Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
*If Toyota's cars can't keep their tires on, what good is its $35 billion EV pledge?* The world's biggest car company, Toyota Motor Corp., reluctantly released an electric vehicle in May <https://global.toyota/en/newsroom/toyota/37135919.html#:~:text=Toyota City, Japan, April 12,BEV*1 on May 12.>. Weeks later, it recalled 2,700 of them because there was a risk their wheels—the most fundamental component—would fall off. If that's the level of quality and safety traditional auto giants are willing to commit to, then investors and regulators should increase their scrutiny. Getting it right on battery technology and electric motors is one thing, but bolting the wheels on properly? It shouldn't even be a question. Billions of dollars have been invested, huge promises have been made and every major car manufacturer in the world has committed to go electric and clean. What's more, cars are selling at record high prices. Toyota's statement was alarming <https://pressroom.toyota.com/toyota-is-conducting-a-safety-recall-involving-2023-model-year-bz4x-vehicles/>. “After low-mileage use, all of the hub bolts on the wheel can loosen to the point where the wheel can detach from the vehicle. If a wheel detaches from the vehicle while driving, it could result in a loss of vehicle control, increasing the risk of a crash,'' the company said as it recalled its first electric car release. Long a leader in hybrid or gasoline-electric technology, the Japanese firm has been dragging its feet on EVs as competitors like Volkswagen AG have raced ahead. Toyota president Akio Toyoda has in the past commented on the excessive hype around green cars and pointed out the downsides. <https://www.wsj.com/articles/toyotas-chief-says-electric-vehicles-are-overhyped-11608196665> Meanwhile, Subaru Corp., in which Toyota holds a 20.02% stake, also recalled the Solterra, a related electric vehicle model jointly developed that shares parts with the latter's bZ4x. Recalls are par for the course in the auto industry—every year, millions of vehicles are affected. Last year, more than 21 million were accounted for in recalls mandated by the U.S. National Highway Traffic Safety Administration, according to third-party data provider Recall Master <https://www.recallmasters.com/sor/>. In addition, several million more are part of so-called voluntary campaigns that aren't formally recognized by the authority. [...] https://www.bloomberg.com/opinion/articles/2022-06-29/the-wheels-come-off-toyota-s-electric-vehicles
George Maliha and Ravi B. Parikh, Scientific American, 29 Jun 2022 https://www.scientificamerican.com/article/who-is-liable-when-ai-kills/ "The key is to ensure that all stakeholders, users, developers and everyone else along the chain from product development to use”bear enough liability to ensure AI safety and effectiveness—but not so much that they give up on AI." Organizations that build and deploy AI must be held accountable for usage incidents, be they benign or injurious. Changing the rules—regulations -- means that stakeholders negotiate proposed regulations which are approved by lawmakers, and enforced by regulators. Two of the stakeholders -- law makers and regulators—are often captured, or wholly compromised by, deep pockets or political interests. Product liability laws are outdated—they were written for industry conditions that assumed only humans and their parent organizations held responsibility for product faults and the incidents or damage they cause. There was no anticipation of AI product deployment, and how autonomous products alters the liability landscape. Product terms of service for virtually every business or institution (including governments) invoke indemnification to shield them (their organizations and their employees) against liability save for acts of wanton negligence. The terms assert commercial impunity: The consumer purchases a product, and via a license terms of use granted therein, agree to indemnify (hold without fault) the producing organization (and its employees) for any untoward outcome, including injury or fatality. Occasionally, where there's a question of guilt attributed to said product or organization, a negotiated settlement ensues, one that includes non-disclosure of the settlement terms, and a non-admission of guilt to resolve the law suit. A liability law rewrite, with AI-in-the-loop, will subject organizations to newly defined accountability IF there's sufficient representative consumer interests at the negotiating table to balance the corporate lobby's litigiousness. The essay identifies 3 areas of liability regulation revision. The 3rd item of the author's liability reform addresses revised standards that might establishes a regulatory liability basis for AI. The revised standards should include mandatory explainability requirements for any deployed AI-product to assist and simplify incident triage. Explainability can elevate visibility into autonomous product fault and accelerate the incorporate of lessons learned that prevent recurrence. Data and voice recorders deployed in aircraft and trains help earn and sustain capriciously volatile public trust by teaching mistakes. An equivalent capability will benefit public health and safety exposed to AI-enabled product deployments. [As RISKS readers well known, blame can also be spread around flawed hardware, operating systems, applications, requirements, etc....... PGN]
