Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
NHTSA is investigating bike deaths as California says Tesla statements are "untrue." The first fatal crash occurred in the early hours of July 7 in Riverside, California, when a Tesla Model Y on State Route 91 hit a motorcycle from behind, killing its rider. The second fatal motorcycle crash occurred on July 24, again at night, this time on I-15 outside Draper, Utah. In that case, a Tesla Model 3 was driving behind a motorcycle and hit it, killing the rider.
New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data. https://www.wired.com/story/5g-api-flaws
Networking equipment major Cisco on Wednesday confirmed it was the victim of a cyberattack on May 24, 2022 after the attackers got hold of an employee's personal Google account that contained passwords synced from their web browser. "Initial access to the Cisco VPN was achieved via the successful compromise of a Cisco employee's personal Google account," Cisco Talos said in a detailed write-up. "The user had enabled password syncing via Google Chrome and had stored their Cisco credentials in their browser, enabling that information to synchronize to their Google account." <https://blog.talosintelligence.com/2022/08/recent-cyber-attack.html> The disclosure comes as cybercriminal actors associated with the Yanluowang ransomware gang published a list of files from the breach to their data leak site on August 10. <https://twitter.com/Cyberknow20/status/1557419082210676736> The exfiltrated information, according to Talos, included the contents of a Box cloud storage folder that was associated with the compromised employee's account and is not believed to have included any valuable data. Besides the credential theft, there was also an additional element of phishing wherein the adversary resorted to methods like *vishing* (aka voice phishing) and multi-factor authentication (MFA) fatigue to trick the victim into providing access to the VPN client. [...] https://thehackernews.com/2022/08/cisco-confirms-its-been-hacked-by.html
It cost a researcher only $25 worth of parts to create a tool that allows custom code to run on the satellite dishes. https://www.wired.com/story/starlink-internet-dish-hack/
[oops. i forwarded this to a colleague and lost the author from another list. PGN] https://arstechnica.com/information-technology/2022/01/a-bug-lurking-for-12-years-gives-attackers-root-on-every-major-linux-distro/ This highlights a problem with running old versions of OSes that aren't getting software updates. (Ubuntu Advantage has patches for this in 14.04 and 16.04, but only if you're in the program. It looks like they aren't supporting 12.04 (which is still within 5 yrs of end of security patches, so I expected them to) This was more interesting to me... https://thehackernews.com/2022/01/chinese-hackers-spotted-using-new-uefi.html
David Yaffe-Bellany, *The New York Times" Business, 10 Aug 2022 ... and $2.2 billion down from a year ago.
[Another ALMOST EVERYTHING IS INTERCONNECTED example.] Per- and poly-fluoroalkyl substances (PFAS) are a large family of human-made chemicals that don't occur in nature. They have non-stick or stain repellent properties so can be found in household items like food packaging, electronics, cosmetics and cookware. But now researchers at the University of Stockholm have found them in rainwater in most locations on the planet—including Antarctica. There is no safe space to escape them. https://www.euronews.com/green/2022/08/04/rainwater-everywhere-on-earth-unsafe-to-drink-due-to-forever-chemicals-study-finds
Andrew Taylor, *Sydney Morning Herald*, 7 Aug 2022 A Sydney high school has seen a dramatic decrease in behavioural issues and a boost in physical activity and students talking to each other just two months after it tightened restrictions on mobile phone usage. Davidson High School principal David Rule said there had been significant changes since students in years 7 to 10 were banned from using mobile phones at school. "Classrooms have effectively become phone-free and this has allowed staff to focus on educating students," he said in a school newsletter. "Finally, in eight weeks of the policy, there has been a 90 per cent reduction in behavioural issues related to phones in the school." The high school in Frenchs Forest requires students to put phones in a pouch that, once closed, cannot be reopened without breaking a lock. https://www.smh.com.au/national/nsw/a-sydney-high-school-banned-mobile-phones-it-had-dramatic-results-20220803-p5b6zf.html
https://phys.org/news/2022-08-math-error-overturns-year-old-perception.html
