RISKS Forum mailing list archives
Risks Digest 33.38
From: RISKS List Owner <risko () csl sri com>
Date: Fri, 12 Aug 2022 21:04:04 PDT
RISKS-LIST: Risks-Forum Digest Friday 12 August 2022 Volume 33 : Issue 38 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/33.38> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Tesla faces new probes into motorbike deaths, false advertising (Ars Technica) One of 5G's Biggest Features Is a Security Minefield (WiReD) Cisco Confirms It's Been Hacked by Yanluowang Ransomware Gang (The Hacker News) The Hacking of Starlink Terminals Has Begun (WiReD) A bug lurking for 12 years gives attackers root on every major Linux distro (Ars Technica) Coinbase reports 63% drop in revenues in second quarter (NYTimes) Rainwater everywhere on Earth unsafe to drink due to *forever chemicals*, study finds (Euronews) A Sydney high school banned mobile phones. It had dramatic results (Sydney Morning Herald) Math error overturns 100-year-old understanding of color perception (Phys) Sloppy Use of Machine Learning Is Causing a Reproducibility Crisis in Science (WiReD) MoFi has been using digital all along, a scandal in the audio community (WashPost) FEC approves Google's horrible political spam filter bypass plan (Lauren Weinstein) MoFi has been using digital all along, a scandal in the audio community (WashPost) Cryptocurrencies and the US Government Are Headed for a Decisive Showdown (WiReD) U.S. sanctions Tornado Cash and crypto shrieks in horro (Attack of the 50-Foot Blockchain) Just use voice calls or in person for sensitive communications (Lauren Weinstein) What about Signal or Whatsapp, etc. vs. voice callsignal or Whatsapp, etc. vs. voice calls privacy/security? (Lauren Weinstein) New Data Suggests Our Fundamental Model of the Universe Is Wrong, And Scientists Are Racing to Solve It (dnyuz) Re: "Dr. Birx ADMITS She 'Knew' COVID-19 Vaccines 'Were Not Going to Protect Against Infection' (Steve Lamont) Re: Bad Batches (Judith Hemenway) Danger: Metaverse Ahead! (Rob Slade) Amazon vacuums up more data and money with Roomba? (Lauren Weinstein) Re: Tech giants, including Meta, Google, and Amazon, want to put an end to leap-seconds (David E. Ross) Re: Who is at fault when medical software gets it wrong? (Gabe Goldberg) Re: Robotic Surgery (Gabe Goldberg) Re: Clipping wires to upgrade (Lindsay Marshall) Re: Book Review: America's Biggest Lottery Scam by Bob Sand (Mark Brader) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 8 Aug 2022 14:45:58 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Tesla faces new probes into motorbike deaths, false advertising (Ars Technica) NHTSA is investigating bike deaths as California says Tesla statements are "untrue." The first fatal crash occurred in the early hours of July 7 in Riverside, California, when a Tesla Model Y on State Route 91 hit a motorcycle from behind, killing its rider. The second fatal motorcycle crash occurred on July 24, again at night, this time on I-15 outside Draper, Utah. In that case, a Tesla Model 3 was driving behind a motorcycle and hit it, killing the rider. ------------------------------ Date: Thu, 11 Aug 2022 01:38:32 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: One of 5G's Biggest Features Is a Security Minefield (WiReD) New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data. https://www.wired.com/story/5g-api-flaws ------------------------------ Date: Thu, 11 Aug 2022 10:20:56 -0700 From: geoff goodfellow <geoff () iconia com> Subject: Cisco Confirms It's Been Hacked by Yanluowang Ransomware Gang (The Hacker News) Networking equipment major Cisco on Wednesday confirmed it was the victim of a cyberattack on May 24, 2022 after the attackers got hold of an employee's personal Google account that contained passwords synced from their web browser. "Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee's personal Google account," Cisco Talos said in a detailed write-up. "The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account." <https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html> The disclosure comes as cybercriminal actors associated with the Yanluowang ransomware gang published a list of files from the breach to their data leak site on August 10. <https://twitter.com/Cyberknow20/status/1557419082210676736> The exfiltrated information, according to Talos, included the contents of a Box cloud storage folder that was associated with the compromised employee's account and is not believed to have included any valuable data. Besides the credential theft, there was also an additional element of phishing wherein the adversary resorted to methods like *vishing* (aka voice phishing) and multi-factor authentication (MFA) fatigue to trick the victim into providing access to the VPN client. [...] https://thehackernews.com/2022/08/cisco-confirms-its-been-hacked-by.html ------------------------------ Date: Thu, 11 Aug 2022 10:23:00 -0700 From: geoff goodfellow <geoff () iconia com> Subject: The Hacking of Starlink Terminals Has Begun (WiReD) It cost a researcher only $25 worth of parts to create a tool that allows custom code to run on the satellite dishes. https://www.wired.com/story/starlink-internet-dish-hack/ ------------------------------ Date: Wed, 26 Jan 2022 11:08:40 PST From: Peter Neumann <neumann () csl sri com> Subject: A bug lurking for 12 years gives attackers root on every major Linux distro (Ars Technica) [oops. i forwarded this to a colleague and lost the author from another list. PGN] https://arstechnica.com/information-technology/2022/01/a-bug-lurking-for-12-years-gives-attackers-root-on-every-major-linux-distro/ This highlights a problem with running old versions of OSes that aren't getting software updates. (Ubuntu Advantage has patches for this in 14.04 and 16.04, but only if you're in the program. It looks like they aren't supporting 12.04 (which is still within 5 yrs of end of security patches, so I expected them to) This was more interesting to me... https://thehackernews.com/2022/01/chinese-hackers-spotted-using-new-uefi.html ------------------------------ Date: Wed, 10 Aug 2022 19:23:03 PDT From: Peter Neumann <neumann () csl sri com> Subject: Coinbase reports 63% drop in revenues in second quarter (NYTimes) David Yaffe-Bellany, *The New York Times" Business, 10 Aug 2022 ... and $2.2 billion down from a year ago. ------------------------------ Date: Tue, 9 Aug 2022 10:51:32 -0700 From: geoff goodfellow <geoff () iconia com> Subject: Rainwater everywhere on Earth unsafe to drink due to *forever chemicals*, study finds (EuroNews) [Another ALMOST EVERYTHING IS INTERCONNECTED example.] Per- and poly-fluoroalkyl substances (PFAS) are a large family of human-made chemicals that don't occur in nature. They have non-stick or stain repellent properties so can be found in household items like food packaging, electronics, cosmetics and cookware. But now researchers at the University of Stockholm have found them in rainwater in most locations on the planet -- including Antarctica. There is no safe space to escape them. https://www.euronews.com/green/2022/08/04/rainwater-everywhere-on-earth-unsafe-to-drink-due-to-forever-chemicals-study-finds ------------------------------ Date: Sun, 7 Aug 2022 16:57:58 -0600 From: Jim Reisert AD1C <jjreisert () alum mit edu> Subject: A Sydney high school banned mobile phones. It had dramatic results (Sydney Morning Herald) Andrew Taylor, *Sydney Morning Herald*, 7 Aug 2022 A Sydney high school has seen a dramatic decrease in behavioural issues and a boost in physical activity and students talking to each other just two months after it tightened restrictions on mobile phone usage. Davidson High School principal David Rule said there had been significant changes since students in years 7 to 10 were banned from using mobile phones at school. "Classrooms have effectively become phone-free and this has allowed staff to focus on educating students," he said in a school newsletter. "Finally, in eight weeks of the policy, there has been a 90 per cent reduction in behavioural issues related to phones in the school." The high school in Frenchs Forest requires students to put phones in a pouch that, once closed, cannot be reopened without breaking a lock. https://www.smh.com.au/national/nsw/a-sydney-high-school-banned-mobile-phones-it-had-dramatic-results-20220803-p5b6zf.html ------------------------------ Date: Thu, 11 Aug 2022 20:48:54 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Math error overturns 100-year-old understanding of color perception (Phys) https://phys.org/news/2022-08-math-error-overturns-year-old-perception.html ------------------------------ Date: Thu, 11 Aug 2022 08:49:51 -0400 From: =?iso-8859-1?Q?Jos=E9_Mar=EDa?= Mateos <chema () rinzewind org> Subject: Sloppy Use of Machine Learning Is Causing a Reproducibility Crisis9 in Science (WiReD) https://www.wired.com/story/machine-learning-reproducibility-crisis/ From the article (one of the examples):
History shows civil wars to be among the messiest, most horrifying of human affairs. So Princeton professor Arvind Narayanan and his PhD student Sayash Kapoor got suspicious last year when they discovered a strand of political science research claiming to predict when a civil war will break out with more than 90 percent accuracy, thanks to artificial intelligence.A series of papers described astonishing results from using machinelearning, the technique beloved by tech giants that underpins modern AI. Applying it to data such as a country’s gross domestic product and unemployment rate was said to beat more conventional statistical methods at predicting the outbreak of civil war by almost 20 percentage points.
