RISKS Forum mailing list archives
Risks Digest 31.47
From: RISKS List Owner <risko () csl sri com>
Date: Tue, 12 Nov 2019 16:53:37 PST
RISKS-LIST: Risks-Forum Digest Tuesday 12 November 2019 Volume 31 : Issue 47 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/31.47> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: [Cleared the backlog.] Galileo satellite system failure (The Register) Boeing Shaped a Law to Its Liking. Weeks Later, a 737 Max Crashed. (NYTimes) Illegal drones ground water-dropping helicopters at critical moment in Maria fire battle (LA Times) Drones Used in Crime Fly Under the Law's Radar (NYTimes) Kiwibot delivery bots drones (NYTimes) AT&T claims a weeks-long voicemail outage will be fixed with a single device update (The Verge) Wrong-way driverless Tesla Model 3 (Geoff Goodfellow) Uber self-driving car involved in fatal crash couldn't detect jaywalkers (Engadget) Testing Cars That Help Drivers Steer Clear of Pedestrians (NYTimes) How Russia Meddles Abroad for Profit: Cash, Trolls and a Cult Leader (NYTimes) Russia Will Test Its Ability to Disconnect from the Internet (via GeoffG) Brian Kernighan: Unix: A History and a Memoir (PGN) GitHub blocking: vandal's dream (Dan Jacobson) PSA: Turning off silent macros in Office for Mac leaves users wide open to silent macro attacks (The Register) Large Bitcoin Player Manipulated Price Sharply Higher, Study Says (WSJ) Inside the Icelandic Facility Where Bitcoin Is Mined (WiReD) Amazon blames 'error' for blocking Nintendo resellers from listing products (The Verge) What happens if your mind lives for ever on the Internet? (The Guardian) 1.5 Million Packages a Day: The Internet Brings Chaos to NY Streets (NYTimes) Security Researchers Warn of Online Voting Risks (Computerworld) Calculation gives different results on different operating systems (Techxplore) Microsoft's Secured-Core PC Feature Protects Critical Code (WiReD) The rise of microchipping: are we ready for technology to get under the skin? (The Guardian) Saudi Arabia recruited Twitter workers to spy on users, feds say (CBS News) U.S. Charges Former Twitter Employees With Spying for Saudi Arabia (WSJ) The Internet is tilting toward tyranny (WashPost) Network Solutions: Important Security Information re: Breach (via GabeG) Radios do interfere with garage-door openers! (fauquiernow) Automatic bug tracker issue closers (stalebot) Robinhood Markets -- rob the poor to feed the rich? (Bloomberg) Apps track students from the classroom to bathroom, and parents are struggling to keep up (WashPost) At an Outback Steakhouse Franchise, Surveillance Blooms (WiReD) Researchers hack Siri, Alexa, and Google Home by shining lasers at them (Ars Technica) Insanely humanlike androids have entered the workplace and soon may take your job (CNBC) HireVue's AI face-scanning algorithm increasingly decides whether you deserve the job (Wash Post) Screen time is actually good for kids! (Oxford) Risks of posting the wrong emoji (Dan Jacobson) We Have No Reason to Believe 5G Is Safe (Scientific American Blog Network) She Accidentally Uncovered a Nationwide Scam on Airbnb (VICE) Expanded testbed in Singapore for autonomous vehicles a big boost for research and developers (The Straits Times) Coalfire CEO statement (via Gabe Goldberg) Cirrus' $2 Million Vision Jet Now Lands Itself, No Pilot Needed (WiReD) These Machines Can Put You in Jail. Don't Trust Them. (NYTimes) Trolling Is Now Mainstream Political Discourse (WiReD) Video giant Twitch pushes Trump rallies and mass violence into the live-stream age (WashPost) Text messages delayed from February were mysteriously sent overnight (The Verge) Netflix to stop supporting older devices from Samsung, Roku, and Vizio in December (The Verge) Members of violent white supremacist website exposed in massive data dump (Ars Technica) Re: Mountain village begs tourists not to follow Google Maps and get stuck (Dan Jacobson) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 11 Nov 2019 10:48:17 -1000 From: the keyboard of geoff goodfellow <geoff () iconia com> Subject: Galileo satellite system failure (The Register) *Also organizational chaos, secrecy and self-regulation* EXCERPT: Key details about the failure of Europe's Galileo satellite system over the summer have started to emerge -- and it's not pretty. While one key official has sought to blame a single individual for the system going dark, insiders warn that organizational chaos, excessive secrecy and some unusual self-regulation is as much to blame. Combined with those problems, a battle between European organizations over the satellite system, and a delayed independent report into the July cock-up, means things aren't looking good for Europe's answer to America's GPS system. A much needed shake-up may be on its way. In mid-July, the agency in charge of the network of 26 satellites, the European Global Navigation Satellite Systems Agency (EGSA), warned of a `service degradation' but assured everyone that it would quickly be resolved. <https://www.theregister.co.uk/2019/07/15/galileo_outage/> It wasn't resolved however, and six days later the system was not only still down but getting increasingly inaccurate <https://www.theregister.co.uk/2019/07/17/europe_galileo_satellites_down/>, with satellites reporting that they were in completely different positions in orbit than they were supposed to be - a big problem for a system whose entire purpose is to provide state-of-the-art positional accuracy to within 20 centimeters. Billions of organizations, individuals, phones, apps and so on from across the globe simply stopped listening to Galileo. It's hard to imagine a bigger mess, aside from the satellites crashing down to Earth. But despite the outage and widespread criticism over the failure of those behind Galileo to explain what was going on and why, there has been almost no information from the various space agencies and organizations involved in the project. *Inquiry*... [...] https://www.theregister.co.uk/2019/11/08/galileo_satellites_outage/ ------------------------------ Date: Sun, 27 Oct 2019 10:23:20 -0400 From: Monty Solomon <monty () roscom com> Subject: Boeing Shaped a Law to Its Liking. Weeks Later, a 737 Max Crashed. (NYTimes) The government has been handing over more responsibility to manufacturers for years. The new law makes it even harder for regulators to review Boeing's work. https://www.nytimes.com/2019/10/27/business/boeing-737-max-crashes.html ------------------------------ Date: Sun, 3 Nov 2019 09:42:25 -0700 From: Jim Reisert AD1C <jjreisert () alum mit edu> Subject: Illegal drones ground water-dropping helicopters at critical moment in Maria fire battle (LA Times) Colleen Shalby, Mark Puente, Hannah Fry, LA Times, 2 Nov 2019 As flames rapidly spread along a hillside in Santa Paula early Friday morning, firefighters were faced with a perilous dilemma: ground night-flying helicopters working to contain the growing fire or risk an aerial collision with a thrill-seeking drone. A Ventura County Fire Department helicopter pilot radioed in at 3:19 a.m. that a drone had been spotted flying above the flames, apparently trying to take a photograph or video of the scene below. Air operations were immediately stopped for at least 45 minutes until the sky was clear. But at 4:05 a.m., another drone sighting occurred. The aerial fight