Recently discussed on the Eusprig (European Spreadsheet Risk Interest Group) mail list: A hospital trust in Blackpool (pop. 145,000) in the UK was fined 185,000 GBP for leaking sensitive information via an Excel Pivotable. https://ico.org.uk/media/action-weve-taken/mpns/1624118/blackpool-nhs-trust-monetary-penalty-notice.pdf It is a problem of the sorcerer's apprentice - knowing enough to be dangerous. To paraphrase Barry Boehm, "[EUC gives] many who have little training or expertise in how to avoid or detect high-risk defects tremendous power to create high-risk defects. " The key point is "The Trust knew or ought to have envisaged those risks and it did not take reasonable steps to prevent the contravention." So: if they OUGHT to have known, by what means were they expected to envisage those risks? What guidance is available that describes that issue? Is it part of any accredited training materials? The answer I think is here: "It is worth noting that the Commissioner' s office issued two monetary penalty notices on 30 July 2012 (Torbay NHS Trust) and 20 August 2013 (Islington Council) which raised awareness about the issue of data that could be hidden in pivot tables. The Commissioner's office also published a blog on 28 June 2013 entitled The Risk of Revealing Too Much. https://iconewsblog.wordpress.com/2013/06/28/ico-blog-the-risk-of-revealing-too-much/ This shows the pivot table feature in question. Just to explain, if the pivotcache is present then even if the original data sheet is deleted, the data can be recreated by a simple double-click on a pivotable cell. They reference: https://iconewsblog.wordpress.com/2015/11/13/the-dangers-of-hidden-data/ https://www.mysociety.org/2013/06/13/whatdotheyknow-team-urge-caution-when-using-excel-to-depersonalise-data/ Read the "Five Key Messages" at the end. This is of course just one such example. The hidden rows in the Barclay's bid for Lehman assets, or the summary chart in a paper on hospital treatments which had the entire Excel spreadsheet embedded in it, are more. Patrick O'Beirne, Systems Modeling http://www.sysmod.com http://ie.linkedin.com/in/patrickobeirne
http://www.theprovince.com/health/local-health/nanaimo+doctors+electronic+health+record+system/11947563/story.html But nine weeks after startup, physicians in the Nanaimo hospital's intensive-care and emergency departments reverted to pen and paper this week *out of concern for patient safety*. Doctors said the system is flawed—generating wrong dosages for the most dangerous of drugs, diminishing time for patient consultation, and losing critical information and orders... ...But doctors complain the new technology is slow, overly complicated and inefficient. “The iHealth computer interface for ordering medications and tests is so poorly designed that not only does it take doctors more than twice as long to enter orders, even with that extra effort, serious errors are occurring on multiple patients every single day,'' wrote one physician at the Nanaimo hospital. “ Tests are being delayed. Medications are being missed or accidentally discontinued.'' Doctors can't easily find information entered by nurses, the physician wrote.
https://www.rt.com/politics/344827-voters-personal-data-leaked-online/ Opposition PARNAS party cancels primaries over massive leak of voters' personal data, RT, 30 May 2016 The Russian Party of People's Freedom, PARNAS, has had to suspend its Internet primaries after a file with personal details of all participants was placed on the party's website. Top party officials blame unidentified hackers for the privacy breach. PARNAS was holding primaries in order to finalize its list of candidates for the September parliamentary elections. Ninety-six candidates and about 24,000 voters registered for the procedure, but the number of those who actually voted was much lower. The file containing logins and passwords of everyone who had taken part in the primaries was posted on the PARNAS website on Sunday afternoon. The data was real and allowed anyone to see full details of any voter—including name, emails and phone numbers, as well as the people they voted for. Site administrators had to shut down the Internet voting earlier than planned and recommended that their supporters urgently change all their passwords.