Yet when the Princeton researchers looked more closely, many of the results turned out to be a mirage. Machine learning involves feeding an algorithm data from the past that tunes it to operate on future, unseen data. But in several papers, researchers failed to properly separate the pools of data used to train and test their code’s performance, a mistake termed *data leakage* that results in a system being tested with data it has seen before, like a student taking a test after being provided the answers.
A bit of self-promotion: I co-wrote a review detailing the most common ways machine learning is misused in the field of neuroscience. (https://www.sciencedirect.com/science/article/pii/S2213158218302602) With the advent of "click-here-and-you-are-done" systems, I wouldn't expect this to be different in any other field (except in the ML research itself.) ------------------------------ Date: Sun, 7 Aug 2022 15:38:15 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: MoFi has been using digital all along, a scandal in the audio community (WashPost) MoFi claimed its expensive reissues were purely analog reproductions. It had been deceiving its customer base for years. Mike Esposito still won't say who gave him the tip about the records. But on July 14, he went public with an explosive claim. In a sometimes halting video posted to the YouTube channel of his Phoenix record shop, the 'In' Groove, Esposito said that "pretty reliable sources" told him that MoFi (Mobile Fidelity), the Sebastopol, Calif., company that has prided itself on using original master tapes for its pricey reissues, had actually been using digital files in its production chain. In the world of audiophiles — where provenance is everything and the quest is to get as close to the sound of an album’s original recording as possible — digital is considered almost unholy. And using digital while claiming not to is the gravest sin a manufacturer can commit. https://www.washingtonpost.com/music/2022/08/05/mofi-records-analog-digital-scandal/ ------------------------------ Date: Thu, 11 Aug 2022 12:02:43 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: FEC approves Google's horrible political spam filter bypass plan (Lauren Weinstein) The Federal Election Commission officially has now approved the horrible Google plan for political mail to bypass Gmail spam filters by default. Please see: "How to Fix Google's Gmail Political Spam Bypass Plan": https://lauren.vortex.com/2022/08/03/how-to-fix-googles-gmail-political-spam-bypass-plan ------------------------------ Date: Sun, 7 Aug 2022 15:38:15 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: MoFi has been using digital all along, a scandal in the audio community (WashPost) MoFi claimed its expensive reissues were purely analog reproductions. It had been deceiving its customer base for years. Mike Esposito still won't say who gave him the tip about the records. But on July 14, he went public with an explosive claim. In a sometimes halting video posted to the YouTube channel of his Phoenix record shop, the 'In' Groove, Esposito said that "pretty reliable sources" told him that MoFi (Mobile Fidelity), the Sebastopol, Calif., company that has prided itself on using original master tapes for its pricey reissues, had actually been using digital files in its production chain. In the world of audiophiles — where provenance is everything and the quest is to get as close to the sound of an album’s original recording as possible — digital is considered almost unholy. And using digital while claiming not to is the gravest sin a manufacturer can commit. https://www.washingtonpost.com/music/2022/08/05/mofi-records-analog-digital-scandal/ ------------------------------ Date: Tue, 9 Aug 2022 00:33:33 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Cryptocurrencies and the US Government Are Headed for a Decisive Showdown (WiReD) A crop of lawsuits could finally settle the question of whether most digital assets are illegal securities offerings. https://www.wired.com/story/crypto-web3-securities-ripple-sec-lawsuits ------------------------------ Date: Tue, 9 Aug 2022 18:43:33 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: U.S. sanctions Tornado Cash and crypto shrieks in horro (Attack of the 50-Foot Blockchain) Transactions on the Ethereum blockchain are completely traceable. Any transaction anyone ever made on Ethereum can be traced, all the way back to the launch of the project in 2015. Transactions are pseudonymous