The RISKS Digest
Volume 32 Issue 51

Monday, 22nd February 2021

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

777 has engine problems on takeoff from Denver, drops large pieces of debris on local neighborhood, makes it back to airport safely
Lauren Weinstein
His Lights Stayed on During Texas's Storm. Now He Owes $16,752
NYTimes
Abbott appointees made 'astonishing' cuts to power reliability team
Houston Chronicle
Future warfare will feature autonomous weaponry
WashPost
Malware Is Now Targeting Apple's New M1 Processor
WiReD
Apple Is Going to Make It Harder to Hack iPhones With Zero-Click Attacks
Vice
IRS trifecta—not good news
WashPost
UN discusses how not to kill the planet
UNEP
Study of auto recalls shows carmakers delay announcements until they 'hide in the herd'
Techxplore.com
The Race to Fix Virtual Meetings (AKA, the nightmare continues
NYTimes
Sign this 8-year-old up!
Gabe Goldberg
China Censors the Internet. So Why Doesn't Russia?
NYTimes
A reminder about U2F/FIDO security keys and account security
Google via LW
Can't make this up—panic culture
10TV via Gabe Goldberg
Current state of DDoS
IEEE Computer
Warning regarding fake Mars Probe video
Lauren Weinstein
UMass Amherst Team Helps Demonstrate Spontaneous Quantum Error Correction
UMass
Quantum networking progress
rod van meter
New Approach to 3D Printing of Human Tissue Closer to Reality
Brian P. Dunleavy
John Deere Promised Farmers It Would Make Tractors Easy to Repair. It Lied.
Vice
Re: Texas vs FERC's "best practices" for anticipating disasters
Mark Brader
Re: U.S. Water Supply Has Few Protections Against Hacking
Amos Shapir
Re: "Vaccine" passport?
Amos Shapir
Re: Incredibly poor software design costs Citigroup $500M
Jim Geissman
Re: Gorilla COVID risks
John Levine
Re: Spy pixels in emails have become endemic'
John Levine
Re: Japanese contact tracing software: Update on Cocoa bug
Anthony Thorn
Info on RISKS (comp.risks)

777 has engine problems on takeoff from Denver, drops large pieces of debris on local neighborhood, makes it back to airport safely

Lauren Weinstein <lauren@vortex.com>
Sat, 20 Feb 2021 13:31:27 -0800
Definitely not what you want to see today—or any day—when you
look out of a 777 window

https://youtu.be/r6vTuJzweVM


His Lights Stayed on During Texas's Storm. Now He Owes $16,752 (NYTimes)

Gabe Goldberg <gabe@gabegold.com>
Sun, 21 Feb 2021 12:26:09 -0500
SAN ANTONIO—As millions of Texans shivered in dark, cold homes over the
past week while a winter storm devastated the state's power grid and froze
natural gas production, those who could still summon lights with the flick
of a switch felt lucky.

Now, many of them are paying a severe price for it.

“My savings is gone,'' said Scott Willoughby, a 63-year-old Army veteran
who lives on Social Security payments in a Dallas suburb. He said he had
nearly emptied his savings account so that he would be able to pay the
$16,752 electric bill charged to his credit card—70 times what he usually
pays for all of his utilities combined.  “There's nothing I can do about
it, but it's broken.''

Mr. Willoughby is among scores of Texans who have reported skyrocketing
electric bills as the price of keeping lights on and refrigerators humming
shot upward. For customers whose electricity prices are not fixed and are
instead tied to the fluctuating wholesale price, the spikes have been
astronomical.

The outcry elicited angry calls for action from lawmakers from both parties
and prompted Gov. Greg Abbott, a Republican, to hold an emergency meeting
with legislators on Saturday to discuss the enormous bills.  [...]

Under some of the plans, when demand increases, prices rise. The goal,
architects of the system say, is to balance the market by encouraging
consumers to reduce their usage and power suppliers to create more
electricity.

But when last week's crisis hit and power systems faltered, the state's
Public Utilities Commission ordered that the price cap be raised to its
maximum limit of $9 per kilowatt-hour, easily pushing many customers' daily
electric costs above $100. And in some cases, like Mr. Willoughby's bills
rose by more than 50 times the normal cost.  [...]

