants That Could Change Humanity (NYTimes)

    https://www.nytimes.com/2020/08/28/opinion/sunday/brain-machine-artificial-intelligence.html

    Moises Velasquez-Manoff explores and discusses brain computer interface
    (BCI) technology, experiments, and ethics. The essay presents a
    thought-provoking tour de force of active BCI research largely sponsored by
    corporations to augment future revenue capture. The proverbial "Google cap"
    may one-day substitute for the mouse and keyboard to facilitate brain
    read/write operations: brain wave transliteration into digital commands and
    emotive/intellectual idea stimulus without lifting a finger or batting an
    eyelid.

    Medical justification for neural stimulator implant research is established
    for patients suffering from paralysis, Parkinson's or Alzheimer's Disease,
    and certain severe compulsive disorders (drug, alcohol) abuse that have
    limited or no effective pharmaceutical interventions. Significant risks are
    attributed to implanted medical devices especially neural stimulators (see
    https://catless.ncl.ac.uk/Risks/32/22#subj12 for instance).

    BCI capabilities become spooky and privacy-invasive when reading
    (interpolating/extrapolating) and/or writing (injecting/compositing) human
    brainwaves to facilitate consumer convenience. This sentiment is especially
    true given myopic corporate leadership that emphasizes casual consumer "user
    experience" over therapeutic use.

    The essay also discusses potential national security implications of this
    technology, and foresees an BCI-race among superpowers for strategic
    advantage.

    BCI ethics are discussed:

    "When I asked Facebook about concerns around the ethics of big tech entering
    the brain-computer interface space, Mr. Chevillet, of Facebook Reality Labs,
    highlighted the transparency of its brain-reading project. 'This is why
    we've talked openly about our B.C.I. research -- so it can be discussed
    throughout the neuroethics community as we collectively explore what
    responsible innovation looks like in this field,' he said in an email.

    "Ed Cutrell, a senior principal researcher at Microsoft, which also has
    a B.C.I. program, emphasized the importance of treating user data
    carefully. 'There needs to be clear sense of where that information
    goes,' he told me. 'As we are sensing more and more about people, to
    what extent is that information I'm collecting about you yours?'

    "Some find all this talk of ethics and rights, if not irrelevant, then
    at least premature.

    "Medical scientists working to help paralyzed patients, for example, are
    already governed by HIPAA laws, which protect patient privacy. Any new
    medical technology has to go through the Food and Drug Administration
    approval process, which includes ethical considerations."

    HIPAA enforcement measures are ineffective: they neither sufficiently
    penalize nor deter hyper-sensitive data-trove breach. See
    https://www.hhs.gov/hipaa/for-profe...forcement-highlights/2019-december/index.html
    for summary enforcement actions through DEC2019.

    BCI technology constitutes interdisciplinary work: creative and
    thrilling, a cutting-edge chance-of-a-lifetime to "make a difference."

    Despite professional membership and allegiance to ethical codes of
    conduct, scientists and engineers routinely participate on projects with
    little concern about product or result end-use. Most appear content to
    accept the idea that end-use decisions are "above my payscale."

    Regular readers of this forum know that to maintain a secret, don't
    write it down and save into a computer, especially a cloud-connected
    one. BCI capabilities bypass manually-engaged interfaces, secrets can be
    recorded surreptitiously, or ideas imbued without veto. Human wetware
    read/write occurs with false-negative/positive outcome probability of
    success or failure.

    Widespread introduction of BCIs into the consumer marketplace
    (entertainment, education, transportation, etc.) WITHOUT regulatory
    safeguards and strict enforcement of privacy and data protection
    standards would represent a perfidious act against privacy rights. A BCI
    license, a safeguard to own/operate, should become mandatory and
    required via qualifying exam or certification of purpose regardless of
    read-only or read/write-enabled product capability. A warning label, in
    big RED text, might also state: "Product use may induce severe physical
    and emotional harm including, but not limited to: trauma, anxiety,
    convulsion, compulsiveness, paralysis, orgasm, constipation,
    incontinence, day dream, nightmare, hunger, thirst,..."

    Some earlier submissions that touch on BCI can be found by searching
    comp.risks for {fMRI, brain wave ai} yields:

    1) https://catless.ncl.ac.uk/Risks/14/42#subj5.1 (1993)
    2) https://catless.ncl.ac.uk/Risks/17/70#subj5.1 (1996)
    3) https://catless.ncl.ac.uk/Risks/29/60#subj13.1
    4) https://catless.ncl.ac.uk/Risks/29/63#subj46.1
    5) https://catless.ncl.ac.uk/Risks/29/64#subj12.1
    6) https://catless.ncl.ac.uk/Risks/29/73#subj7.1
    7) https://catless.ncl.ac.uk/Risks/30/40#subj10.1

    ------------------------------

    From: geoff goodfellow <ge...@iconia.com>
    Date: Sat, 29 Aug 2020 13:53:07 -1000
    Subject: Neuralink: Elon Musk unveils pig he claims has computer implant in
    brain (The Guardian)

    Billionare entrepreneur presented animal during a live-stream event to
    recruit workers for his neuroscience startup

    The tech entrepreneur Elon Musk on Friday showed off a pig whose brain he
    says has been implanted with a small computer.

    ``We have a healthy and happy pig, initially shy but obviously high energy
    and, you know, kind of loving life, and she's had the implant for two
    months,'' Musk said of Gertrude, the pig.

    The billionaire entrepreneur, whose other companies include Tesla and
    SpaceX, presented during a live-stream event to recruit employees for his
    neuroscience startup Neuralink. He described Gertrude's coin-sized implant
    as *Fitbit in your skull with tiny wires*.

    Musk co-founded Neuralink in 2016 with the goal of creating a wireless
    brain-machine interface, something scientists hope can help cure
    neurological conditions and allow people with paralysis to control a
    computer mouse. [...]
    https://www.theguardian.com/technology/2020/aug/28/neuralink-elon-musk-pig-computer-implant

    ------------------------------

    Date: Sun, 30 Aug 2020 16:36:43 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: New parking technology aims to manage curb space virtually
    (WashPost)

    Washington DC is the first U.S. city to test a system that sends real-time
    information about curbside parking availability to delivery drivers -- a
    move its developer hopes will make food deliveries more efficient and reduce
    driver stress.

    In addition to telling drivers whether space is available, the system also
    sends information about the size of available spots so drivers can tell
    whether their vehicles will fit.

    https://www.washingtonpost.com/loca...9275f2-e881-11ea-bc79-834454439a44_story.html

    What could go wrong with this? This time it's a real question -- thinking of
    "No good deed goes unpunished" and the Law of Unintended Consequences. I
    guess we'll find out.

    ------------------------------

    Date: Sat, 29 Aug 2020 20:48:16 -0400
    From: Gene Spafford <sp...@purdue.edu>
    Subject: The Pod People Campaign: Driving User Traffic via Social Networks
    (Courtney Falk)

    This report may be of interest to some. It is by a former student, and
    provides details of a puzzling threat campaign.

    > Date: August 28, 2020 at 21:50:32 EDT
    > From: Courtney Falk <courtn...@infinite-machines.com>
    > Subject: The Pod People Campaign: Driving User Traffic via Social Networks

    Today I'm releasing a report that documents independent research I've done
    over the last two months. I've identified infrastructure used by threat
    actors across a variety of social network. The actors insert links into
    legitimate user profiles with the hope of redirecting users to spam
    websites. Over 70 different social networks appear to be affected to
    differing degrees.

    I'm releasing the report and indicators on GitHub. Hopefully this improves
    the health and safety of social networks and the Internet at large. Please
    feel free to share and distribute as you see fit. Courtney Falk

    https://github.com/podpeople/podpeople

    ------------------------------

    Date: Sun, 30 Aug 2020 08:41:19 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Re: Humans Take a Step Closer to Flying Car

    In the 1880s, the first automobile was developed and about two decades
    later, the Wright brothers in North Carolina invented the first successful
    airplane. Today, the world is closer to combining those two concepts as a
    Japanese tech company said it completed a manned test flight of a *flying
    car*.

    The company, SkyDrive, said in a news on Friday that it had release
    completed a flight test using *the world's first manned testing machine*,
    its SD-03 model, an electrical vertical takeoff and landing (eVTOL)
    vehicle. The flight time was four minutes, the company said.
    <https://skydrive2020.com/archives/3506>

    The aircraft has one seat and operates with eight motors and two propellers
    on each corner. It lifted about 3 meters (or about 10 feet) into the air and
    was operated by a pilot, the company said.

    Tomohiro Fukuzawa, SkyDrive's chief executive, said on Saturday that five
    years ago there were various prototypes of flying cars, usually with fixed
    wings. SkyDrive's product, he said, was one of the most compact in size and
    was lighter compared with other designs. [...]
    https://dnyuz.com/2020/08/29/humans-take-a-step-closer-to-flying-cars/

    ------------------------------

    Date: Tue, 1 Sep 2020 15:41:00 +0100
    From: Martin Ward <mar...@gkc.org.uk>
    Subject: Re: Driverless cars are coming soon followup (Bacon, RISKS-32.24)

    Much more common than applying the handbrake while moving at a substantial
    speed (in my personal driving style at least) is the use of engine braking:
    reducing speed by changing down to a lower gear. I regularly do this when
    approaching junctions and traffic lights to avoid wear on the brake pads.
    When changing down, however, I also touch the brake pedal to cause the brake
    lights to illuminate and indicate to any drivers behind me that I am
    reducing speed.

    ------------------------------

    Date: Mon, 31 Aug 2020 08:16:47 -0700
    From: Barry Gold <Barry...@ca.rr.com>
    Subject: Re: Tesla with Autopilot hits cop car; driver admits he was
    watching a movie (RISKS-32.24)

    >From the Ars Technica article: Tesla could learn from
    Cadillac<https://arstechnica.com/cars/2018/1...gms-super-cruise-in-consumer-reports-ratings/>,
    whose Super Cruise technology includes an eye-tracking camera that verifies
    that the driver is looking at the road. An eye-tracking system like this
    would likely prevent incidents like Wednesday's crash in North Carolina. If
    the driver had tried to watch a movie while Autopilot was engaged, the
    system would have detected that he was not watching the road, warned the
    driver, and eventually deactivated itself.