â but many users have been identified after the fact. Tornado Cash is a mixer â an Ethereum smart contract program that you can use to break the traceability of transactions on Ethereum. This is for privacy. Tornado Cash accepts deposits of ether (the currency on Ethereum) from one address and enables you to withdraw the ether from a different address. The smart contract works as a pool that mixes all deposits, using zero-knowledge proofs. If the ether is proceeds from a crime, then this is literally just money laundering. Tornado Cash was also used heavily by North Koreaâs Lazarus Group to launder stolen ether and help the country get hard currency. In what should come as no surprise to anyone whatsoever, Tornado Cash has been sanctioned by the US Office of Foreign Asset Control. https://davidgerard.co.uk/blockchain/2022/08/09/us-sanctions-tornado-cash-and-crypto-shrieks-in-horror/ ------------------------------ Date: Tue, 9 Aug 2022 15:25:10 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Just use voice calls or in person for sensitive communications Free Advice: Don't discuss ANYTHING on social media that you wouldn't want released to anyone outside of the person with whom you're communicating. In person is best, conventional voice phone calls are usually OK. Don't email, don't text, don't use Facebook, etc. for this. -L ------------------------------ Date: Tue, 9 Aug 2022 16:44:01 -0700 about Signal or Whatsapp, etc. vs. voice From: Lauren Weinstein <lauren () vortex com> Subject: What about Signal or Whatsapp, etc. vs. voice callsignal or Whatsapp, etc. vs. voice calls privacy/security? Since I'm already getting queries about this, let me put it this way. What about Signal or Whatsapp, etc. vs. voice calls privacy/security? discussions to stay truly private need to be as ephemeral as possible. Since I'm already getting queries about this, let me put it this way. With the demise of Roe, we have entered a new era. My view is that to stay truly private discussions need to be as ephemeral as possible. Many communications don't need that level of privacy. For them, use whatever you feel comfortable with. But voice calls through conventional carriers are still pretty much the most ephemeral of communications compared with everything else. Yes, voice calls could be recorded. Yes,r they're just data. But the laws regarding wiretaps are significantly stronger (and much older) compared with how more "modern" communications are handled. While an anti-abortion state might get a search warrant for emails, texts, posts, even entire phones, they are unlikely to get a search warrant for past phone calls -- since those usually will not exist as they are not routinely recorded en masse. Obviously once a wiretap order is placed by a court, that changes. But by and large, the most ephemeral communications still are, in my opinion, ordinary voice phone calls through the conventional carriers. And again, that is just my opinion. ------------------------------ Date: Mon, 8 Aug 2022 09:55:36 -0700 From: geoff goodfellow <geoff () iconia com> Subject: New Data Suggests Our Fundamental Model of the Universe Is Wrong, And Scientists Are Racing to Solve It (dnyuz) We live in a strange universe filled with unexplained phenomena that have perplexed humans since time immemorial. Scientists have pieced together a rough guide to the cosmos -- known as the Lambda cold dark matter model, or more simply, the standard model of cosmology -- but many mysteries don't seem to fit into this otherwise well-corroborated framework, especially as our view of space has gotten ever more precise in recent years. Scientists are now especially preoccupied with intractable tensions that have emerged from different measurements of two cosmic properties: The rate at which our universe is expanding, known as the Hubble constant (Ho), and a value called sigma-8, which describes variations in how matter clumps together across large cosmic scales. Efforts to measure these properties in space have puzzlingly returned different values. When the Hubble constant is measured based on observations of brilliant stars that act as yardsticks in space, its speed is clocked as about 50,400 miles per hour per million light years. However, when it is measured using the cosmic microwave background (CMB), the oldest light in the universe, it is 46,200 miles per hour per million light years. Meanwhile, the value of sigma-8 is different when measured using the CMB, compared to other observational