info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
Risks Digest 32.69
30 views
Skip to first unread message
RISKS List Owner
May 30, 2021, 8:08:39 PM5/30/21
to ri...@csl.sri.com
RISKS-LIST: Risks-Forum Digest Sunday 30 May 2021 Volume 32 : Issue 69
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.69>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
U.S. nuclear weapon secrets revealed in cloud flash-card apps (Bellingcat)
U.S. nuclear weapon bunker security secrets spill from online (The Register
via Tom Van Vleck)
Surviving an in-flight anomaly: what happened on Ingenuity's sixth flight
(NASA)
"Rule of 48" redux concerning airborne spread of pathogens, a reminder with
wide applicability to all research (WiReD)
A Never-Before-Seen Wiper Malware Is Hitting Israeli Targets (WiReD)
Secret Chats Show How Cybergang Became a Ransomware Powerhouse (NYTimes)
Why GitHub Refuses to Provide Key Evidence to a Man on Death Row (Gizmodo)
Several Organizations Protest Facebook, Sign Public Complaints Against
Platform (Broadband Breakfast)
An FTC Lawsuit Says Frontier Lied About Internet Speeds (WiReD)
Scatalogical appliances (Medicalxpress.com)
A new replication crisis: Research that is less likely to be true is cited
more (phys.org)
"Hobbit" house renamed due to lawsuit threat (Rob Slade)
Florida governor signs law to block *deplatforming* of Florida politicians
(The Verge)
D.C. Attorney General Karl A. Racine brings antitrust lawsuit against Amazon
(The Washington Post)
Microsoft Tips Generational Update for Windows 10 (PCMag)
NFTs and tokenization: How crypto could help regular people become
real-estate tycoons (Fortune)
Security of the IMPs (Bernie Cosell)
SolarWinds hackers are back with a new mass campaign, Microsoft says
(NYTimes)
Canada Post says 950,000 customers exposed in data breach (CBC)
A New Line of Attack that Evades Spectre Defenses (WiReD)
As Congress Dithers, States Step In to Set Rules for the Internet (NYTimes)
Colonial Pipeline accused of negligence in proposed class action
(Bloomberg Law)
Truth, Lies, and Automation (Georgetown)
That Salesforce outage: Global DNS downfall started by one engineer trying a
quick fix (The Register)
For First Time, Microsoft Integrating GPT-3 Into Its Software (EnterpriseAI)
Caltech Prof Helps Solve Hindenburg Disaster (NOVA via Henry Baker)
Re: Just 12 People Are Behind Most Vaccine Hoaxes On Social Media
(Toebs Douglass)
Sharing lock-picking information on RISKS (Jay Libove)
NoScript is immoral? (Martin Ward)
Re: freemium for all, was A mom panicked (John Levine)
June 2021 CACM Inside Risks column and video (David Roman)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Sat, 29 May 2021 15:04:54 -0700
From: Rob Wilcox <robwi...@gmail.com>
Subject: U.S. nuclear weapon secrets revealed in cloud flash-card apps
(Bellingcat)
Flash cards are a common memorization tool. They can be simply written on
pieces of paper and easily be carried for use in spare moments.
Military personnel in Europe used public flash-card apps to memorize exact
locations, previously secret, and the precise security details to keep
those nuclear weapons from unintended use.
The data uncovered by reporters spanned 2013 to the present. When NATO was
asked to comment, the data was taken down. Let's hope the archives too!
There is a good argument that human foibles make us unsuitable for tools
too powerful.
Full report via the Bellingcat investigative journalist group at
https://www.bellingcat.com/news/2021/05/28/us-soldiers-expose-nuclear-weapons-secrets-via-flashcard-apps/
------------------------------
Date: Sat, 29 May 2021 10:39:55 -0400
From: Tom Van Vleck <th...@multicians.org>
Subject: U.S. nuclear weapon bunker security secrets spill from online
flashcards since 2013 (The Register)
https://www.theregister.com/2021/05/28/flashcards_military_nuclear/
Seems like this problem is the result of people not understanding simple
consequences. Either they didn't know some facts, or they didn't draw
logical conclusions.
Some things the missile workers should have been told:
- Phones and servers holding classified data must be approved for storing such data.
- Your cellphone is not secure. the flashcard servers are not secure.
- Even if it says 'secure' on the box, that doesn't make it secure.
The Three Questions apply.
- Have we made this error anywhere else?
- If we make a simple fix, what problem will we encounter next?
- How can we make this kind of problem impossible?
ACM SIGSOFT Software Engineering Notes, vol 14 no 5 July 1989, pp 62-63
(https://multicians.org/thvv/threeq.html, has cartoon also)
------------------------------
Date: Sat, 29 May 2021 10:57:31 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Surviving an in-flight anomaly: what happened on Ingenuity's sixth flight
(NASA)
https://mars.nasa.gov/technology/helicopter/status/305/surviving-an-in-flight-anomaly-what-happened-on-ingenuitys-sixth-flight/
------------------------------
Date: Sat, 29 May 2021 07:54:01 -0400
From: Bob Gezelter <geze...@rlgsc.com>
Subject: "Rule of 48" redux concerning airborne spread of pathogens, a
reminder with wide applicability to all research
The "Rule of 48" mentioned in Michael Crichton's "Andromeda Strain" is a
more general phenomenon affecting all fields of research. The "Rule of 48"
refers to a 1936 citation reporting the number of human chromosomes as
48. Decades later, the original microscope photographs were examined, and
the count was confirmed as 46.
Wired published "The 60-Year-Old Scientific Screwup That Helped Covid Kill",
describing recent research into the airborne spread of virus particles,
including SARS-CoV-2/COVID-19. The article documents how a questionable
number became embedded in the medical and public health communities.
An interesting read, applicable to many areas other than medicine and public
health.
https://www.wired.com/story/the-teeny-tiny-scientific-screwup-that-helped-covid-kill/
------------------------------
Date: Fri, 28 May 2021 14:52:24 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: A Never-Before-Seen Wiper Malware Is Hitting Israeli Targets (WiReD)
The malicious code, which masquerades as ransomware, appears to come from a
hacking group with ties to Iran.
https://www.wired.com/story/never-before-seen-wiper-malware-hitting-israeli-targets/
------------------------------
Date: Sun, 30 May 2021 13:43:34 -0600
From: "Matthew Kruk" <mkr...@gmail.com>
Subject: Secret Chats Show How Cybergang Became a Ransomware Powerhouse
(NYTimes)
https://www.nytimes.com/2021/05/29/world/europe/ransomware-russia-darkside.html
As the ransomware industry exploded, a Russian-speaking outfit called
DarkSide offered would-be computer crooks not just the tools, but also
customer support. We got an inside look.
------------------------------
Date: Fri, 28 May 2021 14:26:28 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Why GitHub Refuses to Provide Key Evidence to a Man on Death Row
(Gizmodo)
As a result of the law enforcement exception, Facebook alone honors hundreds
of thousands of government requests for user data annually -- roughly
296,000 in 2020. Meanwhile, social media companies have spent years fending
off defendants' court-approved subpoenas, even when they're aware that the
consequence could be a death sentence. In 2019, a Superior Court judge who
approved one such subpoena in a murder trial excoriated the companies.
Facebook and Twitter appear to be misusing their immense resources to
manipulate the judicial system in a manner that deprives two indigent young
men facing life sentences of their constitutional right to defend themselves
at trial, Judge Charles Crompton wrote. Facebook and Twitter have made it
clear that they are unwilling to alter their behavior, regardless of the
harm to others -- or the rulings of this court.'' Crompton found them in
contempt of court for disobeying a lawful order, and the companies simply
ate the maximum $1,000 fines, a penalty that was likely cheaper than paying
their lawyers to do another hour of work.
If the Supreme Court decides to hear the case and rules in Colone's favor,
it could stand to not only potentially save Colone's life but spare
countless underprivileged people years of unjust incarceration.
https://gizmodo.com/a-death-row-inmate-has-waited-years-for-github-to-provi-1846976389
------------------------------
Date: Thu, 27 May 2021 15:17:17 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Several Organizations Protest Facebook, Sign Public Complaints
Against Platform (Broadband Breakfast)
Organizations signed a formal list of 70 public complaints against the
social media giant.
May 26, 2021 -- ``Representatives from a coalition of organizations gathered
outside Facebook's lobbying headquarters in Washington, D.C. Tuesday to
protest the company's alleged abuse of the American people and announce a
formal list of 70 public complaints against the social media platform.
Robert Weissman, president of the consumer rights advocacy group and think
tank Public Citizen, accused Facebook of political indifference and
subverting democracy, saying ``the American people and people of the world
will no longer tolerate Facebook's abuses. This is a company out of
control. It is literally out of the control of our democracy.''
The organizations present hold Facebook responsible for the alleged
spreading of misinformation that influences elections, limiting users'
access to competing ideas, and wielding unjust amounts of political power.