against the wildfire was upended for another hour while at least two helicopters with night-flying capabilities that had been deployed to help contain the Maria fire were grounded. Meanwhile, the blaze that broke out atop South Mountain, just south of Santa Paula, shortly after 6 p.m. Thursday marched toward the small agricultural towns of Somis and Saticoy. The interruption of the aerial firefighting underscores growing concerns about how drones can bring added dangers to pilots battling major fires. https://www.latimes.com/california/story/2019-11-01/maria-fire-drone-hinders-firefighting-efforts-as-blaze-doubles-in-size-overnight ------------------------------ Date: Sun, 3 Nov 2019 18:57:12 -0500 From: Monty Solomon <monty () roscom com> Subject: Drones Used in Crime Fly Under the Law's Radar (NYTimes) https://www.nytimes.com/2019/11/03/us/drones-crime.html Drones are increasingly being used by criminals across the country, and local law enforcement agencies are often powerless to stop them. ------------------------------ Date: Mon, 11 Nov 2019 17:04:07 -0500 From: Gabe Goldberg <gabe () gabegold com> Subject: Kiwibot delivery bots drones (NYTimes) https://www.nytimes.com/2019/11/07/business/kiwibot-delivery-bots-drones.html The risk? It's in the title. I've encountered these critters roaming George Mason University campus in Fairfax VA. One was being chased by a student who'd placed an order but forgotten to update his address, so it was going where he used to live. ------------------------------ Date: Thu, 24 Oct 2019 23:13:58 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: AT&T claims a weeks-long voicemail outage will be fixed with a single device update (The Verge) AT&T has been experiencing a weeks-long voicemail outage affecting some customers across the country. But it's hard to tell exactly what's causing the outage, or how long until it will be fixed -- and AT&T is saying conflicting things about what's going on. Here's what the company told us, when we asked: `A recent software update to some devices may be affecting our customers' voicemail. We are working with the device manufacturer to issue a patch to resolve this and apologize for any inconvenience this has caused.'' That statement seems to suggest that only a single phonemaker is affected, and that phonemaker might share the blame for the outage -- but that wouldn't make sense, because AT&T customers are reporting a wide array of different phones are having the same issue. Right now, there's a 40+ page thread on AT&T's support forums concerning the recent voicemail issues. (It was marked as `solved' on page 8 by AT&T.) In the thread, AT&T reps have attributed the issues to something much different than a recent software update -- they've said it's because of a `vendor server problem' as first stated on October 9th, and reiterated as recently as today, October 23rd. https://www.theverge.com/2019/10/23/20929133/att-voicemail-outage-patch-vendor-server-problem ------------------------------ Date: Thu, 7 Nov 2019 14:22:00 -1000 From: geoff goodfellow <geoff () iconia com> Subject: Wrong-way driverless Tesla Model 3 - Footage of the dodgy driving was captured in Richmond, British Columbia - The Model 3 car stops and starts as it tentatively tries to reach its owner - Smart Summon was rolled out to supported Tesla cars on 26 Sep 2019 - It has been met with a very mixed reception from Tesla users and pedestrians EXCERPT: An alarming video shows a 'smart summoned' driverless Tesla Model 3 car tentatively trying to find its owner -- while going down the wrong side of the road. Stopping and starting -- in the dead middle of the road at one point -- the vehicle's ham-fisted driving is seen to attract the concerned attention of passersby. This latest worrying exhibition of driverless tech was filmed in a shopping centre parking lot in Richmond, British Columbia. ------------------------------ Date: Wed, 6 Nov 2019 08:26:09 -1000 From: geoff goodfellow <geoff () iconia com> Subject: Uber self-driving car involved in fatal crash couldn't detect jaywalkers (Engadget) *The system had several serious software flaws, the NTSB said* EXCERPT: Uber's self-driving car that struck and killed a pedestrian in March 2018 had serious software flaws, including the inability to recognize jaywalkers, according to the NTSB. The US safety agency said that Uber's software failed to recognize the 49-year-old victim, Elaine Herzberg, as a pedestrian crossing the street. It didn't calculate that it could potentially collide with her until 1.2 seconds before impact, at which point it was too late to brake. <https://www.engadget.com/2018/03/19/uber-stops-all-self-driving-car-tests-after-fatal-accident/> <https://www.documentcloud.org/documents/6540547-629713.html> More surprisingly, the NTSB said Uber's system design "did not include a consideration for jaywalking pedestrians." On top of that, the car initiated a one second braking delay so that the vehicle could calculate an alternative path or let the safety driver take control. (Uber has since eliminated that function in a software update.) *Although the [system] detected the pedestrian nearly six seconds before impact ... it never classified her as a pedestrian, because she was crossing at a location without a crosswalk [and] the system design did not include a consideration for jaywalking pedestrians.* Uber's autonomous test vehicles may have failed to identify roadway hazards in at least two other cases, according to the report. In one case, a vehicle struck a bicycle lane post that had bent into a roadway. In another, a safety driver was forced to take control to avoid an oncoming vehicle and ended up striking a parked car. In the seven months prior to the fatal crash, Uber vehicles were involved in 37 accidents, including 33 in which other vehicles struck the Uber test cars... [...] https://www.engadget.com/2019/11/06/uber-self-driving-car-fatal-accident-ntsb/ [Monty Solomon noted the article here:] https://www.washingtonpost.com/local/trafficandcommuting/pedestrian-in-self-driving-uber-collision-probably-would-have-lived-if-braking-feature-hadnt-been-shut-off-ntsb-finds/2019/11/05/7ec83b9c-ffeb-11e9-9518-1e76abc088b6_story.html ------------------------------ Date: Wed, 6 Nov 2019 10:48:32 -0600 From: Monty Solomon <monty () roscom com> Subject: Testing Cars That Help Drivers Steer Clear of Pedestrians (NYTimes) https://www.nytimes.com/2019/10/29/business/pedestrian-deaths-collision-avoidance.html As pedestrian deaths climb, collision-avoidance systems could reduce that toll, but new tests show significant differences in how well they work. ------------------------------ Date: Mon, 11 Nov 2019 14:37:26 -0500 From: Monty Solomon <monty () roscom com> Subject: How Russia Meddles Abroad for Profit: Cash, Trolls and a Cult Leader (NYTimes) https://www.nytimes.com/2019/11/11/world/africa/russia-madagascar-election.html Madagascar has little obvious strategic value for the Kremlin or the global balance of power. But Russians were there during an election, offering bribes, spreading disinformation and recruiting an apocalyptic cult leader. "The Russians were hard to miss. They appeared suddenly last year in Madagascar's traffic-snarled capital, carrying backpacks stuffed with cash and campaign swag decorated with the name of Madagascar's president. "It was one of Russia's most overt attempts at election interference to date. Working from their headquarters in a resort hotel, the Russians published their own newspaper in the local language and hired students to write fawning articles about the president to help him win another term. Skirting electoral laws, they bought airtime on television stations and blanketed the country with billboards. "They paid young people to attend rallies and journalists to cover them. They showed up with armed bodyguards at campaign offices to bribe challengers to drop out of the race to clear their candidate's path. At Madagascar's election commission, officials were alarmed. `'We all recall what the Russians did in the United States during the election,' said Thierry Rakotonarivo, the commission's vice president. 