The RISKS Digest
Volume 31 Issue 1

Friday, 4th January 2019

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

911 emergency services go down across the US after CenturyLink outage
ABC
Pilots Kept Losing Oxygen and the Military Had No Idea Why. Now There's a Possible Fix.
NYTimes
Huawei gives the US & allies security nightmares
Henry Baker
Wielding Rocks and Knives, Arizonans Attack Self-Driving Cars
NYTimes
Oregon Unconstitutionally Fined a Man $500 for Saying ‘I am an Engineer’, Federal Judge Rules
Motherboard via PGN
Computer Virus Disrupts Delivery Of San Diego Union-Tribune
LA Times
Car Smarts: The Future of Vehicle Tech
CTA
Drones Used to Find Toy-Like Butterfly Land Mines
Scientific American
Instagram Update Brings Horizontal Scrolling to Horrified Users
NYTimes
USA Wants to Restrict AI Exports: A Stupid and Dangerous Idea
Lauren Weinstein
Hazing
Rob Slade
Google sat on Chromecast bug for years, now hackers can wreak havoc
TechCrunch
Google erases Kurdistan from maps in compliance with Turkish gov.
LW
Re: New Zealand courts banned …; Google just emailed it out.
Chris Drewe
Re: IRS Linux move delayed
Dmitri Maziuk
Re: Innovation and Immigration
John Levine
Re: New Zealand courts banned …; Google just emailed it out.
Steve Bacher
Re: Rudy Giuliani Says Twitter Sabotaged His Tweet
Peter Houppermans
Amos Shapir
Re: MTR East Rail disruption caused by failure of both primary
Richard Stein
Info on RISKS (comp.risks)

911 emergency services go down across the US after CenturyLink outage (ABC)

Lauren Weinstein <lauren@vortex.com>
Fri, 28 Dec 2018 10:10:30 -0800

via NNSquad http://worldabcnews.com/911-emergency-services-go-down-across-the-us-after-centurylink-outage-techcrunch/

CenturyLink, one of the largest telecommunications providers in the U.S., provides Internet and phone backbone services to major cell carriers, including AT&T and Verizon. Datacenter or fiber issues can have a knock-on effect to other companies, cutting out service and causing cell site blackouts. In this case, the outage affected only cellular calls to 911, and not landline calls.


Pilots Kept Losing Oxygen and the Military Had No Idea Why. Now There's a Possible Fix. (NYTimes)

Monty Solomon <monty@roscom.com>
Sat, 29 Dec 2018 10:53:55 -0500

https://www.nytimes.com/2018/12/27/magazine/air-force-hypoxia-pilots-navy.html

The Air Force and the Navy are rolling out new hardware and software for their trainer aircraft to stop the oxygen-deprivation problems that have plagued pilots for several years.


Huawei gives the US & allies security nightmares

Henry Baker <hbaker1@pipeline.com>
Mon, 31 Dec 2018 07:21:10 -0800

I don't know if Huawei devices have “kill switches” or “backdoors”, but if they did, the big iron-y would be rich indeed.

For decades, the 5i's have pushed for “backdoors” in encryption and pseudo RNG's, and the laughable number of “backdoors” in Cisco and Juniper routers belie any plausible deniability; thar be NSL's, most likely.

Let's call a spade a spade; let's call them “blowbackdoors”, because the U.S. intelligence community is now reaping what it sowed.

The intel community's current freakout is raw jealousy—if the 5G device manufacturers in the 5i countries could be forced to insert “kill switches” and “backdoors” into their own products and distribute them worldwide, it would be done in a New York minute—so they know full well whereof they speak.

Also, ignoring its own history of winning wars through manufacturing prowess, the U.S. has now ceded the vast majority of its manufacturing to China, only to wake up just yesterday to the fact that it is now more “taker” than “maker” ?

Duh!!

https://www.schneier.com/blog/archives/2018/08/backdoors_in_ci.html https://www.reddit.com/r/technology/comments/90gpd5/backdoors_keep_appearing_in_ciscos_routers/ https://www.computerworlduk.com/security/security-backdoors-that-heped-kill-faith-in-security-3634220/ https://www.schneier.com/blog/archives/2015/12/back_door_in_ju.html https://www.technologyreview.com/s/612556/the-6-reasons-why-huawei-gives-the-us-and-its-allies-security-nightmares/

The 6 reasons why Huawei gives the US and its allies security nightmares

The biggest fear is that China could exploit the telecom giant's gear to wreak havoc in a crisis.

