Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Risks Digest 33.89

Skip to first unread message

RISKS List Owner

Oct 11, 2023, 11:55:14 PM10/11/23
RISKS-LIST: Risks-Forum Digest Wednesday 11 October 2023 Volume 33 : Issue 89

Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <> as
The current issue can also be found at

Autonomous Vehicles Are Driving Blind (NYTimes)
How a Series of Air Traffic Control Lapses Nearly Killed 131 People
A private jet took evasive action to avoid a fighter plane in Austin
How Israel's Feared Security Services Failed to Stop Hamas~<'s Attack
What was 60 Minutes thinking, in that interview with Geoff Hinton?
Your Medical Devices Are Getting Smarter. Can the FDA Keep Them Safe? (WSJ)
Fake at scale: Generative AI looms over global elections cycle
(Politico Europe)
Amazon's Alexa has been claiming the 2020 election was stolen (WashPost)
Verified accounts spread fake news release about a Biden $8-billion
aid package to Israel (NBC News)
Airworthiness Directive Mandates Garmin Autopilot Software Fix (AVweb)
Inside the final seconds of a deadly Tesla Autopilot crash (WashPost)
Why a search engine that scans your face is dangerous (NPR)
How Amazon's Ring camera network alters L.A. neighborhoods (LA Times)
Connected cars' dirty little secret: They're the trailing edge of 5G
adoption (Light Reading)
Vermont Utility Plans to End Outages by Giving Customers Batteries (NYTimes)
Google is making their weak and flawed passkey system the default login
method -- I urge you NOT to use them! (Lauren Weinstein)
Vietnam tried to hack U.S. officials, CNN with posts on X, probe finds
California's 'right to repair' bill is now California's 'right to repair'
law (Engadget)
Airbnb guest in luxury rental has refused to leave or pay (L.A. Times)
WhatsApp says warnings of a cyberattack targeting Jewish people are baseless
(NBC News)
Inside FTX's All-Night Race to Stop a Billion Crypto Heist (WiReD)
Re: False news spreads faster than the truth (Martin Ward)
Re: Rooftop Solar ongoing maintenance issues (David E. Ross)
Re: Google accused of directing motorist to drive off collapsed bridge
(Jim Geissman)
Abridged info on RISKS (comp.risks)


Date: Wed, 11 Oct 2023 19:20:53 -0600
From: Matthew Kruk <>
Subject: Autonomous Vehicles Are Driving Blind (NYTimes)

In San Francisco this month, a woman suffered traumatic injuries from being
struck by a driver and thrown into the path of one of hundreds of
self-driving cars roaming the city's streets. San Francisco's fire chief,
Jeanine Nicholson, recently testified that as of August, autonomous vehicles
interfered with firefighting duties 55 times this year. Tesla's autopilot
software, a driver-assistance system, has been involved in 736 crashes and
17 fatalities nationwide since 2019.

For all the ballyhoo over the possibility of artificial intelligence
threatening humanity someday, there's remarkably little discussion of the
ways it is threatening humanity right now. When it comes to self-driving
cars, we are driving blind.


Date: Wed, 11 Oct 2023 09:01:01 -0400
From: Monty Solomon <>
Subject: How a Series of Air Traffic Control Lapses Nearly Killed
131 People (NYTimes)

Two planes were moments from colliding in Texas, a harrowing example of the
country's fraying air-safety system, a *New York Times* investigation found.


Date: Tue, 10 Oct 2023 23:26:57 -0400
From: Monty Solomon <>
Subject: A private jet took evasive action to avoid a fighter plane in
Austin (WashPost)
The aircraft came within 200 feet of one another, according to a preliminary
FAA account, in an incident that also involved a third aircraft.


From: Monty Solomon <>
Date: Wed, 11 Oct 2023 09:01:01 -0400
Subject: How Israel's Feared Security Services Failed to Stop Hamas's Attack

Israel’s military and espionage services are considered among the world's
best, but on Saturday, operational and intelligence failures led to the
worst breach of Israeli defenses in half a century.