Many of the people who have reported extremely high charges, including
Mr. Willoughby, are customers of Griddy, a small company in Houston that
provides electricity at wholesale prices, which can quickly change based on
supply and demand.

The company passes the wholesale price directly to customers, charging an
additional $9.99 monthly fee. Much of the time, the rate is considered
affordable. But the model can be risky: Last week, foreseeing a huge jump in
wholesale prices, the company encouraged all of its customers—about
29,000 people—to switch to another provider when the storm arrived. But
many were unable to do so.

Katrina Tanner, a Griddy customer who lives in Nevada, Texas, said she had
been charged $6,200 already this month, more than five times what she paid
in all of 2020. She began using Griddy at a friend's suggestion a couple of
years ago and was pleased at the time with how simple it was to sign up.

https://www.nytimes.com/2021/02/20/us/texas-storm-electric-bills.html

The money quote—literally:

William W. Hogan, considered the architect of the Texas energy market
design, said in an interview this past week that the high prices reflected
the market performing as it was designed.

Welcome to TX.


Abbott appointees made 'astonishing' cuts to power reliability team before deadly Texas storm

Lauren Weinstein <lauren@vortex.com>
Fri, 19 Feb 2021 14:52:27 -0800
Abbott appointees made 'astonishing' cuts to power reliability team before
deadly Texas storm

https://www.houstonchronicle.com/politics/texas/article/Abbott-appointees-made-astonishing-cuts-to-15963686.php


Future warfare will feature autonomous weaponry (WashPost)

Gabe Goldberg <gabe@gabegold.com>
Sun, 21 Feb 2021 13:34:54 -0500
*The Washington Post*

Advanced AI means weapons operating faster, leaving human operators and
their molasses reflexes behind. Roper said that because of the way AI
capabilities are accelerating, being behind means the United States might
never catch up, which is why he's pushing to move fast and get AI out into
combat.  “It doesn't make sense to study anything in the era of AI.  It's s
better to let the AI start doing and learning, because it's a living,
breathing system, very much like a human, just silicon based.''  [...]

The United States isn't alone in venturing into this territory. Nearly two
decades ago, Britain built a missile called the Brimstone that was meant to
go after enemy vehicles it selected on its own after being released from
British Tornado fighters. Two computer algorithms—not the pilots --
dictated its actions. Brimstone wasn't exactly an example of AI: Its
algorithms were written by people, whereas AI weapons will rely on code
computers write themselves—extensive programming that's nearly impossible
to review and verify. Still, when the missile was ready for use, British
commanders ” in the midst of combat in Ira-- were facing strong
public pressure about civilian casualties and worries about international
law. All military commanders, under the rules of war, must be able to show
that they discriminate between legal military targets and civilians,
something that's hard to do if the missile rather than a person is deciding
what to strike. Ultimately, Royal Air Force commanders chose not to deploy
the missile in Iraq, instead spending a year redesigning it to add a mode
allowing pilots to pick the targets.

https://www.washingtonpost.com/magazine/2021/02/17/pentagon-funds-killer-robots-but-ethics-are-under-debate/

First companies were people, now AI is people. I thought it was just Soylent
Green that's people...


Malware Is Now Targeting Apple's New M1 Processor (WiReD)

Gabe Goldberg <gabe@gabegold.com>
Sun, 21 Feb 2021 00:59:13 -0500
Two distinct strains of malware have already adjusted to the new silicon
just months after its debut.  [...]  For now, the native M1 malware that
researchers have found doesn't seem to be a desperately dangerous threat in
itself. But the emergence of these new strains is a warning that there's
more to come—and that detection tools need to bridge the gap to be ready.

https://www.wired.com/story/apple-m1-malware/

...so the arms race continues.


