Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
USAF and Merlin Labs plan to flight test Lockheed Martin's C-130J Hercules with autonomous software as a co-pilot.
Can a Lockheed Martin (NYSE: LMT) C-130J Hercules fly with just one pilot? It' a scenario the U.S. Air Force is exploring through a new partnership with Merlin Labs, a Boston-based autonomous flight company that's gearing up to test autonomous operations in the Air Force' venerable cargo workhorse.
Under the collaboration, Merlin Labs will retrofit a C-130 with software and technology that will slim down the number of onboard crew, from two pilots to one. The C-130, built at Lockheed Martin's factory in Marietta, Georgia, holds the record for the longest continuous production run of any military aircraft, according to the manufacturer. The Hercules first flew in 1954.
https://www.flyingmag.com/u-s-air-force-to-test-single-pilot-c-130-flight-crews/
Do Kwon, a South Korean entrepreneur, hyped the Luna and TerraUSD cryptocurrencies. Their failures have devastated some traders, though not the investment firms that cashed out early.
https://www.nytimes.com/2022/05/18/technology/terra-luna-cryptocurrency-do-kwon.html
It doesn't even work yet, but nuclear fusion has encountered a shortage of tritium, the key fuel source for the most prominent experimental reactors.
In the south of France, ITER is inching towards completion. When it's finally fully switched on in 2035, the International Thermonuclear Experimental Reactor will be the largest device of its kind ever built, and the flag-bearer for nuclear fusion.
Inside a donut-shaped reaction chamber called a tokamak, two types of hydrogen, called deuterium and tritium, will be smashed together until they fuse in a roiling plasma hotter than the surface of the sun, releasing enough clean energy to power tens of thousands of homes—a limitless source of electricity lifted straight from science fiction.
Or at least, that's the plan. The problem—the white elephant in the room — is that by the time ITER is ready, there might not be enough fuel left to run it.
Like many of the most prominent experimental nuclear fusion reactors, ITER relies on a steady supply of both deuterium and tritium for its experiments. Deuterium can be extracted from seawater, but tritium”a radioactive isotope of hydrogen”is incredibly rare.
https://www.wired.com/story/nuclear-fusion-is-already-facing-a-fuel-crisis
Nuclear power plants were designed to defend against certain foreseeable risks, but not wars!
I don't think we all want to be Zaporized…
Fighting Around Europe's Largest Power Plant Is ‘Out of Control,’ UN's Nuke Chief WarnsRussia is using a Ukrainian power plant as a fortress to launch attacks.
by Matthew Gault August 3, 2022, 3:13pm
The head of the UN's nuclear regulatory watchdog is warning the world that Europe's largest nuclear power plant “is completely out of control,” Rafael Grossi, the director general of the International Atomic Energy Agency (IAEA), told the Associated Press about the risk in an interview.
The Zaporizhzhia nuclear power plant is in Southeast Ukraine along the Dnipro river.
The plant has been a central part of the war since Russia invaded Ukraine at the end of February.
Russian troops besieged it in early March, firing artillery shells at it before taking it over.
The firefight between Russian and Ukrainian soldiers was watched by 95,000 people online through the plant's live streamed CCTV cameras.
An administrative building caught fire during the fight but the plant didn't melt down.
More than $20 million has been recovered since the ‘free-for-all’.
Crypto Giant Froze Their Accounts. Now Customers Are Begging a Judge for Their Money Back.
“My life savings were in Celsius,” one depositor wrote last month. “I pray and hope everyday you are doing everything in your power to rightfully return deposits back to customers. I can't tell my wife and kids our retirement and dreams have been stolen from us. Life is stale, we need updates and silence is not the answer.”
https://www.motherjones.com/politics/2022/08/celsius-bankruptcy-crypto
Washington Metrorail Safety Commission says Metrorail routinely skipped steps in restoring lethal electrical power to tracks in work zones.
WMSC determined the Power Desk assistant superintendent had skipped three safety protocols when directing that power be restored to the College Park Station work zone. In addition, the Power Desk controller restored power even though they knew two safety confirmations had not been completed.
