The RISKS Digest
Volume 32 Issue 55

Tuesday, 16th March 2021

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

Report on foreign activities to influence the 2020 election
DNI
Mother and daughter arrested for allegedly hacking student accounts to rig homecoming court votes
CNN
What happens when an unstoppable force hits an immovable object?
Justin Bariso
Everything You Need to Know About Evolving Threat of Ransomware
The Hacker News
Telecommunications plans to block Google Voice Messaging
Android Police
A Hacker Got All My Texts for $16
Vice
It's time to stop using SMS for anything
Vice
Spoiler Alert: Bits from Covid: Season 2
Henry Baker
Maggots, Rape and Yet Five Stars: How U.S. ratings of nursing homes mislead the public
NYTimes
Massive Facebook study on users' doubt in vaccines finds a small group appears to play a big role in pushing the skepticism
WashPost
From Crypto Art to Trading Cards, Investment Manias Abound
NYTimes
Amazon Dash Smart Shelf Review: The Future of Automatic Shopping
WiReD
Federal investigators blast Tesla, call for stricter safety standards
Ars Technica
‘Painless’ glucose monitors are popular but little evidence they help most diabetes patients
nbcnews.com
Microsoft-Led Team Retracts Disputed Quantum-Computing Paper
WiReD
Twitter bug blocks the word ‘Memphis’
CBS News
Re: Computers get Sundays off?
John Levine
Re: Farms are going to need different kinds of robots
Thomas König
Re: Voting Machine Hashcode Testing: Unsurprisingly insecure, and surprisingly, insecure
Erlink Ktristiansen
Re: Confusing computer-interface complexity causes train crash
Mark Brader
Re: Too much choice is hurting America
Henry Baker
Re: Boeing 777 PW4000 engine problems
Richard Stein
Re: T-Mobile to Step Up Ad Targeting of Cellphone Customers
Craig S. Cottingham
Info on RISKS (comp.risks)

Report on foreign activities to influence the 2020 election

Peter G Neumann <neumann@csl.sri.com>
Tue, 16 Mar 2021 13:40:10 PDT

Report from CISA and FBI on interference with election infrastructure: https://www.dhs.gov/publication/key-findings-and-recommendations-foreign-interference-related-2020-us-federal-elections

Key Findings and Recommendations: Foreign Interference Related to the 2020 U.S. Federal Elections

This product provides a declassified overview of findings and recommendations from a classified joint report from the Attorney General and Secretary of Homeland Security addressing the impact of activities by foreign governments and their agents targeting election infrastructure or infrastructure pertaining to political organizations, candidates, or campaigns used in the 2020 U.S. federal elections on the security or integrity of such infrastructure. Pursuant to Executive Order (EO) 13848, the joint report relied on the Intelligence Community Assessment (ICA) addressing foreign threats to the 2020 U.S. elections. www.dhs.gov

https://www.dni.gov/files/ODNI/documents/assessments/ICA-declass-16MAR21.pdf


Mother and daughter arrested for allegedly hacking student accounts to rig homecoming court votes (CNN)

Jim Reisert AD1C <jjreisert@alum.mit.edu>
Tue, 16 Mar 2021 13:15:56 -0600

Madeline Holcombe and Jamiel Lynch, CNN, 16 Mar 2021 https://www.cnn.com/2021/03/16/us/mother-daughter-homecoming-votes-trnd/

The release says investigators found Carroll, an assistant principal at Bellview Elementary, and her daughter, a student at Tate High used Carroll's district-level access to enter accounts, where hundreds of fraudulent votes were cast for the Taft homecoming court. The votes were flagged as fraudulent when 117 votes allegedly originated from the same IP address within a short period of time. Authorities reported that FDLE agents found evidence of unauthorized access linked to Carroll's cellphone as well as home computers.

What happens when an unstoppable force hits an immovable object? (Justin Bariso)

Dewayne Hendricks <dewayne@warpspeed.com>
Sat, Mar 13, 2021 at 8:08 PM

In a recent speech in Brussels marking International Data Privacy Day, Apple CEO Tim Cook went on the offensive against Mark Zuckerberg and Facebook. Cook's speech seems to be a direct response to Facebook's recent attack on Apple, in which the world's largest social network took out full-page ads in several newspapers attacking Apple's new privacy changes.

But what's most fascinating is that Cook took direct aim at Facebook without ever mentioning the company by name.