'We were truly afraid.'' https://www.nytimes.com/2019/11/11/world/africa/russia-madagascar-election.html ------------------------------ Date: Thu, 24 Oct 2019 14:21:00 -1000 From: geoff goodfellow <geoff () iconia com> Subject: Russia Will Test Its Ability to Disconnect from the Internet (sundry sources) *The nascent RuNet is meant to allow the country to survive an attack -- and Putin to monitor and control his subjects* EXCERPT: Russia will test its internal RuNet network to see whether the country can function without the global Internet, the Russian government announced Monday. The tests will begin after Nov. 1, recur at least annually, and possibly more frequently. It's the latest move in a series of technical and policy steps intended to allow the Russian government to cut its citizens off from the rest of the world. ``On Monday, the government approved the provision on conducting exercises to ensure the stable, safe and holistic functioning of the Internet and public communications networks in the Russian Federation,'' notes an article in D-Russia. <http://d-russia.ru/opublikovano-polozhenie-o-regulyarnyh-ucheniyah-po-vyyavleniyu-ugroz-i-otrabotke-mer-po-vosstanovleniyu-rabotosposobnosti-runeta.html> (The original article is in Russian. We verified a translation with the help of a native Russian speaker.) ``The exercises are held at the federal (in the territory of the Russian Federation) and regional (in the territory of one or more constituent entities of the Russian Federation) levels.'' The word ``holistic'' shows that the exercises follow April's passage of the sovereign Internet law <https://www.cnn.com/2019/05/01/europe/vladimir-putin-russian-independent-internet-intl/index.html> that will require all Internet traffic in Russia to pass through official chokepoints, allowing the government to shut down outside access, block websites that they don't like and monitor traffic. <https://www.defenseone.com/technology/2019/04/russians-will-soon-lose-uncensored-access-internet/156531/> In 2016, Russia launched the Closed Data Transfer Segment: basically, a big military intranet for classified data, similar to the Pentagon's Joint Worldwide Intelligence Communications System <https://en.wikipedia.org/wiki/Joint_Worldwide_Intelligence_Communications_System>. The following year, Russia announced <https://www.defenseone.com/technology/2017/11/russia-will-build-its-own-internet-directory-citing-us-information-warfare/142822/> that it intends to build its own domain name directory, which would allow it to re-route traffic intended for one website to another <https://www.defenseone.com/technology/2017/11/russia-will-build-its-own-internet-directory-citing-us-information-warfare/142822/>. And last year, Putin's top IT advisor Herman Klimenko <http://www.businessinsider.com/putin-internet-advisor-allegedly-owns-piracy-torrent-site-2016-1>and others suggested that the new segment might be able to carry the rest of the country's Internet traffic. But Klimenko cautioned that moving to the new system would be painful. As recently as March, Gen. Paul Nakasone, director of U.S. Cyber Command and the NSA, expressed skepticism <https://www.youtube.com/watch?time_continue=3D12&v=3DApd2ReXB6vk> that Russia would succeed. ... https://www.defenseone.com/technology/2019/10/russia-will-test-its-ability-disconnect-internet/160861/ ------------------------------ Date: Mon, 11 Nov 2019 10:19:10 PST From: "Peter G. Neumann" <neumann () csl sri com> Subject: Brian Kernighan: Unix: A History and a Memoir Brian Kernighan Unix: A History and a Memoir Kindle Direct Publishing October 2019 ISBN 9891695978553 This is Brian's 13th book, and I think we are very lucky that he has made a significant effort to write it. Why is this book relevant to RISKS? * It provides a well-documented long-term success story, a genre that we have long sought for RISKS (and indeed explicitly requested in our first few decades, although there have been few examples as far-reaching as this one). * It is a wonderful example of the fundamental importance of skilled, devoted, and committed individuals in building new systems and enabling those systems to have long lives, as well as enabling an ever-growing group of other contributors to create relevant enhancements, and of course inspiring the advent of many open-source operating systems and supporting software. * The book is a fine example of the effective use of constructive self-publishing. The process of getting a book published through the usual channels is typically very labor intensive and time consuming, sometimes making aspects of the book no longer timely. However, the historical aspects of Brian's book are timeless, and carefully prepared. Incidentally, the memoir aspects demonstrate Brian's modesty: ``For 30 years, he was a member of the original Unix research group, ... present at the creation, though not responsible for it.'' I believe he had a decidedly nontrivial role in its success. PGN ------------------------------ Date: Sat, 09 Nov 2019 23:11:13 +0800 From: Dan Jacobson <jidanni () jidanni org> Subject: GitHub blocking: vandal's dream Let's take another look at GitHub blocking. On Facebook if Boris BadUser blocks Gerry GoodUser, both lose access to each other's stuff. On GitHub, Boris blocks Gerry's *notifications of Boris' actions*, including vandalizing Gerry's stuff to his heart's content (until one day some third party hopefully tells Gerry.) Unbelievable, undocumented, but true (as confirmed by staff in my previous post.) ------------------------------ Date: Tue, 5 Nov 2019 23:05:43 -0600 From: Monty Solomon <monty () roscom com> Subject: PSA: Turning off silent macros in Office for Mac leaves users wide open to silent macro attacks (The Register) https://www.theregister.co.uk/2019/11/05/office_mac_macro_bug/ ------------------------------ Date: Mon, 4 Nov 2019 08:01:45 -0600 From: Monty Solomon <monty () roscom com> Subject: Large Bitcoin Player Manipulated Price Sharply Higher, Study Says (WSJ) A single large player, using the Bitfinex exchange and a cryptocurrency called tether, manipulated the price of bitcoin as it ran up to a peak of nearly $20,000 two years ago, a new study has concluded. https://www.wsj.com/articles/large-bitcoin-player-manipulated-price-sharply-higher-study-says-11572863400 ------------------------------ Date: Sun, 3 Nov 2019 22:06:49 -0500 From: Gabe Goldberg <gabe () gabegold com> Subject: Inside the Icelandic Facility Where Bitcoin Is Mined (WiReD) Cryptocurrency mining now uses