Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Apologies for causing the subject line of the previous two RISKS issues to disappear, because of my forgetting to remove a header line in the draft issue that comes from my mail system and enables me to append more items. We are supposed to learn from our failures; long ago Henry Petroski noted that we don't do that very well—and that we don't even learn enough from our successes either. This issue explicitly avoids the previous problem (which I have almost always assiduously avoided in past RISKS issues), and I will revert to my usual check-list in the future. The combination of extraneous text introduced by SRI's Office-365 mail system (safelinks messing with URLs, insertion of `[EXTERNAL SENDER]'—which yesterday was changed to `[CAUTION EXTERNAL]'—after protests that the clutter was annoying!—in subject lines from mail from non-SRI subscribers, and huge piles of additional header cruft) are making the editing of RISKS issues much more onerous and time-consuming. If you are submitting something for consideration for RISKS, please avoid duplicating html versions of your ASCII submission, avoid including entire copies of previous messages to which you are responding, try to minimize non-utf-8 text, and otherwise reduce the amount of editing I have to do. That will help me considerably. Thanks! PGN
Motherboard, 30 Oct 2018, https://motherboard.vice.com/en_us/article/gye4aw/why-a-helium-leak-disabled-every-iphone-in-a-medical-facility Why a Helium Leak Disabled Every iPhone in a Medical FacilityT The bizarre incident happened during the installation of an MRI machine and was a surprise to everyone except Apple. selected text: An IT worker at a medical facility made a remarkable discovery about iPhones and Apple watches earlier this month, after a freshly installed MRI machine appeared to disable every iOS device in the hospital. According to Woolridge, most of the Apple devices in the facility "seemed completely dead." Many wouldn't give any indication of charging when plugged into the wall and had issues connecting to the cellular network, but not the wifi. Woolridge ran some tests of his own to see if helium could shut down an iPhone. He placed an iPhone 8+ in a sealed bag and added some helium. In a video of the test Woolridge runs a stopwatch app on the phone. The stopwatch increasingly speeds up throughout the course of the video before the iPhone freezes at around eight minutes. The helium, it seemed, was messing with the iPhone's clock. [Gabe Goldberg added: Helium: It's not just to make your voice sound funny. PGN]
Feds say campaign hacked 13 firms in bid to help Chinese state-owned aerospace company. https://arstechnica.com/tech-policy/2018/10/feds-say-chinese-spies-and-their-hired-hackers-stole-aviation-secrets/
How'd this government agency get infected with malware? 9,000 pages of porn. An employee at the U.S. Geological Survey visited more than 9,000 pornography websites and infected the agency's network with malware, prompting calls to bolster security measures. https://www.washingtonpost.com/technology/2018/10/30/howd-this-government-agency-get-infected-with-malware-pages-porn/
I run the Safari browser on an iBook G4. Sure, it's an old machine, but it works just fine for most of what I use it for. There have always been websites that don't work or work well with the Safari browser, and it was no big deal not to bother looking at those ones. But in the last year or so, there has been a proliferation of broken websites I can't access at all, and it has now spread to websites I care about. When I write to the people who run these websites, the answer is always the same: We have to go to https otherwise Google will penalize us in the page rankings. When I pointed out that I can access many https sites just fine, one of them said that they checked with their ISP and were told that they are running the latest SSL implementation. I believe that is the problem. What would be an example of a website that works perfectly fine with my computer? This one: https://www.google.com/ What would be examples of websites that I care about which have dropped off the web (as far as I'm concerned)? Here's a few of my recently deceased former favorites: https://www.ncahf.org/ https://marginalrevolution.com/ https://www.goldmine-elec-products.com/ I think we can presume that Google has web engineers that are as good as any in the business, and they don't run broken SSL, even if it is the latest version. They probably check many computers and browsers to see that they work with the Google website, probably including mine. And they made the decision to use what they use because they don't want to dump any users like me for no good reason. The only solution appears to be to convince webmasters to use an SSL implementation that isn't broken, like what Google itself uses. And the only way to do that is for Google to downgrade broken SSL in page rank, upgrade the sites that use unbroken SSL, and make sure everybody knows it.
