Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
The Ukraine war has shown the fragility of Japan's energy supplies. But the decision to restart plants after the Fukushima disaster is fraught with emotions and political calculation. https://www.nytimes.com/2022/05/04/world/asia/japan-nuclear-power.html The risk? No perfect solutions.
War is terrible. But it has often played a pivotal role in advancing technology. And Russia's invasion of Ukraine is shaping up to be a key proving ground for artificial intelligence, for ill and, perhaps in a few instances, for good, too. Civil society groups and AI researchers have been increasingly alarmed in recent years about the advent of lethal autonomous weapons systems -- AI-enabled weapons with the ability to select targets and kill people without human oversight. This has led to a concerted effort at the United Nations to try to ban or at least restrict the use of such systems. But those talks have so far not resulted in much progress. https://fortune.com/2022/03/01/russia-ukraine-invasion-war-a-i-artificial-intelligence/
Serge Schmemann, *The New York Times*, lead op-ed, 6 May 2022 If the first casualty of war is truth, then the corollary in Ukraine is that information is the first battlefield. On the battlefield, lies are ammunition in Putin's struggle to stay in power. [Pithy article. I first mistyped it as *babblefield*. That somewho seems appropriate. PGN]
... puncturing the myth of Moscow's unassailable cyber-superiority [Thanks to Richard Thieme. PGN] Prolific Russian ransomware groups had pledged to step up attacks on American infrastructure if Russian technology was hobbled in retribution for the invasion of Ukraine. But in the third month of the war, Russia, not the United States, is dealing with a cyber-assault involving government activity, political voluntarism and criminal action. <https://s2.washingtonpost.com/36b9790/>
Dan Goodin, *Ars Technica*, 26 Apr 2022, via ACM TechNews; 29 Apr 2022 Microsoft discovered an elevation of privileges flaw in Linux incorporating two vulnerabilities that can grant root system rights to untrusted users. The Nimbuspwn exploit, which Microsoft calls "the EoP threat," resides in the networkd-dispatcher, a component in many Linux distributions that dispatches network status changes and can process various scripts to respond to a new status. Networkd-dispatcher runs as root when a desktop boots up, and the flaws blend threats including directory traversal, symlink race, and time-of-check time-of-use race condition, permitting hackers with minimal access to a desktop to link exploits for these vulnerabilities and gain full root access. The flaw has been patched, and users of vulnerable versions of Linux are advised to implement the patch as soon as possible. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e86bx23379bx073897&
Matthew Sparkes, *New Scientist*, 26 Apr 2022 via ACM TechNews, 2 May 2022 Ergin Dinc and colleagues at the U.K.'s University of Cambridge claim copper telephone wire already deployed across Britain can carry data at rates three times higher than fiber-optic cable at much less cost, over short distances. The researchers say twisted pairs of copper wire can bear a frequency five times higher than is currently employed, which may enable houses near fiber-optic cables to realize higher speeds than currently possible, without threading fiber all the way to their homes. In addition, the researchers learned that copper broadband connections' operating frequency of less than 1 gigahertz can theoretically be increased to 5 gigahertz through the use of an electrical device called a balun. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e891x233851x071263&
D. Amoroso, D. Garcia, and G. Tamburrini - Science & Diplomacy An interesting article on autonomous weapons https://www.sciencediplomacy.org/article/2022/weapon-mistook-school-bus-for-ostrich [de BUStigus NON DISPUTANDUM oESTrich? PGN]
Konrad Putzier, *The Wall Street Journal*, 03 May 2022 Smart office buildings in the U.S. raise concerns about privacy and cybersecurity. Cybersecurity consultants warn that building managers devote little attention to digital security, and the interconnection of smart building systems means accessing a single Internet-connected door can potentially enable hijacking, extortion, or data theft. Lucian Niemeyer at smart-building safety nonprofit Building Cyber Security worries that more criminals will target smart buildings as protections for mobile phones and databases are strengthened. Said Dave Tyson of cybersecurity company Apollo Information Systems Corp., "The bad guys only need to find one way in, and whatever you've connected to is now on the table." https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e8e7x23395bx071938&
The 96 Internet service providers were told to enforce the orders. "by any technological means available". https://www.wired.com/story/streaming-services-piracy-blocked-isps-united-states
Chris Stokel-Walker, *MIT Technology Review*, 27 Apr 2022, via ACM TechNews, via 6 May 2022 Elon Musk's announced plans for the Twitter social network include open-sourcing its algorithms, which experts say would do little to boost transparency without access to their training data. Said Jennifer Cobbe of the U.K.'s University of Cambridge, "Most of the time when people talk about algorithmic accountability these days, we recognize that the algorithms themselves aren't necessarily what we want to see--what we really want is information about how they were developed." There also are concerns open-sourcing Twitter's algorithms would enable bad actors to identify vulnerabilities to exploit and could make it more difficult to defeat spam bots. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2e929x2339f9x071309&
