Risks Digest 33.05

45 views
Skip to first unread message

RISKS List Owner

unread,
Feb 9, 2022, 6:16:08 PMFeb 9
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Wednesday 9 January 2022 Volume 33 : Issue 05

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.05>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Tesla recalling 54000 vehicles (The Guardian via paul cornish)
Tesla recalls more than 817,000 vehicles over seat-belt chime issue, which
it will address remotely (WashPost)
Ancient Programming Language Is Way More Common Than We Thought (Tech Radar)
A Fight Over the Right to Repair Cars Turns Ugly (WiReD)
Fiber cut takes out cell service to a large portion of SW Colorado
(ouraynews)
Seattle radio station reportedly transmits bad data, bricks Mazda radios
(Seattle Times)
European Oil Port Terminals Hit by Cyberattack (France 24)
A crypto breakthrough? Western states consider taking digital currency
(Politico)
An inside look at how one person can control a swarm of 130 robots (PopSci)
Security is top to bottom. An example of the need to keep firmware current
(Bleeping Computer)
$325 Million Vanishes From Crypto Platform Wormhole After Apparent Hack
(Gizmodo)
It's Not Just the IRS -- the US Government Wants Your Selfies (WiReD)
IRS abandons ID.me facial recognition plans (WashPost)
The Battle for the World's Most Powerful Cyberweapon (NYTimes)
Twitter says it has quit taking action against lies about the 2020 election
(CNN)
Researchers Achieve 100 Million Quantum Operations (Francisco Pires)
About Elon Musk and tracking of his private jet (:auren Weinstein)
Social media scammers stole at least $770 million in 2021 (Engadget)
Let's make the teen Tesla hack a teachable moment (TechCrunch)
FBI Secretly Bought Israeli Spyware and Explored Hacking U.S. Phones
(NYTimes)
*The New York Times* Buys Wordle (NYTimes)
Microsoft Says Windows May Need up to 8 Hours to Update (Tom's Hardware)
Microsoft Mitigated Record-Breaking 3.47 Tbps DDoS Attack on Azure Customers
(The Hacker News)
Re: U.S. airline officials warn of crisis in aviation with new 5G service
(David Lesher)
Re: When Mind Melds With Machine, Who's in Control? (Lars-Henrik Eriksson)
Re: UK's Telecomm Providers Switching to Digital Phone Lines (Wol)
Re: Manufacturers have less than five days' supply of some computer chips,
Commerce Department says (Stanley Chow, Steve Klein)
Re: Manufacturers have less than five days' supply of some computer
Re: Alexandria VA red light cameras don't follow the law (Jeremy Epstein)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Tue, 1 Feb 2022 08:55:32 -0800
From: Lauren Weinstein <lau...@vortex.com>
Subject: Tesla recalls autos over software that allows them to roll through
stop signs (NPR)

QUESTION: Why did Tesla seemingly knowingly program their vehicles
to operate illegally?

https://www.npr.org/2022/02/01/1077274384/tesla-recalls-autos-over-software-that-allows-them-to-roll-through-stop-signs

The recall shows that Tesla programmed its vehicles to violate the law in
most states, where police will ticket drivers for disregarding stop
signs. The Governors Highway Safety Association, which represents state
highway safety offices, said it is not aware of any states that allow
rolling stops.

------------------------------

Date: Wed, 2 Feb 2022 19:10:13 +0000
From: "paul cornish" <paul.a....@googlemail.com>
Subject: Tesla recalling 54000 vehicles (The Guardian)

Risks are many: Actually developing software that breaks the law. All-way
stop signs, common on North American roads, require drivers to halt
completely, before proceeding. Tesla's software drives the car over the
stop line at 5mph. Misleading pseudo- technical marketing terms e.g., Full
self-driving that isn't. Abusing well-known terms (e.g., that have long
been used in aircraft as meaning just that). But in Tesla it is less
sophisticated than full self-driving. Reliance on members of the public to
do beta testing of sophisticated software with no knowledge of its design,
functionality, failure modes etc. The delay in getting the feature removed.
First discussed 20th Nov will be removed 28th March.