With the support of the agreeing organizations present, Weissman expressed a
lack of confidence in Facebook's ability to manage itself, claiming its
leaders had given up control to algorithms the company leaders didn't
understand. They called on the government to regulate the industry, break up
the company, and hold its executives legally accountable for the damages
done against the world.
https://broadbandbreakfast.com/2021/05/several-organizations-protest-facebook-sign-public-complaints-against-platform/
------------------------------
Date: Sun, 23 May 2021 14:56:55 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: An FTC Lawsuit Says Frontier Lied About Internet Speeds (WiReD)
https://www.wired.com/story/ftc-lawsuit-says-frontier-lied-about-internet-speeds/
I'm shocked that an ISP would lie about such an important matter.
------------------------------
Date: Mon, 24 May 2021 10:24:03 +0800
From: Richard Stein <rms...@ieee.org>
Subject: Scatalogical appliances (Medicalxpress.com)
https://medicalxpress.com/news/2021-05-smart-toilet-stool-health-problems.html
"An artificial intelligence tool under development at Duke University can be
added to the standard toilet to help analyze patients' stool and give
gastroenterologists the information they need to provide appropriate
treatment, according to research that was selected for presentation at
Digestive Disease Week (DDW) 2021. The new technology could assist in
managing chronic gastrointestinal issues such as inflammatory bowel disease
(IBD) and irritable bowel syndrome (IBS)."
This gizmo uses images to decide. Would an olfactory cross-reference elevate
diagnostic efficacy?
Risk: False negative/positive detection
[Don't be bow(e)led over by this item. It's just another questionable
application for the Internet-of-Stinks. Risks? just more potential
disruptive features of improperly protected online access. PGN]
------------------------------
Date: Mon, 24 May 2021 10:32:58 +0800
From: Richard Stein <rms...@ieee.org>
Subject: A new replication crisis: Research that is less likely to be true
is cited more (phys.org)
https://phys.org/news/2021-05-replication-crisis-true-cited.html
Non-reproducible publications that are not retracted can be weaponized via
social media, and are used to promote falsehoods that jeopardize public
health and promote incivility.
"The influence of an inaccurate paper published in a prestigious journal can
have repercussions for decades. For example, the study Andrew Wakefield
published in The Lancet in 1998 turned tens of thousands of parents around
the world against the measles, mumps and rubella vaccine because of an
implied link between vaccinations and autism. The incorrect findings were
retracted by The Lancet 12 years later, but the claims that autism is linked
to vaccines continue."
------------------------------
Date: Mon, 24 May 2021 12:13:11 -0700
From: Rob Slade <rsl...@gmail.com>
Subject: "Hobbit" house renamed due to lawsuit threat (Rob Slade)
Well, I thought Disney was the "Gold Standard" in terms of threatening
lawsuits over any possible trademark infringement, but Warner Brothers seems
to be trying to make their mark in the field.
Warner Brothers, distributor of the Hobbit movie franchise, has threatened
a lawsuit over the "Hobbit Mountain Hole" house. the owner, not interested
in lawsuits, has renamed it the "Second Breakfast Hideaway."
https://vancouversun.com/news/local-news/b-c-hobbit-house-renamed-after-threat-of-lawsuit-from-warner-bros
A couple of points: I wonder if Warner is going to go after over the "second
breakfast" reference.
Also, wouldn't it be the Tolkien estate that would have the real rights to
"Hobbit" references? (Actually, you could probably defend the use of the
term "hobbit" on the basis of prior art: the word was in use before Tolkien
wrote about it ...)
------------------------------
Date: Mon, 24 May 2021 19:20:13 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Florida governor signs law to block *deplatforming* of Florida
politicians (The Verge)
Skeptics say the law is *clearly unconstitutional*
https://www.theverge.com/2021/5/24/22451425/florida-social-media-moderation-facebook-twitter-deplatforming
Good luck with that. Maybe deplatform Florida entirely. Or provide a list
setting I've long wished for "Set bozo mode" for a subscriber, so bozo sees
own posts, thinks they're broadcasting, but nobody else does.
------------------------------
Date: Wed, 26 May 2021 01:11:13 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: D.C. Attorney General Karl A. Racine brings antitrust lawsuit
against Amazon (The Washington Post)
D.C. Attorney General Karl A. Racine on Tuesday brought an antitrust
complaint against Amazon, alleging that the e-commerce giant wields monopoly
power that has resulted in higher prices for consumers.
https://www.washingtonpost.com/technology/2021/05/25/dc-ag-antitrust/
Shocking.
------------------------------
Date: Wed, 26 May 2021 19:33:39 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Microsoft Tips Generational Update for Windows 10 (PCMag)
At Build, Microsoft CEO Satya Nadella calls the update the 'next generation
of Windows,' and promises to share more details soon.
During his keynote at Tuesday's Build developer conference, CEO Satya
Nadella teased that major changes are in store for the operating system.
``Soon we will share one of the most significant updates to Windows of the
past decade to unlock greater economic opportunity for developers and
creators. I've been self-hosting it over the past several months, and I'm
incredibly excited about the next generation of Windows.'' [...]
Nadella didn't reveal much else, except to tease that the updated OS will
benefit software developers everywhere. ``Our promise to you is this: we
will create more opportunity for every Windows developer today and welcome
every creator who is looking for the most innovative, new, open platform to
build and distribute and monetize applications. We look forward to sharing
more very soon,'' Nadella said.
The comment might be connected to how Redmond is reportedly developing a new
version of the Microsoft App Store for Windows 10. According to Windows
Central, the company is refreshing the store with a new interface while also
relaxing the rules on how developers can publish apps on the platform. This
includes giving developers the option to use any third-party payment
solution to charge customers.
https://www.pcmag.com/news/microsoft-tips-generational-update-for-windows-10
This is supposed to be good news? As it's aimed to benefit developers? And
inflicted on everyone?
------------------------------
Date: Thu, 27 May 2021 15:48:00 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: NFTs and tokenization: How crypto could help regular people become
real-estate tycoons (Fortune)
By using technologies online from the cryptocurrency world, like tokens and
blockchains, regular people could participate in real estate transactions
that are too unwieldy in the analog world.
For example, a hot new idea is using NFTs, or non-fungible tokens -- digital
certificates that convey exclusive rights to something. Although NFTs are
just starting to be applied to real estate, supporters say they will become
standard in the industry.
https://fortune.com/2021/05/20/real-estate-crypto-nfts-what-is-an-nft-tokenization-non-fungible-token-houses/
------------------------------
Date: Fri, 21 May 2021 22:02:15 -0400
From: "Bernie Cosell" <cos...@alum.mit.edu>
Subject: Security of the IMPs
A colleague recently asked me how the teletype stuff worked in the old
ARPAnet IMP.
[Tech short answer: it used a two-layer co-routine. tricky and a bit
obscure but small and fast]. How it works was that there were two fake
[i.e., internal] hosts in the IMP: one for the tty and one for a simple
DDT-like debugger. when the first two IMPs were installed [UCLA & SRI],
while the host systems were working on their hardware and software,, the
IMP-guys there had the communication- lines up and working right away and
knew it was OK because they connected their TTYs to each other and could
what-we'd-call-today "DM" each other, so we knew the message machinery,
line machinery, routing machinery worked.. and we were just waiting for
the hosts to send an external-host-to-external-host message [the TTY and
DDT used the *exact* same host machinery/software so we were pretty sure
the IMP stuff was OK]
And I was horrified what a huge risk that machinery was. I realized [for
the first time in 50+ years] how poorly designed that functionality was. In
particular , since the DDT used the normal host machinery, ANY host on the
network could send commands and probes to ANY IMP [indeed we did that from
the NCC on IMP 5 to manage the IMPs]. BUT: ANY host. no protections. At
the time, for example, I believe that the MIT ITS system allowed just anyone
to [anonymously] access the ARPAnet. All it would've taken is ONE hacker
knowing what I knew [damn.. and had implemented] to cause utter chaos
[untraceably!!!] on the ARPAnet. E.g., could could every now and then tweak
the routing table, or tell an IMP to restart or disable some functionality.
In musing about this I was thinking that many of our current woes are due to
the fact that ARPAnet was built with not a single thought to security [I can
attest our primary/only concern was , really, that it *work*]. that then
oozed into the host protocols and so we are, to this day, have to deal with
things like SNMP which should have been hardened, if not scrapped, before
the network was let loose out from ARPA's thumb. I wonder how the
ARPAnet/Internet might have been different if we'd thought about security
and making the protocols robust right from the start.
------------------------------
Date: Sat, 29 May 2021 01:44:05 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: SolarWinds hackers are back with a new mass campaign, Microsoft says
(NYTimes)
Russia Appears to Carry Out Hack Through System Used by U.S. Aid
Agency https://www.nytimes.com/2021/05/28/us/politics/russia-hack-usaid.html
SolarWinds hackers are back with a new mass campaign, Microsoft says
https://arstechnica.com/gadgets/2021/05/microsoft-says-solarwinds-hackers-targeted-us-agencies-in-a-new-campaign/
------------------------------
Date: Thu, 27 May 2021 20:06:45 -0600
From: "Matthew Kruk" <mkr...@gmail.com>
Subject: Canada Post says 950,000 customers exposed in data breach (CBC)
https://www.cbc.ca/news/business/canada-post-breach-1.6042602
Canada's national mail carrier says a malware attack on one of its suppliers
has impacted 44 of its biggest corporate customers across the country, and
potentially up to nearly one million people.