*The Times* reporters spent over a year combing through government bidding documents that reveal the country's technological road map to ensure the longevity of its authoritarian rule: Chinese police analyze human behaviors to ensure facial recognition cameras capture as much activity as possible. Authorities are using phone trackers to link people's digital lives to their physical movements. DNA, iris scan samples. and voice prints are being collected indiscriminately from people with no connection to crime. he government wants to connect all of these data points to build comprehensive profiles for citizens—which are accessible throughout the government. https://www.nytimes.com/2022/06/21/world/asia/china-surveillance-investigation.html
The more than 1.4 billion people living in China are constantly watched. They are recorded by police cameras that are everywhere, on street corners and subway ceilings, in hotel lobbies and apartment buildings. Their phones are tracked, their purchases are monitored, and their online chats are censored. Now, even their future is under surveillance. The latest generation of technology digs through the vast amounts of data collected on their daily activities to find patterns and aberrations, promising to predict crimes or protests before they happen. They target potential troublemakers in the eyes of the Chinese government—not only those with a criminal past but also vulnerable groups, including ethnic minorities, migrant workers and those with a history of mental illness. https://www.nytimes.com/2022/06/25/technology/china-surveillance-police.html
https://arstechnica.com/information-technology/2022/06/china-lured-graduate-jobseekers-into-digital-espionage/ https://www.ft.com/content/2e4359e4-c0ca-4428-bc7e-456bf3060f45
Masaharu Ban and Kosuke Toshi. *Financial Times*, 24 Jun 2022 Microsoft's recent termination of the Internet Explorer (IE) browser has sparked panic among businesses and government agencies in Japan that had delayed updating their Websites. Tokyo-based software developer Computer Engineering & Consulting (CEC) has been flooded with help requests since April, mainly from government agencies, financial institutions, and manufacturing and logistics companies that operate sites that only work with IE. In a March poll by IT resource provider Keyman's Net, almost half of respondents said they used the IE browser for work, and more than 20% of those respondents said they did not know how to transition to another browser. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9 6-2ed5ex23482ex071085&
If we are to believe the purveyors of school surveillance systems, K-12 schools will soon operate in a manner akin to some agglomeration of Minority Report, Person of Interest, and Robocop. "Military grade" systems would slurp up student data, picking up on the mere hint of harmful ideations, and dispatch officers before the would-be perpetrators could carry out their vile acts. In the unlikely event that someone were able to evade the predictive systems, they would inevitably be stopped by next-generation weapon-detection systems and biometric sensors that interpret the gait or tone of a person, warning authorities of impending danger. The final layer might be the most technologically advanced”some form of drone or maybe even a robot dog, which would be able to disarm, distract, or disable the dangerous individual before any real damage is done. If we invest in these systems, the line of thought goes, our children will finally be safe. https://www.wired.com/story/school-surveillance-never-protect-kids-shootings
*Privacy campaign group warns against government's proposals to move to an *opt-out* model* Proposals to scrap pop-up cookie consent boxes on websites will make it easier to spy on web users, a privacy campaign group has warned. Cookie banners are a common feature for web users, who are asked to give their consent for websites as well as marketing and advertising businesses to gather information about their browsing activity. Ministers announced proposals on Friday to move to an opt-out model for cookie consent. <https://www.theguardian.com/technology/2022/feb/02/techscape-google-chrome-cookies> ~~In the future, the government intends to move to an opt-out model of consent for cookies placed by websites,'' said the Department for Digital, Culture, Media and Sport (DCMS). “This would mean cookies could be set without seeking consent, but the website must give the web user clear information about how to opt out.'' Open Rights Group (ORG), which campaigns for privacy and free speech online, said the proposal would make spying on people's activities the *default option*. [...] https://www.theguardian.com/technology/2022/jun/17/uk-plan-to-scrap-cookie-consent-boxes-will-make-it-easier-to-spy-on-web-users
https://twitter.com/briankrebs/status/1542233920204324866
A German ad-tech trial features what Vodafone calls "digital tokens." Should you be worried? https://www.wired.com/story/trustpid-digital-token-supercookie
Privacy advocates are watching the case closely, concerned that police could
use reverse keyword searches to investigate people who seek information
about abortions.
