Voting to determine the next set of Oscar nominees began Dec. 17 and will extend through Jan. 3. On Dec. 26, I reached out to a wide cross-section of the Academy to see if they tried to vote online (an Academy spokesperson tells me that "a great majority" of members have registered to do so) and, if so, to characterize their experience. Roughly half of the members reached said they experienced problems navigating the site; more than one described it as a "disaster." They also worried that hackers could compromise the Oscar vote. http://j.mp/UBoeOz (*Hollywood Reporter* via NNSquad) [This voting system appears to be one from Everyone Counts, which has known vulnerabilities relating to Safari improperly displaying pdf, among other problems. The Hollywood Reporter claims the problems arose from an attempt that actually oversimplified in order to make the system usable for the Academy voters! Apparently dumbing down security for usability strikes again. PGN]
In 2nd Look, Few Savings From Digital Health Records Reed Abelson and Julie Creswell, *The New York Times*, 11 Jan 2013 <http://www.nytimes.com/2013/01/11/business/electronic-records-systems-have-not-reduced-health-costs-report-says.html> The conversion to electronic health records has failed so far to produce the hoped-for savings in health care costs and has had mixed results, at best, in improving efficiency and patient care, according to a new analysis by the influential RAND Corporation. Optimistic predictions by RAND in 2005 helped drive explosive growth in the electronic records industry and encouraged the federal government to give billions of dollars in financial incentives to hospitals and doctors that put the systems in place. “We've not achieved the productivity and quality benefits that are unquestionably there for the taking,'' said Dr. Arthur L. Kellermann, one of the authors of a reassessment by RAND that was published in this month's edition of Health Affairs, an academic journal. RAND's 2005 report was paid for by a group of companies, including General Electric and Cerner Corporation, that have profited by developing and selling electronic records systems to hospitals and physician practices. Cerner/s revenue has nearly tripled since the report was released, to a projected $3 billion in 2013, from $1 billion in 2005. ... Comment: Gee, Just like HAVA and voting. If you take a hard problem, and throw enough raw meat into the shark pool.... you have a bigger problem. [PGN adds: See also *The Boston Globe*] http://www.boston.com/whitecoatnotes/2013/01/11/safety-cost-electronic-health-records-not-living-some-expectations/jB9NoPWuA0RhIvhl6tsSTK/story.html
The report predicted that widespread use of electronic records could save the United States health care system at least $81 billion a year, a figure RAND now says was overstated. The study was widely praised within the technology industry and helped persuade Congress and the Obama administration to authorize billions of dollars in federal stimulus money in 2009 to help hospitals and doctors pay for the installation of electronic records systems. "RAND got a lot of attention and a lot of buzz with the original analysis," said Dr. Kellermann, who was not involved in the 2005 study. "The industry quickly embraced it." But evidence of significant savings is scant, and there is increasing concern that electronic records have actually added to costs by making it easier to bill more for some services. http://j.mp/U9JeLC (*The New York Times* via NNSquad; see the previous item. PGN)
Back on 14 Dec 2012, my e-mail disappeared. It came back on 17 Dec. What surprised me is that Cox Communications crashed a good part of its network (users in Arkansas, Connecticut, Georgia, Florida, Idaho, Iowa, Kansas, Louisiana, Massachusetts, Nebraska, Ohio, Oklahoma, Rhode Island and Virginia (that's me) were affected) and it didn't set off a media storm. Cox Customer Service was not helpful, not that I bothered to call. The support forum was carrying the usual flood of messages complaining about the lack of an explanation and the service restoration estimates that kept receding into the distance. In the end, Cox simply gave up and the message became (paraphrasing) "it will return when it returns." It didn't help when some users were told "email is a free service so why are you expecting support?" As time when on, Cox added that it was not experiencing a cyberattack, hadn't suffered a security breach and that incoming messages were being captured. On Monday, my backlog started arriving. I received a message on December 21st that all of my messages had been delivered. I also received the following explanation: Dear Cox email user, We owe you an apology for your recent experience with our residential email service. We pride ourselves on delivering your most important connections, and