The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 28 Issue 66

Monday 1 June 2015

Contents

Airbus confirms A440M transport plane downed by badly configured SW
Gabe Goldberg
Belgian air traffic outage
Werner U
Software Glitch Pauses LightSail Test Mission (Jason Davis via
Prashanth Mundkur
Volvo horrible self-parking car accident
Fusion via Jim Reisert
Boston water main break disrupts telecommunication services for thousands throughout Massachusetts
MassLive via Monty Solomon
How Is Critical 'Life or Death' Software Tested?
Motherboard via Gene Spafford
Clueless Clause: Insurer Cites Lax Security in Challenge to Cottage Health Claim
robert schaefer
Even Tiny Updates to Tech Can Be Obstacles for the Disabled
WiReD via Lauren Weinstein
Woman plans to sue after Fla. license labels her a sex offender
Baynews9 via Bob Frankston
When Is A Violent Facebook Post A 'Threat'? SCOTUS Isn't Sure.
National Journal via NNSquad
House of Discards: Wikipedia pre-election edits
Henry Baker
New incredibly cumbersome online voting system
Readwrite via NNSquad
A Tech Boom Aimed at the Few, Instead of the World
NYT via Monty Solomon
Americans Don't Trust Government and Companies to Protect Privacy
Pew in NYT via Monty Solomon
The Government's Consumer Data Watchdog
NYT
IRS says thieves stole tax info from >100,000 taxpayers
Henry Baker
Up to 1.1 Million Customers Could be Affected in Data Breach at Insurer CareFirst
NYT via Monty Solomon
Adult FriendFinder hack EXPOSES MILLIONS of MEMBERS
John Leyden
Large-scale attack hijacks routers through users' browsers
Lucian Constantin via Gene Wirchenko
Ex-FIFA Official Cites Satirical 'Onion' Article in His Self-Defense
NYT
Elizabeth Warren's official website is untrusted by Firefox
Henry Baker
One-Tap Giving? Extra Steps Mire Mobile Donations
Monty Solomon
Monty Solomon <monty@roscom.com>
????
Partners launches $1.2 billion electronic health records system
The Boston Globe
Could wearing a smartwatch behind the wheel land you in hot water?
Hayley Tsukayama
Hacked billboard gets rude
Gawker via robert schaefer
Uber Closes In on Its Last Frontier: Airports
NYT
Driving Uber Mad
NYT
Behind the Downfall at BlackBerry
NYT
Verizon's 'Pick Your Own Cable TV Channels' Is Just Another Bait & Switch —Read the Fine Print
Bruce Kushnick
Anti-NSA Pranksters Planted Tape Recorders Across New York and Published Your Conversations
Andy Greenberg
The Age Of Disinformation
James Spann via Dewayne Hendricks
BBC: The generation that tech forgot
Lauren Weinstein
A badly designed centralized desktop management can cause health risks
Chiaki Ishikawa
Lauren Weinstein <lauren@vortex.com>
????
CONTRARY WARNING! - "How Google Finally Got Design"
FastCodesign
NYTimes.com is a very expensive "wall wart"
Henry Baker
This Ad for Banned Food in Russia Can Hide Itself From the Cops
gismodo via robert schaefer
Re: Only 3% of people aced Intel's phishing quiz
David Damerell
Re: All cars must have tracking devices
Alister Wm Macintyre
Info on RISKS (comp.risks)

Airbus confirms A440M transport plane downed by badly configured SW

Gabe Goldberg <gabe@gabegold.com>
Mon, 01 Jun 2015 17:30:34 -0400
http://www.theregister.co.uk/2015/05/31/airbus_software_config_brought_down_a400m/

Supposedly correct engine-control software installed improperly [PGN-ed]


Belgian air traffic outage

Werner U <werneru@gmail.com>
Wed, 27 May 2015 12:54:01 +0200
<http://deredactie.be/cm/vrtnieuws.english/News/1.2351961>
[Please visit the article website to see 2 graphics.]

At the moment, Belgian air traffic is completely shut down. Belgocontrol,
the Belgian air traffic control agency, is dealing with a power cut due to
overvoltage.  This means that no planes are allowed to land on, or take off
from Belgian airports. Belgian airspace will remain closed until at least
5:30PM. There is increasing chaos at the airports as queues are growing, and
more and more flights are being canceled and delayed.

