Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
FYI—Particularly important for judges [who are hiding something] Joseph Cox, Motherboard, 6 Aug 2016 Department of Justice Official Tells Hundred Federal Judges to Use Tor https://motherboard.vice.com/read/department-of-justice-official-tells-hundred-federal-judges-to-use-tor The US government has a complicated relationship with Tor. While the US is the biggest funder of the non-profit that maintains the software, law enforcement bodies such as the FBI are exploiting Tor browser vulnerabilities on a huge scale to identify criminal suspects. To add to that messy, nuanced mix, one Department of Justice official recently personally recommended Tor to a room of over a hundred federal judges. Ovie Carroll, director for the Cybercrime Lab at the Department of Justice, urged the judges to "use the TOR [sic] network to protect their personal information on their computers, like work or home computers, against data breaches, and the like," Judge Robert J. Bryan said in July, according to a hearing transcript released on Friday. "I was surprised to hear him urge the federal judges present," Bryan said. Bryan was talking during a hearing on two motions to withdraw guilty pleas in the FBI's recent mass hacking campaign. In February 2015, the FBI took over a dark web child pornography site called Playpen, and deployed malware in an attempt to identify the site's visitors. Bryan has resided over several resulting cases from that investigation. "I almost felt like saying, 'That's not a good way to protect your stuff, because the FBI can go through it like eggshells,'" Bryan continues. Of course, this isn't really true: although the FBI has had some notable successes at identifying criminal suspects on the dark web with technological means, it is not the norm. It's worth remembering Carroll is not the only Justice Department or US law enforcement official to endorse Tor. According to emails obtained by Motherboard, one FBI agent was also an advocate of Tor. Indeed, it would be exceptionally foolish to assume that every law enforcement or justice official would automatically be antagonistic towards Tor. By its very nature, Tor is a dual-use technology; it can be used to protect individual privacy, circumvent censorship, and obfuscate metadata. But it can also be used by some pedophiles to remain one step ahead of the cops. Also, if Judge Bryan's comments are accurate, Carroll's advice may not have been that robust anyway. Tor is not really useful for protecting personal information on computers, or necessarily mitigating the damage from data breaches: those just aren't the sort of things that Tor protects against. Regardless, it's still noteworthy to see this advice coming from a Department of Justice official.
http://abcnews.go.com/Health/wireStory/delta-grounds-flights-due-systems-problems-41198955 Delta Air Lines delayed or canceled hundreds of flights Monday after its computer systems crashed, stranding thousands of passengers on a busy travel day. About six hours into the outage, the airline said that limited flights were resuming but that were delays and cancelations were continuing. The Atlanta-based airline said that a power outage at a facility in Atlanta at around 2:30 a.m. Eastern started the cascading meltdown. [Also: Delta Air Lines Computer Failure Hobbles Service] http://www.nytimes.com/2016/08/09/business/delta-air-lines-delays-computer-failure.html
Remember the cargo ship that sank off US east coast Oct 2015 during Hurricane Joaquin? The operators knew this bad weather was in the forecast, and that the ship was experiencing engine troubles, not yet fixed, but they deliberately gambled, sending the ship into harm's way, at risk of engine failure during the worst kind of storm imaginable, according to news media stories at the time. A series of efforts to recover the ship's black box, called a Voyage Data Recorder (VDR) from wreckage over 15,000 feet down on ocean floor, finally paid off. US efforts included: NTSB; US Navy; US Coast Guard; Woods Hole Oceanographic Institute; National Science Foundation (NSF); University of Rhode Island; and Phoenix International. More info, found so far, on NTSB web page about the El Faro continuing investigation: http://www.ntsb.gov/investigations/Pages/2015_elfaro_jax.aspx
GPS coordinates for Australia need to be updated so applications like driverless cars can work. http://www.abc.net.au/news/2016-07-28/why-it-matters-that-australias-coordinates-are-moving/7668014
Liam Tung, ZDNet, 11 Aug 2016 Researchers find flaws in the keyless entry system used in around 100 million vehicles from the Volkswagen Group. http://www.zdnet.com/article/millions-of-vw-cars-at-risk-wireless-hack-lets-crooks-clone-volkswagen-keys-at-100m/ selected text: If you own a Volkswagen with keyless entry, it's likely to be vulnerable to a remote-cloning attack, according to new research. The researchers argue that, given their findings, insurance companies may need to accept that cases that look like insurance fraud, such as a laptop stolen from a locked car without any physical traces of a break-in, can plausibly be an actual theft.