    I wonder how well that works if the driver is wearing sunglasses.

    ------------------------------

    Date: Sat, 29 Aug 2020 20:19:31 -0700
    From: "David E. Ross" <da...@rossde.com>
    Subject: Re: Date and time synchronization (RISKS-32.24)

    John Harper asked three questions.

    All three were answered in a very large (for that era) software system
    developed some 50+ years ago for the U.S. Air Force for operating space
    satellites. That software system remained in use more than 10 years beyond
    its expected life time, into the 1990s. Internally, date and time were
    represented as elapsed TAI (atomic) minutes -- a single floating-point value
    combining date and time -- from a base date, which was database settable.

    In the TAI time scale, there are no leap-seconds. Neither daylight savings
    time nor time zones exist. For display purposes, the date-time minutes
    value was converted to UTC, again without daylight savings time or time
    zones. The reverse conversion was also implemented for accepting user input
    of date and time.

    Leap-seconds are announced about 30 days in advance. We would enter the
    date of a pending leap-second into the system's database before it actually
    occurred so that the TAI>UTC and UTC>TAI conversions would remain correct.

    (Preferably, leap-seconds occur at the end of the day on either 30 June or
    31 December. The standard also allows for leap-seconds at the end of the
    day on 31 March or 30 September, but I do not think those two options have
    ever been used. The standard limits the occurrence of leap-seconds to those
    four instances.)

    No one at IBM understood any of this. That was unfortunate because IBM
    had the contract to replace that software system in the 1990s.

    ------------------------------

    Date: Sun, 30 Aug 2020 15:45:50 +0200
    From: Terje Mathisen <terje....@tmsw.no>
    Subject: Re: Date and time synchronization (RISKS-32.24)

    The 0200 -- 0300 change is pretty much standard everywhere that uses
    daylight savings adjustments.

    I have been a member of the NTP Hackers (Network Time Protocol) team for the
    last 25 years, I have probably spent more time pondering these issues than
    most comp.risks regulars. :)

    First, all computers should of course maintain internal time in UTC, or even
    better, in TAI.

    That is, daylight savings and/or time zones are irrelevant to time stamps.

    However, if you do have to take time stamps in local time, then you also
    need to record the current time zone, which includes (at least indirectly)
    the current number of leap seconds which is a proxy for the TAI-UTC
    offset. So effectively you need to convert back to either UTC or TAI at the
    point of measurement.

    Systems that do this wrong, like the default for Windows, seem to magically
    change all time stamps for file modification when you change time zones
    and/or enter/leave a daylight savings period.

    All of these issues occur after the original post about taking a glitch-free
    sample of a multi-element counter.

    ------------------------------

    Date: Sun, 30 Aug 2020 10:41:56 -0500
    From: "Craig S. Cottingham" <cr...@cottingham.net>
    Subject: Re: Dicekeys, an additional risk (Lederman, RISKS-32.24)

    There seems to be quite a bit of misinformation in play with regards to how
    Dicekeys work and are intended to be used. I'm not sure if that
    misunderstanding is on the part of previous correspondents or mine, so I
    welcome corrections if I'm not describing Dicekeys correctly below.

    1. The dice are intended to be randomized *only once*, after which they are
    placed in a box which is sealed shut and only ever *read* in the
    future. I don't know that the box is tamper-proof, but I suspect it is
    designed to be at least tamper-evident.

    2. The software which turns the state of the randomized dice into a
    cryptographic secret is open source. While it *can* use an image of the
    dice in the box to generate the secret, it's not *required*. You can
    supply the position, orientation, and exposed faces of the dice manually.

    3. One of the advisors to the team is Bruce Schneier, who should need no
    introduction to RISKS readers. I assume that he was involved in designing
    Dicekeys, or at least that by being associated with Dicekeys he is
    indicating his confidence in its security. I do not feel qualified to vet
    the security of Dicekeys myself, but I am comfortable that *he* is.

    ------------------------------

    Date: Sun, 30 Aug 2020 21:27:26 -0500
    From: Bob Wilson <wil...@math.wisc.edu>
    Subject: Re: Dicekeys, an additional risk (Lederman, RISKS-32.24)

    For non-techies, physical randomization may seem more secure than
    computer-generated. But if the dice are not extremely well made, they'll be
    a bit less random than theory suggests.

    No matter how well made the dice are, as they are used they will collide
    with each other and slowly (or quickly, depending upon the material) become
    more and more deformed. This means they will become less random, and each
    set of dice will become less random in a different way.

    It is not so easy as that. "Random" is a very tricky word or concept. (See
    how much space the Bible according to Don Knuth devotes to it!) Unless you
    can say what it means and use that to decide about what actually makes the
    dicekeys result random, you can't be sure the wear might not make the
    results MORE random, whatever that might mean! The world seems to have
    gotten away from software verification these days, but verbal claims need
    similar calibration.

    ------------------------------

    Date: Mon, 31 Aug 2020 01:06:13 +0300
    From: Amos Shapir <amo...@gmail.com>
    Subject: Re: Greenland glacier melt (RISKS-32.24)

    (Following is my opinion as a qualified forecaster and former meteorologist.)

    > And recently, the Jakobshavn Glacier has been found to be growing *again.
    > https://wattsupwiththat.com/2019/06...ists-explain-nasas-growing-greenland-glacier/

    Read articles, not headlines. This article notes "This photo of a dog sled
    team going through some meltwater on ice in Greenland has made headlines,
    but it's just a snapshot of one place", and then brings up details of a
    glacier which is recently expanding.

    But the Jakobshavn glacier is also just one place, which is evident from
    what the article itself lists as the main reason for its expansion:
    Unusually cold water off Greenland west coast. Cold water which is the
    result of all other glaciers in Greenland melting away (which the article
    does not mention).

    It is also true that the melting ice in Greenland is not very significant
    globally, as it contributes to ocean rising of less than 1mm per year; but
    keep in mind that Greenland is not the problem, only its symptom.

    ------------------------------

    Date: Tue, 01 Sep 2020 13:44:50 +0100
    From: David Damerell <dame...@chiark.greenend.org.uk>
    Subject: Re: Greenland glacier melt (Newbury, RISKS-32.24)

    [Eschenbach, 3 Aug 2019?]

    Willis Eschenbach wrote much the same article in 2010 (for the same site,
    which is not remotely reliable). Why, we ask, do we look at the average from
    1981 to 2010 - especially in the 2019 version?

    Because it neatly elides the increase. In 2009, the figure was 286 billion
    tonnes, over twice the 2002 figure (itself more than this average).
    Depending on whether the increase is linear or not, the blithe conclusion
    that it'll last forever is distinctly dubious.

    The rest of the submission is the usual dodges where we find one particular
    glacier that's growing and conclude there's no overall problem.

    The risks of using a site whose operator is dependent on conspiracy theories
    for his income should be obvious.

    ------------------------------

    Date: Mon, 31 Aug 2020 11:50:39 +0100
    From: John Murrell <ma...@JohnMurrell.org.uk>
    Subject: Re: Grading by algorithm results in UK debacle

    While the downgrading of students O-Levels got all the publicity, there were
    also significant upgrades.

    [I had to edit this a little. I hope this is correct. PGN]

    In the Italian exam in one exam centre, there were two different cohorts of
    students. One included those who had English as a first language and who
    were learning Italian as a 2nd or 3rd foreign language. The teacher and
    local moderation graded these mostly as grade 4 or 5 passes.

    However, due to local demographics, a lot of students who speak Italian as
    their first language but are living in the part of England covered by the
    exam centre also sit the Italian exams to get another GCSE of hopefully high
    grade. As Italian is their first language, they find the exam quite easy and
    in normal years get what are now grades 8 & 9.

    As a result of this, the algorithm decided that the cohort of English as a
    first language students had been under-graded and raised their grades by
    around 4 or 5 to meet the results of the Italian students at the centre.

    As the higher of the algorithm or teacher awarded grades stands, there are
    now a group of students who are apparently brilliant at Italian but in
    reality are weak as they did not even complete all the syllabus.

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-...@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    => SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    => SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    => SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    => The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    ==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.25
    ************************
     
  15. LakeGator

    LakeGator Mostly Harmless Moderator

    4,813
    556
    368
    Apr 3, 2007
    Tampa
    Risks Digest 32.26

    RISKS List Owner

    Sep 13, 2020 7:13 PM

    Posted in group: comp.risks

    RISKS-LIST: Risks-Forum Digest Sunday 13 September 2020 Volume 32 : Issue 26

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
    Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <The RISKS Digest> as
    <The RISKS Digest, Volume 32 Issue 26>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Insecure satellite Internet is threatening ship and plane safety
    (Ars Technica)
    The Hubble Space Telescope Still Works Great, Except When It Doesn't
    (npr.org)
    SpaceX's Dark Satellites Are Still Too Bright for Astronomers
    (Scientific American)
    Man vs. machine: Pentagon plans 2024 dogfight between human pilot,
    artificial intelligence (WashTimes)
    Weakened Encryption: The Threat to America's National Security (Third Way)
    Why Do Voting Machines Break on Election Day? (The Markup)
    Why human brains are bad at assessing the risks of pandemics (WashPost)
    First Pandemic, Now Ransomware: Attack Forces Hartford to Postpone School
    (NYTimes)
    Website Crashes and Cyberattacks Welcome Students Back to School (NYTimes)
    44 Square Feet: A School-Reopening Detective Story (WiReD)
    Creepy Geofence Finds Anyone Who Went Near a Crime Scene (WiReD)
    Apple postpones iOS 14 privacy update following Facebook uproar
    (Business Insider)
    How Big Oil Misled The Public Into Believing Plastic Would Be Recycled
    (npr.org)
    New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption
    (The Hacker News)
    Ericsson spotlights open RAN security risks (MobileWorldLive)
    Re: Intel Slips, and a High-Profile Supercomputer Is Delayed (Phil Martel)
    Re: Humans Take a Step Closer to Flying Car (Amos Shapir)
    Re: Leap-seconds (John Stockton)
    Re: Happy National Poll Worker Recruitment Day (Richard A. DeMattia)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Tue, 8 Sep 2020 15:33:22 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Insecure satellite Internet is threatening ship and plane safety
    (Ars Technica)

    Attacks that worked 10 years ago have only gotten worse despite growing use.