At 9:45AM, power went down at Belgocontrol. Flights preparing for landing
at that very moment were still allowed to ground on the strip. All other
flights were redirected to airports in neighbouring countries. Emergency
generators appeared to be malfunctioning as well, as they did not
automatically start running. "After that, we proceeded to a 'clear of the
sky' operation", explains Belgocontrol spokesperson Dominique Dehaene.

The power outage temporarily shuts down all air traffic in the country.
However, fly-overs at 24,500 feet or higher are still possible, since they
are not a Belgocontrol responsibility.

Eurocontrol declares that air traffic will be down until at least 5:30PM.
Airports at Brussels and Charleroi, for example, are already dealing with a
significant number of delays. Liege and Antwerp-Deurne are out of service as
well. Osten Airport is the only functioning airfield in the country right
now. Most of the planes still in the air have been redirected to airports in
neighbouring countries.  [...]


'Software Glitch Pauses LightSail Test Mission' (Jason Davis)

Prashanth Mundkur <prashanth.mundkur@gmail.com>
Fri, 29 May 2015 11:56:59 -0700
Jason Davis, The Planetary Society Blog, 26 May 2015
http://www.planetary.org/blogs/jason-davis/2015/20150526-software-glitch-pauses-ls-test.html

  Every 15 seconds, LightSail transmits a telemetry beacon packet. The
  software controlling the main system board writes corresponding
  information to a file called beacon.csv. If you're not familiar with CSV
  files, you can think of them as simplified spreadsheets—in fact, most
  can be opened with Microsoft Excel.

  As more beacons are transmitted, the file grows in size. When it reaches
  32 megabytes—roughly the size of ten compressed music files—it can
  crash the flight system.

    [Article also noted by robert schaefer: “It is now believed that a
  vulnerability in the software controlling the main avionics board halted
  spacecraft operations, leaving a reboot as the only remedy to continue the
  mission.''  There's no one in outer space to push the reset button.  RS]


Volvo horrible self-parking car accident

Jim Reisert AD1C <jjreisert@alum.mit.edu>
Wed, 27 May 2015 07:52:22 -0600
Fusion.net, 26 May 2015

Last week, a gossip blog based in the Dominican Republic called Remolacha
published a disturbing video of what it said was a self-parking car
accident.  A group of people stand in a garage watching and filming a grey
Volvo XC60 that backs up, stops, and then accelerates toward the group.  It
smashes into two people, and causes the person filming the video with his
phone to drop it and run.  It is terrifying. [...]

The main issue, said [Volvo spokesperson Johan] Larsson, is that it appears
that the people who bought this Volvo did not pay for the Pedestrian
detection functionality, which is a feature that costs more money.

The Volvo XC60 comes with City Safety as a standard feature, however this
does not include the Pedestrian detection functionality, said Larsson.  The
City Safety system kicks in when someone is in stop-and-go traffic, helping
the driver avoid rear ending another car while driving slowly, or under 30
mph.

http://fusion.net/story/139703/self-parking-car-accident-no-pedestrian-detection/


Boston water main break disrupts telecommunication services for thousands throughout Massachusetts

Monty Solomon <monty@roscom.com>
Mon, 25 May 2015 15:07:44 -0400
http://www.masslive.com/news/index.ssf/2015/05/boston_water_main_break_disrup.html


How Is Critical 'Life or Death' Software Tested? | Motherboard

Gene Spafford <spaf@cerias.purdue.edu>
Mon, 1 Jun 2015 09:41:40 -0400
Do read my whole blog post that is referenced here.

http://motherboard.vice.com/read/how-is-critical-life-or-death-software-tested


Clueless Clause: Insurer Cites Lax Security in Challenge to Cottage Health Claim

robert schaefer <rps@haystack.mit.edu>
Wed, 27 May 2015 08:28:02 -0400
Will software security insurance eventually change lax security behavior?

