Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Nicole Perlroth, *The New York Times*, 24 Oct 2020 The group known as Dragonfly and Energetic Bear has breached the power grid, water-treatment facilities, and nuclear power plants. In recent years they have also breached WiFi systems at several airports—including SFO and two other U.S. west-coast airports (apparently attempting to find an unidentified traveler). [PGN-ed] [As usual we note that all sorts of systems that should be isolated from The Internet are not, and that almost all supposedly trustworthy systems are not. Groan. PGN]
An unstable approach, a misaligned helmet and an “overwhelmed'' flight control system led to the crash of an Air Force F-35 at Eglin Air Force Base in Florida last May. An Air Force accident report <https://www.afjag.af.mil/Portals/77/AIB-Reports/2020/May/Eglin AFB F35A AIB Report_Signed.pdf> released a few weeks ago found plenty of fault with the pilot's actions but it was ultimately the airplane that wouldn't allow itself to be saved. The plane's overworked processor set the horizontal stabilizers to the “default'' position of trailing edge down just as the pilot initiated a go-around to try his landing again. When the aircraft didn't respond to firewalled throttle and full back pressure on the stick, the pilot ejected and the plane rolled, caught fire and disintegrated. The pilot suffered minor injuries and the aircraft, worth $175,983,949, became a debris field. https://www.avweb.com/aviation-news/f-35-overwhelmed-by-pilot-attempts-to-save-it/ Gotta love quoting nine-digit airplane cost down to the dollar. I guess it include fuel in the tank.
Faiz Siddiqui, *The Washington Post*, 21 Oct 2020 via ACM TechNews, Friday, October 23, 2020 Electric automaker Tesla has selected a number of owners of its vehicles to have a software update download automatically into those vehicles to enable the cars to steer better and accelerate without human control. Critics are troubled by the absence of LiDAR sensors, a safety feature used by most self-driving car makers, from Tesla's system, which instead uses a suite of cameras and radar linked to an advanced neural network. Tesla CEO Elon Musk said the new software will better capture the exterior view of the vehicle and more seamlessly integrate collected footage to create a multidimensional perspective; safety experts disagree, warning the system cannot always perceive the true shape or depth of obstacles. The Partners for Automated Vehicle Education campaign said, "Public road testing is a serious responsibility and using untrained consumers to validate beta-level software on public roads is dangerous and inconsistent with existing guidance and industry norms." https://orange.hosting.lsoft.com/trk/click?ref=Dznwrbbrs9_6-27a57x225cdfx066958& [The subject line does not seem to consistently reflect the text. PGN]
https://twitter.com/GretaMusk/status/1320499722788999169
British police forces were plunged into chaos when the Police National Computer (PNC) went down for more than 10 hours on 21 October 2020; reportedly after an engineer unplugged it. The system enables real-time checks on people and vehicles, and is the backbone of the country's policing system. It stores and shares criminal records information across the UK and is used by law enforcement agencies and criminal justice agencies to access information to support national, regional and local investigations. It also links with the Europe-wide Schengen information system, which shares real-time information on persons and objects of interest. The outage affected every aspect of policing, a police source said, adding: “Without the PNC, you cannot police. It is the backbone of intelligence for everyday policing; so when it went down on Wednesday, it caused absolute chaos.'' The glitch, which has been attributed to *human error*, left the National Police Chiefs' Council scrambling to convene two emergency Gold Command meetings of very senior police officers to address the problem. Deputy Chief Constable Naveed Malik, the National Police Chiefs Council lead for the PNC, said: “The PNC was temporarily affected by an electricity power outage. There is nothing to suggest it was related to malicious activity. The police and Home Office worked closely together to restore the system the same day, and are now reviewing the causes of this issue. Police forces were kept up to date and continued to deliver essential services to protect our communities from harm.'' Whilst detail is not (yet) available, it is at once hard and easy to believe that such a critical system could be vulnerable to total failure through the action of one person "switching it off".
