Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
[Re: Mudge, the L0pht, and whistle-blowing, RKSKS-33.41 -- Peiter "Mudge" Zatko's journey from hacker to Twitter whistleblower] Ronan Farrow, *The New Yorker*, 13 Sep 2022 https://www.newyorker.com/news/news-desk/the-search-for-dirt-on-the-twitter-whistle-blower Many of Peiter (Mudge) Zatko's former colleagues have received offers of payment for [dirty] information about him. On 23 Aug, a Slack chat for former employees of the payments company Stripe began filling with accounts of strange queries about an ex-colleague. <https://www.cnn.com/2022/08/23/tech/twitter-whistleblower-peiter-zatko-security/index.html> <https://www.washingtonpost.com/technology/2022/08/23/peiter-mudge-zatko-twitte r-whistleblower/> “I'm getting inundated with paid interview requests,'' one of the former employees, Dan Foster, wrote. Another, Marty Wasserman, later posted that he'd received a similar message via e-mail. “Hi Marty, Hope you're having a great week!'' the message read. “I'm currently working on a project regarding leadership in tech, and my client is hoping to speak to an experienced professional about a particular individual you may have worked with.'' The message requested a 45-60 minute compensated phone consultation. Wasserman was suspicious of the timing. “Preeeettyy sure this is regarding Mudge,'' he wrote, pasting it in the Slack chat with his former colleagues. “Hard pass.'' Hours earlier, CNN and *The Washington Post* had reported that Twitter's former head of security, Peiter (Mudge) Zatko, had filed a whistle-blower disclosure to federal agencies, accusing the social-media platform of reckless security practices. Zatko's sweeping claims, if proven, could aid Elon Musk in his attempt to terminate his forty-four-billion-dollar agreement to acquire Twitter, a legal fight with implications of billions of dollars for investors. The dozens of e-mails and LinkedIn messages received by people in Zatko's professional orbit appeared to be mostly from research-and-advisory companies, part of a burgeoning industry whose clients include investment firms and individuals jockeying for financial advantage through information. At least six research outfits—Gerson Lehrman Group (G.L.G.), AlphaSights, Mosaic Research Management, Ridgetop Research, Coleman Research Group, and Guidepoint—approached former colleagues of Zatko's at Stripe, Google, and the Pentagon research agency DARPA. All offered to pay for information, sometimes noting that the compensation would be high or apparently unrestricted. At least two investment firms, Farallon Capital Management L.L.C. and Pentwater Capital Management L.P., also sought information from individuals close to Zatko. [It's a long and ugly story, truncated for RISKS. PGN] https://www.cnn.com/2022/09/12/tech/twitter-data-center-california-heat-wave/index.html "The restrictions highlight the apparent fragility of some of Twitter's most fundamental systems, a problem Peiter "Mudge" Zatko, Twitter's former head of security who turned whistleblower, had raised in a disclosure sent to lawmakers and government agencies in July. In his whistleblower disclosure, first reported by CNN and The Washington Post, Zatko warned that Twitter had "insufficient data center redundancy" that raised the risk of a brief service outage or even the prospect of Twitter going offline for good. "Even a temporary but overlapping outage of a small number of datacenters would likely result in the service [Twitter] going offline for weeks, months, or permanently," according to Zatko's whistleblower disclosure. (Twitter has criticized Zatko and broadly defended itself against the allegations, saying the disclosure paints a "false narrative" of the company.) News of the data center outage comes a day before Zatko is due to testify before the Senate Judiciary Committee." https://www.cnn.com/2022/09/12/tech/peter-zatko-twitter-whistleblower-hearing-walkup/index.html https://www.washingtonpost.com/technology/2022/08/24/twitter-whistleblower-senate-hearing/ Twitter agreed in June to pay roughly $7 million to the whistleblower whose allegations will be part of Elon Musk's case against the company, WSJ reported Thursday, citing people familiar with the matter. https://www.wsj.com/articles/twitter-agreed-to-pay-whistleblower-7-million-in-june-settlement-11662661116
> Twitter whistleblower Peiter Zatko will testify before the Senate about > his allegations of security failures at the social network, the Senate > Judiciary Committee announced on Wednesday. > “MMr. Zatko's allegations of widespread security failures and foreign > state actor interference at Twitter raise serious concerns. If these > claims are accurate, they may show dangerous data privacy and security > risks for Twitter users around the world,'' said Sens. Richard J. Durbin > (D-Ill.) and Charles E. Grassley (R-Iowa), the chair and top Republican on > the Senate Judiciary Committee. In my quick review so far of the "Mudge" testimony today, I've seen no obvious red flags concerning the sort of user data collected. These seem reasonable and in line with the @Twitter TOS. Of more concern is the allegation of "unlimited" access to this @Twitter data by engineers without case-based need to know, and if that access was properly logged and monitored. I am less concerned about allegations of large numbers of failed attempts to login to @Twitter corp systems—that's pretty much standard hacking attempts—the real issue is how many (if any) *succeeded* at gaining access.