[This is way beyond the ability of RISKS to encompass. See
* Thomas Friedman, This Hamas-Israeli Fight Will Send Shock Waves
Far Away, NYTimes opinion, 9 Oct 2023
[Almost Everything is Interrelated. PGN]
* Bret Stephens, The Yom Kippur War Led to Peace. This One Can. too.
NYTimes opinion, 9 Oct 2023
* The Editorial Board, The Attack on Israel Demands Unity and Resolve,
10 Oct 2023
* Thomas Friedman, Israel Has Never Needed to be Smarter Than Now,
NYTimes opinion, 11 Oct 2023
* The Anti-Israel Left Needs to Take a Hard Look at Itself
NYTimes opinion, 11 Oct 2023


Date: Tue, 10 Oct 2023 23:59:30 -0400
From: Gabe Goldberg <>
Subject: What was 60 Minutes thinking, in that interview with Geoff
Hinton? (Substack)

Scott Pelley didn’t exactly do his homework

Scott Pelley: Does humanity know what it's doing?

Geoffrey Hinton: No.

Gary Marcus: I tend to agree. When it comes to AI in particular, we are
getting way ahead of our skis, rushing forward a technology we don’t fully
understand. For all the differences we have had over the years, I salute you
for speaking out.

Geoffrey Hinton: I think we're moving into a period when for the first time
ever we may have things more intelligent than us.

Scott Pelley: You believe they can understand?

Geoffrey Hinton: Yes.

Scott Pelley: You believe they are intelligent?

Geoffrey Hinton: Yes.

Gary Marcus: As it happens I sharply disagree with all three of the points
Geoff just made. To be sure, it’s all partly definitional. But I don’t we
are all that close to machines that are more intelligent than us, I don’t
think they really understand the things that they say, and I don’t think
they are intelligent in the sense of being able to adaptively and flexibly
reason about things they haven’t encountered before, in a reliable way. What
Geoff has left out is any reference to all of the colossally stupid and
ungrounded things generative AI systems do routinely, like fabricating the
other night that Liz Cheney had replaced Kevin McCarthy as Speaker, by
220-215 vote that never happened, or learning that Tom Cruise's is the son
of Mary Pfeiffer and yet not being able to infer that Mary Pfeiffer is Tom
Cruise’s mother, or claiming that two pounds of feathers weigh less than one
pound of bricks. Geoff himself wrote a classic paper about trying to get
neural networks to infer family relationships, almost forty years ago; it’s
embarrassing to see these systems still struggle on such basic
problems. Since they can’t reliably solve them, I don’t think we should
attribute "understanding” to them, at least not in any remotely deep sense
of the word understanding. Emily Bender and Timnit Gebru have called these
systems “stochastic parrots”, which in my view is a little unkind to parrots
-– but also vividly captures something real: a lot of what we are seeing now
is a kind of unreliable mimicry. I really wish you could have addressed both
the question of mimicry and of reliability. (Maybe next time?) I don’t see
how you can call an agent with such a loose grip on reality all that
intelligent, nor how you can simply ignore the role of mimicry in all this.


Date: Wed, 11 Oct 2023 07:47:48 +0000
From: Richard Marlon Stein <>
Subject: Your Medical Devices Are Getting Smarter. Can the FDA Keep Them
Safe? (WSJ) (use to bypass paywall).

The WSJ's headline is oxymoronic.

The FDA is attempting to adapt medical device regulations to accommodate
AI's ability to learn and, thereby, improve patient outcomes by evolving
device capabilities without re-qualification processes as traditional
practiced. The medical industrial complex's adoption of AI promotes
extractive profit while compromising improved patient outcome experience, a
recipe to accelerate consumer brand outrage and trust erosion.

Medical device safety is an important FDA mission objective, but annual
medical device reporting (MDR) for popular implanted devices are disturbing
for at least two reasons: (1) The product code report densities, which
aggregate MDRs for similar devices among manufacturers, tend to grow each
year. These increments usually indicate greater deployment; and, (2)
aggregate device implantation numbers are NOT published annually, but MDRs
are required. Informed consumer device comparisons are impossible. We know
the equivalent of "product defect escapes," but not the total number of
deployed devices.