[Note: This item comes from friend Mike Nelson. DLH] Brian Fung, CNN, 28 Apr 2022 <https://www.cnn.com/2022/04/28/tech/elon-musk-authenticate-all-real-humans/iundex.html> Elon Musk wants to 'authenticate all real humans' on Twitter. Here's what that could mean: As the public combs through Elon Musk's Twitter (TWTR) feed for clues on how the billionaire entrepreneur intends to run the social media platform he's buying for $44 billion, one mysterious line stands out: "authenticate all real humans." That cryptic proposal is vague enough to keep people guessing about what Musk has in mind but specific enough that it offers several possible paths as he looks to shape Twitter more to his liking. For example, Musk could seek to require real names on accounts. Or perhaps he may continue to allow pseudonyms but require photo identification, or integration with third-party services where users are already known. Depending on the outcome, the plan could have big ramifications for Twitter's hundreds of millions of users. Musk's drive to "authenticate" Twitter users stems from one of his biggest pet peeves with the platform's spam accounts, particularly those that push cryptocurrency scams. It's often not hard to find these accounts lurking in the replies to Musk's tweets; many even attempt to trade on his celebrity and lure the unsuspecting by impersonating him. It didn't help that in the summer of 2020, Musk's verified account was affected by a widespread Twitter hack that led to users including former President Barack Obama and Kanye West unwittingly spreading a bitcoin scam. Cryptocurrency spam bots, Musk has said, represent Twitter's “single most annoying problem.'' Musk's diagnosis may reflect the experiences of a very particular type of user, but it so happens that this user will soon control the design of the platform. As part of his solution for battling cryptocurrency bots, Musk wants to make it easier to separate real from fake accounts under his proposal to “authenticate all real humans.'' If the goal is to ensure that every account is tied to a flesh-and-blood person, the platform will need some way to verify they are real. One possibility is an expansion of Twitter's existing verification program. Currently, to receive a blue check on their accounts, users have to supply a link to an official website that they're affiliated with, an official email address or a government-issued form of identification. Musk could stop short of requiring identification but require that users use their real names. He could explore other methods too, such as linking accounts to credit cards or relying more on CAPTCHAs to defeat bots, said Jillian York, director for international freedom of expression at the digital rights group Electronic Frontier Foundation. (CAPTCHAs aren't a cure-all, however; as bots have grown more sophisticated, CAPTCHAs have had to become more and more difficult for humans to solve in what could be described as a technological arms race.) Whatever method he chooses, York and other experts said Musk is likely to run into challenges that fall into two main categories: access and privacy. Access is about ensuring that all people who wish to use Twitter can get on the platform. With a system that ties accounts to credit cards, for example, York said Twitter would risk excluding all those who don't have them. Maybe they're too young to have a credit card or they have poor credit and can't get approved. Maybe they don't like having their credit card transactions traded to data brokers or they just prefer using cash for cultural reasons. Tying authentication to consumer credit would "exclude millions of people," said York. Then there's the issue of privacy. While many users may feel they have nothing to hide, a system that forces users to submit their personally identifiable information creates a single point of failure. Not only would more users have to trust Twitter not to abuse their personal information, but Twitter itself would become a much larger target for repressive governments (who could use legal demands to compel Twitter to hand over the information) or cybercriminals motivated by identity theft. Cybercriminals have even reportedly posed as real law enforcement agents to serve fraudulent government requests for tech company data. Twitter could promise to delete the records, but it would merely be mitigating a risk it created for itself. The privacy issue is particularly worrisome to human rights groups, said Natalia Krapiva, an attorney at the digital rights group Access Now, "especially for people in countries like Russia and others where individuals get severely persecuted for criticizing the government or covering important political events like the protests, corruption, or the war in Ukraine.'' Even a real-names policy could prove challenging. Facebook has some experience with this; the company was forced to make changes to its names policy in 2015 after critics pointed out that abuse victims and other vulnerable groups had good reasons to use pseudonyms. The changes at Facebook raised the bar for reporting a fake name and allowed users to provide reasons to the company why they avoid using their real names.