After two people were injured in the incident, Cruise blocked its robot vehicles from making left turns for several weeks before issuing a software update. https://www.wired.com/story/gms-cruise-recalls-self-driving-software-involved-in-june-crash ...seems following J. Edgar Hoover's orders: Mr. Schott is a retired special agent. His expose of the bureau includes the peccadillos of J. Edgar Hoover (who ordered that any vehicle he rode in make no left turns, hence the title) and the fruitcakes that rose to the rank of supervisor and/or above. https://books.google.com/books/about/No_Left_Turns.html?id=NZraAAAAMAAJ
Ovens with eyes, a chameleon of a fridge, and other electronic eccentricities at IFA (Fierce Electronics) Samsung, for example, announced at its press conference Thursday that 100% of its major appliances would come with WiFi by 2023, while other firms might as well have been competing to see which one could put the least likely gadget part a touchscreen? a camera? into a given category of appliance. https://www.fierceelectronics.com/iot-wireless/ovens-eyes-chameleon-fridge-and-other-electronic-eccentricities-ifa
The company said it collects information like Social Security numbers "to help deliver the best experience possible with our products and services." https://therecord.media/samsung-denies-social-security-numbers-involved-in-latest-breach/ Wait, what?
Researchers found that mobile applications contain keys that could provide access to both user information and private files from unconnected apps. Researchers from Broadcom's Symantec Threat Hunter team published findings on Thursday about the prevalence of hard-coded authentication credentials lurking in the cloud services that underlie hundreds of mainstream apps. These login credentials are often meant to give the app access to a single file or service, like a mechanism for an app to display public images from a company's website or run text through a translation service at a user's request. But in practice, the researchers found, these same credentials often grant access to all files stored in a cloud service, like company data, database backups, and system control components. And when multiple apps have been created by the same third-party development firm or incorporate the same publicly available software development kits (SDKs), these static authentication tokens may even grant access to the infrastructure and user data of multiple, unconnected apps. All of this means that if an attacker discovered these access tokens, they could potentially unlock massive and disparate troves of sensitive data all by finding one key under one doormat. https://www.wired.com/story/mobile-apps-cloud-credentials-exposed
The system, which is designed to destroy the SLS rocket if it veers off course and threatens population centers, needs to be recharged every few weeks The problem for NASA is that can only be done in the rocket's assembly building, meaning they would need to perform the arduous work of rolling the 322-foot-tall rocket off the pad, where it is now, back to the building four miles away â a journey that can take about eight hours each way. https://www.washingtonpost.com/technology/2022/09/07/artemis-launch-nasa-detonation-system/ The risk? No suitable extension cord.
CAPE CANAVERAL, Fla. It may be several weeks before NASA can attempt to launch its massive Space Launch System moon rocket after it was unable to control what agency's officials described as a large, unmanageable hydrogen leak that forced them to cancel a second flight on Saturday. The rocket is billions of dollars over budget and years behind schedule, and by some estimates, each launch will cost between $2 billion and $4 billion. In creating the rocket, Congress dictated that it recycle engines and technology from the space shuttle program, which first flew in 1981 and was developed in the 1970s. Unlike the rockets used by SpaceX to launch astronauts to the International Space Station, which return to Earth to be used again, the Space Launch System is not reusable.