Read too many inappropriate shock, accelerated battery depletion, and
defibrillator over-sensing MDRs and a suspicion arises: black-box AI will
NOT favorably impact patient outcome expectations. False negative/positive
event density and under-performing device area under curve (AUC) values will
harm patient quality of life. AI can't detect if a defibrillator electrode
cauterized after implantation. Electrode fracture? Could it learn enough to
automatically (and safely) adjust amplifier gain without human inspection of
the ECG waveform? Can AI tell if a defibrillator electrode dislodged?
Patient syncope? Pericarditis?

Sanitize AI training datasets bias, strengthen corporate governance
accountability by limiting indemnification privileges for medical device
CxOs and boards, and apply and rigorously enforce NIST SP 800-53 control
families to manufacturer's SDLC to yield greater patient benefit and build
brand trust. Suppress defect escape. Spare consumers from the hackneyed
"AI-enhanced, smart defibrillator" TV advertisements. Softw are toxic waste
is neither smart nor enhanced.

What follows are CSV records extracted from the FDA's TPLC (Total Product
Life Cycle) platform from 01JAN2020 to 30SEP2023 for "top-10" device and
product MDRs on product codes LYJ, LWS, and DXY. See fTPLC/tplc.cfm and set
the Year to 2020 and populate the Product Code to retrieve the records

Device: Stimulator, autonomic nerve, implanted for epilepsy
Product Code: LYJ

MDR Year,MDR Reports,MDR Events

Device Problems,MDRs with this Device Problem,Events in those MDRs
Adverse Event Without Identified Device or Use Problem,3447,3447
High impedance,691,691
Low impedance,177,177
Premature Discharge of Battery,159,159
Naturally Worn,140,140
Device Contamination with Body Fluid,138,138
False Alarm,82,82
Premature End-of-Life Indicator,79,79
No Clinical Signs, Symptoms or Conditions,1891,1891
Convulsion, Clonic,1172,1172
No Known Impact Or Consequence To Patient,706,706
Post Operative Wound Infection,312,312
Appropriate Clinical Signs, Symptoms, Conditions Term / Code Not
Unspecified Infection,172,172
Implant Pain,169,169
Neck Pain,161,161

Device: Implantable pacemaker pulse-generator
Product Code: DXY

MDR Year,MDR Reports,MDR Events

Device Problems,MDRs with this Device Problem,Events in those MDRs
Adverse Event Without Identified Device or Use Problem,511,511
Premature Discharge of Battery,249,249
Failure to Interrogate,138,138
Pacing Problem,134,134
Pacemaker Found in Back-Up Mode,131,131
Failure to Capture,123,123
Signal Artifact/Noise,111,111
High Capture Threshold,111,111

Patient Problems,MDRs with this Patient Problem,Events in those MDRs
No Clinical Signs Symptoms or Conditions,1244,1244
Unspecified Infection,320,320
No Known Impact Or Consequence To Patient,199,199
Insufficient Information,181,181
No Consequences Or Impact To Patient,123,123
Shock from Patient Lead(s),77,77

Device: Implantable cardioverter defibrillator (non-crt)
Product Code: LWS
Definition: These devices treat tachycardia (fast heartbeats) with RV
therapy as necessary.

MDR Year,MDR Reports,MDR Events

Device Problems,MDRs with this Device Problem,Events in those MDRs
Premature Discharge of Battery,13154,13154
High impedance,12928,12928
Adverse Event Without Identified Device or Use Problem,12535,12535
Inappropriate/Inadequate Shock/Stimulation,10956,10956
Signal Artifact/Noise,10003,10003
Impedance Problem,4502,4502
Battery Problem,4397,4397
High Capture Threshold,4255,4255

Patient Problems,MDRs with this Patient Problem,Events in those MDRs
No Clinical Signs, Symptoms or Conditions,42509,42509
Unspecified Infection,10309,10309
Electric Shock,6623,6623
No Known Impact Or Consequence To Patient,5189,5189
No Consequences Or Impact To Patient,4556,4556
Shock from Patient Lead(s),3538,3538
Insufficient Information,3370,3370
No Code Available,3335,3335
Pocket Erosion,885,885


Date: Tue, 10 Oct 2023 11:37:39 PDT
From: Peter G Neumann
Subject: Fake at scale: Generative AI looms over global elections cycle
(Politico Europe)

Gian Volpicelli (with Mark Scott contributing), POLITICO Europe,
9 Oct 2023

For fans of democracy, the rise of super-charged generative artificial
intelligence couldn't have come at a worse time.