candidly, we recognize that did not happen. We are focused on how we can improve your trust in our service and with our company. Our hope is that we have begun to do that with this apology and explanation. On Friday, we experienced a storage platform failure in our production environment. Both our primary and back-up storage devices that support email service were affected. Dozens of engineers worked with our storage vendor and have isolated what caused the platform in our Midwest and East Coast regions to go down. Every resource was made available to restore services to all affected customers as soon as possible. The multiple components and processes that make up our email system required time to bring back online, and care to ensure that no messages were lost. This week, we began to replace the storage platform as part of our efforts to ensure this issue does not happen again. We understand that email is an important component of your Cox High Speed Internet service, and we deeply regret the impact this outage had, especially at a time when you are busy preparing for holiday celebrations with your family and friends. On behalf of the 20,000 Cox employees who proudly serve our customers, I hope you'll accept our most sincere apologies. Sincerely, Paul Cronin, Senior Vice President, Customer Experience Cox Communications" Readers on this forum with better technical chops than mine can read volumes into that message. There might even be a few readers with first-hand knowledge of the details. I wondered for a while if Cox was having the same problem AT&T went through back in 1990 where its ESS7 switches kept knocking each other off the network with spurious error/reset messages. That there was apparently a flaw common to the primary and backup storage network is also eye-opening. In checking Google during the outage, I only saw links to some local television outlets in the affected area. I didn't see any reference to the problems in the Washington Post, my local paper. I've stopped watching my local TV news or the national news programs, so I cannot assert that the word was not getting out. However, in other major net outages I usually run across some references pretty quickly and it becomes difficult to avoid information about such problems fairly quickly. That Cox avoided that fate here is what I find the most interesting aspect here. As far as I can tell, this was in the end a hiccup; things seem to be working as they were before (well, except that Cox doesn't seem to be able to determine which of their regional services I'm using when I log in to the webmail interface but that may be an artifact of my particular computer/browser setup). My messages go out and come in. I thought I'd bring it to the attention of this particular list, both to memorialize the event and to spur the deeper post-mortem I can't perform.
The Midori browser includes a revolutionary (for me at least) space saving design feature: the Stop button is changes into the Refresh button after a web page is full loaded. I.e., if you click on "stop" just as a web page fully loads, you will in fact end up clicking on the Refresh button... not only not stopping anything, but forcing even more of the transmission you intended to stop. It's like a one-pedal car where the break pedal changes into the gas pedal once the car is fully stopped... to keep you old folks on your toes.
Nathan Popper, *The New York Times*, 11 Jan 2012 Confidence-shaking technology mishaps have been an almost daily occurrence at the nation's stock exchanges in the new year The latest example came Wednesday night when the nation's third-largest stock exchange operator, BATS Global Markets, alerted its customers that a programming mistake had caused about 435,000 trades to be executed at the wrong price over the last four years, costing traders $420,000. A day earlier, the trading software used by the National Stock Exchange stopped functioning properly for nearly an hour, forcing other exchanges to divert trades around it. The New York Stock Exchange, the nation's largest exchange, has had two similar, though shorter-lived, breakdowns since Christmas and two separate problems with its data reporting system. And traders were left in the dark on Jan. 3 after the reporting system for stocks listed on the Nasdaq exchange, the second-biggest exchange, broke down for nearly 15 minutes. The stream of errors has occurred despite the spotlight on the exchanges since a programming mishap nearly derailed Facebook's initial public offering on Nasdaq last May and BATS's fumbling of its own I.P.O. two months earlier. At the end of 2012, a number of exchange executives said they were increasing efforts to reduce the problems. But market data expert Eric Hunsader said that the technology problems have become, if anything, more frequent in recent weeks. ...
