info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Risks Digest 32.74
40 views
Skip to first unread message
RISKS List Owner
Jun 30, 2021, 5:13:26 PM6/30/21
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Wednesday 30 June 2021 Volume 32 : Issue 74
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.74>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents: [Still backlogged]
Wabi-sabi rebar -- on Miami Surfside collapse (Henry Baker)
Qantas pilot was `incapacitated' by oxygen mask (ATSB)
GPS Cyberattack Falsely Placed U.K. Warship Near Russian Naval Base
(New Scientist)
The Internet Eats Up Less Energy Than You Might Think (NYTimes)
The Problem With Jam-ming GPS (Now I Know)
Pilot in deadly Canadian military helicopter crash unaware of
flight-control software conflict, says report (CBC)
Cyber-risk Across the U.S. Nuclear Enterprise (TSNR)
CSIS says 2020 was a banner year for espionage operations targeting Canada
(CBC)
Mounties suspected person leaking secrets had high-level computer access,
search warrants show (CBC)
Major Step Forward for Quantum Error Algorithms (NCI Australian)
3D Scanning Breakthrough Means Results Are 4,500% More Accurate
(Loughborough)
Giant comet found in outer solar system by Dark Energy Survey (phys.org)
Supreme Court sides with credit agency (WashPost)
EDPB & EDPS call for ban on use of AI for automated recognition of human
features in publicly accessible spaces, and some other uses of AI that can
lead to unfair discrimination (Diego Latella)
I've Cracked Zodiac, a French Engineer Says. Online Sleuths Are Skeptical.
(NYTimes)
German States want compulsory pre-installed youth protection filters (Heise)
Politicians vs. Big Tech: Ordinary Users are Going to Lose Big Time!
(TechDirt)
Regarding "My Book" ext. drives w/Internet connectivity (Bleeping Computer
via danny burstein)
Your CPU May Have Slowed Down on Wednesday (travisdowns via Thomas Koenig)
Sony Wins Pirate Site Blocking Order Against DNS-Resolver Quad9
(TorrentFreak)
USPS mail delays: What it means in your Zip code (WashPost)
A Well-Meaning Feature Leaves Millions of Dell PCs Vulnerable (WiReD)
A model to predict how much humans and robots can be trusted with
completing specific tasks (techxplore.com)
Re: End-to-End Verifiability Key to Future Election Security (eric Sosman)
Re: Government Chatbots Now a Necessity for States, Cities, Counties (DJC)
Re: Apple Says It's Time to Digitize Your ID, Ready or Not (Steven Klein)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
From: "Henry Baker" <hba...@pipeline.com>
Subject: Wabi-sabi rebar -- on Miami Surfside collapse
Date: Sat, 26 Jun 2021 08:21:24 -0700
Concerning the Miami Surfside building collapse:
It is well known that the probability of failure in reinforced concrete
approaches 100% after 100 years, and far less time in corrosive environments
-- e.g., coastal salt air:
https://www.structuremag.org/?p=9459
https://www.structuremag.org/wp-content/uploads/2015/12/0116-sd-1.png
The ancient Greeks and Romans knew this, and either avoided reinforcing iron
completely (Pantheon) or coated the iron with lead (Parthenon).
"The ancient Greek builders had secured the marble blocks together with iron
clamps ... They then poured molten lead over the joints to cushion them from
seismic shocks and ***protect the clamps from corrosion.*** But when a Greek
architect, Nikolas Balanos, launched an enthusiastic campaign of
restorations in 1898, he installed crude iron clamps, ... neglecting to add
the lead coating. Rain soon began to play havoc with the new clamps,
swelling the iron and cracking the marble. Less than a century later, it was
clear that parts of the Parthenon were in imminent danger of collapse."
https://www.smithsonianmag.com/history/unlocking-mysteries-of-the-parthenon-16621015/
Unfortunately, this Surfside disaster is merely the 'canary in the coal
mine', as much of our infrastructure is constructed with now-senile
reinforced concrete.
https://www.nytimes.com/2021/06/26/us/miami-building-collapse-investigation.html
Engineer Warned of 'Major Structural Damage' at Florida Condo Complex
Mike Baker and Anjali Singhvi 26 Jun 2021, Updated 8:14 a.m. ET
James Glanz and Joseph B. Treaster contributed to this report.
[Very long item PGN-pruned, but worth reading in full,
especially if you believe in standards and compliance. PGN]
A consultant in 2018 urged the managers to repair cracked columns and
crumbling concrete. The work was finally about to get underway when the
building collapsed.
Three years before the deadly collapse of the Champlain Towers South
condominium complex near Miami, a consultant found alarming evidence of
"major structural damage" to the concrete slab below the pool deck and
"abundant" cracking and crumbling of the columns, beams and walls of the
parking garage under the 13-story building.
The engineer's report helped shape plans for a multimillion-dollar repair
project that was set to get underway soon -- more than two and a half years
after the building managers were warned -- but the building suffered a
catastrophic collapse in the middle of the night on Thursday, trapping
sleeping residents in a massive heap of debris.
The complex's management association had disclosed some of the problems in
the wake of the collapse, but it was not until city officials released the
2018 report late Friday that the full nature of the concrete and rebar
damage -- most of it probably caused by years of exposure to the corrosive
salt air along the South Florida coast -- became chillingly apparent.
"Though some of this damage is minor, most of the concrete deterioration
needs to be repaired in a timely fashion," the consultant, Frank Morabito,
wrote about damage near the base of the structure as part of his October
2018 report on the 40-year-old building in Surfside, Fla. He gave no
indication that the structure was at risk of collapse, though he noted that
the needed repairs would be aimed at "maintaining the structural integrity"
of the building and its 136 units. [...]
[Middle section omitted for RISKS. PGN]
A nearly identical companion property -- Champlain Towers North -- was built
the same year, a few hundred yards up the beach. It was not immediately
clear whether any of the issues raised by the engineer in the south project
had also been found in the other buildings.
Surfside's mayor, Charles W. Burkett, said on Friday that he was worried
about the stability of the north building but did not feel "philosophically
comfortable" ordering people to evacuate. "I can't tell you, I can't assure
you, that the building is safe," he said at a town commission meeting.
The collapse has stunned industry experts in the Miami area, including John
Pistorino, a consulting engineer who designed the 40-year reinspection
program when he was consulting for the county in the 1970s. He touted other
regulations that have come since, including requirements that tall buildings
have an independent engineer verify that construction is going according to
plans. Mr. Pistorino did not want to speculate on the cause of the
collapse. But he said that while some buildings in the region have had
quality problems, any serious deficiencies were unusual, and were typically
easy to detect by way of glaring cracks or other visible problems. "This is
so out of the norm," Mr. Pistorino said. "This is something I cannot fathom
or understand what happened."
