Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Railroad companies have penalized workers for taking the time to make needed repairs and created a culture in which supervisors threaten and fire the very people hired to keep trains running safely. Regulators say they can’t stop this intimidation.
Bradley Haynes and his colleagues were the last chance Union Pacific had to stop an unsafe train from leaving one of its railyards. Skilled in spotting hidden dangers, the inspectors in Kansas City, Missouri, wrote up so-called “bad orders” to pull defective cars out of assembled trains and send them for repairs.
But on Sept. 18, 2019, the area’s director of maintenance, Andrew Letcher, scolded them for hampering the yard’s ability to move trains on time.
“We're a transportation company, right? We get paid to move freight. We don't get paid to work on cars,” he said.
https://www.propublica.org/article/railroad-safety-union-pacific-csx-bnsf-trains-freight
A Canadian search-and-rescue group said it had conducted two missions recently after hikers may have sought to follow a nonexistent trail on Google Maps
A search-and-rescue group in British Columbia advised hikers to use a paper map and compass instead of street map programs after it said two hikers had been rescued by helicopter after likely following a trail that did not exist but that appeared on Google Maps.
The group, North Shore Rescue, said on Facebook that on 6 Nov 2023 Google Maps had removed the nonexistent trail, which was in a very steep area with cliffs north of Mount Fromme, which overlooks Vancouver.
https://www.nytimes.com/2023/11/12/world/canada/google-maps-trail-british-columbia.html
Having put of buying a ‘smart car’ for as long as possible I am now the proud (?) owner of a SEAT Arona. The instruction manual is long and detailed but one statement does not inspire confidence:
> As with most state-of-the-art computer and electronic equipment, in > certain cases the system may need to be rebooted to make sure that it > operates correctly.
This statement should shame all software engineers!
https://www.businessinsider.com/ai-chatbots-less-toxic-social-networks-twitter-simulation-2023-11
Tim Wu, The New York Times, 12 Nov 2023
If the government acts prematurely on this evolving technology, it could fail to prevent concrete harm.
Final para: The existence of actual social harm has long been a touchstone of legitimate state action. But that point cuts both ways: The state should proceed cautiously in the absence of harm, but it also has duty, given evidence of harm, to take action. By that measure, with AI we are at risk of doing too much and too little at the same time.
https://www.medpagetoday.com/special-reports/features/107247
A free monthly newsletter providing summaries, analyses, and commentaries on security: computer and otherwise.
** TEN WAYS AI WILL CHANGE DEMOCRACY
[2023.11.13] [https://www.schneier.com/blog/archives/2023/11/ten-ways-ai-will-change-democrac y.html] Artificial intelligence will change so many aspects of society, largely in ways that we cannot conceive of yet. Democracy, and the systems of governance that surround it, will be no exception. In this short essay, I want to move beyond the AI-generated disinformation trope and speculate on some of the ways AI will change how democracy functions—in both large and small ways.
When I survey how artificial intelligence might upend different aspects of modern society, democracy included, I look at four different dimensions of change: speed, scale, scope, and sophistication. Look for places where changes in degree result in changes of kind. Those are where the societal upheavals will happen.
Some items on my list are still speculative, but none require science-fictional levels of technological advance. And we can see the first stages of many of them today. When reading about the successes and failures of AI systems, it's important to differentiate between the fundamental limitations of AI as a technology, and the practical limitations of AI systems in the fall of 2023. Advances are happening quickly, and the impossible is becoming the routine. We don't know how long this will continue, but my bet is on continued major technological advances in the coming years. Which means it's going to be a wild ride.
So, here's my list:
1. AI as educator. We are already seeing AI serving the role of teacher. It's much more effective for a student to learn a topic from an interactive AI chatbot than from a textbook. This has applications for democracy. We can imagine chatbots teaching citizens about different issues, such as climate change or tax policy. We can imagine candidates modern society, democracy included, I look at four different dimensions of change: speed, scale, scope, and sophistication. Look for places where changes in degree result in changes of kind. Those are where the societal upheavals will happen.
Some items on my list are still speculative, but none require science-fictional levels of technological advance. And we can see the first stages of many of them today. When reading about the successes and failures of AI systems, it's important to differentiate between the fundamental limitations of AI as a technology, and the practical limitations of AI systems in the fall of 2023. Advances are happening quickly, and the impossible is becoming the routine. We don't know how long this will continue, but my bet is on continued major technological advances in the coming years. Which means it's going to be a wild ride.