Martin Giles and Elizabeth Woyke December 7, 2018

The detention in Canada of Meng Wanzhou, Huawei's CFO and the daughter of its founder, is further inflaming tensions between the US and China. Her arrest is linked to a US extradition request. On December 7 a Canadian court heard that the request relates to Huawei's alleged use of Skycom Tech, a company that dealt with Iranian telecom firms, to sell equipment to Iran between 2009 and 2014 in contravention of US sanctions on the country. China says her detention is a human rights violation and is demanding her swift release.

Behind this very public drama is a long-running, behind-the-scenes one centered on Western intelligence agencies' fears that Huawei poses a significant threat to global security. Among the spooks' biggest concerns:

There could be “kill switches” in Huawei equipment …

The Chinese firm is the world's largest manufacturer of things like base stations and antennas that mobile operators use to run wireless networks. And those networks carry data that's used to help control power grids, financial markets, transport systems, and other parts of countries' vital infrastructure. The fear is that China's military and intelligence services could insert software or hardware “back doors” into Huawei's gear that they could exploit to degrade or disable foreign wireless networks in the event of a crisis. This has led to moves in the US to block Chinese equipment from being used.

… that even close inspections miss

Since 2010, the UK has been running a special center, whose staff includes members of its GCHQ signal intelligence agency, to vet Huawei gear before it's deployed. But earlier this year, it warned that it had “only limited assurance” that the company's equipment didn't pose a security threat. According to press reports, the center had found that some of Huawei's code behaved differently on actual networks from the way it did when it was tested, and that some of its software suppliers weren't subject to rigorous controls.

Back doors could be used for data snooping

Huawei claims its equipment connects over a third of the world's population. It's also handling vast amounts of data for businesses. That's why there's fear in Western intelligence circles that back doors could be used to tap into sensitive information using the firm's equipment. This would be tricky to do undetected, but not impossible. Huawei doesn't just build equipment; it can also connect to it wirelessly to issue upgrades and patches to fix bugs. There's concern that this remote connectivity could be exploited by Chinese cyber spies.

The company is also one of the world's biggest makers of smartphones and other consumer devices, which has raised the prospect that China might exploit these products for espionage. In May, the US Department of Defense ordered retail stores on US military bases to stop selling phones from Huawei and ZTE, another big Chinese tech giant, because of fears they could be hacked to reveal the locations and movements of military personnel.

The rollout of 5G wireless networks will make everything worse

Telecom companies around the world are about to roll out the next generation of cellular wireless, known as 5G. As well as speeding up data transfers, 5G networks will enable self-driving cars to talk to each other and to things like smart traffic lights. They'll also connect and control a vast number of robots in factories and other locations. And the military will use them for all kinds of applications, too. This will dramatically expand the number of connected devices—and the chaos that can be caused if the networks supporting them are hacked. It will also ramp up the amount of corporate and other data that hackers can target. Both Australia and New Zealand have recently banned the use of Huawei equipment in new 5G wireless infrastructure. This week, the UK's BT followed suit.

Chinese firms will ship tech to countries in defiance of a US trade embargo

The US has been investigating claims that Huawei shipped products with US tech components to Iran and other countries subject to a US embargo. In the court hearing, a lawyer for the Canadian government said that Ms Meng is accused of telling US bankers there was no connection between Skycom and Huawei, when in fact there was. The alleged fraud caused the banks to make transactions that violated US sanctions against Iran. Chinese officials have repeatedly said they don't consider China's companies to be bound by other nations' trade edicts.

Huawei isn't as immune to Chinese government influence as it claims to be

Huawei has repeatedly stressed it's a private company that's owned by its employees. The implication is that it has no incentive to cause customers to lose confidence in the integrity of its products. On the other hand, its governance structures are still something of a mystery, and its founder, Ren Zhengfei, who was once an officer in the Chinese People's Liberation Army, keeps a low profile. Such things “make you question just how much independence it really has,” says Adam Segal, a cybersecurity expert at the Council on Foreign Relations in New York.