Just check out the following excerpt:

“Technology does not need vast troves of personal data stitched together across dozens of websites and apps in order to succeed. Advertising existed and thrived for decades without it, and we're here today because the path of least resistance is rarely the path of wisdom.”

“If a business is built on misleading users on data exploitation, on choices that are no choices at all, then it does not deserve our praise. It deserves reform.”

“We should not look away from the bigger picture. In a moment of rampant disinformation and conspiracy theories juiced by algorithms, we can no longer turn a blind eye to a theory of technology that says all engagement is good engagement, the longer the better, and all with the goal of collecting as much data as possible.”

“Too many are still asking the question ‘How much can we get away with?’ when they need to be asking ‘What are the consequences?’”

“What are the consequences of prioritizing conspiracy theories and violent incitement simply because of the high rates of engagement?”

“What are the consequences of not just tolerating but rewarding content that undermines public trust in life-saving vaccinations?”

“What are the consequences of seeing thousands of users joining extremist groups and then perpetuating an algorithm that recommends even more? It is long past time to stop pretending that this approach doesn't come with a cost. A polarization of lost trust, and yes, of violence. A social dilemma cannot be allowed to become a social catastrophe.”

The fact that Cook doesn't name Facebook somehow increases its impact. Because as you hear Cook's speech, you can't help but immediately think of the house that Zuckerberg built.

If you're wondering how Apple and Facebook ended up at odds, you can read more of the details here. But the reality is these two tech giants have been heading toward a major conflict for quite some time.

The problem is that Apple's and Facebook's business philosophies are diametrically opposed to each other.

Apple is a lifestyle brand. And part of the lifestyle Apple sells is users having more control over their privacy.

Facebook, on the other hand, is in the data business. The more data it collects on users, the more effectively it can sell targeted ads.

But collecting and selling all that data comes at great cost, as Cook highlights. “The end result of all of this is that you are no longer the customer,” said Cook. “You are the product.”

Cook went on to further highlight the differences in Apple's and Facebook's philosophies, in no uncertain terms.

“We believe that ethical technology is technology that works for you,” said Cook. “It's technology that helps you sleep, not keeps you up. It tells you when you've had enough. It gives you space to create or draw or write or learn, not refresh just one more time.”

At first glimpse, it might appear that Apple and Facebook are on diverging paths. But in reality, they're on a collision course.

So, what does happen when an unstoppable force hits an immovable object?

One of them gets destroyed.

The takeaway

There are major lessons here for entrepreneurs and business owners.

As Cook aptly points out, “advertising existed and thrived for decades” without using data that was collected in less than transparent ways. And as customers are offered more choice when it comes to how apps and websites track their data, experts predict that more and more people will opt out of said tracking.

If you're an advertiser, you'll need to adapt. Or die. […] https://www.inc.com/justin-bariso/tim-cook-may-have-just-ended-facebook.html


Everything You Need to Know About Evolving Threat of Ransomware (The Hacker News)

geoff goodfellow <geoff@iconia.com>
Sun, 14 Mar 2021 12:18:22 -1000

The cybersecurity world is constantly evolving to new forms of threats and vulnerabilities. But ransomware proves to be a different animal—most destructive, persistent, notoriously challenging to prevent, and is showing no signs of slowing down.

Falling victim to a ransomware attack can cause significant data loss, data breach, operational downtime, costly recovery, legal consequences, and reputational damage.

In this story, we have covered everything you need to know about ransomware and how it works. What is ransomware?

Ransomware is a malicious program that gains control over the infected device, encrypts files, and blocks user access to the data or a system until a sum of money, or ransom, is paid.

Crooks' scheme includes a ransom note—with amount and instructions on how to pay a ransom in return for the decryption key—or direct communication with the victim.

While ransomware impacts businesses and institutions of every size and type, attackers often target healthcare, education, IT, government, and finance sectors with deeper pockets—causing damages ranging from hundreds of millions to billions of dollars.

Ransomware attacks started picking up in 2012, and since then, it has become the most pervasive cyber-attacks across the world.

For instance, HelloKitty ransomware hit Polish video game developer CD Projekt Red last week with quite a popular tactic, i.e., attackers threatened the company to leak the source code of games, including Cyberpunk 2077, Witcher 3, Gwent, and along with confidential files in the company.

And it's actually happened! After CD Projekt announced that they would not be paying the ransom, attackers created an auction for the stolen data on a hacker forum.