    More than a decade has passed since researchers demonstrated serious privacy
    <Satellite-hacking boffin sees the unseeable> and security
    holes
    <https://www.blackhat.com/presentati...t-DC-2010-Nve-Playing-with-SAT-1.2-slides.pdf>
    in satellite-based Internet services. The weaknesses allowed attackers to
    snoop on and sometimes tamper with data received by millions of users
    thousands of miles away. You might expect that in 2020 -- as satellite
    Internet has grown more popular -- providers would have fixed those
    shortcomings, but you'd be wrong.

    In a briefing
    <Black Hat USA 2020 | Briefings Schedule>
    delivered on Wednesday at the Black Hat security conference online,
    researcher and Oxford PhD candidate James Pavur presented findings that show
    that satellite-based Internet is putting millions of people at risk, despite
    providers adopting new technologies that are supposed to be more advanced.

    Over the course of several years, he has used his vantage point in mainland
    Europe to intercept the signals of 18 satellites beaming Internet data to
    people, ships, and planes in a 100 million-square-kilometer swath that
    stretches from the United States, Caribbean, China, and India. What he
    found is concerning. A small sampling of the things he observed include:

    - A Chinese airliner receiving unencrypted navigational information and
    potentially avionics data. Equally worrisome, that data came from the same
    connection passengers used to send email and browse webpages, raising the
    possibility of hacks from passengers.
    - A system administrator logging in to a wind turbine in southern
    France, some 600 kilometers away from Pavur, and in the process exposing a
    session cookie used for authentication.
    - The interception of communications from an Egyptian oil tanker
    reporting a malfunctioning alternator as the vessel entered a port in
    Tunisia. Not only did the transmission allow Pavur to know the ship would
    be out of commission for a month or more, he also obtained the name and
    passport number of the engineer set to fix the problem.
    - A cruise ship broadcasting sensitive information about its
    Windows-based local area network, including the log-in information stored
    in the Lightweight Directory Access Protocol
    <Lightweight Directory Access Protocol - Wikipedia>
    database
    - Email a lawyer in Spain sent a client about an upcoming case.
    - The account reset password for accessing the network of a Greek
    billionaire's yacht.

    Hacking satellite communications at scale. [...]
    Insecure satellite Internet is threatening ship and plane safety

    ------------------------------

    Date: Tue, 8 Sep 2020 11:07:11 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: The Hubble Space Telescope Still Works Great, Except When It
    Doesn't (npr.org)



    "This is an aging telescope, after all. Back in 2018, when a gyroscope on
    Hubble failed, researchers activated one of its on-board spares -- the
    so-called gyroscope 3. It's been glitchy from the get-go."

    A flaky gyroscope causes the Hubble's aim to wander -- non-deterministic
    axial guidance disables reliable observation. Astronomers are forced to roll
    dice.

    The Ace Satellite Repair Company closed in MAY2009. Doubtful a robotic
    repair attempt would be funded. Unknown if there are available standby
    gyroscopes on-board to replace the bad actor. Hubble's cupboard may be
    "empty down to the cat" on that resource.

    ------------------------------

    Date: Fri, 11 Sep 2020 10:16:36 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: SpaceX's Dark Satellites Are Still Too Bright for Astronomers
    (Scientific American)

    SpaceX’s Dark Satellites Are Still Too Bright for Astronomers

    "These results show that DarkSat is essentially a dead end, says Jonathan
    McDowell, a researcher at the Center for Astrophysics at Harvard University
    and the Smithsonian Institution, who has run computer simulations of
    megaconstellation effects on astronomical observations. Nevertheless, he
    says, the investigation by Tregloan-Reed's team is an important step. 'This
    study is notable as one of the first significant observational studies of a
    Starlink satellite, something that the community is now organizing to do on
    a much bigger scale,' McDowell adds. He cautions that if the satellites
    continue to be launched without a fix, 'the impact would be huge.'"

    Prior comp.risks submissions on Starlink and satellite megaconstellations
    impact on astronomical observations:

    1) The RISKS Digest, Volume 31 Issue 28
    2) The RISKS Digest, Volume 31 Issue 51
    3) The RISKS Digest, Volume 31 Issue 57

    ------------------------------

    Date: Thu, 10 Sep 2020 16:03:14 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Man vs. machine: Pentagon plans 2024 dogfight between human pilot,
    artificial intelligence (WashTimes)

    AI programs have bested human pilots so far in flight simulations

    The Pentagon is planning a 2024 showdown between an F-16 piloted by a human
    and one controlled by artificial intelligence, a man versus machine matchup
    that military officials believe could represent a key turning point in
    technological development.

    Defense Secretary Mark Esper announced the 2024 contest during a speech on
    AI development Wednesday at the Pentagon. The Defense Advanced Research
    Projects Agency, or DARPA, already has held numerous combat simulations
    between human pilots and machines.

    In the most recent round, officials said the AI-controlled system easily
    defeated the human. [...]
    Man vs. machine: Pentagon plans 2024 dogfight between human pilot, artificial intelligence

    ------------------------------

    Date: Thu, 10 Sep 2020 10:03:55 PDT
    From: "Peter G. Neumann" <neu...@csl.sri.com>
    Subject: Weakened Encryption: The Threat to America's National Security
    (Third Way)

    https://www.thirdway.org/report/weakened-encryption-the-threat-to-americas-national-security

    ------------------------------

    Date: Fri, 11 Sep 2020 16:57:13 +0000
    From: "Fleming, Cody [M E]" <flem...@iastate.edu>
    Subject: Why Do Voting Machines Break on Election Day? (The Markup)

    Why Do Voting Machines Break on Election Day? – The Markup

    I guess one problem is figuring out how just many risks there are now with
    respect to elections. Too many to count?

    ------------------------------

    Date: Sun, 13 Sep 2020 00:18:31 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Why human brains are bad at assessing the risks of pandemics
    (WashPost)

    https://www.washingtonpost.com/life...95321c-dd9d-11ea-b205-ff838e15a9a6_story.html

    Cause or effect, beliefs are tribal.

    ------------------------------

    Date: Tue, 8 Sep 2020 17:48:50 -0400
    From: Jan Wolitzky <jan.w...@gmail.com>
    Subject: First Pandemic, Now Ransomware: Attack Forces Hartford to Postpone
    School (NYTimes)

    https://www.nytimes.com/2020/09/08/nyregion/hartford-schools-ransomware.html

    ------------------------------

    Date: Tue, 8 Sep 2020 20:29:24 -0400
    From: Monty Solomon <mo...@roscom.com>
    Subject: Website Crashes and Cyberattacks Welcome Students Back to School
    (NYTimes)

    With many districts across the country opting for online learning, a range
    of technical issues marred the first day of classes.

    https://www.nytimes.com/2020/09/08/us/school-districts-cyberattacks-glitches.html

    ------------------------------

    Date: Sat, 12 Sep 2020 22:30:07 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: 44 Square Feet: A School-Reopening Detective Story (WiReD)

    Author writes:

    Schools -- but not public health officials -- across the US are making it a
    rule: Every student needs to have 44 sq. ft. of space. I tried to find out
    why. [...] Two days later I was on the phone with Mary Filardo, executive
    director of the NCSF, a nonprofit that supports K-12 school facilities
    officials in more than 25 states. I walked her through the mystery at hand
    -- the school plan, the consultant, the Education Week guide, and, finally,
    the diagram credit pointing back to her. My knee was bouncing, fingers at
    the ready at my keyboard for transcription. At last, the enigma would be no
    more. But before I could even finish asking the question, she interrupted in
    a tone that was equal parts alarm, annoyance, and puzzlement. ``That's way
    off!'' she cried. ``No wonder you're confused.''

    After we hung up, I placed what seemed to be the final pin on my crazy wall
    <https://www.google.com/search?q="cr...WNc98KHVm5BkEQ_AUoAXoECA4QAw&biw=1382&bih=766>:
    My school district had gotten the all-important number 44 from a consultant
    who'd found it in an /Education Week/ article that had somehow bungled the
    advice from an educational nonprofit. But there was still another layer
    below. It wasn't clear, from talking to Filardo, how the NCSF came up with
    44 square feet as the lower-bound approximation. The depth of my rabbit
    hole was approaching the Earth's mantle. I could feel the heat of magma
    burbling just beyond.

    https://www.wired.com/story/44-square-feet-a-school-reopening-detective-story/

    ...thus transmuting questionable assumptions and math into nonsense.

    ------------------------------

    Date: Tue, 8 Sep 2020 00:37:43 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Creepy Geofence Finds Anyone Who Went Near a Crime Scene (WiReD)

    Police increasingly ask Google and other tech firms for data about who was
    where, when. Two judges ruled the investigative tool invalid in a Chicago
    case.

    https://www.wired.com/story/creepy-geofence-finds-anyone-near-crime-scene/

    ------------------------------

    Date: Wed, 9 Sep 2020 13:52:28 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Apple postpones iOS 14 privacy update following Facebook uproar
    (Business Insider)

    Apple is giving developers some breathing space to get ready for an update
    to iOS 14 that will let users opt out of being tracked for advertising
    purposes.

    The update was supposed to be released as part of iOS 14, which is expected
    to roll out this month. In a statement on Thursday, however, Apple said it
    was delaying this particular part of the update until 2021.