So, here's my list:
When I teach AI policy at HKS, I stress the importance of separating the specific AI chatbot technologies in November of 2023 with AI's technological possibilities in general. Some of the items on my list will soon be possible; others will remain fiction for many years. Similarly, our acceptance of these technologies will change. Items on that list that we would never accept today might feel routine in a few years. A judgeless courtroom seems crazy today, but so did a driverless car a few years ago. Don't underestimate our ability to normalize new technologies. My bet is that we're in for a wild ride.
This essay previously appeared on the Harvard Kennedy School Ash Center's website: https://ash.harvard.edu/ten-ways-ai-will-change-democracy
A wave of regulation and industry action has placed the flourishing fake review business on notice. But experts say the problem may be insurmountable.
https://www.nytimes.com/2023/11/13/technology/fake-reviews-crackdown.html
https://techcrunch.com/2023/11/17/greg-brockman-quits-openai-after-abrupt-firing-of-sam-altman/
The name is obviously intended to capitalize on the recent interest in generative/large language model artificial intelligence. Equally obviously, some AI is involved, as long as you allow your definition of AI to extend to mere speech-to-text capability.
Humane's AI Pin is a smartphone. With no screen. Attaching to your clothing with a magnet, it can make calls, take pictures, access the Internet, and even at need, project text (presumably later it will do images) onto surfaces using lasers.
In one sense, this is what I always figured that smartphones would become. It is styled as a “smart assistant.” If you have a human assistant, you give them orders verbally, you don't type out commands. (Unless you're sending them texts …)
Vera Bergengruen, Time, 14 Nov 2023
U.S. facial recognition company Clearview AI has become Ukraine's “secret weapon” in its war against Russia. More than 1,500 officials across 18 Ukrainian government agencies are using its technology, which has helped them identify more than 230,000 Russian soldiers and officials who have participated in the Russian invasion. Ukraine also relies on the company to assist with other tasks, including processing citizens who lost their identification and locating abducted Ukrainian children. Ukraine has run at least 350,000 searches of Clearview's database in the 20 months since the outbreak of the war. Said Clearview AI CEO Hoan Ton-That, “Using facial recognition in war zones is something that's going to save lives.”
Dan Goodin, Ars Technica, 13 Nov 2023, via ACM Tech News
Researchers at the University of California, San Diego (UCSD) demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic is vulnerable, and were able to calculate the private portion of almost 200 unique SSH keys they observed in public Internet scans. The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are establishing a connection. It affects only keys using the RSA cryptographic algorithm, which the researchers found in roughly a third of the SSH signatures they examined, translating to about 1 billion signatures, about one in a million of which exposed the private key of the host. Said UCSD's Keegan Ryan, “Our research reiterates the importance of defense in depth in cryptographic implementations and illustrates the need for protocol designs that are more robust against computational errors.”
https://blog.syss.com/posts/hacking-usb-flash-drives-part-2/
https://www.cbc.ca/news/health/smartphone-brain-nov14-1.7029406
Kids who spend hours on their phones scrolling through social media are showing more aggression, depression and anxiety, say Canadian researchers.
Emma Duerden holds the Canada Research Chair in neuroscience and learning disorders at Western University, where she uses brain imaging to study the impact of social media use on children's brains.
She and others found that screen time has fallen just slightly from the record 13 hours a day some Canadian parents reported for six- to 12-year-olds in the early months of the COVID-19 pandemic.
“We're seeing lots of these effects. Children are reporting high levels of depression and anxiety or aggression. It really is a thing.”
https://krebsonsecurity.com/2023/11/its-still-easy-for-anyone-to-become-you-at-experian/
https://www.cbc.ca/radio/spark/cyberattacks-ransomware-paying-ransom-crime-1.7030579
When the town of St. Marys, Ont., fell victim to a cyberattack last year, lawyers advised the municipality to pay a ransom of $290,000 in cryptocurrency.
The decision was made after an analysis by firms specializing in cybersecurity. Al Strathdee, mayor of the southwestern Ontario town of about 7,000 residents, said the potential risk to people's data was too high not to pay up.
[Note: This was previously reported as ransomware. Now they just say that no ransom has been paid.]