"In-brief: In what may become a trend, an insurance company is denying a
claim from a California healthcare provider following the leak of data on
more than 32,000 patients. The insurer, Columbia Casualty, charges that
Cottage Health System did an inadequate job of protecting patient data."

http://securityledger.com/2015/05/clueless-clause-insurer-cites-lax-security-in-challenge-to-cottage-health-claim/

  [This article also noted by Henry Baker,   :-)
    FYI—Finally, the costs of NOT securing people's data will exceed the
    costs of securing those data.
  Henry added, Companies will now pay more attention when the IRS
  demonstrates to them how to improve their computer security.
  PGN]


Even Tiny Updates to Tech Can Be Obstacles for the Disabled (WiReD)

Lauren Weinstein <lauren@vortex.com>
Mon, 25 May 2015 08:38:47 -0700
http://www.wired.com/2015/05/even-tiny-updates-tech-can-obstacles-disabled/
(WiReD via NNSquad)

  "For me, every step forward in making things lighter and smaller is a new
  obstacle. Often, the buttons I need to hit are too small, the screen too
  sensitive, or the glare off the screen too distracting to allow me to make
  use of my device. Updates to operating systems or apps that create slight
  changes to the size and position of buttons throw me off for days. While
  these changes might go unnoticed by a typical user, I endure a relearning
  process that slows me down and makes it more difficult to communicate." --
  Paul Kotler


Woman plans to sue after Fla. license labels her a sex offender

"Bob Frankston" <bob19-0501@bobf.frankston.com>
29 May 2015 22:15:35 -0400
http://www.baynews9.com/content/news/baynews9/news/article.html/content/news/articles/bn9/2015/5/7/woman_plans_to_sue_a.html

This isn't exactly a new risk. But as we are increasingly dependent upon
these systems we need to take into account human factors. If this were a
consumer-facing system it's likely that such checks would be built in. But
how do these design factors get addressed in systems built to
specifications? Or must we accept bad design just to get conformance to
requirements?

What are the details of this particular system?


When Is A Violent Facebook Post A 'Threat'? SCOTUS Isn't Sure.

Lauren Weinstein <lauren@vortex.com>
Mon, 1 Jun 2015 11:10:45 -0700
[National Journal via NNSquad]
http://www.nationaljournal.com/tech/supreme-court-intent-matters-in-violent-facebook-posts-20150601

  The Supreme Court on Monday inched a little bit closer to answering a
  major free-speech question: how to draw the line between real threats of
  violence and angry diatribes protected by the First Amendment.  In an 8-1
  ruling, the court threw out the conviction of a Pennsylvania man who wrote
  violent, obscene Facebook posts about killing his wife, his coworkers, FBI
  agents and even kindergartners. But the court did not set a clear standard
  for future cases involving online threats, and some of the justices
  complained that the ruling would only make the legal landscape more
  complicated.


House of Discards: Wikipedia pre-election edits

Henry Baker <hbaker1@pipeline.com>
Tue, 26 May 2015 07:21:30 -0700
This kind of activity is precisely why Europe's purported "right to be
forgotten" is so dangerous to democracy.

Ben Riley-Smith, *The Telegraph*, 26 May 2015
Expenses and sex scandal deleted from MPs' Wikipedia pages by computers
inside Parliament
Exclusive: References to 'chauffeur-driven cars' and a criminal arrest wiped
from online biographies in run-up to election
http://www.telegraph.co.uk/news/general-election-2015/11574217/Expenses-and-sex-scandal-deleted-from-MPs-Wikipedia-pages-by-computers-inside-Parliament.html

Expense claims and a Westminster sex scandal were deleted from MPs'
Wikipedia pages by computers inside Parliament before the election, The
Telegraph has found.

Details of a police arrest, electoral fraud allegation and the use of
"chauffeur-driven cars" were also been wiped by people inside the Commons.

The revelation will raise suspicion MPs or their political parties
deliberately hid information from the public online to make candidates
appear more electable to voters.

More than a dozen online biographies of sitting MPs were doctored from
computers with IP addresses owned by the Houses of Parliament in the run-up
to the election.

Requests for comment were made to all the MPs in question via their party
press offices, but just a handful replied to say the changes had nothing to
do with them.

Anyone can edit Wikipedia, an online encyclopaedia kept up to date by
users. However each change is tracked and linked to an IP address - a unique
string of numbers that identifies each computer using an Internet network.

By looking at the changes made by computers with IP addresses owned by the
Houses of Parliament it is possible to see what edits are being made from
inside the Commons.

*The Telegraph* has discovered persistent changes to MPs' biographies made
from Parliament in what appears to be a deliberate attempt to hide
embarrassing information from the electorate.

