info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Risks Digest 32.78
42 views
Skip to first unread message
RISKS List Owner
Jul 27, 2021, 11:30:43 PM7/27/21
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Tuesday 27 July 2021 Volume 32 : Issue 78
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.78>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Russia Disconnects from Internet in Tests as It Bolsters Security (Reuters)
‘Advanced’ Nuclear Reactors? Don’t Hold Your Breath (Scientific American)
Space Data Integrator (faa.gov)
What Ever Happened to IBM's Watson? (NYTimes)
A Severe Drought Is Threatening the Hoover Dam Reservoir -- and Water
Throughout the West (Mother Jones)
The end of open source? (Shaun O'Meara)
Niemoeller's Boiled Frog: Weaponization of App Data (Josephy Cox via
Henry Baker)
Hoe no! Facebook snafu spells trouble for gardening group (AP News)
Hackers Turning to 'Exotic' Programming Languages for Malware Development
(The Hacker News)
Disinformation for Hire, a Shadow Industry, Is Quietly Booming (Max Fisher)
What Should Happen to Our Data When We Die?] (NYTimes)
Breast Cancer Patient Attacked by Violent Anti-Mask Protest Outside
Los Angeles Clinic (Vice)
'STFU' is anti-science (Tunku Varadarajan via Henry Baker)
The Problem With Stealing High-End Electronics and Beer (Now I Know)
Re: Traffic Analysis and Herd Immunity (anthony youngman}
Re: Rounding errors could make certain stop-watches pick wrong race winners
(Jim Garrison)
Re: YouTube fined 100 000 Euros delaying court order to restore video
(Dick Mills)
Re: A secret algorithm is transforming DNA evidence. This defendant could be
the first to scrutinize it. (Michael Black))
Re: Some locals say a bitcoin mining operation is ruining one of the Finger
Lakes. Here's how. (David B. Horvath)
Re: RFI on scientific integrity (David B. Horvath)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 26 Jul 2021 11:56:56 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Russia Disconnects from Internet in Tests as It Bolsters Security
(Reuters)
Alexander Marrow and Dmitry Antonov, Reuters, 22 Jul 2021,
via ACM TechNews, 26 Jul 2021
Russia reportedly disconnected from the global Internet during tests in June
and July, according to a report by the RBC daily that cited documents from
the working group responsible for strengthening Russia's Internet security
under the 2019 *sovereign Internet* law, which aims to prevent Russia from
being cut off from foreign infrastructure. A working group source said the
purpose of tests was ``to determine the ability of the 'Runet' to work in
case of external distortions, blocks and other threats.'' The Internet
Research Institute's Karen Kazaryan said, ``Given the general secrecy of the
process and the lack of public documents on the subject, it is difficult to
say what happened in these tests.''
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2c0d1x22c833x072256&
------------------------------
Date: Sun, 25 Jul 2021 10:35:53 +0800
From: "Richard Stein" <rms...@ieee.org>
Subject: ‘Advanced’ Nuclear Reactors? Don’t Hold Your Breath
(Scientific American)
https://www.scientificamerican.com/article/lsquo-advanced-rsquo-nuclear-reactors-don-rsquo-t-hold-your-breath/
The essay discusses current commercial interests that promote sodium
metal-cooled nuclear reactors in the ~300 Mwatt range, but argues against
them based on historical evidence.
"Nuclear Plant Accidents: Sodium Reactor Experiment" discusses this ~60 year
old experimental failure based on an analogous design.
https://allthingsnuclear.org/dlochbaum/nuclear-plant-accidents-sodium-reactor-experiment/
While nuclear fission is carbon-free, there's no US-approved repository
to safely and permanently dispose of radioactive reactor effluence.
Sweden's is operational, and Finland is finishing construction of
theirs: See "Into Eternity,"
https://www.amazon.com/Into-Eternity-Entos-aioniotitas-Onkalo/dp/B07Q39FQV3/ref=sr_1_9
(retrieved on 25JUL2021).
Machinery failure (Three Mile Island) or human error (Chernobyl), or
combinations of both, contribute to nuke plant accidents.
If "fat fingers" in a control room are a cause for concern, what about AI to
safely operate a fission reactor? See "AI finds a place in nuclear O&M,"
https://www.reutersevents.com/nuclear/ai-finds-place-nuclear-om
"While AI and machine learning offer a number of benefits for the nuclear
power industry as it moves toward a new generation of reactors, its range,
for the moment, is limited.
"A lack of real, operational data from operating nuclear power stations, a
varying degree of opinion as to which systems would work best, and the
sometimes-mysterious mechanizations within a so-called 'intelligent' system,
or its 'black box' nature, pose potential problems for AI’s use in nuclear."
[A machine-based lesson learned can be hazardous to your health.]
------------------------------
Date: Tue, 13 Jul 2021 09:47:50 +0800
From: "Richard Stein" <rms...@ieee.org>
Subject: Space Data Integrator (faa.gov)
https://www.faa.gov/news/fact_sheets/news_story.cfm?newsId=23476
Ever experience a commercial flight ground stop? Here's the tool that
will minimize delay attributed to an exo-atmospheric vehicle launch or
re-entry in the vicinity of your next flight.
"The SDI operational prototype is designed to accept launch and reentry
vehicle state vector data gathered from operators such as vehicle
position, altitude, and speed. SDI will then process the data, display
it, and distribute it to Traffic Flow Management System (TFMS). SDI
allows the FAA to track the actual versus planned trajectory of launch
and reentry operations, the status of various mission events, and the
display of Aircraft Hazard Areas (AHAs). SDI sends vehicle position and
AHAs to the TFMS for display on the TFMS Traffic Situation Display at
the Command Center."
Risk: Protracted vehicle launch or reentry delay
------------------------------
Date: Fri, 16 Jul 2021 18:27:49 -0400
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: What Ever Happened to IBM's Watson? (NYTimes)
A decade ago, IBM’s public confidence was unmistakable. Its Watson
supercomputer had just trounced Ken Jennings, the best human “Jeopardy!”
player ever, showcasing the power of artificial intelligence. This was
only the beginning of a technological revolution about to sweep through
society, the company pledged.
“Already,” IBM declared in an advertisement the day after the Watson
victory, “we are exploring ways to apply Watson skills to the rich,
varied language of health care, finance, law and academia.”
But inside the company, the star scientist behind Watson had a warning:
Beware what you promise.
David Ferrucci, the scientist, explained that Watson was engineered to
identify word patterns and predict correct answers for the trivia game.
It was not an all-purpose answer box ready to take on the commercial
world, he said. It might well fail a second-grade reading comprehension
test.
His explanation got a polite hearing from business colleagues, but
little more.
“It wasn’t the marketing message,” recalled Mr. Ferrucci, who left IBM
the following year.
It was, however, a prescient message.
https://www.nytimes.com/2021/07/16/technology/what-happened-ibm-watson.html?referringSource=articleShare
------------------------------
Date: Fri, 16 Jul 2021 18:23:36 -0400
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: A Severe Drought Is Threatening the Hoover Dam Reservoir -- and
Water Throughout the West (Mother Jones)
Things will be fine: The governor of Utah has resorted to asking
<https://www.deseret.com/utah/2021/6/7/22522740/utah-gov-cox-called-on-utahns-to-pray-for-rain-some-criticized-him-heres-how-responded-lgbt-drought> people
to pray for rain.
Except: The west has gone through periods like this “megadrought”, with
only occasional respite, for the past two decades. But scientists have
made clear the current conditions would be virtually impossible without
human-caused climate change, pointing to a longer-term “aridification
<https://www.pnas.org/content/117/22/11856.short>” of the region. All of
the water conservation efforts that have kept shortages at bay until now
risk being surpassed by the rising heat. [...]
Even with these adaptions, however, the decline of Lake Mead has caused the
amount of hydropower generated by the dam to drop by around 25 percent. The
drought is expected to cause
https://www.cnn.com/2021/06/17/us/california-drought-oroville-power/index.html
the hydro facility at Lake Oroville, California, to completely shut down,
prompting a warning from the United States Energy Association that a
“megadrought-induced electricity shortage could be catastrophic, affecting
everything from food production to industrial manufacturing”. The
association added that such a scenario could even force people to move east,
in what is called a “reverse Dust Bowl exodus”.
https://www.motherjones.com/environment/2021/07/a-severe-drought-is-threatening-the-hoover-dam-reservoir-and-water-throughout-the-west/
[Why is this RISKS-relevant? Because almost everything is interrelated.
PGN]
------------------------------
Date: July 26, 2021 2:13:53 JST
From: Dewayne Hendricks <dew...@warpspeed.com>
Subject: The end of open source? (Shaun O'Meara)
[Note: This item comes from friend David Rosenthal. DLH
(via Dave Farber)
Shaun O’Meara, TechCrunch, 18 Jul 2021
<https://techcrunch.com/2021/07/18/the-end-of-open-source/>
Several weeks ago, the Linux community was rocked by the disturbing news
that University of Minnesota researchers had developed (but, as it turned
out, not fully executed) a method for introducing what they called
“hypocrite commits” to the Linux kernel — the idea being to distribute
hard-to-detect behaviors, meaningless in themselves, that could later be
aligned by attackers to manifest vulnerabilities.
This was quickly followed by the — in some senses, equally disturbing —
announcement that the university had been banned, at least temporarily, from
contributing to kernel development. A public apology from the researchers
followed.
Though exploit development and disclosure is often messy, running
technically complex “red team” programs against the world’s biggest and most
important open-source project feels a little extra. It’s hard to imagine
researchers and institutions so naive or derelict as not to understand the
potentially huge blast radius of such behavior.
Equally certain, maintainers and project governance are duty bound to
enforce policy and avoid having their time wasted. Common sense suggests
(and users demand) they strive to produce kernel releases that don’t contain
exploits. But killing the messenger seems to miss at least some of the point
— that this was research rather than pure malice, and that it casts light on
a kind of software (and organizational) vulnerability that begs for
technical and systemic mitigation.
I think the “hypocrite commits” contretemps is symptomatic, on every side,
of related trends that threaten the entire extended open-source ecosystem
and its users. That ecosystem has long wrestled with problems of scale,
complexity and free and open-source software’s (FOSS) increasingly critical
importance to every kind of human undertaking. Let’s look at that complex of
problems:
• The biggest open-source projects now present big targets.
• Their complexity and pace have grown beyond the scale where traditional
“commons” approaches or even more evolved governance models can cope.
• They are evolving to commodify each other. For example, it’s becoming
increasingly hard to state, categorically, whether “Linux” or “Kubernetes”
should be treated as the “operating system” for distributed
applications. For-profit organizations have taken note of this and have
begun reorganizing around “full-stack” portfolios and narratives.