https://www.boston.com/news/local-news/2020/10/26/allston-elevator-accident-report
I previously wrote that third-party services like Amazon's Alexa sent push notifications informing owners located within an entire county of a mandatory wildfire evacuation order, based upon a much narrower evacuation notice sent out via NOAA All Hazards Radio (the precise area covered by the order was delineated in the accompanying audio announcement.) However, in talking to people familiar with the situation, the failure was even worse than that: Not only was the evacuation order disseminated, the third-party services helpfully hyper-localized the message. Rather than being told an evacuation order had been issued for a portion of or all of Boulder County, you were informed an evacuation order had specifically been issued for your precise location. For example, if you live in Longmont, you were informed an evacuation order had been issued for Longmont; if you live in Lafayette, you were informed an evacuation order had been issued for Lafayette, and so on. This deprived recipients of knowing the warning had been county-based to begin with, let alone the context provided by the original accompanying audio message. These notifications were based solely upon assumptions made by the third-party data service, not upon information created by or disseminated via official sources of civil information. This resulted in some panic as well as clogged incoming phone lines to emergency services at a time when those phone lines needed to be kept clear. It also forced harried emergency service organizations to have to issue press releases letting people know they were not under an evacuation order. https://www.9news.com/article/news/local/wildfire/longmont-not-under-evacuation-orders-sunday-false-wrong-incorrect-push-alerts/73-630a2dde-fbfa-4cb8-a987-a46a900f7f91
Employees at Verkada accessed the company's facial recognition system to take photos of women colleagues and make sexually explicit jokes. Four employees who worked in different teams throughout Verkada said that the culture of sexism at the company largely emanated from a cliquey group of high-ranking white men on the sales team, many of them who grew up and played high school football in same wealthy enclave, Danville, California, some of whom went on to play for the NFL. "If you're not invited into that core group of guys, you have a hard time moving your career forward or getting promoted," a former sales employee told Motherboard. "The word frat is thrown around at Verkata a lot because there are guys that protect each other at the company. That's this crew from Danville. They're like a frat." https://www.vice.com/en/article/pkdyqm/surveillance-startup-used-own-cameras-to-harass-coworkers
Cybersecurity researchers over the weekend disclosed new security risks associated with link previews in popular messaging apps that cause the services to leak IP addresses, expose links sent via end-to-end encrypted chats, and even unnecessarily download gigabytes of data stealthily in the background. "Links shared in chats may contain private information intended only for the recipients," researchers Talal Haj Bakry and Tommy Mysk* said <https://www.mysk.blog/2020/10/25/link-previews/>*. "This could be bills, contracts, medical records, or anything that may be confidential." "Apps that rely on servers to generate link previews may be violating the privacy of their users by sending links shared in a private chat to their servers." Generating Link Previews at the Sender/Receiver Side [...] https://thehackernews.com/2020/10/mobile-messaging-apps.html
CVI argues that the vast majority of its mailers are accurate, and while a small percentage of people receive one with a mistake, they otherwise reach voters who would be overlooked. But for years, CVI has been criticized for the inaccuracy of its mailers and has faced reports that it has sent voter registration forms to the deceased, to longtime voters who are already registered and even to pets with human-sounding names. Several state and local election officials said that they have asked CVI to use more up-to-date voter lists and make it clearer that its letters do not come from the government. CVI said its mailers include disclaimers that it is not a government organization. https://www.propublica.org/article/a-nonprofit-with-ties-to-democrats-is-sending-out-millions-of-ballot-applications-election-officials-wish-it-would-stop Idiots confused Fairfax County and Fairfax City (VA), misdirected each area's return envelopes to the other jurisdiction. Risk? Incompetent do-gooders.
https://www.boston.com/news/coronavirus/2020/10/20/coronavirus-cell-phone-alerts-massachusetts
Another interesting feature of recent Google's searches is that the results are not always what one is looking for. For instance, DuckDuckGo is much better at finding material that infringes copyright. I found that the other day while "researching" something. Also, I had this link saved in my personal bookmarks, and looks like it's very relevant for the present discussion and it links very well with the main topic discussed on the WP video: https://www.tbray.org/ongoing/When/201x/2018/01/15/Google-is-losing-its-memory >From the article: > Evidence" This isn't just a proof, it's a rock-n-roll proof. Back in 2006, > I published a review of Lou Reed's Rock n Roll Animal album. Back in > 2008, Brent Simmons published That New Sound, about The Clash's London > Calling. Here's a challenge: Can you find either of these with Google? > Even if you read them first and can carefully conjure up exact-match > strings, and then use the site: prefix? I can't. [...] > Why? · Obviously, indexing the whole Web is crushingly expensive, > and getting more so every day. Things like 10+-year-old music reviews that > are never updated, no longer accept comments, are lightly if at all > linked-to outside their own site, and rarely if ever visited—well, > let's face it, Google's not going to be selling many ads next to search > results that turn them up. So from a business point of view, it's hard to > make a case for Google indexing everything, no matter how old and how > obscure.