WMSC also investigated similar lapses in safety that occurred on April 3, May 1, May 6 and May 14, across multiple departments.
“Fatigue modeling indicates that the Power Desk controller's performance effectiveness on April 26 was impaired due to sleep debt, short sleep duration and the circadian effects of night work,” WMSC's report says. “The Power Desk Controller also told investigators that they have difficulty sleeping.”
Further investigation revealed that Metrorail was assigning 12-hours shifts and not filling some shifts due to staffing shortages.
A former T-Mobile store owner has been found guilty of using stolen credentials to hack into “hundreds of thousands of cellphones” in a multiyear scheme that netted him roughly $25 million that he spent on cars:
Argishti Khudaverdyan, 44, who owned an Eagle Rock retail outlet in Los Angeles, used several dishonest methods to acquire the credentials needed to unlock phones or bypass carrier blocks, enabling customers to change network providers before their contract ended. He used phishing emails and social engineering, and tricked those working at the T-Mobile IT Help Desk into resetting employee passwords, allowing him access to the internal system.
The scheme, which he ran from August 2014 to June 2019, also involved unlocking phones that had been reported lost or stolen, allowing them to be sold on the black market. […]
https://finance.yahoo.com/news/former-t-mobile-store-owner-110731584.html
A state agency said the electric carmaker had misled the public in describing its driver-assistance service as autonomous.
Its name is borrowed from aviation systems that allow planes to fly themselves in ideal conditions with limited pilot input. With the current system, the car will disengage Autopilot if drivers do not consistently keep a hand on the wheel.
For an additional fee, which may be as high as $12,000, car owners can buy Full Self-Driving, a system that expands the abilities of Autopilot.
https://www.nytimes.com/2022/08/05/business/tesla-california-dmv-complaint.html
Believing marketing, then not even following instructions…
Dan Goodin, Ars Technica, 03 Aug 2022, via ACM TechNews, 5 Aug 2022
Researchers at security company Volexity have discovered malware dubbed SHARPEXT that the North Korea-sponsored SharpTongue hacker gang is using to read and download email and attachments from victims' Gmail and AOL accounts. Volexity's Steven Adair said SHARPEXT installs an extension for Chrome and Edge browsers “by way of spear phishing and social engineering where the victim is fooled into opening a malicious document.” Email services cannot detect the extension, and since the browser will already have been authenticated, the compromise cannot be simply identified and neutralized. Volexity said SHARPEXT has been in use for “well over a year,” allowing hackers to compile lists of email addresses to ignore, and to monitor already compromised emails or attachments.
https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-2f009x235171x069070&
Fans wanted a war game to be more real, so they leaked classified docs
Video games have long led to fights: controllers thrown, unsubstantiated accusations of cheating, insults hurled at mothers and even dogs. But no one has ever leaked classified documents related to national security in a public forum to win an argument — until last year, twice. And then again this year.
Beginning in 2021, players of “War Thunder,” a popular, free-to-play vehicular combat video game, have thrice posted classified documents related to three tanks of British, French, and Chinese origin, in an online forum dedicated to the game. The posting of the documents was reported first by UK Defence Journal, which wrote that one poster, who uploaded the manual to a British Challenger 2 tank, said he was motivated by a desire to get a “War Thunder” developer to make the tank more accurate in the game. Another poster, who claimed to be part of a French tank unit, uploaded a Leclerc S2 manual while engaged in an online debate about its turret rotation speed. The motivations of the user who posted allegedly classified information about China's DTC10-125 tank, and a piece of materiel, was not clear.
https://www.washingtonpost.com/video-games/2022/08/05/tank-plan-leaks-war-thunder/
Some researchers believe there are sentient computers. Sorry, but there's no evidence.
[Nice follow-up on this topic in RISKS-33.29 and RISKS-33.34. PGN]
Cade Metz, The New York Times National Edition Sunday Business centerfold , 7 Aug 2022: two-page (6-7) spread, with Frank Rosenblatt and his Perceptron, an inset of a conversation with Joe Weizenbaum's ELIZA, and other more recent players. The alluring robot “Desdemona” is also on the cover of the section.