• In so doing, some for-profit organizations have begun distorting
traditional patterns of FOSS participation. Many experiments are
underway. Meanwhile, funding, headcount commitments to FOSS and other
metrics seem in decline.
• OSS projects and ecosystems are adapting in diverse ways, sometimes
making it difficult for for-profit organizations to feel at home or see
benefit from participation.
Meanwhile, the threat landscape keeps evolving:
• Attackers are bigger, smarter, faster and more patient, leading to long
games, supply-chain subversion and so on.
• Attacks are more financially, economically and politically profitable
than eve.
• Users are more vulnerable, exposed to more vectors than ever before.
• The increasing use of public clouds creates new layers of technical and
organizational monocultures that may enable and justify attacks.
• Complex commercial off-the-shelf (COTS) solutions assembled partly or
wholly from open-source software create elaborate attack surfaces whose
components (and interactions) are accessible and well understood by bad
actors.
• Software componentization enables new kinds of supply-chain attacks.
• Meanwhile, all this is happening as organizations seek to shed
nonstrategic expertise, shift capital expenditures to operating expenses
and evolve to depend on cloud vendors and other entities to do the hard
work of security.
The net result is that projects of the scale and utter criticality of the
Linux kernel aren't prepared to contend with game-changing, hyperscale
threat models. In the specific case we’re examining here, the researchers
were able to target candidate incursion sites with relatively low effort
(using static analysis tools to assess units of code already identified as
requiring contributor attention), propose “fixes” informally via email, and
leverage many factors, including their own established reputation as
reliable and frequent contributors, to bring exploit code to the verge of
being committed.
------------------------------
Date: Fri, 23 Jul 2021 10:02:27 -0700
From: "Henry Baker" <hba...@pipeline.com>
Subject: Niemoeller's Boiled Frog; Weaponization of App Data
The heat on Niemoeller's Frog is being turned up as we speak...
First they came for the gay priests [...]
and [by then] there was no one left to speak for me.
https://www.vice.com/en/article/pkbxp8/grindr-location-data-priest-weaponization-app
The Inevitable Weaponization of App Data Is Here
Joseph Cox 21 Jul 2021
A Substack publication used location data from Grindr to out a priest
without their consent.
It finally happened. After years of warning from researchers, journalists,
and even governments, someone used highly sensitive location data from a
smartphone app to track and publicly harass a specific person. In this case,
Catholic Substack publication The Pillar said it used location data
ultimately tied to Grindr to trace the movements of a priest, and then outed
him publicly as potentially gay without his consent. *The Washington Post*
reported on Tuesday that the outing led to his resignation.
The news starkly demonstrates not only the inherent power of location data,
but how the chance to wield that power has trickled down from corporations
and intelligence agencies to essentially any sort of disgruntled,
unscrupulous, or dangerous individual. A growing market of data brokers that
collect and sell data from countless apps has made it so that anyone with a
bit of cash and effort can figure out which phone in a so-called anonymized
dataset belongs to a target, and abuse that information.
"Experts have warned for years that data collected by advertising companies
from Americans' phones could be used to track them and reveal the most
personal details of their lives. Unfortunately, they were right," Senator
Ron Wyden told Motherboard in a statement, responding to the incident. "Data
brokers and advertising companies have lied to the public, assuring them
that the information they collected was anonymous. As this awful episode
demonstrates, those claims were bogus--individuals can be tracked and
identified."
In short, The Pillar says that Msgr. Jeffrey Burrill, who was the general
secretary of the U.S. bishops' conference (USCCB) before his resignation,
visited gay bars and other locations while using gay dating app Grindr. "An
analysis of app data signals correlated to Burrill's mobile device shows the
priest also visited gay bars and private residences while using a
location-based hookup app in numerous cities from 2018 to 2020, even while
traveling on assignment for the U.S. bishops' conference," the outlet
wrote. The Pillar says the location data is "commercially available records
of app signal data," and that it obtained the records from "a data vendor"
and then authenticated them with a data consulting firm.
The data itself didn't contain each mobile phone user's real name, but The
Pillar and its partner were able to pinpoint which device belonged to
Burrill by observing one that appeared at the USCCB staff residence and
headquarters, locations of meetings that he was in, as well as his family
lake house and an apartment that has him listed as a resident. In other
words, they managed to, as experts have long said is easy to do, unmask this
specific person and their movements across time from an supposedly anonymous
dataset.
A Grindr spokesperson told Motherboard in an emailed statement that
"Grindr's response is aligned with the editorial story published by the
Washington Post which describes the original blog post from The Pillar as
homophobic and full of unsubstantiated innuendo. The alleged activities
listed in that unattributed blog post are infeasible from a technical
standpoint and incredibly unlikely to occur. There is absolutely no evidence
supporting the allegations of improper data collection or usage related to
the Grindr app as purported."
It is not clear what Grindr sees as "infeasible from a technical
standpoint." In January the Norwegian Data Protection Authority fined Grindr
$11.7 million for providing its users' data to third parties, including
their precise location data. Almost prophetically, Norwegian authorities
said at the time that Grindr users could be targeted with this sort of
information in countries where homosexuality is illegal.
Researchers have repeatedly shown that it is possible to figure out who a
phone in an allegedly anonymized set of location data belongs to sometimes
with a few points of reference, such as their home or place of work. The
spokesperson did not respond to a request to elaborate on what Grindr
believes is technically infeasible.
"The research from The Pillar aligns to the reality that Grindr has
historically treated user data with almost no care or concern, and dozens of
potential ad tech vendors could have ingested the data that led to the
doxxing," Zach Edwards, a researcher who has closely followed the supply
chain of various sources of data, told Motherboard in an online chat. "No
one should be doxxed and outed for adult consenting relationships, but
Grindr never treated their own users with the respect they deserve, and the
Grindr app has shared user data to dozens of ad tech and analytics vendors
for years."
Journalists have also used location data in similar ways before in their
reporting. In February, The New York Times' opinion section married location
and advertising data to reveal the movements and identities of specific
people who attended the January 6 Capitol riots.
"While there were no names or phone numbers in the data, we were once again
able to connect dozens of devices to their owners, tying anonymous locations
back to names, home addresses, social networks and phone numbers of people
in attendance. In one instance, three members of a single family were
tracked in the data," the piece read.
Last week, Motherboard reported on the so-called "identity resolution"
industry, in part by posing as a customer looking to buy sensitive
data. These companies promise to match mobile advertising IDs--unique codes
assigned to mobile phones by their operating systems, and which tech
companies have repeatedly assured consumers are anonymous, or at least
pseudonymous--to real-world identities. This makes unmasking people in
datasets even easier; why bother trying to figure out which phone belongs to
who when you can just buy that information instead.
"Anyone and everyone who has a phone and has installed an app that has ads,
currently is at risk of being de-anonymized via unscrupulous companies,"
Edwards told Motherboard at the time when presented with our findings.
Senator Wyden called for the Federal Trade Commission to act on the data
broker industry. "Last year, I led a bipartisan letter to the FTC calling
for a broad probe of the industry. The FTC needs to step up and protect
Americans from these outrageous privacy violations, and Congress needs to
pass comprehensive federal privacy legislation," he added.
Motherboard has also shown how wide spanning the customer base for this sort
of location data is, with the U.S. military and various law enforcement
agencies also purchasing it, skirting the need to obtain a warrant. And
although the data was based on that generated by telecom networks and not
apps, we also previously spoke to Ruth Johnson, a woman who was stalked and
harassed by someone who gained access to her phone's location. Johnson said
T-Mobile put her "life in danger." Motherboard also tied black market
location data to the spot of a triple murder.
------------------------------
Date: Sat, 24 Jul 2021 23:51:05 -0400
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: Hoe no! Facebook snafu spells trouble for gardening group (AP News)
https://apnews.com/article/lifestyle-technology-oddities-business-gardening-9c9f431f91ba450537974758de4f14d2
[Noe now, brown cow? PGN]
------------------------------
Date: Tue, 27 Jul 2021 12:33:46 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: Hackers Turning to 'Exotic' Programming Languages for Malware
Development (The Hacker News)
Threat actors are increasingly shifting to "exotic" programming languages
such as Go, Rust, Nim, and Dlang that can better circumvent conventional
security protections, evade analysis, and hamper reverse engineering
efforts.
"Malware authors are known for their ability to adapt and modify their
skills and behaviors to take advantage of newer technologies," said
<https://www.blackberry.com/us/en/forms/enterprise/report-old-dogs-new-tricks>
Eric Milam, Vice President of threat research at BlackBerry. "That tactic
has multiple benefits from the development cycle and inherent lack of
coverage from protective products."
On the one hand, languages like Rust are more secure as they offer
guarantees like memory-safe programming
<https://en.wikipedia.org/wiki/Rust_(programming_language)#Memory_safety>,
but they can also be a double-edged sword when malware engineers abuse the
same features designed to offer increased safeguards to their advantage,
thereby making malware less susceptible to exploitation and thwart attempts
to activate a kill-switch
<https://thehackernews.com/2020/08/emotet-botnet-malware.html> and render
them powerless.
Noting that binaries written in these languages can appear more complex,
convoluted, and tedious when disassembled, the researchers said the pivot
adds additional layers of obfuscation, simply by virtue of them being
relatively new, leading to a scenario where older malware developed using
traditional languages like C++ and C# are being actively retooled with
droppers and loaders written in uncommon alternatives to evade detection by
endpoint security systems. [...]
https://thehackernews.com/2021/07/hackers-turning-to-exotic-programming.html
------------------------------
Date: July 26, 2021 21:57:01 JST
From: Dewayne Hendricks <dew...@warpspeed.com>
Subject: Disinformation for Hire, a Shadow Industry, Is Quietly Booming
(Max Fisher)
Back-alley firms meddle in elections and promote falsehoods on behalf of
clients who can claim deniability, escalating our era of unreality.
Max Fisher, The New York Times, 25 Jul 2021
<https://www.nytimes.com/2021/07/25/world/europe/disinformation-social-media.html>
In May, several French and German social media influencers received a
strange proposal. A London-based public relations agency wanted to pay them
to promote messages on behalf of a client. A polished three-page document
detailed what to say and on which platforms to say it. But it asked the
influencers to push not beauty products or vacation packages, as is typical,
but falsehoods tarring Pfizer-BioNTech’s Covid-19 vaccine. Stranger still,
the agency, Fazze, claimed a London address where there is no evidence any
such company exists.
Some recipients posted screenshots of the offer. Exposed, Fazze scrubbed its
social media accounts. That same week, Brazilian and Indian influencers
posted videos echoing Fazze’s script to hundreds of thousands of viewers.
The scheme appears to be part of a secretive industry that security analysts
and American officials say is exploding in scale: disinformation for hire.