In its defense, Huawei can point to the fact that no security researchers have found back doors in its products. “There's all this concern, but there's never been a smoking gun,” says Paul Triolo of the Eurasia Group. While that's true, it won't change the view of the US, which is stepping up its efforts to persuade its allies to keep Huawei out of all their networks.

This story was updated on December 7 to include details of a court hearing in Canada about Ms Meng's detention.


Wielding Rocks and Knives, Arizonans Attack Self-Driving Cars (New York Times)

Richard Stein <rmstein@ieee.org>
Tue, 1 Jan 2019 12:50:31 +0800

https://www.nytimes.com/2018/12/31/us/waymo-self-driving-cars-arizona-attacks.html

While idled at a controlled stop without backup driver, can an AV passenger issue a command to “rabbit through the intersection” and evade onslaught by “stick and stone” wielding protesters?

Should an AV w/o backup driver, under hostile domestic operating conditions, be required to satisfy a specific regulation? See https://www.nhtsa.gov/laws-regulations for airbags, etc.

Certain individuals perceive AV technology as a threat. Their aggressive behavior mirrors the 19th Century Luddites who damaged mechanized weaving machinery in protest against job displacement.

Neo-Luddites will likely become more effective if and when they deploy WiFi and Bluetooth disruption stacks and tools targeting AVs.

https://en.wikipedia.org/wiki/Luddite

“According to a manifesto drawn up by the Second Luddite Congress (April 1996; Barnesville, Ohio), Neo-Luddism is ‘a leaderless movement of passive resistance to consumerism and the increasingly bizarre and frightening technologies of the Computer Age.’”


Oregon Unconstitutionally Fined a Man $500 for Saying ‘I am an Engineer’, Federal Judge Rules (Motherboard)

“Peter G. Neumann” <neumann@csl.sri.com>
Wed, 2 Jan 2019 16:27:57 PST

Here's the other side of the Oregon Software Engineer story from 2014. PGN

https://motherboard.vice.com/en_us/article/yw798m/oregon-unconstitutionally-fined-a-man-dollar500-for-saying-i-am-an-engineer-federal-judge-rules?utm_source=reddit.com

A federal district court has ruled that the state of Oregon illegally infringed on a man's First Amendment rights for fining him $500 because he wrote “I am an engineer” in a 2014 email to the state's Engineering Board. The court ruled that the provision in the law he broke is unconstitutional, which opens the door for people in the state to legally call themselves “engineers.”

Computer Virus Disrupts Delivery Of San Diego Union-Tribune (LA Times)

Monty Solomon <monty@roscom.com>
Sat, 29 Dec 2018 17:24:05 -0500

https://www.npr.org/2018/12/29/680920575/computer-virus-infects-print-production-systems-tribune-publishing-says

Also:

Suspected malware attack causes major LA Times newspaper delivery interruptions https://www.latimes.com/local/lanow/la-me-ln-times-delivery-breakdown-20181229-story.html


Car Smarts: The Future of Vehicle Tech (CTA)

Gabe Goldberg <gabe@gabegold.com>
Sat, 29 Dec 2018 23:41:44 -0500

The computers, sensors and software in cars are getting so smart they may eventually detect whether the driver and passengers are happy or sad, comfortable or uncomfortable, alert or distracted. And as a result, driving automobiles can be made safer and more enjoyable.

“Driver monitoring is extremely important for active safety systems as well as automated systems,” says Phil Magney, founder and principal at VSI Labs, an automotive technology applied research firm-based in St. Louis Park, MN. “It may have been a nice-to-have feature beforehand. Now you can say it definitely is a must-have feature.”

Nevertheless, he says, car occupant monitoring overall remains in a state of flux—particularly regarding user experience. …

For example, Shapiro says a camera inside the vehicle could determine a driver's attentiveness by detecting their eye blink rate and sensing their head pose. These checks could also determine if the driver is close to falling asleep. This could be merged with input from outside sensors that detect a pedestrian preparing to cross the car's path. And the car may then determine if it needs to issue a collision warning and autobrake sooner than it would otherwise, to give a tired or distracted driver extra time to react, Shapiro says.