------------------------------
From: "John Colville" <John.C...@uts.edu.au>
Subject: Qantas pilot was `incapacitated' by oxygen mask (ATSB)
Date: Thu, 24 Jun 2021 23:50:20 +0000
(ATSB is the Australian Transport Safety Bureau)
The captain of a Qantas Freight flight became temporarily incapacitated
after ingesting too much oxygen from an emergency mask needed when cabin
pressure dropped, prompting the first officer to declare a MAYDAY.
https://www.smh.com.au/national/qantas-pilot-was-incapacitated-by-oxygen-mask-atsb-20210624-p5843l.html
------------------------------
Date: Fri, 25 Jun 2021 12:12:30 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: GPS Cyberattack Falsely Placed U.K. Warship Near Russian Naval Base
(New Scientist)
David Hambling, *New Scientist*, 24 Jun 2021,
via ACM TechNews, Friday, June 25, 2021
A cyberattack may have been involved in a naval confrontation this week
between Russia and a British warship in the Black Sea that never really
happened. The global positioning system (GPS)-tracking Automatic
Identification System (AIS) last week showed both a U.K. warship and a Dutch
naval vessel coming within a few kilometers of a Russian naval base at
Sevastopol, but a live Web camera feed confirmed that both ships were docked
in Odessa, Ukraine, at the time. The spoofing in this case suggests a
deliberate deception, as the ships' coordinates were changed gradually to
imitate normal travel. Dana Goward at the Resilient Navigation and Timing
Foundation said Russia could have executed the spoofing attack, and warned
that such a hack "could easily lead to a shooting war by making things more
confusing in a crisis."
https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-2b9dex22c03cx068909&
------------------------------
From: "Matthew Kruk" <mkr...@gmail.com>
Date: Fri, 25 Jun 2021 07:33:44 -0600
Subject: The Internet Eats Up Less Energy Than You Might Think (NYTimes)
https://www.nytimes.com/2021/06/24/technology/computer-energy-use-study.html
New research by two leading scientists says some dire warnings of
environmental damage from technology are overstated.
[Are they investing in Cybercurrencies and Climate Warming? This should
pique environmentalists. PGN]
------------------------------
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: The Problem With Jam-ming GPS (Now I Know)
Date: Tue, 29 Jun 2021 12:36:20 -0400
http://nowiknow.com/the-problem-with-jam/
------------------------------
From: "Matthew Kruk" <mkr...@gmail.com>
Subject: Pilot in deadly Canadian military helicopter crash unaware of
flight-control software conflict, says report (CBC)
Date: Tue, 29 Jun 2021 07:26:38 -0600
https://www.cbc.ca/news/politics/cyclone-crash-report-greece-1.6082716
The pilot of an ill-fated Canadian military helicopter tried to manually
override the flight control function and - for a variety of reasons - did
not see the autopilot was still on when the CH-148 Cyclone helicopter
crashed into the Ionian Sea off Greece last year, an air force flight safety
investigation has concluded.
The conflict between manual control and the aircraft's automatic flight
controller system caused an unanticipated "bias" in the helicopter's
fly-by-wire (FWB) computers, prompting the aircraft to nose dive at full
speed into the ocean as it was returning to HMCS Fredericton after a
flypast.
------------------------------
From: Paul Saffo <pa...@saffo.com>
Date: Mon, 21 Jun 2021 22:09:39 -0700
Subject: Cyber-risk Across the U.S. Nuclear Enterprise (TSNR)
https://tnsr.org/2021/06/cyber-risk-across-the-u-s-nuclear-enterprise/
As the United States embarks on an effort to modernize many elements of its
nuclear enterprise, it needs to consider how dependencies on modern
information technologies could lead to cyber-induced failures of nuclear
deterrence or to nuclear war. The Biden administration has an opportunity to
address issues of cyber risk across the entire nuclear enterprise in ways
that previous administrations have not.
------------------------------
From: "Matthew Kruk" <mkr...@gmail.com>
Subject: CSIS says 2020 was a banner year for espionage operations targeting
Canada (CBC)
Date: Tue, 29 Jun 2021 07:28:13 -0600
https://www.cbc.ca/news/politics/nsicop-espionage-pandemic-1.5983612
Canada's spy agency says 2020 saw the highest level of foreign espionage and
foreign interference directed at Canadian targets since the end of the Cold
War.
"The fluid and rapidly evolving environment caused by COVID-19 has created a
situation ripe for exploitation by threat actors seeking to advance their own
interests," said Canadian Security Intelligence Service Director David Vigneault
in his agency's 2020 report, released today.
"In 2020, CSIS observed espionage and foreign interference activity at levels
not seen since the Cold War."
The report follows a year of warnings from CSIS and other security agencies
about national security vulnerabilities in Canada's biopharmaceutical and
life sciences sectors. Those sectors were exposed to outside interference as
large numbers of Canadians transitioned to working from home - and as
research involving vaccine, therapeutics and other measures to combat
COVID-19 became far more valuable.
------------------------------
From: "Matthew Kruk" <mkr...@gmail.com>
Subject: Mounties suspected person leaking secrets had high-level computer
access, search warrants show (CBC)
Date: Tue, 29 Jun 2021 06:41:31 -0600
https://www.cbc.ca/news/canada/rcmp-suspected-high-level-leaking-secrets-court-documents-1.6083437?cmp=newsletter_CBC%20News%20Morning%20Brief_4157_286252
The RCMP suspected someone senior in its ranks was offering to spill secrets,
but still didn't know the identity of the alleged leaker for several months
after they first learned highly confidential information about investigations
had been compromised.
The revelation is contained in court documents unsealed late last week at
the request of The Fifth Estate.
The documents suggest investigators ultimately focused on a small group who
had access to sensitive information stored on an RCMP server "controlled by
the RCMP National Intelligence Co-ordination Centre," and "access to its
files is limited to select authorized employees of the RCMP."