Adam Zewe, MIT News, 3 Aug 2022, via ACM TechNews, 5 Aug 2022
A multi-institutional team of researchers led by the Massachusetts Institute of Technology's Iddo Drori utilized a neural network model to solve university-level math problems in seconds. The researchers used OpenAI's Codex model, which was pretrained on text and “fine-tuned” on code, to learn how pieces of text and code relate to each other. The model can render text questions into code, given a few question-code examples, then run the code to solve the problem. The model also automatically explains its solutions, and can produce new problems in university math subjects which university students were unable to distinguish from human-generated questions. “This work opens the field for people to start solving harder and harder questions with machine learning,” Drori said.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f009x235172x069070&
Big Tech breakup legislation on hold
It appears that the wholly misguided attempts to “break up” Big Tech are at least on hold until later in the year, if then. And consumers should be thankful, because the plans would only have made their tech lives more complex and subject to even more fraud.
https://www.nbcnews.com/business/consumer/equifax-credit-score-glitch-lawsuit-class-action-rcna41538
“The credit bureau said it had unintentionally sent faulty scores to lenders, resulting in higher interest rates and application denials for some consumers.”
“The Wall Street Journal reported Tuesday that, as Equifax was transitioning to a new technology system, it unintentionally provided inaccurate credit scores on millions of U.S. consumers seeking various types of credit. In a statement on its website, Equifax acknowledged that as many as 300,000 people experienced a score shift of 25 points or more, enough to swing a borrower's credit rating from good to fair, or fair to poor.”
A glitch? It appears Equifax didn't apply UAT before go-live? Or did they know about the credit score discrepancy—should be evident in their qualification test reports for pass/fail on “legacy v. go-forward” comparator output of credit scores. Perhaps the governance team was too eager to go-live because of schedule commitments and didn't bother to read the test results?
Very tiresome to watch reruns of the consumer crash test dummy show.
The trading app that helped drive the meme stock frenzy announced staff cuts for the second time this year.
Robinhood declined to comment on the layoffs.
The announcement followed closely on the heels of cuts in April, when Robinhood laid off 340 workers, or about 9 percent of its employees at the time. Since then, Mr. Tenev wrote, further worsening of the economy, including inflation and the crash of the crypto market, has “reduced customer trading activity and assets under custody.” The price of Bitcoin has fallen by more than half this year, to about $23,000 per coin. The cryptocurrency rose as high as $66,000 in late 2021.
Bitcoin mining is a highly lucrative business as long as the price of bitcoin keeps going up — and as long as investors believe it will keep going up.
When the price crashes — and the price of bitcoin has halved since the start of the year — crypto miners face margin calls, they have to dump their bitcoins, and reality comes knocking.
In this post, we outline some of the biggest problems facing North American bitcoin miners:
But is there any reason to do it?
Textbook publisher Pearson suggests blockchain tech could let it take a cut of secondary textbook sales, capturing a section of the book market that's so far escaped it. As quoted by Bloomberg, Pearson CEO Andy Bird believes non-fungible tokens, or NFTs, could help publishers make money off textbook resales, although he stopped short of describing concrete plans. […]
As with many mainstream crypto applications, NFTs don't bring an obvious technical innovation to this question.
A spate of layoffs is just the first sign of trouble for early-stage companies facing an economic downturn.
“Right now, the startups that are in the trickiest situation are growth-stage startups with unicorn-type valuations, a high burn rate, good but not great metrics, and 12 months of cash,” says Matt Turck, a partner at venture capital firm Firstmark. “You're going to see a lot of layoffs there, because companies need to urgently cut their burn if they don't want to run out of cash.”
https://www.wired.com/story/startups-layoffs-economy-bad-times/
What's it like to be responsible for a billion people's digital security? Just ask the company's Morse researchers.
https://www.wired.com/story/microsoft-morse-team/
Some extracts from the journal “People”:
A French scientist is in hot water after he trolled his Twitter followers with a picture of what he said was of a distant star taken by the James Webb Space Telescope. In reality, it was a piece of sausage.