Emotion-sensing technology could lead the car to take actions proactively, such as playing certain music or adjusting cabin temperature. Or it may make suggestions and engage in a conversation with a passenger, for instance, offering to lower a window if lip-reading software senses someone complaining about being hot.

https://www.cta.tech/News/i3/Articles/2018/November-December/Car-Smarts-The-Future-of-Vehicle-Tech.aspx

Didn't HAL read lips? That didn't end well.


Drones Used to Find Toy-Like Butterfly Land Mines (Scientific American)

Richard Stein <rmstein@ieee.org>
Tue, 1 Jan 2019 19:21:11 +0800

https://www.scientificamerican.com/article/drones-used-to-find-toy-like-butterfly-land-mines/

“In field trials conducted in September 2017 at a New York state park, the team was able to pick up almost 78 percent of the mines during four trials. That is not yet good enough to fully replace survey work by ground teams. But it could help narrow down the locations and general layout of [Russian-made] PFM-1 minefields, says Alex van Roy, deputy head of operations at the Geneva-based Swiss Foundation for Mine Action (FSD)—and a mine action specialist who formerly served in the Australian Army.”

Risk: Over-reliance on image processing to resolve and detect a mine to defuse, and eventually declare a “mine-free” zone when undetected residuals remain.

Similar problems exist for other domains where image inspection is applied (diagnostic x-rays, etc.).


Instagram Update Brings Horizontal Scrolling to Horrified Users (NYTimes)

Gabe Goldberg <gabe@gabegold.com>
Tue, 1 Jan 2019 18:18:47 -0500

“Just a test that went to a few orders of magnitude more people than intended… sorry about that,” he wrote in one tweet.

The feature was intended as a test but was released widely by mistake, the head of Instagram said. Closing and reopening the app turns it off.

https://www.nytimes.com/2018/12/27/technology/instagram-update-horizontal-scroll.html

The risk? Testing with live data and unsuspecting (live) users.

Also, causing hysteria with first-world problems:

Instagram briefly changed how users moved through their feeds Thursday morning, forcing them to swipe left or tap through horizontally rather than scroll vertically.

If it had been Apple, it would have been a six-finger dance on the screen. <https://www.nytimes.com/services/mobile/apps/


USA Wants to Restrict AI Exports: A Stupid and Dangerous Idea

Lauren Weinstein <lauren@vortex.com>
Wed, 2 Jan 2019 08:25:57 -0800

https://lauren.vortex.com/2019/01/02/usa-wants-to-restrict-ai-exports-a-stupid-and-dangerous-idea

When small, closed minds tackle big issues, the results are rarely good, and frequently are awful. This tends to be especially true when governments attempt to restrict the development and evolution of technology. Not only do those attempts routinely fail at their stated and ostensible purposes, but they often do massive self-inflicted damage along the way, and end up further empowering our adversaries.

Much as Trump's expensive fantasy wall (“Mexico will pay for it!”) would have little ultimate impact on genuine immigration problems—other than to further exacerbate them—his Commerce department's new plans for restricting the export of technologies such as AI, speech recognition, natural language understanding, and computer vision would be yet another unforced error that could decimate the USA's leading role in these areas.

We've been down this kind of road before. Years ago, the USA federal government placed draconian restrictions on the export of encryption technologies, classifying them as a form of munitions. The result was that the rest of the world zoomed ahead in crypto tech. This also triggered famously bizarre situations like t-shirts with encryption source code printed on them being restricted, and the co-inventor of the UNIX operating system—Ken Thompson—battling to take his “Belle” chess-playing computer outside the country, because the U.S. government felt that various of the chips inside fell into this restricted category. (At the time, Ken was reportedly quoted as saying that the only way you could hurt someone with Belle was by dropping it out of a plane—you might kill someone if it hit them!)

As is the case with AI and the other technologies that Commerce is talking about restricting today, encryption R&D information is widely shared among researchers, and likewise, any attempts to stop these new technologies from being widely available, even attempts at restricting access to them by specific countries on our designated blacklist of the moment, will inevitably fail.

Even worse, the reaction of the global community to such ill-advised actions by the U.S. will inevitably tend to put us at a disadvantage yet again, as other countries with more intelligent and insightful leadership race ahead leaving us behind in the dust of politically motivated export control regimes.