Apple Is Going to Make It Harder to Hack iPhones With Zero-Click Attacks (Vice)

Monty Solomon <monty@roscom.com>
Mon, 22 Feb 2021 14:35:31 -0500
Multiple exploit developers tell Motherboard an upcoming change in iOS could make zero-click exploits harder to pull off.

https://www.vice.com/en/article/pkd4kg/apple-is-going-to-make-it-harder-to-hack-iphones-with-zero-click-attacks


IRS trifecta—not good news (WashPost)

Gabe Goldberg <gabe@gabegold.com>
Sun, 21 Feb 2021 15:42:40 -0500
Inside the IRS: The department is charged with the stimulus and tax season
is barely hanging on
*The Washington Post*

The IRS is contending with those challenges while navigating a depleted
workforce and years of underfunding. Congress has cut the agency's annual
appropriation by 20 percent since 2010, chipping away at workplace morale
and expertise.

The reduction of human capital—the IRS's most valuable resources, experts
say—risks further running the agency aground in 2021. More than 21,000
full-time employees left the agency between 2010 and 2019, including many of
its most skilled and tenured professionals. As part of sustained budget cuts
pushed by congressional Republicans upset over perceived bias within the
agency, the IRS spent years cutting back on training, too, Reardon said,
making it harder to adjust to an already hectic year.

https://www.washingtonpost.com/business/2021/02/12/irs-taxes-stimulus-biden/

Tax season 2021: A tornado is coming
A supersize list of some of the issues people will face this year

https://www.washingtonpost.com/business/2021/02/12/irs-2021-tax-season-issues/

President Biden may struggle to get new $3,000 benefit to many of America's
poorest families The White House touts plan as dramatically curbing child
poverty, but questions abound about implementation

https://www.washingtonpost.com/us-policy/2021/02/12/irs-democrats-child-tax-credit-plan/

Starve the IRS, then create chaos for it. What could go wrong...


UN discusses how not to kill the planet (UNEP)

geoff goodfellow <geoff@iconia.com>
Sun, 21 Feb 2021 12:12:01 -1000
Humans are making Earth a broken and increasingly unlivable planet through
climate change, biodiversity loss and pollution. So the world must make
dramatic changes to society, economics and daily life, a new United Nations
report says.

Unlike past U.N. reports that focused on one issue and avoided telling
leaders actions to take, Thursday's report combines three intertwined
environment crises and tells the world what's got to change. It calls for
changing what governments tax, how nations value economic output, how power
is generated, the way people get around, fish and farm, as well as what they
eat.

“Without nature's help, we will not thrive or even survive,''
Secretary-General Antonio Guterres said.  “For too long, we have been
waging a senseless and suicidal war on nature. The result is three
interlinked environmental crises.''

“Our children and their children will inherit a world of extreme weather
events, sea level rise, a drastic loss of plants and animals, food and
water insecurity and increasing likelihood of future pandemics,'' said
report lead author Sir Robert Watson, who has chaired past UN science
reports on climate change and biodiversity loss.

“The emergency is in fact more profound than we thought only a few years
ago,'' said Watson, who has been a top level scientist in the U.S. and
British governments.

This year “is a make-it or break-it year indeed because the risk of things
becoming irreversible is gaining ground every year,'' Guterres said. “We are
close to the point of no return.''

The report highlighted what report co-author Rachel Warren of the
University of East Anglia called “a litany of frightening statistics that
hasn't really been brought together:''

 * Earth is on the way to an additional 3.5 degrees warming from now (1.9
degrees Celsius), far more than the international agreed upon goals in the
Paris accord.

 * About 9 million people a year die from pollution.

 * About 1 million of Earth's 8 million species of plants and animals are
   threatened with extinction.

 * Up to 400 million tons of heavy metals, toxic sludge and other industrial
   waste are dumped into the world's waters every year.

 * More than 3 billion people are affected by land degradation, and only 15%
   of Earth's wetlands remain intact.

 * About 60% of fish stocks are fished at the maximum levels. There are more
   than 400 oxygen-depleted “dead zones'' and marine plastics pollution has
   increased tenfold since 1980.

“In the end it will hit us,'' said biologist Thomas Lovejoy, who was a
scientific advisor to the report. “It's not what's happening to elephants.
It's not what's happening to climate or sea level rise. It's all going to
impact us.''

The planet's problems are so interconnected that they must be worked on
together to be fixed right, Warren said. And many of the solutions, such as
eliminating fossil fuel use, combat multiple problems including climate
change and pollution, she said.

