Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Instead of deleting genes, epigenetic editing modulates their activity. A new paper tests if it's able to undo a genetic effect of early alcohol exposure. Yet, as with directly editing genes, there could be unintended consequences of tweaking their expression. Because Arc is a regulator gene involved in brain plasticity, modifying its expression could have effects beyond alcohol addiction. "We don't know what other behaviors are altered by this change," says Betsy Ferguson, a professor of genetics at Oregon Health and Science University who studies epigenetic mechanisms in addiction and other psychiatric disorders. "It's a balance between finding something that's effective and something that's not disruptive to everyday life." Another complicating factor is that the expression of dozens, perhaps hundreds, of genes are altered by alcohol use over time. In people, it may not be as simple as turning up the expression of Arc, which is only one of them. While it may seem like the solution would be to tweak all of those genes, manipulating the expression of many at once could cause problems. "Knowing that behaviors, including alcohol use behaviors, are regulated by a number of genes, it's really a challenging problem to solve," Ferguson says. https://www.wired.com/story/a-new-kind-of-genome-editing-is-here-to-fine-tune-dna
Michael Liedtke, Associated Press, 3 Jun 2022, via ACM TechNews, 6 Jun 2022 The California Public Utilities Commission unanimously approved General Motors' Cruise's bid to offer a driverless ride-hailing service in San Francisco. The robotic taxi service will begin with a fleet of 30 electric vehicles accepting passengers from 10 p.m. to 6 a.m. in less-congested areas of the city, giving regulators the opportunity to assess the technology before allowing expanded service. The driverless service will not operate in heavy rain or fog, restrictions imposed to reduce the potential for property damage, injuries, or deaths. Cruise's Gil West said the approval is "a giant leap for our mission here at Cruise to save lives, help save the planet, and save people time and money." https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2ebdfx234351x069235&
This is an important article, because it helps to crystalize the complexity of these policy decisions. I think that this part is particularly noteworthy, and I agree with it 100%: But some Internet governance experts argue Google's choice to keep services running in the country may have more of a moral imperative than a business one. "I think the moral side is a bigger deal," said Daphne Keller, director of the program on platform regulation at Stanford University's Cyber Policy Center. "Keeping information flowing to dissidents in Russia, or people who want information from a source other than state media, is incredibly important." https://www.cnn.com/2022/06/03/tech/google-russia-youtube/index.html
https://blog.google/technology/safety-security/advancing-security-across-central-and-eastern-europe/
It's ironic, sad, and scary that after Google has spent so many years building world class systems to protect the security of users, politicians are so anxious to throw it all away and put users at massive risk, mostly for their own ulterior political motives.
In myth, the cryptocurrency is decentralized and anonymous. Data scientists find a different reality. *The New York Times* Science Times National Edition front page, continued on the entire page D5. In my printed hardcopy, the black ink on the front page is imprinted on a mysteriously dark green background with extremely dark borders. This makes it *really hard to read*. BTW, The "and Data Privacy" appears only as the title of the continuation page D5, not on the front page. There is a self-standing quote from Alyssa Blackburn (Rice University): "Drip by drip. information leakage erodes the once-impenetrable blocks." The caption of a photo of Alyssa and Erez Lieberman Aiden says they tested Bitcoin's identity protections and claims of decentralization. [and found to the contrary]... PGN
In myth, the cryptocurrency is egalitarian, decentralized and all but anonymous. The reality is very different, scientists have found. https://www.nytimes.com/2022/06/06/science/bitcoin-nakamoto-blackburn-crypto.html
Plus: The U.S. admits to cyber operations supporting Ukraine, SCOTUS investigates its own, and a Michael Flynn surveillance mystery is solved. https://www.wired.com/story/google-photos-settlement-us-ukraine-hacks-michael-flynn-unmasking
I feel that much of the increasing animosity against Big Tech, fueling the ulterior motives of some notable critics, is that social media and other Big Tech firms have been deficient for many years, even decades, at educating the public about the realities of these systems.