And it isn't the only example. Ransomware has always been one of the most popular kinds of malicious samples uploaded in malware analysis sandbox ANY.RUN <https://any.run/>. Over 124,00 interactive sessions with ransomware were analyzed online only in 2020. From a locker to the enterprise. […]

https://thehackernews.com/2021/02/everything-you-need-to-know-about.html


Telecommunications plans to block Google Voice Messaging (Android Police)

Bob Frankston <Outlook@bob.ma>
Sat, 13 Mar 2021 19:28:55 +0000

https://www.androidpolice.com/2021/03/09/google-voice-wont-forward-text-messages-to-outside-numbers-much-longer/

The telecommunications providers will soon stop forwarding Google Voice text messages. While one can argue that such messages have become a spam problem, the carriers are in a special position as gatekeepers. We must have the option of bypassing their policies, especially when their solution happens to conveniently protect their legacy business model. It is particularly dangerous for those who rely on a portable messaging number that will reach us on any device in an emergency.

It's a reminder of the problem with a system based on perimeter security. 5G (https://rmf.vc/IEEE5GPast) is another facet of clawing control and value back into the network based on the idea the TPC (The Phone Company) knows best.


A Hacker Got All My Texts for $16 (Vice)

geoff goodfellow <geoff@iconia.com>
Mon, 15 Mar 2021 10:41:26 -1000

A gaping flaw in SMS lets hackers take over phone numbers in minutes by simply paying a company to reroute text messages.

I didn't expect it to be that quick. While I was on a Google Hangouts call with a colleague, the hacker sent me screenshots of my Bumble and Postmates accounts, which he had broken into. Then he showed he had received texts that were meant for me that he had intercepted. Later he took over my WhatsApp account, too, and texted a friend pretending to be me.

Looking down at my phone, there was no sign it had been hacked. I still had reception; the phone said I was still connected to the T-Mobile network. Nothing was unusual there. But the hacker had swiftly, stealthily, and largely effortlessly redirected my text messages to themselves. And all for just $16.

I hadn't been SIM swapped, where hackers trick or bribe telecom employees to port a target's phone number to their own SIM card. Instead, the hacker used a service by a company called Sakari, which helps businesses do SMS marketing and mass messaging, to reroute my messages to him. This overlooked attack vector shows not only how unregulated commercial SMS tools are but also how there are gaping holes in our telecommunications infrastructure, with a hacker sometimes just having to pinky swear they have the consent of the target.

“Welcome to create an account if you want to mess with it, literally anyone can sign up,” Lucky225, the pseudonymous hacker who carried out the attack, told Motherboard, describing how easy it is to gain access to the tools necessary to seize phone numbers. […] https://www.vice.com/amp/en/article/y3g8wb/hacker-got-my-texts-16-dollars-sakari-netnumber


It's time to stop using SMS for anything (Vice)

geoff goodfellow <geoff@iconia.com>
Mon, 15 Mar 2021 10:54:25 -1000

By now most infosec professionals are aware of various ways SMS text messaging can be hijacked. For example so-called SIM Swap attacks, SS7 attacks, Port-out fraud, etc. All of these attacks however do require some level of sophistication, whether it be high level access to SS7, or account information or social engineering to successfully port out the phone number to a new provider or swap the sim on the existing account. <https://www.vice.com/en/article/a37epb/t-mobile-alert-victims-sim-card-hack> <https://www.vice.com/en/article/xyezmn/we-were-warned-about-flaws-in-the-mobile-data-backbone-for-years-now-2fa-is-screwed> <https://www.vice.com/en/article/mg7bd4/how-a-hacker-can-take-over-your-life-by-hijacking-your-phone-number>

There [are] however other vulnerabilities that are not particularly well known. For VoIP numbers in particular, which may be assigned to a CLEC or VoIP wholesaler, the SMS may need to be routed to a different carrier than the carrier of record. This is accomplished in two different ways. One is an ALT SPID, which NPAC defines <https://www.npac.com/resources/public-knowledgebase/glossary> as “The four-digit identifier of a second service provider associated with a telephone number or thousand block. It identifies the wholesale service provider customer to which the PSTN service provider has assigned the number. The second service provider in turn may either assign the number to its retail customer or to another service provider for its use.” ALT SPIDs are vulnerable and susceptible to change and can be used to hijack SMS, but it too does require carrier-level access to make changes directly to NPAC. In particular, and importantly, it requires the current provider's co-operation for the new carrier's ALT SPID to be added in NPAC.