At DefCon, researchers demonstrated how they could hack the sensors to cause a Tesla to hit an object it would otherwise avoid. *Business Insider* reported this, as noted in today's local *Daily Post*.
Andy Greenberg, Wired, 08.10.16 4:29 pm. https://www.wired.com/2016/08/oh-good-new-hack-can-unlock-100-million-volkswagens/ In 2013, when University of Birmingham computer scientist Flavio Garcia and a team of researchers were preparing to reveal a vulnerability that allowed them to start the ignition of millions of Volkswagen cars and drive them off without a key, they were hit with a lawsuit that delayed the publication of their research for two years. But that experience doesn't seem to have deterred Garcia and his colleagues from probing more of VW's flaws: Now, a year after that hack was finally publicized, Garcia and a new team of researchers are back with another paper that shows how Volkswagen left not only its ignition vulnerable but the keyless entry system that unlocks the vehicle's doors, too. And this time, they say, the flaw applies to practically every car Volkswagen has sold since 1995.
http://www.nytimes.com/2016/08/11/us/politics/democratic-party-russia-hack-cyberattack.html A Russian cyberattack is now thought to have breached the private email accounts of more than 100 party officials and groups.
Supplementing previous claims by "security experts" in U.S. intelligence (and Democratic officials) that the Russians hacked the DNC e-mails, Julian Assange is suggesting that the e-mails were leaked to WikiLeaks by Seth Conrad Rich, a DNC staffer who was murdered in Washington DC on 8 Jul 2016. A front-page blurb (with no further story inside) in today's *Daily Post* (a free weekday paper for the Palo Alto area) notes that "Rich's death has been explained away as a robbery, but his assailant left his watch, money, credit cards and phone. [PGN-ed]
[With the Internet, you can make mistakes bigger and faster than ever! Or spread rumours.] David Gewirtz for ZDNet Government, 5 Mar 2015 The media creates mythology. David Gewirtz looks at how the AP created a new, completely false Hillary Clinton myth about a fake identity, how it's sticking, and where it all went wrong. http://www.zdnet.com/article/emailgate-how-media-mythology-created-hillary-clintons-fake-fake-identity/ opening text: There is more to the Hillary Clinton personal email story than just Hillary Clinton and her personal email use. It's also a story about a trusted news establishment that broke a story in the morning about the leading presumptive presidential candidate using a fake identity, let it run through an entire day's news cycle, and then changed that story in the same article later that evening—without ever releasing an update or correction. [Reminder: the DNC e-mail hack and the Hillary e-mail hack are different cases, although they have the common genesis in poor system security. PGN]
Krebs on Security reported a data breach with Oracle's MICROS Point of Sale System. <http://krebsonsecurity.com/> <http://krebsonsecurity.com/2016/08/data-breach-at-oracles-micros-point-of-s ale-division/> MICROS is very popular in the hospitality industry, hotels, food and beverage sales. In 2014 they had 330,000 sites in 180 nations. Oracle has called on 100% of the sites to change 100% of their passwords, for 100% of their accounts.