https://www.theguardian.com/technology/2022/feb/01/tesla-recall-full-self-driving-software-stop-signs?CMP=Share_iOSApp_Other

[Lauren Weinstein had this item from NPR:
QUESTION: Why did Tesla seemingly knowingly program their vehicles
to operate illegally?
https://www.npr.org/2022/02/01/1077274384/tesla-recalls-autos-over-software-that-allows-them-to-roll-through-stop-signs
PGN]

------------------------------

Date: Thu, 3 Feb 2022 23:33:34 -0500
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Tesla recalls more than 817,000 vehicles over seat-belt chime
issue, which it will address remotely (WashPost)

Tesla recalls more than 817,000 vehicles over seat-belt chime issue, which
it will address remotely. For Tesla, it's the second recall in a matter of
days after it said it would address the 'rolling stop' issue

https://www.washingtonpost.com/technology/2022/02/03/tesla-recall-seatbelt-chime/

------------------------------

Date: Wed, 9 Feb 2022 11:55:30 -0500 (EST)
From: ACM TechNews <technew...@acm.org>
Subject: Ancient Programming Language Is Way More Common Than We Thought

Joel Khalili, *TechRadar*, 4 Feb 2022,
via ACM TechNews, Wednesday, February 9, 2022

A report by enterprise software provider Micro Focus found that more than
800 billion lines of COBOL code are in daily use worldwide, about three
times more than expected, despite a decline in the number of developers
familiar with the 60-year-old programming language. Moreover, nearly half of
developers surveyed predict an increase in the volume of COBOL used in their
organization in the coming year, while a similar share said they expect
COBOL applications to live on for at least another decade. The report found
that 64% of companies reliant on COBOL prefer to modernize their apps rather
than replace them, while 92% of respondents said COBOL will retain strategic
importance to their business. Said Micro Focus' Ed Airey, "For IT leaders,
supporting core business systems, COBOL application modernization lies at
the heart of digital transformation."

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e009x231452x073060&

[COBOL could be here forever. Thus, Y2K+N problems are likely to recur
for all nonnegative integer values of N. Might RISKS still be around in
perpetuity? All the evidence from the past suggests it would still be
relevant. The year 3000 would certainly deserve a major celebration.

Thinking more in the short term, is there anyone who would like to
consider taking on RISKS when I finally have to give up the ghost? 36.5
years seem to have passed quickly since 1 Aug 1985, but RISKS is still a
labor of love for me (with lots of help from you all), and the volume of
would-be contributions never seems to diminish. PGN]

------------------------------

Date: Thu, 3 Feb 2022 23:37:16 -0500
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: A Fight Over the Right to Repair Cars Turns Ugly (WiReD)

In the wake of a voter-approved law, Subaru and Kia dealers in
Massachusetts have disabled systems that allow remote starts and send
maintenance alerts.

https://www.wired.com/story/fight-right-repair-cars-turns-ugly/

------------------------------

Date: Fri, 28 Jan 2022 17:01:21 -0700
From: William Kucharski <kuch...@gmail.com>
Subject: Fiber cut takes out cell service to a large portion of SW Colorado
(ouraynews)

As we see far too often, a fiber cut often has a disproportionate impact on
communications, in this case taking out not only CenturyLink's service but
also cellular service for providers who use CenturyLink's fiber as a
backhaul.

This points out yet again how easy it is to take out a single link and
disrupt communications across a wide area, whether accidentally or
intentionally.

https://www.ouraynews.com/news/cell-phone-service-disrupted-cut-fiber-line

------------------------------

Date: Wed, 9 Feb 2022 11:11:32 -0800
From: Lauren Weinstein <lau...@vortex.com>
Subject: Seattle radio station reportedly transmits bad data, bricks Mazda
radios (Seattle Times)

https://www.seattletimes.com/seattle-news/thanks-to-a-glitch-some-seattle-mazda-drivers-cant-tune-their-radios-away-from-kuow/