Which brings us to an alternative SMS routing provider, NetNumber <https://www.netnumber.com/>. NetNumber has a product called NetNumber ID (NNID), it's a 6-digit number similar to an ALT SPID that identifies the carrier to route to for SMS. Net Number explains it in this 2019 Q&A <https://www.netnumber.com/netnumber-somos-qa/> […] https://lucky225.medium.com/its-time-to-stop-using-sms-for-anything-203c41361c80


Spoiler Alert: Bits from Covid: Season 2

Henry Baker <hbaker1@pipeline.com>
Sat, 13 Mar 2021 16:18:21 -0800

So, I finally got my 2nd vaccination shot exactly 1 year after the Covid pandemic officially started (in the U.S.). Hint: don't plan anything important for the day after your 2nd shot!)

Unfortunately for the ~120 million people who got Covid, the ~2.7 million people who died from Covid (including 534k deaths in the U.S., and 30k deaths in NYC), the Covid-19 pandemic will NOT be a once in a century event, because it has unleashed knowledge to the wider world that used to reside only in epidemiologists' and science fiction writers' nightmares.

We in the computer science community know where this story goes next, and it isn't pretty. We've seen computer viruses, hacks, and ransomware on a global scale, and now have an entire branch of the U.S. armed forces dedicated to fighting (and promulgating!) these types of attacks. “Cut-and-paste” actors will convert every kind of cyber-attack into an analogous biological attack.

Plan on “Roundup”* attacks, where a country (or terrorist group or cynical company) simultaneously develop a novel pandemic virus and its corresponding vaccine; the country (or group) silently hides the vaccine among other vaccination programs, and then either releases the virus into the wild, or holds the world hostage with the threat of its release.

(* Roundup attacks naturally occurring weeds, but not genetically-engineered—and expensive—“Roundup Ready” crops.)

Although the U.S. suffered ~100X the deaths of 911, including ~10X the deaths in NYC alone, the U.S. is currently not yet even contemplating the need to spend the $6T or so that it has spent fighting the “911 forever wars” to fight future pandemics.

Yet we know future pandemics are coming, and soon, precisely because the advanced world has shown itself vulnerable to these attacks, and the effect on combat readiness, without even considering the effect on the economy as a whole, would make the advanced world easy prey to a 21st Century Hitler. Major countries could be convinced to give up without a single shot(!), once an outbreak demonstrated the effectiveness of such a weaponized virus.

Bill Gates sounded the alarm several years ago, but his alarm went unheeded; he also underestimated the potential for mischief that is possible in Covid: Season 2.

Covid: Season 2 will see a crash program involving trillions of dollars to collapse the time for both developing and distributing a new vaccine from a year to less than ONE WEEK. The world will need to develop an ”electronic immune system“ which can quickly recognize (i.e., DNA/RNA sequence) a novel virus, transmit this data to a widely distributed network of miniature vaccination manufacturing machines located in every hospital, doctor's office, drug store, etc., ready to instantly synthesize this new vaccine for “shots in arms” within DAYS of the initial recognition.

Since there won't be time for 3-6 month FDA studies, these vaccines will have to be tested on a gigantic network of living human cell cultures from a substantial fraction of the population—enough to guarantee that any new vaccine won't cause more harm than it is intended to prevent.

Simultaneously with the development of the new vaccine(s), a similar set of testing reagents will have to be developed, tested and distributed to a similar network of miniature testing machines co-located in all of the same facilities.

Such an effort may seem excessive, but the current Covid pandemic may soon appear in retrospect to be merely a warm-up for a truly devastating pandemic along the lines of the Black Death plague of 1348, which wiped out 30/50/70% of the population of some cities. A truly “engineered” virus might achieve such a catastrophic result.

The size of these numbers of deaths worldwide far exceeds those from any but the largest meteorites, while the likely time frame is much, much shorter. We need this immune response capability within the next 5-8 years, as I imagine that the clock has already started ticking on the engineered viruses of Covid: Season 2.

If the advanced world can coordinate to suppress nuclear weapons, would it not be much easier and much more important to coordinate to suppress such a global viral threat?