(Motherboard via SlashDot) [ ...time to return to pen and paper ?!! ] One Billion Monitors Vulnerable to Hijacking and Spying <https://hardware.slashdot.org/story/16/08/07/1546208/one-billion-monitors-vulnerable-to-hijacking-and-spying> "We can now hack the monitor and you shouldn't have blind trust in those pixels coming out of your monitor..." a security researcher tells Motherboard. "If you have a monitor, chances are your monitor is affected." A Slashdot reader quotes a Motherboard's article: > if a hacker can get you to visit a malicious website or click on a > phishing link, they can then target the monitor's embedded computer, > specifically its firmware... the computer that controls the menu to > change brightness and other simple settings on the monitor. > The hacker can then put an implant there programmed to wait... for > commands sent over by a blinking pixel, which could be included in > any video or a website. > Essentially, that pixel is uploading code to the monitor. <https://slashdot.org/motherboard.vice.com/read/hackers-could-break-into-your-monitor-to-spy-on-you-and-manipulate-your-pixels> > At that point, the hacker can mess with your monitor... > > [T]his could be used to both spy on you, but also show you stuff > that's actually not there. A scenario where that could dangerous > is if hackers mess with the monitor displaying controls for a power > plant, perhaps faking an emergency. The researchers warn that this > is an issue that could potentially affect one billion monitors, given > that the most common brands all have processors that are vulnerable... "We now live in a world where you can't trust your monitor," one researcher told *Motherboard*, which added "we shouldn't consider monitors as untouchable, unhackable things."
(Translator's note: Garda = Civic Guard, i.e., police, plural Gardai) http://www.rte.ie/news/2016/0808/807804-garda-it-security/ Garda IT system restored following attempted hack. Gardai revealed last week that a new strain of malware had been found on their systems. They stressed that no data was compromised and that its main database, PULSE, and the Garda website were not affected. The Garda Computer Crime Unit is continuing its investigation into the incident. The malware involved was referred to as "zero day", meaning it was not previously known.
IoT meets Rule 34? Zack Whittaker, ZDNet, Aug 2016 Is nothing sacred in this world? http://www.zdnet.com/article/now-even-your-sex-toys-are-spying-on-you/ selected text: Dubbed the "number one couple's vibrator," the We-Vibe 4 Plus is the latest in Internet-connected sex toys. It connects wirelessly to a smartphone over Bluetooth so a user or their partner can control the vibration intensity and mode. It also comes with Internet connectivity so that a long-distance partner can control the device from anywhere. The trouble is, it's spilling your sexual secrets to its manufacturer. [and presumably is easily hacked by someone who has also hacked the camera on your laptop? PGN]
https://www.propublica.org/article/looks-can-kill-the-deadly-results-of-flawed-design I wear a hearing aid. With it (working correctly), I hear my auto chiming, then I check visual clues to figure out what it is complaining about. Without the hearing aid, all I have are the visual clues, which I might not notice as rapidly as I would like. If a hearing aid is not working correctly, we do not know it. We might not be hearing bird song, but there might not be any birds around sining. A mosquito makes a buzzing ound. We might not hear that, but who knows there's an insect around, unless it is prominent in our vision. We only hear rainfall, depending on which direction it is arriving. So if a hearing aid is down, that may not be immediately obvious. When is a hearing aid not working correctly? There are several possible causes. We may be overdue to change the battery. We may be overdue to clean the ear wax out of the tubes. So is there a technology to alert a hearing aid user: “Hey, your hearing aid is malfunctioning.'' When leaving home, push a button, hear some musical tinkle, or not—tell us to do extra checking. That design would not work effectively for me, as I have Tinitus, where intermittently I am hearing some sound, which is a common sound in my life: Air conditioner fan; alarm clock; door bell; phone ringing, etc. except that sound is a hearing hallucination. If the musical tone test was often played, it would get added to tinnitus repertoire of intermittent surprises. I do not know what association triggers a tinnitus episode.