There are implications that the smarter we humans can make our AI the less we may like the results. IBM's Watson Gets A 'Swear Filter' After Learning The Urban Dictionary" "In the end, Brown and his team were forced to remove the Urban Dictionary from Watson's vocabulary, and additionally developed a smart filter to keep Watson from swearing in the future." http://www.ibtimes.com/ibms-watson-gets-swear-filter-after-learning-urban-dictionary-1007734 robert schaefer, Atmospheric Sciences Group, MIT Haystack Observatory Westford MA 01886 781-981-5767 http://www.haystack.mit.edu email@example.com
Katharine Q. Seelye, *The New York Times*, 28 Dec 2012 HYANNIS, Mass. - When an editor at The Cape Cod Times was reading the newspaper last month, she thought an article about the Veterans Day parade from the day before seemed slightly off. The article, written by Karen Jeffrey, a longtime reporter, told of a Ronald Chipman, 46, and his family from Boston. The Chipmans apparently were oblivious to Veterans Day until they saw the parade. Ms. Jeffrey described the family in detail, including a scene in which the parents used their smartphones to find information about the holiday, creating a "teachable moment" for themselves and their children. Maybe it was the tidiness of the tale. Or the notion that adults were unfamiliar with Veterans Day. But the article did not ring true to the editor and she set out to find the Chipmans. She searched several databases but turned up nothing. She reported her finding to the editor in chief, Paul Pronovost. Mr. Pronovost asked the editor - whom he would not name to protect her privacy - to check other recent articles by Ms. Jeffrey. After more people in the articles could not be found, he then asked Ms. Jeffrey for help in locating the Chipmans. Ms. Jeffrey said she had thrown out her notes. "That's when the alarm bells went off," Mr. Pronovost said. He ordered a full review of her work. For three days, three editors pored over a public-records database called Accurint. They examined voter rolls and town assessor records. They checked Facebook profiles and made phone calls. And they concluded that, over the years, Ms. Jeffrey had written dozens of articles that included people who did not exist. The next day, Dec. 5, Mr. Pronovost and the publisher, Peter Meyer, wrote a front-page apology to their readers. ... http://www.nytimes.com/2012/12/29/us/cape-cod-paper-apologizes-for-reporters-misdeeds.html
http://j.mp/VJDVnK (*The Daily Caller* via NNSquad) For the last five years, those who spend their time procrastinating on Wikipedia could read up on a 17th century war between colonial Portugal and India's Maratham Empire known as the "Bicholim Conflict." The problem is that Bicholim Conflict never happened, and that the entire 4,500-word article on the war was nothing more than an elaborate joke ... It was voted a "good article" by Wikipedia's readers, and at one point was even nominated to be a "featured article" that would be prominently displayed on the site's homepage. Actually, in addition to totally faked stories that likely are scattered throughout the totality of the Wikipedia corpus, what's of even more concern is the errors and purposeful misstatements seeded in otherwise factual articles that don't receive enormous day to day attention. But hell, who would ever have expected such problems with a reference source edited by anonymous persons of unknown credentials or expertise, sporting screen names like blowboy17?
Why I only use vendor-specific gas cards at gas stations, and pay inside when things seem amiss. Paul http://www.nbcbayarea.com/investigations/One-Gas-Pump-Key-Lets-Thieves-Steal-Your-ID-177999751.html Vicky Nguyen, Julie Putnam and Jeremy Carroll, One Gas Pump Key Lets Thieves Steal Your ID, NBC Bay Area, 9 Nov 2012 The NBC Bay Area Investigative Unit has found a single master key grants access to gas pumps across the state and it s giving easy access to thieves looking to compromise Bay Area drivers credit card information. Vicky Nguyen first aired this story 8 Nov at 11 p.m. Call it the key to the kingdom. In the world of gas pumps, there is a universal key unlocking a lucrative business for identity thieves. The NBC Bay Area Investigative Unit has learned a single key opens the majority of gas station pumps across the country, making it easy for crooks to install high-tech skimming devices and resulting in hundreds of victims of credit card fraud in the South Bay. The single key was initially created to make it easier for pump inspections and maintenance, but now, copies are circulating amongst thieves. The Rapid Enforcement Allied Computer Team, a high tech task force of investigators in Silicon Valley, which partners with the Santa Clara County District Attorney's Office, is looking into hundreds of these cases across the state. The REACT Task Force has uncovered nine skimming devices in the past two months from Bay Area gas stations. Three hundred victims have been identified so far and that number continues to grow. “We are just touching the tip of the iceberg,'' REACT Task Force Director Mike Sterner told NBC Bay Area. [Long item truncated for RISKS. PGN] If you have a tip for the Investigative Unit, email us: TheUnit@nbcbayarea.com
opening text: At the end of 2012 Instagram, the online image-sharing company recently acquired by Facebook, announced new changes to their Privacy and Terms of Service policies that caused tremendous backlash from the public and from their users. http://blogs.itbusiness.ca/2012/12/examining-instagrams-tos-debacle/
http://j.mp/WPGm50 (*The Washington Post* via NNSquad) "Spare a moment for the Chinese censor, stuck between a Communist Party that demands strict control and a few million Web users who increasingly expect the ability to speak their minds online. As controversy over a censored newspaper grows into one of China's biggest and potentially most significant free-speech fights in years, party officials are likely seeking greater control at exactly the moment that outraged Web users are making that task most difficult. At least one censor on Weibo, the popular Twitter-like service that often serves as the closest China has to a public national conversation, seems to have snapped."