What code? The U-2 is basically an F-104 with glider training wings—the only flying computers back in the early 1950's were slide rules! The Skunk Works was able to deliver a U-2 prototype in 9 months because they started with an existing airplane—presumably including the entire cockpit & controls. So the pilot was updating his Android phone from 'Quince Tart' (10) to 'Red Velvet Cake' (11) in mid-flight? :-) Pretty risky, considering how difficult this plane is to fly. Apparently, the U-2 is even harder to fly than the F-104, which is a pretty high bar (NATO allies crashed F-104's in alarming numbers). PS: The F-104 was my favorite plastic model airplane when I was a kid, and I got to see a real one up close as a Cub Scout; I couldn't believe how small it was (wingspan would fit in my current 2-car garage; length is about 3 parking spaces long). Sadly, the first U-2 plastic model wasn't available until 1962—long after I graduated from Cub Scouts!
> [This item needs some verification.] Simple testing seems to indicate that this information is correct, and that a lot of people have tried it.
On 10/24/2020 5:57 PM, RISKS List Owner wrote: > Just weeks before the election, the tech giants unite to block access to > incriminating reporting about their preferred candidate. [...] > > https://theintercept.com/2020/10/15/facebook-and-twitter-cross-a-line-far-more-dangerous-than-what-they-censor/ I want to note the use of slanted language in their discussion of Facebook and Twitter: “Facebook limiting distribution is a bit like if a company that owned newspaper delivery trucks decided not to drive because it didn't like a story. Does a truck company edit the newspaper? It does now, apparently.'' If a company owns newspaper delivery trucks doesn't want to deliver newspapers with a story its owners don't like, that's their privilege. And the newspapers can decide not to use that company any more. "Freedom of the press belongs to the man who owns the press." Same with the delivery company. > Would anyone encounter difficultly understanding why such a decree would > constitute dangerous corporate censorship? Would Democrats respond to > such a policy by simply shrugging it off on the radical libertarian ground > that private corporations have the right to do whatever they want? To ask > that question is to answer it. Maybe not, but they should. That is what free speech is about: my right to say what I want (within some very broad limits) and, equally important, not to say what I don't want to. > Not even radical free-market libertarians espouse such a pro-corporate view. I do, and I'm not a "radical free-market libertarian". To be fair, I used to be, but I think that the theoretical grounding of libertarianism has some significant holes in it. > Beyond that, both Facebook and Twitter receive substantial, unique legal > benefits from federal law, further negating the claim that they are > free to do whatever they want as private companies. ... these social media > companies receive a very valuable and particularized legal benefit in the > form of Section 230 of the Communications Decency Act,which shields them > <https://www.eff.org/issues/cda230> from any liability for content > published on their platforms, including defamatory material or > other legally proscribed communications. "unique legal benefits": those same legal benefits protect Reddit and 4chan and Tumbler, and a BBS that I help moderate and several "furry" that I use, all of which include some sexually-oriented material. I think section 230 of the Communications Decency Act is the greatest boon to free speech ever passed by Congress. (And to think it appeared in a law that attempted to impose censorship on the Internet...) That said, I must note that any large social-media company intentionally biasing the material they distribute is a bad idea, because it endangers Section 230, which also protects smaller "Web 2.0" organizations. Including any startups that might eventually challenge Facebook and Twitter. In fact, I might wonder if they did this intentionally to push Congress to make more exceptions to Section 230. As always, regulation protects the existing providers (who can hire people to help comply with the regulations and lawyers to defend them against accusations of breaking them) against competition from smaller providers. This is as true of Facebook and Twitter as it is of taxi companies (until Uber and Lyft found a way around the regulation) and AirBnB. > Facebook outright “has monopoly power in the market for social > networking,'' and that power is “firmly entrenched and unlikely to be > eroded by competitive pressure'' from anyone at all due to `high entry > barriers' including strong network effects, high switching costs, and > Facebook's significant data advantage—that discourage direct > competition by other firms to offer new products and services. Okay, so FB has a lot of economic power. Why? Because they have been highly successful in satisfying consumer demand for a place to talk to each other. I should note that there are a lot of very rich Republicans. I would guess that over 75% of billionaires lean Conservative in their views. Let them take some of their money and start right-slanted competitors to Facebook and Twitter. It's not cheap, but it's well within the reach of any ten billionaires, and if they do it right they might get even richer in the process. That's what the competition in the marketplace is supposed to be about. If the "barrier to entry" is simply that you need to invest some money, that is no barrier in an age when the the US alone has over 500 billionaires, over 2,000 worldwide.