------------------------------
Date: Fri, 25 Jun 2021 12:12:30 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Major Step Forward for Quantum Error Algorithms (NCI Australian)
NCI Australian, 21 Jun 2021, via ACM TechNews, Friday, June 25, 2021
Researchers at the University of Sydney have raised the threshold for
correcting quantum calculation errors with the help of the Gadi
supercomputer of Australia's National Computational Infrastructure (NCI)
organization. The researchers used Gadi to run about 87 million simulations
for all possible qubit arrangements and aligned the threshold with the
actual error rates of physical quantum computing systems. Said Sydney's
David Tuckett, "This step brings us closer to making practical quantum
computing possible. Quickly being able to run these simulations on NCI is
central to understanding the effectiveness of our qubit arrangements."
https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-2b9dex22c044x068909&
[I am still concerned about the presence of errors exceeding the assumed
worst case for correction, which typically can result in miscorrection
in conventional error-correcting codes. PGN]
------------------------------
Date: Wed, 30 Jun 2021 12:07:27 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: 3D Scanning Breakthrough Means Results Are 4,500% More Accurate
(Loughborough)
Loughborough University (UK), 29 Jun 2021,
via ACM TechNews, Wednesday, June 30, 2021
Scientists at the U.K.'s Loughborough University and University of
Manchester have boosted the accuracy of three-dimensional (3D) body scans by
4,500% via a free algorithm that can be used with any scanning system. The
Gryphon code can identify and remove errors in scan measurements. In 121
measurements of 97 participants, Gryphon had a margin of error of 0.3
centimeters, compared to an average of 13.8 centimeters for current 3D
scanning machines when data is captured non-consecutively. Loughborough's
Chris Parker said, "We hope this will speed up 3D body scanning, removing
the need for highly trained operators to correct mistakes,
and--ultimately--help 3D body scanning create custom garments for
everyone--without the fuss."
https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-2bad7x22c18cx068589&
[Wow! The post-hoc RISKS lesson here is that nobody should have trusted
what was so bad in the first place. And what makes you think 4,500%
better is good enough for a particular application? Caveat emptor. PGN]
------------------------------
From: "Richard Stein" <rms...@ieee.org>
Subject: Giant comet found in outer solar system by Dark Energy Survey
(phys.org)
Date: Tue, 29 Jun 2021 07:28:30 +0800
https://phys.org/news/2021-06-giant-comet-outer-solar-dark.html
What I found interesting:
"Bernardinelli and Bernstein used 15–20 million CPU hours at the National
Center for Supercomputing Applications and Fermilab, employing sophisticated
identification and tracking algorithms to identify over 800 individual TNOs
from among the more than 16 billion individual sources detected in 80,000
exposures taken as part of the DES. Thirty-two of those detections belonged
to one object in particular —- C/2014 UN271."
15-20 Megacpu hours! That's an awful lot of computation. NCSA has a
"compute dashboard" revealing BlueWaters continuous service delivery
achievement at over 39.2 Gigacpu hours of computation to date (see
https://bluewaters.ncsa.illinois.edu/ retrieved on 29JUN2021). The Dark
Energy Survey has ONLY consumed ~0.05% of this total. A mere pittance.
Given the DES repository size, comet detection and discovery is
analogous to extracting fly poop from a pepper pile. How big of a pile?
http://archive1.dm.noao.edu/home/content (retrieved on 29JUN2021) shows
the total to date: ~795 TBytes. Nightly acquisition accumulates ~0.9
TByte of imaging using a 570 Mpixel camera.
Risk: CO2 generation.
------------------------------
From: Richard Stein <rms...@ieee.org>
Date: Sun, 27 Jun 2021 05:31:19 +0800
Subject: Supreme Court sides with credit agency (WashPost)
https://www.washingtonpost.com/politics/courts_law/supreme-court-credit-oil-alaskans/2021/06/25/74eaa540-d5bb-11eb-a53a-3b5450fdca7a_story.html
'"TransUnion generated credit reports that erroneously flagged many
law-abiding people as potential terrorists and drug traffickers," wrote
Thomas. Yet, "the majority decides that TransUnion's actions are so
insignificant that the Constitution prohibits consumers from vindicating
their rights in federal court. The Constitution does no such thing."'
TransUnion, and other financial service entities, can (and routinely) test
if your name matches one on the list maintained by Treasury Departments
Office of Foreign Assets Control (OFAC). Probably part of their KYC (know
your customer) processes.
https://home.treasury.gov/policy-issues/financial-sanctions/specially-designated-nationals-and-blocked-persons-list-sdn-human-readable-lists
------------------------------
From: "Diego.Latella" <diego....@isti.cnr.it>
Subject: EDPB & EDPS call for ban on use of AI for automated
recognition of human features in publicly accessible spaces, and some other
uses of AI that can lead to unfair discrimination
Date: Tue, 29 Jun 2021 20:35:41 +0200
In a joint opinion regarding the European Commission's Proposal for
Regulation on artificial intelligence, "[t]aking into account the extremely
high risks posed by remote biometric identification of individuals in
publicly accessible spaces, the EDPB [European Data Protection Board] and
the EDPS [European Data Protection Supervisor] call for a general ban on any
use of AI for automated recognition of human features in publicly accessible
spaces, such as recognition of faces, gait, fingerprints, DNA, voice,
keystrokes and other biometric or behavioural signals, in any context."
https://edpb.europa.eu/news/news/2021/edpb-edps-call-ban-use-ai-automated-recognition-human-features-publicly-accessible_en
------------------------------
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: I've Cracked Zodiac, a French Engineer Says. Online Sleuths Are
Skeptical. (NYTimes)
Date: Tue, 22 Jun 2021 23:42:29 -0400
I've Cracked Zodiac, a French Engineer Says. Online Sleuths Are Skeptical.
https://www.nytimes.com/2021/06/22/world/europe/france-zodiac-killer-cipher.html
------------------------------
From: Thomas Koenig <tko...@netcologne.de>
Date: Thu, 24 Jun 2021 22:02:51 +0200
Subject: German States want compulsory pre-installed youth protection
filters (Heise)
The German States want to oblige providers of operating systems for PCs,
laptops and cell phones, for example, to pre-install youth protection
filters and block all websites by default that are not suitable for
under-18s or do not have an age label. This would affect most websites
around the world.
The legal vehicle for this censorship is to be an amendment to the State
Treaty on the Protection of Minors in the Media (JMStV).
This would oblige operating system providers "to effectively block large
parts of the Internet - starting from all devices" until the age
verification of users is completed.
Of course, the divices would also have to send the user's age to all web
sites.
Source (in German):
https://www.heise.de/news/Laender-wollen-Filter-in-allen-Betriebssystemen-Verbaende-laufen-Sturm-6116452.html
------------------------------
From: "Lauren Weinstein" <lau...@vortex.com>
Subject: Politicians vs. Big Tech: Ordinary Users are Going to Lose Big
Time! (TechDirt)
Date: Sun, 27 Jun 2021 14:09:03 -0700
Ordinary Internet users don't realize how much they stand to lose by this
kind of grandstanding by politicians without facts or due
consideration. Both parties seem hell-bent to destroy as much of the
Internet as possible. -L
Congressman Nadler Throws The World's Worst Slumber Party In Order To
Destroy The Internet Policy
https://www.techdirt.com/articles/20210625/09355347057/congressman-nadler-throws-worlds-worst-slumber-party-order-to-destroy-internet.shtml
------------------------------
From: "danny burstein" <dan...@panix.com>
Subject: Regarding "My Book" ext. drives w/Internet connectivity
(Bleeping Computer)
Date: Fri, 25 Jun 2021 00:37:06 +0000
Cough, oops, uggh...