https://therecord.media/four-vulnerabilities-discovered-in-popular-infusion-pumps-wifi-batteries/ via https://washingtonpost.com/politics/2022/09/09/china-complaints-about-us-spying-are-laughable-many/. "The four bugs revolve around the secure decommissioning of Wireless Battery Modules (WBMs). Medical devices typically contain network credentials or other private information that should be removed before a device is transferred to a new user. "Heiland told *The Record* that the vulnerabilities offer attackers information about the network but none of them can be exploited over the Internet or at great distances. Hackers would need to be within at least WiFi range of the affected devices, and in some cases, the attacker would need to have direct, physical access." https://www.accessdata.fda.gov/scripts/cdrh/cfdocs/cfTPLC/tplc.cfm?id=FRN From the FDA's TPLC platform product code FRN—Infusion Pump reveals 64 recalls between 01JAN2017 and 31AUG2022. Nearly half (31 of 64) the recalls occurred between 01JAN2020 and 31AUG2022. 23 of the 31 recalls in this range are Class I, meaning high risk. The FDA's Class I recall definition: "A situation where there is a reasonable chance that a product will cause serious health problems or death." (See https://www.fda.gov/medical-devices/medical-device-recalls/what-medical-d evice-recall). Of the 31 infusion pump recalls in the 2020-2022 range, 7 are attributed to Baxter devices: 3 Class I and 4 Class II recalls. More than 500K infusion pumps in aggregate are recall subjects. The TPLC page identifies 19 manufacturers of infusion devices, common among hospitals and outpatient clinics.
Extreme heat in California has left Twitter without one of its key data centers, and a company executive warned in an internal memo obtained by CNN that another outage elsewhere could result in the service going dark for some of its users. Twitter, like all major social media platforms, relies on data centers, which are essentially huge warehouses full of computers, including servers and storage systems. Controlling the temperature in those centers is critical to ensuring the computers don't overheat and malfunction. To save on cooling costs, some tech companies have increasingly looked to place their data centers in colder climates; Google, for example, opened a data center in Finland in 2011, and Meta has had one center in northern Sweden since 2013. “On September 5th, Twitter experienced the loss of its Sacramento (SMF) datacenter region due to extreme weather. The unprecedented event resulted in the total shutdown of physical equipment in SMF,'' Carrie Fernandez, the company's vice president of engineering, said in an internal message to Twitter engineers on Friday. [...] https://www.cnn.com/2022/09/12/tech/twitter-data-center-california-heat-wave/index.html
Kiara Hay, WXYZ, 6 Sep 2022 https://www.wxyz.com/news/how-criminals-are-using-jammers-deauthers-to-disrupt-wifi-security-cameras (WXYZ) A new warning is being issued for anyone who uses wireless security cameras like "Ring" to protect their home. A Detroit woman said her Ring camera didn't capture the moment her car was stolen from the front of her house, and one local expert said it's because crooks are becoming more tech-savvy. Earlier this month, the woman said her car was stolen from her driveway, and when she went to review her Ring camera footage, she realized hours were missing. Chris Burns, the owner of Techie Gurus, said security cameras that use WiFi to record are more about convenience than security. That's because WiFi can easily be disrupted, preventing the camera from capturing who is around your home, and criminals are catching on. "If you're relying on wireless as a security thing, you're looking at it wrong," Burns said. "Wireless signals are easy to jam or block." Those crooks can use this like a WiFi jamming device, or a deauther, which can be the size of an Apple Watch. A deauther will overwhelm a WiFi system, forcing the WiFi camera to stop recording if you stand close enough. The accessory only costs about $10-$50. A jammer on the other hand will cost anywhere between $150 to $1,000. They're also highly illegal, so jammers are more difficult to find, but a powerful jammer can prevent an entire street from recording on WiFI security cameras with the switch of a button. A spokesperson from Ring sent a statement saying, "Like any wifi-enabled device, WiFi signal interference may affect Ring device performance. If customers are experiencing issues with connectivity, we encourage them to reach out to Ring Customer Support." How can customers protect themselves? [...] [My neighborhood has been experiencing sweeps at 3am through entire streets, trashing cars that are unlocked, with one theft of a car in the driveway with a covering Ring camera, which was just recovered by the police 20 miles away—with its catalytic converter removed. PGN]