Canada Post said in a statement Wednesday that one of its suppliers,
Commport Communications, had its systems compromised in a cyberattack.
------------------------------
Date: Sat, 29 May 2021 07:51:04 -0400
From: Bob Gezelter <geze...@rlgsc.com>
Subject: A New Line of Attack that Evades Spectre Defenses (WiReD)
The "Rule of 48" mentioned in Michael Crichton's "Andromeda Strain" is a
more general phenomenon affecting all fields of research. The "Rule of 48"
refers to a 1936 citation reporting the number of human chromosomes as
48. Decades later, the original microscope photographs were examined, and
the count was confirmed as 46.
WiReD published "The 60-Year-Old Scientific Screwup That Helped Covid Kill",
describing recent research into the airborne spread of virus particles,
including SARS-CoV-2/COVID-19. The article documents how a questionable
number became embedded in the medical and public health communities.
An interesting read, applicable to many areas other than medicine and public
health.
https://www.wired.com/story/the-teeny-tiny-scientific-screwup-that-helped-covid-kill/
------------------------------
Date: Sat, 29 May 2021 01:44:08 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: As Congress Dithers, States Step In to Set Rules for the Internet
(NYTimes)
As Congress Dithers, States Step In to Set Rules for the Internet
Virginia, Florida, Arkansas and Maryland are among dozens of states that have introduced bills to curtail the power of Amazon, Google, Facebook and Twitter.
https://www.nytimes.com/2021/05/14/technology/state-privacy-internet-laws.html
------------------------------
Date: Sat, 22 May 2021 10:55:50 +0800
From: Richard Stein <rms...@ieee.org>
Subject: Colonial Pipeline accused of negligence in proposed class action
(Bloomberg Law)
https://news.bloomberglaw.com/tech-and-telecom-law/colonial-pipeline-accused-of-negligence-in-proposed-class-action
Schadenfreude emerges when inspecting CP's "General Terms & Conditions:
https://colonialoilindustries.com/2018/wp-content/uploads/gtc.pdf
See the last phrase beginning with "except to the extent proximately caused
by..."
"12. Indemnification. To the extent permitted by applicable law, Buyer
agrees to indemnify, defend, hold harmless and reimburse Colonial for,
from and/or against all claims, suits, judgments, costs, expenses, damages
and/or liabilities of any nature or kind, including reasonable attorney's
fees and costs, brought against or suffered, incurred or sustained by
Colonial and arising or resulting in any way from (a) Buyer's breach of
this Agreement or (b) any acts, omissions, events, occurrences, spills,
releases, noncompliance with laws, rules or regulations, strict liability,
explosions, fires or accidents of, involving, concerning or relating in
any way to the product (whether relating to handling, storage, transfer,
shipping, release or use thereof or otherwise) and which occur, take place
or relate to any time after the time title passes to Buyer hereunder,
except to the extent proximately caused by Colonial's negligent or willful
wrongful acts."
CP was advised a few years in advance about deficient internet defenses;
they apparently did not invest to correct these deficiencies. The business
operations platforms -- sales and inventory, customer profiling, etc -- were
consequently assaulted. The US East Coast commuting population experienced
significant inconvenience.
Every for-profit shop with an internet footprint invokes indemnification to
shield against lawsuits. Indemnification enables corporations to operate --
sell products, collect, and exploit sales data -- with commercial impunity.
When the corporate brand is threatened by strategic operational mistake -- a
failure proactively mitigate auspicious infosec weaknesses -- there's almost
no legal cover.
Expect a monetary settlement, a "non-admission of corporate guilt
statement," and a deferred prosecution agreement that waives employee
imprisonment subject to CP's promise to prevent recurrence.
I'll wait for my free gasoline voucher.
------------------------------
Date: Sat, 22 May 2021 08:36:00 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: IS: Truth, Lies, and Automation
*How Language Models Could Change Disinformation*
Growing popular and industry interest in high-performing natural language
generation models has led to concerns that such models could be used to
generate automated disinformation at scale. This report examines the
capabilities of GPT-3--a cutting-edge AI system that writes text--to analyze
its potential misuse for disinformation. A model like GPT-3 may be able to
help disinformation actors substantially reduce the work necessary to write
disinformation while expanding its reach and potentially also its
effectiveness.
For millennia, disinformation campaigns have been fundamentally human
endeavors. Their perpetrators mix truth and lies in potent combinations
that aim to sow discord, create doubt, and provoke destructive action. The
most famous disinformation campaign of the twenty-first century -- the
Russian effort to interfere in the U.S. presidential election -- relied on
hundreds of people working together to widen preexisting fissures in
American society.
Since its inception, writing has also been a fundamentally human endeavor.
No more. In 2020, the company OpenAI unveiled GPT-3, a powerful artificial
intelligence system that generates text based on a prompt from human
operators. The system, which uses a vast neural network, a powerful machine
learning algorithm, and upwards of a trillion words of human writing for
guidance, is remarkable. Among other achievements, it has drafted an op-ed
that was commissioned by The Guardian, written news stories that a majority
of readers thought were written by humans, and devised new internet memes.
In light of this breakthrough, we consider a simple but important question:
can automation generate content for disinformation campaigns? If GPT-3 can
write seemingly credible news stories, perhaps it can write compelling fake
news stories; if it can draft op-eds, perhaps it can draft misleading
tweets. [...]
https://cset.georgetown.edu/publication/truth-lies-and-automation/
------------------------------
Date: Sat, 22 May 2021 07:56:04 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: That Salesforce outage: Global DNS downfall started by one engineer
trying a quick fix (The Register)
Operational procedures should make this sort of error impossible for
one person to do. So it's never just one person's fault. -L
https://www.theregister.com/2021/05/19/salesforce_root_cause/
------------------------------
Date: Wed, 26 May 2021 01:01:22 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: For First Time, Microsoft Integrating GPT-3 Into Its Software
(EnterpriseAI)
MICROSOFT BUILD 2021 -- Eight months after licensing the GPT-3 natural
language AI model from OpenAI last September, Microsoft is integrating the
language generator into its Microsoft Power Apps software to make it easier
for enterprise workers to build no-code applications. [...]
Once GPT-3 is integrated with Microsoft Power Apps, non-technical employees
will be able to build a no-code Power Apps application by entering
conversational language and then have it automatically transformed into the
needed code using GPT-3, according to Microsoft.
https://www.enterpriseai.news/2021/05/25/for-first-time-microsoft-integrating-gpt-3-into-its-software/
Taking the old joke about, "Write your program in FORTRAN or write a story
about your program in COBOL" to new levels of storytelling. Funny,
announcement doesn't describe how non-technical employees will debug or
enhance their stories.
------------------------------
Date: Sat, 29 May 2021 08:02:01 -0700
From: Henry Baker <hba...@pipeline.com>
Subject: Caltech Prof Helps Solve Hindenburg Disaster (NOVA)
I just watched the PBS NOVA program in which a Caltech professor provides
experimental evidence of how the Hindenburg Zeppelin burned and crashed in
1937 -- a NTSB-like investigation 84 years in the making.
As a trained electrical engineer, I agree with the conclusions, but the PBS
story excessively convoluted the relatively simple argument.
Here's my version on one slide:
* Hydrogen had been leaking from the tail section for some time -- enough so
that it was almost impossible to 'trim' the zeppelin so that the tail
wouldn't touch the ground first.
* The skin and the frame of the zeppelin were electrically insulated from
one another, so that they formed a giant capacitor (called a 'condenser'
in 1937); every capacitor has a 'break down' voltage at which it 'shorts
out' -- sometimes in a spectacular fashion.
* During the zeppelin flight, both 'plates' (skin, frame) of this capacitor
acquired a large charge relative to the ground, but with no voltage drop
between them.
* When the landing ropes were dropped, the charge from the frame leaked down
the somewhat wet ropes to the ground over a 4-minute period determined by
the 'RC time constant', where R=rope resistance and C=skin/frame
capacitance.
* The charge on the skin 'plate' remained, however, and thus the voltage
drop between the skin and the frame increased until the breakdown voltage
limit was reached, at which point numerous sparks all over the skin led to
hydrogen ignition near the tail.
History's Mysteries: Caltech Professor Helps Solve Hindenburg Disaster
Emily Velasco, 17 May 2021
https://www.caltech.edu/about/news/historys-mysteries-caltech-professor-helps-solve-hindenburg-disaster
[Very long item omitted for RISKS. However, it is worth reading in its
entirety, PGN]
------------------------------
Date: Sat, 22 May 2021 18:44:18 +0200
From: Toebs Douglass <ri...@winterflaw.net>
Subject: Re: Just 12 People Are Behind Most Vaccine Hoaxes On Social Media,
Research Shows (RISKS-32.68)
The NPR article begins with this statement;
"Researchers have found just 12 people are responsible for the bulk of the
misleading claims and outright lies about COVID-19 vaccines that proliferate
on Facebook, Instagram and Twitter."