https://www.nbcnews.com/news/us-news/police-google-reverse-keyword-searches-rcna35749
Gabe Goldberg noted in the same article:
Is there reasonable expectation of privacy for search data? No.
Can it be misused? Yes
Police sweep Google searches to find suspects. The tactic is facing its
first legal challenge. PGN]
<https://www.exodus.com/news/how-secure-is-ethereum/> How secure are Bitcoin and Ethereum, really? We often hear that Proof-of-Stak blockchains could theoretically become centralized in the hands of a few rich players, while Bitcoin and Ethereum (for now) are relatively immune. <https://www.exodus.com/news/proof-of-work-vs-proof-of-stake/#head4> Now, a new Defense Department-sponsored study <https://assets-global.website-files.com/5fd11235b3950c2c1a3b6df4/62af6c641a672b3329b9a480_Unintended_Centralities_in_Distributed_Ledgers.pdf> reveals that most blockchains are more centralized (and thus less secure) than we're led to believe. *An uncomfortable report* Trail of Bits <https://www.trailofbits.com/>, a cybersecurity research and consulting firm whose clients include Google, Microsoft and Meta, released an important study on June 21 entitled *Are Blockchains Decentralized?* It concludes that many blockchains are more vulnerable to centralization dangers than previously thought. <https://cointelegraph.com/blockchain-for-beginners/how-does-blockchain-work-everything-there-is-to-know> The report was produced for the U.S. Defense Advanced Research Projects Agency (DARPA <https://www.darpa.mil/>), an agency founded in 1958 to manage the development of emerging technologies for use by the Department of Defense. The agency developed and furthered much of the conceptual basis for ARPANET, the prototypical communications network that became today's Internet. Research focused mainly on Bitcoin, revealing several security weaknesses that could be exploited by bad actors to gain greater control of the network. *Bitcoin nodes* [...] https://www.exodus.com/news/report-exposes-blockchain-vulnerabilities/
*So far, no space exploring nations have claimed responsibility for the rocket.* NASA has discovered the crash site of a "mystery rocket body" that collided with the Moon's surface earlier this year. The impact left behind a widespread "double crater," meaning it wasn't the average rocket. However, since its crash landing, none of Earth's space-exploring nations have claimed responsibility for the mysterious projectile, leaving NASA scientists baffled as to who was behind its launch. New images shared on June 24 by NASA's Lunar Reconnaissance Orbiter show the unusual impact site. After a rocket body impacted the Moon last year, NASA's Lunar Reconnaissance Orbiter was able to snap a surprising view of the impact site. Unexpectedly, the crater is actually two craters and may indicate that the rocket body had large masses at each end: https://t.co/WtMAFrNkUw pic.twitter.com/hcoYPxlm8z NASA 360 (@NASA360) 27 Jun 2022 "Surprisingly the crater is actually two craters, an eastern crater (18-meter diameter, about 19.5 yards) superimposed on a western crater (16-meter diameter, about 17.5 yards," NASA reported <https://www.nasa.gov/feature/goddard/2022/nasas-lunar-reconnaissance-orbiter-spots-rocket-impact-site-on-moon>. "The double crater was unexpected...No other rocket body impacts on the Moon created double craters." [...] https://www.chron.com/news/houston-texas/article/mystery-rocket-NASA-moon-crash-country-origin-17273903.php
https://arstechnica.com/information-technology/2022/06/mega-says-it-cant-decrypt-your-files-new-poc-exploit-shows-otherwise/