The United States, European Union parliament, United Kingdom, Poland, the
Netherlands and potentially Ukraine will all hold elections in the next 16
months. Those working to keep election integrity intact are warily eyeing
the advent of generative AI as a way to stoke up already heavily polarized
political debates, threats of foreign influence and fake news.

For years, AI tools capable of forging convincing images, audio and videos of existing individuals -- so-called deepfakes - have drawn warnings of
what havoc such an arsenal could wreak in the hands of disinformation
peddlers.But it wasn't until advanced AI models - like text-creating
ChatGPT and image-conjuring DALL-E-2 -- became widely available in late
2022 that the danger became palpable.

"The combination of AI and disinformation is the nightmare," the European
Commission's digital honcho V=ECra Jourov=E1 said at the end of September
when discussing the EU's code of practice on online disinformation.

Henry Adjer, a visiting researcher at the University of Cambridge
specializing in deepfakes, said "these [AI] applications were previously
prohibitively expensive or difficult to access for an everyday person. Now
they're in consumer-facing apps, on websites, often free or very cheap,"
Adjer said.

With generative AI, falsehoods can be churned out quickly, convincingly and
at scale. A new generation of AI-powered disinformation is expected to
worsen existing societal divisions that have made many voters more polarized
than ever before.

Last month's Slovak election, which handed a victory to populist Robert
Fico, gave an early taste of the confusion AI-generated disinformation could
sow. Two eleventh-hour audio clips circulating online purportedly revealed
Liberal politician Michal =A9ime=E8ka discussing how he planned to rig the
election and hatching plans to -- God forbid -- increase the price of beer.
Slovak fact-checkers attempted to verify the clips' authenticity and
eventually concluded they were likely created via AI. By the time they'd
reached that conclusion, the clips had already been shared thousands of

In Poland, which goes to the polls on October 15, centrist opposition party
Civic Platform has been criticized for an attack ad on X mixing real footage
of right-wing Prime Minister Mateusz Morawiecki with AI-generated clips of
his voice. (Civic Platform flagged that the ad contained AI content in a
separate post.)

Similarly, U.S. Republican presidential hopeful, Florida Governor Ron
DeSantis, ran an ad where real pictures of his rival Donald Trump and his
pandemic-era health care adviser Anthony Fauci appeared side by side with
AI-generated photos of Trump and Fauci hugging and kissing.

It's happening outside of Europe and the U.S. too. In Sudan, AI-made audio
clips went viral on TikTok. In Venezuela, state media outlets have used
software from U.K.-based firm Synthesia to create clips of nonexistent
Western journalists praising the country's economic performance.

"There are 60 of our 70 countries in which we found an example of the use of generative AI to manipulate political social information," said Allie Funk, a research director at nonprofit Freedom House, which this month published a report<> on AI's nefarious effects on democracy.

Platforms such as TikTok and Google have recently instituted policies to
restrict or stave off AI-generated content, with Google requiring the
disclosure of AI use in political ads.

Funk, however, was careful not to call generative AI "a game changer." While
deepfake-detection tools are imperfect and online platforms are struggling
to quickly root out AI-generated falsehoods, none of the cases witnessed so
far have had a significant electoral influence.

But others warned the speed, ease and wide availability of the booming
generative AI models is moving the needle for election integrity. Especially
when it comes to conversational bots able to create high-quality text.

"These technologies will allow you to scale up 'friendships' in a new way,"
said Carl Miller, a researcher at the Demos think tank. "Imagine you could
build thousands of parallel, meaningful conversations with a target
audience, where you don't just spam disinformation, but very gently
introduce false ideas."