    "We want to give developers the time they need to make the necessary
    changes, and as a result, the requirement to use this tracking permission
    will go into effect early next year," Apple said in blog post on Thursday.

    When Apple announced the privacy update, it drew the rancor of developers
    who said it could wreak havoc on their ad-revenue streams. Facebook said
    the update could slash revenues from its Audience Network by up to 50%. The
    company added that the change might even lead it to stop developing its
    Audience Network for iOS altogether.

    https://www.businessinsider.com/apple-ios-14-update-postponed-14-2020-9

    What a shame that wouldn't be -- hurting Facebook revenue in the interest of
    privacy.

    ------------------------------

    From: Richard Stein <rms...@ieee.org>
    Date: Sat, 12 Sep 2020 10:49:40 +0800
    Subject: How Big Oil Misled The Public Into Believing Plastic Would Be
    Recycled (npr.org)

    [Not computer-related; an environmental life cycle issue impacting Earth's
    ecosystem.]

    https://www.npr.org/2020/09/11/8976...blic-into-believing-plastic-would-be-recycled

    "We found that the industry sold the public on an idea it knew wouldn't work
    -- that the majority of plastic could be, and would be, recycled -- all
    while making billions of dollars selling the world new plastic."

    Epidemic plastic pollution threatens the environment, food chain and public
    health. A serious global problem in search of an urgent, effective solution.

    How to proactively mitigate pervasive plastic pollution? Let nature take its
    course? Earthworms or bacteria partially digest certain plastics. Does this
    effluent enhance the environment and diminish the pollution risk?

    Would a master settlement agreement compel industry to act on a clean up?
    Recall the Tobacco MSA
    https://en.wikipedia.org/wiki/Tobacco_Master_Settlement_Agreement to
    compensate US States for medical expenses. An agreement of this scope would
    likely motivate a industrial regulatory arbitrage exercise -- shift
    operations to a lower-cost jurisdiction, and export products.

    https://en.wikipedia.org/wiki/Plastic_pollution#Effects_on_humans identifies
    plastic pollution impact on human thyroid and reproductive hormones from BPA
    (bisphenol A).

    See https://catless.ncl.ac.uk/Risks/31/08#subj22 by Goodfellow.

    Risk: Groupthink. Carbon-extraction industrial interests conspire to
    misinform regulatory oversight and political leadership about product
    risk. Again.

    ------------------------------

    Date: Thu, 10 Sep 2020 15:57:43 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: New Raccoon Attack Could Let Attackers Break SSL/TLS Encryption
    (The Hacker News)

    A group of researchers has detailed a new timing vulnerability in Transport
    Layer Security (TLS) protocol that could potentially allow an attacker to
    break the encryption and read sensitive communication under specific
    conditions.

    Dubbed "Raccoon Attack <https://raccoon-attack.com/>," the server-side
    attack exploits a side-channel in the cryptographic protocol (versions 1.2
    and lower) to extract the shared secret key used for secure communications
    between two parties.

    "The root cause for this side channel is that the TLS standard encourages
    non-constant-time processing of the DH secret," the researchers explained
    their findings in a paper. "If the server reuses ephemeral keys, this side
    channel may allow an attacker to recover the premaster secret by solving an
    instance of the Hidden Number Problem."

    However, the academics stated that the vulnerability is hard to exploit and
    relies on very precise timing measurements and on a specific server
    configuration to be exploitable.

    A Timing Attack to Leak Secret Keys [...]

    https://thehackernews.com/2020/09/raccoon-ssl-tls-encryption.html

    ------------------------------

    Date: Fri, 11 Sep 2020 08:21:22 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Ericsson spotlights open RAN security risks (MobileWorldLive)

    Ericsson dampened open RAN enthusiasm, arguing more work needs to be done
    to address key security risks associated with the technology.

    In a blog, head of security for network product solutions Jason Boswell
    highlighted several areas of vulnerability, including new and expanded risks
    from the use of fresh interfaces and third-party network applications.

    Added security measures are also needed to address new threats presented by
    the decoupling of hardware and software functions, and vendors should
    carefully scrutinise open source code they plan to use, he said.

    Boswell stressed ``security cannot be an afterthought,'' advocating the
    importance of a risk-based approach. [...]
    https://www.mobileworldlive.com/fea...e/ericsson-spotlights-open-ran-security-risks

    ------------------------------

    Date: Mon, 7 Sep 2020 22:15:06 -0400
    From: Phil Martel <poma...@comcast.net>
    Subject: Re: Intel Slips, and a High-Profile Supercomputer Is Delayed
    (Stein, RISKS-32.25)

    > The exascale computer: 1E9 GFLOP == 10^15 FLOPs, or 1 exaFLOP (1 EFLOP?),
    > double-precision FLOPS @ 64-bit per IEEE-754-2008.

    Of course, 1E9 GFLOP = 1E18 FLOP

    [Also noted by Eric Sosman, who seems to be about three orders of
    magnitude off. FLOP inflation, maybe? Or G deflation? Or exa-sensory
    deception? ES]

    ------------------------------

    Date: Fri, 11 Sep 2020 13:23:47 +0300
    From: Amos Shapir <amo...@gmail.com>
    Subject: Re: Humans Take a Step Closer to Flying Car (RISKS-32.25)

    Flying cars have appeared in almost all future technology predictions since
    the early 20th century; yet despite many other predictions since then having
    materialized, flying cars never actually took off (excuse the pun).

    The reason for that becomes evident when one considers what could an actual
    flying car be used for: the only benefit is not having to switch vehicles
    when reaching an airport -- and even that is greatly diminished by some
    flying car models which require configuration changes at the airport, or
    VTOL models which do not require driving to an airport anyway.

    OTOH, a flying car would always have to lug around a lot of unused hardware,
    whether traveling on a road or flying; it could never become as efficient as
    a single-purpose car nor as an airplane.

    ------------------------------

    Date: Tue, 8 Sep 2020 14:10:43 +0100
    From: John Stockton <dr.j.r...@gmail.com>
    Subject: Re: Leap-seconds (Ross, RISKS-32.25)

    > "Leap-seconds are announced about 30 days in advance."

    My observations indicate that the announcement is normally over 5.5 months
    in advance, not 30 days. For example, see the current issue of Bulletin C at
    https://hpiers.obspm.fr/eoppc/bul/bulc/bulletinc.dat.

    Terje Mathisen, following, wrote "The 0200--0300 change is pretty much
    standard everywhere that uses daylight savings adjustments." The EU rules,
    which apply also in other nearby Western European countries, are that all
    the clocks should be altered simultaneously at 01:00 UTC on the chosen
    Sundays, Brussels Time, whatever the local time might be. My present
    understanding is that in the USA the clocks are altered, one way or the
    other, on reaching 02:00 local time. Canadian provinces in the past have
    altered their clocks at varied times of day; I don't know whether that is
    still the case. In Lord Howe Island, the clocks are altered by only half an
    hour - Wikipedia, and
    https://www.timeanddate.com/time/zone/australia/lord-howe-island .

    ------------------------------

    Date: Mon, 7 Sep 2020 17:28:26 -0400
    From: "Richard A. DeMattia" <radem...@sbcglobal.net>
    Subject: Re: Happy National Poll Worker Recruitment Day (RISKS-32.25)

    Poll worker recruitment might be a bit more effective if half-day shifts
    were permitted, unlike in Ohio where the work shift is from before 6am to
    probably 8pm or later, and no partial-shift volunteers accepted.

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-...@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    => SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    => SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    => SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    => The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    ==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.26
    ************************
     
  16. LakeGator

    LakeGator Mostly Harmless Moderator

    4,813
    556
    368
    Apr 3, 2007
    Tampa
    RISKS-LIST: Risks-Forum Digest Friday 18 September 2020 Volume 32 : Issue 27

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
    Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <The RISKS Digest> as
    <The RISKS Digest, Volume 32 Issue 27>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    PG&E error at power plant may help explain California's rolling blackouts
    (SFChronicle.com)
    Using information to cause a blackout (Crypto-gram)
    Small drink cup-holders lead to engine shutdowns on A350s (FlightGlobal)
    A Tesla driver was caught sleeping on Autopilot at high speed, police are
    charging him criminally (electrek})
    University Ransomware Attack Exploits Citrix, Kills German Hospital Patient
    (Politico)
    Weakened Encryption: The Threat to America's National Security (ThirdWay)
    At this point, 5G is a bad joke (Computerworld)
    Mobile phone radiation may be killing insects: German study (phys.org)
    Listening To An IPhone With AM Radio (Hackaday)
    Is the Internet Conscious? If It Were, How Would We Know? (Vinton Cerf)
    Voatz letter published (Jack H Cable)
    A Quick Note on Voting Twice (Matt Bishop)
    How smart tech could help save the world's honey bees (cnn.com)
    The future is cyborg: Kaspersky study finds support for human augmentation
    (Reuters)
    Police Across Canada Are Using Predictive Policing Algorithms, Report Finds
    (Nathan Munn)
    The 20-Year Hunt for the Man Behind the Love Bug Virus (WiReD)
    Phone system cursed by magic words (Chicago Tribune)
    I Have Blood on My Hands: A Whistleblower Says Facebook Ignored Global
    Political Manipulation? (Buzzfeednews)
    How an Epic Series of Tech Errors Hobbled Miami' Schools (WiReD)
    Early research from 23andMe strengthens link between blood types and
    Covid-19 (Kate Sheridan)
    New Report Explains COVID-19's Impact on Cybersecurity (The Hacker News)
    Re: 44 Square Feet: A School-Reopening Detective Story (Brian Inglis)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Mon, 14 Sep 2020 20:39:29 -0400 (EDT)
    From: SFChronicle.com | Breaking News <newsl...@sfchronicle.com>
    Subject: PG&E error at power plant may help explain California's rolling
    blackouts (SFChronicle.com)

    *San Francisco Chronicle*, 14 Sep 2020
    PG&E error at power plant may help explain California’s rolling blackouts>

    A mistake by Pacific Gas and Electric Co. may have played a role in one of
    the two days that California experienced rolling blackouts during an extreme
    heat wave last month.