BackChannel via NNSquad The Next Generation of Wireless—"5G"—Is All Hype. https://backchannel.com/the-next-generation-of-wireless-5g-is-all-hype-1790239b8ca8#.13g0n83nf The meaning seems obvious—our current communications system is 4G, so of course we must already have the next generation in line. Telecom executives play on this perception. Lowell McAdam, the CEO of Verizon, says 5G is "wireless fiber." (And I thought fiber was fiber.) SK Telecom says it will soon be able to transfer holograms and enable virtual reality over 5G networks that are 100 times faster than current 4G LTE connections. Noise about 5G is incessant and triumphant, a constant drumbeat of predictions crowing about the arrival any day now of seemingly costless, ubiquitous, instantaneous, unlimited connectivity. The promises are as lofty as those made for cold fusion. But the science behind that "breakthrough" turned out to be a bust. Likewise, the "5G" story is far more complex, calculated, and contingent than anyone in the carriers' PR departments wants you to know.
http://arstechnica.com/information-technology/2016/08/us-broadband-still-no-isp-choice-for-many-especially-at-higher-speeds/ The latest Federal Communications Commission statistics show that Americans still have little choice of high-speed broadband providers. On the surface, the numbers appear to show that the broadband market has gotten slightly less competitive since 2013. But what has really happened is the FCC is collecting more granular data that better illustrates the lack of choice for most Americans. Things are probably getting a little better as providers boost speeds and new entrants like Google Fiber and municipal ISPs offer service. But the FCC's improved statistical analysis shows how far there is to go.
Steve Ranger, ZDNet, 2 Aug 2016 via ACM TechNews, Monday, August 8, 2016 Researchers are looking into the construction of new quantum-proof cryptography in order to thwart quantum-based schemes that future hackers could potentially use to crack sensitive data. "If large-scale quantum computers are ever built, they will be able to break many of the public-key cryptosystems currently in use," warns the U.S. National Institute of Standards and Technology (NIST). "This would seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere." NIST is requesting comments on a new process to find and assess public-key cryptographic algorithms that quantum computers cannot decrypt. NIST's goal is to create systems that are resistant to both quantum and classical computers, as well as interoperable with existing communications protocols and networks. The agency is investigating preliminary evaluation criteria for quantum-resistant public-key cryptography standards, which is slated for finalization by year's end. NIST then will start accepting proposals for such encryption, digital signatures, and key exchange algorithms, with a deadline in late 2017, followed by three to five years of public scrutiny before their acceptance as standards. http://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-10d12x2f8d0x073912&
Zack Whittaker for Zero Day, How secure is "secure enough"?, ZDNet, 9 Aug 2016 http://www.zdnet.com/article/all-talk-little-action-samsung-shows-how-not-to-do-security/ selected text: In security, how a company responds to a potential flaw matters. Samsung may learn that lesson as it dueled on social media after a researcher revealed a flaw in Samsung Pay. Or as one security researcher told me this afternoon, "it's a pity that Samsung's going for security-by-public-denial."
(IEEE Spectrum via SlashDot) <https://yro.slashdot.org/story/16/08/06/1634220/nigerian-scammers-infect-themselves-with-own-malware-reveal-new-fraud-scheme> "A pair of security researchers recently uncovered a Nigerian scammer ring that they say operates a new kind of attack...after a few of its members accidentally infected themselves with their own malware," reports IEEE Spectrum. "Over the past several months, they've watched from a virtual front-row seat as members used this technique to steal hundreds of thousands of dollars from small and medium-sized businesses worldwide." Wave723 writes: > Nigerian scammers are becoming more sophisticated, moving on from former > 'spoofing' attacks in which they impersonated a CEO's email from an > external account. Now, they've begun to infiltrate employee email > accounts to monitor financial transactions and slip in their own routing > and account info...The researchers estimate this particular ring of > criminals earns about US $3 million from the scheme. After they infected their own system, the scammers' malware uploaded screenshots and all of their keystrokes to an open web database, including their training sessions for future scammers and the re-routing of a $400,000 payment. Yet the scammers actually "appear to be 'family men' in their late 20s to 40s who are well-respected, church-going figures in their communities," according to the article. SecureWorks malware researcher Joe Stewart says the scammers are "increasing the economic potential of the region they're living in by doing this, and I think they feel somewhat of a duty to do this."