To restrict the export of AI and affiliated technologies is shortsighted, dangerous, and will only accomplish damaging our own interests, by restricting our ability to participate fully and openly in these crucial areas. It's the kind of self-destructive thinking that we've come to expect from the anti-science, “build walls” Trump administration, but it must be firmly and completely rejected nonetheless.


Hazing

Rob Slade <rmslade@shaw.ca>
Wed, 2 Jan 2019 11:50:47 -0800

A while ago there were a number of stories about investigations into serious assaults at a private school. These assaults have gone way beyond hazing and into sexual assault, and even, because the episodes were filmed, possible child pornography charges. The situation has been very disturbing.

Hazing, and hazing culture, are often “justified” by the assertion that “mild” forms of hazing are harmless. This statement ignores two important facts. One is that hazing inherently relies upon a culture of silence. In any such situation there can be no controls, and therefore no ability to ensure that “mild” hazing does not escalate. The second point is that hazing is a form of bullying, and it has been amply demonstrated that any form of bullying has long term negative impacts, both on the victims, and on the perpetrators.

I've never understood hazing. Not really. It happens a lot in sports, and I've never been into sports. It happens in some professions, but not the ones I've worked in. As far as I can determine, hazing, and all the culture that goes with it, indicates that your job is either a) not very important, or b) doesn't require any skills.

I can't say I've experienced it in information security. I started in malware research, which has always been occupied by charter members of “Egos-BackwardsR-Us.” Back when I started you had to be not just a systems programmer, but a specialist systems programmer to make a significant contribution to the field, and those guys have always been the elite. Even so, if you studied and made even a modest contribution, you were in. I wasn't a systems programmer, and my contributions were very modest. But I was accepted.

It's probably because the job was so big, and the workers so small (or too few). Anybody who wanted to help was welcome. Anybody who wanted to do some research would be given some tips and starters. Anybody who helped was in the community. Nobody had to jump through artificial hoops because the real barriers to entry were already formidable enough.

(Actually, there were some in computer security, back then, who did try to keep you out. They were the ones who knew barely enough to charge for computer security consulting. Some of them claimed that computer viruses were not a security issue—mostly because they didn't know what computer viruses were.)

Come to think of it, I've never really seen hazing in the tech field, as such. Oh, there are jerks, I grant you. There are those who are so into the technology that social skills, human communication, and even personal hygiene take a very distant back seat to whatever they are working on right now. But, generally speaking, they don't try to keep you out. They may have given up trying to teach people what it is that they are doing but, if you take the time to try and learn, they are generally delighted to have someone to talk to. (They may not show it very well.)

(The closest I've ever seen hazing in tech is the ITIL certification. Since ITIL is a library, it's hard to figure out how to certify that someone knows it. Since it's hard to assess that, you just drown the poor candidate in work and hope that the ones who don't know it will give up before they get to the end of the process. I think PMP runs it a close second.)

I suppose I have to address the issue of women in tech. Yes, women are definitely underrepresented in tech. And, yes, there is a lot of irrational bias against women, as you find in any male-dominated field. (Not just from the techies: I've found it in management, too, where you'd think they should know better.) I do not want to minimize the issue: misogyny anywhere is ridiculous and wasteful. But sometimes it doesn't take much to make geeks realize they've been sexist jerks, and make some (possibly modest) changes. In one department I came in to manage, they regularly went to strip bars after work, and had a signed poster from one of the “performers” up on the wall. As I was hiring the first (female) secretary for the office, I noted that this wall decoration might be subject to less prominent placement. I never saw the poster again, and the team also removed the porn directory on the development server (which I'd never mentioned).

I can't claim that all is sweetness and light in the security community. There are in-fights: there are personality clashes. And there are those who are in it just to claim status. The community usually sorts them out in short order. Status, in security, is most often achieved by helping others. If you can answer newbie questions; if your answers are true and useful; then you have status. If you try and claim status, and try and hold others back in order to hold onto it, you are the one who gets shunned.

In information security, we have too much work, and too few resources. We don't have time to waste on hazing. We also aren't going to block anyone who actually wants to help. In any security community I've been part of, newbies are welcome. OK, dumb questions may get sarcastic responses, but they have to be pretty seriously stupid to make the grade. Otherwise, if someone wants to get in and help, those of us who can answer questions do. Ask, and a pointer will be given. Seek, and ye shall be given a direction to go find. Knock, and the door will be opened, and you'll be hustled in, and usually put to work right away.