    ------------------------------

    Date: Tue, 15 Sep 2020 21:32:18 +1000
    From: 3daygoaty <threed...@gmail.com>
    Subject: Using information to cause a blackout (Crypto-gram)

    Bruce Schneier covers "How weaponizing disinformation can bring down a
    city's power grid" linked here:
    How weaponizing disinformation can bring down a city’s power grid

    The attack has already happened and defenses are there, in London at
    least! People turning on thousands of kettles in TV ad breaks:
    TV pickup - Wikipedia

    Dinorwig Power Station, pumped hydro scheme built in 1974 (I understand
    but cannot prove) specifically for the Coronation Street TV show tea and
    toast ad breaks.

    I will use this little spot to suggest that a better vector is solar
    microinverters. RISKS readers no doubt love what went down in Hawaii (and
    in fact what stayed up):

    "...as you can imagine, service call costs to 51,000 solar homes equipped
    with 800,000 micro inverters quickly added up to tens of millions of
    dollars. Uniquely, Enphase (who are heavily data focused and driven)
    already had the ability to remotely connect to and tweak inverter
    settings. Could they simultaneously, remotely and precisely make this
    change? And measure its effectiveness? From their headquarters in Napa
    Valley, California?"

    Risk: Enphase install goes awry and an incomplete firmware upgrade causes
    800k microinverters to reboot continuously, rapidly raising and lowering
    grid feed-in. Then there's tens of millions of dollars of house calls.

    NoCookies | The Australian

    ------------------------------

    Date: Sun, 13 Sep 2020 21:34:19 -0400
    From: George Mannes <gma...@gmail.com>
    Subject: Small drink cup-holders lead to engine shutdowns on A350s
    (FlightGlobal)

    Airbus has developed a new liquid-resistant integrated control panel for the
    A350, designed to avoid the risk to engine systems from accidental drink
    spillage in the cockpit.

    Its development follows two incidents, in November last year and January
    this year, in which A350-900s diverted as a result of uncommanded engine
    shutdowns linked to beverage spills on the panel....

    Airbus redesigns A350 control panel to resist liquid spillage

    >From AVWeb:

    In both instances one of the engines shut down and couldn't be restarted....

    ...It's not clear if the EASA [European Aviation Safety Administration]
    mandate will include bigger cup holders. There are at least two located well
    out of harm's way to the left of the captain and right of the FO but they're
    too small for the paper cups used by most airport vendors.

    Airbus Spill-Proofs A350 Consoles - AVweb

    ------------------------------

    Date: Fri, 18 Sep 2020 04:56:05 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: A Tesla driver was caught sleeping on Autopilot at
    high speed, police are charging him criminally

    A Tesla driver was caught sleeping on Autopilot with their seat *fully
    reclined* at high speed, according to police who criminally charged the
    driver.

    Alberta RCMP (Canada federal police) reported on a strange incident
    involving a Tesla vehicle on Autopilot.

    ``Alberta RCMP received a complaint of a car speeding on Highway 2 near
    Ponoka. The car appeared to be self-driving, traveling over 140 km/h [87
    mph] with both front seats completely reclined and occupants appeared to be
    asleep.''

    With this report, they shared the picture of a Tesla Model S vehicle on
    Twitter:

    Alberta RCMP received a complaint of a car speeding on Hwy 2 near #Ponoka
    <https://twitter.com/hashtag/Ponoka?src=hash&ref_src=twsrc^tfw>. The car
    appeared to be self-driving, travelling over 140 km/h [87 mph] with both
    front seats completely reclined & occupants appeared to be asleep. The
    driver received a Dangerous Driving charge & summons for court
    *pic.twitter.com/tr0RohJDH1* <https://t.co/tr0RohJDH1>

    RCMP Alberta (@RCMPAlberta) *September 17, 2020*
    <>

    Tesla Autopilot is not a ``self-driving'' system but a suite of driver
    assist features.

    While it can technically drive autonomously on highways without driver
    interventions, Tesla asks drivers to keep their hands on the wheel and to
    pay attention at all times.

    The automaker also implemented a system that requires drivers to frequently
    apply light torque to the steering wheel in order for Autopilot to stay
    active.

    Some Tesla drivers have been getting around the system by *attaching a
    weight to the steering wheel*
    <Tesla Autopilot ‘buddy’ hack to avoid ‘nag’ relaunches as 'phone mount' to get around NHTSA ban - Electrek>
    -- a practice considered dangerous by US regulators (and anyone with half a
    mind).

    In this incident, the police reported some strange behaviors from the
    vehicle, which was presumably on Autopilot: [...]
    A Tesla driver was caught sleeping on Autopilot at high speed, police are charging him criminally - Electrek

    ------------------------------

    Date: Fri, 18 Sep 2020 11:17:33 PDT
    From: "Peter G. Neumann" <neu...@csl.sri.com>
    Subject: University Ransomware Attack Exploits Citrix, Kills German Hospital
    Patient (Politico)

    A ransomware attack led to a patient's death in Germany
    <German hospital hacked, patient taken to another city dies>,
    authorities there said, marking the first known occasion of ransomware being
    directly linked to a person's demise in the hospital -- and perhaps the most
    direct civilian demise caused anywhere by any kind of cyberattack. An
    investigation could lead to homicide charges, local press reported. News of
    the incident last week -- where a patient had to be transferred to another
    city's hospital due to the ransomware and died because of the delay in
    treatment -- first broke on Thursday. The attack apparently wasn't even
    targeting the hospital, but instead a university. A long-warned
    vulnerability in Citrix tied to the attack generated another German
    cybersecurity agency alert.
    <BSI - Presseinformationen des BSI - Cyber-Angriff auf Uniklinik Düsseldorf: BSI warnt vor akuter Ausnutzung bekannter Schwachstelle>
    [linked document in German].

    Cybersecurity experts have been warning for some
    time<> about a
    cyberattack causing the death of a medical patient, but the link has usually
    been seen far more
    indirectly<Study: Ransomware, Data Breaches at Hospitals tied to Uptick in Fatal Heart Attacks — Krebs on Security>. Industry
    voices took to Twitter to lament the death, sometimes in profane terms.
    <> ``If you ever
    wondered why the unsung jobs of IT admins [are] so thankless, if they
    succeed, they are invisible, whereas if they fail - we all fail & people
    die, tweeted Katie Moussouris, CEO of Luta Security.
    <>

    See also:
    Woman dies during a ransomware attack on a German hospital

    ------------------------------

    Date: Wed, 16 Sep 2020 11:04:53 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Weakened Encryption: The Threat to America's National Security
    (ThirdWay)

    *Takeaways* For years, law enforcement officials have warned that, because
    of encryption, criminals can hide their communications and acts, causing law
    enforcement to struggle to decrypt data during their investigation -- a
    challenge commonly referred to as ``going dark.'' They called on technology
    companies to build a process, like a ``master key,'' to enable law
    enforcement to unlock encrypted communications. While this may seem like a
    tempting idea, it would have grave implications for our national security.
    As more and more of our communications move online, users seek out encrypted
    services to protect their privacy. Unlike telephonic communications, and
    despite repeated requests by law enforcement to do so, Congress has not
    required Internet communications platforms to give law enforcement access to
    intercept user communications or access stored communications. In this
    paper, we assess the national security risks to a requirement to provide
    that master key (referred to throughout as ``exceptional'' or ``backdoor''
    access) to encrypted communications and propose alternative approaches to
    address online harms.

    In short, requiring exceptional access to encrypted technologies would
    undermine national security by:

    1. Weakening protections for the information that the national security
    community relies upon, especially as it flows over foreign networks.
    2. Creating a vulnerability in encrypted communications that could be
    accessed by foreign adversaries.
    3. Encouraging other countries to require tech and Internet companies
    to provide equivalent access to communications within their boundaries.
    4. This does not mean that the Internet should be a lawless zone. Law
    enforcement and the private sector can and should cooperate in addressing
    crimes on the Internet and can do so without undermining a protection as
    fundamental as encryption. [...]

    Weakened Encryption: The Threat to America’s National Security – Third Way

    ------------------------------

    Date: Fri, 18 Sep 2020 00:14:40 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: At this point, 5G is a bad joke (Computerworld)

    Thinking of buying a new phone, just for high-speed mmWave 5G? Do yourself a
    favor: Don't.

    At this point, 5G is a bad joke

    The risk? Marketing.

    ------------------------------

    Date: Fri, 18 Sep 2020 14:19:53 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: Mobile phone radiation may be killing insects: German study
    (phys.org)

    https://phys.org/news/2020-09-mobile-insects-german.html

    "Mobile phone and Wi-Fi radiation in particular opens the calcium channels
    in certain cells, meaning they absorb more calcium ions.

    "This can trigger a biochemical chain reaction in insects, the study said,
    disrupting circadian rhythms and the immune system."

    "Peter Hensinger of the German consumer protection organisation Diagnose
    Funk said closer attention must be paid to the possible negative effects of
    radiation on both animals and humans, particularly with regard to the
    introduction of 5G technology."

    The insect apocalypse threatens to disrupt food chains and our ecosystem. Do
    WiFi and cellular device and tower radiation exposure also contribute to
    premature insect mortality?

    Photon energy is determined by E = h*f
    (h == Planck's constant, f == frequency).

    Ultraviolet-C photons, known to cause melanoma, range in energy between
    ~4.5-12.4 eV (see Ultraviolet - Wikipedia). 4.5 eV ~= 1100
    THz; 12.4 eV ~= 3000 THz. A microwave oven operates @ ~2.5 GHz (~0.01
    milli-electron volts).