TechCrunch via NNSquad https://techcrunch.com/2016/08/09/facebook-will-bypass-web-adblockers-but-offer-ad-targeting-opt-outs/ Facebook is making the HTML of its web ads indistinguishable from organic content so it can slip by adblockers. But in exchange for taking away this option for controlling ads from people, its allowing them to opt-out of ad targeting categories and Custom Audience customer lists uploaded by advertisers. Today all desktop users will see an announcement atop the News Feed explaining that while web adblockers may no longer work, they can visit their Ad Preferences settings to block ads from particular businesses. It should be noted that Google has *long* offered detailed controls to users over both local and third-party ad targeting, at: https://www.google.com/settings/ads
Fahmida Y. Rashid, InfoWorld, 11 Aug 2016 Microsoft's Secure Boot prevents unauthorized software from running on Windows systems, but a leaked superpolicy bypasses those restrictions http://www.infoworld.com/article/3106079/security/secure-boot-proves-insecurity-of-backdoors.html selected text: Microsoft's mistake with Secure Boot and its secret policy is a perfect illustration of why it's too dangerous to create encryption systems with a secure backdoor. Someone will inevitably make a mistake, and users are left vulnerable while the company scrambles for a fix. "This is a perfect real-world example about why your idea of backdooring cryptosystems with a 'secure golden key' is very bad!" the researchers said in a pointed message to the FBI. [PGN notes other sources:] http://appleinsider.com/articles/16/08/10/oops-microsoft-leaks-its-golden-key-unlocking-windows-secure-boot-and-exposing-the-danger-of-backdoors http://arstechnica.co.uk/security/2016/08/microsoft-secure-boot-firmware-snafu-leaks-golden-key/
Mark Hachman, Senior Editor, PCWorld, 5 Aug 2016 The new policy means that you have until August 12 to decide whether you like Windows 10. http://www.pcworld.com/article/3104919/windows/microsofts-giving-you-just-10-days-now-not-31-to-change-your-mind-about-windows-10.html opening text: Microsoft has hidden a new downgrade policy within the Windows 10 Anniversary Update: Once you've installed it, you'll only have 10 days to downgrade to an earlier version or build, rather than the 31 days provided before. Historically, Microsoft had given users a full month to roll back any updates, including upgrades to Windows 10. Supersite for Windows reported this week, however, that it was unable to downgrade to an earlier build after a 10-day limit had expired, though it wasn't exactly clear what builds the limit applied to. We asked Microsoft for clarification, and it boils down to this: Applying the Anniversary Update triggers the new policy. According to Microsoft, it doesn't matter whether you've upgraded to Windows 10 from Windows 8 or Windows 7, or whether you simply updated your PC from an earlier version of Windows 10. Once you've installed the Anniversary Update, you have 10 days to back out, not 31, before the AU becomes "permanent." "T]his new 10-day behavior is for all upgrades and updates to the Anniversary Update," the representative said in an email.
https://www.microsoft.com/en-us/research/microsoft-researchers-enable-secure-data-exchange-cloud/?tduid=(ab98ed1e001ac82e561d59468b39dda4)(256380)(2459594)(TnL5HPStwNw-9G8wAMniIj98.mEDeTS.3A)()
In the future, machine learning algorithms may examine our genomes to
determine our susceptibility to maladies such as heart disease and cancer.
Between now and then, computer scientists need to train the algorithms on
genetic data, bundles of which are increasingly stored encrypted and
secure in the cloud along with financial records, vacation photos and
other bits and bytes of digitized information. And there the data sits,
full of potential but ultimately of little use to anyone but its owner.
