Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
https://www.wsj.com/articles/iowa-caucus-results-delayed-by-apparent-app-issue-11580801699
https://go.ind.media/webmail/546932/550762215/0ed6efde19172f984587fb6624e= 4e481dc208bc0a3090465ab7fedfcc3c2b280=20
Shadow Inc reportedly sent out the caucus reporting app via TestFairy, which seemingly could enable lots of intruders to interpose themselves.
https://docs.testfairy.com/Testers/How_to_test_Android_apps.html https://www.vice.com/en_us/article/y3m33x/heres-the-shadow-inc-app-that-failed-in-iowa-last-night
Here's a risk you won't have solved in the 1960s on Multics. From the FlyerTalk American Airlines forum:
https://www.flyertalk.com/forum/american-airlines-aadvantage/2006995-delayed-due-live-frogs.html
>> Delayed due to… live frogs
Yep you read that correctly, live frogs. On 2559 yesterday from DFW>DTW, we were delayed a few minutes at the gate in DFW due to a load of live frogs. According to the captain (who made two very nice, detailed announcements about it), there was a load of live frogs in the aft cargo hold and the computer just didn't like it and either wouldn't allow them there or it couldn't compute them being there. So thankfully instead of keeping us delayed, they offloaded them for a later flight.
The funniest part was that after we landed, and on the looooong taxi at DTW to the gate, I heard what sounded like frogs. It was probably just somebody still asleep and snoring intermittently, but part of me wonders if there was a load in the forward hold that did get to travel.
Just might be the funniest delay I've encountered.>>
Over-reliance on technology may doom the United States' latest attempt to produce saffron in commercially significant quantities. The spice comes from the /crocus sativus/ flower, grown primarily in a region stretching from Spain to Kashmir. From (admittedly fragmentary) reports it appears American farmers and entrepreneurs have been using computer- aided methods to attempt to grow this crocus in the American Midwest, perhaps for fear of (or in hopes of) higher tariffs against the import of foreign saffron. Unfortunately, the effort has run into a snag: computer malfunctions are said to have messed up the Iowa crocuses.
https://www.cnn.com/2020/01/29/tech/virtual-reality-firefighter-training/index.html
Conserving material resources during training, via computer simulation, is an environmental gain, but can a simulator prepare superior fire-fighter capability for deployment during a city-wide conflagration, or during a catastrophic forest fire?
The essay describes mechanical fire-hose force feedback as a simulator feature. The simulation effectively renders smoke, flame, foam application, and other combustion effects. A thermal suit heats up the trainee when approaching a simulated flame wall. Is the simulation fidelity sufficiently meritorious to fully abandon hands-on training and fire suppression equipment deployment?
I wonder if the simulator can train a firefighter how to use a PyroLance (http://money.cnn.com/2018/02/05/technology/business/pyrolance-firefighting-gun/index.html)?
Risk: VR training supplement versus traditional hands-on person-in-the-loop firefighter qualification effectiveness.
https://www.bbc.com/news/technology-51315462
Historically, there's 1000 to 1 odds against a candidate drug succeeding in the marketplace. See http://blogs.einstein.yu.edu/the-high-cost-of-and-uncertain-path-to-a-blockbuster-drug/.
“Typically, drug development takes about five years to get to trial, but the AI drug took just 12 months.”
“Exscienta chief executive Prof Andrew Hopkins described it as a ‘key milestone in drug discovery.’”
That AI drug design is applied to accelerate synthesis may improve these odds. It would appear to reduce the human effort expended for development.
Whether or not patient outcome benefit materializes is to be shown (or not) by clinical studies, and hopefully, a double-blind clinical study BEFORE final regulatory approval is granted.
Creating neural networks that are more transparent can lead us to over-trust them. The solution might be to change how they explain themselves.
Upol Ehsan once took a test ride in an Uber self-driving car <https://www.technologyreview.com/smart-cities/self-driving-cars/>. Instead of fretting about the empty driver's seat, anxious passengers were encouraged to watch a pacifier screen that showed a car's-eye view of the road: hazards picked out in orange and red, safe zones in cool blue.