techniques. What this means, essentially, is that there may be a potentially serious flaw in our basic understanding of the universe and the fabric of reality. In response, scientists around the world are now trying to resolve these tensions. [...] https://dnyuz.com/2022/08/08/new-data-suggests-our-fundamental-model-of-the-universe-is-wrong-and-scientists-are-racing-to-solve-it/ ------------------------------ Date: Fri, 12 Aug:34:09 -0700 From: Rob Slade <rslade () gmail com> Subject: Danger: Metaverse Ahead! No, I'm not talking about the latest excuse for plot contortions in the Marvel studios movie franchises. We are being told to prepare for the Metaverse. We are being told that the Metaverse is coming. Facebook, indeed, has changed its name to Meta, the better to cash in on the Metaverse. Whenever it arrives. Or to create it, and sell it to us. What is the Metaverse? Well, it seems to be a sort of virtual reality interface to, well, who knows? Social media in general? A social media platform, in the same mode as Facebook? But with avatars? (Instead of faces?) (Today I saw an article about an artificial intelligence program to turn your image, into an avatar, that looks something, not completely dissimilar to, but not really like, you.) It's all very meta. We are already being sold the Metaverse. Perhaps not quite for cold hard cash, quite yet, but we are being prepared for heavy duty sales pitches as soon as somebody comes up with an acceptable platform. (Maybe that will be a bit of protection for us. None of the existing social media giants, or indeed technical giants, want somebody else to be the Metaverse. As long as they are fighting about it, we are safe from it. Well, relatively safe. I'm sure they'll still try to sell us little bits of it.) Why should you be concerned? Well let me start off with a different question: why would you need it? As analyst, pundit, and social commentator Neil Postman has said, what is the problem to which this technology is the solution? But, all right. Let me address the question of why you should be concerned. They are going to sell you the Metaverse. Or, they are going to sell you little bits of it. They are already starting to sell Metaverse "real estate." Even the phrase "Metaverse real estate" is misleading. Metaverse real estate is completely unreal. In the real world real estate has real value because it's real. And because you need it. To have a place to live, or a place to work, or a place to build a factory, or a place to build roads to get goods from one factory to another, or from a factory to the homes. As Mark Twain famously said, buy land, they are not making any more. (Well, except for the Dutch, of course.) Metaverse real estate isn't real. When they want to sell you more Metaverse real estate, they just make it. And it's easy to make. Because it's not real. It's all just ones and zeros. They are selling you nothing. Speaking of selling you nothing, the Metaverse will probably be using cryptocurrencies. And NFTs. And using decentralized finance (or defi, for short). Remember cryptocurrencies? That system where you pay in real money, to buy cryptocurrency, with no inherent value of its own, because the people who have created the cryptocurrency are telling you that many people will want to buy cryptocurrency, and you will be able to get real money out of the system, because of the new people, who come in after you, and pay real money, to buy cryptocurrencies with no inherent value. Your return, and the inflation on your investment, depends upon the new people who come in after you and pay real money to buy in. You will be paid from the money that they deposit. Didn't someone named Charles Ponzi invent something similar a while back? Metaverse real estate is not the only unreal thing that the vendors of the Metaverse will want you to pay real money for. If you want a house on the unreal real estate, they will sell you an unreal house. If you want artworks in your unreal house they will sell you unreal artworks (at unreal prices). (But charge you real money.) The vendors will sell you entertainments. These entertainments will be popular. Even if you are the only one attending. It's easy to create a whole bunch of avatars, filling a theater, and creating a whole bunch of applause. Pre-recorded applause. The vendors will sell you games. The vendors will sell you opportunities to interact with your friends. The same friends that you can interact with now for free. Or possibly new