On July 31, French scientist Etienne Klein tweeted an image of a glowing red circle with a caption saying it was Proxima Centauri, the closest star to the Sun. “Well, when it's time for the aperitif, cognitive biases seem to have a field day,” he later tweeted. <https://twitter.com/EtienneKlein/status/1553765864553472003?ref_src=twsrc^tfw|twcamp^tweetembed|twterm^1553765864553472003|twgr^70a999974c25a56b3c583436dfbd4c8fc8aa0f75|twcon^s1_&ref_url=https://www.cbsnews.com/news/scientist-etienne-klein-posts-webb-telescope-image-star-actually-slice-chorizo-apology/>
Engine Troubles? Check for Rats. T. M. Brown, The New York Times, 7 Aug 2022
This article begins by resuscitating an old tale from early 2021 of a Prius in NYCity's DUMBO area downtown: “The check engine kept flashing .. despite the car driving just fine. They did a bunch of tests and couldn't figure out what it was.” Finally they discovered a rat had chewed through a sensor wire. $700 bill. The usual RISKS story of trying to spread the blame to bad city planning, the pandemic, more food trucks in residential areas, overcrowding, etc.
T.M. Brown's last paragraph is worth quoting:
Two years ago, a looming fear among bureaucrats, business people, and undying loyalists to the city's complexities was that New York [City] would dangerously thin out, that enough people would make permanent their exodus to Connecticut or Duchess County to destroy an already precarious economic and social equilibrium. Instead the new story is simply a replay of the old one—a narrative of tensions among impassioned competing interests that all feel entitled to lay their personal claims to public space. It's maddening, perhaps impossible in the end and yet deeply reassuring all at once.
Risks relevance? Many things seem to be changing underfoot with the pandemic, but in many ways the problems remain more of the same—only perhaps intensified.
More complete reporting of the rates of robotic and manual surgery wouldn't be sufficient to make the comparative risks much less challenging to interpret. The problem, as is always the case with nonrandomized medical data, is selection bias. The patients who undergo robotic procedures are not necessarily similar to those who get manual procedures, the nurses who attend them are not necessarily similar, and the surgeons are obviously dissimilar, in ways that may be pertinent. To make a reliable comparison of the two techniques, one would need to do a randomized trial.
Randomized trials to make this sort of comparison are not new. For example, see British Journal of Surgery 92(1): 44-49 (2005).
The less easily solved problems, apparently raised in the IEEE article cited by Stein, and raised earlier when laparoscopic abdominal surgery became popular ~20 years ago, are those faced by trainees:
https://medicalxpress.com/news/2022-08-fault-medical-software-wrong.html
“There is a lot of research showing that clinical decision support software is generally beneficial. For instance, it reduces medication prescribing errors and enhances the chance that doctors will follow guidelines for delivering high-quality healthcare. Yet there is also increasing awareness that malfunctions in clinical decision support software are more common than we think.”
The FDA's regulatory approach to CDS software functions are published here: https://www.fda.gov/media/109618/download (retrieved on 05AUG2022).
The CDS must accurately determine if a prescription fits the condition, does not interact with a patient's current medicine schedule, the patient is not allergic to the new medicine, etc. If a dispenser fills the wrong medicine, though the prescription order is correct, how can one blame the physician? Physicians don't stock dispensers.
I tried to ferret out CDS software adverse device events from the FDA's TPLC platform, but did not discover a huge trove of records. In fact, I could not find ANY devices in the TPLC repository assigned to product codes by searching for “clinical decision support”.
I found a few devices assigned to the term “medication” and “dispenser”: Consult https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfTPLC/tplc.cfm and apply product code “KYX” or “NXB” to view the MDR history on devices that dispense liquid or solid medications.
TAI is the time standard that doesn't use leap seconds, while UTC does. They currently are 37 seconds apart.