[from Bleeping computer:]
WD My Book NAS devices are being remotely wiped clean worldwide
Western Digital My Book NAS owners worldwide found that their devices have
been mysteriously factory reset and all of their files deleted.
WD My Book is a network-attached storage device that looks like a small
vertical book that you can stand on your desk. The WD My Book Live app
allows owners to access their files and manage their devices remotely,
even if the NAS is behind a firewall or router.
Today, WD My Book owners worldwide suddenly found that all of their files
were mysteriously deleted, and they could no longer log into the device
via a browser or an app.
rest:
https://www.bleepingcomputer.com/news/security/wd-my-book-nas-devices-are-being-remotely-wiped-clean-worldwide/
[Also noted by Monty Solomon at
https://www.theverge.com/2021/6/24/22549677/wd-my-book-live-data-deletion-unplug-lan-cable-threat-actor
PGN]
------------------------------
From: Thomas Koenig <tko...@netcologne.de>
Date: Thu, 24 Jun 2021 23:02:16 +0200
Subject: Your CPU May Have Slowed Down on Wednesday
A microcode update for Intel CPUs appeared to have caused a major
slowdown.
https://travisdowns.github.io/blog/2021/06/17/rip-zero-opt.html
------------------------------
From: Monty Solomon <mo...@roscom.com>
Date: Thu, 24 Jun 2021 17:10:17 -0400
Subject: Sony Wins Pirate Site Blocking Order Against DNS-Resolver Quad9
(TorrentFreak)
Sony Music has obtained an injunction that requires the freely available
DNS-resolver Quad9 to block a popular pirate site. The order, issued by the
District Court in Hamburg, Germany, is the first of its kind. The Quad9
foundation has already announced that it will protest the judgment, which
could have far-reaching consequences.
https://torrentfreak.com/sony-wins-pirate-site-blocking-order-against-dns-resolver-quad9-210621/
------------------------------
From: Gabe Goldberg <ga...@gabegold.com>
Date: Thu, 24 Jun 2021 18:15:06 -0400
Subject: USPS mail delays: What it means in your Zip code (WashPost)
How long it should take for mail to arrive, if it's sent from ...
https://www.washingtonpost.com/business/interactive/2021/dejoy-usps-delays-by-zip-code-map/
------------------------------
From: Gabe Goldberg <ga...@gabegold.com>
Date: Thu, 24 Jun 2021 19:14:41 -0400
Subject: A Well-Meaning Feature Leaves Millions of Dell PCs Vulnerable
(WiReD)
Flaws in a firmware security tool affect as many as 30 million desktops,
laptops, and tablets.
https://www.wired.com/story/dell-firmware-vulnerabilities/
------------------------------
From: Richard Stein <rms...@ieee.org>
Date: Wed, 30 Jun 2021 17:21:25 +0800
Subject: A model to predict how much humans and robots can be trusted with
completing specific tasks (techxplore.com)
https://techxplore.com/news/2021-06-humans-robots-specific-tasks.html
'"There has been a lot of research aimed at understanding why humans should
or should not trust robots, but unfortunately, we know much less about why
robots should or should not trust humans," Herbert Azevedo-Sa, one of the
researchers who carried out the study, told TechXplore. "In truly
collaborative work, however, trust needs to go in both directions. With
this in mind, we wanted to build robots that can interact with and build
trust in humans or in other agents, similarly to a pair of co-workers that
collaborate."'
To trust, or not to trust? That is a key question when a human engages with
a robot and vice-versa. See Francis Fukuyama's "Trust: The Social Virtues
and the Creation of Prosperity." Free Press, 1995. ISBN 0-02-910976-0 for an
exhaustive exploration of what makes trustworthy, cooperative behavior
essential to economic achievement.
No telling what event(s) may tip an organic/robotic relationship into a
foregone, default acceptance favoring the robot. There are clear financial
motives for businesses to promote and attempt to accelerate this
achievement. The tipping point will likely require more than an
anthropomorphic smile, mellifluous voice, or gentle touch.
Laws of robotics (https://en.wikipedia.org/wiki/Laws_of_robotics retrieved
on 30JUN2021) specify noteworthy and meritorious function and behavior.
There are lessons to learn and apply from Amazon.com's warehouse
environment, an algorithmic, heavily robotic ecosystem that measures and
judges organic workers via strict binary objectives. No gray area, no
accounting for "real world," hidden factors that interfere with achievement.
Trust, as humans define and accept it, is unlikely to be equivalence by a
robot and its operating system without a means to computationally specify
and reconcile a near innumerable set and degree of human emotion. Ain't that
so, Spock?
Risk: Non-deterministic outcomes.
------------------------------
Date: Wed, 30 Jun 2021 15:07:52 -0400
From: Eric Sosman <eso...@comcast.net>
Subject: Re: End-to-End Verifiability Key to Future Election Security
In RISKS-32.72 Gabe Goldberg reports on an initiative to strengthen ballot
security with cryptographic methods. He expresses some doubt about the
practicality of such schemes, writing "A high-tech concept will work for
some voters, not for others..."
Indeed, or even Double Indeed! One need look no further than New
York City's week-ago-and-we-still-don't-know mayoral primary to see
that anything "complicated" is well beyond the capabilities of the
people running modern elections. Researchers may invent whiz-bang
tools to make elections secure, but matters will not improve much if
the tools are operated by Larry, Curly, and Moe.
------------------------------
Date: Tue, 29 Jun 2021 23:19:32 +0200
From: DJC <d...@resiak.org>
Subject: Re: Government Chatbots Now a Necessity for States, Cities,
Counties (RISKS-32.62)
> I have never, *not once*, had a useful interaction with a chatbot.
From my experience with (being) technical support in the 1980s, I can
imagine that a chatbot might be able to handle many common queries. Back in
the day, the one question on my part that solved the most problems was "Is
it plugged in / turned on?" A chatbot could have done that, and probably
also resolved the next 10 commonest problems.
Incidentally, most people showed no gratitude for being reminded that their
devices had to be plugged in to work -- indeed they were often furious at
having their inattention so grossly exposed. But my colleague Morris K
figured out an approach to dealing with that:
Okay, first I want you to unplug it / turn it off....
------------------------------
From: "Steven Klein" <ste...@klein.us>
Subject: Re: Apple Says It's Time to Digitize Your ID, Ready or Not
(RISKS-32.72)
Date: Mon, 28 Jun 2021 02:00:38 -0400
Gabe Goldberg raises the concern that:
“If your driver's license is on your phone, you could potentially have to present your fully unlocked device to a law enforcement agent in a transaction like a traffic stop or at airport security.”
Fortunately, that's not how Apple wallet works.
On my iPhone XS, when I double-tap the side button, it displays the cards in my digital wallet, but does *not* unlock my phone.
That cop or TSA agent would be able to view all the cards in my wallet, but not anything else in my phone.