We have just published a 5-part series on Freedom-to-Tinker about the expert assessments Switzerland commissioned of its E-voting system. https://freedom-to-tinker.com/2022/06/27/how-to-assess-an-e-voting-system/ Andrew Appel, How to Assess an E-voting System After small-scale pilots of an Internet voting system for citizens living abroad, Switzerland commissioned expert studies of all aspects of its e-voting system: cryptographic protocol security and privacy, systems security, infrastructure and operation, network infrastructure security. These are the most thorough and expert studies ever commissioned of a deployed Internet voting system. Based on these studies, the Swiss government put a pause on further use of the system. https://freedom-to-tinker.com/2022/06/28/how-not-to-assess-an-e-voting-system/ How NOT to Assess an E-voting System ] , by Vanessa Teague The Australian state of New South Wales used an Internet voting system very similar to the Swiss one. Not only did they whitewash findings by outside experts that the system was insecure, but on election day the system simply didn't work: the Electoral Commission estimated that 20,000 people registered to use iVote but did not receive a voting credential in time to vote; as a consequence, the Supreme Court of NSW voided the results in three local elections. The NSW government has been careless about driver's license security, health data privacy, and covid-tracing records, too: there's a pattern. [ https://freedom-to-tinker.com/2022/06/29/how-the-swiss-post-e-voting-system-addresses-client-side-vulnerabilities/ | How the Swiss Post E-voting system addresses client-side vulnerabilities ] , by Appel The two biggest vulnerabilities in any Internet voting system are: server-side (from insiders or attackers who penetrate the server), and client-side (from attackers who manage to install a fake voting-app on voters' computers or phones). We explain how the Swiss system protects against client-side attacks, based on a sheet of paper mailed to the voter containing special codes for the voter to enter and check. [ https://freedom-to-tinker.com/2022/06/30/what-the-assessments-say-about-the-swiss-e-voting-system/ | What the Assessments Say About the Swiss E-voting System ] , by Appel The assessments were commissioned in 2021-22 after independent experts (not commissioned by the government) had found serious security flaws in the cryptographic protocol. The vendor of the system, the Swiss Post, cooperated by documenting the protocol and the computer code in great detail. The assessors found that "the clarity of the protocol and documentation is much improved [which] has exposed many issues that were already present but not visible in the earlier versions of the system; this is progress. ... [but] Several issues that we found require structural changes..." The glass-half-empty cryptographic protocol experts concluded “We encourage the stakeholders in Swiss e-voting to allow adequate time for the system to thoroughly reviewed before restarting the use of e-voting,'' while the glass-half-full system-security expert concluded “as imperfect as the current system might be when judged against a nonexistent ideal, the current system generally appears to achieve its stated goals, under the corresponding assumptions and the specific threat model around which it was designed.'' Switzerland's E-voting: The Threat Model, by Appel https://freedom-to-tinker.com/2022/07/01/switzerlands-e-voting-the-threat-model As the system-security expert pointed out, there is a danger in limiting a security assessment to a specific threat model. That expert pointed out that the printing company, that sends paper credentials to voters before each election, can corrupt the election if hacked or dishonest, but was excluded from the threat model that he was asked to consider. Here we identify a new threat model: it's a real security risk, if voters use smartphone cameras to speed the process of entering code numbers from the paper credential document.