The Toronto Public Library reported a cyber-attack on October 28, and later said that “a large number of files” were stolen, including personal information of library staff. While they're working on the problem, the library's web site is down. (You get forwarded to an information page currently at: https://torontopubliclibrary.typepad.com/tpl_maintenance/toronto-public-library-website-maintenance.html)
The public computers and printers at all 100 library branches are also down. All this means that you (meaning me) can't request a book be held for you, and you also can't search the electric catalog that replaced the old card catalogs.
See also: http://www.cbc.ca/news/any-1.7028982
It says here http://www.cbc.ca/news/any-1.7028730 that people who post car-for-sale ads are being sought by scammers. The seller gets what appears to be an offer, but it requests the seller use a specific source to provide the vehicle's history — a source that's actually phishing for credit-card information.
[…] We show how an attacker can induce Safari to render an arbitrary webpage, subsequently recovering sensitive information present within it using speculative execution. In particular, we demonstrate how Safari allows a malicious webpage to recover secrets from popular high-value targets, such as Gmail inbox content. Finally, we demonstrate the recovery of passwords, in case these are autofilled by credential managers.
Virtually all modern CPUs use a performance optimization where they predict if a branch instruction will be taken or not, should the outcome not be readily available. Once a prediction is made, the CPU will execute instructions along the prediction, a process called speculative execution. If the CPU realizes it had mispredicted, it must revert all changes in the state it performed after the prediction. Both desktop and mobile CPUs exhibit this behavior, regardless of manufacturer (such as Apple, AMD, or Intel).
A Spectre attack coerces the CPU into speculatively executing the wrong flow of instructions. If this wrong flow has instructions depending on sensitive data, their value can be inferred through a side channel even after the CPU realizes the mistake and reverts its changes.
We disclosed our results to Apple on September 12, 2022 (408 days before public release).
https://www.theverge.com/2023/11/16/23964379/apple-iphone-digital-key-uwb-ccc-fira-working-group
https://arstechnica.com/?p=1984512
www.newyorker.com
James Somers, a professional coder, writes about the astonishing scripting skills of A.I. chatbots like GPT-4 and considers the future of a once exalted craft.
https://www.newyorker.com/magazine/2023/11/20/a-coder-considers-the-waning-days-of-the-craft
I really disagree with some of what the writer says about programming/coding.
“What I learned was that programming is not really about knowledge or skill but simply about patience, or maybe obsession.”
Almost certainly he got that attitude because he started, from no experience, with the worst possible programming language, Visual C++. There's no way anyone should begin learning how to code with any C++ variant. Those of us who started with Basic (or even FORTRAN, in my case) ended up doing better. Not to mention Logo.
CBS News, 09 Nov 2023
An industrial robot crushed a worker to death at a vegetable packaging factory in South Korea's southern county of Goseong. According to police, the victim was grabbed and pressed against a conveyor belt by the machine's robotic arms. The machine was equipped with sensors designed to identify boxes. “It wasn't an advanced, artificial intelligence-powered robot, but a machine that simply picks up boxes and puts them on pallets,” said Kang Jin-gi at Goseong Police Station. According to another police official, security camera footage showed the man had moved near the robot with a box in his hands, which could have triggered the machine's reaction. Similar incidents have happened in South Korea before.
It depends on your perspective—there is actually a good use case for it.
You may argue that this will eventually be a thing of the past, but changing gear manually is very prevalent in Europe. I would posit that this may have something to do with the difference in fuel prices as manual cars are (or used to be) more economical to drive, but a side effect is that this also results in driving license exemptions—when you have learned to drive with an automatic you are not allowed to drive a manual car, in some countries for a few years, in some you even have to pass a separate exam.
Learning to drive with a manual car qualifies you for both, and this presently creates a conundrum for driving schools: in order to teach someone to drive with a manual car, they are effectively legally required to use an ICE vehicle as EVs tend to be automatic - until now.
If Toyota's “fake transmission” is realistic enough to mimic ICE behaviour to be ratified as a viable alternative, it could offer an EV stopgap until manual vehicles are rare enough for the demand to disappear.
[From that perspective, it's not a game or gadget, but a useful simulator.]
[Martin Ward responds:
That's an ingenious example that I hadn't thought of! It would make for a pretty expensive learner car. MW]
New update: https://www.cbc.ca/news/canada/windsor/anykey-1.7031544
Please report problems with the web pages to the maintainer