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 32.74
************************
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.74>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents: [Still backlogged]
Wabi-sabi rebar -- on Miami Surfside collapse (Henry Baker)
Qantas pilot was `incapacitated' by oxygen mask (ATSB)
GPS Cyberattack Falsely Placed U.K. Warship Near Russian Naval Base
(New Scientist)
The Internet Eats Up Less Energy Than You Might Think (NYTimes)
The Problem With Jam-ming GPS (Now I Know)
Pilot in deadly Canadian military helicopter crash unaware of
flight-control software conflict, says report (CBC)
Cyber-risk Across the U.S. Nuclear Enterprise (TSNR)
CSIS says 2020 was a banner year for espionage operations targeting Canada
(CBC)
Mounties suspected person leaking secrets had high-level computer access,
search warrants show (CBC)
Major Step Forward for Quantum Error Algorithms (NCI Australian)
3D Scanning Breakthrough Means Results Are 4,500% More Accurate
(Loughborough)
Giant comet found in outer solar system by Dark Energy Survey (phys.org)
Supreme Court sides with credit agency (WashPost)
EDPB & EDPS call for ban on use of AI for automated recognition of human
features in publicly accessible spaces, and some other uses of AI that can
lead to unfair discrimination (Diego Latella)
I've Cracked Zodiac, a French Engineer Says. Online Sleuths Are Skeptical.
(NYTimes)
German States want compulsory pre-installed youth protection filters (Heise)
Politicians vs. Big Tech: Ordinary Users are Going to Lose Big Time!
(TechDirt)
Regarding "My Book" ext. drives w/Internet connectivity (Bleeping Computer
via danny burstein)
Your CPU May Have Slowed Down on Wednesday (travisdowns via Thomas Koenig)
Sony Wins Pirate Site Blocking Order Against DNS-Resolver Quad9
(TorrentFreak)
USPS mail delays: What it means in your Zip code (WashPost)
A Well-Meaning Feature Leaves Millions of Dell PCs Vulnerable (WiReD)
A model to predict how much humans and robots can be trusted with
completing specific tasks (techxplore.com)
Re: End-to-End Verifiability Key to Future Election Security (eric Sosman)
Re: Government Chatbots Now a Necessity for States, Cities, Counties (DJC)
Re: Apple Says It's Time to Digitize Your ID, Ready or Not (Steven Klein)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
From: "Henry Baker" <hba...@pipeline.com>
Subject: Wabi-sabi rebar -- on Miami Surfside collapse
Date: Sat, 26 Jun 2021 08:21:24 -0700
Concerning the Miami Surfside building collapse:
It is well known that the probability of failure in reinforced concrete
approaches 100% after 100 years, and far less time in corrosive environments
-- e.g., coastal salt air:
https://www.structuremag.org/?p=9459
https://www.structuremag.org/wp-content/uploads/2015/12/0116-sd-1.png
The ancient Greeks and Romans knew this, and either avoided reinforcing iron
completely (Pantheon) or coated the iron with lead (Parthenon).
"The ancient Greek builders had secured the marble blocks together with iron
clamps ... They then poured molten lead over the joints to cushion them from
seismic shocks and ***protect the clamps from corrosion.*** But when a Greek
architect, Nikolas Balanos, launched an enthusiastic campaign of
restorations in 1898, he installed crude iron clamps, ... neglecting to add
the lead coating. Rain soon began to play havoc with the new clamps,
swelling the iron and cracking the marble. Less than a century later, it was
clear that parts of the Parthenon were in imminent danger of collapse."
https://www.smithsonianmag.com/history/unlocking-mysteries-of-the-parthenon-16621015/
Unfortunately, this Surfside disaster is merely the 'canary in the coal
mine', as much of our infrastructure is constructed with now-senile
reinforced concrete.
https://www.nytimes.com/2021/06/26/us/miami-building-collapse-investigation.html
Engineer Warned of 'Major Structural Damage' at Florida Condo Complex
Mike Baker and Anjali Singhvi 26 Jun 2021, Updated 8:14 a.m. ET
James Glanz and Joseph B. Treaster contributed to this report.
[Very long item PGN-pruned, but worth reading in full,
especially if you believe in standards and compliance. PGN]
A consultant in 2018 urged the managers to repair cracked columns and
crumbling concrete. The work was finally about to get underway when the
building collapsed.
Three years before the deadly collapse of the Champlain Towers South
condominium complex near Miami, a consultant found alarming evidence of
"major structural damage" to the concrete slab below the pool deck and
"abundant" cracking and crumbling of the columns, beams and walls of the
parking garage under the 13-story building.
The engineer's report helped shape plans for a multimillion-dollar repair
project that was set to get underway soon -- more than two and a half years
after the building managers were warned -- but the building suffered a
catastrophic collapse in the middle of the night on Thursday, trapping
sleeping residents in a massive heap of debris.
The complex's management association had disclosed some of the problems in
the wake of the collapse, but it was not until city officials released the
2018 report late Friday that the full nature of the concrete and rebar
damage -- most of it probably caused by years of exposure to the corrosive
salt air along the South Florida coast -- became chillingly apparent.
"Though some of this damage is minor, most of the concrete deterioration
needs to be repaired in a timely fashion," the consultant, Frank Morabito,
wrote about damage near the base of the structure as part of his October
2018 report on the 40-year-old building in Surfside, Fla. He gave no
indication that the structure was at risk of collapse, though he noted that
the needed repairs would be aimed at "maintaining the structural integrity"
of the building and its 136 units. [...]
[Middle section omitted for RISKS. PGN]
A nearly identical companion property -- Champlain Towers North -- was built
the same year, a few hundred yards up the beach. It was not immediately
clear whether any of the issues raised by the engineer in the south project
had also been found in the other buildings.
Surfside's mayor, Charles W. Burkett, said on Friday that he was worried
about the stability of the north building but did not feel "philosophically
comfortable" ordering people to evacuate. "I can't tell you, I can't assure
you, that the building is safe," he said at a town commission meeting.
The collapse has stunned industry experts in the Miami area, including John
Pistorino, a consulting engineer who designed the 40-year reinspection
program when he was consulting for the county in the 1970s. He touted other
regulations that have come since, including requirements that tall buildings
have an independent engineer verify that construction is going according to
plans. Mr. Pistorino did not want to speculate on the cause of the
collapse. But he said that while some buildings in the region have had
quality problems, any serious deficiencies were unusual, and were typically
easy to detect by way of glaring cracks or other visible problems. "This is
so out of the norm," Mr. Pistorino said. "This is something I cannot fathom
or understand what happened."