That's because encrypted data must first be decrypted before it can be
used. But decrypted data is vulnerable to malicious attacks, which
creates a tradeoff between data usability and security. New research from
Microsoft aims to unlock the full value of encrypted data by using the
cloud itself to perform secure data trades between multiple willing
parties in a way that provides users full control over how much
information the exchange reveals.
[Gnomes in the Genomes? PGN]
Corporations are turning to Apple's products for their tight-knit hardware and software, advanced security and intuitive interfaces. http://www.nytimes.com/2016/08/08/technology/once-taunted-by-steve-jobs-companies-are-now-big-customers-of-apple.html
I concede that my mini-editorial in RISKS-29.67 might have been a little
over the top. I have certainly overgeneralized with respect to the British
usage, for I know Brits and others who agree with me that coined-word
acronyms composed of proper nouns and proper names deserve initial caps.
However, let's see what we might agree upon. Here's my current thinking.
[Contributions of others are mostly indented. Square brackets surround my
interspersed annotations.]
Regarding "The Internet", there is a big difference between The Internet
specifically and any one of a variety of possibly less comprehensive
internet(works) of networks.
Regarding initial capitalization of proper nouns and proper names, Lauren
Weinstein observes the difference between "The U.S. Congress" and just plain
"congress". (However, perhaps we should refer to the former as the
U.S. congress, considering its "improper" recalcitrance as an impediment to
progress.)
Dictionary.com distinguishes among abbreviations (U.S.), acronyms (OPEC,
loran, snafu) that are pronounceable words, and initialisms (FBI, CIA) that
are not pronounceable. However, an *initialism* may actually become an
acronym when the word becomes part of the language. The difference lies in
how the literal string is pronounced (see below).
The word "acronym" seems to be defined in many different ways. Here's one
that is not quite right:
* From WordNet (r) 3.0 (2006):
acronym (n1):
a word formed from the initial letters of the several words in the name
* Dictionary.com has this definition of "initialism":
Initialism:
a set of initials representing a name, organization, or the like, with
each letter *pronounced separately*, as FBI for Federal Bureau of
Investigation.
There are various quirks here. Some acronyms use letters other than the
initial letters; also, it is not clear what constitutes a "name" or a "word"
-- and in what language. Also, "initials" usually refers specifically to
the first letters of names, as in PGN, which leaves a question of whether to
omit particles in multi-word complex names that are often lower-cased (von,
de la, prepositions, and so on).
Here are two self-defining acronyms:
ACRONYM—Abbreviated Coded Rendition Of Name Yielding Meaning (acronym)
ACRONYM—Abbreviation by CROping Names that Yield Meaning (acronym
if you ignore the "initial letter" restriction)
These are examples of "Backronyms"—in that the expansion has been
constructed from the word, rather than the other way around.
Then there are the issues with upper-case versus lower-case, which began
here with "The Internet" as a proper name, and considered further below.
Dictionary.com gives the example of "Wac" for the Women's Army Corps, rather
than "WAC" (as an acronym). It would seem more logical that the case of a
letter in an acronym should reflect the case of each letter being
acronymized—as in WAC, the "CRO" in ACRONYM above, or "DoD" for the
Department of Defense). Thus, "loran" and "snafu" seem natural as
all-lower-case acronyms because the expansion has all lower-case letters.
The same should be true of initialisms (e.g., DoD)! Gee whiz, it seems
"DoD" could be an abbreviation, an acronym if you confusedly pronounced it
as "dod", but certainly an initialism (D.o.D). Note that "US" would be an
acronym (although very confusing if pronounced "us" when it really refers to
those of *us* in the U.S. (which is why we prefer "U.S."). It is also an
abbreviation—but should never be lower-cased! In general, pronounceable
two-letter acronyms are terrible without the periods, but F.B.I. as an
initialism with periods would seems like overkill, because there is no
ambiguity with "FBI". Pronounceable three-letter acronyms (TLAs) that are
lower-cased and words with a completely different meaning would also seem to
be very bad. But the recursive acronym GNU is really lovely ("GNU is Not
Unix").