The NPR article explains nothing; it has an early paragraph stating a claim,
and a link to a PDF which is the basis for that claim, and then the rest of
the article goes on about how harmful this all is.
Reading the PDF, I'm finding it rather difficult to pick out what was
actually done, and so what is actually claimed. What I'm come up with is
this;
The investigators examined 10 private and 20 public anti-vaccine groups on
Facebook, over a period of six weeks, and from this selected 483 pieces of
anti-vaccine content which they considered representative (no basis for
selection was given). They found over Facebook as a whole, these 483 pieces
of anti-vaccine content had been posted or shared about 690,000 times, and
that of these posts, 73% were of content which came from a group of twelve
individuals.
I don't think it's stated how many of the 483 pieces of anti-vaccine content
actually came from these twelve individuals. Obviously, if say 90% of them
came from those twelve individuals, then selection bias at that point will
strongly influence the later findings.
Also, it seems to me that the number 690,000 is a very low number of posts
for all of Facebook for six weeks on such a topical matter. Given how few
posts there are, I would also like to know how many of those posts were in
fact part of those 30 anti-vaccine groups.
In any event, generalizing from this to the entirety to Facebook, Instagram
and Twitter is wholly improper.
(Indeed, in the PDF, Instagram is in fact not investigated at all. It is
mentioned as being a platform these individuals use, but the content was not
examined - only Facebook and Twitter.)
I think the large majority of the PDF is emotive activism to censorship,
including an actual and fairly lengthy profile of each of the accused, with
a small and I have to say I found rather confusingly presented, and rather
unexplained (too many "we choose as representative") part being the
investigation that was performed.
There may be something in this, but taken as it is, right now, this seems to
me to be a means to an end - indeed, not entirely unlike the very
disinformation it seeks to discredit in others. The origin is the "Center
for Countering Digital Hate", so we can imagine they're coming at this from
a particular point of view.
------------------------------
Date: Sat, 22 May 2021 05:01:55 +0000
From: Jay Libove <lib...@felines.org>
Subject: Sharing lock-picking information on RISKS
[was: Re: A mom panicked when her 4-year-old bought $2,600 in SpongeBob,
Popsicles (RISKS-32.65)]
Interesting note by PGN, and interesting comment be Bernie. My eyes barely
twitched when I read the original post which described how to bypass the
Washington Post paywall. (I just open WaPo articles in an
InPrivate/Incognito browser and re-accept the cookie and "You have three
free articles left" notice).
Should we share information about how to pick locks? I'm pretty sure we do
that. Every day, in announcing vulnerabilities and the devilishly clever
technology steps taken to exploit them. And, even better, in a timeless
SciFi way, by theorizing from where a next class of such vulnerabilities
will come, and how they may be used (for good and ill).
Of course, there's a responsible way to do that (and in my decades reading
RISKS the posts here have always fallen on the responsible side; thank you,
moderators).
What constitutes responsible disclosure of "Site <X>'s paywall can be
bypassed?"
For that matter, what constitutes *ethics* in such a situation?
I'm a paying subscriber to at least four major news publications across
three countries on two continents, and on all of them I *still* have to
repeatedly deal with cookie (re-)notices, to re-log in too frequently
(despite the "remember me" box having been ticked), and to suffer a raft of
other repetitive, intrusive technology and user experience design failures.
Where is the ethos that says that, especially for the paying customer, site
<X> has to do a good enough job to avoid repeatedly interfering with my paid
use of their product, and stop wasting my time?
Two wrongs don't make a right (Despite that sometimes three lefts do ...),
but, NOT talking about the-secret-that-everyone-knows which isn't even so
much a symptom of "I don't want to pay for it"-it is but really "it's broken
and everyone knows it but why won't anyone actually fix it" .. is that even
unethical, in fact? Or is it a needed prod to fix these services?
With all that background, plus of course the broad availability of browser
plugins, etc, meant explicitly to bypass paywalls, cookie banners, etc, I
didn't see any reason why RISKS shouldn't allow such an item to be posted,
and I'm unsurprised that the moderators didn't get much feedback about it.
Bernie, I'm glad you raised it, because I think that a *risk* that maybe we
haven't discussed enough in recent years is the aggregated societal cost in
wasted time and increased stress from poor user experience caused by a
combination of incompetence, excessive intent to continue selling (even to
those who have already bought), and failures to understand/ excessive(?)
fear of regulatory action provoking excessive "security" and "compliance"
friction in daily Internet use.
[This is a very useful response. I do not endorse schemes to get around
paywalls. For many years, I have tried to invoke fair use and *not* to
not run pay-walled items without seriously abridging them or PGN-ed-ing
them into my own words, and encouraging interested readers to dig out the
originals as appropriate. In running the original item, I was hoping to
trigger some constructive discussion that is respectful of paywalls but
also warning that we are increasingly living in a world where almost
everything is becoming monetized. I am delighted with the responses from
both Bernie and Jay. PGN]
------------------------------
Date: Sat, 22 May 2021 12:09:13 +0100
From: Martin Ward <mar...@gkc.org.uk>
Subject: NoScript is immoral? (Re: RISKS-32.69)
I have been running NoScript to block all Javascript by default on all but a
few websites for many years and have been reading the occasional article
from the Washington Post for many years. I would not have even *known* about
their javascript block if I hadn't run the experiment of turning off
NoScript on the web site. Note that the Post hands out and displays the
complete article, along with some javascript that waits a few moments, and
then covers up the article with a request for a subscription. If the
javascript is not executed, then the article is not covered up. For all I
know, there may be dozens of other web sites that do the same!
A real world analogy: The Washington Post says, "I have an article about
XYZ, would you like to read it?", You reply "OK, I'll have a look at it".
*The Washington Post* hands you the article and you start reading. Then *The
Washington Post* hands you a piece of cardboard and says "Please cover the
article I just gave you with this cardboard". You ask "Why?" and WP answers
"So that I can ask you to pay me money to take the cardboard away
again". You say "How about I just decide *not* to cover the article with the
cardboard and carry on reading?". "THIEF!!!" Except in my case, I didn't
even *hear* the request to cover the article with the card. Am I still a
thief?
Is it really morally wrong to choose *not* to execute by default every piece
of code that is handed to you by any web site that you decide to visit?
------------------------------
Date: 21 May 2021 21:50:31 -0400
From: "John Levine" <jo...@iecc.com>
Subject: Re: freemium for all, was A mom panicked
It appears that Bernie Cosell <cos...@alum.mit.edu> said:
>How handy! We needed a forum on how to "share" things that we ought to pay
>for. Next fun activity on RISKS -- how to get ATMs to spit out money.
>
>NB: I don't mean to start a fight but I don't think that kind of "help" is
>appropriate for RISKS.
For anyone familiar with the way that the web works, it should be obvious
that freemium sites that let you view a few articles and then ask you to pay
use a browser cookie to keep the article count. If you set your browser not
to accept cookies from a site, there is no counter and in most cases you can
see all the articles you want. A few sites are pickier and check to see if
you're doing that, but mostly they don't bother, on the reasonable
assumption that anyone trying that hard to bypass the paywall is unlikely
ever to pay, and the harder they try to block freeloaders, the more likely
they'll also accidentally block legit users.
Those of us from the previous millennium remember software on copy protected
floppy disks, same idea to allow some kinds of use typical of paying
customers but not other kinds typical of non-payors. The software industry
eventually stopped doing that, because the copy protection annoyed the legit
users, and the people who might be deterred by copy protection were unlikely
to turn into paying customers. There was even a plausible argument that a
certain amount of copying led to more sales as people with illicit copies
found they liked the software enough to pay for documentation (there were
these paper things called "manuals") and support (using a now-forgotten kind
of telephone that you couldn't lose because it was attached to the wall with
a wire.)
As I've noted before, newspaper reporters like to eat, and subscriptions are
a big part of how they do that. So if you tweak your browser to bypass the
paywall, that has nothing to do with "freedom". You're just being cheap.
PS: Next rant: why I don't waste a lot of time chasing down pirate PDFs of
my books. But when people write and say your book is expensive, send me a
PDF for free, sorry, no, that's what libraries are for.
------------------------------
Date: Mon, 24 May 2021 20:16:00 +0000
From: David Roman <ro...@hq.acm.org>
Subject: June 2021 CACM Inside Risks column and video
"The Risks of Election Believability (or Lack Thereof)," the Inside Risks
column in the June 2021 Communications of the ACM (CACM), and its related
video, by Rebecca T. Mercuri and Peter G. Neumann, have been published
online at
https://cacm.acm.org/magazines/2021/6/252836-the-risks-of-election-believability-or-lack-thereof/fulltext.
The video alone is at https://vimeo.com/552504677.