In its new line of iPhones, Apple will be doing away with physical SIM cards, moving instead to a system it refers to as eSIM. This will be a software version of identification of the phone handset, and will be modifiable in order to change to new providers. https://lite.cnn.com/en/article/h_724d3eee26f0e2ace20a65a9ff82e6c3 For some, this will be convenient. Therefore, I predict that a) this will lead to some interesting new attacks on iPhones, and b) that criminals will come up with ways to fake or spoof the eSIM and therefore 1) use other people's accounts, 2) use random accounts and numbers for spam calls, and 3) create entirely new versions of "burner" phones. Apparently the eSIM has been around for a few years, now, so presumably it has been tested. But rolling it out for all new phones will increase market penetration, and therefore the attempts to break it ... [An E-SOP fable? PGN]
When Apple shipped a set of security patches for iPhones, iPads and Macs on August 17, it notified users with its customary, generic language: “This update provides important security updates and is recommended for all users,'' But users who clicked through Apple's update-advisory page to see descriptions of individual fixes got a more alarming cybersecurity story. "Processing maliciously crafted web content may lead to arbitrary code execution," a description of iOS 15.6.1 and iPadOS 15.6.1 states. "Apple is aware of a report that this issue may have been actively exploited." Translation: Visiting the wrong web site can put malware on your device, and it looks like attackers are already using this vulnerability. https://www.usatoday.com/story/tech/columnists/2022/08/31/apples-iphone-security-fix-protocol-questions/7933986001/
Human Trafficking'sNewest Abuse: Forcing Victims Into Cyberscamming Tens of thousands of people from across Asia have been coerced into defrauding people in America and around the world out of millions of dollars. Those who resist face beatings, food deprivation or worse. https://www.propublica.org/article/human-traffickers-force-victims-into-cyberscamming
Government says it will use technology on public transport in crackdown on womenâs dress The Iranian government is planning to use facial recognition technology on public transport to identify women who are not complying with a strict new law on wearing the hijab, as the regime continues its increasingly punitive crackdown on womenâs dress. The secretary of Iran's Headquarters for Promoting Virtue and Preventing Vice, Mohammad Saleh Hashemi Golpayegani, announced in a recent interview that the government was planning to use surveillance technology against women in public places following a new decree signed by the country's hardline president, Ebrahim Raisi, on restricting women's clothing. [...] https://www.theguardian.com/global-development/2022/sep/05/iran-government-facial-recognition-technology-hijab-law-crackdown [This is a real LoJab. PGN]
The Company' CEO says the firm had detected imminent threats and that law enforcement could not keep up with them, Cloudflare Chief Executive Matthew Prince, who this past week published a lengthy blog post justifying the company's services defending websites such as Kiwi Farms, told *The Washington Post* he changed his mind not because of the pressure but a surge in credible violent threats stemming from the site. âAs Kiwi Farms has felt more threatened, they have reacted by being more threatening, “e think there is an imminent danger, and the pace at which law enforcement is able to respond to those threats we don't think is fast enough to keep up.'' https://www.washingtonpost.com/technology/2022/09/03/cloudflare-drops-kiwifarms/
*An IT system is causing key information about court cases in England and Wales to change or disappear and is putting justice at risk, the BBC has been told.* One legal adviser revealed how he entered a driving ban in the system, called Common Platform, only to later discover the result had changed. ... https://www.bbc.co.uk/news/uk-62722855
LinkedIn users are being scammed of millions of dollars by fake connections posing as graduates of prestigious universities and employees at top tech companies. If you were just looking at his LinkedIn page, you'd certainly think Mai Linzheng was a top-notch engineer. With a bachelor's degree from Tsinghua, China's top university, and a masterâs degree in semiconductor manufacturing from UCLA, Mai began his career at Intel and KBR, a space tech company, before ending up at SpaceX in 2013. Having spent the past eight years and nine months working in the human race to space, heâs now a senior technician. Except all is not as it seems. Upon closer inspection, there are plenty of red flags: Despite having been in the US for 18 years, Mai has written all his job titles, degrees, and company locations in Chinese. His bachelor's degree is in business management, even though his alma mater, Tsinghua, only offers that degree to student athletes, and Mai was not one. Besides, the man in his profile photo looks younger than Mai's stated age. The image, as it turns out, was stolen from Korean influencer Yang In-mo's Instagram. In fact, none of the information on this page is true. The profile of "Mai Linzheng" is actually one of the millions of fraudulent pages set up on LinkedIn to lure users into scams, often involving cryptocurrency investments and targeting people of Chinese descent all over the world. Scammers like Mai claim affiliation with prestigious schools and companies to boost their credibility before connecting with other users, building a relationship, and laying a financial trap. https://www.technologyreview.com/2022/09/07/1059067/chinese-spacex-engineers-linkedin-scam/ A cryptocurrency scam, I'm shocked and saddened. Oh, the humanity.