http://www.reuters.com/article/us-usa-encryption-legislation-idUSKCN0YI0EM Dustin Volz, Mark Hosenball and Joseph Menn, Reuters, 27 May 2016 After a rampage that left 14 people dead in San Bernardino, key U.S. lawmakers pledged to seek a law requiring technology companies to give law enforcement agencies a "back door" to encrypted communications and electronic devices, such as the iPhone used by one of the shooters. Now, only months later, much of the support is gone, and the push for legislation dead, according to sources in congressional offices, the administration and the tech sector. Draft legislation that Senators Richard Burr and Dianne Feinstein, the Republican and Democratic leaders of the Intelligence Committee, had circulated weeks ago likely will not be introduced this year and, even if it were, would stand no chance of advancing, the sources said. Key among the problems was the lack of White House support for legislation in spite of a high-profile court showdown between the Justice Department and Apple Inc over the suspect iPhone, according to Congressional and Obama Administration officials and outside observers. "They've dropped anchor and taken down the sail," former NSA and CIA director Michael Hayden said.
Caroline Craig, InfoWorld, 3 Jun 2016 The FBI continues its push to greatly expand government surveillance and exempt that spying from constitutional safeguards and privacy rules http://www.infoworld.com/article/3078179/privacy/fbi-pushes-for-more-power-to-crush-your-privacy.html opening text: Like living in a police state much? The FBI is pushing on multiple fronts to greatly expand its surveillance powers and exempt that spying from constitutional safeguards and privacy rules. Many in Congress are only too happy to help. With a treasure trove of digital information tantalizingly within reach, the FBI doesn't want to be slowed down by inconveniences like Fourth Amendment protections. So frustrated is FBI chief James Comey by constitutional limits that he told the Senate Intelligence Committee that the FBI's difficulty in getting its hands on Americans' online communications resulted from a "typo" in the law that should be changed. He may get his wish.
https://yahoopolicy.tumblr.com/post/145258843473/yahoo-announces-public-disclosure-of-national As part of our ongoing commitment to transparency, Yahoo is announcing today the public disclosure of three National Security Letters (NSLs) that it received from the Federal Bureau of Investigation (FBI). This marks the first time any company has been able to publicly acknowledge receiving an NSL as a result of the reforms of the USA Freedom Act. We're able to disclose details of these NSLs today because, with the enactment of the USA Freedom Act, the FBI is now required to periodically assess whether an NSL's nondisclosure requirement is still appropriate, and to lift it when not. We believe this is an important step toward enriching a more open and transparent discussion about the legal authorities law enforcement can leverage to access user data.
Patrick Thibodeau, Computerworld, 4 Jun 2016 Company ran 'a captive stable of cheap labor,' say U.S. officials http://www.computerworld.com/article/3079224/it-careers/judge-sends-two-to-prison-for-7-years-for-h-1b-fraud.html opening text: Two brothers were sentenced Friday to 87 months in prison for running an H-1B fraud scheme intended to create a low cost, on-demand workforce, federal law enforcement officials said.
US Department of Defense employees use Common Access Cards (typically, and redundantly, called "CAC Cards"). Depending on the specific parts of DoD, these are used both as ID badges and access cards (e.g., to get into buildings or to access computers), etc. Since in many places these are the ID badges, they are typically worn on a necklace or on a pocket or belt, but in general in a place that's highly visible. Employees are generally instructed not to have their badges visible outside their work location, but that rule is honored in the breach. (For example, on the subway, or in restaurants near DoD offices at lunchtime.) The CAC Card has a 2D barcode, which apparently includes the person's name, SSN, and other information, in an unencypted form. Someone developed a mobile phone app (call CACscan) which retrieves this information from a photo. [See https://www.reddit.com/r/AirForce/comments/4l6tui/just_got_this_email_about_the_google_play_app/ for a discussion.] The response to this app has been interesting - basically broken into recommendations to protect (e.g., don't leave your card visible when outside work, watch for people taking photographs) and foolish (e.g., don't download the app - which doesn't solve the problem). [The latter can be found at https://ellsworthafrc.org/2016/05/25/attention-android-device-owners-do-not-use-cac-scan-app/ ] Surprisingly - or not - I've not seen anything discussing *fixing* the problem - or maybe it's effectively impossible to do anything in the short term, given the number of cards that would need to be reissued, systems that would need to be revised to deal with encrypted bar codes, etc.