Private firms, straddling traditional marketing and the shadow world of
geopolitical influence operations, are selling services once conducted
principally by intelligence agencies. They sow discord, meddle in
elections, seed false narratives and push viral conspiracies, mostly on
social media. And they offer clients something precious: deniability.
“Disinfo-for-hire actors being employed by government or government-adjacent
actors is growing and serious,” said Graham Brookie, director of the
Atlantic Council's Digital Forensic Research Lab, calling it “a boom
industry.”
Similar campaigns have been recently found promoting India's ruling party,
Egyptian foreign policy aims and political figures in Bolivia and Venezuela.
Mr. Brookie's organization tracked one operating amid a mayoral race in
Serra, a small city in Brazil. An ideologically promiscuous Ukrainian firm
boosted several competing political parties.
In the Central African Republic, two separate operations flooded social
media with dueling pro-French and pro-Russian disinformation. Both powers
are vying for influence in the country.
A wave of anti-American posts in Iraq, seemingly organic, were tracked to a
public relations company that was separately accused of faking
anti-government sentiment in Israel. Most trace to back-alley firms whose
legitimate services resemble those of a bottom-rate marketer or email
spammer.
Job postings and employee LinkedIn profiles associated with Fazze describe
it as a subsidiary of a Moscow-based company called Adnow. Some Fazze web
domains are registered as owned by Adnow, as first reported by the German
outlets Netzpolitik and ARD Kontraste. Third-party reviews portray Adnow as
a struggling ad service provider.
European officials say they are investigating who hired Adnow. Sections of
Fazze's anti-Pfizer talking points resemble promotional materials for
Russia’s Sputnik-V vaccine.
For-hire disinformation, though only sometimes effective, is growing more
sophisticated as practitioners iterate and learn. Experts say it is becoming
more common in every part of the world, outpacing operations conducted
directly by governments.
The result is an accelerating rise in polarizing conspiracies, phony citizen
groups and fabricated public sentiment, deteriorating our shared reality
beyond even the depths of recent years.
The trend emerged after the Cambridge Analytica scandal in 2018, experts
say. Cambridge, a political consulting firm linked to members of Donald
J. Trump’s 2016 presidential campaign, was found to have harvested data on
millions of Facebook users.
The controversy drew attention to methods common among social media
marketers. Cambridge used its data to target hyper-specific audiences with
tailored messages. It tested what resonated by tracking likes and shares.
The episode taught a generation of consultants and opportunists that there
was big money in social media marketing for political causes, all disguised
as organic activity.
Some newcomers eventually reached the same conclusion as Russian operatives
had in 2016: Disinformation performs especially well on social platforms.
At the same time, backlash to Russia’s influence-peddling appeared to have
left governments wary of being caught -- while also demonstrating the power
of such operations.
“There is, unfortunately, a huge market demand for disinformation,”
Mr. Brookie said, “and a lot of places across the ecosystem that are more
than willing to fill that demand.”
Commercial firms conducted for-hire disinformation in at least 48 countries
last year — nearly double from the year before, according to an Oxford
University study. The researchers identified 65 companies offering such
services.
Last summer, Facebook removed a network of Bolivian citizen groups and
journalistic fact-checking organizations. It said the pages, which had
promoted falsehoods supporting the country’s right-wing government, were
fake.
Stanford University researchers traced the content to CLS Strategies, a
Washington-based communications firm that had registered as a consultant
with the Bolivian government. The firm had done similar work in Venezuela
and Mexico.
A spokesman referred to the company’s statement last year saying its
regional chief had been placed on leave but disputed Facebook’s accusation
that the work qualified as foreign interference.
Eroding Reality
New technology enables nearly anyone to get involved. Programs batch
generate fake accounts with hard-to-trace profile photos. Instant metrics
help to hone effective messaging. So does access to users’ personal data,
which is easily purchased in bulk.
The campaigns are rarely as sophisticated as those by government hackers or
specialized firms like the Kremlin-backed Internet Research Agency.
But they appear to be cheap. In countries that mandate campaign finance
transparency, firms report billing tens of thousands of dollars for
campaigns that also include traditional consulting services.
The layer of deniability frees governments to sow disinformation more
aggressively, at home and abroad, than might otherwise be worth the
risk. Some contractors, when caught, have claimed they acted without their
client's knowledge or only to win future business.
Platforms have stepped up efforts to root out coordinated
disinformation. Analysts especially credit Facebook, which publishes
detailed reports on campaigns it disrupts.
Still, some argue that social media companies also play a role in worsening
the threat. Engagement-boosting algorithms and design elements, research
finds, often privilege divisive and conspiratorial content.
Political norms have also shifted. A generation of populist leaders, like
Rodrigo Duterte of the Philippines, has risen in part through social media
manipulation. Once in office, many institutionalize those methods as tools
of governance and foreign relations.
In India, dozens of government-run Twitter accounts have shared posts from
India Vs Disinformation, a website and set of social media feeds that
purport to fact-check news stories on India.
India Vs Disinformation is, in reality, the product of a Canadian
communications firm called Press Monitor.
Nearly all the posts seek to discredit or muddy reports unfavorable to Prime
Minister Narendra Modi's government, including on the country’s severe
Covid-19 toll. An associated site promotes pro-Modi narratives under the
guise of news articles.
------------------------------
Date: Sun, 25 Jul 2021 21:25:41 PDT
From: Peter G Neumann <neu...@csl.sri.com>
Subject: What Should Happen to Our Data When We Die?] (NYTimes)
... expect to be victimized by deep fakes, simulations, and questionable
ethical practices ... What could possibly go wrong? PGN
https://www.nytimes.com/2021/07/24/style/what-should-happen-to-our-data-when-we-die.html
------------------------------
Date: Fri, 23 Jul 2021 08:42:16 -0700
From: "Lauren Weinstein" <lau...@vortex.com>
Subject: Breast Cancer Patient Attacked by Violent Anti-Mask Protest
Outside Los Angeles Clinic (Vice)
[Enough!!! LW]
https://www.vice.com/en/article/pkbxmg/breast-cancer-patient-attacked-anti-mask-protest
------------------------------
Date: Mon, 26 Jul 2021 12:52:06 -0700
From: "Henry Baker" <hba...@pipeline.com>
Subject: 'STFU' is anti-science
'Science' is an institution dedicated to improving human knowledge about
natural phenomena, and this institution must progress through amplifying the
tiniest bits of 'signal' drowned in vast amounts of 'noise'. For example,
the LIGO experiment amplifies its signals at least 21 orders of magnitude to
produce a legitimate reading.
More cynically, science progresses by a first scientist coming up with an
hypothesis, and then amplifying this signal by 10 orders of magnitude until
a majority of the O(10 billion) people on the planet are convinced.
Unfortunately, this amplification process has to deal not only with noise
from Nature, but also active *jamming* from people with political
agendas. Jamming is, of course, the active attempt to drown out a signal by
brute force: overpowering the signal with counteracting signals which starve
the new signal for attention (and funding).
Unfortunately, for some scientists, the Hippocratic Oath ('first do no
harm') has been replaced by the Hypocritic Oath ('first shoot the
messenger').
The famous evolutionary biologist Matt Ridley has been calling out this
jamming (albeit without using this term) regarding the so-called COVID 'lab
leak hypothesis' (LLH). It's not as if LLH hasn't happened before -- Google
sheep in Dugway, Utah and ask the victims from a SARS leak in Beijing in
2004 (see www.cdc.gov).
Under the previous administration, the Chinese govt and the main-stream
media excoriated everyone who seriously considered LLH. However, MSNBC hosts
nearly broke their necks with an Orwell-like whiplash when the Biden
administration broke ranks and decided to investigate LLH further.
The following is a long article, behind a paywall, but Matt Ridley hasn't
been shy about these issues, so there are plenty of other places to read his
uncomfortable thoughts.
https://www.wsj.com/articles/covid-china-media-lab-leak-climate-ridley-biden-censorship-coronavirus-11627049477
Tunku Varadarajan 23 Jul 2021
How Science Lost the Public's Trust
>From climate to Covid, politics and hubris have disconnected scientific
institutions from the philosophy and method that ought to guide them.
'Science' has become a political catchword. "I believe in science," Joe
Biden tweeted six days before he was elected president." Donald Trump
doesn't. It's that simple, folks."
But what does it mean to believe in science? The British science writer Matt
Ridley draws a pointed distinction between "science as a philosophy" and
"science as an institution." The former grows out of the Enlightenment,
which Mr. Ridley defines as "the primacy of rational and objective
reasoning." The latter, like all human institutions, is erratic, prone to
falling well short of its stated principles. Mr. Ridley says the Covid
pandemic has "thrown into sharp relief the disconnect between science as a
philosophy and science as an institution."
Mr. Ridley, 63, describes himself as a "science critic, which is a
profession that doesn't really exist." He likens his vocation to that of an
art critic and dismisses most other science writers as "cheerleaders."[...]
With the Canadian molecular biologist Alina Chan, [Ridley is] finishing a
book called "Viral: The Search for the Origin of Covid-19," to be published
in November.
It will likely make its authors unwelcome in China. As Mr. Ridley worked on
the book, he says, it became "horribly clear" that Chinese scientists are
"not free to explain and reveal everything they've been doing with bat
viruses." That information has to be "dug out" by outsiders like him and
Ms. Chan. The Chinese authorities, he says, ordered all scientists to send
their results relevant to the virus for approval by the government before
other scientists or international agencies could vet them: "That is shocking
in the aftermath of a lethal pandemic that has killed millions and
devastated the world."
Mr. Ridley notes that the question of Covid's origin has "mostly been
tackled by people outside the mainstream scientific establishment." People
inside not only have been "disappointingly incurious" but have tried to shut
down the inquiry "to protect the reputation of science as an institution."
The most obvious reason for this resistance: If Covid leaked from a lab, and
especially if it developed there, "science finds itself in the dock."
Other factors have been at play as well. Scientists are as sensitive as
other elites to charges of racism, which the Communist Party used to evade
questions about specifically Chinese practices "such as the trade in
wildlife for food or lab experiments on bat coronaviruses in the city of
Wuhan."
Scientists are a global guild, and the Western scientific community has
"come to have a close relationship with, and even a reliance on, China."
Scientific journals derive considerable "income and input" from China, and
Western universities rely on Chinese students and researchers for tuition
revenue and manpower. All that, Mr. Ridley says, "may have to change in the
wake of the pandemic."
In the U.K., he has also noted "a tendency to admire authoritarian China
among scientists that surprised some people." It didn't surprise
Mr. Ridley. "I've noticed for years," he says, "that scientists take a
somewhat top-down view of the political world, which is odd if you think
about how beautifully bottom-up the evolutionary view of the natural world
is."