https://www.wired.com/story/machine-learning-reproducibility-crisis/ From the article (one of the examples): > History shows civil wars to be among the messiest, most horrifying of > human affairs. So Princeton professor Arvind Narayanan and his PhD student > Sayash Kapoor got suspicious last year when they discovered a strand of > political science research claiming to predict when a civil war will break > out with more than 90 percent accuracy, thanks to artificial intelligence. > > A series of papers described astonishing results from using machine > learning, the technique beloved by tech giants that underpins modern > AI. Applying it to data such as a country’s gross domestic product and > unemployment rate was said to beat more conventional statistical methods > at predicting the outbreak of civil war by almost 20 percentage points. > Yet when the Princeton researchers looked more closely, many of the > results turned out to be a mirage. Machine learning involves feeding an > algorithm data from the past that tunes it to operate on future, unseen > data. But in several papers, researchers failed to properly separate the > pools of data used to train and test their code’s performance, a mistake > termed *data leakage* that results in a system being tested with data it > has seen before, like a student taking a test after being provided the > answers. A bit of self-promotion: I co-wrote a review detailing the most common ways machine learning is misused in the field of neuroscience. (https://www.sciencedirect.com/science/article/pii/S2213158218302602) With the advent of "click-here-and-you-are-done" systems, I wouldn't expect this to be different in any other field (except in the ML research itself.)
MoFi claimed its expensive reissues were purely analog reproductions. It had been deceiving its customer base for years. Mike Esposito still won't say who gave him the tip about the records. But on July 14, he went public with an explosive claim. In a sometimes halting video posted to the YouTube channel of his Phoenix record shop, the 'In' Groove, Esposito said that "pretty reliable sources" told him that MoFi (Mobile Fidelity), the Sebastopol, Calif., company that has prided itself on using original master tapes for its pricey reissues, had actually been using digital files in its production chain. In the world of audiophiles ” where provenance is everything and the quest is to get as close to the sound of an album’s original recording as possible ” digital is considered almost unholy. And using digital while claiming not to is the gravest sin a manufacturer can commit. https://www.washingtonpost.com/music/2022/08/05/mofi-records-analog-digital-scandal/
The Federal Election Commission officially has now approved the horrible Google plan for political mail to bypass Gmail spam filters by default. Please see: "How to Fix Google's Gmail Political Spam Bypass Plan": https://lauren.vortex.com/2022/08/03/how-to-fix-googles-gmail-political-spam-bypass-plan
MoFi claimed its expensive reissues were purely analog reproductions. It had been deceiving its customer base for years. Mike Esposito still won't say who gave him the tip about the records. But on July 14, he went public with an explosive claim. In a sometimes halting video posted to the YouTube channel of his Phoenix record shop, the 'In' Groove, Esposito said that "pretty reliable sources" told him that MoFi (Mobile Fidelity), the Sebastopol, Calif., company that has prided itself on using original master tapes for its pricey reissues, had actually been using digital files in its production chain. In the world of audiophiles ” where provenance is everything and the quest is to get as close to the sound of an album’s original recording as possible ” digital is considered almost unholy. And using digital while claiming not to is the gravest sin a manufacturer can commit. https://www.washingtonpost.com/music/2022/08/05/mofi-records-analog-digital-scandal/
A crop of lawsuits could finally settle the question of whether most digital assets are illegal securities offerings. https://www.wired.com/story/crypto-web3-securities-ripple-sec-lawsuits
Transactions on the Ethereum blockchain are completely traceable. Any transaction anyone ever made on Ethereum can be traced, all the way back to the launch of the project in 2015. Transactions are pseudonymous â but many users have been identified after the fact. Tornado Cash is a mixer â an Ethereum smart contract program that you can use to break the traceability of transactions on Ethereum. This is for privacy. Tornado Cash accepts deposits of ether (the currency on Ethereum) from one address and enables you to withdraw the ether from a different address. The smart contract works as a pool that mixes all deposits, using zero-knowledge proofs. If the ether is proceeds from a crime, then this is literally just money laundering. Tornado Cash was also used heavily by North Koreaâs Lazarus Group to launder stolen ether and help the country get hard currency. In what should come as no surprise to anyone whatsoever, Tornado Cash has been sanctioned by the US Office of Foreign Asset Control. https://davidgerard.co.uk/blockchain/2022/08/09/us-sanctions-tornado-cash-and-crypto-shrieks-in-horror/
Free Advice: Don't discuss ANYTHING on social media that you wouldn't want released to anyone outside of the person with whom you're communicating. In person is best, conventional voice phone calls are usually OK. Don't email, don't text, don't use Facebook, etc. for this. -L