more of the Nordic island nation's electricity than its homes. It wasn't long after Bitcoin's creation on 3 Jan 2009 that cryptocurrency companies began moving to Iceland. In 2016, large data centers accounted for nearly 1 percent of its GDP, with cryptocurrency mining operations making up 90 percent of those. They now use more electricity than all of Iceland's homes combined, with electric bills at Enigma running more than $1 million per month. But however green the energy, miners still can't escape a dilemma as old as picks and shovels: how to extract resources without marring the landscape. According to local experts cited by The Wall Street Journal, keeping up with demand for electricity requires building more dams and power stations that could alter Iceland's unique, sensitive environment. https://www.wired.com/story/iceland-bitcoin-mining-gallery/ ------------------------------ Date: Sun, 3 Nov 2019 20:56:51 -0600 From: Monty Solomon <monty () roscom com> Subject: Amazon blames 'error' for blocking Nintendo resellers from listing products (The Verge) https://www.theverge.com/2019/11/1/20943772/amazon-marketplace-nintendo-deal-used-retro-games-consoles-counterfeit ------------------------------ Date: October 22, 2019 8:18:27 GMT+8 From: geoff goodfellow <geoff () iconia com> Subject: What happens if your mind lives for ever on the Internet? (The Guardian) (The Guardian, 20 Oct 2019) It may be some way off, but mind uploading, the digital duplication of your mental essence, could expand human experience into a virtual afterlife. Imagine that a person's brain could be scanned in great detail and recreated in a computer simulation. The person's mind and memories, emotions and personality would be duplicated. In effect, a new and equally valid version of that person would now exist, in a potentially immortal, digital form. This futuristic possibility is called mind uploading. The science of the brain and of consciousness increasingly suggests that mind uploading is possible -- there are no laws of physics to prevent it. The technology is likely to be far in our future; it may be centuries before the details are fully worked out -- and yet given how much interest and effort is already directed towards that goal, mind uploading seems inevitable. Of course we can't be certain how it might affect our culture but as the technology of simulation and artificial neural networks shapes up, we can guess what that mind uploading future might be like. Suppose one day you go into an uploading clinic to have your brain scanned. Let's be generous and pretend the technology works perfectly. It's been tested and debugged. It captures all your synapses in sufficient detail to recreate your unique mind. It gives that mind a standard-issue, virtual body that's reasonably comfortable, with your face and voice attached, in a virtual environment like a high-quality video game. Let's pretend all of this has come true... https://www.theguardian.com/technology/2019/oct/20/mind-uploading-brain-live-for-ever-internet-virtual-reality [Of course, we will need truly trustworthy systems on which to house such a facility, to prevent and detect impersonations, alterations, and the creation of entirely fake persona. PGN] ------------------------------ Date: Sun, 3 Nov 2019 22:21:48 -0500 From: Gabe Goldberg <gabe () gabegold com> Subject: 1.5 Million Packages a Day: The Internet Brings Chaos to NY Streets (NYTimes) The push for convenience is having a stark impact on gridlock, roadway safety and pollution in New York City and urban areas around the world. https://www.nytimes.com/2019/10/27/nyregion/nyc-amazon-delivery.html ------------------------------ Date: Fri, 18 Oct 2019 12:16:21 -0400 (EDT) From: ACM TechNews <technews-editor () acm org> Subject: Security Researchers Warn of Online Voting Risks (Computerworld) Security Researchers Warn of Online Voting Risks Rohan Pearce, Computerworld, 17 Oct 2019) via ACM TechNews, 18 Oct 2019 Security researchers said Australia should not rely on any online voting system that lacks a thorough ballot-verification method, to ensure against fraudulent voting. The University of Melbourne's Chris Culnane and Vanessa Teague warned of the vulnerability of Scytl's iVote platform, designed to accommodate visually impaired voters and those traveling on the day of the election, as well as substituting for voting by mail. The researchers cited findings that votes cast via iVote in a 2017 Western Australia election were channeled through a content delivery network that could potentially "read and alter votes." Culnane, Teague, and their colleagues told an ongoing Victorian inquiry examining the conduct of the state's 2018 election, "Electronic voting risks introducing into Australian elections the possibility of large-scale, undetectable fraud that could potentially be committed from anywhere in the world." https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-22109x21e58dx070251& ------------------------------ Date: Mon, 21 Oct 2019 07:05:26 -0700 From: Barry Gold <barrydgold () ca rr com> Subject: Calculation gives different results on different operating systems (Techxplore) Chaos is loose in the world. A grad student who was checking the calculations in a study discovered that the algorithm returned different results on MacOS, Windows, and Linux. "Studies that used the original code for NMR computations could probably be incorrect," Luo said. "Because most researchers didn't include the type of operating system they used, there is no easy way to know if their results were affected by this glitch." https://techxplore.com/news/2019-10-team-glitch-affect-scientific.html?fbclid=IwAR0RjcX4HtZVjXsU5gq6IPQ9E36NqkeGWm6BL181nOr3Lg3qsRor0MJQsuU ------------------------------ Date: Mon, 21 Oct 2019 17:54:35 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Microsoft's Secured-Core PC Feature Protects Critical Code (WiReD) The idea of secured-core PC is to take firmware out of that equation, eliminating it as a link in the chain that determines what's trustworthy on a system. Instead of relying on firmware, Microsoft has worked with AMD, Intel, and Qualcomm to make new central processing unit chips that can run integrity checks during boot in a controlled, cryptographically verified way. Only the chip manufacturers will hold the encryption keys to broker these checks, and they're burned onto the CPUs during manufacturing rather than interacting with the firmware's amorphous, often unreliable code layer. "It's rooted in the CPU and no longer in the firmware, because it still boots early," Weston says. "But if there's anything tampered with, the system code would identify this and shut everything down. So we're taking firmware and any potential compromise out of the circle of trust." https://www.wired.com/story/microsoft-secured-core-pc/ Only the chip manufacturers will hold the encryption keys Hmmm. ------------------------------ Date: November 9, 2019 9:22:22 JST From: geoff goodfellow <geoff () iconia com> Subject: The rise of microchipping: are we ready for technology to get under the skin? (The Guardian) As implants grow more common, experts fear surveillance and exploitation of workers. Advocates say the concerns are irrational EXCERPT: On 1 August 2017, workers at Three Square Market, a Wisconsin-based company specializing in vending