[Numerous dishy examples omitted for lack of RISKS-relevance.  PGN]
FULL DETAILS OF WHAT WIKIPEDIA CHANGES WERE MADE FROM PARLIAMENT COMPUTERS ...
  [omitted for RISKS]


New incredibly cumbersome online voting system

Lauren Weinstein <lauren@vortex.com>
Sat, 23 May 2015 10:33:45 -0700
"Maybe Online Voting Isn't A Pipe Dream After All" (via NNSquad)

http://readwrite.com/2015/05/22/du-vote-secure-online-voting

  Finally, you'd have to have faith that people would be willing to enter
  strings of numbers into both a handheld token and the online electoral
  website. Not to mention the fact that the system's security also depends
  on voters' willingness to flip a coin and take action based on the
  result. If in practice most people just entered the "column A" digits out
  of habit, that would undermine the system's reliability.

Uselessly cumbersome, unworkable, and does nothing to solve the problems of
integrity of the election process in terms of maintaining recountability
(e.g., validated paper receipts or other mechanisms) and anonymity of votes.


A Tech Boom Aimed at the Few, Instead of the World

Monty Solomon <monty@roscom.com>
Mon, 25 May 2015 18:49:36 -0400
The industry once thought big, but today's wave of start-ups is
characterized by a rise in services aimed at the wealthy and the young.
http://www.nytimes.com/2015/05/21/technology/personaltech/a-tech-boom-aimed-aat-the-few-instead-of-the-world.html


Americans Don't Trust Government and Companies to Protect Privacy

Monty Solomon <monty@roscom.com>
Mon, 25 May 2015 18:48:46 -0400
Most Americans say it is important to control who has access to their
personal information, but they have little faith that the government or
companies will protect their private data, according to a new report by the
Pew Research Center.
http://bits.blogs.nytimes.com/2015/05/20/survey-finds-americans-dont-trust-government-and-companies-to-protect-privacy/


The Government's Consumer Data Watchdog

Monty Solomon <monty@roscom.com>
Mon, 25 May 2015 18:40:19 -0400
The Federal Trade Commission's chief technologist fights to ensure that
companies keep consumers' information safe and private.
http://www.nytimes.com/2015/05/24/technology/the-governments-consumer-data-watchdog.html


IRS says thieves stole tax info from >100,000 taxpayers

Henry Baker <hbaker1@pipeline.com>
Tue, 26 May 2015 15:54:51 -0700
FYI—It doesn't get much worse than this; these are the same people that
can take money out of your bank accounts any time they want to.

"We don't care, we don't have to...we're the IRS." (apologies to Lily Tomlin).

"During this filing season, taxpayers successfully and safely downloaded a
total of approximately 23 million transcripts."

So the real number is somewhere between 1 and 23 million; let's pick
"100,000" as a nice average.?!.

http://bigstory.ap.org/article/34539a748b3745ffb92451472f814ffa/apnewsbreak-irs-says-thieves-stole-tax-info-100000

APNewsBreak: IRS says thieves stole tax info from 100,000
Stephen Ohlemacher, AP, 26 May 2015

WASHINGTON (AP) --Thieves used an online service provided by the IRS to gain
access to information from more than 100,000 taxpayers, the agency said
Tuesday.

The information included tax returns and other tax information on file with
the IRS.

The IRS said the thieves accessed a system called "Get Transcript."  In
order to access the information, the thieves cleared a security screen that
required knowledge about the taxpayer, including Social Security number,
date of birth, tax filing status and street address.

"We're confident that these are not amateurs," said IRS Commissioner John
Koskinen.

Koskinen said the agency was alerted to the thieves when technicians noticed
an increase in the number of taxpayers seeking transcripts.

The IRS said they targeted the system from February to mid-May.  The service
has been temporarily shut down.

Taxpayers sometimes need copies of old tax returns to apply for mortgages or
college aid.  While the system is shut down, taxpayers can still apply for
transcripts by mail.

The IRS said its main computer system, which handles tax filing submissions,
remains secure.

The IRS has launched a criminal investigation.  The agency's inspector
general is also investigating.

"In all, about 200,000 attempts were made from questionable email domains,
with more than 100,000 of those attempts successfully clearing
authentication hurdles," the agency said.  "During this filing season,
taxpayers successfully and safely downloaded a total of approximately 23
million transcripts."