Google has fixed more than 30 vulnerabilities in Android. A statue for Google's Android Marshmallow operating system sits on the Google campus Lucian Constantin, InfoWorld, 6 Jun 2016 http://www.infoworld.com/article/3079791/android/android-gets-patches-for-serious-flaws-in-hardware-drivers-and-mediaserver.html opening text: The June batch of Android security patches addresses nearly two dozen vulnerabilities in system drivers for various hardware components from several chipset makers. The largest number of critical and high severity flaws were patched in the Qualcomm video driver, sound driver, GPU driver, Wi-Fi driver, and camera driver. Some of these privilege escalation vulnerabilities could allow malicious applications to execute malicious code in the kernel leading to a permanent device compromise.
http://jebruner.com/2016/06/geopolitical-hedging-as-a-service/ Google and Microsoft have found themselves embroiled in some awkward geopolitical disputes as they've made their mapping services available around the world, and they've found a brilliant diplomatic workaround to the demands of dogmatic politicians: they give each country the map that its government wants, serving it seamlessly to domestic users by reckoning the locations of their IP addresses. It's possible to force these services to display the map corresponding to a particular country, though, and I've done that here in order to compare the maps that they serve to different constituencies. Try out some examples of delicate sensibilities by clicking the links below, or explore the map comparisons by using the drop-down menus. Click the [=>] symbol for more background on each disagreement. Obi-Wan: "Luke, you're going to find that many of the truths we cling to depend greatly on our own point of view."
http://arstechnica.co.uk/security/2016/06/teamviewer-users-hacked-but-how/ For more than a month, users of the remote login service TeamViewer have taken to Internet forums to report their computers have been ransacked by attackers who somehow gained access to their accounts. In many of the cases, the online burglars reportedly drained PayPal or bank accounts. No one outside of TeamViewer knows precisely how many accounts have been hacked, but there's no denying the breaches are widespread. TeamViewer has also long been the favored tool of fake support scammers.
When small, off-the-shelf models pose security or other threats, birds have the advantage of grounding them without a potentially dangerous crash. http://www.nytimes.com/2016/05/29/world/europe/drones-eagles.html
Chase Utley, Missed by a Pitch, Burns the Mets With Two Home Runs http://www.nytimes.com/2016/05/29/sports/baseball/chase-utley-missed-by-noah-syndergaard-pitch-burns-the-mets.html The Mets reportedly complained to Major League Baseball about the Dodgers using a global positioning device to situate their fielders. "We observed some members of the Dodgers organization using technology to establish defensive positions, presumably for use during the game. Major League Baseball is going to look at that issue.'', Mets General Manager Sandy Alderson told ESPN. The Dodgers did not deny using such a device as a positioning and scouting aid, though they said it was not employed during a game. There is no MLB rule outlawing the method. The Dodgers reportedly asked the Mets if they could paint lines on the Citi Field grass as markers for their fielders, but Alderson denied the request.