The report “makes it clear that there is no time for linear thinking or
tackling problems one at a time,'' said University of Michigan environment
professor Rosina Bierbaum, who wasn't part of the work.

In another break, this report gives specific solutions that it says must be
taken.

This report uses the word “must'' 56 times and “should'' 37 times. There
should be 100 more because action is so crucial, said former U.N. climate
chief Christiana Figueres, who wasn't part of the report.

“Time has totally ran out. That's why the word '8must' is in there,''
Figueres said.

The report calls for an end to fossil fuel use and says governments should
not tax labor or production, but rather use of resources that damages
nature.

“Governments are still playing more to exploit nature than to protect it,''
Guterres said. “Globally, countries spend some 4 to 6 trillion dollars a
year on subsidies that damage the environment.''

Scientists should inform leaders about environmental risks “but their
endorsement of specific public policies threatens to undermine the
credibility of their science,'' said former Republican Rep. Bob Inglis, who
founded the free market climate think tank RepublicEn.org.

The report also tells nations to value nature in addition to the gross
domestic product when calculating how an economy is doing.

Getting there means changes by individuals, governments and business, but
it doesn't have to involve sacrifice, said UN Environment Programme
Director Inger Andersen.

“There's a country that has been on that path for 25 years: Costa Rica,''
Andersen said. “Yes, these are difficult times, but more and leaders are
stepping in.''

https://www.westhawaiitoday.com/2021/02/19/nation-world-news/un-discusses-how-not-to-kill-the-planet/

*https://www.unep.org/resources/making-peace-nature*


Study of auto recalls shows carmakers delay announcements until they 'hide in the herd' (Techxplore.com)

Richard Stein <rmstein@ieee.org>
Mon, 22 Feb 2021 21:59:56 +0800
https://techxplore.com/news/2021-02-auto-recalls-carmakers-herd.html

'"The implication is that auto firms are either consciously or unconsciously
delaying recall announcements until they are able to hide in the herd," said
George Ball, assistant professor of operations and decision technologies and
Weimer Faculty Fellow at the Indiana University Kelley School of
Business. "By doing this, they experience a significantly reduced stock
penalty from their recall."'

The auto industry's product defect disclosure practice illustrates a callous
disregard for public safety, an exemplary model of "Profit Without Honor"
(see
https://www.amazon.com/Profit-Without-Honor-Looting-Criminal/dp/0134871421).

History teaches that commercial product defect discovery and disclosure
depend on profit-driven organizational behavior. Foreknowledge of brand
killing defects often fails to motivate governance actions to mitigate them
when profits are risked. Boeing's MCAS, Volkswagen's defeat device,
Morton-Thiokol's (https://en.wikipedia.org/wiki/Thiokol) SRB O-ring, and
Takada's airbag inflator serve as significant examples.

Should product defect disclosure processes, purposely delayed to protect
profits, be penalized? The threat of a stiff fine, and civil or criminal
prosecution, may restore product safety disclosure fidelity and reaffirm
responsible corporate citizenship.

Risk: Product defect disclosure latency


The Race to Fix Virtual Meetings (AKA, the nightmare continues (NYTimes)

Gabe Goldberg <gabe@gabegold.com>
Sun, 21 Feb 2021 13:25:25 -0500
Sick of boring grids of heads? A new crop of start-ups aims to bring some
serendipity and spark to remote meetings.

https://www.nytimes.com/2021/02/17/magazine/video-conference.html

Good comment:

Please stop. I do not want to add actor and or a performance artist to my
job description. So far, It is just a meeting. I understand virtual
conferences and speakers.  Virtual reality on the home-front needs a
rethink.  The true reality that we are not, for the most part, interested
in replacing or finding a work-around solution to in-person contact with a
fantasy.  If you want to monetize further "zoom" meetings etc., and their
counterparts, say so. Where is the hue and cry for an extended, more upbeat
meeting arena? Now, let's talk about something substantial like the
currently existing "digital divide," so there is not another crater being
created between the "haves and the have nots."


Sign this 8-year-old up!