Delightfully, Jay Ashworth <jra@baylink.com> recalls the following
definition, probably from his high-school English: an acronym is
"something that has been adopted as a full-fledged word into the parent
language, which started life as an initialism." Maybe that's useful, but
not definitive—as there seem to be some corner cases. Jay also offered
this pithy thought: "The confusion comes because unpronounceable
initialisms—those which must be pronounced as their component letters
—nearly never get promoted to actual acronym words."
All of this reminds me (noted in RISKS-29.67) of the difference between ACL
(access-control list, generally pronounced "ackle" but not a word) and RNG
(random-number generator, generally pronounced "R.N.G." Thus ACL and RNG
are both acronyms (if you were to pronounce the latter as "orange"), whereas
RNG is *also* more widely thought of as an initialism. Thus, my pun about
"comparing ACLs and RNGs" is even more of type mismatch than it might seem.
Furthermore, certain acronyms may also be considered to be initialisms
depending on how they are (mis)pronounced. Also, what about "gif" and "GIF"
for graphics interface format, pronounced as gif (respecting that the g in
graphics is hard, but nevertheless pronounceable) or jif (odlly, which
actually is a slang word), or G.I.F., according to your upbringing. Thus,
"gif" could be an acronym, or an initialism, or both!
Here's an example of how pronunciation might make a difference:
VERA, or V.E.R.A.—Virtual Entity of Relevant Acronyms (a pronounceable
word/name as an acronym in some languages, or initialism, respectively)
Here are some further replies to my previous posting:
* Martyn Thomas <martyn@thomas-associates.co.uk> notes:
*Hart's Rules* has "Internet" as the preferred spelling.
I'd back OUP over AP as the arbiter.
* Peter Simpson <PSimpson@continuuminnovation.com>
My son learned this in the Army: an Acronym is a pronounceable sequence of
initial letters. e.g.: NASA, vs an "Initialism"—which is not
pronounceable. e.g.: NFPA.
[The military is of course very dependent on acronyms and initialisms, and
perhaps *could not exist* without them. However, it is certainly curious
that I am devoting space in RISKS as a consequence of the dispute over "The
Internet" vs "the internet" (as opposed to the perfectly sensible "an
internet". PGN]
* "Richard S. Russell" <RichardSRussell@tds.net>
My own pet peeve about TLAs (three-letter abbreviations [actually
a three-letter acronym and three initialisms in the present context.
PGN]) involves redundancy [in the N, D, M, and P (albeit "plait" in
French) to be explicit. PGN]:
*PIN* number, *GED* diploma", *ATM* machine, and *please RSVP*
are all overkill—which hasn't seemed to slow anybody down any.
* Richard Russell also added:
One additional trivium: The Bush/Cheney Administration had approved the
name Operation Iraqi Liberation for its 2003 invasion of Iraq until
someone pointed out what the acronym would be [OIL], whereupon it was
changed to Operation Iraqi Freedom [OIF, an initialism!].
* Stephen-Payne@deshaw.com :
I heartily agree that not capitalising acronyms is weird. It can stir up a
lot of emotion, not least of all, in myself.
Stephen suggested and heartily "recommends this book for when one's blood
doth boil over abuse of the written word":
Language Myths, Laurie Bauer (Editor), Peter Trudgill (Editor),
ISBN-13: 978-0140260236 ISBN-10: 0140260234
* "Wendy M. Grossman" <wendyg@pelicancrossing.net>
... I think ["the internet"] wrong, too. But as a freelance, I note that
just about every publication I write for wants "internet" and refusing to
observe house style makes more work for copy editors, and you just make
your work that bit less salable.
... But the reality if you are anyone writing for the media is that there
are bigger battles to fight over what gets published, and this is not one
worth fighting. Save it for when the AP style book comes up for review.