Up to 1.1 Million Customers Could be Affected in Data Breach at Insurer CareFirst

Monty Solomon <monty@roscom.com>
Mon, 25 May 2015 18:47:41 -0400
The hacking of CareFirst, a health insurer, may have some common links to
the attacks on Anthem and Premera.
http://www.nytimes.com/2015/05/21/business/carefirst-discloses-data-breach-up-to-1-1-million-customers-affected.html


Adult FriendFinder hack EXPOSES MILLIONS of MEMBERS (John Leyden)

Monty Solomon <monty@roscom.com>
Sat, 23 May 2015 15:30:40 -0400
John Leyden, *The Register*, 22 May 2015
Users with a fetish for risky encounters in public spaces will be thrilled

Hackers have swiped and leaked the personal details and sexual preferences
of 3.9 million users of hookup website Adult FriendFinder.

Lusty lonely hearts, including those who asked for their account to be
deleted, have been left in an awkward position after hackers broke into
systems before uploading the details to the dark web.

Email addresses, usernames, postcodes, dates of birth and IP addresses of
3.9 million members have been exposed.

http://www.theregister.co.uk/2015/05/22/adult_hookup_site_breach_data/


"Large-scale attack hijacks routers through users' browsers" (Lucian Constantin)

Gene Wirchenko <genew@telus.net>
Tue, 26 May 2015 15:58:10 -0700
Lucian Constantin, InfoWorld, 26 Mak 2015
Security researchers have found a Web attack tool designed specifically to
exploit vulnerabilities in routers and hijack their DNS settings
http://www.infoworld.com/article/2926221/security/large-scale-attack-hijacks-routers-through-users-browsers.html


Ex-FIFA Official Cites Satirical 'Onion' Article in His Self-Defense

Monty Solomon <monty@roscom.com>
Sun, 31 May 2015 19:20:41 -0400
http://www.nytimes.com/2015/06/01/world/americas/ex-fifa-official-jack-warner-cites-onion-article-in-defense.html

Jack Warner, arrested last week in connection with a criminal investigation,
held up the faux news report as evidence, he said, of an American
conspiracy.


Elizabeth Warren's official website is untrusted by Firefox

Henry Baker <hbaker1@pipeline.com>
Mon, 01 Jun 2015 08:14:01 -0700
This Connection is Untrusted

You have asked Firefox to connect securely to www.warren.senate.gov, but we
can't confirm that your connection is secure.

Normally, when you try to connect securely, sites will present trusted
identification to prove that you are going to the right place.  However,
this site's identity can't be verified.  [...]

www.warren.senate.gov uses an invalid security certificate.


One-Tap Giving? Extra Steps Mire Mobile Donations

Monty Solomon <monty@roscom.com>
Sat, 30 May 2015 11:30:56 -0400
http://www.nytimes.com/2015/05/30/your-money/one-tap-giving-extra-steps-mire-mobile-donations.html

Mobile apps can be used to summon a car or order food with a simple tap, but
making a charitable donation is not as easy.


Partners launches $1.2 billion electronic health records system

Monty Solomon <monty@roscom.com>
Mon, 1 Jun 2015 09:06:05 -0400
http://www.bostonglobe.com/business/2015/05/31/partners-launches-billion-electronic-health-records-system/oo4nJJW2rQyfWUWQlvydkK/story.html


Could wearing a smartwatch behind the wheel land you in hot water? (Hayley Tsukayama)

Monty Solomon <monty@roscom.com>
Mon, 1 Jun 2015 11:10:26 -0400
Hayley Tsukayama, 29 May 2015

Smartwatches such as the Apple Watch are designed to keep us from being
glued to our smartphone screens all day. But even with their bite-sized
messages, are these new gadgets still too distracting for use behind the
wheel?

Some other countries' police officers certainly seem to think so. A Canadian
man was fined $120 for using his Apple Watch while driving earlier this
week, Montreal's CTV News reported. ...

http://www.washingtonpost.com/blogs/the-switch/wp/2015/05/29/could-wearingw-a-smartwatch-behind-the-wheel-land-you-in-hot-water/

Pincourt man fined $120 for using Apple Watch while driving
http://montreal.ctvnews.ca/pincourt-man-fined-120-for-using-apple-watch-while-driving-1.2394293


Hacked billboard gets rude

robert schaefer <rps@haystack.mit.edu>
Wed, 27 May 2015 09:54:33 -0400
FBI and Homeland Security Respond to Shocking Goatse Bomb in Atlanta

http://gawker.com/fbi-and-homeland-security-respond-to-shocking-goatse-bo-1704768347

"The setup is exactly as insecure as you'd imagine: many of these electronic
billboards are completely unprotected, dangling on the public Internet
without a password or any kind of firewall. This means it's pretty simple to
change the image displayed from a new AT&T offer to, say, Goatse.''  ...
"security researcher Dan Tentler tweeted yesterday that he'd tried to warn
this very same sign company that their software is easily penetrable by
anyone with a computer and net connection and was told they were `not
interested'.