He asks: "If you think biological complexity can come about through
unplanned emergence and not need an intelligent designer, then why would you
think human society needs an 'intelligent government'?" Science as an
institution has "a naive belief that if only scientists were in charge, they
would run the world well." Perhaps that's what politicians mean when they
declare that they "believe in science." As we've seen during the pandemic,
science can be a source of power.
But there's a "tension between scientists wanting to present a unified and
authoritative voice," on the one hand, and science-as-philosophy, which is
obligated to "remain open-minded and be prepared to change its mind."
Mr. Ridley fears "that the pandemic has, for the first time, seriously
politicized epidemiology." It's partly "the fault of outside commentators"
who hustle scientists in political directions. "I think it's also the fault
of epidemiologists themselves, deliberately publishing things that fit with
their political prejudices or ignoring things that don't." [...]
The politicization of science leads to a loss of confidence in science as an
institution. The distrust may be justified but leaves a vacuum, often filled
by a "much more superstitious approach to knowledge." To such superstition
Mr. Ridley attributes public resistance to technologies such as genetically
modified food, nuclear power--and vaccines. [...]
Vaccines have been central to the question of "misinformation" and the White
House's pressure campaign against social media to censor it. Mr. Ridley
worries about the opposite problem: that social media "is complicit in
enforcing conformity." It does this "through 'fact checking,' mob pile-ons,
and direct censorship, now explicitly at the behest of the Biden
administration." He points out that Facebook and Wikipedia long banned any
mention of the possibility that the virus leaked from a Wuhan laboratory.
"Conformity," Mr. Ridley says, "is the enemy of scientific progress, which
depends on disagreement and challenge. Science is the belief in the
ignorance of experts, as [the physicist Richard] Feynman put it."
Mr. Ridley reserves his bluntest criticism for "science as a profession,"
which he says has become "rather off-puttingly arrogant and political,
permeated by motivated reasoning and confirmation bias." Increasing numbers
of scientists "seem to fall prey to groupthink, and the process of
peer-reviewing and publishing allows dogmatic gate-keeping to get in the way
of new ideas and open-minded challenge." [...]
In Mr. Ridley's view, the scientific establishment has always had a tendency
"to turn into a church, enforcing obedience to the latest dogma and
expelling heretics and blasphemers."
------------------------------
Date: Sun, 25 Jul 2021 16:26:31 -0400
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: The Problem With Stealing High-End Electronics and Beer (Now I Know)
If you’re reading this on a smartphone, you have something valuable in
your hands — and I’m not talking about the story you’re about to read.
The device you’re holding weighs less than 200 grams (7 ounces) and
retails for as much as $1,000. It’s not quite worth its weight in gold,
but it’s worth more than its weight in silver, which it to say, it’s
both valuable and easily portable.
As a result, it’s a good target for thieves. In fact, most high-end
electronics are. They’re expensive when sold through proper channels and
there’s a lot of demand for them. So if you’re able to steal a lot of
tech, you can probably find buyers simply by offering a discount. All
you need is an easy target and you’ll find yourself a nice, albeit
illegal, payday.
That’s likely what a couple of thieves were thinking when they learned about
a tech startup in their area. Called “Roambee,” the company probably didn’t
have a lot of money for things like office security or the like. In June of
2017, they rather easily broke into Roambee's offices. As Roambee'os
co-founder, Vidya Subramanian, told the Verge, they simply “jimmied the
lock” and gained intro into “the room where we charge our devices, and
needless to say there’s computer equipment everywhere, so they thought it
was a good place to steal stuff.” The robbers stole computers and boxes
filled with what they probably thought were cellphone chargers. Then they
grabbed a beer from Roambee's office refrigerator to celebrate.
That was a mistake.
[This is a long-ish tale of theves. Gabe did not include the last part,
omitting the final punchline, so I will simply tell you what they stole --
GPS trackers -- and why they were so easily caught. PGN]
http://nowiknow.com/the-problem-with-stealing-high-end-electronics-and-beer/
------------------------------
Date: Fri, 23 Jul 2021 17:15:09 +0100
From: anthony <ant...@youngman.org.uk>
Subject: Re: Traffic Analysis and Herd Immunity (Slade, RISKS-32.77)
> Once we reach herd immunity, the number of cases will drop quite
> dramatically.
By that measure, we will NEVER reach herd immunity. The number of people
being RE-infected is rising.
Getting infected, or vaccinated, there's not much difference, only
protects you from being (re-)infected by THAT SPECIFIC variant.
> It prevents the development of new and more dangerous variants.
NOT true! Be it a new or old variant, the biggest indicator of danger is
whether you've met CoVid-19 before. The new variants are "more
transmissible", i.e., easier to catch. They have to be, given the number of
people who are partially or completely immune, if they want to stand a
chance of spreading.
So yes, get vaccinated. Tell your friends and family to get vaccinated. It
*will* protect you and them. What it *won't* do is protect you from catching
CoVid (again (and again)). What it *will* do is protect you from ending up
in hospital - or worse. [...]
Unfortunately, I don't think vaccination has any effect on whether you will
suffer long haul CoVid. I suspect I may be one of the UK's earliest CoVid
victims. I didn't even realise it was likely to have been CoVid until long
after, it was that minor. And the doctor now suspects I may be suffering
from long CoVid.
We need to drop this focus on how many cases we have, and look at how many
of those cases end up in hospital. We're not going to eradicate CoVid, we
need to live with it. We need to stop thinking of it as a pandemic that will
go away, and think of it as what it is -- a new *en*demic illness -- JUST
LIKE THE COMMON COLD. And we've been here before -- it's now thought that
the 1890 pandemic was a previous occasion when a corona virus "jumped
species". A few years later it had mostly disappeared, and is now thought to
be the most common cause of the common cold.
------------------------------
Date: Sat, 24 Jul 2021 12:00:01 -0700
From: "Jim Garrison" <j...@jhmg.net>
Subject: Re: Rounding errors could make certain stop-watches pick wrong race
winners (RISKS-32.77)
> Where rounding errors occurred, they usually resulted in changes of one
> one-hundredth of a second. One raw time of 28.3194 was converted to a
> displayed time of 28.21.
Sorry, but rounding 28.3194 to 28.21 is not a "rounding error", it's just
bad arithmetic due to some other programming error. Unless of course the
article is misquoting or misinterpreting the actual numbers.
------------------------------
Date: Mon, 26 Jul 2021 11:08:37 -0400
From: "Dick Mills" <dickandl...@gmail.com>
Subject: Re: YouTube fined 100 000 Euros delaying court order to restore
video (RISKS-32.77)
It seems like hubris for the "Higher Regional Court at Dresden" to expect
that everyone in the world will recognize that title and recognize the
court's authority. A global outfit like Google may receive dozens of
official sounding crackpot mail messages every day. It could even come
from another Dresden rather than Dresden Germany. It should take a
reasonable time to investigate such a message for authenticity.
Dresden, Kansas, Dresden, Maine, Dresden, Missouri, Dresden, New York,
Dresden, North Dakota, Dresden, Ohio, Dresden, Tennessee, Dresden, Ontario,
Canada, Dresden, Staffordshire, England
------------------------------
Date: Fri, 23 Jul 2021 04:13:23 +0000 (UTC)
From: "Black Michael" <mdbl...@yahoo.com>
Subject: Re: A secret algorithm is transforming DNA evidence. This
defendant could be the first to scrutinize it. (RSKS-32.77)
The article on the DNA testing reminds me of working on weighted non-linear
least squares problems years ago where I learned how to distrust this
process which is used in multiple disciplines to this day (like chemical
analysis and I suspect DNA analysis too). I started with doing gamma ray
spectroscopy and fitting libraries of radioactive elements to find the best
"fit" for a collected spectrum. This was the technique used by the Naval
Research Laboratory for decades to do such fitting on nuclear collections
done by them. Without going into the math it's like finding the best
combination of coins to make a certain $ amount. So to get $1.01 you would
get 4 quarters and 1 penny. And if all you know is quarters and pennies
that's the only answer. But when you add dimes and nickels the number of
possible solutions grows dramatically. Mind you in the real world fits
aren't as exact as this example. I was in a meeting with leading people
from USAF, NRL, LANL, PNL, SRI, and DOE and a rather aggressive argument
broke out between NRL's representative who was doing the least-squares
approach and a mathematician from PNL who said he didn't care what the
underlying data was but that weighted linear least squares was the wrong way
to do it. NRL took offense as they (he) had been doing it for 30 years and
was the national expert on the matter. Our PNL dude ended up creating
software to do "all possible combinations" which had been considered
intractable but he had a special technique from a Russian mathematician to
do it...I wish I still had that reference/software. What the PNL software
did was produce a binary matrix and used an F-Test for a cutoff. So imagine
you have a library of 4 elements and you get this matrix where 1 represents
the presences of a library element in the fit. Rank ordered by residual
value.1 0 1 1 -- what a least square solution will find 0 1 0 11 1 0 10 0 1
1 -- last item in f-test cutoff0 0 1 00 1 1 01 1 1 01 0 1 01 1 1 10 1 1 10 0
0 10 0 1 10 1 0 01 0 0 11 0 0 0 What we found was if the column was ALWAYS
present in all good fits than it was in the sample -- which in the sample
above would be elemen#4. And it turned out to be true in every test we
did. If the items drops in and out of the good solutions presence in the
sample was questionable. One thing the PNL software did not do was try to
estimate how much was in the sample as it could not be supported by
statistics. Generally not enough good solutions to provide a valid standard
deviation.
------------------------------
Date: Fri, 23 Jul 2021 20:18:49 -0400
From: "David B. Horvath, CCP" <dhor...@cobs.com>
Subject: Re: Some locals say a bitcoin mining operation is ruining one of
the Finger Lakes. Here's how. (NBC News, RISKS-32.78)
On 10 Jul 2021 18:30:46 -0400, "John Levine"
<<mailto:jo...@iecc.com>jo...@iecc.com> mentions:
> A bill to ban fossil fuel powered cryptocoin
mining has passed the NY Senate and is currently in front of the house.
Given that electric power (whether created through the use of fossil fuel or
other means -- renewable or not) is a fungible commodity, how does the State
of New York actually plan on banning it? While they could ban a power plant
dedicated to creating power for mining, the fossil plant could sell power to
the grid while the mining operation buys power from another state off the
grid. Or the power could be sold to the grid and the mining occur in another
state. Yet another meaningless law that seems to do good but is really just
the wizard hidden behind the curtains.
Just to be clear: I'm not complaining about the purpose of the bill, just
the implementation or ability to cause a good outcome.
------------------------------
Date: Fri, 23 Jul 2021 20:19:53 -0400
From: "David B. Horvath, CCP" <dhor...@cobs.com>
Subject: Re: RFI on scientific integrity (Baker, RISKS-32.77)
> Innovation in science is a messy, chaotic business ...