    5G technology (at a maximum) operates at ~30GHz (0.03 THz) or ~0.12
    milli-electron volts which is insufficient, via the photoelectric effect, to
    ionize an atom in a DNA's amino acid during reproduction and elevate genetic
    mutation probability.

    A certain species of bacteria has evolved a mechanism to survive ionizing
    radiation exposure. See
    Deinococcus radiodurans - Wikipedia. Doubtful that insects
    inherited this capability. Humans do not possess these genes.

    Note that room temperature of 300 degrees Kelvin (25 degrees Celsius or ~77
    degrees F) ~= 0.026 eV which is ~200X greater than the energy of a 30 GHz
    radio-wave photon. Ambient thermal energy, inside or out, swamps cell phone
    radiation. DNA evolved to accommodate heat exposure.

    Do RF sources influence insect cell membrane ion mobility and initiate
    premature death? Exposure of Insects to Radio-Frequency Electromagnetic Fields from 2 to 120 GHz | Scientific Reports
    (MAR2018) documents effects of RF exposure on several insect species using
    2-120 GHz radio-waves. Their conclusion: "This could lead to changes in
    insect behavior, physiology, and morphology over time due to an increase in
    body temperatures, from dielectric heating." 'Could' is the operative word.

    What happens when Drosophila Melanogaster are exposed to 30 GHz radio-wave
    radiation for 1 hour each day? Fruit flies experience slight warming for 1
    hour. Atmospheric garden heat exposes a fruit fly to 200 times the photon
    energy emitted by cellular radio-wave photons.

    To my knowledge, there are no established (meaning non-conflicted,
    independent peer-review) links to non-ionizing radiation and vitality, be it
    insect or human. Ambient RF radiation contribution to mortality, human or
    insect, is impossible given physics.

    Where are the epidemiological clusters and studies of human glioblastomas
    (brain cancer) or other malignancies from earlier generations of cellphone
    use and persistent exposure to ambient RF from cellphone towers or radio and
    TV broadcasts? They do not exist.

    Habitat loss and pesticide exposure are known, obvious insect mortality
    contributors. Atmospheric influences (such as extra CO2, CH4, SO2, or
    pollution or aerosols ) on insect populations are likely contributors (see
    Decline in insect populations - Wikipedia).

    The original publication on Germany's mitigation of insect demise is here:
    https://phys.org/news/2020-08-germany-dim-night-insects.html.

    ------------------------------

    Date: Fri, 18 Sep 2020 05:12:22 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Listening To An IPhone With AM Radio

    Electronic devices can be surprisingly leaky, often spraying out information
    for anyone close by to receive. [Docter Cube] has found another such leak,
    this time with the speakers in iPhones. While repairing an old AM radio and
    listening to a podcast on his iPhone, he discovered that the radio was
    receiving audio the from his iPhone when tuned to 950-970kHz.

    [Docter Cube] states that he was able to receive the audio signal up to 20
    feet away. A number of people responded to the tweet with video and test
    results from different phones. It appears that iPhones 7 to 10 are affected,
    and there is at least one report for a Motorola Android phone. The
    amplifier circuit of the speaker appears to be the most likely culprit, with
    some reports saying that the volume setting had a big impact. With the short
    range the security risk should be minor, although we would be interested to
    see the results of testing with higher gain antennas. It is also likely that
    the emission levels still fall within FCC Part 15 limits. [...]
    Listening To An IPhone With AM Radio

    ------------------------------

    Date: Thu, Sep 17, 2020 at 8:18 AM
    From: vinton cerf <vgc...@gmail.com>
    Subject: Is the Internet Conscious? If It Were, How Would We Know?

    [via geoff goodfellow]

    we give autonomy to a lot of IOT devices/applications; maybe that is not
    quite independent behavior.

    Are stock programmed trading systems conscious? yes - they take in input,
    process, produce output that affects the real world (stock market). They
    are capable of unexpected behaviors (bugs). If based on machine learning,
    they are also capable of "breaking" owing to unpredicted situations.

    > Is the Internet Conscious? If It Were, How Would We Know?

    ------------------------------

    Date: Mon, 14 Sep 2020 17:04:32 +0000
    From: Jack H Cable <cab...@stanford.edu>
    Subject: Voatz letter published

    The Voatz letter was published today, available at Response to Voatz’s Supreme Court Amicus Brief - disclose.io. Thank you to everyone who signed on and contributed!

    The letter was featured in this week's Politico cybersecurity newsletter<Previewing the annual CISA cyber summit>.

    ------------------------------

    Date: Tue, 15 Sep 2020 15:34:06 -0700
    From: Matt Bishop <mabi...@ucdavis.edu>
    Subject: A Quick Note on Voting Twice

    > But if each ballot voted has to be checked to make sure it is not
    > a second ballot, then the disruption factor is ENORMOUS.

    Actually, not every ballot needs to be checked. Here's how it works:

    If you vote by mail, when the envelope is received and your signature
    validated, it's recorded that you voted. If you send in another vote by mail
    ballot, when they try to validate your signature, the system will report you
    have already voted. This is automatic and done when your signature is
    checked.

    So let's say you go to vote in person.

    If you are doing a same-day registration, you vote conditionally. The
    conditional ballot is handled the same as a provisional ballot.

    If you have your vote by mail ballot and surrender it to the election
    workers, they then print you a new ballot, and you vote in person.

    If you do not have your vote by mail ballot, you then vote provisionally.

    In all cases, if you have already signed the poll book, you vote
    provisionally.

    So the time-consuming checking is in processing the provisional and
    conditional ballots. That can take quite a while; according to the election
    officials in my county (Yolo), it can take 2-3 weeks to process them. It
    took a bit longer at the last election due to COVID-19, but the Secretary of
    State extended the dates.

    Hope this clarifies things.

    [Of course, some precincts don't use electronic poll books, and are
    manual. Mine has a paper list that one has to sign that cannot indicate
    whether you have already voted absentee. When the absentee ballots are
    tallied later, the paper record would have to checked. PGN]

    ------------------------------

    Date: Fri, 18 Sep 2020 19:57:49 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: How smart tech could help save the world's honey bees (cnn.com)

    How smart tech could help save the world's honey bees - CNN

    The pollination industry contributes ~US$ 180B annually to agribusiness.
    Avocados and almonds depend on pollination, as do ~1/3 of all commercial
    crops.

    Pesticides and fungicides -- agricultural chemicals -- jeopardize pollinator
    survival. Bee apiaries fail at a high rate: ~44% die off annually,
    threatening agriculture yields.

    Hive inspection is time-consuming and laborious. Enter the wireless beehive
    sensor to remotely monitor hive health for temperature, humidity, sound,
    etc. and supply the beekeeper with important indicators of vitality or
    decline.

    Risks: Sensor calibration errors. Telemetry processing hacks manipulate hive
    performance indicators.

    [A few bugs to work out before a beeline to IPO?]

    See Bee Dance Game for an algorithm and game
    that simulates bee dances. Not hard to imagine an ambitious future
    roboticist who designs and builds robobees that out-compete natural
    pollinators.

    ------------------------------

    Date: Thu, 17 Sep 2020 09:38:40 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: The future is cyborg: Kaspersky study finds support for human
    augmentation (Reuters)

    Nearly two thirds of people in leading Western European countries would
    consider augmenting the human body with technology to improve their lives,
    mostly to improve health, according to research commissioned by Kaspersky.

    As humanity journeys further into a technological revolution that its
    leaders say will change every aspect of our lives, opportunities abound to
    transform the ways our bodies operate from guarding against cancer to
    turbo-charging the brain.

    The Opinium Research survey of 14,500 people in 16 countries including
    Britain, Germany, France, Italy and Spain showed that 63% of people would
    consider augmenting their bodies to improve them, though the results varied
    across Europe.

    In Britain, France and Switzerland, support for augmentation was low - at
    just 25%, 32% and 36% respectively - while in Portugal and Spain it was
    much higher - at 60% in both.

    ``Human augmentation is one of the most significant technology trends
    today,'' said Marco Preuss, European director of global research and
    analysis at Kaspersky, a Moscow-based cybersecurity firm.

    ``Augmentation enthusiasts are already testing the limits of what's
    possible, but we need commonly agreed standards to ensure augmentation
    reaches its full potential while minimising the risks,'' Preuss
    said. [...]
    The future is cyborg: Kaspersky study finds support for human augmentation

    ------------------------------

    Date: September 14, 2020 at 18:42:31 GMT+9
    From: Dewayne Hendricks <dew...@warpspeed.com>
    Subject: Police Across Canada Are Using Predictive Policing Algorithms,
    Report Finds (Nathan Munn)

    Nathan Munn, *Vice*, 1 Sep 2020 (via David Farber)

    Police across Canada are increasingly adopting algorithmic technology to
    predict crime. The authors of a new report say human rights are threatened
    by the practice.

    <Police Across Canada Are Using Predictive Policing Algorithms, Report Finds>

    Police across Canada are increasingly using controversial algorithms to
    predict where crimes could occur, who might go missing, and to help them
    determine where they should patrol, despite fundamental human rights
    concerns, a new report has found.

    To Surveil and Predict: A Human Rights Analysis of Algorithmic Policing in
    Canada is the result of a joint investigation by the University of Toronto's
    International Human Rights Program (IHRP) and Citizen Lab. It details how,
    in the words of the report's authors, ``law enforcement agencies across
    Canada have started to use, procure, develop, or test a variety of
    algorithmic policing methods,'' with potentially dire consequences for civil
    liberties, privacy and other Charter rights, the authors warn.

    The report breaks down how police are using or considering the use of
    algorithms for several purposes including predictive policing, which uses
    historical police data to predict where crime will occur in the
    future. Right now in Canada, police are using algorithms to analyze data
    about individuals to predict who might go missing, with the goal of one day
    using the technology in other areas of the criminal justice system. Some
    police services are using algorithms to automate the mass collection and
    analysis of public data, including social media posts, and to apply facial
    recognition to existing mugshot databases for investigative purposes.