https://www.hollywoodreporter.com/tv/tv-news/sky-john-oliver-last-week-tonight-queen-elizabeth-ii-jokes-1235219373/
An article "Facebook Engineers: We Have No Idea Where We Keep All Your Personal Data" by Sam Biddle has just appeared in "The Intercept": https://theintercept.com/2022/09/07/facebook-personal-data-no-accountability/ In a discovery hearing, two veteran Facebook engineers told the court that the company doesn't keep track of all your personal data. In March, two veteran Facebook engineers found themselves grilled about the company's sprawling data collection operations in a hearing for the ongoing lawsuit over the mishandling of private user information stemming from the Cambridge Analytica scandal. The hearing, a transcript of which was recently unsealed, was aimed at resolving one crucial issue: What information, precisely, does Facebook store about us, and where is it? The engineers' response will come as little relief to those concerned with the company's stewardship of billions of digitized lives: They don't know. The admissions occurred during a hearing with special master Daniel Garrie, a court-appointed subject-matter expert tasked with resolving a disclosure impasse. Garrie was attempting to get the company to provide an exhaustive, definitive accounting of where personal data might be stored in some 55 Facebook subsystems. Both veteran Facebook engineers, with according to LinkedIn two decades of experience between them, struggled to even venture what may be stored in Facebook's subsystems.... Facebook's stonewalling has been revealing on its own, providing variations on the same theme: It has amassed so much data on so many billions of people and organized it so confusingly that full transparency is impossible on a technical level. In the March 2022 hearing, Zarashaw and Steven Elia, a software engineering manager, described Facebook as a data-processing apparatus so complex that it defies understanding from within. The hearing amounted to two high-ranking engineers at one of the most powerful and resource-flush engineering outfits in history describing their product as an unknowable machine. The special master at times seemed in disbelief, as when he questioned the engineers over whether any documentation existed for a particular Facebook subsystem. "Someone must have a diagram that says this is where this data is stored," he said, according to the transcript. Zarashaw responded: "We have a somewhat strange engineering culture compared to most where we don't generate a lot of artifacts during the engineering process. Effectively the code is its own design document often." He quickly added, "For what it's worth, this is terrifying to me when I first joined as well." The remarks in the hearing echo those found in an internal document leaked to Motherboard earlier this year detailing how the internal engineering dysfunction at Meta, which owns Facebook and Instagram, makes compliance with data privacy laws an impossibility. "We do not have an adequate level of control and explainability over how our systems use data, and thus we can't confidently make controlled policy changes or external commitments such as âwe will not use X data for Y purpose,'" the 2021 document read. If the article is to be believed—and based on my reading of the latest court documents, it's credible—then it appears to me that Facebook has no hope at all of complying with even the loosest of data privacy laws, and certainly not the European GDPR, because they don't know exactly what data they have on individuals, nor how it's used, nor where it's stored, nor under what technical protections it falls. But they sell it. Pete
I can tell from their massive print/TV ad campaigns in DC area touting how hard they're working to protect everyone's online security. This raises the question, of course, of who's protecting us from them? I wonder who the ads target—citizens? Politicians? Can anyone believe that they're anything but self-serving blather denying and distracting from what these companies do that we need to be protected from? And, of course—at least the Facebook ad—repeating the message so often (as bad as local "Len the Plumber"!) is counterproductive, is irritating, and makes one wonder why they're claiming good intentions so strongly. What could they be hiding?