Date: Sat, 7 Oct 2023 17:12:09 -0400
From: Jan Wolitzky <>
Subject: Amazon's Alexa has been claiming the 2020 election was stolen

Amid concerns the rise of artificial intelligence will supercharge the
spread of misinformation comes a wild fabrication from a more prosaic
source: Amazon's Alexa, which declared that the 2020 presidential election
was stolen.

Asked about fraud in the race -- in which President Biden defeated former
president Donald Trump with 306 electoral college votes -- the popular voice
assistant said it was stolen by a massive amount of election fraud, citing
Rumble, a video-streaming service favored by conservatives.

The 2020 races were ``notorious for many incidents of irregularities and
indications pointing to electoral fraud taking place in major metro
centers,'' according to Alexa, referencing Substack, a subscription
newsletter service. Alexa contended that Trump won Pennsylvania, citing
Can Alexa answers contributor.

[Risks? As I noted recently, we have completely lost the sense of ground
truth, and there seems to be no path back to sanity. Once again, the
truthiness has been exposed: No Virginia, There is No Sanity Clause.


Date: Mon, 9 Oct 2023 18:21:40 -0400
From: Monty Solomon <>
Subject: Verified accounts spread fake news release about a Biden
$8-billion aid package to Israel (NBC News)

The edited White House news release has sparked false headlines that rose to
the top of Google search results.


Date: Tue, 10 Oct 2023 00:30:10 -0400
From: Gabe Goldberg <>
Subject: Airworthiness Directive Mandates Garmin Autopilot Software Fix

On 6 Oct 2023, the FAA proposed a new airworthiness directive requiring
operators of thousands of aircraft to update Garmin autopilot software to
address a flaw causing the autopilot to make unintended flight-control

According to the agency, the AD was issued in response to an incident
involving an F33A Bonanza experiencing “an un-commanded automatic pitch trim
runaway when the autopilot was first engaged.”

The proposed rule states: “The affected autopilot system software does not
properly handle certain hardware failures of the pitch trim servo. This
could result in an automatic uncommanded pitch trim runaway and loss of
control of the airplane.”


Date: Sat, 7 Oct 2023 16:51:22 -0400
From: Gabe Goldberg <>
Subject: Inside the final seconds of a deadly Tesla Autopilot crash
(The Washington Post)

Risks? People spewing blame in all directions, calling the analysis a hit
job by *The Post*, slamming them for rehashing old news, etc. Plus blaming
the truck driver. And defending Tesla, saying that driver shouldn't have
engaged full self-driving. Well, yeah -- but car shouldn't have allowed
doing it on road it wasn't meant for. And saying that it's OK for a couple
people to be killed using it as long as overall it's alleged to be safer
than human driving.

One risk *not* addressed in article is sides of such trailers lacking
protection against cars running under as the Tesla did. And traveling 70 mph
I'm not sure what's sometimes added for that protection would have let the
driver survive.


Date: Wed, 11 Oct 2023 07:04:35 -0700
From: Steve Bacher <>
Subject: Why a search engine that scans your face is dangerous (NPR)

Imagine strolling down a busy city street and snapping a photo of a stranger
then uploading it into a search engine that almost instantaneously helps you
identify the person.

This isn't a hypothetical. It's possible now, thanks to a website called
PimEyes, considered one of the most powerful publicly available facial
recognition tools online.


Date: Wed, 11 Oct 2023 20:20:55 -0400
From: Monty Solomon <>
Subject: How Amazon's Ring camera network alters L.A. neighborhoods
(LA Times)

Cameras, cops and paranoia: How Amazon’s surveillance network alters
L.A. neighborhoods


Date: Mon, 9 Oct 2023 03:00:00 -0400
From: Gabe Goldberg <>
Subject: Connected cars' dirty little secret: They're the trailing
edge of 5G adoption (Light Reading)

At MWC Las Vegas, telecom industry execs suggested ways to pull out of a
tech deployment parking lot.