Since I'm already getting queries about this, let me put it this way. What about Signal or Whatsapp, etc. vs. voice calls privacy/security? discussions to stay truly private need to be as ephemeral as possible. Since I'm already getting queries about this, let me put it this way. With the demise of Roe, we have entered a new era. My view is that to stay truly private discussions need to be as ephemeral as possible. Many communications don't need that level of privacy. For them, use whatever you feel comfortable with. But voice calls through conventional carriers are still pretty much the most ephemeral of communications compared with everything else. Yes, voice calls could be recorded. Yes,r they're just data. But the laws regarding wiretaps are significantly stronger (and much older) compared with how more "modern" communications are handled. While an anti-abortion state might get a search warrant for emails, texts, posts, even entire phones, they are unlikely to get a search warrant for past phone calls—since those usually will not exist as they are not routinely recorded en masse. Obviously once a wiretap order is placed by a court, that changes. But by and large, the most ephemeral communications still are, in my opinion, ordinary voice phone calls through the conventional carriers. And again, that is just my opinion.
We live in a strange universe filled with unexplained phenomena that have perplexed humans since time immemorial. Scientists have pieced together a rough guide to the cosmos—known as the Lambda cold dark matter model, or more simply, the standard model of cosmology—but many mysteries don't seem to fit into this otherwise well-corroborated framework, especially as our view of space has gotten ever more precise in recent years. Scientists are now especially preoccupied with intractable tensions that have emerged from different measurements of two cosmic properties: The rate at which our universe is expanding, known as the Hubble constant (Ho), and a value called sigma-8, which describes variations in how matter clumps together across large cosmic scales. Efforts to measure these properties in space have puzzlingly returned different values. When the Hubble constant is measured based on observations of brilliant stars that act as yardsticks in space, its speed is clocked as about 50,400 miles per hour per million light years. However, when it is measured using the cosmic microwave background (CMB), the oldest light in the universe, it is 46,200 miles per hour per million light years. Meanwhile, the value of sigma-8 is different when measured using the CMB, compared to other observational techniques. What this means, essentially, is that there may be a potentially serious flaw in our basic understanding of the universe and the fabric of reality. In response, scientists around the world are now trying to resolve these tensions. [...] https://dnyuz.com/2022/08/08/new-data-suggests-our-fundamental-model-of-the-universe-is-wrong-and-scientists-are-racing-to-solve-it/
No, I'm not talking about the latest excuse for plot contortions in the Marvel studios movie franchises. We are being told to prepare for the Metaverse. We are being told that the Metaverse is coming. Facebook, indeed, has changed its name to Meta, the better to cash in on the Metaverse. Whenever it arrives. Or to create it, and sell it to us. What is the Metaverse? Well, it seems to be a sort of virtual reality interface to, well, who knows? Social media in general? A social media platform, in the same mode as Facebook? But with avatars? (Instead of faces?) (Today I saw an article about an artificial intelligence program to turn your image, into an avatar, that looks something, not completely dissimilar to, but not really like, you.) It's all very meta. We are already being sold the Metaverse. Perhaps not quite for cold hard cash, quite yet, but we are being prepared for heavy duty sales pitches as soon as somebody comes up with an acceptable platform. (Maybe that will be a bit of protection for us. None of the existing social media giants, or indeed technical giants, want somebody else to be the Metaverse. As long as they are fighting about it, we are safe from it. Well, relatively safe. I'm sure they'll still try to sell us little bits of it.) Why should you be concerned? Well let me start off with a different question: why would you need it? As analyst, pundit, and social commentator Neil Postman has said, what is the problem to which this technology is the solution? But, all right. Let me address the question of why you should be concerned. They are going to sell you the Metaverse. Or, they are going to sell you little bits of it. They are already starting to sell Metaverse "real estate." Even the phrase "Metaverse real estate" is misleading. Metaverse real estate is completely unreal. In the real world real estate has real value because it's real. And because you need it. To have a place to live, or a place to work, or a place to build a factory, or a place to build roads to get goods from one factory to another, or from a factory to the homes. As Mark Twain famously said, buy land, they are not making any more. (Well, except for the Dutch, of course.) Metaverse real estate isn't real. When they want to sell you more Metaverse real estate, they just make it. And it's easy to make. Because it's not real. It's all just ones and zeros. They are selling you nothing. Speaking of selling you nothing, the Metaverse will probably be using cryptocurrencies. And NFTs. And using decentralized finance (or defi, for short). Remember cryptocurrencies? That system