------------------------------

Date: Fri, 4 Feb 2022 12:35:13 -0500 (EST)
From: ACM TechNews <technew...@acm.org>
Subject: European Oil Port Terminals Hit by Cyberattack (France 24)

France 24, 3 Feb 2022 via ACM TechNews, 4 Feb 2022

Major oil terminals at some of Western Europe's biggest ports have been hit
by a cyberattack, as energy prices in Europe soar amid tensions with gas
supplier Russia. In Belgium, authorities are investigating the hacking of
oil facilities in the country's maritime entryways, including Antwerp,
Europe's second biggest port, while German prosecutors are investigating a
cyberattack targeting oil facilities in what was described as a possible
ransomware strike. German newspaper Handelsblatt said an initial report
from German security services identifies the BlackCat ransomware as the tool
used in the cyberattack in Germany. BlackCat emerged in mid-November 2021 as
a software tool that allows hackers to seize control of target
systems. Experts note that BlackCat is programmed in the Russian language.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2df35x231264x073765&

------------------------------

Date: Tue, 1 Feb 2022 08:17:58 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: A crypto breakthrough? Western states consider taking digital
currency (Politico)

Proposals in Wyoming and Arizona to accept tax payments in Bitcoin and other
cryptocurrencies would undermine the dollar's unique status..= .

The dreams of crypto enthusiasts inched closer to reality in recent days as
lawmakers in Wyoming and Arizona put forward proposals that would allow
those states to accept tax payments in the form of digital currencies.

The new proposals, and others like them around the United States, threaten
to erode a key distinction upholding the supremacy of the U.S. dollar over
its would-be digital competitors: Americans can use U.S. dollars, but not
cryptocurrencies, to pay their taxes.

Under the Arizona proposal, the state would recognize the most popular
cryptocurrency, Bitcoin, as legal tender. The Wyoming proposal, which is not
limited to any specific cryptocurrency, would apply only to sales and use
taxes.

Both proposals face potential legal and political hurdles. But Wyoming has
gone further than any other state in passing laws to accommodate
cryptocurrency adoption, and backers of the proposal there believe it will
be the first state to take a significant step in the realm of tax payments.
[...]

https://www.politico.com/news/2022/01/31/crypto-wyoming-arizona-tax-payments-00003910

------------------------------

Date: Sun, 30 Jan 2022 08:33:13 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: An inside look at how one person can control a swarm of 130 robots
(PopSci)

Virtual reality and artificial intelligence helped with the daunting task

Last November, at Fort Campbell, Tennessee, half a mile from the Kentucky
border, a single human directed a swarm of 130 robots. The swarm, including
uncrewed planes, quadcopters, and ground vehicles, scouted the mock
buildings of the Cassidy Range Complex, creating and sharing information
visible not just to the human operator but to other people on the same
network. The exercise was part of DARPA's OFFensive Swarm-Enabled Tactics
(OFFSET) program.

If the experiment can be replicated outside the controlled settings of a
test environment, it suggests that managing swarms in war could be as easy
as point and click for operators in the field.

``The operator of our swarm really was interacting with things as a
collective, not as individuals,'' says Shane Clark, of Raytheon BBN, who wa
the company's main lead for OFFSET. ``We had done the work to establish the
sort of baseline levels of autonomy to really support those many-to-one
interactions in a natural way.''

Piloting even one drone can be so taxing that it’s not rare to see videos of
first-time flights leading immediately to crashes. Getting to the point
where a single human can control more than a hundred drones takes some
skill—and a lot of artificial intelligence.

In total, the swarm operator directed 130 vehicles in the physical world, as
well as 30 simulated drones operating in the virtual environment. These 30
virtual drones were integrated into the swarm's planning and appeared as
indistinguishable from the others in the program to the human operator, and
to the rest of the swarm. As apparitions of pure code, tracked by the swarm
AI, these virtual drones flew in formation with the physical drones, and
maneuvered around as though they really existed in physical space. [...]

https://www.popsci.com/technology/drone-swarm-control-virtual-reality/

------------------------------

Date: Thu, 3 Feb 2022 08:07:49 -0500
From: Bob Gezelter <geze...@rlgsc.com>
Subject: Security is top to bottom. An example of the need to keep
firmware current (Bleeping Computer)

Patching operating systems and applications to remediate vulnerabilities is
commonplace.