Connected cars as a trailing indicator

The program opened with TechInsights analyst Roger Lanctot outlining the box
that automakers have put themselves in by sticking with LTE -— by that
research firm's estimates, 5G won't show up on most new light-duty vehicles
produced until 2027. And that looked optimistic compared to Qualcomm's
estimate of 2028 for 5G to cross 50%, as shared by product-management VP
Jeff Arnold in a later talk Thursday.

"If an automaker, I can do most of the applications we're talking about with
LTE," Lanctot said. But while that's been cheaper in the short run, over the
long term it will yield vehicles left offline, a risk carmakers should know
from the forced retirement of GM's first-generation, AMPS-only OnStar
system: "LTE ain't gonna be around for 15-20 years."


Date: Mon, 09 Oct 2023 19:27:31 +0000
From: Henry Baker <>
Subject: Vermont Utility Plans to End Outages by Giving Customers
Batteries (NYTimes)

Terrific idea! How come it's taken this long for a utility to utilize the
advantages of a *distributed* power system to reduce the need for
long-distance power transmission?

I'm still waiting for one of the cellphone companies to start paying
homeowners to put nano cellsites on their roofs in order to avoid having
to build stand-alone cellsites/towers.

Vermont Utility Plans to End Outages by Giving Customers Batteries
Ivan Penn, 9 Oct 2023

Many electric utilities are putting up lots of new power lines as they
rely more on renewable energy and try to make grids more resilient in
bad weather. But a Vermont utility is proposing a very different
approach: It wants to install batteries at most homes to make sure its
customers never go without electricity.

The company, Green Mountain Power, proposed buying batteries, burying
power lines and strengthening overhead cables in a filing with state
regulators on Monday. It said its plan would be cheaper than building
a lot of new lines and power plants.

The plan is a big departure from how U.S. utilities normally do
business. Most of them make money by building and operating power
lines that deliver electricity from natural gas power plants or wind
and solar farms to homes and businesses. Green Mountain--a relatively
small utility serving 270,000 homes and businesses--would still use
that infrastructure but build less of it by investing in
television-size batteries that homeowners usually buy on their own.
"Call us the un-utility," Mari McClure, Green Mountain's chief
executive, said in an interview before the company's filing. "We're
completely flipping the model, decentralizing it."

Like many places, Vermont has been hit hard this year by extreme
weather linked to climate change. Half a dozen severe storms,
including major floods in July, have caused power outages and damaged
homes and other buildings.

Those calamities and concerns about the rising cost of electricity
helped shape Green Mountain's proposal, Ms. McClure said. As the
company ran the numbers, it realized that paying recovery costs and
building more power lines to improve its system would cost a lot more
and take a lot longer than equipping homes with batteries.

Green Mountain's plan builds on a program it has run since 2015 to
lease Tesla home batteries to customers. Its filing asks the Vermont
Public Utility Commission to authorize it to initially spend $280
million to strengthen its grid and buy batteries, which will come from
various manufacturers.

The company expects to invest an estimated $1.5 billion over the next
seven years--money that it would recoup through electricity rates. The
utility said the investment was justified by the growing sum it had to
spend on storm recovery and to trim and remove trees around its power

The utility said it would continue offering battery leases to
customers who want them sooner. It will take until 2030 for the
company to install batteries at most homes under its new plan if
regulators approve it. Green Mountain says its goal to do away with
power outages will be realized by that year, meaning customers would
always have enough electricity to use lights, refrigerators and other

"We don't want the power to be off for our customers ever,"
Ms. McClure said. "People's lives are on the line. That is ultimately
at the heart of why we're doing what we're trying to do."


Date: Tue, 10 Oct 2023 07:56:01 -0700
From: Lauren Weinstein <>
Subject: Google is making their weak and flawed passkey system the default
login method -- I urge you NOT to use them!

Google continues to push ahead with its ill-advised scheme to force
passkeys on users who do not understand their risks, and will try push
all users into this flawed system starting imminently.

In my discussions with Google on this matter (I have chatted multiple
times with the Googler in charge of this), they have admitted that
their implementation, by depending completely on device authentication
security which for many users is extremely weak, will put many users
at risk of their Google accounts being compromised. However, they feel
that overall this will be an improvement for users who have strong
authentication on their devices.