Maddie Stone, Google Project Zero For the last three years, we've published annual year-in-review reports of 0-days found exploited in the wild. The most recent of these reports is the 2021 Year in Review report <https://googleprojectzero.blogspot.com/2022/04/the-more-you-know-more-you-know-you.html>, which we published just a few months ago in April. While we plan to stick with that annual cadence, we're publishing a little bonus report today looking at the in-the-wild 0-days detected and disclosed in the first half of 2022. As of 15 Jun 2022, there have been 18 0-days detected and disclosed as exploited in-the-wild in 2022. When we analyzed those 0-days, we found that at least nine of the 0-days are variants of previously patched vulnerabilities. At least half of the 0-days we've seen in the first six months of 2022 could have been prevented with more comprehensive patching and regression tests. On top of that, four of the 2022 0-days are variants of 2021 in-the-wild 0-days. Just 12 months from the original in-the-wild 0-day being patched, attackers came back with a variant of the original bug. So, what does this mean? When people think of 0-day exploits, they often think that these exploits are so technologically advanced that there's no hope to catch and prevent them. The data paints a different picture. At least half of the 0-days we've seen so far this year are closely related to bugs we've seen before. Our conclusion and findings in the 2020 year-in-review report were very similar. <https://googleprojectzero.blogspot.com/2021/02/deja-vu-lnerability.html> Many of the 2022 in-the-wild 0-days are due to the previous vulnerability not being fully patched. In the case of the Windows win32k and the Chromium property access interceptor bugs, the execution flow that the proof-of-concept exploits took were patched, but the root cause issue was not addressed: attackers were able to come back and trigger the original vulnerability through a different path. And in the case of the WebKit and Windows PetitPotam issues, the original vulnerability had previously been patched, but at some point regressed so that attackers could exploit the same vulnerability again. In the iOS IOMobileFrameBuffer bug, a buffer overflow was addressed by checking that a size was less than a certain number, but it didn't check a minimum bound on that size. For more detailed explanations of three of the 0-days and how they relate to their variants, please see the slides from the talk. [...] <https://github.com/maddiestone/ConPresentations/blob/master/FIRST2022.2022_0days_so_far.pdf> https://googleprojectzero.blogspot.com/2022/06/2022-0-day-in-wild-exploitationso-far.html
The Hidden Fees Making Your Bananas, and Everything Else, Cost More The story you're about to read is bananas, and it's also about bananas. Last fall, a company called One Banana loaded 600,000 pounds of the fruit from its plantations in Guatemala and Ecuador onto ships bound for the Port of Long Beach in California. Once they arrived, the bananas, packed in refrigerated containers, were offloaded by cranes for trucking to a nearby warehouse, where the fruit would be sent to supermarkets nationwide. But in the midst of a global supply chain crisis, none of the trucking companies the importer normally worked with were willing to come and get the containers. As the bananas sat at the marine terminal, a logistics specialist for One Banana scrambled, contacting more than a dozen trucking firms. With each passing hour, the bananas grew closer to spoiling. https://www.propublica.org/article/ocean-freight-shipping-costs-inflation
Researchers say the remote-access Trojan ZuoRAT is likely the work of a nation-state and has infected at least 80 different targets. The discovery of this ongoing campaign is the most important one affecting SOHO routers since VPNFilter, the router malware created and deployed by the Russian government that was discovered in 2018. Routers are often overlooked, particularly in the work-from-home era. While organizations often have strict requirements for what devices are allowed to connect, few mandate patching or other safeguards for the devices' routers. Like most router malware, ZuoRAT can't survive a reboot. Simply restarting an infected device will remove the initial ZuoRAT exploit, consisting of files stored in a temporary directory. To fully recover, however, infected devices should be factory reset. Unfortunately, in the event connected devices have been infected with the other malware, they can't be disinfected so easily. https://www.wired.com/story/zuorat-trojan-malware-hacking-routers