Andy Greenberg, *WiReD*, 1 Jun 2016 <https://www.wired.com/2016/06/demonically-clever-backdoor-hides-inside-computer-chip/ <http://postlink.www.listbox.com/2136039/117dfea62fed4761ac9bec0c5f5d50d1/125086/546f591f?uri=aHR0cHM6Ly93d3cud2lyZWQuY29tLzIwMTYvMDYvZGVtb25pY2FsbHktY2xldmVyLWJhY2tkb29yLWhpZGVzLWluc2lkZS1jb21wdXRlci1jaGlwLw>> Security flaws in software can be tough to find. Purposefully planted ones' hidden backdoors created by spies or saboteurs' are often even stealthier. Now imagine a backdoor planted not in an application, or deep in an operating system, but even deeper, in the hardware of the processor that runs a computer. And now imagine that silicon backdoor is invisible not only to the computer's software, but even to the chip's designer, who has no idea that it was added by the chip's manufacturer, likely in some far-flung Chinese factory. And that it's a single component hidden among hundreds of millions or billions. And that each one of those components is less than a thousandth of the width of a human hair. In fact, researchers at the University of Michigan haven't just imagined that computer security nightmare; they've built and proved it works. In a study that won the best paper award at last week's IEEE Symposium on Privacy and Security, they detailed the creation of an insidious, microscopic hardware backdoor proof-of-concept. And they showed that by running a series of seemingly innocuous commands on their minutely sabotaged processor, a hacker could reliably trigger a feature of the chip that gives them full access to the operating system. Most disturbingly, they write, that microscopic hardware backdoor wouldn't be caught by practically any modern method of hardware security analysis, and could be planted by a single employee of a chip factory. “Detecting this with current techniques would be very, very challenging if not impossible,'' says Todd Austin, one of the computer science professors at the University of Michigan who led the research. It's a needle in a mountain-sized haystack.'' Or as Google engineer Yonatan Zunger wrote after reading the paper: “This is the most demonically clever computer security attack I've seen in years.'' [... The paper considers inserting analog devices as simple as a capacitor. PGN]
http://www.engadget.com/2016/06/04/keepass-wont-fix-security-hole-due-to-ads/ Think it's bad when companies take their time fixing security vulnerabilities? Imagine what happens when they avoid fixing those holes in the name of a little cash. KeePass 2 developer Dominik Reichl has declined to patch a flaw in the password manager's update check as the "indirect costs" of the upgrade (which would encrypt web traffic) are too high—namely, it'd lose ad revenue. Yes, the implication is that profit is more important than protecting users.
http://techcrunch.com/2016/05/31/facebook-twitter-youtube-and-microsoft-agree-to-remove-hate-speech-across-the-eu/?ncid=rss&utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+Techcrunch+%28TechCrunch%29 Facebook, Twitter, Google's YouTube, Microsoft as well as the European Commission unveiled a new code of conduct to remove hate speech according to community guidelines in less than 24 hours across these social media platforms. The EU has ramped up efforts leading to this code of conduct following the recent terrorist attacks in Brussels and Paris. Also: Beware the Global Net Police - http://archive.wired.com/politics/law/news/2002/12/56916 (2002 in "Wired" by yours truly) A Proposal for Dealing with Terrorist Videos on the Internet http://lauren.vortex.com/archive/001139.html (Dec 2015 from my legacy blog)
http://www.theregister.co.uk/2016/05/31/windows_10_samsung_fail/ Samsung is advising customers against succumbing to Microsoft's nagging and installing Windows 10. The consumer electronics giant's support staff have admitted drivers for its PCs still don't work with Microsoft's newest operating system and told customers they should simply not make the upgrade. That's nearly a year after Microsoft released Windows 10 and with a month to go until its successor - Windows 10 Anniversary Update - lands. Samsung's customers have complained repeatedly during the last 12 months of being either unable to install Microsoft's operating system on their machines or Windows 10 not working properly with components if they do succeed. However, with the one-year anniversary fast approaching it seems neither of these tech giants have succeeded in solving these persistent problems.
Kastle Systems, a supplier of access control systems, has a new application to turn your cell phone into your building access badge. We don't need no syncing badges! I can't imagine anything would ever go wrong. No one's phone ever gets cracked, no OS upgrade breaks existing apps, phones are never stolen, and the batteries last forever! <https://www.washingtonpost.com/business/capitalbusiness/with-new-hands-free-system-kastle-is-investing-big-in-office-security/2016/06/03/3f018a0a-2429-11e6-9e7f-57890b612299_story.html> [Also noted by Geoff Goodfellow. PGN]
John Ribeiro, InfoWorld, 2 Jun 2016 There are lies, damned lies, statistics, damned statistics, and then there are CPU benchmark scores. To this, we might add market share: Svetlana Blackburn says she was terminated from her job as senior finance manager because she threatened to blow the whistle on accounting principles she considered unlawful http://www.infoworld.com/article/3078071/cloud-computing/oracle-employee-says-she-was-sacked-for-refusing-to-fiddle-cloud-accounts.html selected text: A senior finance manager in Oracle's cloud business has complained to a federal court that she was terminated from her job because she refused to go along with accounting principles she considered unlawful. Blackburn alleges that upper management was trying to fit "square data into round holes" in a bid to boost the financial reports of the cloud services business, which would be "paraded" before company leaders and investors.