CAIR lawyer pleasantly surprised: "We were prepared for much more pushback." https://arstechnica.com/tech-policy/2018/10/feds-agree-to-delete-data-seized-off-womans-iphone-during-border-search/
https://www.techdirt.com/articles/20181027/08301740920/feds-also-using-reverse-warrants-to-gather-location-identifying-info-thousands-non-suspects.shtml
Over on the (ISC)^2 "community" we're discussing the ethics of who to kill in a crash, a la the old trolley problem. Someone stated that he'd never buy/get into a car that would choose to kill him. The Faraday Auto Navigating Locomotive Company is proud to announce the 2019 Faraday Watt! The Watt is our premier model, but priced for families. It has the greatest range of options in its class, including 29 cup-holders (unprecedented for a five seat model) and a 73 inch dashboard display. It also has the greatest range of user-selectable moral driving options, including "don't kill me," "kill me but leave my passengers alive," and "I'm done for, you go on and marry Alice." Watt! The fun moral driving solution! Personally, I suspect I'll have problems with cars that think they are smarter than I am, but I know that we should implement them as soon as possible because they already drive better than we do and there would be an instant saving of lives as soon as we do it. That's risk management. (And, yes, I know that there are wonderfully horrifying tales of self-driving cars failing recently. The plural of anecdote is not data.)
https://www.bbc.com/news/av/technology-45992475/robot-backpack-how-this-fusion-bot-aids-collaboration Risk: GBH (grievous bodily harm) via remote takeover.
[Note: Might make a good April Fools contribution for 2019] https://www.washingtonpost.com/world/national-security/bolton-acknowledges-us-has-taken-action-to-thwart-would-be-election-disrupters/2018/10/31/0c5dfa64-dd3d-11e8-85df-7a6b4d25cfbb_story.html "Brett Bruen, a former National Security Council official who has worked on countering Russian disinformation, called signaling 'a pretty ineffective' warning shot. 'What we have seen over recent months have been largely superficial steps, mostly for domestic consumption, to be able to say that we are doing something,' he said." A more effective warning shot would be analogous to what transpired in "French Connection 2." The French Chief Superintendent of Police in Marseilles called Popeye Doyle's mother. Call the hacker's mother and explain that her son or daughter is paid to interfere with American elections and post fake news stories to disrupt democracy. If a mother's admonishment can't change a hacker's behavior, and convince them to pursue less provocative career employment, nothing will!
https://www.washingtonpost.com/technology/the-switch/a-new-study-finds-potentially-manipulative-ads-in-apps-for-preschoolers/2018/10/30/3cc5b606-d764-496b-a5be-b8977fbb9b4c_story.html "'Our findings show that the early childhood app market is a Wild West, with a lot of apps appearing more focused on making money than the child's play experience,' Jenny Radesky, a developmental behavioral expert and an author of the study, said in a statement. 'This has important implications for advertising regulation, the ethics of child app design, as well as how parents discern which children's apps are worth downloading.' "Children use mobile devices one hour every day, on average, highlighting the importance of researching what they encounter and how it may affect their health, Radesky added."
What's missing from the detailed list of suggested tests for qualifying AV's is, IMHO, the most important aspect of driving: interaction with other drivers, understanding their intentions, and conveying our intentions to them. This point is exemplified by the accident in Las Vegas, where a truck backed into the path of an AV: A human driver would have either used his horn to alert the truck's driver, or start backing up, assuming the driver behind him would realize what was going on, and also back up; the AV in this case did neither. Human drivers make a lot of decisions based upon their social experience, not available to the current generation of AV (and probably many future generations): How to make sure other drivers understand our intentions? How are they going to react to our actions? Such decisions take into account our assessment of who the other driver is—male or female, young or old, etc.—and also on parameters like "Is it socially acceptable to use the horn in this place, or at this time of night?" Driving is a team effort; it seem likely that AVs will need to share the roads with human drivers for quite a long time, and would have to be taught some social skills, before they can blend in safely.
djc@resiak.org wrote: >Though I'm all in favor of the kind of transparency Hani Hagras proposes, >I find it difficult to imagine how we can effectively grasp and achieve >it. Vehicular manslaughter trial juries will likely be equally confounded. Consequently, vehicle manufacturers/operators will need hefty product liability insurance policies, unless there's regulatory or legislative indemnification relief. Unlike nuclear warfare's existential threat, the AV experiment on public roads raises a public health and safety risk. I certainly agree that sometimes, it is best to not pursue a solution that risks public health and safety. There's a lot of VC and institutional investor money expecting rapid AV industrial expansion. No risk, no reward. The wheels are greased to move forward with a bet that AVs constitute a "good enough" simulated equivalence of carbon-based motorist accident potential. Only a "Red Asphalt" outcome comparison per NHTSA statistics will prove this equivalence.
Please report problems with the web pages to the maintainer