[David's ACM URLs are likely to be behind the ACM paywall. The article
is also up on the Inside Risks website at
http://www.csl.sri.com/neumann/insiderisks251.pdf
PGN]
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 32.69
************************
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.69>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
U.S. nuclear weapon secrets revealed in cloud flash-card apps (Bellingcat)
U.S. nuclear weapon bunker security secrets spill from online (The Register
via Tom Van Vleck)
Surviving an in-flight anomaly: what happened on Ingenuity's sixth flight
(NASA)
"Rule of 48" redux concerning airborne spread of pathogens, a reminder with
wide applicability to all research (WiReD)
A Never-Before-Seen Wiper Malware Is Hitting Israeli Targets (WiReD)
Secret Chats Show How Cybergang Became a Ransomware Powerhouse (NYTimes)
Why GitHub Refuses to Provide Key Evidence to a Man on Death Row (Gizmodo)
Several Organizations Protest Facebook, Sign Public Complaints Against
Platform (Broadband Breakfast)
An FTC Lawsuit Says Frontier Lied About Internet Speeds (WiReD)
Scatalogical appliances (Medicalxpress.com)
A new replication crisis: Research that is less likely to be true is cited
more (phys.org)
"Hobbit" house renamed due to lawsuit threat (Rob Slade)
Florida governor signs law to block *deplatforming* of Florida politicians
(The Verge)
D.C. Attorney General Karl A. Racine brings antitrust lawsuit against Amazon
(The Washington Post)
Microsoft Tips Generational Update for Windows 10 (PCMag)
NFTs and tokenization: How crypto could help regular people become
real-estate tycoons (Fortune)
Security of the IMPs (Bernie Cosell)
SolarWinds hackers are back with a new mass campaign, Microsoft says
(NYTimes)
Canada Post says 950,000 customers exposed in data breach (CBC)
A New Line of Attack that Evades Spectre Defenses (WiReD)
As Congress Dithers, States Step In to Set Rules for the Internet (NYTimes)
Colonial Pipeline accused of negligence in proposed class action
(Bloomberg Law)
Truth, Lies, and Automation (Georgetown)
That Salesforce outage: Global DNS downfall started by one engineer trying a
quick fix (The Register)
For First Time, Microsoft Integrating GPT-3 Into Its Software (EnterpriseAI)
Caltech Prof Helps Solve Hindenburg Disaster (NOVA via Henry Baker)
Re: Just 12 People Are Behind Most Vaccine Hoaxes On Social Media
(Toebs Douglass)
Sharing lock-picking information on RISKS (Jay Libove)
NoScript is immoral? (Martin Ward)
Re: freemium for all, was A mom panicked (John Levine)
June 2021 CACM Inside Risks column and video (David Roman)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Sat, 29 May 2021 15:04:54 -0700
From: Rob Wilcox <robwi...@gmail.com>
Subject: U.S. nuclear weapon secrets revealed in cloud flash-card apps
(Bellingcat)
Flash cards are a common memorization tool. They can be simply written on
pieces of paper and easily be carried for use in spare moments.
Military personnel in Europe used public flash-card apps to memorize exact
locations, previously secret, and the precise security details to keep
those nuclear weapons from unintended use.
The data uncovered by reporters spanned 2013 to the present. When NATO was
asked to comment, the data was taken down. Let's hope the archives too!
There is a good argument that human foibles make us unsuitable for tools
too powerful.
Full report via the Bellingcat investigative journalist group at
https://www.bellingcat.com/news/2021/05/28/us-soldiers-expose-nuclear-weapons-secrets-via-flashcard-apps/
------------------------------
Date: Sat, 29 May 2021 10:39:55 -0400
From: Tom Van Vleck <th...@multicians.org>
Subject: U.S. nuclear weapon bunker security secrets spill from online
flashcards since 2013 (The Register)
https://www.theregister.com/2021/05/28/flashcards_military_nuclear/
Seems like this problem is the result of people not understanding simple
consequences. Either they didn't know some facts, or they didn't draw
logical conclusions.
Some things the missile workers should have been told:
- Phones and servers holding classified data must be approved for storing such data.
- Your cellphone is not secure. the flashcard servers are not secure.
- Even if it says 'secure' on the box, that doesn't make it secure.
The Three Questions apply.
- Have we made this error anywhere else?
- If we make a simple fix, what problem will we encounter next?
- How can we make this kind of problem impossible?
ACM SIGSOFT Software Engineering Notes, vol 14 no 5 July 1989, pp 62-63
(https://multicians.org/thvv/threeq.html, has cartoon also)
------------------------------
Date: Sat, 29 May 2021 10:57:31 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: Surviving an in-flight anomaly: what happened on Ingenuity's sixth flight
(NASA)
https://mars.nasa.gov/technology/helicopter/status/305/surviving-an-in-flight-anomaly-what-happened-on-ingenuitys-sixth-flight/
------------------------------
Date: Sat, 29 May 2021 07:54:01 -0400
From: Bob Gezelter <geze...@rlgsc.com>
Subject: "Rule of 48" redux concerning airborne spread of pathogens, a
reminder with wide applicability to all research
The "Rule of 48" mentioned in Michael Crichton's "Andromeda Strain" is a
more general phenomenon affecting all fields of research. The "Rule of 48"
refers to a 1936 citation reporting the number of human chromosomes as
48. Decades later, the original microscope photographs were examined, and
the count was confirmed as 46.
Wired published "The 60-Year-Old Scientific Screwup That Helped Covid Kill",
describing recent research into the airborne spread of virus particles,
including SARS-CoV-2/COVID-19. The article documents how a questionable
number became embedded in the medical and public health communities.
An interesting read, applicable to many areas other than medicine and public
health.
https://www.wired.com/story/the-teeny-tiny-scientific-screwup-that-helped-covid-kill/
------------------------------
Date: Fri, 28 May 2021 14:52:24 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: A Never-Before-Seen Wiper Malware Is Hitting Israeli Targets (WiReD)
The malicious code, which masquerades as ransomware, appears to come from a
hacking group with ties to Iran.
https://www.wired.com/story/never-before-seen-wiper-malware-hitting-israeli-targets/
------------------------------
Date: Sun, 30 May 2021 13:43:34 -0600
From: "Matthew Kruk" <mkr...@gmail.com>
Subject: Secret Chats Show How Cybergang Became a Ransomware Powerhouse
(NYTimes)
https://www.nytimes.com/2021/05/29/world/europe/ransomware-russia-darkside.html
As the ransomware industry exploded, a Russian-speaking outfit called
DarkSide offered would-be computer crooks not just the tools, but also
customer support. We got an inside look.
------------------------------
Date: Fri, 28 May 2021 14:26:28 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Why GitHub Refuses to Provide Key Evidence to a Man on Death Row
(Gizmodo)
As a result of the law enforcement exception, Facebook alone honors hundreds
of thousands of government requests for user data annually -- roughly
296,000 in 2020. Meanwhile, social media companies have spent years fending
off defendants' court-approved subpoenas, even when they're aware that the
consequence could be a death sentence. In 2019, a Superior Court judge who
approved one such subpoena in a murder trial excoriated the companies.
Facebook and Twitter appear to be misusing their immense resources to
manipulate the judicial system in a manner that deprives two indigent young
men facing life sentences of their constitutional right to defend themselves
at trial, Judge Charles Crompton wrote. Facebook and Twitter have made it
clear that they are unwilling to alter their behavior, regardless of the
harm to others -- or the rulings of this court.'' Crompton found them in
contempt of court for disobeying a lawful order, and the companies simply
ate the maximum $1,000 fines, a penalty that was likely cheaper than paying
their lawyers to do another hour of work.
If the Supreme Court decides to hear the case and rules in Colone's favor,
it could stand to not only potentially save Colone's life but spare
countless underprivileged people years of unjust incarceration.
https://gizmodo.com/a-death-row-inmate-has-waited-years-for-github-to-provi-1846976389
------------------------------
Date: Thu, 27 May 2021 15:17:17 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Several Organizations Protest Facebook, Sign Public Complaints
Against Platform (Broadband Breakfast)
Organizations signed a formal list of 70 public complaints against the
social media giant.
May 26, 2021 -- ``Representatives from a coalition of organizations gathered
outside Facebook's lobbying headquarters in Washington, D.C. Tuesday to
protest the company's alleged abuse of the American people and announce a
formal list of 70 public complaints against the social media platform.
Robert Weissman, president of the consumer rights advocacy group and think
tank Public Citizen, accused Facebook of political indifference and
subverting democracy, saying ``the American people and people of the world
will no longer tolerate Facebook's abuses. This is a company out of
control. It is literally out of the control of our democracy.''
The organizations present hold Facebook responsible for the alleged
spreading of misinformation that influences elections, limiting users'
access to competing ideas, and wielding unjust amounts of political power.
With the support of the agreeing organizations present, Weissman expressed a
lack of confidence in Facebook's ability to manage itself, claiming its
leaders had given up control to algorithms the company leaders didn't
understand. They called on the government to regulate the industry, break up
the company, and hold its executives legally accountable for the damages
done against the world.
https://broadbandbreakfast.com/2021/05/several-organizations-protest-facebook-sign-public-complaints-against-platform/
------------------------------
Date: Sun, 23 May 2021 14:56:55 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: An FTC Lawsuit Says Frontier Lied About Internet Speeds (WiReD)
https://www.wired.com/story/ftc-lawsuit-says-frontier-lied-about-internet-speeds/
I'm shocked that an ISP would lie about such an important matter.