friends. Who may or may not be real. The vendors may sell you opportunities to work, and therefore make money. It'll probably be in cryptocurrency, but they'll probably sell you the opportunity to convert it to real money as well. (For a reasonable fee.) The opportunities to work will probably be real. You will probably have real clients or real employers, so that they can pay you the real money. But they'll charge a reasonable fee for the opportunity to get that work. Of course, "reasonable" will be defined by the vendors. It may be that, in the Metaverse, you need to make life bearable, or more enjoyable. What's a thneed? I have no idea. I'm borrowing Dr Seuss's term. But I'm sure that the vendors of the Metaverse will find one, or make one, or imagine one, and convince everybody that they need one. Still don't think that there are dangers in the Metaverse? ------------------------------ Date: Mon, 8 Aug 2022 14:09:22 -0700 From: Lauren Weinstein <lauren () vortex com> Subject: Amazon vacuums up more data and money with Roomba? [PGN retitled] Amazon bought the company that makes the Roomba. Antitrust researchers and data-privacy experts say it's 'the most dangerous, threatening acquisition in the company's history'. https://www.businessinsider.com/amazon-roomba-vacuums-most-dangerous-threatening-acquisition-in-company-history-2022-8 [Also noted by Gabe Goldberg. PGN] ------------------------------ Date: Sun, 07 Aug 2022 20:16:00 -0700 From: Steve Lamont <spl () tirebiter org> Subject: Re: "Dr. Birx ADMITS She 'Knew' COVID-19 Vaccines 'Were Not Going to Protect Against Infection' (RISKS-33.35) In re: "How bad is my batch" http://howbadismybatch.info/ Reading to the bottom is always useful. To wit: Data Source USA Data : All data is sourced from VAERS, a public database of over 700,000 adverse reaction reports for Moderna, Pfizer and Janssen Covid 19 vaccines in the USA. Foreign Data : VAERS database now also includes data for Moderna, Pfizer and Janssen Covid 19 vaccines in countries outside of the USA. This data can be found here - Vaccine Adverse Event Reporting System (VAERS) - the last table listed. This non-domestic data has been submitted by foreign regulatory agencies and consists of approximately 1,000,000 adverse reaction reports. [So who has the definitive data? Apparently no one? PGN] ------------------------------ Date: Fri, 12 Aug 2022 00:48:51 +0000 From: Judith Hemenway <Judith () divingturtle com> Subject: Re: Bad Batches Having an MD (and throwing a lot of numbers around) does not imply competence in research design or statistical analysis. [The founder of the website] does not appear to have factored out even the most obvious covariants, such as age. The initial batches of vaccines were restricted to healthcare workers and people aged 75 and older (remarkably, that is 5.9% of the population -- compare that with his 5% of the batches, etc.), who would have more co-morbidities, a greater chance of dying and possibly a greater tendency to react adversely to vaccines. There is nothing in the VAERS data that indicates whether the death/disability/reaction was in fact due to the vaccine – that has to be demonstrated via careful analysis. Because the batches are strongly time-dependent, the analysis must include factoring out other time-dependent covariants. For example, Moderna batch 041L20A, which has the highest ADR of all the Moderna batches, and among the highest for Deaths and Disabilities, was administered very early (I got it in January 2021, and reported my adverse reaction to VAERS in February). Another obvious time-dependent covariant is the version of the virus that was active at the time of vaccination (since the vaccines do NOT PREVENT either infection or deaths -- they simply reduce the probability, *all other things being equal*). Yet another time-dependent factor is that covid is a very different sort of infection, and there has been a long learning curve on the part of health-care providers in how best to treat it, so that the death-rate early on (with or without vaccination) was in part due to lack of appropriate/effective treatment (and again, no vaccine PREVENTS death). I do not deny that some people have severe adverse reactions to vaccines -- I am one of them. And there may indeed be some variability in batch effectiveness and reactivity potential -- but I'd be willing to bet that it is much smaller than this guy asserts. ------------------------------ Date: Sun, 7 Aug 2022 16:52:00 -0700 From: "David E. Ross" <david () rossde com> Subject: Re: Tech giants, including Meta, Google, and Amazon, want to put an end to leap-seconds (Bacher, RISKS-33.36)???? I do not understand why anyone is objecting to continued implementation of leap-seconds. Well more than a half-century ago, I worked on software that handled leap-seconds without any problems. That was before the protocol was implemented to use whole seconds. Instead, fractional leap-seconds occurred several times a year. To simplify things, the protocol was changed in 1972 to use only whole leap-seconds. Furthermore, the preferred occurrence of leap-seconds was set for either the end of 30 June or the end of 31 December, with additional opportunities -- only if really necessary -- at the end of 31 March and 30 September. The software where all this worked well was used by the U.S. Air Force to operate its constellation of earth-orbiting space satellites. To avoid timing ambiguities, the software used TAI internally. TAI is invariant, without leap-seconds. Time was kept in terms of seconds elapsed since some adjustable base instant. In some cases, time had to be resolved to the nearest millisecond. For external use, TAI was converted to UTC or vice-versa via a few very simple subroutines. If key operations required UTC, the Air Force was alerted to pending leap-seconds. No such operations were scheduled within a few minutes before or after the scheduled occurrence of a leap-second. The software system involved was operational well beyond its expected lifetime, more than 20 years. It was replaced by a new system created by system engineers, programmers, and coders who had no knowledge of leap-seconds -- until the go-to guy for issues of time and earth rotation (me) asked the simple question: "How do you handle leap-seconds?" ------------------------------ Date: Sun, 7 Aug 2022 21:28:35 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Re: Who is at fault when medical software gets it wrong? (R 33 36) I just toured training facility at Inova, huge health system in Northern Virginia. The robotic pharmacist medicines dispenser has been improved to require typing THREE (not ONE) characters to begin selecting a drug from pulldown list. I'd heard years ago from a nurse friend that it was all too easy to type a letter, get the list, and miss clicking the desired selection. At least with three characters it's a bit more reliable. Plus, when drugs are administered, they're scanned and patient is scanned to ensure it's right med for right patient. ------------------------------ Date: Sun, 7 Aug 2022 21:44:05 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Re: Robotic Surgery (Fenichel, RISKS 33.36) I had my gall bladder out almost 30 years ago. Surgeon said he'd do it laparoscopically. Surgeon friend said no matter intent and promise, he might have to open. My surgeon agreed -- but said in something like 5,000 procedures he'd never had to open. Plus, I think, he'd been involved in developing the laparoscopic procedure. I just toured training facility at Inova, huge health system in Northern Virginia, had a chance to drive Da Vinci surgical robot. Now I understand much better the advantages it has -- improved/magnified visibility of work area, flexibility working inside small incisions vs. needing larger incisions, precise motions. I' m not comparing its risks to open procedure -- just noting impressive technology. ------------------------------ Date: Tue, 9 Aug 2022 12:28:53 +0100 From: Lindsay Marshall <l.f.marshall () me com> Subject: Re: Clipping wires to upgrade I was definitely told many years ago that IBM shipped some of their machines sold as 8-bit pathways with 16-bit paths that could be upgraded by removing a jumper. Can't remember the model numbers (and it might have been 16/32 -- it was a very long time ago). ------------------------------ Date: Sun, 7 Aug 2022 19:13:29 -0400 (EDT) From: Mark Brader <msb () Vex Net> Subject: Re: Book Review: America's Biggest Lottery Scam by Bob Sand (Jones, Risks-33.37) When I attempted to buy this book or get it at the library, I learned that the actual title is "The Winning Ticket: Uncovering America's Biggest Lottery Scam", and the actual author is Rob Sand, or rather, Rob Sand with Reid Forgrave. [Read Forgave? Read-y for Grave? PGN] ------------------------------ Date: Mon, 1 Aug 2020 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 33.38 ************************
Current thread:
- Risks Digest 33.38 RISKS List Owner (Aug 12)