Far fewer pay as much attention to maintaining the more firmware responsible
for low-level system hardware maintenance.

Recent generations of processors use implementations of the Extensible
Firmware standard, referred to as EFI, to manage processor hardware at a low
level. BleepingComputer reports that a widely-used implementation of EFI has
a number of exploitable vulnerabilities that can compromise
systems. According to the article, several of the vulnerabilities affect
"power management and hardware control" including secure bootstrap.

The article contains a list of the CVE entries describing the
vulnerabilities.

The full article is at:

https://www.bleepingcomputer.com/news/security/uefi-firmware-vulnerabilities-affect-at-least-25-computer-vendors

------------------------------

Date: Thu, 3 Feb 2022 13:47:01 -0800
From: Lauren Weinstein <lau...@vortex.com>
Subject: $325 Million Vanishes From Crypto Platform Wormhole After Apparent
Hack (Gizmodo)

https://gizmodo.com/crypto-platform-wormhole-loses-325-million-in-apparent-1848470502

------------------------------

Date: Fri, 28 Jan 2022 23:55:07 -0500
From: "Gabe Goldberg" <ga...@gabegold.com>
Subject: It's Not Just the IRS -- the US Government Wants Your Selfies
(WiReD)

A controversial new program that uses facial recognition is part of a
national effort to verify identities and reduce fraud.

In November, the Internal Revenue Service launched an online security system
that uses face recognition to confirm a person's identity. Public attention
to the project last week triggered an outcry. The ACLU called the project
*deeply troubling*, saying face recognition ``has been shown to be less
accurate for people of color.''

Some IRS functions, like scheduling payments but not filing taxes, now
require first-time users to verify their identity with Virginia startup
ID.me, which also works with 27 state employment agencies and the Veterans
Administration. The process involves photographing a government-issued ID
and uploading a video selfie so algorithms can match face and document.
[...]

Goodman says that such programs need to provide offline options such as
visiting a post office for people unable or unwilling to use phone apps or
internet services. Making any digital service universally accessible in a
large and varied nation like the US is a challenge. An agency like the IRS
has to serve a user base similar in scale to that of a large tech company,
but unlike a hot startup must also include society's least connected. Usable
security is really, really hard, government's track record on digital
inclusion is mixed. ID.me says it has 650 locations where people can
complete enrollment in person in a big country.
https://www.wired.com/story/irs-us-government-wants-selfies/

This process was like playing Simon Says with an evil/demented robot. For
starters, there's no initial list of steps to take and what will be
required. So it was multiple iterations finding what was necessary. Then
facial recognition didn't like initial images I uploaded. And it took
several identical attempts to get improved images recognized, which it did,
after a while. None of this gives me faith in its reliability/scalability.

------------------------------

Date: Tue, 8 Feb 2022 11:24:53 PST
From: Peter Neumann <neu...@csl.sri.com>
Subject: IRS abandons ID.me facial recognition plans (WashPost)

The GSA is now rejecting facial recognition for login.gov:
https://www.washingtonpost.com/technology/2022/02/07/irs-gsa-id-facial-reco=
gntion/

[TNX to Jeremy Epstein for this encouraging item. PGN]

------------------------------

Date: Fri, 28 Jan 2022 17:59:14 -0500
From: "Jan Wolitzky" <jan.wo...@gmail.com>
Subject: The Battle for the World's Most Powerful Cyberweapon (NYTimes)

A *New York Times* investigation reveals how Israel reaped diplomatic gains
around the world from NSO's Pegasus spyware -- a tool America itself
purchased but is now trying to ban.

https://www.nytimes.com/2022/01/28/magazine/nso-group-israel-spyware.html

------------------------------

Date: Sat, 29 Jan 2022 10:50:21 -0800
From: Lauren Weinstein <lau...@vortex.com>
Subject: Twitter says it has quit taking action against lies about the 2020
election (CNN)