------------------------------
Date: Mon, 24 May 2021 10:24:03 +0800
From: Richard Stein <rms...@ieee.org>
Subject: Scatalogical appliances (Medicalxpress.com)
https://medicalxpress.com/news/2021-05-smart-toilet-stool-health-problems.html
"An artificial intelligence tool under development at Duke University can be
added to the standard toilet to help analyze patients' stool and give
gastroenterologists the information they need to provide appropriate
treatment, according to research that was selected for presentation at
Digestive Disease Week (DDW) 2021. The new technology could assist in
managing chronic gastrointestinal issues such as inflammatory bowel disease
(IBD) and irritable bowel syndrome (IBS)."
This gizmo uses images to decide. Would an olfactory cross-reference elevate
diagnostic efficacy?
Risk: False negative/positive detection
[Don't be bow(e)led over by this item. It's just another questionable
application for the Internet-of-Stinks. Risks? just more potential
disruptive features of improperly protected online access. PGN]
------------------------------
Date: Mon, 24 May 2021 10:32:58 +0800
From: Richard Stein <rms...@ieee.org>
Subject: A new replication crisis: Research that is less likely to be true
is cited more (phys.org)
https://phys.org/news/2021-05-replication-crisis-true-cited.html
Non-reproducible publications that are not retracted can be weaponized via
social media, and are used to promote falsehoods that jeopardize public
health and promote incivility.
"The influence of an inaccurate paper published in a prestigious journal can
have repercussions for decades. For example, the study Andrew Wakefield
published in The Lancet in 1998 turned tens of thousands of parents around
the world against the measles, mumps and rubella vaccine because of an
implied link between vaccinations and autism. The incorrect findings were
retracted by The Lancet 12 years later, but the claims that autism is linked
to vaccines continue."
------------------------------
Date: Mon, 24 May 2021 12:13:11 -0700
From: Rob Slade <rsl...@gmail.com>
Subject: "Hobbit" house renamed due to lawsuit threat (Rob Slade)
Well, I thought Disney was the "Gold Standard" in terms of threatening
lawsuits over any possible trademark infringement, but Warner Brothers seems
to be trying to make their mark in the field.
Warner Brothers, distributor of the Hobbit movie franchise, has threatened
a lawsuit over the "Hobbit Mountain Hole" house. the owner, not interested
in lawsuits, has renamed it the "Second Breakfast Hideaway."
https://vancouversun.com/news/local-news/b-c-hobbit-house-renamed-after-threat-of-lawsuit-from-warner-bros
A couple of points: I wonder if Warner is going to go after over the "second
breakfast" reference.
Also, wouldn't it be the Tolkien estate that would have the real rights to
"Hobbit" references? (Actually, you could probably defend the use of the
term "hobbit" on the basis of prior art: the word was in use before Tolkien
wrote about it ...)
------------------------------
Date: Mon, 24 May 2021 19:20:13 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Florida governor signs law to block *deplatforming* of Florida
politicians (The Verge)
Skeptics say the law is *clearly unconstitutional*
https://www.theverge.com/2021/5/24/22451425/florida-social-media-moderation-facebook-twitter-deplatforming
Good luck with that. Maybe deplatform Florida entirely. Or provide a list
setting I've long wished for "Set bozo mode" for a subscriber, so bozo sees
own posts, thinks they're broadcasting, but nobody else does.
------------------------------
Date: Wed, 26 May 2021 01:11:13 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: D.C. Attorney General Karl A. Racine brings antitrust lawsuit
against Amazon (The Washington Post)
D.C. Attorney General Karl A. Racine on Tuesday brought an antitrust
complaint against Amazon, alleging that the e-commerce giant wields monopoly
power that has resulted in higher prices for consumers.
https://www.washingtonpost.com/technology/2021/05/25/dc-ag-antitrust/
Shocking.
------------------------------
Date: Wed, 26 May 2021 19:33:39 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: Microsoft Tips Generational Update for Windows 10 (PCMag)
At Build, Microsoft CEO Satya Nadella calls the update the 'next generation
of Windows,' and promises to share more details soon.
During his keynote at Tuesday's Build developer conference, CEO Satya
Nadella teased that major changes are in store for the operating system.
``Soon we will share one of the most significant updates to Windows of the
past decade to unlock greater economic opportunity for developers and
creators. I've been self-hosting it over the past several months, and I'm
incredibly excited about the next generation of Windows.'' [...]
Nadella didn't reveal much else, except to tease that the updated OS will
benefit software developers everywhere. ``Our promise to you is this: we
will create more opportunity for every Windows developer today and welcome
every creator who is looking for the most innovative, new, open platform to
build and distribute and monetize applications. We look forward to sharing
more very soon,'' Nadella said.
The comment might be connected to how Redmond is reportedly developing a new
version of the Microsoft App Store for Windows 10. According to Windows
Central, the company is refreshing the store with a new interface while also
relaxing the rules on how developers can publish apps on the platform. This
includes giving developers the option to use any third-party payment
solution to charge customers.
https://www.pcmag.com/news/microsoft-tips-generational-update-for-windows-10
This is supposed to be good news? As it's aimed to benefit developers? And
inflicted on everyone?
------------------------------
Date: Thu, 27 May 2021 15:48:00 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: NFTs and tokenization: How crypto could help regular people become
real-estate tycoons (Fortune)
By using technologies online from the cryptocurrency world, like tokens and
blockchains, regular people could participate in real estate transactions
that are too unwieldy in the analog world.
For example, a hot new idea is using NFTs, or non-fungible tokens -- digital
certificates that convey exclusive rights to something. Although NFTs are
just starting to be applied to real estate, supporters say they will become
standard in the industry.
https://fortune.com/2021/05/20/real-estate-crypto-nfts-what-is-an-nft-tokenization-non-fungible-token-houses/
------------------------------
Date: Fri, 21 May 2021 22:02:15 -0400
From: "Bernie Cosell" <cos...@alum.mit.edu>
Subject: Security of the IMPs
A colleague recently asked me how the teletype stuff worked in the old
ARPAnet IMP.
[Tech short answer: it used a two-layer co-routine. tricky and a bit
obscure but small and fast]. How it works was that there were two fake
[i.e., internal] hosts in the IMP: one for the tty and one for a simple
DDT-like debugger. when the first two IMPs were installed [UCLA & SRI],
while the host systems were working on their hardware and software,, the
IMP-guys there had the communication- lines up and working right away and
knew it was OK because they connected their TTYs to each other and could
what-we'd-call-today "DM" each other, so we knew the message machinery,
line machinery, routing machinery worked.. and we were just waiting for
the hosts to send an external-host-to-external-host message [the TTY and
DDT used the *exact* same host machinery/software so we were pretty sure
the IMP stuff was OK]
And I was horrified what a huge risk that machinery was. I realized [for
the first time in 50+ years] how poorly designed that functionality was. In
particular , since the DDT used the normal host machinery, ANY host on the
network could send commands and probes to ANY IMP [indeed we did that from
the NCC on IMP 5 to manage the IMPs]. BUT: ANY host. no protections. At
the time, for example, I believe that the MIT ITS system allowed just anyone
to [anonymously] access the ARPAnet. All it would've taken is ONE hacker
knowing what I knew [damn.. and had implemented] to cause utter chaos
[untraceably!!!] on the ARPAnet. E.g., could could every now and then tweak
the routing table, or tell an IMP to restart or disable some functionality.
In musing about this I was thinking that many of our current woes are due to
the fact that ARPAnet was built with not a single thought to security [I can
attest our primary/only concern was , really, that it *work*]. that then
oozed into the host protocols and so we are, to this day, have to deal with
things like SNMP which should have been hardened, if not scrapped, before
the network was let loose out from ARPA's thumb. I wonder how the
ARPAnet/Internet might have been different if we'd thought about security
and making the protocols robust right from the start.
------------------------------
Date: Sat, 29 May 2021 01:44:05 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: SolarWinds hackers are back with a new mass campaign, Microsoft says
(NYTimes)
Russia Appears to Carry Out Hack Through System Used by U.S. Aid
Agency https://www.nytimes.com/2021/05/28/us/politics/russia-hack-usaid.html
SolarWinds hackers are back with a new mass campaign, Microsoft says
https://arstechnica.com/gadgets/2021/05/microsoft-says-solarwinds-hackers-targeted-us-agencies-in-a-new-campaign/
------------------------------
Date: Thu, 27 May 2021 20:06:45 -0600
From: "Matthew Kruk" <mkr...@gmail.com>
Subject: Canada Post says 950,000 customers exposed in data breach (CBC)
https://www.cbc.ca/news/business/canada-post-breach-1.6042602
Canada's national mail carrier says a malware attack on one of its suppliers
has impacted 44 of its biggest corporate customers across the country, and
potentially up to nearly one million people.