Asha Barbaschow, ZDnet, 3 Jun 2016 The New South Wales government has undertaken a project in Sydney's south to determine who lives where and with whom, with the intention of reducing monitoring residents' movements to 30-minute intervals. http://www.zdnet.com/article/nsw-government-playing-big-brother-with-citizens-data/
http://www.flanderstoday.eu/business/right-be-forgotten-extends-newspaper-archives The "right to be forgotten", which allows members of the public to have references to their private life removed from Internet searches, also extends to newspaper archives, the Cassation Court has ruled ... The Rossel group said it regretted the ruling, which it said "opens the door to the rewriting of history". Now they're going after primary sources, not restricted to search results. This is an Orwellian nightmare in the making.
Shutdowns are front page news when at airports...but at hospitals, not. http://www.post-gazette.com/news/transportation/2016/05/30/Computer-glitch-resolved-at-JFK-Airport-after-massive-delays-memorial-day-new-york-Verizon/stories/201605300091 Mr. Buccino said a server providing wireless Internet and other computer services had problems at about 4 p.m. Sunday, which required manual check-in. An airport official said the services were provided by Verizon, which did not offer a comment when reached on late Sunday. Mr. Buccino said Terminal 7 is operated by British Airways, which leases space to other carriers. He said at one point Sunday night, more than 1,000 passengers were waiting in line to get checked in. A line of frustrated economy-class passengers could be seen stretching out the terminal doors, snaking up the sidewalk all the way back onto the elevated roadway that leads to the terminal. Inside, airline employees were writing boarding passes by hand, sometimes in pencil. Sent from my Verizon Wireless BlackBerry
With many organizations, as soon as any employee detects that a breach, or other cyber intrusion is in progress, that individual captures evidence of what's going on, and informs upper management. If upper management believes the employee report, then the exposed material is shut down from Internet to prevent further leakage, unless the organization already has some plan in place to let the leakage continue, because law enforcement can track the perpetrators, and more likely to catch them if the leak continues. Sometimes security personnel are authorized to do the shut down, without waiting on upper management approval. That is the normal process, but there are exceptions. OPM breach, new info I learned, thanks to a post on a Linked In cyber security group: The breach was first discovered April 15 or 16, 2015 by an OPM contract engineer, with CSRA, using a Cylance tool. Within a day, OPM sought help with this situation from U.S.-Computer Emergency Readiness Team. (US-CERT) A week later, April 22, it was re-discovered by CyTech Services demo of cyber breach detection software. It appears that OPM was more interested in comparing cyber security detection products, than fixing known vulnerabilities. CyTech says they helped OPM clean up the vulnerability, thanks to an oral contract with OPM, for which they are owed $ 600,000.00. OPM denies this. http://democrats.oversight.house.gov/sites/democrats.oversight.house.gov/files/documents/2016-05-26.EEC%20to%20HPSCI%20Re.CyTech.pdf http://fedscoop.com/how-the-opm-breach-was-really-discovered https://fcw.com/articles/2016/05/26/cummings-letter-opm-breach.aspx Manchurian chip is when hardware & software is purchased from nations which are not good friends, so there is a risk that they will come supplied with spy tech to help our adversaries. Many gov tech buyers have not yet learned that lowest bidder increases risk of this. It amazes me that our US State Dept buys computer stuff from Iran, China, Russia and North Korea. Sounds like the division, which identifies threats, is not on speaking terms with the one which figures out where to buy stuff. That tends to support my notion that Clinton server was safer than gov server. Clinton e-mail server story has not changed, except for a few additions, latest—it had an Internet-based printer. http://krebsonsecurity.com/2016/05/did-the-clinton-email-server-have-an-internet-based-printer/ I think the bigger political tech