ArsTechnica has reported that there is a sophisticated attack campaign against SOHO routers, which in turns infects and compromises attached devices. In "A wide range of routers are under attack by new, unusually sophisticated malware", the high-level details of the attack are described, including the somewhat unavoidable conclusion that Work from Home (WFH) makes systems used for remote work a potential target. The ArsTechnica article is at: https://arstechnica.com/information-technology/2022/06/a-wide-range-of-routers-are-under-attack-by-new-unusually-sophisticated-malware/
https://www.nytimes.com/2022/06/21/technology/microsoft-facial-recognition.html
Voice recognition and data collection have boomed in recent years. Researchers are figuring out how to protect your privacy. https://www.wired.com/story/voice-recognition-privacy-speech-changer/
Amazon is devising a way for users to speak to their family members through its Alexa voice assistant, even after they've died. At Amazon's Re:Mars conference in Las Vegas on Wednesday, Rohit Prasad, senior vice president and head scientist for the Alexa team, detailed a feature that allows the voice assistant to replicate a specific human voice. In a demonstration video, a child said, “ Alexa, can Grandma finish reading me the Wizard of Oz?'' Alexa confirmed the request with the default, robotic voice, then immediately switched to a softer, more humanlike tone, seemingly mimicking the child's family member. The Alexa team developed a model that allows its voice assistant to produce a high-quality voice with “less than a minute of recorded audio,'' Prasad said. [...] https://www.cnbc.com/2022/06/22/amazon-demonstrates-alexa-mimicking-the-voice-of-a-deceased-relative.html
https://www.npr.org/sections/thetwo-way/2018/06/05/617196788/s-c-mom-says-baby-monitor-was-hacked-experts-say-many-devices-are-vulnerable [Security on the Internet of Things? Ya gotta be kiddin'.]
https://www.cbc.ca/news/canada/newfoundland-labrador/phoenix-pay-joanne-osmond-1.6500083
https://www.consumerreports.org/health-privacy/period-tracker-apps-privacy-a2278134145/
The plight of a technician tasked with transferring a city's worth of personal data is a lesson in the risks of combining small, important objects with a night out drinking. https://www.nytimes.com/2022/06/28/world/asia/usb-japan-flash-drive-amagasai.html
*After throwing lifelines to troubled digital currency platforms BlockFi and Voyager Digital, Sam Bankman-Fried, the 30-year-old billionaire founder of FTX, warns that some crypto exchanges will soon fail.* The question on everybodY's mind in the crypto world is whether we've reached the market bottom. Nearly $2 trillion in crypto market value has evaporated since November. Two bellwether digital assets Luna, a $40 billion crypto asset associated with TerraUSD, a $16 billion stablecoin designed to maintain parity with the U.S. dollar, have collapsed. Earlier this month bitcoin traded for below $20,000, its lowest level since December 2020. But the fallout is far from complete. Earlier this month, Singapore-based Three Arrows Capital (3AC), a highly levered crypto trading firm with $200 million of exposure to Luna revealed that it was nearly insolvent. Three Arrows had borrowed large sums from numerous crypto firms including New Jersey's Voyager Digital and New York-based BlockFi. In order to survive Three Arrows' default, the two digital asset exchanges turned to billionaire Sam Bankman-Fried, founder of FTX and the richest person in crypto, worth some $20.5 billion. Between FTX and his quantitative trading firm Alameda, he provided the companies with $750 million in credit lines. There is no guarantee that Bankman-Fried will recoup his investment. “You know, we're willing to do a somewhat bad deal here, if that's what it takes to sort of stabilize things and protect customers,'' he says. [...] https://www.forbes.com/sites/stevenehrlich/2022/06/28/bankman-fried-some-crypto-exchanges-already-secretly-insolvent/
https://assets-global.website-files.com/5fd11235b3950c2c1a3b6df4/62af6c641a672b3329b9a480_Unintended_Centralities_in_Distributed_Ledgers.pdf