Canada Post said in a statement Wednesday that one of its suppliers,
Commport Communications, had its systems compromised in a cyberattack.
------------------------------
Date: Sat, 29 May 2021 07:51:04 -0400
From: Bob Gezelter <geze...@rlgsc.com>
Subject: A New Line of Attack that Evades Spectre Defenses (WiReD)
The "Rule of 48" mentioned in Michael Crichton's "Andromeda Strain" is a
more general phenomenon affecting all fields of research. The "Rule of 48"
refers to a 1936 citation reporting the number of human chromosomes as
48. Decades later, the original microscope photographs were examined, and
the count was confirmed as 46.
WiReD published "The 60-Year-Old Scientific Screwup That Helped Covid Kill",
describing recent research into the airborne spread of virus particles,
including SARS-CoV-2/COVID-19. The article documents how a questionable
number became embedded in the medical and public health communities.
An interesting read, applicable to many areas other than medicine and public
health.
https://www.wired.com/story/the-teeny-tiny-scientific-screwup-that-helped-covid-kill/
------------------------------
Date: Sat, 29 May 2021 01:44:08 -0400
From: Monty Solomon <mo...@roscom.com>
Subject: As Congress Dithers, States Step In to Set Rules for the Internet
(NYTimes)
As Congress Dithers, States Step In to Set Rules for the Internet
Virginia, Florida, Arkansas and Maryland are among dozens of states that have introduced bills to curtail the power of Amazon, Google, Facebook and Twitter.
https://www.nytimes.com/2021/05/14/technology/state-privacy-internet-laws.html
------------------------------
Date: Sat, 22 May 2021 10:55:50 +0800
From: Richard Stein <rms...@ieee.org>
Subject: Colonial Pipeline accused of negligence in proposed class action
(Bloomberg Law)
https://news.bloomberglaw.com/tech-and-telecom-law/colonial-pipeline-accused-of-negligence-in-proposed-class-action
Schadenfreude emerges when inspecting CP's "General Terms & Conditions:
https://colonialoilindustries.com/2018/wp-content/uploads/gtc.pdf
See the last phrase beginning with "except to the extent proximately caused
by..."
"12. Indemnification. To the extent permitted by applicable law, Buyer
agrees to indemnify, defend, hold harmless and reimburse Colonial for,
from and/or against all claims, suits, judgments, costs, expenses, damages
and/or liabilities of any nature or kind, including reasonable attorney's
fees and costs, brought against or suffered, incurred or sustained by
Colonial and arising or resulting in any way from (a) Buyer's breach of
this Agreement or (b) any acts, omissions, events, occurrences, spills,
releases, noncompliance with laws, rules or regulations, strict liability,
explosions, fires or accidents of, involving, concerning or relating in
any way to the product (whether relating to handling, storage, transfer,
shipping, release or use thereof or otherwise) and which occur, take place
or relate to any time after the time title passes to Buyer hereunder,
except to the extent proximately caused by Colonial's negligent or willful
wrongful acts."
CP was advised a few years in advance about deficient internet defenses;
they apparently did not invest to correct these deficiencies. The business
operations platforms -- sales and inventory, customer profiling, etc -- were
consequently assaulted. The US East Coast commuting population experienced
significant inconvenience.
Every for-profit shop with an internet footprint invokes indemnification to
shield against lawsuits. Indemnification enables corporations to operate --
sell products, collect, and exploit sales data -- with commercial impunity.
When the corporate brand is threatened by strategic operational mistake -- a
failure proactively mitigate auspicious infosec weaknesses -- there's almost
no legal cover.
Expect a monetary settlement, a "non-admission of corporate guilt
statement," and a deferred prosecution agreement that waives employee
imprisonment subject to CP's promise to prevent recurrence.
I'll wait for my free gasoline voucher.
------------------------------
Date: Sat, 22 May 2021 08:36:00 -1000
From: geoff goodfellow <ge...@iconia.com>
Subject: IS: Truth, Lies, and Automation
*How Language Models Could Change Disinformation*
Growing popular and industry interest in high-performing natural language
generation models has led to concerns that such models could be used to
generate automated disinformation at scale. This report examines the
capabilities of GPT-3--a cutting-edge AI system that writes text--to analyze
its potential misuse for disinformation. A model like GPT-3 may be able to
help disinformation actors substantially reduce the work necessary to write
disinformation while expanding its reach and potentially also its
effectiveness.
For millennia, disinformation campaigns have been fundamentally human
endeavors. Their perpetrators mix truth and lies in potent combinations
that aim to sow discord, create doubt, and provoke destructive action. The
most famous disinformation campaign of the twenty-first century -- the
Russian effort to interfere in the U.S. presidential election -- relied on
hundreds of people working together to widen preexisting fissures in
American society.
Since its inception, writing has also been a fundamentally human endeavor.
No more. In 2020, the company OpenAI unveiled GPT-3, a powerful artificial
intelligence system that generates text based on a prompt from human
operators. The system, which uses a vast neural network, a powerful machine
learning algorithm, and upwards of a trillion words of human writing for
guidance, is remarkable. Among other achievements, it has drafted an op-ed
that was commissioned by The Guardian, written news stories that a majority
of readers thought were written by humans, and devised new internet memes.
In light of this breakthrough, we consider a simple but important question:
can automation generate content for disinformation campaigns? If GPT-3 can
write seemingly credible news stories, perhaps it can write compelling fake
news stories; if it can draft op-eds, perhaps it can draft misleading
tweets. [...]
https://cset.georgetown.edu/publication/truth-lies-and-automation/
------------------------------
Date: Sat, 22 May 2021 07:56:04 -0700
From: Lauren Weinstein <lau...@vortex.com>
Subject: That Salesforce outage: Global DNS downfall started by one engineer
trying a quick fix (The Register)
Operational procedures should make this sort of error impossible for
one person to do. So it's never just one person's fault. -L
https://www.theregister.com/2021/05/19/salesforce_root_cause/
------------------------------
Date: Wed, 26 May 2021 01:01:22 -0400
From: Gabe Goldberg <ga...@gabegold.com>
Subject: For First Time, Microsoft Integrating GPT-3 Into Its Software
(EnterpriseAI)
MICROSOFT BUILD 2021 -- Eight months after licensing the GPT-3 natural
language AI model from OpenAI last September, Microsoft is integrating the
language generator into its Microsoft Power Apps software to make it easier
for enterprise workers to build no-code applications. [...]
Once GPT-3 is integrated with Microsoft Power Apps, non-technical employees
will be able to build a no-code Power Apps application by entering
conversational language and then have it automatically transformed into the
needed code using GPT-3, according to Microsoft.
https://www.enterpriseai.news/2021/05/25/for-first-time-microsoft-integrating-gpt-3-into-its-software/
Taking the old joke about, "Write your program in FORTRAN or write a story
about your program in COBOL" to new levels of storytelling. Funny,
announcement doesn't describe how non-technical employees will debug or
enhance their stories.
------------------------------
Date: Sat, 29 May 2021 08:02:01 -0700
From: Henry Baker <hba...@pipeline.com>
Subject: Caltech Prof Helps Solve Hindenburg Disaster (NOVA)
I just watched the PBS NOVA program in which a Caltech professor provides
experimental evidence of how the Hindenburg Zeppelin burned and crashed in
1937 -- a NTSB-like investigation 84 years in the making.
As a trained electrical engineer, I agree with the conclusions, but the PBS
story excessively convoluted the relatively simple argument.
Here's my version on one slide:
* Hydrogen had been leaking from the tail section for some time -- enough so
that it was almost impossible to 'trim' the zeppelin so that the tail
wouldn't touch the ground first.
* The skin and the frame of the zeppelin were electrically insulated from
one another, so that they formed a giant capacitor (called a 'condenser'
in 1937); every capacitor has a 'break down' voltage at which it 'shorts
out' -- sometimes in a spectacular fashion.
* During the zeppelin flight, both 'plates' (skin, frame) of this capacitor
acquired a large charge relative to the ground, but with no voltage drop
between them.
* When the landing ropes were dropped, the charge from the frame leaked down
the somewhat wet ropes to the ground over a 4-minute period determined by
the 'RC time constant', where R=rope resistance and C=skin/frame
capacitance.
* The charge on the skin 'plate' remained, however, and thus the voltage
drop between the skin and the frame increased until the breakdown voltage
limit was reached, at which point numerous sparks all over the skin led to
hydrogen ignition near the tail.
History's Mysteries: Caltech Professor Helps Solve Hindenburg Disaster
Emily Velasco, 17 May 2021
https://www.caltech.edu/about/news/historys-mysteries-caltech-professor-helps-solve-hindenburg-disaster
[Very long item omitted for RISKS. However, it is worth reading in its
entirety, PGN]
------------------------------
Date: Sat, 22 May 2021 18:44:18 +0200
From: Toebs Douglass <ri...@winterflaw.net>
Subject: Re: Just 12 People Are Behind Most Vaccine Hoaxes On Social Media,
Research Shows (RISKS-32.68)
The NPR article begins with this statement;
"Researchers have found just 12 people are responsible for the bulk of the
misleading claims and outright lies about COVID-19 vaccines that proliferate
on Facebook, Instagram and Twitter."