Uber Closes In on Its Last Frontier: Airports

Monty Solomon <monty@roscom.com>
Mon, 25 May 2015 18:33:52 -0400
http://www.nytimes.com/2015/05/26/business/uber-closes-in-on-its-last-frontier-airports.html

American airport officials know the ride-hailing phenomenon will not recede,
and they are rewriting regulations to welcome all manner of cars.


Driving Uber Mad

Monty Solomon <monty@roscom.com>
Sun, 24 May 2015 23:08:42 -0400
http://www.nytimes.com/2015/05/24/opinion/sunday/maureen-dowd-driving-uber-mad.html

The tragic saga of how Cinderella's Uber coach turned back into a judgmental
pumpkin.


Behind the Downfall at BlackBerry

Monty Solomon <monty@roscom.com>
Sun, 24 May 2015 23:14:57 -0400
http://bits.blogs.nytimes.com/2015/05/24/behind-the-downfall-at-blackberry/

A new book by two reporters from The Globe and Mail offers details about the
emotional and business turmoil surrounding BlackBerry's near collapse.


Verizon's 'Pick Your Own Cable TV Channels' Is Just Another Bait & Switch—Read the Fine Print (Bruce Kushnick)

Monty Solomon <monty@roscom.com>
Sun, 24 May 2015 13:37:55 -0400
Bruce Kushnick, *HuffPost*, 22 May 2015

It amazes me how many media stories have decided to just cut and paste
Verizon's supplied information about their new FiOS "customized TV plan"
without examining the 'fine print'. I guess everyone is just desperate to
get anything that smacks of ala-carte pricing for cable TV service, where
the customer can pick and choose which cable programming they want to buy --
and is supposed to save some money.

http://www.huffingtonpost.com/bruce-kushnick/verizons-pick-your-own-ca_b_7419440.html


Anti-NSA Pranksters Planted Tape Recorders Across New York and Published Your Conversations (Andy Greenberg)

Monty Solomon <monty@roscom.com>
Sun, 24 May 2015 00:22:53 -0400
Andy Greenberg, 20 May 2015

A woman at a gym tells her friend she pays rent higher than $2,000 a
month. An ex-Microsoft employee describes his work as an artist to a woman
he's interviewing to be his assistant—he makes paintings and body casts,
as well as something to do with infrared light that's hard to discern from
his foreign accent. Another man describes his gay lover's unusual sexual
fetish, which involves engaging in fake fistfights, “like we were doing a
scene from Batman Returns.''

These conversations—apparently real ones, whose participants had no
knowledge an eavesdropper might be listening—were recorded and published
by the NSA. Well, actually no, not the NSA, but an anonymous group of
anti-NSA protesters claiming to be contractors of the intelligence agency
and launching a new `pilot program' in New York City on its behalf. That
spoof of a pilot program, as the prankster provocateurs describe and
document in videos on their website, involves planting micro-cassette
recorders under tables and benches around New York city, retrieving the
tapes and embedding the resulting audio on their website:
Wearealwayslistening.com. ...

http://www.wired.com/2015/05/nsa-pranksters-planted-tape-recorders-nyc/


The Age Of Disinformation (James Spann)

Dewayne Hendricks <dewayne@warpspeed.com>
May 29, 2015 at 8:36:04 AM EDT
James Spann, Medium.com, 27 May 2015 (via Dave Farber)
<https://medium.com/@spann/the-age-of-disinformation-98d55837d7d9>

I have been a professional meteorologist for 36 years. Since my debut on
television in 1979, I have been an eyewitness to the many changes in
technology, society, and how we communicate. I am one who embraces change,
and celebrates the higher quality of life we enjoy now thanks to this
progress.