No cryptocurrency investor has been spared the pain of plunging prices. But the fallout from more than $700 billion in losses is far from even. Photo: Tyler Winklevoss, left, and Cameron Winklevoss, center, performing with Mars Junction in Englewood, Colo. The billionaires recently laid off 10 percent of the staff at Gemini, their crypto firm. ENGLEWOOD, Colo.—The cryptocurrency market was in ruins. But Tyler and Cameron Winklevoss were jamming. Cameron and Tyler Winklevoss, whose wealth stood at $4 billion apiece before the crash, were each worth $3.3 billion this week, according to Forbes. They declined to comment. For retail investors like Ben Thompson, 33, the reality is different. Mr. Thompson, who lives in Sydney, Australia, lost about $45,000 ” half his savings ” in the crash. He had dabbled in crypto since 2018 and planned to use the money to open a brewery. "A lot of people who seemed quite reputable had a lot of confidence," Mr. Thompson said. "The smaller people get taken advantage of." https://www.nytimes.com/2022/06/29/technology/crypto-crash-divide.html
https://theintercept.com/2022/06/29/crypto-coinbase-tracer-ice/
https://techcrunch.com/2022/07/01/crypto-regulation-eu/
"There was this irrational exuberance." https://www.boston.com/news/business/2022/06/20/crypto-winter/
In 2018, Alex Mashinsky held a dinner at an upscale restaurant in New York. The entrepreneur's goal was to attract "whales"” crypto-speak for large-scale currency holders who can move markets ” to invest in a nascent entity he'd created called Celsius Network. The Ukraine-born, Israel-raised businessman spoke charmingly and passionately, according to a person who was at the dinner and described it on the condition of anonymity because it was a private event. He laid out his mission of "unbanking,"in which investors can deposit cryptocurrency outside the traditional financial system. Central to the pitch were unusually high yields for depositors in his Celsius Network ” as much as 30 percent ” made possible, the New York-based Mashinsky explained, because their money would be lent out at high rates to those needing it for short-term crypto investments. "It was incredible to watch—everyone in the room was enthralled,"said the guest. "The whales were excited and ready to write checks. Even people who might have been skeptical were on board." [...] He made the case to Wall Street that he could offer much higher yields without the bureaucratic costs and profit-taking of traditional banks, and he also marketed those yields ” which could reach between 20 and 30 percent -- to depositors. [...] Still, business was slow. The company's own CEL token, launched in the fall of 2018 to help facilitate transactions, ended 2019 at just 14 cents—only the slightest improvement from the 10 cents it was worth the previous spring. [...] The company has fallen in the eyes of a number of the faithful. After Mashinsky tweeted a stay-strong message last week (“@CelsiusNetwork team is working non-stop. To see you come together is a clear sign our community is the strongest in the world''), one user replied angrily. "Please allow us to withdraw OUR funds,"wrote @TzannakosPat. "People have their life savings on Celsius. The community is strong and together we should demand and [sic] formal investigation. You can't just take peoples money and coins." That frustration was felt by Alex, a Celsius customer in Maryland who asked not to be fully identified to protect himself online. He has about $20,000 in his account now, he said, money he was counting on to help support his son. "I'm feeling pretty bad to be honest,"he said. Bitboy Crypto, the pseudonym of a prominent crypto influencer named Ben Armstrong, who has nearly 900,000 followers on Twitter, had long advocated Celsius to his followers. But after the freeze, he changed his tune. "We were lied to about the safety of our funds by Alex @Mashinsky,"he tweeted Saturday as he offered suggestions for legal action ” in turn prompting some to blame him for cheerleading for Celsius for so long. Yet many of Mashinsky's adherents have refused to give up. They see the freeze not as a sign of malfeasance but as one more piece of evidence that traditional finance wants to destroy crypto and will stop at nothing to realize its aim. https://www.washingtonpost.com/technology/2022/06/21/celsius-withdrawal-freeze-explained/ SLIGHT improvement—10 cents to 14 is 40% in maybe 15 months. I'll take it.