The NPR article explains nothing; it has an early paragraph stating a claim,
and a link to a PDF which is the basis for that claim, and then the rest of
the article goes on about how harmful this all is.
Reading the PDF, I'm finding it rather difficult to pick out what was
actually done, and so what is actually claimed. What I'm come up with is
this;
The investigators examined 10 private and 20 public anti-vaccine groups on
Facebook, over a period of six weeks, and from this selected 483 pieces of
anti-vaccine content which they considered representative (no basis for
selection was given). They found over Facebook as a whole, these 483 pieces
of anti-vaccine content had been posted or shared about 690,000 times, and
that of these posts, 73% were of content which came from a group of twelve
individuals.
I don't think it's stated how many of the 483 pieces of anti-vaccine content
actually came from these twelve individuals. Obviously, if say 90% of them
came from those twelve individuals, then selection bias at that point will
strongly influence the later findings.
Also, it seems to me that the number 690,000 is a very low number of posts
for all of Facebook for six weeks on such a topical matter. Given how few
posts there are, I would also like to know how many of those posts were in
fact part of those 30 anti-vaccine groups.
In any event, generalizing from this to the entirety to Facebook, Instagram
and Twitter is wholly improper.
(Indeed, in the PDF, Instagram is in fact not investigated at all. It is
mentioned as being a platform these individuals use, but the content was not
examined - only Facebook and Twitter.)
I think the large majority of the PDF is emotive activism to censorship,
including an actual and fairly lengthy profile of each of the accused, with
a small and I have to say I found rather confusingly presented, and rather
unexplained (too many "we choose as representative") part being the
investigation that was performed.
There may be something in this, but taken as it is, right now, this seems to
me to be a means to an end - indeed, not entirely unlike the very
disinformation it seeks to discredit in others. The origin is the "Center
for Countering Digital Hate", so we can imagine they're coming at this from
a particular point of view.
------------------------------
Date: Sat, 22 May 2021 05:01:55 +0000
From: Jay Libove <lib...@felines.org>
Subject: Sharing lock-picking information on RISKS
[was: Re: A mom panicked when her 4-year-old bought $2,600 in SpongeBob,
Popsicles (RISKS-32.65)]
Interesting note by PGN, and interesting comment be Bernie. My eyes barely
twitched when I read the original post which described how to bypass the
Washington Post paywall. (I just open WaPo articles in an
InPrivate/Incognito browser and re-accept the cookie and "You have three
free articles left" notice).
Should we share information about how to pick locks? I'm pretty sure we do
that. Every day, in announcing vulnerabilities and the devilishly clever
technology steps taken to exploit them. And, even better, in a timeless
SciFi way, by theorizing from where a next class of such vulnerabilities
will come, and how they may be used (for good and ill).
Of course, there's a responsible way to do that (and in my decades reading
RISKS the posts here have always fallen on the responsible side; thank you,
moderators).
What constitutes responsible disclosure of "Site <X>'s paywall can be
bypassed?"
For that matter, what constitutes *ethics* in such a situation?
I'm a paying subscriber to at least four major news publications across
three countries on two continents, and on all of them I *still* have to
repeatedly deal with cookie (re-)notices, to re-log in too frequently
(despite the "remember me" box having been ticked), and to suffer a raft of
other repetitive, intrusive technology and user experience design failures.
Where is the ethos that says that, especially for the paying customer, site
<X> has to do a good enough job to avoid repeatedly interfering with my paid
use of their product, and stop wasting my time?
Two wrongs don't make a right (Despite that sometimes three lefts do ...),
but, NOT talking about the-secret-that-everyone-knows which isn't even so
much a symptom of "I don't want to pay for it"-it is but really "it's broken
and everyone knows it but why won't anyone actually fix it" .. is that even
unethical, in fact? Or is it a needed prod to fix these services?
With all that background, plus of course the broad availability of browser
plugins, etc, meant explicitly to bypass paywalls, cookie banners, etc, I
didn't see any reason why RISKS shouldn't allow such an item to be posted,
and I'm unsurprised that the moderators didn't get much feedback about it.
Bernie, I'm glad you raised it, because I think that a *risk* that maybe we
haven't discussed enough in recent years is the aggregated societal cost in
wasted time and increased stress from poor user experience caused by a
combination of incompetence, excessive intent to continue selling (even to
those who have already bought), and failures to understand/ excessive(?)
fear of regulatory action provoking excessive "security" and "compliance"
friction in daily Internet use.
[This is a very useful response. I do not endorse schemes to get around
paywalls. For many years, I have tried to invoke fair use and *not* to
not run pay-walled items without seriously abridging them or PGN-ed-ing
them into my own words, and encouraging interested readers to dig out the
originals as appropriate. In running the original item, I was hoping to
trigger some constructive discussion that is respectful of paywalls but
also warning that we are increasingly living in a world where almost
everything is becoming monetized. I am delighted with the responses from
both Bernie and Jay. PGN]
------------------------------
Date: Sat, 22 May 2021 12:09:13 +0100
From: Martin Ward <mar...@gkc.org.uk>
Subject: NoScript is immoral? (Re: RISKS-32.69)
I have been running NoScript to block all Javascript by default on all but a
few websites for many years and have been reading the occasional article
from the Washington Post for many years. I would not have even *known* about
their javascript block if I hadn't run the experiment of turning off
NoScript on the web site. Note that the Post hands out and displays the
complete article, along with some javascript that waits a few moments, and
then covers up the article with a request for a subscription. If the
javascript is not executed, then the article is not covered up. For all I
know, there may be dozens of other web sites that do the same!
A real world analogy: The Washington Post says, "I have an article about
XYZ, would you like to read it?", You reply "OK, I'll have a look at it".
*The Washington Post* hands you the article and you start reading. Then *The
Washington Post* hands you a piece of cardboard and says "Please cover the
article I just gave you with this cardboard". You ask "Why?" and WP answers
"So that I can ask you to pay me money to take the cardboard away
again". You say "How about I just decide *not* to cover the article with the
cardboard and carry on reading?". "THIEF!!!" Except in my case, I didn't
even *hear* the request to cover the article with the card. Am I still a
thief?
Is it really morally wrong to choose *not* to execute by default every piece
of code that is handed to you by any web site that you decide to visit?
------------------------------
Date: 21 May 2021 21:50:31 -0400
From: "John Levine" <jo...@iecc.com>
Subject: Re: freemium for all, was A mom panicked
It appears that Bernie Cosell <cos...@alum.mit.edu> said:
>How handy! We needed a forum on how to "share" things that we ought to pay
>for. Next fun activity on RISKS -- how to get ATMs to spit out money.
>
>NB: I don't mean to start a fight but I don't think that kind of "help" is
>appropriate for RISKS.
For anyone familiar with the way that the web works, it should be obvious
that freemium sites that let you view a few articles and then ask you to pay
use a browser cookie to keep the article count. If you set your browser not
to accept cookies from a site, there is no counter and in most cases you can
see all the articles you want. A few sites are pickier and check to see if
you're doing that, but mostly they don't bother, on the reasonable
assumption that anyone trying that hard to bypass the paywall is unlikely
ever to pay, and the harder they try to block freeloaders, the more likely
they'll also accidentally block legit users.
Those of us from the previous millennium remember software on copy protected
floppy disks, same idea to allow some kinds of use typical of paying
customers but not other kinds typical of non-payors. The software industry
eventually stopped doing that, because the copy protection annoyed the legit
users, and the people who might be deterred by copy protection were unlikely
to turn into paying customers. There was even a plausible argument that a
certain amount of copying led to more sales as people with illicit copies
found they liked the software enough to pay for documentation (there were
these paper things called "manuals") and support (using a now-forgotten kind
of telephone that you couldn't lose because it was attached to the wall with
a wire.)
As I've noted before, newspaper reporters like to eat, and subscriptions are
a big part of how they do that. So if you tweak your browser to bypass the
paywall, that has nothing to do with "freedom". You're just being cheap.
PS: Next rant: why I don't waste a lot of time chasing down pirate PDFs of
my books. But when people write and say your book is expensive, send me a
PDF for free, sorry, no, that's what libraries are for.
------------------------------
Date: Mon, 24 May 2021 20:16:00 +0000
From: David Roman <ro...@hq.acm.org>
Subject: June 2021 CACM Inside Risks column and video
"The Risks of Election Believability (or Lack Thereof)," the Inside Risks
column in the June 2021 Communications of the ACM (CACM), and its related
video, by Rebecca T. Mercuri and Peter G. Neumann, have been published
online at
https://cacm.acm.org/magazines/2021/6/252836-the-risks-of-election-believability-or-lack-thereof/fulltext.
The video alone is at https://vimeo.com/552504677.
[David's ACM URLs are likely to be behind the ACM paywall. The article
is also up on the Inside Risks website at
http://www.csl.sri.com/neumann/insiderisks251.pdf
PGN]
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-...@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to ri...@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 32.69
************************
0 new messages