Twitter says it has quit taking action against lies about the 2020 election

https://www.cnn.com/2022/01/28/politics/twitter-lies-2020-election/index.html

------------------------------

Date: Wed, 9 Feb 2022 11:55:30 -0500 (EST)
From: ACM TechNews <technew...@acm.org>
Subject: Researchers Achieve 100 Million Quantum Operations
(Francisco Pires)

Francisco Pires, Tom's Hardware, 4 Feb 2022,
via ACM TechNews, Wednesday, February 9, 2022

Researchers at the U.S. Department of Energy's Argonne National Laboratory
and the University of Chicago (UChicago) have realized 100 million quantum
operations, hailed as a key step toward achieving quantum supremacy. The
team added single electrons to quantum bits (qubits) with laser
pulses. "[The] emitted light reflects the absence or presence of the
electron, and with almost 10,000 times more signal," said UChicago's Elena
Glen. "By converting our fragile quantum state into stable electronic
charges, we can measure our state much, much more easily. With this signal
boost, we can get a reliable answer every time we check what state the qubit
is in." The single-shot readout method deletes all previously loaded errors,
enabling coherent quantum states to "perpetuate" themselves.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e009x231451x073060&

------------------------------

Date: Sun, 30 Jan 2022 16:03:11 -0800
From: Lauren Weinstein <lau...@vortex.com>
Subject: About Elon Musk and tracking of his private jet
You may have seen stories over the last few days about Elon Musk supposedly
offering a teenager on Twitter $5K to stop sending out tracking info
regarding his private jet (apparently not the only aircraft he tracks). Last
I heard, the $5K was rejected, Musk hadn't responded to a counter offer of
$50K or other possibilities.

The thing about this is that it's a battle Musk is almost certain to
lose. The data involved is ADS-B aircraft transmissions that are easily
received with the proper (relatively inexpensive) equipment.

The FAA recently established a voluntary program for the "masking" of actual
plane ID data from ADS-B. The program involves substituting a "temporary" ID
that doesn't map to any publicly available registration data, and could be
changed no more frequently than once every 60 days (ultimately to be once
every 20 days).

The flaw in this plan is obvious. Once an aircraft has been identified
through some other means (such as knowing when someone leaves a specific
airport and noting where they are headed or land based on the kind of
information typically available regarding many public figures), that
"temporary" ID can then be used (until it is changed) for tracking pretty
much just as easily as the unmasked ID. And there are Internet sites where
enthusiasts openly trade this information.

So even if Musk got this particular person to stop tweeting the location
of his jet, it is extremely likely that another person (or persons) would
take up where the original tweeter left off.

------------------------------

Date: Thu, 27 Jan 2022 18:15:20 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Social media scammers stole at least $770 million in 2021 (Engadget)

https://www.engadget.com/ftc-social-media-scammers-stole-770-million-in-2021-210022922.html

------------------------------

Date: Thu, 27 Jan 2022 18:18:20 -0500
From: Monty Solomon <mo...@roscom.com>
Subject: Let's make the teen Tesla hack a teachable moment (TechCrunch)

https://techcrunch.com/2022/01/27/lets-make-the-teen-tesla-hack-a-teachable-moment/

------------------------------

Date: Fri, 28 Jan 2022 18:00:13 -0500
From: Jan Wolitzky <jan.wo...@gmail.com>
Subject: FBI Secretly Bought Israeli Spyware and Explored Hacking U.S.
Phones (NYTimes)

Israel used the NSO Group's software as a tool of diplomacy. The FBI wanted
it for domestic surveillance. Then everything soured. Here are highlights of
a (New York Times* Magazine investigation.

https://www.nytimes.com/2022/01/28/world/middleeast/israel-pegasus-spyware.html

------------------------------

Date: Mon, 31 Jan 2022 19:37:39 -0500
From: "Jan Wolitzky" <jan.wo...@gmail.com>
Subject: *The New York Times* Buys Wordle (NYTimes)

The sudden hit Wordle, in which once a day players get six chances to guess
a five-letter word, has been acquired by The New York Times Company.