machines, lined up in the office cafeteria to be implanted with microchips. One after the other, they held out a hand to a local tattoo artist who pushed a rice-grain sized implant into the flesh between the thumb and forefinger. The 41 employees who opted into the procedure received complimentary t-shirts that read ``I Got Chipped''. This wholesale implant event, organized by company management, dovetailed with Three Square Market's longer-term vision of a cashless payment system for their vending machines =E2=80=93 workplace snacks purchased with a flick of the wrist. And the televised ``chipping party'' proved to be a savvy marketing tactic, the story picked up by media outlets from Moscow to Sydney. ... https://www.theguardian.com/technology/2019/nov/08/the-rise-of-microchipping-are-we-ready-for-technology-to-get-under-the-skin ------------------------------ Date: Wed, 06 Nov 2019 20:55:50 -0500 From: José María (Chema) Mateos <chema () rinzewind org> Subject: Saudi Arabia recruited Twitter workers to spy on users, feds say (CBS News) Yet another example that you can't trust your data out there. Private messages are not private if you send them as plain text. https://www.cbsnews.com/news/saudi-arabia-recruited-twitter-workers-to-spy-on-users-feds-say/ Saudi Arabia's government recruited two Twitter employees to get personal account information on some of their critics, prosecutors with the U.S. Department of Justice said Wednesday. A complaint unsealed in U.S. District Court in San Francisco detailed a coordinated effort by Saudi government officials to recruit employees at the social media giant to look up the private data of thousands of Twitter accounts. The accounts included those of a popular journalist with more than 1 million followers and other prominent government critics. ------------------------------ Date: Wed, 6 Nov 2019 17:33:56 -0600 From: Monty Solomon <monty () roscom com> Subject: U.S. Charges Former Twitter Employees With Spying for Saudi Arabia (WSJ) Justice Department says the two former accessed information about people who made posts critical of the Saudi royal family https://www.wsj.com/articles/justice-department-charges-individuals-for-fraudulently-accessing-twitter-users-private-data-and-providing-info-to-saudi-arabia-11573080810 ------------------------------ Date: Wed, 6 Nov 2019 08:24:33 -1000 From: geoff goodfellow <geoff () iconia com> Subject: The Internet is tilting toward tyranny (WashPost) The Internet in its early days seemed destined to enhance freedom. Authoritarian governments might bar citizens from the Web or decrease what citizens could do on the Web, but they would not use the Web as a tool to clamp down. Needless to say, things have changed. For the ninth year in a row, Freedom House's annual ``Freedom on the Net'' report <https://www.freedomonthenet.org/report/freedom-on-the-net/2019/the-crisis-of-social-media> charts a decrease in Internet freedom around the world. Authoritarian regimes and democratic ones both are marshaling sophisticated technology to turn the Web against the people with aggressive media manipulation campaigns and mass surveillance. More than 3.8 billion people have access to the Internet today, and more than 70 percent live in countries where individuals have been arrested for posting about political, social or religious issues. Sixty-five percent live in countries where individuals have been attacked or killed for their online activities -- individuals like the two Thai anti-government activists whose bodies were found <https://apnews.com/46be62385c4e40aea66fe5881a7492ed> stuffed with concrete in the Mekong River last December. <https://www.theguardian.com/world/2019/mar/17/thailand-dissidents-murder-mekong-election> Freedom House found that unscrupulous politicians launder disinformation into the mainstream through local actors such as pop culture personalities and business magnates, many of whom are paid for their efforts to amplify conspiracy theories, misleading memes and more. Consultants in the Philippines charge 30 million pesos, or $580,000, for three-month influence efforts conducted in closed groups as well as on hyperpartisan ``alternative news'' channels. Brazil's presidential election featured operatives who scraped phone numbers from Facebook to add voters to WhatsApp groups filled with propaganda based on their personal identifiers. In India, 1.3 million youths in the National Cadet Corps were instructed to download a special app from Prime Minister Narendra Modi marketed as a source for official news and stuffed with deceptive and divisive material. The report also focuses on ``machine-driven monitoring of the public,'' realized to its fullest dystopian extent in China. The Muslim Uighur minority there is systematically tracked by law enforcement equipped with a biometric database <https://www.cnn.com/2017/12/12/asia/china-xinjiang-dna/index.html>of almost the entire population. But even in the United States, agencies have become more aggressive with warrantless searches of electronic devices at the border and social media sweeps of immigrants and immigration activists. There's also a booming market for high-tech surveillance capabilities among less advanced countries, particularly in Africa and the Middle East. A 2020 trade show in Dubai will feature the best of the worst from global firms, such as a product from the Chinese company Semptian that can audit the online activity of 5 million people for $1.5 million to $2.5 million, a bargain for any dictator. The Internet, we have learned, does not inevitably bring freedom. Society's blindness to anything but the good of the Web might have left well-meaning governments behind in regulating to enshrine privacy or ensure transparency in elections. It's not too late to aim for a better Year 10. https://www.washingtonpost.com/opinions/the-internet-gets-less-free--for-the-ninth-year-in-a-row/2019/11/05/ffe3fca0-ff48-11e9-8bab-0fc209e065a8_story.html ------------------------------ Date: Tue, 5 Nov 2019 15:18:47 -0500 From: Gabe Goldberg <gabe () gabegold com> Subject: Network Solutions: Important Security Information re: Breach What Happened? On October 16, 2019, Network Solutions determined that a third-party gained unauthorized access to a limited number of our computer systems in late August 2019, and as a result, account information may have been accessed. No credit card data was compromised as a result of this incident. Upon discovery of this unauthorized access, the company immediately began working with an independent cybersecurity firm to conduct a comprehensive investigation to determine the scope of the incident, including the specific data impacted. We have also reported the intrusion to federal authorities and are notifying affected customers. Safeguarding our customer's information is core to our mission. We are committed to protecting our customers against misuse of their information and have invested heavily in cybersecurity. We will continue to do so as we incorporate the key learnings of this incident to further strengthen our cyber defenses. https://notice.networksolutions.com/ ------------------------------ Date: Thu, 7 Nov 2019 10:37:57 PST From: "Peter G. Neumann" <neumann () csl sri com> Subject: Radios do interfere with garage-door