story will be when MSNM starts covering the trial, where on the very first day of the Republican Convention, Donald Trump is scheduled to be in court to answer charges of fraud with his Trump University. Which of the two places will he show up at? If he fails to appear at the trial, will federal marshals be sent to drag him away from the convention? DHS recently did a penetration test of SSA, and had no trouble getting into everything. The test was at the request of the Social Security Administration, which did not think the problem warranted notification of Inspector General. Congressional oversight not happy, but will they budget $ to fix this? I doubt it. http://www.politico.com/tipsheets/morning-cybersecurity/2016/05/credit-for-discovering-the-opm-breach-electronic-communications-transaction-records-fight-unfolds-united-states-and-brazil-no-good-on-botnets-214527 OPM Breach - we previously learned that this was one of the worse breaches for the federal government, and it was thanks to NSA injecting vulnerabilities into software sold to the feds. NSA believes that they can spy on anything they please this way, without anyone other than NSA using the vulnerabilities they deliver all over the place. Many people have pointed out that they are wrong, but they continue to be in denial. Ditto many national leaders which support FBI doing the same thing. So it does not matter what OPM did to fix that breach, they can be sure that thanks to NSA FBI and other government intelligence and law enforcement agencies, there will be more vulnerabilities delivered in the future. https://en.wikipedia.org/wiki/Office_of_Personnel_Management_data_breach Panama Papers group: https://www.linkedin.com/groups/8508998
One thing that immediately stood out for me, in the cell phone study, was they claim to have found a link between cell phone radiation and cancer for CDMA signals, but not for GSM signals. If there were a link, I would expect it to potentially be sensitive to power level or frequency band, but definitely not to the protocol in use. To me this is a big red flag that the results may be statistical noise and not a sign of an actual effect.
Keep in mind that traditional CDMA is spread spectrum and traditional GSM is not.
While I agree with Rogier Wolff's basic premise, I think that the specific example of the OKCupid dataset release is not appropriate. It's one thing when "data is public", e.g., a single query can dump a shouldn't-have-been-accessible database. It's quite another to put in the effort of harvesting information (thousands, millions of queries), analyse it, create a report about its contents, and then publish it. While one can reasonably criticise OKCupid profile holders for being upset that they could be discovered, and we must case blame on developers and system engineers who leave systems vulnerable through common errors and negligence, one must criticise a "researcher" who violates the intended use, Terms of Service, privacy, and almost surely law in a case such as this. It was irresponsible and unethical, civilly culpable, and quite probably criminal. Jay Libove, CISSP, CIPP/US, CIPT, CISM Barcelona, Spain
By chance I have a book to hand called the "Shorter Illustrated History Of The World" by J M Roberts (pub 1993). The section on the French Revolution includes this: '... the revolution was a was a touchstone of political opinions. If you were for the revolution... you probably believed in free speech and the wickedness of press censorship... if you were against the revolution, you looked for strong government... you believed it was wicked to allow the spread of harmful opinion, and you thought discipline and good order more important than personal freedom.' So it seems that the world is divided into those who feel that liberty is a nice idea as long as it doesn't get too much in the way of the government running things, and those who feel that protecting liberty should be what government is all about. By the way, as many RISKS readers will know, we in the UK are due to have a referendum on June 23rd about our membership of the EU. Much of the debate has been about financial matters, but personally I feel that a big problem is the culture clash between us Brits and our 'Anglo-Saxon' ways, and the other European countries (e.g. RTBF).