For Ehsan, who studies the way humans interact with AI at the Georgia Institute of Technology in Atlanta, the intended message was clear: “Don't get freaked out—this is why the car is doing what it's doing.” But something about the alien-looking street scene highlighted the strangeness of the experience rather than reassuring. It got Ehsan thinking: what if the self-driving car could really explain itself?
The success of deep learning <https://www.technologyreview.com/g/deep-learning/> is due to tinkering: the best neural networks are tweaked and adapted to make better ones, and practical results have outpaced theoretical understanding. As a result, the details of how a trained model works are typically unknown. We have come to think of them as black boxes
.
A lot of the time we're okay with that when it comes to things like playing Go or translating text or picking the next Netflix show to binge on. But if AI is to be used to help make decisions in law enforcement, medical diagnosis, and driverless cars, then we need to understand how it reaches those decisions—and know when they are wrong.
People need the power to disagree with or reject an automated decision, says Iris Howley <http://www.cs.williams.edu/~iris/>, a computer scientist at Williams College in Williamstown, Massachusetts. Without this, people will push back against the technology. “You can see this playing out right now with the public response to facial recognition systems,” she says.
Ehsan is part of a small but growing group of researchers trying to make AIs better at explaining themselves, to help us look inside the black box. The aim of so-called interpretable or explainable AI (XAI) is to help people understand what features in the data a neural network is actually learning — and thus whether the resulting model is accurate and unbiased. […]
https://www.techtelegraph.co.uk/why-asking-an-ai-to-explain-itself-can-make-things-worse/ https://www.technologyreview.com/s/615110/why-asking-an-ai-to-explain-itself-can-make-things-worse/
https://www.wired.com/story/ai-license-plate-readers-cheaper-drive-carefully/
https://www.washingtonpost.com/nation/2020/01/29/groundhog-peta-punxsutawney/
PETA has a point: Groundhogs hibernate during Winter; that's what ectotherms do.
But Phil's celebrity status commands performance: he must also visit school children during the Winter, pose for magazine covers (Rat Mag, Rodent of The Year). He's part of a mandatory PR campaign that sustains Punxsutawney, PA tourism foot traffic.
But simulate Punxsutawney Phil with artificial intelligence to determine if Winter will extend by another 6 week? AI is overkill for this purpose.
Why not employ a Magic 8-ball or a coin-toss to prognosticate an extended winter? Granted, these choices lack glamor; they are not newsworthy, but they are likely as accurate as the appearance (or not) of Phil's shadow.
“This shows how hard it is for users to stay safe”, the CEO of mobile security firm Upstream warns. The company is about to publish a report into the Android threat landscape. The data is staggering. The company has unearthed 98,000 malicious apps, which have infected 43 million devices. The worst five apps, Dimitris Maniatis tells me, have been downloaded 700 million times, “this shows the scale of the issue.” <https://www.secure-d.io/mobileadfraud2019report/>
And that risk is accelerating. That number of malicious apps is up 50% in the last year, and shows every sign of spiraling out of control.
This can now be viewed as an endemic problem with mobile apps downloaded from Google's Play Store—despite Google Protect and the App Defense Alliance, Some 50% of the bad apps exposed by Upstream were or are, in the official Play Store. Countless stories have been written about the hundreds of malicious apps with hundreds of millions of installs. The key question is what is the scale of the issue? <https://www.forbes.com/sites/zakdoffman/2019/11/10/google-confirms-play-store-security-threat-heres-the-fixbut-does-it-make-you-safer/#7557b2514337>.
Upstream has collated the data from its Secure-D security platform, data collected by 31 different network operators across 20 different countries, data representing the devices 0f almost 700 million different users.
In its report <https://www.secure-d.io/mobileadfraud2019report/>, Upstream explains the methods by which users are enticed to install malicious malware and then grant a raft of permissions that goes way beyond what is required for the app's claimed purpose. That malware then communicates with its controllers, seeking instructions and content to operate. The apps are designed to remain hidden, not arousing suspicion, avoiding an uninstall.