openers! (fauquiernow) https://www.fauquiernow.com/fauquier_news/article/fauquier-feds-admit-radios-interfere-with-garage-door-openers-11-5-2019 ------------------------------ Date: Tue, 12 Nov 2019 00:56:05 +0800 From: Dan Jacobson <jidanni () jidanni org> Subject: Automatic bug tracker issue closers (stalebot) Yeah I told 'em. https://github.com/probot/stale/issues/247#issuecomment-552521764 "Sure, for you young whippersnappers, closing issues automatically is only natural. But for older users who are in and out of the hospital (for longer periods than stalebot default settings), when they return to their desks to find their issues all automatically closed, it sends just one message: Don't bother with the project (that uses stalebot.)" ------------------------------ Date: Tue, 5 Nov 2019 11:34:52 -1000 From: geoff goodfellow <geoff () iconia com> Subject: Robinhood Markets -- rob the poor to feed the rich? (Bloomberg) EXCERPT: A glitch in the Robinhood Markets Inc. <https://www.bloomberg.com/quote/1278015D:US> system is allowing users to trade stocks with excess borrowed funds, giving them access to what amounts to free money. Dubbed the `infinite money cheat code' by users of Reddit Inc.'s WallStreetBets forum, the bug is being exploited, according to users on the forum. One trader bragged <https://www.reddit.com/r/wallstreetbets/> about a $1 million position funded by a $4,000 deposit. https://www.reddit.com/r/wallstreetbets/comments/drt5tr/guh_of_fame_2019/ Robinhood is ``aware of the isolated situations and communicating directly with customers,'' spokesperson Lavinia Chirico said in an email response to questions. The Menlo Park, California-based money-management software designer touts trading ``free from commission fees.'' Robinhood Gold customers are invited to ``supercharge'' their investing by paying $5 a month to trade on margin, or money borrowed from the company. A Guy on Reddit Turns $766 Into $107,758 on Two Options Trades <https://www.bloomberg.com/news/articles/2019-10-17/a-guy-on-reddit-turns-766-into-107-758-on-two-options-trades> Here's how the trade works. Users of Robinhood Gold are selling covered calls using money borrowed from Robinhood. Nothing wrong with that. The problem arises when Robinhood incorrectly adds the value of those calls to the user's own capital. And that means that the more money a user borrows, the more money Robinhood will lend them for future trading. ... https://www.bloomberg.com/news/articles/2019-11-05/robinhood-has-a-glitch-that-gives-traders-infinite-leverage ------------------------------ Date: Mon, 4 Nov 2019 03:17:40 -0600 From: Monty Solomon <monty () roscom com> Subject: Apps track students from the classroom to bathroom, and parents are struggling to keep up (WashPost) A digital hallpass app that tracks bathroom trips is the latest school software to raise privacy concerns. https://www.washingtonpost.com/technology/2019/10/29/school-apps-track-students-classroom-bathroom-parents-are-struggling-keep-up/ ------------------------------ Date: Sun, 20 Oct 2019 16:11:15 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: At an Outback Steakhouse Franchise, Surveillance Blooms (WiReD) Fried onion meets 1984. As casual dining chains have declined in popularity, many have experimented with surveillance technology designed to maximize employee efficiency and performance. Earlier this week, one Outback Steakhouse franchise announced it would begin testing such a tool, a computer vision program called Presto Vision, at a single outpost in the Portland, Oregon area. Your Bloomin' Onion now comes with a side of Big Brother. https://www.eater.com/2017/10/3/16360878/decline-applebees-olive-garden-tgi-fridays https://www.wired.com/story/guide-artificial-intelligence/ https://www.wired.com/story/outback-steakhouse-presto-vision-surveillance/ ------------------------------ Date: Tue, 5 Nov 2019 15:17:42 -0500 From: Gabe Goldberg <gabe () gabegold com> Subject: Researchers hack Siri, Alexa, and Google Home by shining lasers at them (Ars Technica) MEMS mics respond to light as if it were sound. No one knows precisely why. https://arstechnica.com/information-technology/2019/11/researchers-hack-siri-alexa-and-google-home-by-shining-lasers-at-them/ ------------------------------ Date: Thu, 31 Oct 2019 14:23:00 -1000 From: geoff goodfellow <geoff () iconia com> Subject: Insanely humanlike androids have entered the workplace and soon may take your job (CNBC) * Russian start-up Promobot recently unveiled what it calls the world's first android that looks just like a real person and can serve in a business capacity. * Robo-C can be made to look like anyone, so it's like an android clone. * It comes with an artificial intelligence system that has more than 100,000 speech modules. * It can perform workplace tasks, such as answering customer questions at offices, airports, banks and museums, while accepting payments. * Hiroshi Ishiguro and his Japanese collaborators have created a number of androids that look like humans, including one called Erica, a newscaster on Japanese TV. EXCERPT: November 2019 is a landmark month in the history of the future. That's when humanoid robots that are indistinguishable from people start running amok in Los Angeles. Well, at least they do in the seminal sci-fi film `Blade Runner'. Thirty-seven years after its release, we don't have murderous androids running around. But we do have androids like Hanson Robotics' Sophia and they could soon start working in jobs traditionally performed by people. <https://www.cnbc.com/2017/12/05/hanson-robotics-ceo-sophia-the-robot-an-advocate-for-womens-rights.html>, Russian start-up Promobot recently unveiled what it calls the world's first autonomous android. It closely resembles a real person and can serve in a business capacity. Robo-C can be made to look like anyone, so it's like an android clone. It comes with an artificial intelligence system that has more than 100,000 speech modules, according to the company. It can operate at home, acting as a companion robot and reading out the news or managing smart appliances -- basically, an anthropomorphic smart speaker. It can also perform workplace tasks such as answering customer questions in places like offices, airports, banks and museums, while accepting payments and performing other functions. *Digital immortality?