But, at the same time, I realize the instant communication platforms we
enjoy now do have some negatives that are troubling. Just a few examples in
recent days:

I would say hundreds of people have sent this image to me over the past 24
hours via social media.  [Rest omitted; somewhat less computer relevant. PGN]


BBC: The generation that tech forgot (via NNSquad)

Lauren Weinstein <lauren@vortex.com>
Sun, 24 May 2015 19:46:01 -0700
http://www.bbc.com/news/technology-32511489  [an important read.  LW]

  With a rising elderly population, the technology industry cannot afford to
  ignore the issue.  It is estimated that, by 2030, 19% of the US population
  will be over 65 - roughly the same proportion that currently own iPhones.
  And by 2050, there will be one retired person for every two that are in
  work.  Apple is looking to address this - but not with new hardware.  In a
  joint venture with IBM, it announced last month it would design "iPad
  apps" that would be "very easy to use for seniors".  Aimed at the Japanese
  market, the apps will help connect millions of older people with
  healthcare services.  "It assumes that its product is inherently usable,"
  says Mr Hosking.

And this situation is a terrible shame and waste, because this tech
can bring enormous benefits even to very elderly persons, if the
effort were made by someone with sufficient resources and talent to do
it right. (I'm talking to you, Google.)


A badly designed centralized desktop management can cause health risks

chiaki ishikawa <ishikawa@yk.rim.or.jp>
Tue, 26 May 2015 18:29:47 +0900
In today's computing environment, especially in an enterprise setting where
IT department looks after the PCs and other devices distributed across the
premise, the need for centralized control is acute.

Even PC's desktops are no exception with respect to the centralized
control. We now have PCs running as if they were thin client in some
environments.

When a user logs in, these PCs load the user environment from centrally
managed servers. The local files are swapped in/out when a different user
logs in. (A similar complete wiping out of the previous user's desktop and
restarting a computer with a fresh install even can often be seen at a PC
made available at a hotel room or a hotel business center.)

Such a centralized control may cause network load issues reported in web
blogs and vendor white papers.

With that background, let me tell you a story.

I visited a hospital the other day for an appointment at 09:00. This is the
earliest slot in the morning.  I was there at about 08:50 and was instructed
to wait in front of the doctor's office. Above the door, there is an LCD
screen that shows whose turn (a number for the day's appointment which is
printed on a supermarket receipt-like paper when I check in at the hospital
using my ID card.).  If there are people waiting, the queue is shown at the
bottom.  I thought it was really neat in this modern ICT age (although I
thought it is a bit of waste of electricity although I am not sure if the
LCD ran in energy saving mode or something.)

>From the manner the doctor set up the 09:00 appointment a few weeks ago, I
thought I would be consulted at 09:00 sharp.

But 09:00 came and passed and nothing happened.  I noticed the dentist's
office in the back began accepting patients. (The hospital was a large
general hospital with many departments.)  Still nothing. Another doctor's
office in the same row began accepting patient around 09:05. Still nothing
at my doctor's office.  I noticed the smoked glass window on the door of the
doctor's office showed the interior lighting, so the doctor was already in.

I began wondering if my previous medical tests turned out very bad and the
doctor was going over them very carefully (?)

At about 09:10, the LCD screen above my doctor's office door finally
displayed my appoint number as the first patient that morning.  I went in
the office uneasily, and the first thing the doctor said is not related to
my health at all: "Logging in is too slow in the morning. I could not get to
read the data"(!)

Wow. A great Risks item :-)

It seems that the PC in the doctor's office is used as a thin-client
workstation [running Java applications] setting to access medical care
system, and from what gathered looking at the screen and hardware in a short
time while I was there, it seems that the user-profile and everything is
first copied to the local PC for efficiency reasons, and that caused a flood
of the network transfer in the morning just before 09:00 when doctors and
clerks began using their computers.  No wonder all other doctors, too, could
not invite patients quickly enough.

The doctor mentioned the particular system is not used widely although it is
priced at low cost which the hospital could afford: the doctor said
something about low-quality, but I doubt that in general terms.  It seemed
feature-rich from the menu and the doctor's interaction once the files were
fetched from the server(s) was good and UI seemed better than some systems
used at smaller hospitals I have seen.

But the problem is that this particular installation is simply not designed
very well for network peak usage for a big hospital, and presumably other
high-priced systems use different approach regarding the centralized desktop
management to avoid the peak usage issue (or uses even 10GHz for backbone
for network transfer I suppose to take care of high volume of I/O at peak
time and powerful servers that cost a lot.)

Well, a bad system design can cause health risks.