Many people expected the Biden administration to end a Trump-era policy. Instead, the administration is expanding it. https://www.washingtonpost.com/outlook/2022/04/26/social-media-surveillance-us-visas-state/
Seems that some social networks try to guess where you are based on things other than geolocation, so if you're using a VPN it might not get the right location. My daughter told me that ProtonVPN is started reporting that she's in Russia (the VPN endpoint is actually in the Netherlands). Seems that this is a Known Problem: https://www.reddit.com/r/ProtonVPN/comments/uchwzr/fastest_profile_sent_me_to_russia/ As a moderator described it (I have no idea if this is accurate, but it seems plausible): No, your IP is not changing. The problem is, that often instead of using GeoIP services, social media companies with lots of big data (like facebook, instagram, and google) use location on cell devices to match IPs to locations. Currently, there are a lot of Russian users on ProtonVPN servers hence causing this issue. This has been discussed as example in those threads: https://www.reddit.com/r/ProtonVPN/comments/tfoko3/anyone_else_getting_this_on_instagram_i_am_on_a/ https://www.reddit.com/r/ProtonVPN/comments/tuj9ne/always_connects_to_russia/
https://techxplore.com/news/2022-04-product-human.html "Review writing is challenging for humans and computers, in part, because of the overwhelming number of distinct products," said Keith Carlson, a doctoral research fellow at the Tuck School of Business. "We wanted to see how artificial intelligence can be used to help people that produce and use these reviews." One means to prevent AI-hype from self-reinforced review feedback, would be to introduce product test plans, test results, and defect tracking metrics into the review. Assuming the test and defect content is not faked, then real metrics exist for comparison and contrast with equivalent product feature sets. Interpreting test plan content for context presents a modest problem to surmount.
The cry of the cryptocurrency evangelist is: “you just don't understand the technology.'' When you ask them a technical question, you discover that 100% of crypto bros who say you just don't understand the technology, don't understand any technology. https://davidgerard.co.uk/blockchain/2022/04/26/news-sam-bankman-fried-on-defi-ponzinomics-grayscale-etf-comments-binance-and-russia-el-salvador/
The Tale of a Crypto Executive Who Wasn’t Who He Said He Was The chief operating officer of ZenLedger, a software company, boasted of work for Goldman Sachs and Larry King. Did anyone check to see if it was true? https://www.nytimes.com/2022/05/03/your-money/zenledger-dan-hannum.html Someone scamming a cryptocurrency company, I'm shocked.
[Warning: As usual, "crypto" does not mean cryptography. PGN] https://www.nytimes.com/2022/05/05/opinion/crypto-nfts-web3.html OpenSea, the world's hottest NFT startup, gained 500,000 users in 1 year. Its founders went from broke to billionaires in that same time. Now they're struggling to keep it from going off the rails. https://fortune.com/longform/opensea-nfts-eth-ethereum-crypto-marketplace-founders/ He became as rich as Mark Zuckerberg virtually overnight. How Binance founder Zhao became a $74 billion man while moving fast-breaking things in crypto. Binance handled $34.1 trillion in trading last year, even while wrangling with regulators. https://fortune.com/longform/binance-changpeng-cz-zhao-net-worth-crypto-exchange-trading/ Why OpenSea's NFT Marketplace Can't Win. Security issues and endless copycat listings are rife, but the platform's attempt to stop them is angering everyone. https://www.wired.com/story/opensea-nfts-twitter/ The fun never stops...
... following a push by users worried about the climate impact of mining and the foundation's reputation. The foundation had accepted donations in bitcoin, bitcoin cash and ether since 2014. [Noted in mulptiple URLs. PGN]
Blockchain is unlikely to move to Proof of Stake simply because Proof of Stake is nonsense at a fundamental level. The idea behind Proof of Stake is simple enough. If the group running a blockchain has sufficient stake in it, they can be trusted to run it carefully and without fraud, because to do otherwise will destroy their own stake. The problem with this idea is that it is completely wrong. Centuries of business history have shown that proof of stake doesn't protect against either fraud or failure. Every single business failure has been controlled by management satisfying the proof of stake test. Some of them failed, of course, because of technology or economic change, but many failed because of management hubris, greed, foolishness, or simply not being good enough. Proof of stake is absolutely no protection against failure due to these reasons. Proof of Stake's protection against fraud is even worse. A fraud depends on controlling the organisation; that is, satisfying the proof of stake test. The control is critical to hiding what the fraudsters are doing. In particular, note that a fraudster is not concerned with how much money is left on the table (usually a purely notional stake), but in how much they can skim off into their pocket along the way or at the end. It should also be noted that business history has shown that many frauds start off as business failures in which the owners slip into fraud in a desperate attempt to avoid losing their stake. The most illuminating aspect of Proof of Stake is that it shows that many blockchain technologists/boosters are entirely innocent of any knowledge of business, or, at least, the history of business failures and frauds. And yet they feel confident to design and promote systems that are intended to protect against failures and frauds.
Bitcoin can be made to go green by action at nation-state level. It is super-easy to detect a mining operation by the flows of energy if not by the major infrastructure. The Chinese managed it.
Please report problems with the web pages to the maintainer