And as for ordinary people who already are left behind by Google when
something goes wrong? They'll get the shaft again. Google has ALWAYS
operated on this basis -- if you don't fit into their majority silos,
they just don't care. Another way for Google users to get locked out
of their accounts and lose all their data, with no useful help from

With Google's deficient passkey system implementation -- they refuse to
consider an additional authentication layer for protection -- anyone who has
authenticated access to your device (that includes the creep that watched
you access your phone in that bar before he stole it) will have full and
unrestricted access to your Google passkeys and accounts on the same
basis. And when you're locked out, don't complain to Google, because they'll
just say that you're not the user they're interested in.

"Thank you for choosing Google."

[and then the next day:

More on Google passkeys

To be clear, there's nothing inherently wrong with the concept of passkeys
-- IF implemented properly. The problem is that Google's specific
implementation sucks so badly and puts so many users at risk, and that
combined with their horrific account recovery procedures that 1qlock so many
innocent users away from their data permanently, is a recipe for many
already disadvantaged non-techie users to be even further shafted. -L


Date: Mon, 9 Oct 2023 11:00:41 -0400
From: Monty Solomon <>
Subject: Vietnam tried to hack U.S. officials, CNN with posts on
X, probe finds (WashPost)

The targeting came as Vietnamese and American diplomats were negotiating a
major cooperation agreement intended to counter growing Chinese influence in
the region.


Date: Wed, 11 Oct 2023 22:34:16 -0400
From: Monty Solomon <>
Subject: California's 'right to repair' bill is now California's 'right
to repair' law (Engadget)

[Monty also noted: California's newest law will make it easier to
delete personal online data


Date: Mon, 9 Oct 2023 22:20:40 -0400
From: Monty Solomon <>
Subject: Airbnb guest in luxury rental has refused to leave or pay
(L.A. Times)


Date: Mon, 9 Oct 2023 18:20:58 -0400
From: Monty Solomon <>
Subject: WhatsApp says warnings of a cyberattack targeting Jewish people
are baseless (NBC News)

The warning uses language copied from a previous faux warning that was
spread following earthquakes in Morocco.


Date: Tue, 10 Oct 2023 20:30:55 -0400
From: Gabe Goldberg <>
Subject: Inside FTX's All-Night Race to Stop a Billion Crypto Heist

The same chaotic day FTX declared bankruptcy, someone began stealing
hundreds of millions of dollars from its coffers. A WIRED investigation
reveals the company's “very crazy night” trying to stop them.

By the evening of 11 Nov 2023 , FTX's staff had already endured one of the
worst days in the company's short life. What had recently been one of the
world's top cryptocurrency exchanges, valued at $32 billion only 10 months
earlier, had just declared bankruptcy. Executives had, after an extended
struggle, persuaded the company's CEO, Sam Bankman-Fried, to hand over the
reins to John Ray III, a new chief executive now tasked with shepherding the
company through a nightmarish thicket of debts, many of which it seemed to
have no means to pay.

FTX had, it seemed, hit rock bottom. Until someone -- a thief or thieves who
have yet to be identified -— chose that particular moment to make things far
worse. That Friday evening, exhausted FTX staffers began to see mysterious
outflows of the company's cryptocurrency, publicly captured on the Etherscan
website that tracks the Ethereum blockchain, representing hundreds of
millions of dollars worth of crypto being stolen in real time.

“Holy sh*t,” one former FTX staffer, who asked not to be named because they
weren't authorized to speak about internal company matters, remembers
thinking. “After all this, we’re being hacked?”

According to its own accounting, FTX would ultimately lose between $415
million and $432 million worth of its cryptocurrency holdings to those
unidentifie thieves, numbers it has publicly confirmed as part of its
bankruptcy process. What FTX hasn't previously revealed is how close it may
have come to losing vastly more -- how its staff and outside consultants
raced to move more than $1 billion worth of crypto to more secure storage
before it could be stolen by the malevolent presence on its network -- even,
at one point, scrambling to send close to half a billion dollars to a
physical USB drive in one consultant's office in an effort to keep it out of
the thieves' hands.