The purchase, announced by The Times on Monday, reflects the growing
importance of games, like crosswords and Spelling Bee, in the company's
quest to increase digital subscriptions to 10 million by 2025.

Wordle was acquired from its creator, Josh Wardle, a software engineer in
Brooklyn, for a price in the low seven figures, the company said the game
would initially remain free to new and existing players.

https://www.nytimes.com/2022/01/31/business/media/new-york-times-wordle.html

Not sure that this represents a Risk to the Public, per se, unless one
considers the tens of millions of lost productive person-hours spent on the
game. But the HTML underlying the phenomenon is so trivial -- it really is
just a single static page of HTML -- that it has already attracted malicious
hackers (see, e.g., "A bot tried to ruin Wordle by posting the next day's
answer. Twitter suspended the account".
https://www.washingtonpost.com/technology/2022/01/25/twitter-suspends-wordle-ruining-bot/

Putting Wordle behind a paywall will only increase the incentive to
develop malware.

------------------------------

Date: Tue, 1 Feb 2022 16:37:41 PST
From: Lauren Weinstein <lau...@vortex.com>
Subject: Microsoft Says Windows May Need up to 8 Hours to Update
(Tom's Hardware)

https://www.tomshardware.com/news/windows-update-needs-eight-hours

Meanwhile, Chromebooks seem to update in about 5 minutes or so for me. -L

------------------------------


Date: Sun, 30 Jan 2022 12:18:58 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: Microsoft Mitigated Record-Breaking 3.47 Tbps DDoS Attack on Azure
Customers (The Hacker News)

Microsoft this week revealed that it had fended off a record number of
distributed denial-of-service (DDoS) attacks aimed at its customers in 2021,
three of which surpassed 2.4 terabit per second (Tbps).

One of the DDoS attacks took place in November, targeting an unnamed Azure
customer in Asia and lasted a total of 15 minutes. It hit a peak throughput
of 3.47 Tbps and a packet rate of 340 million packets per second (pps),
making it the largest attack ever reported in history.

"This was a distributed attack originating from approximately 10,000 sources
and from multiple countries across the globe, including the United States,
China, South Korea, Russia, Thailand, India, Vietnam, Iran, Indonesia, and
Taiwan," Alethea Toh, product manager of Azure Networking, said
<https://azure.microsoft.com/en-us/blog/azure-ddos-protection-2021-q3-and-q4-ddos-attack-trends/>

DDoS attacks occur when several compromised devices are employed as a
conduit to overwhelm a targeted server, service, or network with a flood of
Internet traffic with the goal of overloading the systems and disrupting its
regular services. [...]

https://thehackernews.com/2022/01/microsoft-mitigated-record-breaking-347.html

------------------------------

Date: Wed, 2 Feb 2022 10:09:19 -0500
From: David Lesher <wb8...@panix.com>
Subject: Re: U.S. airline officials warn of crisis in aviation with new 5G
service (Cornish, RISKS-33.04)

I'm concerned by what's not being {explicitly} said by the parties engaged
in this Musical Chairs of Blame.

>From what I've been reading, but not seeing discussed:

A) It's not just for landings.
Air carriers have systems that use radar altimeters during flight, such
as TAWS (Terrain Avoidance and Warning System). It and related systems
try to prevent flights into what is commonly called "granite cumulus"
such as TWA Flight 514 did in 1974. (The more formal term is CFIT:
Controlled Flight Into Terrain.)

B) "Just fix/change the altimeters..."
Not only is that not that not easy; a sharp filter may well need added
space, add loss to the system, and change the inherent delay, but also
these kind of changes would have to meet a FAA TSO spec, and that has not
yet been written.

Someone I chatted with who dealt with a parallel C-band co-channel issue on
satellite downlinks saw/used a 7'-long waveguide filter, but that takes
space and it added loss of 1.3 dB; neither desirable when in an aircraft
seeking a reflected bounce of very low levels.