------------------------------
From: "John Colville" <John.C...@uts.edu.au>
Subject: Qantas pilot was `incapacitated' by oxygen mask (ATSB)
Date: Thu, 24 Jun 2021 23:50:20 +0000
(ATSB is the Australian Transport Safety Bureau)
The captain of a Qantas Freight flight became temporarily incapacitated
after ingesting too much oxygen from an emergency mask needed when cabin
pressure dropped, prompting the first officer to declare a MAYDAY.
https://www.smh.com.au/national/qantas-pilot-was-incapacitated-by-oxygen-mask-atsb-20210624-p5843l.html
------------------------------
Date: Fri, 25 Jun 2021 12:12:30 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: GPS Cyberattack Falsely Placed U.K. Warship Near Russian Naval Base
(New Scientist)
David Hambling, *New Scientist*, 24 Jun 2021,
via ACM TechNews, Friday, June 25, 2021
A cyberattack may have been involved in a naval confrontation this week
between Russia and a British warship in the Black Sea that never really
happened. The global positioning system (GPS)-tracking Automatic
Identification System (AIS) last week showed both a U.K. warship and a Dutch
naval vessel coming within a few kilometers of a Russian naval base at
Sevastopol, but a live Web camera feed confirmed that both ships were docked
in Odessa, Ukraine, at the time. The spoofing in this case suggests a
deliberate deception, as the ships' coordinates were changed gradually to
imitate normal travel. Dana Goward at the Resilient Navigation and Timing
Foundation said Russia could have executed the spoofing attack, and warned
that such a hack "could easily lead to a shooting war by making things more
confusing in a crisis."
https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-2b9dex22c03cx068909&
------------------------------
From: "Matthew Kruk" <mkr...@gmail.com>
Date: Fri, 25 Jun 2021 07:33:44 -0600
Subject: The Internet Eats Up Less Energy Than You Might Think (NYTimes)
https://www.nytimes.com/2021/06/24/technology/computer-energy-use-study.html
New research by two leading scientists says some dire warnings of
environmental damage from technology are overstated.
[Are they investing in Cybercurrencies and Climate Warming? This should
pique environmentalists. PGN]
------------------------------
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: The Problem With Jam-ming GPS (Now I Know)
Date: Tue, 29 Jun 2021 12:36:20 -0400
http://nowiknow.com/the-problem-with-jam/
------------------------------
From: "Matthew Kruk" <mkr...@gmail.com>
Subject: Pilot in deadly Canadian military helicopter crash unaware of
flight-control software conflict, says report (CBC)
Date: Tue, 29 Jun 2021 07:26:38 -0600
https://www.cbc.ca/news/politics/cyclone-crash-report-greece-1.6082716
The pilot of an ill-fated Canadian military helicopter tried to manually
override the flight control function and - for a variety of reasons - did
not see the autopilot was still on when the CH-148 Cyclone helicopter
crashed into the Ionian Sea off Greece last year, an air force flight safety
investigation has concluded.
The conflict between manual control and the aircraft's automatic flight
controller system caused an unanticipated "bias" in the helicopter's
fly-by-wire (FWB) computers, prompting the aircraft to nose dive at full
speed into the ocean as it was returning to HMCS Fredericton after a
flypast.
------------------------------
From: Paul Saffo <pa...@saffo.com>
Date: Mon, 21 Jun 2021 22:09:39 -0700
Subject: Cyber-risk Across the U.S. Nuclear Enterprise (TSNR)
https://tnsr.org/2021/06/cyber-risk-across-the-u-s-nuclear-enterprise/
As the United States embarks on an effort to modernize many elements of its
nuclear enterprise, it needs to consider how dependencies on modern
information technologies could lead to cyber-induced failures of nuclear
deterrence or to nuclear war. The Biden administration has an opportunity to
address issues of cyber risk across the entire nuclear enterprise in ways
that previous administrations have not.
------------------------------
From: "Matthew Kruk" <mkr...@gmail.com>
Subject: CSIS says 2020 was a banner year for espionage operations targeting
Canada (CBC)
Date: Tue, 29 Jun 2021 07:28:13 -0600
https://www.cbc.ca/news/politics/nsicop-espionage-pandemic-1.5983612
Canada's spy agency says 2020 saw the highest level of foreign espionage and
foreign interference directed at Canadian targets since the end of the Cold
War.
"The fluid and rapidly evolving environment caused by COVID-19 has created a
situation ripe for exploitation by threat actors seeking to advance their own
interests," said Canadian Security Intelligence Service Director David Vigneault
in his agency's 2020 report, released today.
"In 2020, CSIS observed espionage and foreign interference activity at levels
not seen since the Cold War."
The report follows a year of warnings from CSIS and other security agencies
about national security vulnerabilities in Canada's biopharmaceutical and
life sciences sectors. Those sectors were exposed to outside interference as
large numbers of Canadians transitioned to working from home - and as
research involving vaccine, therapeutics and other measures to combat
COVID-19 became far more valuable.
------------------------------
From: "Matthew Kruk" <mkr...@gmail.com>
Subject: Mounties suspected person leaking secrets had high-level computer
access, search warrants show (CBC)
Date: Tue, 29 Jun 2021 06:41:31 -0600
https://www.cbc.ca/news/canada/rcmp-suspected-high-level-leaking-secrets-court-documents-1.6083437?cmp=newsletter_CBC%20News%20Morning%20Brief_4157_286252
The RCMP suspected someone senior in its ranks was offering to spill secrets,
but still didn't know the identity of the alleged leaker for several months
after they first learned highly confidential information about investigations
had been compromised.
The revelation is contained in court documents unsealed late last week at
the request of The Fifth Estate.
The documents suggest investigators ultimately focused on a small group who
had access to sensitive information stored on an RCMP server "controlled by
the RCMP National Intelligence Co-ordination Centre," and "access to its
files is limited to select authorized employees of the RCMP."
------------------------------
Date: Fri, 25 Jun 2021 12:12:30 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: Major Step Forward for Quantum Error Algorithms (NCI Australian)
NCI Australian, 21 Jun 2021, via ACM TechNews, Friday, June 25, 2021
Researchers at the University of Sydney have raised the threshold for
correcting quantum calculation errors with the help of the Gadi
supercomputer of Australia's National Computational Infrastructure (NCI)
organization. The researchers used Gadi to run about 87 million simulations
for all possible qubit arrangements and aligned the threshold with the
actual error rates of physical quantum computing systems. Said Sydney's
David Tuckett, "This step brings us closer to making practical quantum
computing possible. Quickly being able to run these simulations on NCI is
central to understanding the effectiveness of our qubit arrangements."