where you pay in real money, to buy cryptocurrency, with no inherent value of its own, because the people who have created the cryptocurrency are telling you that many people will want to buy cryptocurrency, and you will be able to get real money out of the system, because of the new people, who come in after you, and pay real money, to buy cryptocurrencies with no inherent value. Your return, and the inflation on your investment, depends upon the new people who come in after you and pay real money to buy in. You will be paid from the money that they deposit. Didn't someone named Charles Ponzi invent something similar a while back? Metaverse real estate is not the only unreal thing that the vendors of the Metaverse will want you to pay real money for. If you want a house on the unreal real estate, they will sell you an unreal house. If you want artworks in your unreal house they will sell you unreal artworks (at unreal prices). (But charge you real money.) The vendors will sell you entertainments. These entertainments will be popular. Even if you are the only one attending. It's easy to create a whole bunch of avatars, filling a theater, and creating a whole bunch of applause. Pre-recorded applause. The vendors will sell you games. The vendors will sell you opportunities to interact with your friends. The same friends that you can interact with now for free. Or possibly new friends. Who may or may not be real. The vendors may sell you opportunities to work, and therefore make money. It'll probably be in cryptocurrency, but they'll probably sell you the opportunity to convert it to real money as well. (For a reasonable fee.) The opportunities to work will probably be real. You will probably have real clients or real employers, so that they can pay you the real money. But they'll charge a reasonable fee for the opportunity to get that work. Of course, "reasonable" will be defined by the vendors. It may be that, in the Metaverse, you need to make life bearable, or more enjoyable. What's a thneed? I have no idea. I'm borrowing Dr Seuss's term. But I'm sure that the vendors of the Metaverse will find one, or make one, or imagine one, and convince everybody that they need one. Still don't think that there are dangers in the Metaverse?
[PGN retitled] Amazon bought the company that makes the Roomba. Antitrust researchers and data-privacy experts say it's 'the most dangerous, threatening acquisition in the company's history'. https://www.businessinsider.com/amazon-roomba-vacuums-most-dangerous-threatening-acquisition-in-company-history-2022-8 [Also noted by Gabe Goldberg. PGN]
In re: "How bad is my batch" http://howbadismybatch.info/ Reading to the bottom is always useful. To wit: Data Source USA Data : All data is sourced from VAERS, a public database of over 700,000 adverse reaction reports for Moderna, Pfizer and Janssen Covid 19 vaccines in the USA. Foreign Data : VAERS database now also includes data for Moderna, Pfizer and Janssen Covid 19 vaccines in countries outside of the USA. This data can be found here - Vaccine Adverse Event Reporting System (VAERS) - the last table listed. This non-domestic data has been submitted by foreign regulatory agencies and consists of approximately 1,000,000 adverse reaction reports. [So who has the definitive data? Apparently no one? PGN]
Having an MD (and throwing a lot of numbers around) does not imply competence in research design or statistical analysis. [The founder of the website] does not appear to have factored out even the most obvious covariants, such as age. The initial batches of vaccines were restricted to healthcare workers and people aged 75 and older (remarkably, that is 5.9% of the population—compare that with his 5% of the batches, etc.), who would have more co-morbidities, a greater chance of dying and possibly a greater tendency to react adversely to vaccines. There is nothing in the VAERS data that indicates whether the death/disability/reaction was in fact due to the vaccine “ that has to be demonstrated via careful analysis. Because the batches are strongly time-dependent, the analysis must include factoring out other time-dependent covariants. For example, Moderna batch 041L20A, which has the highest ADR of all the Moderna batches, and among the highest for Deaths and Disabilities, was administered very early (I got it in January 2021, and reported my adverse reaction to VAERS in February). Another obvious time-dependent covariant is the version of the virus that was active at the time of vaccination (since the vaccines do NOT PREVENT either infection or deaths—they simply reduce the probability, *all other things being equal*). Yet another time-dependent factor is that covid is a very different sort of infection, and there has been a long learning curve on the part of health-care providers in how best to treat it, so that the death-rate early on (with or without vaccination) was in part due to lack of appropriate/effective treatment (and again, no vaccine PREVENTS death). I do not deny that some people have severe adverse reactions to vaccines—I am one of them. And there may indeed be some variability in batch effectiveness and reactivity potential—but I'd be willing to bet that it is much smaller than this guy asserts.