Thomas Kuhn's "The Structure of Scientific Revolutions" should be mandatory
reading.
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 32.78
************************
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.78>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Russia Disconnects from Internet in Tests as It Bolsters Security (Reuters)
‘Advanced’ Nuclear Reactors? Don’t Hold Your Breath (Scientific American)
Space Data Integrator (faa.gov)
What Ever Happened to IBM's Watson? (NYTimes)
A Severe Drought Is Threatening the Hoover Dam Reservoir -- and Water
Throughout the West (Mother Jones)
The end of open source? (Shaun O'Meara)
Niemoeller's Boiled Frog: Weaponization of App Data (Josephy Cox via
Henry Baker)
Hoe no! Facebook snafu spells trouble for gardening group (AP News)
Hackers Turning to 'Exotic' Programming Languages for Malware Development
(The Hacker News)
Disinformation for Hire, a Shadow Industry, Is Quietly Booming (Max Fisher)
What Should Happen to Our Data When We Die?] (NYTimes)
Breast Cancer Patient Attacked by Violent Anti-Mask Protest Outside
Los Angeles Clinic (Vice)
'STFU' is anti-science (Tunku Varadarajan via Henry Baker)
The Problem With Stealing High-End Electronics and Beer (Now I Know)
Re: Traffic Analysis and Herd Immunity (anthony youngman}
Re: Rounding errors could make certain stop-watches pick wrong race winners
(Jim Garrison)
Re: YouTube fined 100 000 Euros delaying court order to restore video
(Dick Mills)
Re: A secret algorithm is transforming DNA evidence. This defendant could be
the first to scrutinize it. (Michael Black))
Re: Some locals say a bitcoin mining operation is ruining one of the Finger
Lakes. Here's how. (David B. Horvath)
Re: RFI on scientific integrity (David B. Horvath)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 26 Jul 2021 11:56:56 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Russia Disconnects from Internet in Tests as It Bolsters Security
(Reuters)
Alexander Marrow and Dmitry Antonov, Reuters, 22 Jul 2021,
via ACM TechNews, 26 Jul 2021
Russia reportedly disconnected from the global Internet during tests in June
and July, according to a report by the RBC daily that cited documents from
the working group responsible for strengthening Russia's Internet security
under the 2019 *sovereign Internet* law, which aims to prevent Russia from
being cut off from foreign infrastructure. A working group source said the
purpose of tests was ``to determine the ability of the 'Runet' to work in
case of external distortions, blocks and other threats.'' The Internet
Research Institute's Karen Kazaryan said, ``Given the general secrecy of the
process and the lack of public documents on the subject, it is difficult to
say what happened in these tests.''
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2c0d1x22c833x072256&
------------------------------
Date: Sun, 25 Jul 2021 10:35:53 +0800
From: "Richard Stein" <rms...@ieee.org>
Subject: ‘Advanced’ Nuclear Reactors? Don’t Hold Your Breath
(Scientific American)
https://www.scientificamerican.com/article/lsquo-advanced-rsquo-nuclear-reactors-don-rsquo-t-hold-your-breath/
The essay discusses current commercial interests that promote sodium
metal-cooled nuclear reactors in the ~300 Mwatt range, but argues against
them based on historical evidence.
"Nuclear Plant Accidents: Sodium Reactor Experiment" discusses this ~60 year
old experimental failure based on an analogous design.
https://allthingsnuclear.org/dlochbaum/nuclear-plant-accidents-sodium-reactor-experiment/
While nuclear fission is carbon-free, there's no US-approved repository
to safely and permanently dispose of radioactive reactor effluence.
Sweden's is operational, and Finland is finishing construction of
theirs: See "Into Eternity,"
https://www.amazon.com/Into-Eternity-Entos-aioniotitas-Onkalo/dp/B07Q39FQV3/ref=sr_1_9
(retrieved on 25JUL2021).
Machinery failure (Three Mile Island) or human error (Chernobyl), or
combinations of both, contribute to nuke plant accidents.
If "fat fingers" in a control room are a cause for concern, what about AI to
safely operate a fission reactor? See "AI finds a place in nuclear O&M,"
https://www.reutersevents.com/nuclear/ai-finds-place-nuclear-om
"While AI and machine learning offer a number of benefits for the nuclear
power industry as it moves toward a new generation of reactors, its range,
for the moment, is limited.
"A lack of real, operational data from operating nuclear power stations, a
varying degree of opinion as to which systems would work best, and the
sometimes-mysterious mechanizations within a so-called 'intelligent' system,
or its 'black box' nature, pose potential problems for AI’s use in nuclear."
[A machine-based lesson learned can be hazardous to your health.]
------------------------------
Date: Tue, 13 Jul 2021 09:47:50 +0800
From: "Richard Stein" <rms...@ieee.org>
Subject: Space Data Integrator (faa.gov)
https://www.faa.gov/news/fact_sheets/news_story.cfm?newsId=23476
Ever experience a commercial flight ground stop? Here's the tool that
will minimize delay attributed to an exo-atmospheric vehicle launch or
re-entry in the vicinity of your next flight.
"The SDI operational prototype is designed to accept launch and reentry
vehicle state vector data gathered from operators such as vehicle
position, altitude, and speed. SDI will then process the data, display
it, and distribute it to Traffic Flow Management System (TFMS). SDI
allows the FAA to track the actual versus planned trajectory of launch
and reentry operations, the status of various mission events, and the
display of Aircraft Hazard Areas (AHAs). SDI sends vehicle position and
AHAs to the TFMS for display on the TFMS Traffic Situation Display at
the Command Center."
Risk: Protracted vehicle launch or reentry delay
------------------------------
Date: Fri, 16 Jul 2021 18:27:49 -0400
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: What Ever Happened to IBM's Watson? (NYTimes)
A decade ago, IBM’s public confidence was unmistakable. Its Watson
supercomputer had just trounced Ken Jennings, the best human “Jeopardy!”
player ever, showcasing the power of artificial intelligence. This was
only the beginning of a technological revolution about to sweep through
society, the company pledged.
“Already,” IBM declared in an advertisement the day after the Watson
victory, “we are exploring ways to apply Watson skills to the rich,
varied language of health care, finance, law and academia.”
But inside the company, the star scientist behind Watson had a warning:
Beware what you promise.
David Ferrucci, the scientist, explained that Watson was engineered to
identify word patterns and predict correct answers for the trivia game.
It was not an all-purpose answer box ready to take on the commercial
world, he said. It might well fail a second-grade reading comprehension
test.
His explanation got a polite hearing from business colleagues, but
little more.
“It wasn’t the marketing message,” recalled Mr. Ferrucci, who left IBM
the following year.
It was, however, a prescient message.
https://www.nytimes.com/2021/07/16/technology/what-happened-ibm-watson.html?referringSource=articleShare
------------------------------
Date: Fri, 16 Jul 2021 18:23:36 -0400
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: A Severe Drought Is Threatening the Hoover Dam Reservoir -- and
Water Throughout the West (Mother Jones)
Things will be fine: The governor of Utah has resorted to asking
<https://www.deseret.com/utah/2021/6/7/22522740/utah-gov-cox-called-on-utahns-to-pray-for-rain-some-criticized-him-heres-how-responded-lgbt-drought> people
to pray for rain.
Except: The west has gone through periods like this “megadrought”, with
only occasional respite, for the past two decades. But scientists have
made clear the current conditions would be virtually impossible without
human-caused climate change, pointing to a longer-term “aridification
<https://www.pnas.org/content/117/22/11856.short>” of the region. All of
the water conservation efforts that have kept shortages at bay until now
risk being surpassed by the rising heat. [...]
Even with these adaptions, however, the decline of Lake Mead has caused the
amount of hydropower generated by the dam to drop by around 25 percent. The
drought is expected to cause
https://www.cnn.com/2021/06/17/us/california-drought-oroville-power/index.html
the hydro facility at Lake Oroville, California, to completely shut down,
prompting a warning from the United States Energy Association that a
“megadrought-induced electricity shortage could be catastrophic, affecting
everything from food production to industrial manufacturing”. The
association added that such a scenario could even force people to move east,
in what is called a “reverse Dust Bowl exodus”.
https://www.motherjones.com/environment/2021/07/a-severe-drought-is-threatening-the-hoover-dam-reservoir-and-water-throughout-the-west/
[Why is this RISKS-relevant? Because almost everything is interrelated.
PGN]
------------------------------
Date: July 26, 2021 2:13:53 JST
From: Dewayne Hendricks <dew...@warpspeed.com>
Subject: The end of open source? (Shaun O'Meara)
[Note: This item comes from friend David Rosenthal. DLH
(via Dave Farber)
Shaun O’Meara, TechCrunch, 18 Jul 2021
<https://techcrunch.com/2021/07/18/the-end-of-open-source/>
Several weeks ago, the Linux community was rocked by the disturbing news
that University of Minnesota researchers had developed (but, as it turned
out, not fully executed) a method for introducing what they called
“hypocrite commits” to the Linux kernel — the idea being to distribute
hard-to-detect behaviors, meaningless in themselves, that could later be
aligned by attackers to manifest vulnerabilities.
This was quickly followed by the — in some senses, equally disturbing —
announcement that the university had been banned, at least temporarily, from
contributing to kernel development. A public apology from the researchers
followed.
Though exploit development and disclosure is often messy, running
technically complex “red team” programs against the world’s biggest and most
important open-source project feels a little extra. It’s hard to imagine
researchers and institutions so naive or derelict as not to understand the
potentially huge blast radius of such behavior.
Equally certain, maintainers and project governance are duty bound to
enforce policy and avoid having their time wasted. Common sense suggests
(and users demand) they strive to produce kernel releases that don’t contain
exploits. But killing the messenger seems to miss at least some of the point
— that this was research rather than pure malice, and that it casts light on
a kind of software (and organizational) vulnerability that begs for
technical and systemic mitigation.
I think the “hypocrite commits” contretemps is symptomatic, on every side,
of related trends that threaten the entire extended open-source ecosystem
and its users. That ecosystem has long wrestled with problems of scale,
complexity and free and open-source software’s (FOSS) increasingly critical
importance to every kind of human undertaking. Let’s look at that complex of
problems:
• The biggest open-source projects now present big targets.
• Their complexity and pace have grown beyond the scale where traditional
“commons” approaches or even more evolved governance models can cope.
• They are evolving to commodify each other. For example, it’s becoming
increasingly hard to state, categorically, whether “Linux” or “Kubernetes”
should be treated as the “operating system” for distributed
applications. For-profit organizations have taken note of this and have
begun reorganizing around “full-stack” portfolios and narratives.
• In so doing, some for-profit organizations have begun distorting
traditional patterns of FOSS participation. Many experiments are
underway. Meanwhile, funding, headcount commitments to FOSS and other
metrics seem in decline.