    ``Algorithmic policing technologies are present or under consideration
    throughout Canada in the forms of both predictive policing and algorithmic
    surveillance tools.''

    Police in Vancouver, for example, use a machine-learning tool called GeoDASH
    to predict where break-and-enter crimes might occur. Calgary Police Service
    (CPS) uses Palantir's Gotham software to identify and visualize links
    between people who interact with the police -- including victims and
    witnesses -- and places, police reports, and the properties and vehicles
    they own. (A draft Privacy Impact Assessment (PIA) conducted by CPS in 2014
    and mentioned in the report noted that Gotham could ``present false
    associations between innocent individuals and criminal organizations and
    suspects'' and recommended measures to mitigate the risk of this happening,
    but not all the recommendations have been implemented.)

    The Toronto Police Service does not currently use algorithms in policing,
    but police there have been collaborating with a data analytics firm since
    2016 in an effort to ``develop algorithmic models that identify high crime
    areas,'' the report notes.

    The Saskatchewan Police Predictive Analytics Lab (SPPAL), founded in 2015,
    is using data provided by the Saskatoon Police Service to develop algorithms
    to predict which young people might go missing in the province. The SPPAL
    project is an extension of the ``Hub model'' of policing, in which social
    services agencies and police share information about people believed to be
    ``at risk'' of criminal behavior or victimization. The SPPAL hopes to use
    algorithms to address ``repeat and violent offenders, domestic violence, the
    opioid crisis, and individuals with mental illness who have come into
    conflict with the criminal justice system,'' the report reads.

    ``We've learned that people in Canada are now facing surveillance in many
    aspects of their personal lives, in ways that we never would have associated
    with traditional policing practices,'' said Kate Robertson, a criminal
    defense lawyer and one of the authors of the report, in a phone call with
    Motherboard.

    ``Individuals now face the prospect that when they're walking or driving
    down the street, posting to social media, or chatting online, police
    surveillance in the form of systematic data monitoring and collection may be
    at work,'' Robertson added.

    The authors note that ``historically disadvantaged communities'' are at
    particular risk of being targeted for surveillance and analysis by the
    technology due to systemic bias found in historical police data.

    ------------------------------

    Date: Mon, 14 Sep 2020 00:16:40 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: The 20-Year Hunt for the Man Behind the Love Bug Virus (WiReD)

    For two decades, Onel de Guzman has been suspected of unleashing the
    groundbreaking virus. But he's never confessed to anything -- until now.

    The 20-Year Hunt for the Man Behind the Love Bug Virus

    ------------------------------

    Date: Wed, 16 Sep 2020 16:15:32 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Phone system cursed by magic words (Chicago Tribune)

    Author writes:

    Trying to get a human on the line when you're trapped in some company's
    automated phone system is like whacking your way through a jungle with a
    pair of toenail clippers.

    Impossible. Interminable. Maddening.

    I am here today to offer two magic words to free you from the wilderness.

    We've all been there: You have a problem. You need a person. Instead, you're
    trapped with a computer that keeps chirping, "I'm sorry. Did you mean
    ...?"¿

    What I meant, @#$$%^, is: @#$! you.

    And those, I regret to say, are the magic words.

    Phone system cursed by magic words

    ------------------------------

    Date: Wed, 16 Sep 2020 11:15:08 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: I Have Blood on My Hands: A Whistleblower Says Facebook Ignored
    Global Political Manipulation? (Buzzfeednews)

    *A 6,600-word internal memo from a fired Facebook data scientist details how
    the social network knew leaders of countries around the world were using
    their site to manipulate voters -- and failed to act.*

    ``I've found multiple blatant attempts by foreign national governments to
    abuse our platform on vast scales to mislead their own citizenry, and caused
    international news on multiple occasions. I have personally made decisions
    that affected national presidents without oversight, and taken action to
    enforce against so many prominent politicians globally that I've lost
    count.'' [...]
    Whistleblower Says Facebook Ignored Global Political Manipulation

    ------------------------------

    Date: Wed, 16 Sep 2020 17:16:24 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: How an Epic Series of Tech Errors Hobbled Miami' Schools (WiReD)

    It started with the district hiring a little-known virtual charter school
    company, which led to balky connections and an even more troublesome
    curriculum.

    https://www.wired.com/story/epic-tech-errors-hobbled-miamis-schools/

    ------------------------------

    From: Dewayne Hendricks <dew...@warpspeed.com>
    Date: Wed, Sep 16, 2020 at 3:45 AM
    Subject: Early research from 23andMe strengthens link between blood types
    and Covid-19 (Kate Sheridan)

    Kate Sheridan, StatNews, 14 Sep 2020
    <https://www.statnews.com/2020/09/14/23andme-study-covid-19-genetic-link/>

    ------------------------------

    Date: Thu, 17 Sep 2020 08:07:53 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: New Report Explains COVID-19's Impact on Cybersecurity
    (The Hacker News)

    A new report explains COVID-19's impact on #cybersecurity, detailing
    changes in cyberattacks experts at @Cynet360 have observed across North
    America and Europe since the beginning of this pandemic.

    https://thehackernews.com/2020/09/covid-cybersecurity-report.html

    ------------------------------

    Date: Mon, 14 Sep 2020 17:21:00 -0600
    From: Brian Inglis <Brian....@SystematicSw.ab.ca>
    Subject: Re: 44 Square Feet: A School-Reopening Detective Story (RISKS-32.26)

    Take 2m physical distance guide, square for area/person, which seems
    reasonable and is the Australian guideline I believe, and convert to sq.ft.:

    $ units \(2m\)^2 ft^2
    43.055642 ft^2

    One Canadian indoor store selling outdoor goods seems to have gone an order
    higher:

    https://www.mec.ca/en/explore/precautions

    $ units 20m^2 yd^2
    23.919801 yd^2

    Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-...@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    => SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    => SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    => SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    => The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    ==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>
     
    Last edited by a moderator: Sep 20, 2020
  17. LakeGator

    LakeGator Mostly Harmless Moderator

    4,813
    556
    368
    Apr 3, 2007
    Tampa
    RISKS-LIST: Risks-Forum Digest Tuesday 22 September 2020 Volume 32 : Issue 28

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
    Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at <The RISKS Digest> as
    <The RISKS Digest, Volume 32 Issue 28>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Boeing cuts flight training pilots, will outsource jobs overseas (The Stand)
    Deepfakes to turn world into 'sci-fi dystopia' as humans 'won't tell
    difference' (Daily Star)
    DARPA-funded implantable biochip to detect COVID-19 could hit markets by
    2021 (ZeroHedge)
    Election systems already hacked? (Bob Woodward via Glenn Story)
    Unsecured Microsoft Bing Server Exposed Users' Search Queries and Location
    (The Hacker News)
    Old TV caused village broadband outages for 18 months (BBC)
    The Fight Over the Fight Over California's Privacy Future (WiReD)
    Fake directors plan to combat money laundering (bbc.com)
    D.C.'s New Area Code Will Be... 771 (DCist)
    Think Twice Before Using Facebook, Google, or Apple to Sign In Everywhere
    (WiReD)
    New Covid-19 swab test robot offers safe, more comfortable procedure for
    patients (Straits Times)
    Re: The future is cyborg (George Sigut)
    Re: A Quick Note on Voting Twice (Andrew Appel via PGN)
    Re: The future is cyborg (Martyn Thomas)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Tue, 22 Sep 2020 08:09:09 PDT
    From: "Peter G. Neumann" <neu...@csl.sri.com>
    Subject: Boeing cuts flight training pilots, will outsource jobs overseas
    (The Stand)

    http://www.thestand.org/2020/09/boeing-cuts-flight-training-pilots-will-outsource-jobs-overseas/

    [Thanks to Robert Dorsett. PGN]

    ------------------------------

    Date: Tue, 22 Sep 2020 09:35:19 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Deepfakes to turn world into 'sci-fi dystopia' as humans 'won't
    tell difference' (Daily Star)

    *Experts have warned that deepfake technology is rapidly advancing at a
    rate far faster than the technology used to detect it, with one believing
    it could be too smart for humans to figure out. [...]
    Deepfakes to turn world into 'sci-fi dystopia' as humans 'won't tell difference'

    ------------------------------

    Date: Sat, 19 Sep 2020 13:17:15 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: DARPA-funded implantable biochip to detect COVID-19 could hit
    markets by 2021 (ZeroHedge)

    A DARPA-Funded Implantable Biochip To Detect COVID-19 Could Hit Markets By 2021

    ------------------------------

    Date: Sat, 19 Sep 2020 15:50:35 -0700
    From: Glenn Story <glenn...@gmail.com>
    Subject: Election systems already hacked? (Bob Woodward)

    I'm reading the new Bob Woodward book, *Rage, *and came across this
    unsettling quote:

    "The NSA and CIA had evidence, highly classified, that the Russians had
    placed malware in the election registration system in at least two
    counties in Florida -- St. Lucie County and Washington County. There was
    no evidence yet that the malware had been activated. It was sitting there
    to be used. The voting system vendor used by Florida was used by state
    election registration systems all around the country. The Russian malware
    was sophisticated and could be activated in counties with particular
    demographics. For instance, in areas with higher percentages of Black
    residents, the malware could erase every tenth voter, almost certainly
    reducing the total vote count for Democrats. The same could potentially be
    activated to reduce Trump votes in Republican districts.".

    I've read lots of warnings about *attempts* to hack into American voting
    systems, but hadn't been aware of any successful penetrations.

    This seems very serious to me. If it is determined, after the fact, that
    votes were miscounted or voters were not allowed to vote in a battleground
    state, what will we do?

    *Rage* has been getting lots of publicity, but so far as I know no one has
    picked up on this passage, which even the author doesn't make a big noise
    about.

    Hopefully the counties that have been hacked (and all others using that
    brand of voting software) have had their systems scrubbed clean--it doesn't
    say one way or the other in the book.