“A portion of Atlanta's airport, including MARTA rail service, was interrupted for more than half an hour Friday morning because of a toothbrush. Airport officials told Channel 2 Action News that an electric toothbrush began vibrating inside a bag checked onto an AirTran flight, causing workers to alert airport officials to the strange noise.'' There are many electric devices carried in luggage that can make weird noises... http://www.ajc.com/news/news/local/atlanta-airport-closed-by-toothbrush/nTmqK/
The attackers hit one American bank after the next. As in so many previous attacks, dozens of online banking sites slowed, hiccupped, or ground to a halt before recovering several minutes later. But there was something disturbingly different about the wave of online attacks on American banks in recent weeks. Security researchers say that instead of exploiting individual computers, the attackers engineered networks of computers in data centers, transforming the online equivalent of a few yapping Chihuahuas into a pack of fire-breathing Godzillas. The skill required to carry out attacks on this scale has convinced United States government officials and security researchers that they are the work of Iran, most likely in retaliation for economic sanctions and online attacks by the United States. “There is no doubt within the U.S. government that Iran is behind these attacks,'' said James A. Lewis, a former official in the State and Commerce Departments and a computer security expert at the Center for Strategic and International Studies in Washington. [...] http://www.nytimes.com/2013/01/09/technology/online-banking-attacks-were-work-of-iran-us-officials-say.html?ref=global-home&_r=0
Antone Gonsalves, *InfoWorld* Experts and government officials believe the attacks are in retaliation for sanctions, and for U.S. cyber attacks on Iranian computer systems http://www.infoworld.com/d/security/us-bank-cyber-attacks-reflect-frightening-new-era-210576
Gregg Keizer, Computerworld, InfoWorld, 8 Jan 2013 Microsoft kicks off 2013 with clutch of critical Windows updates Others, including Adobe, Google, and Mozilla, ride Patch Tuesday's coat tails http://www.infoworld.com/d/security/microsoft-kicks-2013-clutch-of-critical-windows-updates-210405 selected text: Microsoft today patched 12 vulnerabilities in Windows, Office and several server and development products, but as it hinted last week, did not come up with a fix for the IE (Internet Explorer) bug that cyber criminals have been exploiting for at least a month. Among the torrent of patches, one not offered today was for the IE6, IE7 and IE8 zero-day bug that hackers have been exploiting since at least Dec. 7. IE9 and IE10 do not contain the bug, which according to Symantec, was used by the Elderwood group for cyber espionage. But because IE9 won't run on Windows XP, those customers are stuck with a vulnerable browser. Data from Web analytics company Net Applications puts XP's online usage share at 39 percent in December, meaning nearly four out of every 10 personal computer users runs the aged OS.
Jeremy Kirk, *InfoWorld Home*, 9 Jan 2012 It's the second time this month that Ruby on Rails has released updated versions for serious software flaws http://www.infoworld.com/d/security/ruby-rails-patches-more-critical-vulnerabilities-210434
This is some very interesting work being done at Columbia University. The URL gives you a clue http://redtape.nbcnews.com/_news/2013/01/04/16328998-popular-office-phones-vulnerable-to-eavesdropping-hack-researchers-say?lite&ocid=msnhp&pos
"Linking the entire MyMagic+ experience together is an innovative piece of technology we developed called the MagicBand. Worn on the wrist, it will serve as a guest's room key, theme park ticket, access to FastPass+ selections, PhotoPass card and optional payment account all rolled into one." http://disneyparks.disney.go.com/blog/2013/01/taking-the-disney-guest-experience-to-the-next-level/ As has been said here many times before, what could possibly go wrong (privacy issues aside)? Jim Reisert AD1C, <firstname.lastname@example.org>, http://www.ad1c.us
Please report problems with the web pages to the maintainer