Just a cotton-pickin' moment there, please! The UK gov't department of
motor vehicles (DVLA) web site (https://www.gov.uk/historic-vehicles) says:
> Historic (classic) vehicles: MOT and vehicle tax
>
> You do not need to get an MOT if:
>
> the vehicle was built or first registered more than 40 years ago no
> *substantial changes* have been made to the vehicle in the last 30 years,
> for example replacing the chassis, body, axles or engine to change the way
> the vehicle works
>
> Vehicles exempt from vehicle tax [VED]
>
> If your vehicle was built before 1 January 1980, you can stop paying
> vehicle tax from 1 April 2020.
>
> You do not have to apply to stop getting an MOT for your vehicle each
> year. However, you must still keep it in a roadworthy condition.
>
> You can be fined up to GBP2,500 and get 3 penalty points for using a
> vehicle in a dangerous condition.
Old-car enthusiasts usually agree that it's a good idea to have an MoT
(annual vehicle inspection) even if it's not mandatory, if only to avoid any
insurance and liability awkwardness ("these dangerous old clunkers!").
There is a caveat, in the sense that regular MoTs aren't subject to VAT
(goods and services tax) whereas voluntary ones are, so this means some
extra paperwork for the garage, which may not welcome your business.
The London low-emission charge web site says:
(https://tfl.gov.uk/modes/driving/ultra-low-emission-zone/ways-to-meet-the-standard)
> Vehicles need to meet the different emission standards for the Ultra Low
>Emission Zone (ULEZ) based on their vehicle type, and the type of
>emission.
>
> To see if your vehicle meets the standard, use our vehicle checker.
> Or see which locations fall within the ULEZ zone with our postcode checker.
>
> If you drive a vehicle that doesn't meet the ULEZ standards within the
>central London area and the daily charge is not paid, a Penalty Charge
>Notice (PCN) will be issued to the registered keeper. This penalty is in
>addition to any Congestion Charge or Low Emission Zone penalties received.
>
> From 25 October 2021, ULEZ is expanding from central London to create a
>single, larger zone up to the North Circular Road (A406) and South Circular
>Road (A205). The North and South Circular roads themselves are not in the
>zone. Find out how to prepare for the ULEZ expansion.
> What are the standards?
>
> We would prefer that you use a vehicle that meets the emissions standards
>rather than pay a daily charge.
>
> Euro standards - which first appeared in 1992 - are a range of emissions
>controls that set limits for air polluting nitrogen oxides (NOx) and
>particulate matter (PM) from engines. New vehicles and road vehicle engines
>must show that they meet these limits to be approved for sale.
>
> The ULEZ standards for existing central London ULEZ and when the zone
>expands are:
>
> Euro 3 for motorcycles, mopeds, motorised tricycles and quadricycles
> (L category)
> Euro 4 (NOx) for petrol cars, vans, minibuses and other specialist vehicles
> Euro 6 (NOx and PM) for diesel cars, vans and minibuses and other
> specialist vehicles
> Euro VI (NOx and PM) for lorries, buses and coaches and other specialist
> heavy vehicles (NOx and PM)
>
> Euro 3 became mandatory for all new motorcycles in 2007
>
> Euro 4 became mandatory for all new cars in 2005 and light vans in 2006
>
> Euro 6 became mandatory for all new heavy duty engines for goods vehicles
> and buses from January 2014, September 2015 for cars and light vans, and
> September 2016 for larger vans up to and including 3.5 tonnes gross
> vehicle weight.
Hence older vehicles are particularly badly hit as it's only ones meeting
very recent standards that are permitted. There are congestion charge
exemptions for some specific vehicle types, e.g. those for disabled people
or recovery vehicles—loads of paperwork needed to verify.
(https://tfl.gov.uk/modes/driving/congestion-charge/discounts-and-exemptions?intcmp=2133)
I couldn't see anything for historic vehicles, so it looks like drivers on
the annual London-to-Brighton antiques run will have to pay up. This all
applies to London, with other cities having their own schemes.
As readers will have gathered, the official line is that people shouldn't
really use cars, to save the planet and avoid suffocating residents; the
authorities are spending loads of taxpayers' money on a walking and cycling
revolution—who wants to drive anyway? :o)
Please report problems with the web pages to the maintainer