Google sat on Chromecast bug for years, now hackers can wreak havoc (TechCrunch)

“Peter G. Neumann” <neumann@csl.sri.com>
Wed, 2 Jan 2019 16:23:59 PST

[From Lauren Weinstein's Network Neutrality Squad] https://techcrunch.com/2019/01/02/chromecast-bug-hackers-havoc/

A hacker, known as Hacker Giraffe, has become the latest person to figure out how to trick Google's media streamer into playing any YouTube video they want—including videos that are custom-made. This time around, the hacker hijacked thousands of Chromecasts, forcing them to display a pop-up notice that's viewable on the connected TV, warning the user that their misconfigured router is exposing their Chromecast and smart TV to hackers like himself. Not one to waste an opportunity, the hacker also asks that you subscribe to PewDiePie, an awful Internet person with a popular YouTube following. (He's the same hacker who tricked thousands of exposed printers into printing support for PewDiePie.)

Google should have fixed this Chromecast bug years ago. On the other hand, UPnP has always been a train wreck, and that's not Google's fault.


Google erases Kurdistan from maps in compliance with Turkish gov.

Lauren Weinstein <lauren@vortex.com>
Fri, 28 Dec 2018 08:56:47 -0800

via NNSquad http://www.kurdistan24.net/en/news/e6a0b65e-84fa-447b-9ed4-5df8390961d3

Google incorporation [sic] removed a map outlining the geographical extent of the Greater Kurdistan after the Turkish state asked it to do so, a simple inquiry on the Internet giant's search engine from Wednesday on can show. “Unavailable. This map is no longer available due to a violation of our Terms of Service and/or policies,” a note on the page that the map was previously on read. Google did not provide further details on how the Kurdistan map violated its rules. The map in question, available for years, used to be on Google's My Maps service, a feature of Google Maps that enables users to create custom maps for personal use or sharing through search. Because the map was created and shared publicly by a user through their personal account, it remains unknown if their rights have been violated or if they will appeal.

If the Turkish government wants the map removed as shown to users INSIDE TURKEY, fine. But Turkey should not have veto rights over maps shown to the rest of planet, just like the EU should not have the right to censor search results globally. Google's willingness to slide down this lowest-common-denominator razor blade is dangerous to an extreme.


Re: New Zealand courts banned …; Google just emailed it out. (RISKS-30.98)

Chris Drew <e767pmk@yahoo.co.uk>
Wed, 02 Jan 2019 22:25:02 +0000

A problem that I have with this sort of thing is the idea that the answer to any problem is legislation—it can only fix things if it's enforceable and enforced. In the UK, a common response to the Gatwick drone incident was “why was this allowed to happen?”, as if tougher regulations would stop illicit drones without further action. For instance, we have very strict firearms laws in the UK (to the extent that an Olympic sport is illegal), but most gun crime involves the use of illegal guns, so even-stricter laws won't help.

In the case of Google, in recent years there have been occasional incidents like the following example in the UK: when one wants to obtain or renew a passport, driver's licence, travel visa, or suchlike, or pay a road toll, one normally contacts the appropriate authority and pays the fee directly. What happens is that people Google for “passport/licence/visa/whatever” and are presented with a choice of sites, then one of two things may happen:

(1) They actually get the site of an agency, who promise a prompt, efficient service at a competitive price (the site may imply that this can only be done through an agency, as I believe is the case in some countries), so they get their new passport/licence/visa/whatever but unexpectedly pay an unnecessary supplemental charge. (As I understand it, this is cheeky but legal.)

(2) They get an impostor site which looks exactly like an official one, but again they may either pay an unnecessary fee and/or personal details are captured for identity theft.

The usual response of victims is to say “why is Google allowed to show links to unofficial sites?”, as if Google should have a legal obligation to verify the bona fides of every site indexed, which sounds impractical to me, especially considering different countries' legal systems which may be encountered. In the days of printed directories for land- line telephones, there used to be a note in the small print that any professional or business descriptions shown were as supplied by subscribers and not independently verified, so for instance a guy listed as ‘dentist’ may not actually be approved to practise dentistry, as it was not practical for a telephone company to check details like this.