    ------------------------------

    Date: Tue, 22 Sep 2020 08:02:27 -1000
    From: geoff goodfellow <ge...@iconia.com>
    Subject: Unsecured Microsoft Bing Server Exposed Users' Search Queries and
    Location (The Hacker News)

    A back-end server associated with Microsoft Bing exposed sensitive data of
    the search engine's mobile application users, including search queries,
    device details, and GPS coordinates, among others.

    The logging database, however, doesn't include any personal details such as
    names or addresses.

    The data leak, discovered by Ata Hakcil of WizCase
    <Data Leak: Unsecured Server Exposed Bing Mobile App Data> on September 12, is a
    massive 6.5TB cache of log files that was left for anyone to access without
    any password, potentially allowing cybercriminals to leverage the
    information for carrying out extortion and phishing scams.

    According to WizCase, the Elastic server is believed to have been password
    protected until September 10, after which the authentication seems to have
    been inadvertently removed.

    After the findings were privately disclosed to Microsoft Security Response
    Center, the Windows maker addressed the misconfiguration on September 16.

    Misconfigured servers have been a constant source of data leaks
    <Prison phone service Telmate exposes inmates' messages, PII, contacts>
    in recent years, resulting in exposure of email addresses, passwords, phone
    numbers, and private messages. [...]

    Unsecured Microsoft Bing Server Exposed Users' Search Queries and Location

    ------------------------------

    Date: Tue, 22 Sep 2020 07:42:10 -1000
    From: the keyboard of geoff goodfellow <ge...@iconia.com>
    Subject: Old TV caused village broadband outages for 18 months (BBC)

    *The mystery of why an entire village lost its broadband every morning at
    7am was solved when engineers discovered an old television was to blame*.

    Broadband: Old TV caused village broadband outages for 18 months
    Old TV caused village broadband outages
    Old TV caused village broadband outages

    [Also noted by Mark Bennison]

    ------------------------------

    Date: Mon, 21 Sep 2020 20:20:06 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: The Fight Over the Fight Over California's Privacy Future (WiReD)

    Proposition 24 is designed to make the California Consumer Privacy Act
    stronger. Why do so many privacy advocates oppose it?

    When state senator Bob Hertzberg learned that an ambitious privacy
    initiative had gotten enough signatures to qualify for the ballot in
    California, he knew he had to act quickly.

    ``My objective was to get the damn thing off the ballot.''

    The Fight Over the Fight Over California’s Privacy Future

    ------------------------------

    Date: Sun, 20 Sep 2020 12:04:15 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: Fake directors plan to combat money laundering (bbc.com)

    Fake directors plan to combat money laundering

    The UK's Companies House comprises a core system of record that
    authenticates business ownership and persons of significant control (PSC) --
    corporate directors. Historically weak oversight enabled rampant criminal
    exploitation via money laundering enterprises.

    "One estimate from Transparency International (TI), which investigates
    corruption, identified almost 1,000 front companies responsible for up to
    £137 billion of suspected criminal money flowing through the UK."

    See Gatekeepers asleep on the job - Blog - Transparency.org for
    instance:

    "Reporting of major corruption scandals usually puts the high-profile
    kleptocrats front and centre, and rightly so. But, more often than not, the
    criminal and corrupt couldn't launder their ill-gotten gains without a
    variety of professional services, including those of accountants, notaries,
    real estate agents and bankers.

    "These professions are subject to specific anti-money laundering
    obligations, and are meant to be the first line of defence protecting the
    global financial system against dirty money."

    Professionals routinely shirk ethical responsibilities.

    Tightening oversight is key to suppress illegitimate commercial
    activities. This document details significant reform measures:
    https://assets.publishing.service.g...r-reform-consultation-government-response.pdf.

    Lord Callanan, the UK Minister for Climate Change and Corporate
    Responsibility states in the forward, "Too often I see companies repeatedly
    set up and closed down to avoid paying debts -- so called 'phoenixing'.
    Shell companies have been set up for no other purpose than to launder the
    proceeds of crime -- committed both here and overseas."

    The identified reforms close numerous loopholes that enabled money
    laundering enterprises to acquire legitimacy. The reforms rely heavily on
    digital document and identity authentication mechanisms. Agents performing
    registrations on behalf of candidates PSC are required to demonstrate
    comprehensive credential verification due diligence.

    Third-party ID verification services will be enlisted to accelerate and vet
    the credentials of PSC candidates before they acquire Companies House bona
    fides. Cross-referencing government systems of record will establish
    candidate authenticity.

    The new processes are scheduled to roll-out for user testing at the end of
    financial year 2020/2021. Wait and see what transparency.org reports about
    UK money laundering in the near future.

    My guess is that another nation will see an incremental growth in
    money-laundering traffic as the UK strengthens controls.

    ------------------------------

    Date: Tue, 22 Sep 2020 18:11:02 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: D.C.'s New Area Code Will Be... 771 (DCist)

    For more than seven decades, (202) has been D.C.'s sole area code. But by
    the end of 2022, the city will have a new one: (771).

    This month regulators started the 13-month process to implement the new
    (771) area code, a step that reflects the reality that the longstanding
    (202) area code -- first unveiled in 1947 as one of the country's 86
    original area codes -- is running out of of available phone numbers.

    Each area code can produce roughly eight million seven-digit phone numbers,
    and the North American Numbering Plan Administrator -- the official
    regulator of area codes in the U.S., Canada and some Caribbean countries --
    says (202) is expected to run out of numbers within two years. In fact, the
    number of (202) phone numbers remaining declined at such a rapid pace this
    year that in August NANPA formally declared it was in jeopardy, kicking off
    a series of steps to slow its march towards extinction -- including
    rationing numbers.

    D.C.'s New Area Code Will Be... 771 | DCist

    ...another non-renewable resource. I wonder how many area codes NANPA has
    unallocated -- and when we'll need four-digit area codes. Or hexadecimal
    phone keypads, or phone numbers including */#. (Yes, latter two are jokes --
    mostly)

    ------------------------------

    Date: Mon, 21 Sep 2020 20:09:16 -0400
    From: Gabe Goldberg <ga...@gabegold.com>
    Subject: Think Twice Before Using Facebook, Google, or Apple to Sign In
    Everywhere (WiReD)

    So-called single sign-on options offer a lot of convenience. But they have
    downsides that a good old fashioned password manager doesn't.

    Think Twice Before Using Facebook, Google, or Apple to Sign In Everywhere

    No surprise here; I keep reminding people of this.

    ------------------------------

    Date: Tue, 22 Sep 2020 13:30:58 +0800
    From: Richard Stein <rms...@ieee.org>
    Subject: New Covid-19 swab test robot offers safe, more comfortable
    procedure for patients (Straits Times)

    New Covid-19 swab test robot offers safe, more comfortable procedure for patients

    SARS-CoV2 exposure constitutes an occupational risk for healthcare
    professionals. Singapore commenced deployment of a prototype SwabBot to
    reduce this risk. Other countries have also deployed similar solutions.

    "'Our team felt that we had to find a better way to swab patients to reduce
    the risk of exposure of Covid-19 to our healthcare workers, especially when
    patients sneeze or cough during the swabbing process,' said principal
    investigator Rena Dharmawan, associate consultant of head and neck surgery
    at NCCS' Division of Surgery and Surgical Oncology."

    From the US Center for Disease Control,
    Coronavirus Disease 2019 (COVID-19) in the U.S.
    (retrieved on 22SEP2020) reveals infections and deaths among healthcare
    professionals participating in the COVID-19 pandemic response.

    "Data were collected from 5,043,006 people, but healthcare personnel status
    was only available for 1,213,744 (24.07%) people. For the 160,860 cases of
    COVID-19 acquired by healthcare personnel, death status was only available
    for 115,817 (72.00%)."

    These values can be used to compute infection and mortality probabilities
    among US healthcare professionals during the pandemic.

    Probability of infection acquisition: 160860/1213744 ~= 13.3%

    Probability of mortality from infection: 709/115817 ~= 0.61%

    Given Singapore's aggressive COVID-19 pandemic response campaign, these
    probabilities are likely to be substantially diminished compared to the US.

    SwabBot Risks: SARS-CoV2 transmission from shared device reuse, injury from
    nasal probe malfunction during sample acquisition, cross-sample
    contamination.

    ------------------------------

    Date: Sat, 19 Sep 2020 08:54:04 -0400
    From: George Sigut <george...@gmail.com>
    Subject: Re: The future is cyborg (RISKS-32.27)

    The numbers don't seem to tally. 63% average with 60% maximum?
    Interestingly there is another independent report on the same
    study, which gives other, more differentiated numbers:

    https://www.computerweekly.com/news/252489134/Brits-more-fazed-by-human-augmentation

    All other reports seem to be using the Reuters text.

    Risk 1: The study itself is not available, so there is no way
    to see which numbers are correct.
    Risk 2: A big agency being parroted by all others, drowning out
    a differing opinion.

    ------------------------------

    Date: Sun, 20 Sep 2020 13:04:31 PDT
    From: "Peter G. Neumann" <neu...@csl.sri.com>
    Subject: Re: A Quick Note on Voting Twice (Bishop, RISKS-32.27)

    Andrew Appel <ap...@princeton.edu> has just released his blog article
    "Vote-by-mail meltdowns in 2020?" on Freedom-to-Tinker:

    https://freedom-to-tinker.com/2020/09/20/vote-by-mail-meltdowns-in-2020/

    This excellent blog item very clearly discusses the risks issues relevant
    to absentee voting and vote-by mail, and related issues. PGN

    ------------------------------

    Date: Sat, 19 Sep 2020 18:16:25 +0100
    From: Martyn Thomas <mar...@72f.org>
    Subject: Re: The future is cyborg (RISKS-32.27)

    This equates 'considering' with 'supporting'. It would be difficult to form
    any view either way without 'consideration'.

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-...@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    => SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    => SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    => SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    => The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    ==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.28
    ************************