"Crypto[currency] crash threatens North Korea's stolen funds."
Federal law requires banks to reimburse customers for unauthorized electronic transfers, but they often refuse, stranding victims. https://www.nytimes.com/2022/06/20/business/zelle-money-stolen-banks.html [Your money is carefully wrapped in Zellephane. PGN]
The organization left marketing trackers running on its scheduling pages. https://www.washingtonpost.com/technology/2022/06/29/planned-parenthood-privacy
>There is a DARPA/I2O program that is awarding ways to patch IoT >appliances and heavy truck engines: > https://www.darpa.mil/program/assured-micropatching > > What could possibly go wrong? THVV Plenty, but this is an engineering question. We expect some amount of damage from unpatched cruddy old equipment. We have some level of risk from this hack patch approach. Which is likely to cause more trouble overall? I have no idea but since there is no question that we're seeing a lot of damage from unpatched IoT (for example, the Mirai botnet) I wouldn't dismiss it out of hand.
I thought I restrained myself with the puns on that one. I still remember getting yelled at by a strident feminist circa 1990 when I used a COBOL programming term, which we really truly used—a lot --.when the compiler aborted on a COBOL sentence that didn't get terminated properly. We called those "pregnant" because they were missing their periods. Re: my late darkness, well, three major neurosurgeries surgeries in 5 months will do that to you (for my spine; long boring medical story omitted). I'm much much better now though (and 40% titanium, I think, with really cool scars that look like I got attacked by either an alligator or an eagle, depending on where you come from). : )
Oxfam's report, published in January 2022, states that: "The world's ten richest men more than doubled their fortunes from $700 billion to $1.5 trillion—at a rate of $15,000 per second or $1.3 billion a day—during the first two years of a pandemic that has seen the incomes of 99 percent of humanity fall and over 160 million more people forced into poverty. "Inequality goes to the heart of the climate crisis, as the richest 1 percent emit more than twice as much CO2 as the bottom 50 percent of the world, driving climate change throughout 2020 and 2021" "The carbon footprints of the richest 1 percent of people on Earth is set to be 30 times greater than the level compatible with the 1.5°C goal of the Paris Agreement in 2030. The poorest half of the global population will still emit far below the 1.5°C-aligned level in 2030." The problem is not "too many people" but "too many rich people"! There is plenty of money and resources in the world to feed everyone and tackle climate change, the problem is inequitable distribution of resources and lobbying against the needed changes by powerful vested interests and corrupt governments. https://www.oxfam.org/en/press-releases/ten-richest-men-double-their-fortunes-pandemic-while-incomes-99-percent-humanity
China's draconian "One Child Policy", implemented between 1980 and 2015, is claimed to have prevented over 400 million births. Yet China's CO2 emissions increased by around five times in the same period.
looks like the URL in RISKS got mangled, here's a working one: https://twitter.com/Marc_IRL/status/1537187487675711488 (The final '8' was summarily dropped)
[From a PGN neighbor, Re: RISKS-33.13-15,20]
We've had a lot of interactions with AT&T people on this issue. including
with someone who was honest and knew something. My general question was:
companies have been stringing cables for decades, if not centuries.
Presumably the squirrel problem has been resolved???
His answer was clear: all other cables were metallic, either the conductor
or the shield. The fiber cables are not. Squirrels and rats have trouble
with metal, although they do succeed sometimes. When ATT chose the fiber
to install, in the interest of weight and cost, they decided against a
metallic shield. Apparently this works in most places, but a few
locations have high squirrel activity, and they have to replace short
sections with squirrel-protected cable after the problem....not
proactively.
That is to say....the problems will continue, although slowly
diminishing, as more cable gets squirrel shielding.
Kudos to AT&T for stepping up to deliver the long-hoped-for "fiber to the
home". This is a huge deal, and a massive step to the future. Too bad
they didn't invest more in better cables. -Jeff
Please report problems with the web pages to the maintainer