Maggots, Rape and Yet Five Stars: How U.S. ratings of nursing homes mislead the public (NYTimes)

Monty Solomon <monty@roscom.com>
Sat, 13 Mar 2021 19:26:27 -0500

Nursing homes have manipulated the influential star system in ways that have masked deep problems — and left them unprepared for Covid-19.

https://www.nytimes.com/2021/03/13/business/nursing-homes-ratings-medicare-covid.html


Massive Facebook study on users' doubt in vaccines finds a small group appears to play a big role in pushing the skepticism

Monty Solomon <monty@roscom.com>
Mon, 15 Mar 2021 19:55:25 -0400

Facebook is conducting a vast behind-the-scenes study of U.S. users who express doubtfulness about vaccines, a major project that attempts to probe and teach software to understand the medical attitudes of millions of Americans, according to documents obtained by The Washington Post.

https://www.washingtonpost.com/technology/2021/03/14/facebook-vaccine-hesistancy-qanon/


From Crypto Art to Trading Cards, Investment Manias Abound (NYTimes)

Gabe Goldberg <gabe@gabegold.com>
Sun, 14 Mar 2021 13:11:20 -0400

Each market frenzy seems crazier than the last. But all have the same roots.

SAN FRANCISCO—This past week, a trading card featuring the quarterback Tom Brady sold for a record $1.3 million. The total value of the cryptocurrency Bitcoin hit $1 trillion. And Christie's sold a digital artwork by an artist known as Beeple for $69.3 million after bids started at just $100.

These seemingly singular events were all connected, part of a series of manias that have gripped the financial world. For months, professional and everyday investors have pushed up the prices of stocks and real estate. Now the frenzy has spilled over into the riskiest — and in some cases, wackiest — assets, including digital ephemera and media, cryptocurrencies, collectibles like trading cards and even sneakers.

The surges have been driven by a unique set of conditions. Even as millions were laid off in the pandemic, many people's bank accounts flourished, flush from stimulus checks and government cash infusions into the economy. But while people accumulated more money, traditional investments like stocks and bonds became less attractive.

https://www.nytimes.com/2021/03/13/technology/crypto-art-NFTs-trading-cards-investment-manias.html


Amazon Dash Smart Shelf Review: The Future of Automatic Shopping (WiReD)

Gabe Goldberg <gabe@gabegold.com>
Sun, 14 Mar 2021 13:28:57 -0400

Amazon's Internet-connected scale automatically repurchases whatever you stack on it when supplies get low. This is both neat and problematic.

Author writes:

I don't know what possessed me to buy an Amazon Dash Smart Shelf, but it happened near the end of 2020, and 2020 was a very strange year. On November 25, I ordered the $20 auto-replenishment scale-large size, and by December 1 it had arrived. In a customer support email, Amazon urged me to get started with the Smart Shelf, which is to say Amazon wanted me to get shopping.

The point of the Amazon Dash Smart Shelf is that you don't actually do the shopping. Like all of Amazon's Dash products, which are linked to the company's Dash Replenishment Service (DRS for short), the shelf is supposed to be smart enough to know when you're running low on whatever you might find on Amazon. It senses when the load is getting too light and automatically re-ups without you having to do anything. In October 2020, after nearly a year of testing the Dash Smart Shelf with the help of small and medium-sized businesses, Amazon made it available to all customers.

Behold, Amazon's vision for our interface-free future of shopping: You need not even utter a sigh in the vicinity of an Alexa speaker or press a garbage-bag-branded dongle. Your appliances just know. The Dash Shelf is like an empty Amazon warehouse shelf, begging to be restocked; only in this case, it's in your office. Or your home. Or your home office.

https://www.wired.com/review/amazon-dash-smart-shelf/

Oh, whatever could go wrong with this. Cleaner lifts everything on shelf to dust it and a big truck arrives for you.


Federal investigators blast Tesla, call for stricter safety standards (Ars Technica)

Lauren Weinstein <lauren@vortex.com>
Sat, 13 Mar 2021 08:13:06 -0800

https://arstechnica.com/cars/2021/03/federal-investigators-blast-tesla-call-for-stricter-safety-standads/


‘Painless’ glucose monitors are popular but little evidence they help most diabetes patients (nbcnews.com)

Richard Stein <rmstein@ieee.org>
Mon, 15 Mar 2021 13:59:58 +0800

https://www.nbcnews.com/health/diabetes/painless-glucose-monitors-are-popular-little-evidence-they-help-most-n1261013

“In the nation's battle against the diabetes epidemic, the go-to weapon being aggressively promoted to patients is as small as a quarter and worn on the belly or arm.”

“A continuous glucose monitor holds a tiny sensor that's inserted just under the skin, alleviating the need for patients to prick their fingers every day to check blood sugar. The monitor tracks glucose levels all the time, sends readings to patients' cellphone and doctor, and alerts patients when readings are headed too high or too low.”

“Nearly 2 million people with diabetes wear the monitors today, twice the number in 2019, according to the investment firm Baird.”