* `We analyzed the needs of our customers, and there was a demand,'' says Promobot co-founder and development director Oleg Kivokurtsev. `But, of course, we started the development of an anthropomorphic robot a long time ago, since in robotics there is the concept of the `Uncanny Valley,' and the most positive perception of the robot arises when it looks like a person. Now we have more than 10 orders from companies and private clients from around the world.'' Postulated by Japanese roboticist Masahiro Mori in 1970, the Uncanny Valley <https://en.wikipedia.org/wiki/Uncanny_valley> is a hypothesis related to the design of robots. It holds that the more humanlike a robot appears, the more people will notice its flaws. This can create a feeling akin to looking at zombies, and can creep people out. A properly designed android that's as faithful as possible to the human original, however, can overcome this `valley'' (a dip when the effect is imagined as a graph) and the zombie factor. While it can't walk around, Robo-C has 18 moving parts in its face, giving it 36 degrees of freedom. The company says it has over 600 micro facial expressions, the most on the market. It also has three degrees of freedom in its neck and torso, offering limited movement. Still, Promobot says it can be useful in homes and workplaces. The price of the robot is $20,000 to $50,000 depending on options and customized appearance. The company says it's building four Robo-Cs: one for a government service center, where the machine will scan passports and perform other functions, one that will look like Einstein and be part of a robot exhibition, and two for a family in the Middle East that wants to have android versions of its father and his wife to greet guests. ``The key moment in development [of Robo-C] is the digitization of personality and the creation of an individual appearance, As a result, digital immortality, which we can offer our customers.'' (Kivokurtsev) *The robotic revolution in Japan*... https://www.cnbc.com/2019/10/31/human-like-androids-have-entered-the-workplace-and-may-take-your-job.html ------------------------------ Date: Wed, 23 Oct 2019 00:07:22 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: HireVue's AI face-scanning algorithm increasingly decides whether you deserve the job (Wash Post) The AI, he said, doesn't explain its decisions or give candidates their assessment scores, which he called `not relevant.'' But it is `not logical,'' he said, to assume some people might be unfairly eliminated by the automated judge. https://www.washingtonpost.com/technology/2019/10/22/ai-hiring-face-scanning-algorithm-increasingly-decides-whether-you-deserve-job/ ------------------------------ Date: Sat, 26 Oct 2019 10:26:09 -1000 From: geoff goodfellow <geoff () iconia com> Subject: Screen time is actually good for kids! (Oxford) *Contrary to what you've heard, a study from the Oxford Internet Institute says screen time is actually good for kids* EXCERPT: Here's what the American Academy of Pediatrics says about screen time for kids: - children between 2 and 5 should be limited to ``one hour a day of high-quality programming'' - infants between 18 and 24 months can have screen time so long as it's high quality and with a caregiver - babies shouldn't be exposed to screens other than video chat Andrew Przybylski of the Oxford Internet Institute thinks that's way off base. In a controversial new study published in the Journal of the American Academy of Child and Adolescent Psychiatry, he and colleagues don't just swipe at the predominant thinking that kids should be exposed to as little screen time as possible -- they argue that moderate screen time is actually *good* for kids. <https://www.jaacap.org/article/S0890-8567(19)31437-6/fulltext> The study set out to test two ideas. ``The first was to test if there were `optimal' levels of screen time in young people,'' Przybylski said via email. ``The second was to look for a critical value, or tipping point, at which screen engagement was significantly related to well-being outcomes.'' Przybylski, along with his colleagues, found ``modest positive relations'' when kids used devices and/or watched television for up to two hours a day. Contrary to medical recommendations, the team reported that kids would need to be using screens ``for more than five hours a day'' before parents would notice any differences. The study's findings are based on data from more than 35,000 American children and caregivers and reported by the National Survey of Children's Health via the US Census Bureau between June 2016 and February 2017. Przybylski says his analysis suggests that children who are using a digital device -- a television, video game console <https://www.technologyreview.com/f/613959/video-games-dont-depress-teens-as-much-as-other-screen-time/>, tablet, laptop, smartphone, or any other gadget with a screen -- have better social and emotional skills than kids who don't use this technology. The research overturns dominant thinking about screen time, which has overwhelmingly pointed to worrisome increases in rates of depression <https://www.technologyreview.com/f/614297/teens-are-anxious-and-depressed-after-three-hours-a-day-on-social-media/> , anxiety <https://www.technologyreview.com/f/614038/josh-hawley-social-media-addictive-design-legislation-smart-act-bill/>, and suicidal tendencies... https://www.technologyreview.com/s/614619/screen-time-is-good-for-youmaybe/ ------------------------------ Date: Thu, 24 Oct 2019 07:37:39 +0800 From: Dan Jacobson <jidanni () jidanni org> Subject: Risks of posting the wrong emoji I saw this in a web discussion: "I am so sorry that I pressed the emoji by accident, I was hoping to give one like [cheery smiles] instead of [thumbs down]! but I don't know how to change it." ------------------------------ Date: Wed, 23 Oct 2019 23:07:27 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: We Have No Reason to Believe 5G Is Safe (Scientific American Blog Network) The technology is coming, but contrary to what some people say, there could be health risks https://blogs.scientificamerican.com/observations/we-have-no-reason-to-believe-5g-is-safe/ ------------------------------ Date: Fri, 1 Nov 2019 13:25:01 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: She Accidentally Uncovered a Nationwide Scam on Airbnb (VICE) Author writes: Feeling I had all the evidence I needed to prove my point to Airbnb, I emailed the company's press team a long note, asking them, among other things, how they make sure that people are accurately representing themselves on their profiles and how case managers are directed to deal with allegations of fraud. A little more than 24 hours later, a company flak responded in an emailed statement. ``Engaging in deceptive behavior such as substituting one listing for another is a violation of our Community Standards. We are suspending the listings while we investigate further.'' That was it. No one at the company ever agreed to speak on the record about the specifics of what I uncovered. Nor would anyone answer any of my questions about Airbnb's verification process. As far as what obligation it has to people who have fallen victim to a scam on Airbnb's platform, the company only said in an email that it is "here 24/7 to support with rebooking assistance, full refunds and reimbursements" in cases of fraud or misrepresentation by hosts. Maybe Airbnb couldn't get more detailed about its verification process because it doesn't have much of one at all. https://www.vice.com/en_us/article/43k7z3/nationwide-fake-host-scam-on-airbnb ------------------------------ Date: Fri, 25 Oct 2019 10:57:25 +0800 From: Richard Stein <rmstein () ieee org> Subject: Expanded testbed in Singapore for autonomous vehicles a big boost for research and developers (The Straits Times) https://www.straitstimes.com/singapore/transport/expanded-test-bed-a-big-boost-for-research-developers (behind paywall) The area in Singapore authorized for silicon-based self-driving trial deployment is under-populated. A carbon-based safety-driver is required equipment. Before wide-spread deployment is authorized in Singapore (or anywhere), it is strongly recommended that the self-driving manufacturer's board of directors, CxOs, employees, and their families be exclusive passengers for a 1 year trial under normal traffic