I can hazard a guess if the cellco's want this to go away soon, once and for
all, *they* could just swap out all the iffy domestic radar altimeters for
new ones that would fulfill the obviously upcoming TSO. That is maybe
cheaper & faster than years of lobbying and legislation. And if there is a
crash even suspected of being 5G related...

C) What about the phones?
I know nil of the down and dirty details for 5G protocols, but what
happens when an on-board, but not in airplane mode, phone hears a C-band
tower signal and answers back? That's not the power level of a ground
cellsite, but it's far far closer to the altimeter's receiver.

D) IFR helicopters
They use radar altimeters everywhere, not just on defined approach paths
to large airports. A prime example are Medivac flights. Some are IFR rated
but even the ones not may well have/use a RA.

In conclusion I see:

Two agencies, both gutted by indifferent/hostile Congresses, lacking their
technical expertise of decades past, rushing to a political 'answer.'

Intense political/economic pressure to make this issue Just Go Away NOW.

But in aviation:
Haste Makes Graves.

------------------------------

Date: Fri, 28 Jan 2022 16:54:25 +0100
From: "Lars-Henrik Eriksson" <l...@it.uu.se>
Subject: Re: When Mind Melds With Machine, Who's in Control? (WiReD) notsp
(RISKS-33.04)

> In the Air France 447 and Boeing 737 Max crashes, the autonomous systems
> got confused by faulty sensor information and the pilots couldn't recover

This is correct for the 737 Max crashes, but not for AF447. The sensor
failure did not cause the "autonomous systems" to do anything except turn
themselves off. The problem was rather with the design of the human-computer
interface which gave confusing information to the pilots. If the pilots had
done literally nothing when the autopilot disconnected, except applying the
very basic airmanship of maintaining aircraft attitude, the accident would
not have happened.

------------------------------

Date: Fri, 28 Jan 2022 08:14:36 +0000
From: "Wols Lists" <antl...@youngman.org.uk>
Subject: Re: UK's Telecomm Providers Switching to Digital Phone Lines
(Cornish, RISKS-32.04)

Many households already have VOIP -- a lot of them are cable, and most
new-builds no longer get POTS, so we have quite a lot of experience over
here.

Likewise, DECT is pretty much standard already. The problem is, all the
phones you see in the shops are DECT-1 (analog line), and BT don't tell you
your new phones are DECT-2 (VOIP). The switch is EASY PEASY so long as they
don't leave you floundering for information!

Oh - and to make it clear exactly what is happening, the national
rollout is FTTC - "Fibre to the Cabinet" (for people who don't know what
that means, there are street boxes serving maybe 100 houses, that's the
cabinet. Unless you choose, and pay, it'll still be copper from there
into your house. So the phone connection in your house won't change at
all unless, like us, you are too close to the exchange to have a cabinet.)
n
BUT: As somebody who has already been told "we are switching you over"
>
> The consequences include:
>
> 1. Householders having to re-arrange their domestic phone systems -- to
> establish a connection to their router. Or replace their handsets with a
> Digital Voice compatible one.

That's pretty easy. Your old router plugged in to your phone socket. So
unless they've wired your new cable router somewhere completely
different from your phone line, you unplug your landline from the POTS
socket, and plug it in to the router (or if you don't have broadband,
the alternative box they provide).

> 2. However, BT Digital Voice appears to only work with the routers (Smart
> Hub 2) they provide!

This is (like with DECT-2) probably just lack of information - I don't
know, I can't find any information!
>
> 3. BT state that if consumers have a monitored alarm that's connected to
> their landline (like a health pendant or monitored burglar alarm) they'll
> need to speak to their alarm provider before moving to Digital Voice.
> Apparently these systems will stop working.
>
> 4. Oh and if there's a power cut or your broadband fails, you'll be unable
> to make calls using Digital Voice, including calls to 999

No 3 is a direct consequence of No 4. Burglars used to cut phone lines -
which is why modern alarms mostly use mobile SIMs nowadays - so that's a new
manifestation of an old problem. Health alarms will just have to move too.

> > 5. Some areas have no broadband services / or they fail often

You forget - some areas NEED broadband as backup for a poor mobile service!