Incidentally, a commentator in a newspaper (don't have details to hand) recently predicted that the World Wide Web would likely become the 'Splinternet', i.e., a series of walled gardens, in 5-10 years; I feel that this will happen much sooner.


Re: IRS Linux move delayed (Goldberg, RISKS-30.98)

Dmitri Maziuk <dmaziuk@bmrb.wisc.edu>
Fri, 28 Dec 2018 11:02:22 -0600

It's worth reading the one-page report and do a little background check, e.g. https://www.nextgov.com/it-modernization/2018/03/irs-system-processing-your-taxes-almost-60-years-old/146770/ and https://en.wikipedia.org/wiki/Customer_Account_Data_Engine

For those too lazy to follow the links, two of the applications involved are at sixty years old “the oldest code in .gov” and are made of 20M lines of assembly that IRS, IBM, Northrop Grumman, and a bunch of assorted subcontractors been failing to port to The Big Iron since the turn of the century.

Back in 2000 it was COBOL and Java were going to show what they can do for the American taxpayer. Now it's zLinux to the rescue.


Re: Innovation and Immigration (RISKS-30.98)

“John Levine” <johnl@iecc.com>
28 Dec 2018 17:34:40 -0500
>  * 33% of U.S. Nobel Laureates since 1901 have been immigrants.
>  * 40% of American doctoral degrees were awarded to noncitizens.
>  * More than 25% of American entrepeneurs were born overseas.

People in New York live longer than people elsewhere in the U.S. Why? Because 38% of New Yorkers are immigrants, and immigrants live longer than people born in the US, per this 2014 paper:

https://www.popcouncil.org/uploads/pdfs/councilarticles/pdr/PDR401Preston.pdf


Re: New Zealand courts banned …; Google just emailed it out. (RISKS-30.97)

“Steve and Micki Bacher” <sebmb1@verizon.net>
Mon, 31 Dec 2018 11:23:56 -0500

So, are we to conclude from this item that Google ought to be faithful to the laws and regulations of the respective nations in which it operates?

If so, then what about Google's censored searches for China? Oh, but that's different, right?


Re: Rudy Giuliani Says Twitter Sabotaged His Tweet (Shapir, 30.98)

Peter Houppermans <d1312@phx.li>
Fri, 28 Dec 2018 14:21:37 +0100

Umm, not using Gmail? You agreed to Terms which give Google the right to MODIFY contents too (the right persists in the new Terms that take effect on 22 January 2019). The “limitations” on that right are woolly enough to permit Google to even alter email, which may come in handy when people start sending or receiving too much email critical of Google..

In the contexts of online agreements you may enjoy the Freefall cartoon at http://freefall.purrsia.com/ff2900/fc02870.htm


Re: Rudy Giuliani Says Twitter Sabotaged His Tweet (Shapir, 30.96)

Amos Shapir <amos083@gmail.com>
Sat, 29 Dec 2018 11:09:10 +0200

I know that sadly, anything Google does is perfectly legal; my post was meant mainly to attract attention to their unfair conduct.


Re: MTR East Rail disruption caused by failure of both primary and backup (Stein, RISKS-30.89)

Richard Stein <rmstein@ieee.org>
Sun, 30 Dec 2018 15:39:37 +0800

https://www.mtr.com.hk/archive/corporate/en/press_release/PR-18-108-E.pdf

Released on 19DEC2018, the incident investigation summary report found:

“The Panel concluded that the root cause was the different software counter re-initialization arrangements of the two connected systems when the re-initialization was activated at the incident time on 16 October 2018. Since the four lines are connected, the inconsistent re-initialization situation led to repeated re-synchronization causing instability in sector computers. The software counter re-initialization algorithm, the differences in the counter re-initialization arrangements between the Alstom and Siemens systems and the possible impact on the train service were not known to the operators and maintainers, nor were they explicitly described in the Operation and Maintenance Manuals.”

RISK: Communication gap between multiple vendors governing train signaling system journey counter re-initialization protocol alignment.

Appears that software engineers did not account for train journey counter reset conditions as part of system integration test for signaling system release qualification. Non-existent disclosure of counter re-initialization state dependency by either vendor implies there was a common operational assumption about, but not verification of, self-consistent signaling platform state management. No mention of counter word-length in the summary report.

Please report problems with the web pages to the maintainer

x
Top