The primary issue with mobile malware is advertising or click fraud. Trivial apps that pull unwanted ads onto devices to run in the background or as a foreground nuisance. For advertisers, this results in millions of dollars of fraudulent charges. For users, the issue is degraded performance, drained batteries and huge data bills. There is also the issue that such apps can lead to devices being infected with more dangerous malware. […]
The Internet giant, which some lawmakers and regulators say has grown too powerful, tweaked the way it displayed ads on search results. It did not go over well.
https://www.nytimes.com/2020/01/31/technology/google-search-results.html
[Follow-up to RISKS-31.39 (29 August 2019)]
Elizabeth Hernandez, The Denver Post, 28 Jan 2020
Information-technology experts from across Colorado convened at Regis University on Tuesday to learn never-before-shared details about last year's crippling cyberattack—an experience the private Jesuit college's chief information officer called “a crisis of the highest order.”
A few new details revealed during the presentation:
https://www.denverpost.com/2020/01/28/regis-university-cyberattack-ransomware/
https://www.businessinsider.com/google-maps-traffic-jam-99-smartphones-wagon-2020-2
One Windows 7 Ultimate system, one Windows Professional, have Windows Security Essentials being updated daily. Was Microsoft kidding about no updates after January 14? Or did I get the year wrong? (No, I didn't). Plus, the Win 7 Ultimate system got Pop-Up of Doom on January 14. But updates keep rolling along. No, I didn't jump through the hoops to purchase extended support and I didn't get a gift card saying that someone bought it for me.
It'll be interesting seeing what happens next Patch Tuesday, but still this is already puzzling.
https://www.wired.com/story/chrome-firefox-edge-browser-privacy/
https://www.nytimes.com/2020/01/31/health/pharmacists-medication-errors.html
https://www.wsj.com/articles/ikea-promises-new-data-controls-for-consumers-11580383800
The new ‘Off-Facebook Activity’ tool, available around the world Tuesday, reminds us we're living in a reality TV program where we forget the cameras are always on. Here are the privacy settings to change right now.
https://www.washingtonpost.com/technology/2020/01/28/off-facebook-activity-page/
As a first guess, I would suspect that somewhere in the code, there is a
conversion from polar to rectangular reference frames (or vice versa) and
X=r * cos(theta)
with theta=270
give zero and either a ‘NAN’ or divide by
zero error crashes the program.
You would need that sort of calculation to find the rhumb and distance, knowing the lat/long of the present and destination positions. 'X' is the Difference of Latitude in miles (Y is the Departure).
Using GPS you know the present and destination positions, but the pilot wants to know 'how far' and 'what direction'. The calculations will be done using true and then, if desired, corrected to magnetic bearings.
[John Stockton noted:
Tangent of 270 degrees (and of 90 degrees) is numerically dangerous, each being, so to speak, ± infinity. Perhaps, to the accuracy of the arithmetic, those 7 runways are EXACTLY 270 degrees true, and others are only nearly 270 degrees true.]
> Automaker enterprise liability would have useful incentives that driver > liability law misses. > https://www.cato.org/sites/cato.org/files/serials/files/regulation/2019/3/regulation-v42n1-1.pdf
I can hardly wait:
“Sorry, sir, you've had three moving violations so we'll have to ask you to leave the showroom now.”
The comments on this article are much better than the article. They say that voting electronically is a well known bad idea, so stop.
Elections have a unique security model: You need a reliable list of who voted, you need a reliable list of who or what they voted for, and you need to be confident there's no way to link those two lists. Nothing else works that way.
That's why even though voting machines may look like ATMs, an ATM is a dreadful model to use since with ATMs, the bank has full knowledge of all of the details of every transaction, e.g., when you were there, who you are, what you did, how much money it dispensed, all linked together.
As has been pointed out too many times, paper ballots dropped into a box, along with observers to ensure that only people on the voter list got to vote, satisfy the model quite well. If you want to have machines scan and count the ballots, that's fine, but the paper ballots are the actual record.
ATMs—maybe only one “advantage”: they have your PICTURE, proving identity, thanks to ubiquitous security camera. Of course, voter ID laws head in that direction introducing another gaggle of problems while solving a non-problem.
Please report problems with the web pages to the maintainer