https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-2b9dex22c044x068909&
[I am still concerned about the presence of errors exceeding the assumed
worst case for correction, which typically can result in miscorrection
in conventional error-correcting codes. PGN]
------------------------------
Date: Wed, 30 Jun 2021 12:07:27 -0400 (EDT)
From: ACM TechNews <technew...@acm.org>
Subject: 3D Scanning Breakthrough Means Results Are 4,500% More Accurate
(Loughborough)
Loughborough University (UK), 29 Jun 2021,
via ACM TechNews, Wednesday, June 30, 2021
Scientists at the U.K.'s Loughborough University and University of
Manchester have boosted the accuracy of three-dimensional (3D) body scans by
4,500% via a free algorithm that can be used with any scanning system. The
Gryphon code can identify and remove errors in scan measurements. In 121
measurements of 97 participants, Gryphon had a margin of error of 0.3
centimeters, compared to an average of 13.8 centimeters for current 3D
scanning machines when data is captured non-consecutively. Loughborough's
Chris Parker said, "We hope this will speed up 3D body scanning, removing
the need for highly trained operators to correct mistakes,
and--ultimately--help 3D body scanning create custom garments for
everyone--without the fuss."
https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-2bad7x22c18cx068589&
[Wow! The post-hoc RISKS lesson here is that nobody should have trusted
what was so bad in the first place. And what makes you think 4,500%
better is good enough for a particular application? Caveat emptor. PGN]
------------------------------
From: "Richard Stein" <rms...@ieee.org>
Subject: Giant comet found in outer solar system by Dark Energy Survey
(phys.org)
Date: Tue, 29 Jun 2021 07:28:30 +0800
https://phys.org/news/2021-06-giant-comet-outer-solar-dark.html
What I found interesting:
"Bernardinelli and Bernstein used 15–20 million CPU hours at the National
Center for Supercomputing Applications and Fermilab, employing sophisticated
identification and tracking algorithms to identify over 800 individual TNOs
from among the more than 16 billion individual sources detected in 80,000
exposures taken as part of the DES. Thirty-two of those detections belonged
to one object in particular —- C/2014 UN271."
15-20 Megacpu hours! That's an awful lot of computation. NCSA has a
"compute dashboard" revealing BlueWaters continuous service delivery
achievement at over 39.2 Gigacpu hours of computation to date (see
https://bluewaters.ncsa.illinois.edu/ retrieved on 29JUN2021). The Dark
Energy Survey has ONLY consumed ~0.05% of this total. A mere pittance.
Given the DES repository size, comet detection and discovery is
analogous to extracting fly poop from a pepper pile. How big of a pile?
http://archive1.dm.noao.edu/home/content (retrieved on 29JUN2021) shows
the total to date: ~795 TBytes. Nightly acquisition accumulates ~0.9
TByte of imaging using a 570 Mpixel camera.
Risk: CO2 generation.
------------------------------
From: Richard Stein <rms...@ieee.org>
Date: Sun, 27 Jun 2021 05:31:19 +0800
Subject: Supreme Court sides with credit agency (WashPost)
https://www.washingtonpost.com/politics/courts_law/supreme-court-credit-oil-alaskans/2021/06/25/74eaa540-d5bb-11eb-a53a-3b5450fdca7a_story.html
'"TransUnion generated credit reports that erroneously flagged many
law-abiding people as potential terrorists and drug traffickers," wrote
Thomas. Yet, "the majority decides that TransUnion's actions are so
insignificant that the Constitution prohibits consumers from vindicating
their rights in federal court. The Constitution does no such thing."'
TransUnion, and other financial service entities, can (and routinely) test
if your name matches one on the list maintained by Treasury Departments
Office of Foreign Assets Control (OFAC). Probably part of their KYC (know
your customer) processes.
https://home.treasury.gov/policy-issues/financial-sanctions/specially-designated-nationals-and-blocked-persons-list-sdn-human-readable-lists
------------------------------
From: "Diego.Latella" <diego....@isti.cnr.it>
Subject: EDPB & EDPS call for ban on use of AI for automated
recognition of human features in publicly accessible spaces, and some other
uses of AI that can lead to unfair discrimination
Date: Tue, 29 Jun 2021 20:35:41 +0200
In a joint opinion regarding the European Commission's Proposal for
Regulation on artificial intelligence, "[t]aking into account the extremely
high risks posed by remote biometric identification of individuals in
publicly accessible spaces, the EDPB [European Data Protection Board] and
the EDPS [European Data Protection Supervisor] call for a general ban on any
use of AI for automated recognition of human features in publicly accessible
spaces, such as recognition of faces, gait, fingerprints, DNA, voice,
keystrokes and other biometric or behavioural signals, in any context."
https://edpb.europa.eu/news/news/2021/edpb-edps-call-ban-use-ai-automated-recognition-human-features-publicly-accessible_en
------------------------------
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: I've Cracked Zodiac, a French Engineer Says. Online Sleuths Are
Skeptical. (NYTimes)
Date: Tue, 22 Jun 2021 23:42:29 -0400
I've Cracked Zodiac, a French Engineer Says. Online Sleuths Are Skeptical.
https://www.nytimes.com/2021/06/22/world/europe/france-zodiac-killer-cipher.html
------------------------------
From: Thomas Koenig <tko...@netcologne.de>
Date: Thu, 24 Jun 2021 22:02:51 +0200
Subject: German States want compulsory pre-installed youth protection
filters (Heise)
The German States want to oblige providers of operating systems for PCs,
laptops and cell phones, for example, to pre-install youth protection
filters and block all websites by default that are not suitable for
under-18s or do not have an age label. This would affect most websites
around the world.
The legal vehicle for this censorship is to be an amendment to the State
Treaty on the Protection of Minors in the Media (JMStV).
This would oblige operating system providers "to effectively block large
parts of the Internet - starting from all devices" until the age
verification of users is completed.
Of course, the divices would also have to send the user's age to all web
sites.
Source (in German):
https://www.heise.de/news/Laender-wollen-Filter-in-allen-Betriebssystemen-Verbaende-laufen-Sturm-6116452.html
------------------------------
From: "Lauren Weinstein" <lau...@vortex.com>
Subject: Politicians vs. Big Tech: Ordinary Users are Going to Lose Big
Time! (TechDirt)
Date: Sun, 27 Jun 2021 14:09:03 -0700
Ordinary Internet users don't realize how much they stand to lose by this
kind of grandstanding by politicians without facts or due
consideration. Both parties seem hell-bent to destroy as much of the
Internet as possible. -L
Congressman Nadler Throws The World's Worst Slumber Party In Order To
Destroy The Internet Policy
https://www.techdirt.com/articles/20210625/09355347057/congressman-nadler-throws-worlds-worst-slumber-party-order-to-destroy-internet.shtml
------------------------------
From: "danny burstein" <dan...@panix.com>
Subject: Regarding "My Book" ext. drives w/Internet connectivity
(Bleeping Computer)
Date: Fri, 25 Jun 2021 00:37:06 +0000
Cough, oops, uggh...