Unless you are an astronomer, it makes no practical difference whether you use TAI or UTC so long as you and your friends use the same one. The UTC adjustment means that at noon UTC in Greenwich, England, the sun will be directly overhead, but since we all use time zones, for most of us the sun has never been overhead at noon because we are not in the exact middle of our zone.
Rather than moving the clocks forward or backward a second every few years, just let the UTC clocks keep ticking, and let the astronomers take care of themselves. (I gather they do that now, since astronomy needs way better than one second resolution.)
Perhaps by 2200 the difference between TAI and UTC will be enough that people care, so they will add a leap ten minutes, but by then we and our grandchildren will be long gone.
I think you are missing the point. I think people are unhappy not because the feature requires a paid activation _once_, but because they don't like the “subscription” model where they _pay per use_.
Imagine you have to pay your fridge maker every time you want to open the fridge door.
Yes (your first four paragraphs).
But, that's price discrimination for selling identical products rather than offering different products at different price points.
…which next two paragraphs discuss.
Regarding “[IBM] could have sold them all without the delay relay and not gone broke” — sure, but why should they? And at what price? Why is what they did worse for the market than having two actually different devices, vs. one device offering different benefits for different prices?
Why would it be better—and unremarkable—for BMW to have used two seat models, vs. one model with different benefits at different price points?
Putting aside the objectionable rental model, why is charging more for heated seats bad because it's implemented in software, vs. how it's been done traditionally, with different seats?
My main objection is to charging subscription model for features, not to having them software enabled. Features should be offered at one-time fair prices. (And not absurdly bundled so you must buy more than wanted to get what IS wanted).
BUT—it might be nice to have the option—if a feature isn't purchased — to be able to pay per use/week/month. Imagine you travel from warm climate where you live to someplace bitter cold—you didn't buy heated seats but want them temporarily. Or you need the refrigerator light just once to clean back of shelves. ;-)
It's worth reading the paper and not just the press release.
The study is well designed. They picked a representative set of Irish supreme court cases, wrote articles about them, added half the articles to Wikipedia, and indeed the cases they added got more citations and the citations resembled the articles.
This does not mean that anything bad happened. Partly it's a statistical question, since they didn't distinguish citations that used language from the original cases, which should be OK, rather than from the summaries, which might not be.
To create these articles, first they went through and selected important cases, then they had law students write the summaries, which were overseen and edited by law faculty. The summaries should have been good and the cases were important—why wouldn't you want a judge to use them?
Beyond that, Wikipedia has a process to remove articles about topics that aren't sufficiently notable, but it is quite slow, and they'd have to wait a long time to see whether their added articles stayed or were deleted.
To test whether judges just used the articles without checking the actual decisions, they'd have to add articles with deliberately wrong summaries, or summarize fake cases, but that kind of human experimentation has ethical issues.
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=4174200
As the post-Roe era underscores the risks of digital surveillance, a new survey shows that teens face increased monitoring from teachers and police.
https://www.wired.com/story/student-monitoring-software-privacy-in-schools/
If we are to believe the purveyors of school surveillance systems, K-12 schools will soon operate in a manner akin to some agglomeration of Minority Report, Person of Interest, and Robocop. “Military grade” systems would slurp up student data, picking up on the mere hint of harmful ideations, and dispatch officers before the would-be perpetrators could carry out their vile acts. In the unlikely event that someone were able to evade the predictive systems, they would inevitably be stopped by next-generation weapon-detection systems and biometric sensors that interpret the gait or tone of a person, warning authorities of impending danger. The final layer might be the most technologically advanced — some form of drone or maybe even a robot dog, which would be able to disarm, distract, or disable the dangerous individual before any real damage is done. If we invest in these systems, the line of thought goes, our children will finally be safe.