Anyone going to this particular hospital had better not have a heart attack
or other sudden severe symptoms before 9 o'clock in the morning because by
the time they may get to the hospital on an ambulance in time, the doctors
may not be able to read vital data due to "network timeout" on their PCs (!)

I never thought I would experience such a direct computer-related risk in a
hospital I visit.


CONTRARY WARNING! - "How Google Finally Got Design"

Lauren Weinstein <lauren@vortex.com>
Mon, 1 Jun 2015 10:57:43 -0700
http://www.fastcodesign.com/3046512/how-google-finally-got-design?utm_content-buffer20941

  "Google's transformation into a company that creates beautiful software
  is the story of how tech itself has evolved in the mobile era."

I'm posting this item here as an example of how different points of view can
create *utterly contrary* reactions—because to many observers Google's
user interfaces (and this definitely isn't just a Google problem) have
become increasingly, frustratingly *unusable* to significant and growing
segments of the user population—special needs, older users, and
others. I'm currently conducting a survey on these issues—please see:
  http://lauren.vortex.com/archive/001103.html

and responses have been pouring in—many of them maddeningly
heartbreaking. More on this as I collect additional ongoing data.


NYTimes.com is a very expensive "wall wart"

Henry Baker <hbaker1@pipeline.com>
Tue, 26 May 2015 08:57:26 -0700
There's something very weird about the Firefox browser & *The New York
Times* web site, which causes my computers to use 5-8x the electricity of
most other web sites.

I have Javascript completely turned off, thanks to NoScript, but the NYTimes
web site still consumes 11-15% of my CPU's (tested with both Windows/32-bit
and Ubuntu/64-bit).

Other web sites—e.g., LATimes.com, Boston.com, etc. (also with Javascript
disabled)—take only perhaps 1-3% of my CPU's.

The high CPU load occurs only when NYTimes is the top tab; if I switch the
top tab to LATimes.com, the CPU load drops down to 1-3%.

The NYTimes CPU load persists even when these computers are disconnected
from the Internet.

These measurements are up-to-date (as of today, 5/26/2015) for Firefox v. 38.

All add-ons & extensions are disabled—except NoScript—and
particularly, *all video is disabled*.

The problem is not expensive gif images, because other sites which use gifs
are not so expensive.

I'm mystified.

Apparently, leaving The NYTimes open in your Firefox browser makes for very
expensive wallpaper.


This Ad for Banned Food in Russia Can Hide Itself From the Cops

robert schaefer <rps@haystack.mit.edu>
Fri, 29 May 2015 08:32:00 -0400
This is an advertising stunt, but has interesting implications all the same:

"Websites are already able to serve up ads customized for whoever happens to
be viewing a page. Now an ad agency in Russia is taking that idea one step
further with an outdoor billboard that's able to automatically hide when it
spots the police coming."

http://gizmodo.com/this-ad-for-banned-food-in-russia-can-hide-itself-from-1707145443


Re: Only 3% of people aced Intel's phishing quiz (Jeff Jedras)

David Damerell <damerell@chiark.greenend.org.uk>
Thu, 28 May 2015 13:17:31 +0100
An alarming figure! But when we look at the story, we find the reality is
(slightly) less alarming; that includes people who identified non-phishes
as phishes, whereas "only" 80% of the people tested misidentified phishes.


Re: All cars must have tracking devices (Drewe)

"Alister Wm Macintyre \(Wow\)" <macwheel99@wowway.com>
Tue, 26 May 2015 23:47:37 -0500
[Numerous collision incidents have occurred—some days half a dozen]
between trains and road vehicles, in the USA, described at this site:
http://www.trainwreckdb.com/

I wonder what the rate is like elsewhere in our world.

I suspect some of this, and violations of school bus safety, is thanks to
the USA eliminating driver education from the school system, allegedly
triggered by budget cuts.

We can be thankful that these incidents are not triggering bomb trains.

Bomb trains go off typically at least twice a month—there were almost 40
of them in the USA in 2014.  Basically the infrastructure, to move crude
oil, was developed before we had Canadian Oil Sands, and US fracking.  Oil
from those sources contain a lot of pieces of rock and sand, which abrade
the insides of pipelines and oil tankers, causing them to breach, reach
something to trigger ignition, and away they go in a monster fire.  Here's a
source for the above statistics:
http://www.wsj.com/articles/train-wrecks-hit-tougher-oil-railcars-1425861371

Please report problems with the web pages to the maintainer

Top