“There's little evidence continuous glucose monitoring (CGM) leads to better outcomes for most people with diabetes—the estimated 25 million U.S. patients with Type 2 disease who don't inject insulin to regulate their blood sugar, health experts say. Still, manufacturers, as well as some physicians and insurers, say the devices help patients control their diabetes by providing near-instant feedback to change diet and exercise compared with once-a-day fingerstick tests. And they say that can reduce costly complications of the disease, such as heart attacks and strokes.”

I don't know where Baird acquired their estimate of devices in use. That number is not freely publicized by manufacturers or medical journals.

FDA's Total Product Life Cycle platform reveals numerous medical device reports (MDRs). Some 200,729 reports were filed, substantially by device suppliers following up with healthcare suppliers. https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfTPLC/tplc.cfm?id=682&min_report_year=2016

The top-10 patient problems are shown in CSV format from JAN2016 through FEB2021:

Patient Problems,MDRs with this Patient Problem,Events in those MDRs No Consequences Or Impact To Patient,244264,244264 No Known Impact Or Consequence To Patient,68125,68125 No Clinical Signs, Symptoms or Conditions,56723,56723 Hypoglycemia,899,899 Reaction,538,538 Loss of consciousness,283,283 Foreign Body In Patient,275,275 Erythema,255,255 Hyperglycemia,242,242 Itching Sensation,223,223

Note the terms “No Consequence or Impact to Patient” and “No Known Impact or Consequences To Patient.” The labels attempt to discriminate malfunction types. What's the difference? Subtle. To the patient, there is virtually no distinction.

Contrast these two MDR reports for Malfunction:

  1. https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfmaude/detail.cfm?mdrfoi__id=11301564&pc=QBJ
  2. https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfmaude/detail.cfm?mdrfoi__id=11389200&pc=QBJ

The MDRs identify Malfunctions with proportionately few patient injuries as shown in the Patient Problems CSV records. The patient's health care provider consultation does require time, and money expenditure to reconcile the CGM's inconsistent or non-deterministic output as traced to the Device Problem records below.

Unless the insurance company completely covers the expense for physician encounter, the patient probably pays out-of-pocket expense. Insurance premiums are influenced as a result. The device supplier filing the MDR is not apparently concerned by this impact; the patient doesn't suffer physiologically.

Risk: Dependency on an unpredictable CGM comprises a significant public health risk.

A quick examination of the Device Problems, also established by the MDR submission reveals CGM technology possessing bugs that compel healthcare provider consultations.

The top-10 device problems are shown in CSV format from JAN2016 through FEB2021:

Device Problems,MDRs with this Device Problem,Events in those MDRs Wireless Communication Problem,126308,126308 No Device Output,97790,97790 Imprecision,56546,56546 Premature End-of-Life Indicator,19566,19566 Device Displays Incorrect Message,18547,18547 Communication or Transmission Problem,11211,11211 Appropriate Term/Code Not Available,7786,7786 Detachment of Device or Device Component,4578,4578 Unintended Application Program Shut Down,3847,3847 Failure to Sense,3729,3729


Microsoft-Led Team Retracts Disputed Quantum-Computing Paper (WiReD)

Gabe Goldberg <gabe@gabegold.com>
Tue, 16 Mar 2021 16:29:10 -0400

The 2018 report in Nature claimed to have found evidence of an elusive subatomic particle. A review found that the group had omitted key data.

A Microsoft-led team of physicists has retracted a high-profile 2018 paper that the company touted as a key breakthrough in the creation of a practical quantum computer, a device that promises vast new computing power by tapping quantum mechanics.

The retracted paper came from a lab headed by Microsoft physicist Leo Kouwenhoven at Delft University of Technology in the Netherlands. It claimed to have found evidence of Majorana particles, long-theorized but never conclusively detected. The elusive entities are at the heart of Microsoft's approach to quantum computing hardware, which lags behind that of others such as IBM and Google. […]

Microsoft's Majorana mess adds a new chapter to the mythos of the particles, which are named after Italian theorist Ettore Majorana. He hypothesized in 1937 that subatomic particles should exist that are their own antiparticles but appeared to vanish early the next year after boarding a ship.

https://www.wired.com/story/microsoft-retracts-disputed-quantum-computing-paper/

Perhaps he encountered his anti-Ettore?