> “Overwhelming”, you say? But you might check out the website “How Bad Is > My Batch”, which if you you check your batch numbers, points out > something else: 5% of the Pfizer and Moderna batches are apparently > responsible for 80% of the bad reactions including deaths and permanent > disablement from the vaccines. So maybe only 95% of the batches do what > you say. PGN]
“How Bad Is My Batch” is clearly an anti-vaccine conspiracy site. While it is entirely possible that different batches have different effectiveness and even that some have more side effects (after all, that's why we keep track of batches) this website suggests that some batches are deliberately made “toxic”. See https://www.howbadismybatch.com/allnothing.html.
A criticism of the web site pointing out more issues and also notes other disturbing comments made by the person behind the web site can be found on https://www.thedailybeast.com/craig-paardekoopers-shady-site-shows-covid-anti-vaxxers-will-believe-anything.
Dr Birx “admitted” no such thing.
Birx's full comments show she said she believes the vaccines do work and people should get them. PolitiFact found no record of Birx stating the vaccine could provide complete protection against infection. During the initial vaccine rollout, Birx said it was unclear the level of immunity that the vaccine provided.
I just finished an interesting book, America's Biggest Lottery Scam by BobSand. The author was the lead prosecutor in uncovering the rigging oflottery equipment from the Multistate Lottery Association (MUSL) by theiremployee Eddie Tipton. This is a textbook example of an insider threat atwork in an organization that had what looked like really good internalcontrols to guard against such things. When we talk about how difficult itwould be to rig voting machines, that is because of similar kind of internalcontrols that might be vulnerable to similar insider threats.
The book is written as a narrative from the prosecutor's perspective, soit's structured as a detective story. Viewed from that perspective, thestory is interesting because the statute of limitation was running out asthe first lottery rigging case reached the point where charges couldpossibly be brought. Furthermore, that case was not strong. They get aconviction halfway through the book, and that is where things start gettinginteresting because only then did the scale of the lottery rigging becomeapparent, and only then did the technical detail s begin to come out. Thebook ends with the first case being as good as thrown out on appeal at aboutthe same time that Tipton agreed to a plea deal in the larger case thatincluded a complete confession, allowing the various state lotteries thathad been defrauded to tighten their own defenses.
The technical details of the lottery technology dribble out slowly over the course of the book, but they are there. As is the case with electionmachinery, code for the sealed lottery computers was installed withoversight from a third party testing organization that also examined thesource code. There was room for sleight of hand, though, allowing EddyTipton to install hacked code in lottery computers while turning over cleancode to the testing organization. The hack? On scattered but predictabledates, the lottery computers would be less than random, with a set ofpossible winning numbers small enough that you could buy a manageable stackof tickets and have a good chance of winning.
Rigged lottery computers from MUSL ended up in Iowa, Wisconsin, Missouri,Colorado, Ohio and possibly other states. Tipton gave away winning lotterytickets or notes on winning numbers to a number of friends and relatives.Only two of the wins attracted investigations. When his brother won theColorado lottery, he cashed the check and got a suitcase full ofconsecutively numbered $100 bills. That spooked him and he tried to launderthe money, attracting the FBI's attention. They couldn't identify thecrime, but the case was weird enough that the age nt involved remembered itand became involved when Sand began to dig.
Sand was brought in because a multi-million dollar winning ticket in Iowawent unclaimed for most of a year, and then two credible attempts were madeto claim it, neither of which involved someone who resembled the ticketpurchaser --the law required the lottery ticket to be redeemed by theperson who purchased the ticket, and they had surveillance camera footage ofthe purchaser who seemed very intent on not being recognized.
On the downside, the author spends several chapters on autobiography andbiography, talking about his upbringing and about Eddy Tipton, both who grewup in small rural communities. Sand is very interested in the psychology ofthe crime, what would lead a bright programmer to rig the machines and thenuse that rigging in a series of stolen jackpots, mostly benefiting others.Sand also ends on an autobiographical note, describing how, after working asan assistant attorney-general prosecuting white collar crime, he realizedthat the job was changing him in ways he didn't like. So he ran for stateauditor, a job he now holds. That means that this book can be seen ascampaign literature as well as an interesting true computer crime story.
Please report problems with the web pages to the maintainer