Even before May's layoffs, industry veterans warned that taking out loans to buy company stock was a mistake. "It's a significant risk that I don't think most employees can afford," says Oren Barzilai, the cofounder and CEO of Equity Bee, a platform that helps startup employees exercise their stock options. "If the company fails—and obviously, many startups fail—they would need to pay out of pocket to pay back that loan." https://www.wired.com/story/bolt-stock-loans Ya think?
Lily Hay Newman, *WiReD*, 3 Jun 2022, via ACM TechNews, 6 Jun 2022 A zero-day flaw in Microsoft's Support Diagnostic Tool that researchers said could be exploited to remotely hijack targeted devices remains unpatched. Hackers can pass malicious Word documents through the Follina vulnerability using a remote template that retrieves a malicious HTML file and enables execution of Powershell commands within Windows. Tom Hegel at security company SentinelOne said, "After public knowledge of the exploit grew, we began seeing an immediate response from a variety of attackers beginning to use it." Hackers have been seen exploiting Follina through malicious documents, but Hegel warned less-documented exploits, including manipulating HTML content in network traffic, also remain unpatched. Microsoft proposed disabling a protocol within Support Diagnostic Tool and using Microsoft Defender Antivirus to monitor for and block the flaw's exploitation; incident responders are urging more action. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2ebdfx234353x069235&
Lucas Ropek, Gizmodo, 2 Jun 2022, via ACM TechNews, 6 Jun 2022 Reno, NV, has launched a blockchain-based program for storing records in order to improve "clarity and transparency" in record-keeping. The Web portal will let residents more easily engage with the city's government, and the site records interactions using blockchain software. The platform initially will be used to enhance access to Reno's Historic Registry records system, so users can file requests for repairs or modifications to historic buildings; the portal will record and validate the requests, along with the government's responses. The program is built on the STRATO application from the BlockApps software company. The city said in a press release that STRATO is "purpose-built for permanent record-keeping and is not a significant source of energy usage or greenhouse gas emissions." https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2ebdfx234352x069235&
Useful reading before Post talk: https://www.washingtonpost.com/business/2022/06/03/crypto-skeptics-growing/ https://www.washingtonpost.com/technology/2022/05/29/molly-white-crypto/ Interested in digital currency? this program from WaPo looks at the regulation of bitcoins: The Evolution of Money:orypto Currency Regulation. https://cryptojune8livestream.splashthat.com/?utm_medium=email&utm_source=retention&utm_campaign=wp_pw_ret_WPLive_060522&wpisrc=pw_ret_WPLive_060522 https://foxtrot.com/2022/06/05/when-life-gives-you-lemon-jpegs/
Chipotle is using a platform called Flexa, which is connected in some unclear manner to the Gemini crypto-exchange. You put your cryptos into your Flexa wallet, which is called Spedn—a registered typo-mark, in the finest dot-com manner. Then you use the Spedn app on your phone to generate a "flexcode" barcode, which presents to Chipotle as a gift card. Then they hand you a burrito! Flexa sells the crypto, and sends the dollars to Chipotle. You're topping up a prepaid gift card with crypto. If you put your cryptos into Flexa, you can't ever take them out again. This is for (checks Crypto Excuse Calendar) anti-money-laundering. But Flexa is sure they'll work out how to let you get your money out in some non-burrito form within the next (rolls dice) several months. [Flexa] https://davidgerard.co.uk/blockchain/2022/06/05/its-still-2014-in-crypto-payments-and-buying-a-burrito-is-now-a-taxable-event/
Stuart Russell Banning Lethal Autonomous Weapons: An Education Issues in Science and Technology (Spring 2022) https://issues.org/banning-lethal-autonomous-weapons-stuart-russell/ Lethal autonomous weapons systems-commonly but misleadingly known as "killer robots" are weapons systems that, once activated, can attack objects and people without further human intervention. With more than a dozen nations working to develop highly capable versions of them for use in the air, at sea, and on land, these weapons are not science fiction: they exist now, and they are already being used in some current conflicts. Since 2014, the United Nations has held discussions around a treaty to ban autonomous weapons systems (AWS). So far, in addition to the UN secretary-general and the International Committee of the Red Cross, 30 countries have declared support for such a treaty. But the United States and Russia have combined forces to prevent any discussion of a legally binding instrument. Instead, in 2021 the United States called for a "non-binding code of conduct." My involvement in the AWS policy discussion began in February 2013 when a puzzling email arrived from Human Rights Watch (HRW). I have studied artificial intelligence (AI) topics for 45 years and spent more than a decade working on verification for the Comprehensive Nuclear-Test-Ban Treaty. And I have been a member of HRW's Northern California committee for some time. For more than four decades, the organization had investigated atrocities around the world-atrocities committed by humans. [...] [PGN-truncated. However, this is really worth reading in its entirety. It raises and discusses many of our RISKS issues, especially with respect to autonomous AI. PGN]
Bruce Schneier, April 2021 https://www.belfercenter.org/publication/coming-ai-hackers Workshop on Security and Human Behaviour (SHB 2022), 30-31 May, Cambridge UK.