[Note: Wendy lives in England.]
* "Denning, Dorothy (CIV)" <dedennin@nps.edu>
I always write "the Internet," but for the fun of it, I googled (or should
I write "Googled"?) "define internet" (intentionally using lower case
"i"). The top returns (including Dictionary.com, Merriam-Webster, Oxford)
used *uppercase* "I," though Dictionary.com noted that "While the
uppercase form Internet may still be preferred in formal writing, the
lowercase form internet is regularly used in media, especially
technology-related publications, and in most informal writing such as
email and text messages."
* Peter Simpson <PSimpson@continuuminnovation.com>:
The Internet should always be capitalized...if only because of this episode
of The IT Crowd:
https://www.youtube.com/watch?v=3Dxtke8aB0mxk
* "David Harley" <david.a.harley@gmail.com>:
Like U.S. publishing bodies in general, let alone the AP, even show
respect for British usage, let alone 'cave in' to it? And where did you
get your curious notion of what British usage is?
Strangely, despite having been a 'brit' for all of my 67 years, I agree
that 'the Internet' is not only grammatically but logically correct. Nor
can I find much love in my heart for the current trend towards lower-case
brand names, or 'downcasing' of acronyms and initialisms, while N.S.A. and
S.R.I. just look silly, as does Darpa. But why on earth are you blaming
the British for it? In nearly fifty years of authoring and editing, I've
had my share of battles with copy editors and copywriters who prioritized
someone's view of 'readability' over 'real' English, but I've never had a
publishing drone on either side of the Atlantic insist on nsa or nasa, let
alone any horrible hybrids. And certainly none of the UK newspapers and
magazines I read follow that usage.. Perhaps I read the wrong periodicals
and books, though as far as I can see even the tabloids don't seem to go
this route...
As for Argentyne, there's an etymological justification for that
pronunciation (not to mention rulings by Merriam-Webster), though
personally I'd say Argentinian and restrict my use of argentine to its
archaic meaning. Hopefully you didn't mean to give the impression that we
spell it like that.
* Jay Ashworth added this:
Concerning Argent'y'ne, it's worth noting that the demonym for a people is
actually a separate word from the name of their country, and is often
different—sometimes wildly different—and that's even before we get
to "which language are you saying it in?"]
* Continuing with David Harley's comments:
Perhaps I'm missing some subtle satirical point here, but from my side of
the Atlantic, this looks like irresponsible abuse of editorial privilege
to air a gratuitous anti-British rant based on misinformation. For a
minute there, I thought I was on Facebook.
Incidentally, my website <http://www.csl.sri.com/hyphen.html> has a rant on
hyphenation that began from noting the French word "email" and suggesting
that "e-mail" might be preferable for how you might be receiving RISKS,
because we have a slew of really ambiguous words when prefixed with an "e",
such as "I am e-numerate because I can enumerate." [Yes, I can equip you
with an e-quip.] (I clearly lost the battle on that rant.)
Indeed. as I said at the beginning of this message, I concede that my
mini-editorial in RISKS-29.67 was rather over the *top*. So I am running
this follow-up near the *bottom* of RISKS-29.68. Many thanks to all of you
who have responded. It was educational for me, at least, in trying to make
some sense out of all this. I hope this has not bored you—it actually
seems better than just pedantic. However, if you wish, you may throw sundry
(sun-dry?) tomatoes at me. PGN
Several European countries have abandoned electronic voting in favor of paper ballots exactly due to the concerns exposed in the article (and some talk about Internet voting, but that's another story). What's wrong with paper ballots, anyway? I see two *wrongs* (!): * There is no profit to be made by tech companies supplying equipment. * The media will be unhappy having to wait a few more hours for the results.
One wonders how many North Korean Russian Iranian Chinese hackers even know what a Series 1 is, much less how to hack into one.
Please report problems with the web pages to the maintainer