• OSS projects and ecosystems are adapting in diverse ways, sometimes
making it difficult for for-profit organizations to feel at home or see
benefit from participation.
Meanwhile, the threat landscape keeps evolving:
• Attackers are bigger, smarter, faster and more patient, leading to long
games, supply-chain subversion and so on.
• Attacks are more financially, economically and politically profitable
than eve.
• Users are more vulnerable, exposed to more vectors than ever before.
• The increasing use of public clouds creates new layers of technical and
organizational monocultures that may enable and justify attacks.
• Complex commercial off-the-shelf (COTS) solutions assembled partly or
wholly from open-source software create elaborate attack surfaces whose
components (and interactions) are accessible and well understood by bad
actors.
• Software componentization enables new kinds of supply-chain attacks.
• Meanwhile, all this is happening as organizations seek to shed
nonstrategic expertise, shift capital expenditures to operating expenses
and evolve to depend on cloud vendors and other entities to do the hard
work of security.
The net result is that projects of the scale and utter criticality of the
Linux kernel aren't prepared to contend with game-changing, hyperscale
threat models. In the specific case we’re examining here, the researchers
were able to target candidate incursion sites with relatively low effort
(using static analysis tools to assess units of code already identified as
requiring contributor attention), propose “fixes” informally via email, and
leverage many factors, including their own established reputation as
reliable and frequent contributors, to bring exploit code to the verge of
being committed.
------------------------------
Date: Fri, 23 Jul 2021 10:02:27 -0700
From: "Henry Baker" <hba...@pipeline.com>
Subject: Niemoeller's Boiled Frog; Weaponization of App Data
The heat on Niemoeller's Frog is being turned up as we speak...
First they came for the gay priests [...]
and [by then] there was no one left to speak for me.
https://www.vice.com/en/article/pkbxp8/grindr-location-data-priest-weaponization-app
The Inevitable Weaponization of App Data Is Here
Joseph Cox 21 Jul 2021
A Substack publication used location data from Grindr to out a priest
without their consent.
It finally happened. After years of warning from researchers, journalists,
and even governments, someone used highly sensitive location data from a
smartphone app to track and publicly harass a specific person. In this case,
Catholic Substack publication The Pillar said it used location data
ultimately tied to Grindr to trace the movements of a priest, and then outed
him publicly as potentially gay without his consent. *The Washington Post*
reported on Tuesday that the outing led to his resignation.
The news starkly demonstrates not only the inherent power of location data,
but how the chance to wield that power has trickled down from corporations
and intelligence agencies to essentially any sort of disgruntled,
unscrupulous, or dangerous individual. A growing market of data brokers that
collect and sell data from countless apps has made it so that anyone with a
bit of cash and effort can figure out which phone in a so-called anonymized
dataset belongs to a target, and abuse that information.
"Experts have warned for years that data collected by advertising companies
from Americans' phones could be used to track them and reveal the most
personal details of their lives. Unfortunately, they were right," Senator
Ron Wyden told Motherboard in a statement, responding to the incident. "Data
brokers and advertising companies have lied to the public, assuring them
that the information they collected was anonymous. As this awful episode
demonstrates, those claims were bogus--individuals can be tracked and
identified."
In short, The Pillar says that Msgr. Jeffrey Burrill, who was the general
secretary of the U.S. bishops' conference (USCCB) before his resignation,
visited gay bars and other locations while using gay dating app Grindr. "An
analysis of app data signals correlated to Burrill's mobile device shows the
priest also visited gay bars and private residences while using a
location-based hookup app in numerous cities from 2018 to 2020, even while
traveling on assignment for the U.S. bishops' conference," the outlet
wrote. The Pillar says the location data is "commercially available records
of app signal data," and that it obtained the records from "a data vendor"
and then authenticated them with a data consulting firm.
The data itself didn't contain each mobile phone user's real name, but The
Pillar and its partner were able to pinpoint which device belonged to
Burrill by observing one that appeared at the USCCB staff residence and
headquarters, locations of meetings that he was in, as well as his family
lake house and an apartment that has him listed as a resident. In other
words, they managed to, as experts have long said is easy to do, unmask this
specific person and their movements across time from an supposedly anonymous
dataset.
A Grindr spokesperson told Motherboard in an emailed statement that
"Grindr's response is aligned with the editorial story published by the
Washington Post which describes the original blog post from The Pillar as
homophobic and full of unsubstantiated innuendo. The alleged activities
listed in that unattributed blog post are infeasible from a technical
standpoint and incredibly unlikely to occur. There is absolutely no evidence
supporting the allegations of improper data collection or usage related to
the Grindr app as purported."
It is not clear what Grindr sees as "infeasible from a technical
standpoint." In January the Norwegian Data Protection Authority fined Grindr
$11.7 million for providing its users' data to third parties, including
their precise location data. Almost prophetically, Norwegian authorities
said at the time that Grindr users could be targeted with this sort of
information in countries where homosexuality is illegal.
Researchers have repeatedly shown that it is possible to figure out who a
phone in an allegedly anonymized set of location data belongs to sometimes
with a few points of reference, such as their home or place of work. The
spokesperson did not respond to a request to elaborate on what Grindr
believes is technically infeasible.
"The research from The Pillar aligns to the reality that Grindr has
historically treated user data with almost no care or concern, and dozens of
potential ad tech vendors could have ingested the data that led to the
doxxing," Zach Edwards, a researcher who has closely followed the supply
chain of various sources of data, told Motherboard in an online chat. "No
one should be doxxed and outed for adult consenting relationships, but
Grindr never treated their own users with the respect they deserve, and the
Grindr app has shared user data to dozens of ad tech and analytics vendors
for years."
Journalists have also used location data in similar ways before in their
reporting. In February, The New York Times' opinion section married location
and advertising data to reveal the movements and identities of specific
people who attended the January 6 Capitol riots.
"While there were no names or phone numbers in the data, we were once again
able to connect dozens of devices to their owners, tying anonymous locations
back to names, home addresses, social networks and phone numbers of people
in attendance. In one instance, three members of a single family were
tracked in the data," the piece read.
Last week, Motherboard reported on the so-called "identity resolution"
industry, in part by posing as a customer looking to buy sensitive
data. These companies promise to match mobile advertising IDs--unique codes
assigned to mobile phones by their operating systems, and which tech
companies have repeatedly assured consumers are anonymous, or at least
pseudonymous--to real-world identities. This makes unmasking people in
datasets even easier; why bother trying to figure out which phone belongs to
who when you can just buy that information instead.
"Anyone and everyone who has a phone and has installed an app that has ads,
currently is at risk of being de-anonymized via unscrupulous companies,"
Edwards told Motherboard at the time when presented with our findings.
Senator Wyden called for the Federal Trade Commission to act on the data
broker industry. "Last year, I led a bipartisan letter to the FTC calling
for a broad probe of the industry. The FTC needs to step up and protect
Americans from these outrageous privacy violations, and Congress needs to
pass comprehensive federal privacy legislation," he added.
Motherboard has also shown how wide spanning the customer base for this sort
of location data is, with the U.S. military and various law enforcement
agencies also purchasing it, skirting the need to obtain a warrant. And
although the data was based on that generated by telecom networks and not
apps, we also previously spoke to Ruth Johnson, a woman who was stalked and
harassed by someone who gained access to her phone's location. Johnson said
T-Mobile put her "life in danger." Motherboard also tied black market
location data to the spot of a triple murder.
------------------------------
Date: Sat, 24 Jul 2021 23:51:05 -0400
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: Hoe no! Facebook snafu spells trouble for gardening group (AP News)
https://apnews.com/article/lifestyle-technology-oddities-business-gardening-9c9f431f91ba450537974758de4f14d2
[Noe now, brown cow? PGN]
------------------------------
Date: Tue, 27 Jul 2021 12:33:46 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: Hackers Turning to 'Exotic' Programming Languages for Malware
Development (The Hacker News)
Threat actors are increasingly shifting to "exotic" programming languages
such as Go, Rust, Nim, and Dlang that can better circumvent conventional
security protections, evade analysis, and hamper reverse engineering
efforts.
"Malware authors are known for their ability to adapt and modify their
skills and behaviors to take advantage of newer technologies," said
<https://www.blackberry.com/us/en/forms/enterprise/report-old-dogs-new-tricks>
Eric Milam, Vice President of threat research at BlackBerry. "That tactic
has multiple benefits from the development cycle and inherent lack of
coverage from protective products."
On the one hand, languages like Rust are more secure as they offer
guarantees like memory-safe programming
<https://en.wikipedia.org/wiki/Rust_(programming_language)#Memory_safety>,
but they can also be a double-edged sword when malware engineers abuse the
same features designed to offer increased safeguards to their advantage,
thereby making malware less susceptible to exploitation and thwart attempts
to activate a kill-switch
<https://thehackernews.com/2020/08/emotet-botnet-malware.html> and render
them powerless.
Noting that binaries written in these languages can appear more complex,
convoluted, and tedious when disassembled, the researchers said the pivot
adds additional layers of obfuscation, simply by virtue of them being
relatively new, leading to a scenario where older malware developed using
traditional languages like C++ and C# are being actively retooled with
droppers and loaders written in uncommon alternatives to evade detection by
endpoint security systems. [...]
https://thehackernews.com/2021/07/hackers-turning-to-exotic-programming.html
------------------------------
Date: July 26, 2021 21:57:01 JST
From: Dewayne Hendricks <dew...@warpspeed.com>
Subject: Disinformation for Hire, a Shadow Industry, Is Quietly Booming
(Max Fisher)
Back-alley firms meddle in elections and promote falsehoods on behalf of
clients who can claim deniability, escalating our era of unreality.
Max Fisher, The New York Times, 25 Jul 2021
<https://www.nytimes.com/2021/07/25/world/europe/disinformation-social-media.html>
In May, several French and German social media influencers received a
strange proposal. A London-based public relations agency wanted to pay them
to promote messages on behalf of a client. A polished three-page document
detailed what to say and on which platforms to say it. But it asked the
influencers to push not beauty products or vacation packages, as is typical,
but falsehoods tarring Pfizer-BioNTech’s Covid-19 vaccine. Stranger still,
the agency, Fazze, claimed a London address where there is no evidence any
such company exists.
Some recipients posted screenshots of the offer. Exposed, Fazze scrubbed its
social media accounts. That same week, Brazilian and Indian influencers
posted videos echoing Fazze’s script to hundreds of thousands of viewers.
The scheme appears to be part of a secretive industry that security analysts
and American officials say is exploding in scale: disinformation for hire.
Private firms, straddling traditional marketing and the shadow world of
geopolitical influence operations, are selling services once conducted
principally by intelligence agencies. They sow discord, meddle in
elections, seed false narratives and push viral conspiracies, mostly on
social media. And they offer clients something precious: deniability.