https://www.protocol.com/policy/axon-taser-drone-ethics
https://www.vice.com/en/article/88q4gk/axon-halts-plans-to-sell-flying-taser-drones-to-schools
The documents provide new clarity about a much-talked-about but until now opaque process Amazon uses to punish associates it believes are wasting time. https://www.vice.com/en/article/5dgn73/internal-documents-show-amazons-dystopian-system-for-tracking-workers-every-minute-of-their-shifts
Voice recognition—and data collection—have boomed in recent years. Researchers are figuring out how to protect your privacy. https://www.wired.com/story/voice-recognition-privacy-speech-changer/
[I am rerunning this item its entirety. Due to an emacs deletion
fiasco that was caught too late to back up, this item got accidentally
truncated when i manually had to recapture what had been lost. Sorry.
See our previous items on Log4j in RISKS-33.11, 13, and 14. PGN]
After the Log4j issue came to light
<https://www.cisa.gov/uscert/apache-log4j-vulnerability-guidance>, I would
have expected the industry to realize the problem wasn't just with Log4j, or
even Java. It's unguarded user submitted parameter expansion.
https://thehackernews.com/2022/06/hackers-exploiting-unpatched-critical.html
Seems to indicate I was overly optimistic.
Several templating engines exist with several parameter formats. Offhand,
there is jsp with <jsp, <%, <c, ${, asp(x) with <%, smarty and freemarker
with {$, Django, Mustache and Jinja with {{.
Apache's Velocity templates have a list worthy of a BNF rule, but I don't
know BNF, so how about "dollar-sign or hash optional bang optional bracket
optional sq-bracket optional paren optional text".
Your application should be sanitizing all user input, but if your framework
won't, start adding blocks to your WAF for parameter wrappers. This is only
going to get worse.
Also, I am not Dijkstra. A grain of salt may be needed here.
Two new books examine how social media traps users in a brutal race to the bottom. https://www.newyorker.com/culture/infinite-scroll/how-the-internet-turned-us-into-content-machines
This is yet another instance that violates a basic principle of mine: A government should not make a law that is at cross-purposes with itself. "Sin" taxes on things like tobacco, alcohol and sugary drinks are common examples of the same thing. You cannot attempt to reduce or eliminate a practice while at the same time benefiting from infractions of that practice. That produces a conflict of interest with the inevitable result of hoping more people will violate the law in order to keep the funds flowing from the source. A common rationalization is that society benefits either way:either fewer people die or there's more money for education. But ultimately one result wins out over the other; you don't get both. It's better if the revenues are earmarked for something that won't be needed if the practice being discouraged gets reduced. For example, tobacco tax revenue can be restricted to funding anti-smoking programs. But we've seen too often how municipalities fund basic services through speed traps, not to mention the Constitutional questions of being charged in absentia et al.
Please report problems with the web pages to the maintainer