[from Bleeping computer:]
WD My Book NAS devices are being remotely wiped clean worldwide
Western Digital My Book NAS owners worldwide found that their devices have
been mysteriously factory reset and all of their files deleted.
WD My Book is a network-attached storage device that looks like a small
vertical book that you can stand on your desk. The WD My Book Live app
allows owners to access their files and manage their devices remotely,
even if the NAS is behind a firewall or router.
Today, WD My Book owners worldwide suddenly found that all of their files
were mysteriously deleted, and they could no longer log into the device
via a browser or an app.
rest:
https://www.bleepingcomputer.com/news/security/wd-my-book-nas-devices-are-being-remotely-wiped-clean-worldwide/
[Also noted by Monty Solomon at
https://www.theverge.com/2021/6/24/22549677/wd-my-book-live-data-deletion-unplug-lan-cable-threat-actor
PGN]
------------------------------
From: Thomas Koenig <tko...@netcologne.de>
Date: Thu, 24 Jun 2021 23:02:16 +0200
Subject: Your CPU May Have Slowed Down on Wednesday
A microcode update for Intel CPUs appeared to have caused a major
slowdown.
https://travisdowns.github.io/blog/2021/06/17/rip-zero-opt.html
------------------------------
From: Monty Solomon <mo...@roscom.com>
Date: Thu, 24 Jun 2021 17:10:17 -0400
Subject: Sony Wins Pirate Site Blocking Order Against DNS-Resolver Quad9
(TorrentFreak)
Sony Music has obtained an injunction that requires the freely available
DNS-resolver Quad9 to block a popular pirate site. The order, issued by the
District Court in Hamburg, Germany, is the first of its kind. The Quad9
foundation has already announced that it will protest the judgment, which
could have far-reaching consequences.
https://torrentfreak.com/sony-wins-pirate-site-blocking-order-against-dns-resolver-quad9-210621/
------------------------------
From: Gabe Goldberg <ga...@gabegold.com>
Date: Thu, 24 Jun 2021 18:15:06 -0400
Subject: USPS mail delays: What it means in your Zip code (WashPost)
How long it should take for mail to arrive, if it's sent from ...
https://www.washingtonpost.com/business/interactive/2021/dejoy-usps-delays-by-zip-code-map/
------------------------------
From: Gabe Goldberg <ga...@gabegold.com>
Date: Thu, 24 Jun 2021 19:14:41 -0400
Subject: A Well-Meaning Feature Leaves Millions of Dell PCs Vulnerable
(WiReD)
Flaws in a firmware security tool affect as many as 30 million desktops,
laptops, and tablets.
https://www.wired.com/story/dell-firmware-vulnerabilities/
------------------------------
From: Richard Stein <rms...@ieee.org>
Date: Wed, 30 Jun 2021 17:21:25 +0800
Subject: A model to predict how much humans and robots can be trusted with
completing specific tasks (techxplore.com)
https://techxplore.com/news/2021-06-humans-robots-specific-tasks.html
'"There has been a lot of research aimed at understanding why humans should
or should not trust robots, but unfortunately, we know much less about why
robots should or should not trust humans," Herbert Azevedo-Sa, one of the
researchers who carried out the study, told TechXplore. "In truly
collaborative work, however, trust needs to go in both directions. With
this in mind, we wanted to build robots that can interact with and build
trust in humans or in other agents, similarly to a pair of co-workers that
collaborate."'
To trust, or not to trust? That is a key question when a human engages with
a robot and vice-versa. See Francis Fukuyama's "Trust: The Social Virtues
and the Creation of Prosperity." Free Press, 1995. ISBN 0-02-910976-0 for an
exhaustive exploration of what makes trustworthy, cooperative behavior
essential to economic achievement.
No telling what event(s) may tip an organic/robotic relationship into a
foregone, default acceptance favoring the robot. There are clear financial
motives for businesses to promote and attempt to accelerate this
achievement. The tipping point will likely require more than an
anthropomorphic smile, mellifluous voice, or gentle touch.
Laws of robotics (https://en.wikipedia.org/wiki/Laws_of_robotics retrieved
on 30JUN2021) specify noteworthy and meritorious function and behavior.
There are lessons to learn and apply from Amazon.com's warehouse
environment, an algorithmic, heavily robotic ecosystem that measures and
judges organic workers via strict binary objectives. No gray area, no
accounting for "real world," hidden factors that interfere with achievement.
Trust, as humans define and accept it, is unlikely to be equivalence by a
robot and its operating system without a means to computationally specify
and reconcile a near innumerable set and degree of human emotion. Ain't that
so, Spock?
Risk: Non-deterministic outcomes.
------------------------------
Date: Wed, 30 Jun 2021 15:07:52 -0400
From: Eric Sosman <eso...@comcast.net>
Subject: Re: End-to-End Verifiability Key to Future Election Security
In RISKS-32.72 Gabe Goldberg reports on an initiative to strengthen ballot
security with cryptographic methods. He expresses some doubt about the
practicality of such schemes, writing "A high-tech concept will work for
some voters, not for others..."
Indeed, or even Double Indeed! One need look no further than New
York City's week-ago-and-we-still-don't-know mayoral primary to see
that anything "complicated" is well beyond the capabilities of the
people running modern elections. Researchers may invent whiz-bang
tools to make elections secure, but matters will not improve much if
the tools are operated by Larry, Curly, and Moe.
------------------------------
Date: Tue, 29 Jun 2021 23:19:32 +0200
From: DJC <d...@resiak.org>
Subject: Re: Government Chatbots Now a Necessity for States, Cities,
Counties (RISKS-32.62)
> I have never, *not once*, had a useful interaction with a chatbot.
From my experience with (being) technical support in the 1980s, I can
imagine that a chatbot might be able to handle many common queries. Back in
the day, the one question on my part that solved the most problems was "Is
it plugged in / turned on?" A chatbot could have done that, and probably
also resolved the next 10 commonest problems.
Incidentally, most people showed no gratitude for being reminded that their
devices had to be plugged in to work -- indeed they were often furious at
having their inattention so grossly exposed. But my colleague Morris K
figured out an approach to dealing with that:
Okay, first I want you to unplug it / turn it off....
------------------------------
From: "Steven Klein" <ste...@klein.us>
Subject: Re: Apple Says It's Time to Digitize Your ID, Ready or Not
(RISKS-32.72)
Date: Mon, 28 Jun 2021 02:00:38 -0400
Gabe Goldberg raises the concern that:
“If your driver's license is on your phone, you could potentially have to present your fully unlocked device to a law enforcement agent in a transaction like a traffic stop or at airport security.”
Fortunately, that's not how Apple wallet works.
On my iPhone XS, when I double-tap the side button, it displays the cards in my digital wallet, but does *not* unlock my phone.
That cop or TSA agent would be able to view all the cards in my wallet, but not anything else in my phone.
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 32.74
************************
0 new messages