“Disinfo-for-hire actors being employed by government or government-adjacent
actors is growing and serious,” said Graham Brookie, director of the
Atlantic Council's Digital Forensic Research Lab, calling it “a boom
industry.”
Similar campaigns have been recently found promoting India's ruling party,
Egyptian foreign policy aims and political figures in Bolivia and Venezuela.
Mr. Brookie's organization tracked one operating amid a mayoral race in
Serra, a small city in Brazil. An ideologically promiscuous Ukrainian firm
boosted several competing political parties.
In the Central African Republic, two separate operations flooded social
media with dueling pro-French and pro-Russian disinformation. Both powers
are vying for influence in the country.
A wave of anti-American posts in Iraq, seemingly organic, were tracked to a
public relations company that was separately accused of faking
anti-government sentiment in Israel. Most trace to back-alley firms whose
legitimate services resemble those of a bottom-rate marketer or email
spammer.
Job postings and employee LinkedIn profiles associated with Fazze describe
it as a subsidiary of a Moscow-based company called Adnow. Some Fazze web
domains are registered as owned by Adnow, as first reported by the German
outlets Netzpolitik and ARD Kontraste. Third-party reviews portray Adnow as
a struggling ad service provider.
European officials say they are investigating who hired Adnow. Sections of
Fazze's anti-Pfizer talking points resemble promotional materials for
Russia’s Sputnik-V vaccine.
For-hire disinformation, though only sometimes effective, is growing more
sophisticated as practitioners iterate and learn. Experts say it is becoming
more common in every part of the world, outpacing operations conducted
directly by governments.
The result is an accelerating rise in polarizing conspiracies, phony citizen
groups and fabricated public sentiment, deteriorating our shared reality
beyond even the depths of recent years.
The trend emerged after the Cambridge Analytica scandal in 2018, experts
say. Cambridge, a political consulting firm linked to members of Donald
J. Trump’s 2016 presidential campaign, was found to have harvested data on
millions of Facebook users.
The controversy drew attention to methods common among social media
marketers. Cambridge used its data to target hyper-specific audiences with
tailored messages. It tested what resonated by tracking likes and shares.
The episode taught a generation of consultants and opportunists that there
was big money in social media marketing for political causes, all disguised
as organic activity.
Some newcomers eventually reached the same conclusion as Russian operatives
had in 2016: Disinformation performs especially well on social platforms.
At the same time, backlash to Russia’s influence-peddling appeared to have
left governments wary of being caught -- while also demonstrating the power
of such operations.
“There is, unfortunately, a huge market demand for disinformation,”
Mr. Brookie said, “and a lot of places across the ecosystem that are more
than willing to fill that demand.”
Commercial firms conducted for-hire disinformation in at least 48 countries
last year — nearly double from the year before, according to an Oxford
University study. The researchers identified 65 companies offering such
services.
Last summer, Facebook removed a network of Bolivian citizen groups and
journalistic fact-checking organizations. It said the pages, which had
promoted falsehoods supporting the country’s right-wing government, were
fake.
Stanford University researchers traced the content to CLS Strategies, a
Washington-based communications firm that had registered as a consultant
with the Bolivian government. The firm had done similar work in Venezuela
and Mexico.
A spokesman referred to the company’s statement last year saying its
regional chief had been placed on leave but disputed Facebook’s accusation
that the work qualified as foreign interference.
Eroding Reality
New technology enables nearly anyone to get involved. Programs batch
generate fake accounts with hard-to-trace profile photos. Instant metrics
help to hone effective messaging. So does access to users’ personal data,
which is easily purchased in bulk.
The campaigns are rarely as sophisticated as those by government hackers or
specialized firms like the Kremlin-backed Internet Research Agency.
But they appear to be cheap. In countries that mandate campaign finance
transparency, firms report billing tens of thousands of dollars for
campaigns that also include traditional consulting services.
The layer of deniability frees governments to sow disinformation more
aggressively, at home and abroad, than might otherwise be worth the
risk. Some contractors, when caught, have claimed they acted without their
client's knowledge or only to win future business.
Platforms have stepped up efforts to root out coordinated
disinformation. Analysts especially credit Facebook, which publishes
detailed reports on campaigns it disrupts.
Still, some argue that social media companies also play a role in worsening
the threat. Engagement-boosting algorithms and design elements, research
finds, often privilege divisive and conspiratorial content.
Political norms have also shifted. A generation of populist leaders, like
Rodrigo Duterte of the Philippines, has risen in part through social media
manipulation. Once in office, many institutionalize those methods as tools
of governance and foreign relations.
In India, dozens of government-run Twitter accounts have shared posts from
India Vs Disinformation, a website and set of social media feeds that
purport to fact-check news stories on India.
India Vs Disinformation is, in reality, the product of a Canadian
communications firm called Press Monitor.
Nearly all the posts seek to discredit or muddy reports unfavorable to Prime
Minister Narendra Modi's government, including on the country’s severe
Covid-19 toll. An associated site promotes pro-Modi narratives under the
guise of news articles.
------------------------------
Date: Sun, 25 Jul 2021 21:25:41 PDT
From: Peter G Neumann <neu...@csl.sri.com>
Subject: What Should Happen to Our Data When We Die?] (NYTimes)
... expect to be victimized by deep fakes, simulations, and questionable
ethical practices ... What could possibly go wrong? PGN
https://www.nytimes.com/2021/07/24/style/what-should-happen-to-our-data-when-we-die.html
------------------------------
Date: Fri, 23 Jul 2021 08:42:16 -0700
From: "Lauren Weinstein" <lau...@vortex.com>
Subject: Breast Cancer Patient Attacked by Violent Anti-Mask Protest
Outside Los Angeles Clinic (Vice)
[Enough!!! LW]
https://www.vice.com/en/article/pkbxmg/breast-cancer-patient-attacked-anti-mask-protest
------------------------------
Date: Mon, 26 Jul 2021 12:52:06 -0700
From: "Henry Baker" <hba...@pipeline.com>
Subject: 'STFU' is anti-science
'Science' is an institution dedicated to improving human knowledge about
natural phenomena, and this institution must progress through amplifying the
tiniest bits of 'signal' drowned in vast amounts of 'noise'. For example,
the LIGO experiment amplifies its signals at least 21 orders of magnitude to
produce a legitimate reading.
More cynically, science progresses by a first scientist coming up with an
hypothesis, and then amplifying this signal by 10 orders of magnitude until
a majority of the O(10 billion) people on the planet are convinced.
Unfortunately, this amplification process has to deal not only with noise
from Nature, but also active *jamming* from people with political
agendas. Jamming is, of course, the active attempt to drown out a signal by
brute force: overpowering the signal with counteracting signals which starve
the new signal for attention (and funding).
Unfortunately, for some scientists, the Hippocratic Oath ('first do no
harm') has been replaced by the Hypocritic Oath ('first shoot the
messenger').
The famous evolutionary biologist Matt Ridley has been calling out this
jamming (albeit without using this term) regarding the so-called COVID 'lab
leak hypothesis' (LLH). It's not as if LLH hasn't happened before -- Google
sheep in Dugway, Utah and ask the victims from a SARS leak in Beijing in
2004 (see www.cdc.gov).
Under the previous administration, the Chinese govt and the main-stream
media excoriated everyone who seriously considered LLH. However, MSNBC hosts
nearly broke their necks with an Orwell-like whiplash when the Biden
administration broke ranks and decided to investigate LLH further.
The following is a long article, behind a paywall, but Matt Ridley hasn't
been shy about these issues, so there are plenty of other places to read his
uncomfortable thoughts.
https://www.wsj.com/articles/covid-china-media-lab-leak-climate-ridley-biden-censorship-coronavirus-11627049477
Tunku Varadarajan 23 Jul 2021
How Science Lost the Public's Trust
>From climate to Covid, politics and hubris have disconnected scientific
institutions from the philosophy and method that ought to guide them.
'Science' has become a political catchword. "I believe in science," Joe
Biden tweeted six days before he was elected president." Donald Trump
doesn't. It's that simple, folks."
But what does it mean to believe in science? The British science writer Matt
Ridley draws a pointed distinction between "science as a philosophy" and
"science as an institution." The former grows out of the Enlightenment,
which Mr. Ridley defines as "the primacy of rational and objective
reasoning." The latter, like all human institutions, is erratic, prone to
falling well short of its stated principles. Mr. Ridley says the Covid
pandemic has "thrown into sharp relief the disconnect between science as a
philosophy and science as an institution."
Mr. Ridley, 63, describes himself as a "science critic, which is a
profession that doesn't really exist." He likens his vocation to that of an
art critic and dismisses most other science writers as "cheerleaders."[...]
With the Canadian molecular biologist Alina Chan, [Ridley is] finishing a
book called "Viral: The Search for the Origin of Covid-19," to be published
in November.
It will likely make its authors unwelcome in China. As Mr. Ridley worked on
the book, he says, it became "horribly clear" that Chinese scientists are
"not free to explain and reveal everything they've been doing with bat
viruses." That information has to be "dug out" by outsiders like him and
Ms. Chan. The Chinese authorities, he says, ordered all scientists to send
their results relevant to the virus for approval by the government before
other scientists or international agencies could vet them: "That is shocking
in the aftermath of a lethal pandemic that has killed millions and
devastated the world."
Mr. Ridley notes that the question of Covid's origin has "mostly been
tackled by people outside the mainstream scientific establishment." People
inside not only have been "disappointingly incurious" but have tried to shut
down the inquiry "to protect the reputation of science as an institution."
The most obvious reason for this resistance: If Covid leaked from a lab, and
especially if it developed there, "science finds itself in the dock."
Other factors have been at play as well. Scientists are as sensitive as
other elites to charges of racism, which the Communist Party used to evade
questions about specifically Chinese practices "such as the trade in
wildlife for food or lab experiments on bat coronaviruses in the city of
Wuhan."
Scientists are a global guild, and the Western scientific community has
"come to have a close relationship with, and even a reliance on, China."
Scientific journals derive considerable "income and input" from China, and
Western universities rely on Chinese students and researchers for tuition
revenue and manpower. All that, Mr. Ridley says, "may have to change in the
wake of the pandemic."
In the U.K., he has also noted "a tendency to admire authoritarian China
among scientists that surprised some people." It didn't surprise
Mr. Ridley. "I've noticed for years," he says, "that scientists take a
somewhat top-down view of the political world, which is odd if you think
about how beautifully bottom-up the evolutionary view of the natural world
is."
He asks: "If you think biological complexity can come about through
unplanned emergence and not need an intelligent designer, then why would you
think human society needs an 'intelligent government'?" Science as an
institution has "a naive belief that if only scientists were in charge, they
would run the world well." Perhaps that's what politicians mean when they
declare that they "believe in science." As we've seen during the pandemic,
science can be a source of power.