Date: Sun, 8 Oct 2023 15:11:17 +0100
From: Martin Ward <>
Subject: Re: False news spreads faster than the truth (RISKS-33.88)

As Mark Twain famously wrote: "Truth is stranger than fiction, but it is
because Fiction is obliged to stick to possibilities. Truth
isn't."*--Following the Equator*, Pudd'nhead Wilson's New Calendar

False news is carefully crafted to be titilating and to spread quickly while
also promoting a particular political viewpoint.

True news is carefully selected to be titilating and to spread quickly while
also promoting a particular political viewpoint.

But false news is crafted from the set of all plausible news stories, while
true news is selected from the set of events which actually happened. This
latter set is much smaller than the former, which explains why the false
news spreads faster than the truth: it is easier to craft spreadable false
news than to select spreadable true news. Truth is not an advantageous trait
in news stories.

This research seems to be empirical confirmation of Alvin Plantinga's
"evolutionary argument against naturalism". Plantinga's argument is that
natural selection does not directly select for true beliefs, but rather for
advantageous behaviours: truth is not an advantageous trait. This means
that the probability that our minds are reliable under a conjunction of
philosophical naturalism and naturalistic evolution is low or inscrutable.
Therefore, to assert that naturalistic evolution is true also asserts that
one has a low or unknown probability of being right. Therefore, naturalism
is self-defeating.


Date: Sat, 7 Oct 2023 17:12:11 -0700
From: "David E. Ross" <>
Subject: Re: Rooftop Solar ongoing maintenance issues (RISKS-33.88)

We had a solar electric system installed on our roof late in 2022.
Having read about problems transferring leases and realizing that we
might not live in our house to see the end of a lease (we are both in
our 80s), I decided we should buy the system instead of leasing it.

We chose solar electric, not out of a concern for the environment nor to
save money on our electric bills. Instead, we chose it because our
declining health requires us to have medical equipment operating on
electricity, 24/7 for my wife and while I am sleeping. Southern
California Edison (SoCalEd), however, might fail several times a year,
summer or winter with no regard for the weather. Sometimes the failure
lasts less than 5 minutes; sometimes it lasts several hours. Thus, we
included a 12-hour backup battery in the installation.

The only problem with the installation was that the backup battery was
the primary source of electricity at night even when SoCalEd was
available. This drained the battery. This year, we bought an electric
automobile and had a different contractor install a charging station. I
told that contractor about the battery problem, which they fixed in less
than 24 hours with no extra charge.

I monitor the performance of the system through a Web site owned by
SolarEdge, which supplies solar electric equipment but does not do
installations. SolarEdge supplied some of the equipment in my system
but not all. Not being an installer or a lessor, I feel comfortable
trusting the validity of what I see on SolarEdge's Web site. It
indicates that so far in 2023, I have exported about three times more
electricity to SoCalEd than I have imported. Interestingly, charging my
EV on a day with intense sunshine requires me to import some of the
electricity. On the other hand, I am exporting electricity while our
central air-conditioner maintains an inside temperature of 78 while the
outside temperature is over 100.


Date: Sat, 7 Oct 2023 15:22:03 -0700
From: "Jim" <>
Subject: Re: Google accused of directing motorist to drive off
collapsed bridge (RISKS-33.86-87

I wonder if Google finds some of its "roads" by algorithmically interpreting
Google Maps air photos. I frequently see railways and pedestrian/bicycle
trails on abandoned railways overprinted with a grey line suggesting a road.


Date: Sat, 1 Jul 2023 11:11:11 -0800
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:

=> SUBMISSIONS: to with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) has moved to the site:
*** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES: takes you to Lindsay Marshall's
searchable html archive at newcastle: --> VoLume, ISsue.
Also, for the current volume/previous directories
or for previous VoLume
If none of those work for you, the most recent issue is always at, and index at /risks-33.00
ALTERNATIVE ARCHIVES: (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:


End of RISKS-FORUM Digest 33.89

0 new messages