https://www.theguardian.com/news/2022/sep/04/super-rich-prepper-bunkers-apocalypse-survival-richest-rushkoff Tech billionaires are buying up luxurious bunkers and hiring military security to survive a societal collapse they helped create, but like everything they do, it has unintended consequences
https://www.cbc.ca/news/politics/champagne-telecommunications-agreement-1.6574900
Pro-Iranian hackers based in Iraq, calling themself Altahrea Team, claimed responsibility for the cyberattack. Israel's Health Ministry website faced disrupted access to users abroad, reportedly due to a cyberattack, the ministry said Sunday. https://www.i24news.tv/en/news/israel/defense/1658119439-israel-health-ministry-website-faces-cyberattack-oversea-access-blocked
I saw an ad for a service that has a lot of features. Then I discover it's free. It's https://groove.cm , offering a bunch of tools that I think I can use (lots of marketing-related tools), and it claims it's free, no credit card required, so, based on what the ad showed, I decided to check it out. One of the things going through my head - which you should always keep in mind when examining/checking out a free offer - is, "how are they going to monetize this?" Or more simply, how can they make money from something free? Because if they can't make money from *somewhere*, they aren't going to be around long. Very few things are subsidized in a way that someone else isn't paying, usually involuntarily, such as through taxes. Well, I discover they do have and are offering is a free tier, with a number of nice looking features available, but, they have paid tiers as well. This, I don't have a problem with. Since there are only two industries where the people who consume their products "users" - software developers and drug dealers - it is appropriate in both industries to offer a free sample of your wares to get users hooked, then offer them the pricey stuff. It also mentions that the prices on these are reduced, if you don't take them at sign up, they will be more expensive later. This is also not unreasonable; getting people to take an offering on the expectation that it's a limited-time offer is a common marketing tactic. Nothing that they are offering in any of the paid tiers is anything that I would need, the free tier appears to be more than enough, so I can decline all of them and take the "free forever" tier. So, it asks for first name, last name, email address, username, password, and verify password. Nothing unusual here. Well, anyway, I give the first four items, and am on the "password" field. Accepting Firefox's suggestion to use a randomly-generated password it creates for this occasion, I do, and I fill both fields with the same long string of characters. I click on the submit button - labeled "Register" I think - and it "bangs back" with an angry, red error message, saying all fields must be filled in. I'm looking to see if there's any other fields. Nope, only then I discover both password fields are blanked out. I must have done something wrong, so I have Firefox insert the random password in both places and try again. Same problem. At this point, it kind of dawns on me that maybe the password is *too long!* I try using a shorter password, and, as too many people do, a password I've used elsewhere. This, it accepts. Bad practice. Shorter passwords are easier to crack, and there are not really difficult ways to add tremendous levels of security, (see https://xkcd.com/936/ for an example on how to increase password strength exponentially) especially since any conscientious website does not store passwords, only the hashes of passwords If you think this is only what I'm complaining about, "just wait, there's more!" It turns out it's a good idea that I used a password I can remember, because I'm going to need to use it again, because the screen changes to a blank page with a black stripe across the top, and the message, "Our app is only optimized for use in Chrome. Please download it from here" with the last word being a link that I presume is to Google's download site. First, it might have been a good idea to tell me this *before* I registered. Second, if this is what people who will connect to it to see/use whatever I have used with them - one of the offerings is a free blog system as an alternative to Wordpress - will be told, that is going to cut off a large part of the potential audience. Third, the World Wide Web - and the Internet of which the web is just one of hundreds of services it can offer - are built on open standards that are [i]not supposed to be proprietary.[/i] (Yes, I know Chrome is open source, but if you mandate one specific browser, you've made your site proprietary to whatever features it offers and others don't.) It is this sort of expletives deleted] that damn near Balkanized the early web, when people had to implement two versions of their site, one for Internet Explorer browser users, and one for everyone else. For a lot of people, this was too much, and if you weren't using IE, you'd be told to download it. Just like now. I can see no reason to restrict sites to one browser, and a lot of reasons not to. First, is common practice. Huge, popular sites: Amazon, Google, Wikipedia, YouTube, Facebook, Twitter and hundreds of millions of others - all work satisfactorily on all browsers. This is bad practice, and just pure laziness, an unwillingness to go along with the common standards that provide good experiences for website users. Regressing back to the days of web Balkanization where if you were on the wrong browser, you got the equivalent treatment to someone from the ghetto trying to better themselves, and being discriminated against. This is wrong. Groove, fix your broken website, don't penalize people for using "the wrong browser," and "play nice with others" by sticking with the huge number of non-proprietary technical standards that work on all browsers.