But there's a "tension between scientists wanting to present a unified and
authoritative voice," on the one hand, and science-as-philosophy, which is
obligated to "remain open-minded and be prepared to change its mind."
Mr. Ridley fears "that the pandemic has, for the first time, seriously
politicized epidemiology." It's partly "the fault of outside commentators"
who hustle scientists in political directions. "I think it's also the fault
of epidemiologists themselves, deliberately publishing things that fit with
their political prejudices or ignoring things that don't." [...]
The politicization of science leads to a loss of confidence in science as an
institution. The distrust may be justified but leaves a vacuum, often filled
by a "much more superstitious approach to knowledge." To such superstition
Mr. Ridley attributes public resistance to technologies such as genetically
modified food, nuclear power--and vaccines. [...]
Vaccines have been central to the question of "misinformation" and the White
House's pressure campaign against social media to censor it. Mr. Ridley
worries about the opposite problem: that social media "is complicit in
enforcing conformity." It does this "through 'fact checking,' mob pile-ons,
and direct censorship, now explicitly at the behest of the Biden
administration." He points out that Facebook and Wikipedia long banned any
mention of the possibility that the virus leaked from a Wuhan laboratory.
"Conformity," Mr. Ridley says, "is the enemy of scientific progress, which
depends on disagreement and challenge. Science is the belief in the
ignorance of experts, as [the physicist Richard] Feynman put it."
Mr. Ridley reserves his bluntest criticism for "science as a profession,"
which he says has become "rather off-puttingly arrogant and political,
permeated by motivated reasoning and confirmation bias." Increasing numbers
of scientists "seem to fall prey to groupthink, and the process of
peer-reviewing and publishing allows dogmatic gate-keeping to get in the way
of new ideas and open-minded challenge." [...]
In Mr. Ridley's view, the scientific establishment has always had a tendency
"to turn into a church, enforcing obedience to the latest dogma and
expelling heretics and blasphemers."
------------------------------
Date: Sun, 25 Jul 2021 16:26:31 -0400
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: The Problem With Stealing High-End Electronics and Beer (Now I Know)
If you’re reading this on a smartphone, you have something valuable in
your hands — and I’m not talking about the story you’re about to read.
The device you’re holding weighs less than 200 grams (7 ounces) and
retails for as much as $1,000. It’s not quite worth its weight in gold,
but it’s worth more than its weight in silver, which it to say, it’s
both valuable and easily portable.
As a result, it’s a good target for thieves. In fact, most high-end
electronics are. They’re expensive when sold through proper channels and
there’s a lot of demand for them. So if you’re able to steal a lot of
tech, you can probably find buyers simply by offering a discount. All
you need is an easy target and you’ll find yourself a nice, albeit
illegal, payday.
That’s likely what a couple of thieves were thinking when they learned about
a tech startup in their area. Called “Roambee,” the company probably didn’t
have a lot of money for things like office security or the like. In June of
2017, they rather easily broke into Roambee's offices. As Roambee'os
co-founder, Vidya Subramanian, told the Verge, they simply “jimmied the
lock” and gained intro into “the room where we charge our devices, and
needless to say there’s computer equipment everywhere, so they thought it
was a good place to steal stuff.” The robbers stole computers and boxes
filled with what they probably thought were cellphone chargers. Then they
grabbed a beer from Roambee's office refrigerator to celebrate.
That was a mistake.
[This is a long-ish tale of theves. Gabe did not include the last part,
omitting the final punchline, so I will simply tell you what they stole --
GPS trackers -- and why they were so easily caught. PGN]
http://nowiknow.com/the-problem-with-stealing-high-end-electronics-and-beer/
------------------------------
Date: Fri, 23 Jul 2021 17:15:09 +0100
From: anthony <ant...@youngman.org.uk>
Subject: Re: Traffic Analysis and Herd Immunity (Slade, RISKS-32.77)
> Once we reach herd immunity, the number of cases will drop quite
> dramatically.
By that measure, we will NEVER reach herd immunity. The number of people
being RE-infected is rising.
Getting infected, or vaccinated, there's not much difference, only
protects you from being (re-)infected by THAT SPECIFIC variant.
> It prevents the development of new and more dangerous variants.
NOT true! Be it a new or old variant, the biggest indicator of danger is
whether you've met CoVid-19 before. The new variants are "more
transmissible", i.e., easier to catch. They have to be, given the number of
people who are partially or completely immune, if they want to stand a
chance of spreading.
So yes, get vaccinated. Tell your friends and family to get vaccinated. It
*will* protect you and them. What it *won't* do is protect you from catching
CoVid (again (and again)). What it *will* do is protect you from ending up
in hospital - or worse. [...]
Unfortunately, I don't think vaccination has any effect on whether you will
suffer long haul CoVid. I suspect I may be one of the UK's earliest CoVid
victims. I didn't even realise it was likely to have been CoVid until long
after, it was that minor. And the doctor now suspects I may be suffering
from long CoVid.
We need to drop this focus on how many cases we have, and look at how many
of those cases end up in hospital. We're not going to eradicate CoVid, we
need to live with it. We need to stop thinking of it as a pandemic that will
go away, and think of it as what it is -- a new *en*demic illness -- JUST
LIKE THE COMMON COLD. And we've been here before -- it's now thought that
the 1890 pandemic was a previous occasion when a corona virus "jumped
species". A few years later it had mostly disappeared, and is now thought to
be the most common cause of the common cold.
------------------------------
Date: Sat, 24 Jul 2021 12:00:01 -0700
From: "Jim Garrison" <j...@jhmg.net>
Subject: Re: Rounding errors could make certain stop-watches pick wrong race
winners (RISKS-32.77)
> Where rounding errors occurred, they usually resulted in changes of one
> one-hundredth of a second. One raw time of 28.3194 was converted to a
> displayed time of 28.21.
Sorry, but rounding 28.3194 to 28.21 is not a "rounding error", it's just
bad arithmetic due to some other programming error. Unless of course the
article is misquoting or misinterpreting the actual numbers.
------------------------------
Date: Mon, 26 Jul 2021 11:08:37 -0400
From: "Dick Mills" <dickandl...@gmail.com>
Subject: Re: YouTube fined 100 000 Euros delaying court order to restore
video (RISKS-32.77)
It seems like hubris for the "Higher Regional Court at Dresden" to expect
that everyone in the world will recognize that title and recognize the
court's authority. A global outfit like Google may receive dozens of
official sounding crackpot mail messages every day. It could even come
from another Dresden rather than Dresden Germany. It should take a
reasonable time to investigate such a message for authenticity.
Dresden, Kansas, Dresden, Maine, Dresden, Missouri, Dresden, New York,
Dresden, North Dakota, Dresden, Ohio, Dresden, Tennessee, Dresden, Ontario,
Canada, Dresden, Staffordshire, England
------------------------------
Date: Fri, 23 Jul 2021 04:13:23 +0000 (UTC)
From: "Black Michael" <mdbl...@yahoo.com>
Subject: Re: A secret algorithm is transforming DNA evidence. This
defendant could be the first to scrutinize it. (RSKS-32.77)
The article on the DNA testing reminds me of working on weighted non-linear
least squares problems years ago where I learned how to distrust this
process which is used in multiple disciplines to this day (like chemical
analysis and I suspect DNA analysis too). I started with doing gamma ray
spectroscopy and fitting libraries of radioactive elements to find the best
"fit" for a collected spectrum. This was the technique used by the Naval
Research Laboratory for decades to do such fitting on nuclear collections
done by them. Without going into the math it's like finding the best
combination of coins to make a certain $ amount. So to get $1.01 you would
get 4 quarters and 1 penny. And if all you know is quarters and pennies
that's the only answer. But when you add dimes and nickels the number of
possible solutions grows dramatically. Mind you in the real world fits
aren't as exact as this example. I was in a meeting with leading people
from USAF, NRL, LANL, PNL, SRI, and DOE and a rather aggressive argument
broke out between NRL's representative who was doing the least-squares
approach and a mathematician from PNL who said he didn't care what the
underlying data was but that weighted linear least squares was the wrong way
to do it. NRL took offense as they (he) had been doing it for 30 years and
was the national expert on the matter. Our PNL dude ended up creating
software to do "all possible combinations" which had been considered
intractable but he had a special technique from a Russian mathematician to
do it...I wish I still had that reference/software. What the PNL software
did was produce a binary matrix and used an F-Test for a cutoff. So imagine
you have a library of 4 elements and you get this matrix where 1 represents
the presences of a library element in the fit. Rank ordered by residual
value.1 0 1 1 -- what a least square solution will find 0 1 0 11 1 0 10 0 1
1 -- last item in f-test cutoff0 0 1 00 1 1 01 1 1 01 0 1 01 1 1 10 1 1 10 0
0 10 0 1 10 1 0 01 0 0 11 0 0 0 What we found was if the column was ALWAYS
present in all good fits than it was in the sample -- which in the sample
above would be elemen#4. And it turned out to be true in every test we
did. If the items drops in and out of the good solutions presence in the
sample was questionable. One thing the PNL software did not do was try to
estimate how much was in the sample as it could not be supported by
statistics. Generally not enough good solutions to provide a valid standard
deviation.
------------------------------
Date: Fri, 23 Jul 2021 20:18:49 -0400
From: "David B. Horvath, CCP" <dhor...@cobs.com>
Subject: Re: Some locals say a bitcoin mining operation is ruining one of
the Finger Lakes. Here's how. (NBC News, RISKS-32.78)
On 10 Jul 2021 18:30:46 -0400, "John Levine"
<<mailto:jo...@iecc.com>jo...@iecc.com> mentions:
> A bill to ban fossil fuel powered cryptocoin
mining has passed the NY Senate and is currently in front of the house.
Given that electric power (whether created through the use of fossil fuel or
other means -- renewable or not) is a fungible commodity, how does the State
of New York actually plan on banning it? While they could ban a power plant
dedicated to creating power for mining, the fossil plant could sell power to
the grid while the mining operation buys power from another state off the
grid. Or the power could be sold to the grid and the mining occur in another
state. Yet another meaningless law that seems to do good but is really just
the wizard hidden behind the curtains.
Just to be clear: I'm not complaining about the purpose of the bill, just
the implementation or ability to cause a good outcome.
------------------------------
Date: Fri, 23 Jul 2021 20:19:53 -0400
From: "David B. Horvath, CCP" <dhor...@cobs.com>
Subject: Re: RFI on scientific integrity (Baker, RISKS-32.77)
> Innovation in science is a messy, chaotic business ...
Thomas Kuhn's "The Structure of Scientific Revolutions" should be mandatory
reading.
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 32.78
************************
0 new messages