I do not understand why anyone is objecting to continued implementation of leap-seconds. Well more than a half-century ago, I worked on software that handled leap-seconds without any problems. That was before the protocol was implemented to use whole seconds. Instead, fractional leap-seconds occurred several times a year. To simplify things, the protocol was changed in 1972 to use only whole leap-seconds. Furthermore, the preferred occurrence of leap-seconds was set for either the end of 30 June or the end of 31 December, with additional opportunities—only if really necessary—at the end of 31 March and 30 September. The software where all this worked well was used by the U.S. Air Force to operate its constellation of earth-orbiting space satellites. To avoid timing ambiguities, the software used TAI internally. TAI is invariant, without leap-seconds. Time was kept in terms of seconds elapsed since some adjustable base instant. In some cases, time had to be resolved to the nearest millisecond. For external use, TAI was converted to UTC or vice-versa via a few very simple subroutines. If key operations required UTC, the Air Force was alerted to pending leap-seconds. No such operations were scheduled within a few minutes before or after the scheduled occurrence of a leap-second. The software system involved was operational well beyond its expected lifetime, more than 20 years. It was replaced by a new system created by system engineers, programmers, and coders who had no knowledge of leap-seconds—until the go-to guy for issues of time and earth rotation (me) asked the simple question: "How do you handle leap-seconds?"
I just toured training facility at Inova, huge health system in Northern Virginia. The robotic pharmacist medicines dispenser has been improved to require typing THREE (not ONE) characters to begin selecting a drug from pulldown list. I'd heard years ago from a nurse friend that it was all too easy to type a letter, get the list, and miss clicking the desired selection. At least with three characters it's a bit more reliable. Plus, when drugs are administered, they're scanned and patient is scanned to ensure it's right med for right patient.
I had my gall bladder out almost 30 years ago. Surgeon said he'd do it laparoscopically. Surgeon friend said no matter intent and promise, he might have to open. My surgeon agreed—but said in something like 5,000 procedures he'd never had to open. Plus, I think, he'd been involved in developing the laparoscopic procedure. I just toured training facility at Inova, huge health system in Northern Virginia, had a chance to drive Da Vinci surgical robot. Now I understand much better the advantages it has—improved/magnified visibility of work area, flexibility working inside small incisions vs. needing larger incisions, precise motions. I' m not comparing its risks to open procedure -- just noting impressive technology.
I was definitely told many years ago that IBM shipped some of their machines sold as 8-bit pathways with 16-bit paths that could be upgraded by removing a jumper. Can't remember the model numbers (and it might have been 16/32 -- it was a very long time ago).
When I attempted to buy this book or get it at the library, I learned that the actual title is "The Winning Ticket: Uncovering America's Biggest Lottery Scam", and the actual author is Rob Sand, or rather, Rob Sand with Reid Forgrave. [Read Forgave? Read-y for Grave? PGN]
Please report problems with the web pages to the maintainer