- As employers surveil employees with productivity-monitoring software, workers are turning to mouse jigglers. - Mouse jigglers, or mouse movers, simulate cursor movement, preventing your computer from going into sleep mode. - CNBC's Sofia Pitt tested a mouse jiggler for a day. Employers are monitoring productivity more than ever, in part thanks to the boom in remote work. <https://www.cnbc.com/2022/08/12/malcolm-gladwell-on-the-evolution-of-his-working-from-home-stance.html> Employees are turning to gadgets to outsmart monitoring software. One such tool is a mouse mover, or mouse jiggler, that's supposed to keep your screen on. I decided to give one a try to see if it works. I learned about mouse jigglers on TikTok. A mouse mover is a device that claims to be undetectable by your computer. As the name indicates, the device simulates mouse movement, preventing your computer from going into sleep mode. So-called *tattleware*, or surveillance software is being installed on company-issued devices track employee screen time, keyboard usage, and clicks. The mouse jiggler may not help with keyboard usage or clicks, but it should address screen time monitoring by keeping your computer's display on. *Here's how a mouse jiggler works*. [...] <https://www.nytimes.com/wirecutter/blog/how-your-boss-can-spy-on-you/>
Keeping up with the latest news can be very bad for your health, according to a new study. Researchers at Texas Tech University found that Americans who obsessively follow the news are more likely to suffer from both physical and mental health problems, including anxiety and stress. Those who constantly check the latest headlines end up with *significantly greater physical ill-being* than those who tune in less often, according to the findings. The team adds that constantly keeping on top of the latest developments can lead to a vicious cycle where people always check for more updates, rather than tuning out after a quick read. This can start interfering with people's personal lives, leaving them feeling powerless and distressed about global events including the pandemic, the war in Ukraine, and climate change. “Witnessing these events unfold in the news can bring about a constant state of high alert in some people, kicking their surveillance motives into overdrive and making the world seem like a dark and dangerous place,'' says Bryan McLaughlin, associate professor of advertising at the College of Media and Communication at Texas Tech University, in a media release, 1 in 6 have a *severely problematic* news addiction. [...] https://studyfinds.org/part-of-the-brain-doomscrolling/ https://www.eurekalert.org/news-releases/962341 https://studyfinds.org/watching-news-can-make-you-sick/
The issue with spamming AIS is that, AIS transmitters if installed, (at least for us non-professional boat owners), must have their own GPS decoder and VHF antenna connection, by law from what I read. And, the MMSI (ship international registration) number is "program once" in the AIS box and not able to be changed by the user. (Satellite positioning -- I'm not sure that qualifies as AIS, but I would not mind to be corrected) to go dark by turning off the AIS box. If I wanted to move myself, it would easier to just send a bunch of AIS traffic from another box, but that is not an above-board commercial product (as far as I know!) so one would have to some computer smarts to do this. As an aside - the last time the Canadian SnowBirds aerobatic team were due to fly over our area, I checked for ADS-B data from them so I could see if they were getting close, and, well, I guess they don't send ADS-B...
I am reminded of the old aphorism: âA person with one watch knows what time it is—but a person with two watches is never sure. If the computer count and the hand count disagree, which one should be accepted?
Link to article: https://jalopnik.com/honda-clocks-are-stuck-20-years-in-the-past-and-this-mi-1848306970
[Im]moral hazard? https://www.chron.com/news/houston-texas/article/Houston-3D-printed-gun-buyback-program-17345782.php Houston man sells dozens of 3D-printed guns at city's first gun buyback. The man traded in 62 3D-printed guns, often referred to as 'ghost guns,' and received $50 per gun. He claimed making the weapons cost only $3 each. [Oops!!] Which reminds me of other 'bounty' programs gone horribly/LOL wrong: https://en.wikipedia.org/wiki/Great_Hanoi_Rat_Massacre https://freakonomics.com/podcast/the-cobra-effect-2/
Please report problems with the web pages to the maintainer