Gabe Goldberg <gabe@gabegold.com>
Sun, 21 Feb 2021 12:55:23 -0500
She's got a real future as a cybersecurity Red Team member...

The grifter: someone's 8 year old niece

The prize: Playing virtual hooky permanently (School Zoom calls)

The marks: sister, brother in law, teacher, school's s computer teacher,
principal and Zoom's support team

The con: How she pulled it off

https://twitter.com/mfpiccolo/status/1360685864100237318


China Censors the Internet. So Why Doesn't Russia? (NYTimes)

Lauren Weinstein <lauren@vortex.com>
Sun, 21 Feb 2021 08:02:14 -0800
https://www.nytimes.com/2021/02/21/world/europe/russia-internet-censorship.html


A reminder about U2F/FIDO security keys and account security (Google)

Lauren Weinstein <lauren@vortex.com>
Sun, 21 Feb 2021 11:29:32 -0800
U2F/FIDO is superior to other 2sv (2-step verification) authentication
systems because it's a "what you know and *what you have*" system that makes
such a difference. The phisher doesn't have your key. When Google
implemented this internally, successful phishing dropped to zero.

Using U2F/FIDO security keys to protect your Google account:
https://support.google.com/accounts/answer/6103523
https://help.twitter.com/en/managing-your-account/two-factor-authentication


Can't make this up—panic culture (10TV)

Gabe Goldberg <gabe@gabegold.com>
Sun, 21 Feb 2021 12:48:03 -0500
Spare roses placed on Walmart cars triggers sex trafficking panic

Dozens of roses were left on vehicles, leading people to call the sheriff's
office, which issued a warning about a potential tie to human trafficking.

https://www.10tv.com/article/news/local/roses-left-on-vehicles-create-temporary-panic-at-coshocton-walmart/530-6c8b72ed-9b05-40fa-89bf-dd4620aebe3b

Punchline: At end, after it's revealed as a friendly/loving gesture after
fellow spent $300 on roses when proposing to his girlfriend, and they
decided to share the flowers, sheriff said it's a good reminder to be
vigilant and report anything unusual—instead of telling people to get a
grip. No, it's a reminder to not start/believe ridiculous rumors.


Current state of DDoS (IEEE)

Peter Neumann <neumann@csl.sri.com>
Sat, 20 Feb 2021 10:28:19 PST
Dan Geer suggests: in light of the Texas fiasco (RISKS-32.50), it might be
worth your checking this item out:

  Article in the current *IEEE Computer *:

  21 Years of Distributed Denial-of-Service: Current State of Affairs Eric
  Osterweil and Angelos Stavrou, George Mason University and Lixia Zhang,
  UCLA https://cs.gmu.edu/~eoster/doc/21-ddos-current.pdf


Warning regarding fake Mars Probe video

Lauren Weinstein <lauren@vortex.com>
Sat, 20 Feb 2021 10:24:23 -0800
WARNING: While the new Mars probe has audio capability for the first time, a
video racking up views claiming to be video & audio from the new probe is
reportedly a fake, with video from an older probe and audio of unknown
origin. The new probe has not sent audio or video yet.


UMass Amherst Team Helps Demonstrate Spontaneous Quantum Error Correction

ACM TechNews <technews-editor@acm.org>
Fri, 19 Feb 2021 12:40:31 -0500 (EST)
UMass Amherst, 11 Feb 2021, via ACM TechNews, 19 Feb 2021

University of Massachusetts Amherst researchers have devised a novel form of
quantum error correction (QEC) featuring spontaneous, or passive,
correction.  The passive QEC method specifically designs the friction or
dissipation experienced by a quantum bit (qubit). UMass Amherst's Chen Wang
said, "Although our experiment is still a rather rudimentary demonstration,
we have finally fulfilled this counterintuitive theoretical possibility of
dissipative QEC. Looking forward, the implication is that there may be more
avenues to protect our qubits from errors and do so less expensively.
Therefore, this experiment raises the outlook of potentially building a
useful fault-tolerant quantum computer in the mid to long run."

https://www.umass.edu/newsoffice/article/umass-amherst-team-helps-demonstrate


Quantum networking progress (

rod van meter <rdviii@gmail.com>
February 19, 2021 at 11:43:12 AM GMT+9
  [Via David Farber's IP]

New paper (though not yet peer reviewed) from TU Delft, the leading
experimental group using solid state qubit memories connected via single
photons:

https://arxiv.org/abs/2102.04471

And this interested Nature enough that they have a news article on it,
quoting yours truly: https://www.nature.com/articles/d41586-021-00420-5

This is important because it's the first time that coupling entanglement
across more than one hop has been done using solid state memories.