Twitter bug blocks the word ‘Memphis’ (CBS News)

David Tarabar <dtarabar@acm.org>
Mon, 15 Mar 2021 10:38:14 -0400

Twitter users who used the word Memphis found themselves temporarily locked out of their accounts over the weekend because of a bizarre bug. Reports of the bug emerged after some soccer fans noticed that posts mentioning Olympique Lyonnais player Memphis Depay were being blocked.

https://www.cbsnews.com/news/bizarre-twitter-bug-leads-to-lockouts-of-accounts-mentioning-memphis/


Re: Computers get Sundays off? (Shapir, RISKS-32.54)

“John Levine” <johnl@iecc.com>
13 Mar 2021 19:37:49 -0500
>The process could take up to 5 business days—not including weekends, of
>course.

Yup. The logistics of getting all of those checks back to the issuing bank was quite complex. One time in the 1970s I was on the last bus of the night from Boston going up to visit a friend in New Hampshire. It was a long trip because the bus stopped at every little bank branch along the way where the driver dropped a bag of canceled checks into the night deposit box. If a check was bad, it then had to take the reverse route back to the depositor's bank.

>Nowadays, you can deposit checks directly from your phone, anywhere, any
>time. It takes only a few seconds—and then you still have to wait for
>up to 5 business days, until the check is “cleared”.

Right, because the process of paying the check is still an electronic version of the paper one. It only takes a few seconds to send an image of the check to your bank, but finding out whether there is money to pay the check can take anywhere from zero if the check is on the same bank, to a couple of days if it's on a little bank on the other side of the country that only does one batch transaction with the clearinghouse a day, one day to receive your check, the next day to send back the bounce, and probably not until the day after that until your bank reverses it in your account. Banks usually give you access to funds before that if your account has been open for a while and you don't have a history of depositing bad checks, but the bank is still taking some risk that the money will turn out to be there.

As I said in a previous message, they're fixing this via the Fed's FedNow and private TCH which will do realtime payments and clearing, but it'll be a lot of work to get all those little banks the bus used to visit processing payments online in real time.


Re: Farms are going to need different kinds of robots (Stein, RISKS-32.54)

Thomas König <tk@tkoenig.net>
Sun, 14 Mar 2021 11:48:31 +0100
> Risk: ‘Precision farming’ practices reduce ecosystem genetic diversity,
 > promote pesticide resistance

There seems to be a misunderstanding here.

The point of precision farming is to use pesticides, fertilizers etc., only locally, when and where needed, instead of indiscriminately applying them to the whole field.

If successful, this will decrease pesticide resistance, thereby leading to less pesticide resistance than conventional methods.


Re: Voting Machine Hashcode Testing: Unsurprisingly insecure, and surprisingly, insecure (RISKS-32.53)

Erling Kristiansen <erling.kristiansen@xs4all.nl>
Mon, 15 Mar 2021 10:26:53 +0100
> Those optical scanners are pretty accurate when they haven't been hacked
>—even the ES&S DS200—and it's impractical to count all the ballots
> without them.

That's a matter of opinion.

The Dutch government abandoned any kind of voting machines several elections ago. Paper ballots are marked by pencil and votes are counted by hand. This works well and does not lead to excessive delays in publishing the result.

The ballot for the on-going election for Parliament is huge: 37 parties with a total of 1579 candidates.


Re: Confusing computer-interface complexity causes train crash (RISKS-32.53)

Mark Brader <msb@Vex.Net>
Sat, 13 Mar 2021 19:53:08 -0500 (EST)

I wrote:

| The train's previous code of 5D29 had expired when it got to Leeds, | and the driver should have changed it to 1D29 to go into the depot,

Should be the other way around, 1D29 is a main-line code.


Re: Too much choice is hurting America (Stein on NYTimes item)

Henry Baker <hbaker1@pipeline.com>
Mon, 15 Mar 2021 09:17:59 -0700

It's taken me a few days to settle on a truly appropriate response to Paul Krugman's Jeremiad on “Too Much Choice”, but I think I've arrived at an appropriate solution: Since Krugman is uncomfortable with so much choice, here's a few suggestions about how he can reduce his anxiety:

  1. Eat only one thing, just like dogs and cats do—same kibble every day.
  2. Stay at home all day, every day, because there's way too many places to see and visit. (Oops, that's our Covid world, but for Paul, we'll just make it permanent.)
  3. Wear the same clothing, every day. (Oops, still Covid!)
  4. Read only one book; the same book, day after day. (Oops, that's the realm of the religious right.)
  5. Reduce the number of channels on TV to three. (Heck, it worked for Paul when Paul was growing up.)
  6. Only use his landline phone; there are way too many apps available on smartphones. (Perhaps the reason people spend so much time looking at their smartphones is trying out all of those apps?)
  7. Only talk to people who already agree with you; there are way too many ideas in this world already. (Paul has this one nailed!!)
  8. Only listen to one piece of music, over and over again. Solieri (in Amadeus) was right: there's “too many notes”.
  9. Burn your Krugman/Wells “Economics” textbooks; “Samuelson” was already a perfectly good Econ101 textbook.
  10. I challenge Krugman to restrict himself to the 2000-word vocabulary of Basic English for his remaining NYTimes columns; those 50 cent words he uses are only “dog whistles” to the elites, anyway.