conditions. Technology dog-fooding never harms anyone, right? If trial participation does not materialize and persist, self-driving vehicle product viability and industry will sink. If nothing untoward arises per established metrics during the trial, then public confidence will justifiably build for the current self-driving product release version. ------------------------------ Date: Fri, 1 Nov 2019 15:49:29 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Coalfire CEO statement Westminster, COl, 29 Oct 2019 -- The ongoing situation in Iowa is completely ridiculous, and I hope that the citizens of Iowa continue to push for justice and common sense. Today, we found out that charges against Justin Wynn and Gary DeMercurio, the two Coalfire employees at the center of the Dallas County Courthouse incident on September 11, 2019, have been reduced from felony accusations of Burglary in the third-degree and possession of burglary tools to criminal trespass. I do not consider this a `win; for our employees, and Coalfire will continue to support and aggressively pursue all avenues to ensure that all charges are dropped and their criminal records are purged of any wrongdoing. After the Iowa Supreme Court Chief Justice apologized and admitted mistakes were made, I was expecting all charges to be dropped. As seen in the statement of work that was made public online, our employees were simply doing the job that Coalfire was hired to do for the Iowa State Judicial Branch, a job similar in nature to one we did three years ago for the Iowa State Judicial Branch and have done hundreds of times around the world for similar clients. Active penetration testing, including physical penetration testing, is a best practice and a common engagement. We identify issues and risks before criminals find them. Oftentimes the risks are systems issues, sometimes the risks are as simple as finding a broken door that would allow a person with malicious intent to enter a secure area unnoticed. Our mission is to help our clients secure their environments and protect the people that work for them, their customers, and the confidential information they maintain. In this case, we were helping to protect the residents of Iowa. https://www.coalfire.com/News-and-Events/Press-Releases/Coalfire-CEO-Tom-McAndrew-statement [So much backstory we'll likely never learn. Long and fascinating.] ------------------------------ Date: Fri, 1 Nov 2019 17:13:27 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Cirrus' $2 Million Vision Jet Now Lands Itself, No Pilot Needed (WiReD) The Safe Return Emergency Autoland System lets passengers hit a big red button to bring the plane to safety if the pilot's incapacitated. https://www.wired.com/story/cirrus-garmin-vision-jet-autoland-safe-return/ ------------------------------ Date: Sun, 3 Nov 2019 09:20:35 -0500 From: Monty Solomon <monty () roscom com> Subject: These Machines Can Put You in Jail. Don't Trust Them. (NYTimes) https://www.nytimes.com/2019/11/03/business/drunk-driving-breathalyzer.html Alcohol breath tests, a linchpin of the criminal justice system, are often unreliable, a Times investigation found. 5 Reasons to Question Breath Tests https://www.nytimes.com/2019/11/03/business/breathalyzer-investigation-takeaways.html Technology at the heart of drunken-driving cases across the country has been successfully challenged, with tens of thousands of tests thrown out. ------------------------------ Date: Fri, 8 Nov 2019 11:18:25 -0500 From: Gabe Goldberg <gabe () gabegold com> Subject: Trolling Is Now Mainstream Political Discourse (WiReD) We have entered an era where silence is not golden, and our participation is beholden to technology platforms. It's a rigged game we cannot win. Which means that American voters have but one way out: taking action in 2020. https://www.wired.com/story/opinion-trolling-is-now-mainstream-political-discourse/ ------------------------------ Date: Sun, 20 Oct 2019 16:30:04 -0400 From: Monty Solomon <monty () roscom com> Subject: Video giant Twitch pushes Trump rallies and mass violence into the live-stream age (WashPost) Video giant Twitch pushes Trump rallies and mass violence into the live-stream age Tens of millions of viewers have watched video streamed on Twitch this year. But the site's exploding fan base has attracted those seeking to sow discord and spotlight mass violence. https://www.washingtonpost.com/technology/2019/10/17/video-giant-twitch-pushes-trump-rallies-mass-violence-into-live-stream-age/ ------------------------------ Date: Fri, 8 Nov 2019 11:34:54 -0500 From: Gabe Goldberg <gabe () gabegold com> Subject: Text messages delayed from February were mysteriously sent overnight IThe Verge) It's happening to people across all major US carriers Something strange is happening with text messages in the US right now. Overnight, a multitude of people received text messages that appear to have originally been sent on or around Valentine's Day 2019. These people never received the text messages in the first place; the people who sent the messages had no idea that they had never been received, and they did nothing to attempt to resend them overnight. https://www.theverge.com/platform/amp/2019/11/7/20953422/text-messages-delayed-received-overnight-valentines-day-delay ------------------------------ Date: Fri, 8 Nov 2019 11:36:20 -0500 From: Gabe Goldberg <gabe () gabegold com> Subject: Netflix to stop supporting older devices from Samsung, Roku, and Vizio in December (The Verge) https://www.theverge.com/2019/11/8/20955155/netflix-samsung-vizio-smart-tv-roku-set-top-box-support-ending-date The risk? "Progress". ------------------------------ Date: Fri, 8 Nov 2019 22:17:48 -0500 From: Gabe Goldberg <gabe () gabegold com> Subject: Members of violent white supremacist website exposed in massive data dump (Ars Technica) https://arstechnica.com/information-technology/2019/11/massive-data-dump-exposes-members-of-website-for-violent-white-supremacists/ Comments are mixed between cheering and advocating privacy for all ... ------------------------------ Date: Tue, 22 Oct 2019 20:43:09 +0800 From: Dan Jacobson <jidanni () jidanni org> Subject: Re: Mountain village begs tourists not to follow Google Maps and get stuck (CNN via Reisert, RISKS-31.46)
launched an appeal to visitors, telling them not to rely on Google Maps
In my mountain village if Google can't deal with house number "1-6" it sends the user to house number 1. If Google doesn't know where an address is on a road, it sends the user to the mid-point of the road (kilometer 1.23 of a 2.46 km. long road.) If 488 Main St. in Town A is closer than 488 Main St. in Town B, that is where it will send you despite you entering the latter... The only thing that still hasn't screwed up yet here in Taiwan with Google is good old fashioned latitude,longitude pairs. So I had to take all the addresses off my website, just because people kept inserting them into Google, and ending up over the hills and far away. And because nobody at Google is ever home, I don't have to worry about them disputing my above claims. ------------------------------ Date: Mon, 14 Jan 2019 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00 Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 31.47 ************************
Current thread:
- Risks Digest 31.47 RISKS List Owner (Nov 12)