New Approach to 3D Printing of Human Tissue Closer to Reality (Brian P. Dunleavy)

ACM TechNews <technews-editor@acm.org>
Fri, 19 Feb 2021 12:40:31 -0500 (EST)
Brian P. Dunleavy, UPI, 16 Feb 2021
via ACM TechNews; Friday, February 19, 2021

Carnegie Mellon University researchers have developed a new approach to
three-dimensional (3D) bioprinting that fixes problems caused by gravity in
the bioinks. The Freefrom Reversible Embedding of Suspended Hydrogels
approach involves 3D printing in a "support bath," which holds the bioinks
in place until they are cured and provides an environment that maintains
high cell viability. Use of the support bath overcomes the challenges of 3D
printing soft materials in air, as gravity distorts soft and liquid bioinks
that are deposited in a layer-by-layer manner using a syringe pump. Although
the technology already has been used to bioprint functional heart valves and
contractile cardiac ventricles, Carnegie Mellon's Daniel J. Shiwarski said
clinical use of printed tissue is "still years away."
https://www.upi.com/Health_News/2021/02/16/Study-New-approach-to-3D-printing-of-human-tissue-closer-to-reality/3211613494678/


John Deere Promised Farmers It Would Make Tractors Easy to Repair. It Lied.

Peter Neumann <neumann@csl.sri.com>
Sun, 21 Feb 2021 12:32:11 PST
https://www.vice.com/en/article/v7m8mx/john-deere-promised-farmers-it-would-make-tractors-easy-to-repair-it-lied


Re: Texas vs FERC's "best practices" for anticipating disasters (RISKS-32.50)

Mark Brader <msb@Vex.Net>
Fri, 19 Feb 2021 19:09:11 -0500 (EST)
> In our RISKS-related archives is also a major six-week complete power-outage
> disaster in Quebec in the winter of 1996-1997 when transmission towers froze
> and collapsed from the weight of ice under the prolonged hard freeze, and the
> outage lasted for months...  (Surely, cold weather was not a surprise there.)

Prolonged cold weather was not a surprise, but what they hadn't planned for
was prolonged *freezing rain*.

http://gizmodo.com/that-time-a-canadian-town-derailed-a-diesel-train-and-d-1846307148

  [Similar comment from Neil Youngman.  PGN]


Re: U.S. Water Supply Has Few Protections Against Hacking (RISKS-32.50)

Amos Shapir <amos083@gmail.com>
Sat, 20 Feb 2021 12:51:50 +0200
It seems that no notice was taken of a similar incident in Israel in April
2020; the attack (trying to increase chlorine level in water supply) and
infiltration method (taking over the controlling OS by remote access) may
indicate that the same hackers were involved.

https://www.timesofisrael.com/6-facilities-said-hit-in-irans-cyberattack-on-israels-water-system-in-april/


Re: "Vaccine" passport? (RISKS-32.50)

Amos Shapir <amos083@gmail.com>
Sat, 20 Feb 2021 13:16:56 +0200
FWIW, I just received my Israeli "Green Passport".  It is distributed as a
PDF document, containing (plain text on a green background): Name (in Hebrew
and English), ID number, passport number, DOB, date of inoculation (which is
one week after receiving 2nd dose) and expiration date (6 months later).

Then there are details of each dose: Date, type (Pfizer), production
(BNT162b2, probably BioNtech), batch number, and health provider
organization which administered it.

There is also a QR code containing (in base64-encoded plain text) XML code
of the fields: "idType" (probably indicating Israeli ID or foreign
passport), "idNum", "certNum" (a hex value, which doesn't appear on the
card itself), "fullName" (in Hebrew only), "immunedSince" (date value)
"expirationDate" (date value).