(The whole point of this manoeuvre is to provide a modern, reliable
broadband service. It won't fail (much) and will be available everywhere
POTS currently is.)

> Risks: very limited news / announcements about the programme, issues over
> requiring householders to change their equipment / undertake technical
> re-configuration with limited / little support. Elderly / vulnerable
> residents a risk.

6. Short dialling no longer works. You have to use the long STD code every
time. More of a nuisance than anything else, but again it's the
elderly/vulnerable that are hardest hit.

We fall into the elderly/vulnerable category, and the biggest problem
was the lack of information and unexpected side effects. I think it took
us two or three months to realise what was going on, during which time
people ringing us had a lot of difficulty making contact. And we didn't
have a clue anything was wrong ...

------------------------------

Date: Tue, 1 Feb 2022 15:39:06 -0500
From: Stanley Chow <stanle...@pobox.com>
Subject: Re: Manufacturers have less than five days' supply of some computer
chips, Commerce Department says (WashPost)

This is a rather gratuitous attack on the telecoms. In no way was this a
technical problem or a commercial problem.

All other countries had no problems with the rollout, only the US botched
it.

I looked up the technical reports from Canada, Japan, US. All the reports
were completed in plenty of time. Japan did bench experiments as did US. All
other countries proceeded to issue guidelines - don't be too close to glide
path, don't point antenna up. For some reason, US FAA/FTC did nothing after
the technical committee report.

Some say but the US frequency is closer:

* Altimeters are 4200-4400 MHz (World wide, no other users)
* Japan 5G is 3600 - 4200 MHz , 4400 - 4900 MHz; touch the Altimeter
spectrum on both ends
* US 5G is 3100 - 3550 MHz, 3700 - 4200 MHz ; touching on the lower end

If Japan can roll it out, it's hard to see how US has a harder problem.

------------------------------

Date: Fri, 28 Jan 2022 09:39:02 -0500
From: "Steve Klein" <ste...@klein.us>
Subject: Re: Manufacturers have less than five days' supply of some computer
chips, Commerce Department says (WashPost)

... From the cited article:

A covid outbreak, a storm, a natural disaster, political instability,
problem with equipment -- really anything that disrupts a [chip-making]
facility anywhere in the world, ``we will feel the ramifications here in the
United States of America,'' Commerce Secretary Gina Raimondo said. ``A covid
outbreak in Malaysia has the potential to shut down a manufacturing facility
in America.''

American semiconductor plants are not magically immune from covid outbreaks,
storms, natural disasters, and problems with equipment. There might be a
good reasons for the U.S. government to give highly profitable companies $52
billion in taxpayer subsidies, but it such a reason exists, the Commerce
Secretary is keeping it to herself.

------------------------------

Date: Thu, 3 Feb 2022 16:47:02 -0500
From: "Jeremy Epstein" <jeremy.j...@gmail.com>
Subject: Re: Alexandria VA red light cameras don't follow the law

Alexandria VA (suburb of Washington DC) is refunding nearly 5000 tickets /
$200K in fines because of an error in the software: the problem was that the
software didn't account for a half-econd grace period (after the light turns
red) written in the law. The company that operates the cameras found it --
although I wonder how many other cameras have this problem (or similar
problems) but there's no accountability.

My recollection is that these automated tickets aren't reported to insurance
companies and don't incur points, so it (shouldn't) have increased anyone's
rates or caused anyone to lose insurance.

https://wtop.com/alexandria/2022/02/alexandria-issuing-thousands-of-refunds-after-red-light-camera-programming-error/

[Incidentally, the Virginia law is explicit on this, so it's not a matter
of whether the software designer came up with the rule: "All traffic light
signal violation monitoring systems shall provide a minimum 0.5-second
grace period between the time the signal turns red and the time the first
violation is recorded."
https://law.lis.virginia.gov/vacode/title15.2/chapter9/section15.2-968.1/
]

------------------------------

Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks

=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!

=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 33.05
************************

Reply all
Reply to author
Forward
0 new messages