Eisenhower may have said it best: “If you want total security, go to prison. There you're fed, clothed, given medical care and so on. The only thing lacking is freedom [i.e., lack of choice].”


Re: Boeing 777 PW4000 engine problems (RISKS-32.54)

Richard Stein <rmstein@ieee.org>
Mon, 15 Mar 2021 05:01:56 +0800

Prof. Ladkin—Thank you for an exquisitely sagacious rebuttal to my equivalence of jet propulsion maintenance practice to that of auto service repair outcomes.

I acknowledge aviation history establishing air travel as the safest means of conveyance yet invented. This achievement credits the significant engineering, qualification, and rigorous maintenance practices applied per regulations to ensure reliable transportation.

These spectacular engine failure incidents temporarily weaken public trust. Identifying a root cause, and establishing a maintenance inspection interval that diminishes “blade throwing” incident recurrence will be essential to reestablish P&W brand reputation. Trust erosion negatively impacts both the P&W brand and the air transport industry.

When public trust is weakened by repeat product failures, despite best industrial practices and regulations designed to suppress such incidents, it arouses suspicions about practice reliability and the wisdom behind enforcement regulations.

The airworthiness directives (https://www.federalregister.gov/documents/2019/02/15/2019-02453/airworthiness-directives-pratt-and-whitney-division-pw-turbofan-engines, and https://www.faa.gov/news/media/attachments/Emergency AD Document AD-2021-00188-E.pdf) recommend a review of and revision to jet engine inspection frequency for metal fatigue using thermal acoustic imaging (TAI).

~128 engine pairs (256 engines) must be inspected @ $2K/engine per “Boeing 777 grounding explained visually: Pratt and Whitney engine failure involved in two incidents on same day” retrieved from https://www.usatoday.com/in-depth/travel/news/2021/02/22/boeing-777-grounding-engine-failure-pratt-and-whitney-united-flight-328-who-makes-the-engines/4541359001/. When a jet's not flying, it doesn't generate revenue.

Whether there is a design, qualification, or maintenance issue is immaterial to the flying public. They should not need a Ph.D. in mechanical engineering or metal fatigue expertise to determine whether or not it is “safe to fly” by personally reviewing TAI scans and maintenance records.

What is necessary, in my opinion, is for aviation propulsion suppliers to offer greater disclosure about the qualification and maintenance processes that facilitate airworthiness certification.

Perhaps the pilots, and fleet maintenance/safety personnel, might want to know the “chicken gun” qualification (see https://en.wikipedia.org/wiki/Chicken_gun), and volcanic dust/particulate material exposure results for each engine strapped into their aircraft? Should they be required to review and approve engine maintenance results as part of pre-flight checklist?

These tests are likely destructive, and certainly injurious, to the engine's compressors and ignition/thrust structures. Running them per engine maintenance cycle seems unwise.

How the P&W compressor inspection maintenance interval was established initially is not a matter for me to explore. It is probably fixed based on certain qualification measurements and other factors. There may be a “safety factor” multiplier eyeballed into the maintenance cycle frequency based on history or “best industry practice.”

I would be curious to know if commercial jet engine airworthiness qualification has been delegated under the FAA's self-certification program, or if the government retains exclusive authority.


Re: T-Mobile to Step Up Ad Targeting of Cellphone Customers (Goldberg, RISKS-32.54)

“Craig S. Cottingham” <craig@cottingham.net>
Mon, 15 Mar 2021 23:30:31 -0500
> How thoughtful, allowing opting out. I wonder how many clicks are required.

Seven, after logging in:

My account

  1. Profile
  2. Privacy and Notifications
  3. Advertising & Analytics
  4. (Choose the desired subscriber line)
  5. Turn “Use my data for analytics and reporting” off
  6. Turn “Use my data to make ads more relevant to me” off

Please report problems with the web pages to the maintainer

x
Top