The Daily WTF via NNSquad http://thedailywtf.com/articles/the-oracle-effect Even simple rituals can feed into this Oracle Effect. For example, PayPal doesn't want to handle transactions for ISIS, which isn't unreasonable, but how do you detect which transactions are made by honest citizens, and which by militants? What about just blocking transactions containing the letters "isis"? This seems like a pretty simple algorithm, but think about the amount of data flowing through it, and suddenly, it picks up the air of ritual- we have a magic incantation that keeps us from processing transactions for militants. Using algorithms and decision-support systems isn't bad. It's not even bad if they're complicated! They're solving a complicated problem, and we'd expect the resulting system to reflect at least some of that complexity. A recent conference hosted at NYU Law spent time discussing how we could actually avoid biases in policing by using well-designed algorithms, despite also pointing out the risks and dangers to human rights. These sorts of decision-making tools can make things better- or worse. They're just a tool.
How about these words, ending in "isis", all verboten! anaclisis anacrisis anagnorisis anticrisis aphanisis arthrocleisis arthroclisis bronchiocrisis bronchophthisis cardioschisis celioschisis chorisis corocleisis craniorhachischisis cranioschisis crisis cystophthisis cystoschisis decisis diacrisis diaschisis eccrisis enclisis enterocleisis enteroclisis enterophthisis epicrisis erythrocytoschisis gastrophthisis gastroschisis hemophthisis heterogenisis hisis hypocrisis hysterocleisis iridencleisis isis karyoschisis laryngophthisis lithophthisis merisis minicrisis myelophthisis nephrophthisis ophthalmophthisis otocleisis pachisis palatoschisis panmyelophthisis parisis phthisis plasmaphoresisis pneumonophthisis proclisis prosoposchisis pylorocleisis rachischisis serophthisis splenocleisis spondyloschisis staphyloschisis syncrisis synezisis thoracoceloschisis thoracogastroschisis thoracoschisis tracheoschisis trichoschisis uranoschisis urophthisis
I've used Steve Gibson's "Never 10" utility on a half-dozen Windows 7 and 8.1 machines. It works as advertised and seems to be nicely implemented. https://www.grc.com/never10.htm
> The main trouble is that when a main road is blocked, GPS may direct > drivers through side streets—which would quickly block much worse if > hundreds of cars pour into them, all following the same instructions. I agree - this would then block up those alternative ways as well and the routing algorithm would not know what to do. This should not apply to self-driving cars. Ideally the car-router should learn to bunch up groups of self-driving cars and take control of the traffic lights(!) to interleave car groups and keep them moving (one known strategy). I wonder if more of the traffic system being centrally automated will make it better or worse. I suspect people driving cars introduces a lot of entropy which would be removed by self-driving cars. This would seem to raise the risk of a pile of classic problems to do with lack of damping, to say the least?
> Now, experts say, the same connectivity may also offer a solution to this > cybersecurity problem, in the form of over-the-air updates. ... Gack, choke. See Harold Feld's long but very well informed piece on DSRC. It's all about the spectrum squatting and monetizing your data, hardly if at all about car safety. Car companies have a history of completely failing at cybersecurity and the NHTSA which is mandating DSRC is no better. http://www.wetmachine.com/tales-of-the-sausage-factory/how-dsrc-makes-us-less-safe-privacy-and-cybersecurity-part-1/
By the way, Google won. The jury found that Google's use of Oracle's APIs were protected by fair use. Oracle of course says they'll appeal. http://arstechnica.com/tech-policy/2016/05/google-wins-trial-against-oracle-as-jury-finds-android-is-fair-use/ If this ridiculous screed by one of Oracle's lawyers is any indication, Google doesn't have much to worry about. http://arstechnica.com/tech-policy/2016/05/op-ed-oracle-attorney-says-googles-court-victory-might-kill-the-gpl/ (Latter piece and its inanity also noted by LW.)
> I believe you are referring to pseudorandom numbers, not random numbers. > Big difference. A few moments spent looking at the article confims that they're talking about actual random numbers. To get random numbers, you need to start with an entropy source, but it's hard to find high quality sources, particularly if you need a lot of random numbers. This paper describes a new way to take two low quality sources and create a high-quality source from them. https://threatpost.com/academics-make-theoretical-breakthrough-in-random-number-generation/118150/
Please report problems with the web pages to the maintainer