It seems that the "certNum" field is an attempt at validation, but it's
unclear how it may be used.


Re: Incredibly poor software design costs Citigroup $500M (RISKS-32.50)

"Jim" <jgeissman@socal.rr.com>
Sat, 20 Feb 2021 16:48:47 -0800
The interface reminds one of programming a computer from the 1950s by
setting the console switches. It probably made sense to the designer,
though, because he knew too much about the process. Take-away: Double-check
the expert's ideas. (And double-check transactions that represent a large
loss.)


Re: Gorilla COVID risks (CNN, RISKS-32.50)

"John Levine" <johnl@iecc.com>
20 Feb 2021 13:36:04 -0500
>  Tourists who take selfies with wild mountain gorillas could put the
>  primates at risk of developing Covid-19, according to new research.

Funny you should mention that.  Today's NY Times has a piece on the gorillas
at the San Diego Safari Park, the open air annex to the SD Zoo.

  The noises of nature sometimes carry broader meanings. The howl of a wolf
  signifies that wildness endures. The gronk of Canada geese moving south
  overhead reminds Americans to brace for winter. The sound of a coughing
  gorilla signals that Covid-19 is an even bigger problem than we
  thought. ...

https://www.nytimes.com/2021/02/19/opinion/covid-symptoms-gorillas.html
https://www.nytimes.com/2021/01/11/us/gorillas-coronavirus-san-diego.html


Re: Spy pixels in emails have become endemic' (BBC News)

"John Levine" <johnl@iecc.com>
20 Feb 2021 15:22:30 -0500
Risks of press releases!

If you read the article, you'll see it's actually a thinly rewritten press
release for a commercial service that purports to block web bugs, the
standard name for what he calls "spy pixels."

They are annoying and creepy, but they are very much not news. Here's a
description of them the EFF published over 20 years ago:

https://web.archive.org/web/20010729060646/www.eff.org/Privacy/Marketing/web_bug.html

They're also not hard to avoid. Mail programs like Thunderbird only load
images from senders who you've marked as friendly. I still use Alpine to
read my mail. Since it runs in a terminal window, it doesn't render images
at all, just shows you where they are in the message and what they point to.

The least malicious excuse for them I've seen for web bugs is that smart
marketers use them to see who is reading their mail, and stop sending mail
to people who consistently don't open the message. I'm not sure how
persuasive that is, but it does have some plausible benefit.

Oh, and the strangest thing is that in most cases they're completely
pointless. Any image in any HTML mail message can be used to track who is
opening the mail. (I did some experiments a while back.) Why point an arrow
at yourself by using an obvious transparent 1x1 image?


Re: Japanese contact tracing software: Update on Cocoa bug (Ishikawa, RISKS-32.50)

Anthony Thorn <anthony.thorn@atss.ch>
Sun, 21 Feb 2021 10:00:06 +0100
Kyosuke Yamamoto, Asahi, 19 Feb 2021
Japan's defective contact-tracing app COCOA gets bug fix update
http://www.asahi.com/ajw/articles/14203456

Bugs have been fixed in Japan's COVID-19 contact-tracing smartphone app
COCOA, the health ministry announced 18 Feb, starting distribution of the
updated version the same day.  COCOA, introduced to alert users if they come
into close contact with someone who has tested positive for COVID-19, had
failed to send Android users notifications since the end of last September.

Despite the correction, users still will have to restart the app once a day
for it to operate properly.

The new version also fixes two other previously unpublicized bugs, one that
kept some iPhone users from getting notifications depending on their OS
version, and one that initialized the app on some mobile phones, mostly
iPhones, after it had been used for a while.

The ministry had said on 3 Feb 2021 that bugs were not reported among iPhone
users.

In announcing the new update, the ministry asked Android users to update
their phones to the corrected version and to restart the app once a day and
asked iPhone users to update to the latest iOS14.

also:
http://www.asahi.com/ajw/articles/14191936
http://www.asahi.com/ajw/articles/14162695

Please report problems with the web pages to the maintainer

Top