Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Natasha Singer and Kalley Huang, *The New York Times* Business, 8 Dec 2022 After spending years laying the groundwork for lucrative careers, many recent graduates are left scrambling as coveted jobs dry up. https://www.nytimes.com/2022/12/06/technology/computer-students-tech-jobs-layoffs.html [Thursday's print article and the online version from two days prior differ in titling, but apparently not in content. PGN] This article seems to have been written primarily in response to Meta laying off 11,000, and layoffs, hiring freezes, and slowdowns at Twitter, Alphabet, DoorDash, Luft, Snap, Stripe, and Amazon (which is contemplating cutting this year's 18,000 summer interns in more than 50% for next summer). More than 400,000 new jobs are foreseen between 2021 and 2031, according to the Bureau of Labor Statistics, although “many of those are in areas like finance and the automotive industry.'' The article documents various personal cases, and suggests that graduate school is also an option to jobs (assuming one can afford it)... PGN-ed There seems to be a Catch-22 underlying undergraduate computer science, which has been touted as a great source of future jobs. My guess is that being just a programming whiz is not enough, and that system-oriented thinking and the experience that can result therefrom has not been popular even in graduate programs for many years. Perhaps CS has been oversimplified in too many schools and colleges? How many of them actually teach the fundamental principles of total-system architectures, not to mention formal methods as a basis for developing trustworthy systems? My CSL colleague Prashanth Mundkur sent me this comment: Given the reputational damage that Big Tech, Silicon Valley and tech in general have suffered in recent years, it might be worth including the ethical impacts of business models (e.g., on violations of privacy, spread of misinformation/disinformation) into the holistic analysis of total-system architectures. I'm not sure if the ACM Code of Ethics is studied in undergraduate or graduate CS curricula. Many years ago Deborah Johnson taught courses at RPI on the subject of computer-related ethics, and wrote various books that are still in print. Considerable effort at Yale was led by Terry Bynum (including a summer workshop in 1991). There have been numerous efforts to revisit this subject. I have no idea how many computer science curricula include relevant courses today. However, I suspect that most of the mentioned companies are not paying much attention—where profits are generally considered more important. PGN
This is something I have definitely considered a lot as a member of an undergraduate curriculum committee for computer science and the chair of a curriculum committee for computer engineering. I think part of the issue is the overall drift of the ACM/IEEE curricular recommendation for CS has been moving away from complete system design guidelines are also used, in part, to define what a program requires to get ABET accreditation - a target for many CS programs. (https://www.acm.org/binaries/content/assets/education/cs2013_web_final.pdf). These For example, architecture and organization for a BS computer science degree gets only 16 tier-2 hours. That is 1 semester-unit or 1.5 quarter units. Similarly, a lot of system design topics get a similar small 1 or 2 unit recommendation. This encourages teaching systematic thinking in a limited number of survey courses if you want to follow the ACM recommendations and not have all of your curriculum on specific system topics. Many departments have to make hard decisions about what curriculum to focus on also. It is difficult to hire in some specialties for non-R1 universities. Cybersecurity (formal methods or other) is difficult because industrial demand is high and pay scale is hard to compete with. For example, most CSUs and similar state schools have 0 or 1 person with formal background in cybersecurity. Software engineering has similar issues. In my experience, other domains are hard to hire because of supply side issues. For example, compilers and programming languages are difficult because there are fewer people getting PhDs in related fields—so some schools have had to cut compilers as a required course because they just can't staff enough sections. Schools can try to find creative solutions, for example. cross-training across specialties, but this is a hard task to add to an already busy job.
If you've ever cursed your jerky Metro train as it comes into a station, take comfort in the fact that those days may soon be over. Metro is seeking to return its Red Line trains to automatic operation -- instead of manual human operation—by next spring, the transit agency noted in a presentation Monday. The rest of the system could return to automation by the end of 2023. System shut down after 2009 crash Metro was originally designed to be an automated system. And it operated that way until 2009 when a sensor in the track malfunctioned, which led to a train crashing into the back of another train near Fort Totten. The crash killed nine people and injured 80 others. (The malfunctioning circuit meant one of the trains involved in the collision was, in essence, invisible on the system.) https://dcist.com/story/22/12/06/metro-resume-automatic-train-operation-2009-crash-red-line
https://www.cbc.ca/news/politics/amnesty-international-canada-cyber-attack-china-1.6674788 The Canadian branch of Amnesty International was the target of a sophisticated cyber-security breach this fall—an attack forensic investigators believe originated in China with the blessing of the government in Beijing. The intrusion was first detected on October 5, the human rights group said Monday. The attack showed signs of being the work of what's known as an advanced persistent-threat group (APT), according to the cyber security company that conducted the forensic investigation. Unlike a typical cybercrime attack, the attack on Amnesty involved establishing covert surveillance of the operating system of Amnesty's network, said the report prepared for Amnesty International Canada by the U.K.-based cybersecurity firm Secureworks. The hackers appeared to be attempting to obtain a list of Amnesty's contacts and monitor its plans.
https://www.cbc.ca/news/canada/toronto/vaccine-data-breach-ontario-1.6680714 Hundreds of thousands of Ontarians' information may have been compromised in a data breach of the province's vaccine management system last year. Beginning Friday, some 360,000 people will receive notices that their personal information was part of the November 2021 data breach of the COVAXX system, the Ministry of Public and Business Service Delivery said in a statement Friday. The ministry said it had been working with the Ministry of Health, police and the Ontario's privacy commissioner to determine the scale and impact of the breach. The ministry's statement does not say how it occurred. Two people were charged in connection with the breach last year.
The Biden administration took a public stand last year against the abuse of spyware to target human-rights activists, dissidents and journalists: It blacklisted the most notorious maker of the hacking tools, the Israeli firm NSO Group. But the global industry for commercial spyware—which allows governments to invade mobile phones and vacuum up data—continues to boom. Even the U.S. government is using it. The Drug Enforcement Administration is secretly deploying spyware from a different Israeli firm, according to five people familiar with the agency's operations, in the first confirmed use of commercial spyware by the federal government. At the same time, the use of spyware continues to proliferate around the world, with new firms—which employ former Israeli cyberintelligence veterans, some of whom worked for NSO—stepping in to fill the void left by the blacklisting. With this next generation of firms, technology that once was in the hands of a small number of nations is now ubiquitous -- transforming the landscape of government spying. One firm, selling a hacking tool called Predator and run by a former Israeli general from offices in Greece, is at the center of a political scandal in Athens over the spywareâs use against politicians and journalists. [...] https://dnyuz.com/2022/12/08/how-the-global-spyware-industry-spiraled-out-of-control/ [Also reported by Jan Wolitzky from The NYTimes, with the same caption:] The market for commercial spyware—which allows governments to invade mobile phones and vacuum up data—is booming. Even the U.S. government is using it. [Includes a copy of a nine-page Intellexa pitch for Predator to a Ukrainian intelligence agency in 2021, the first full such commercial spyware proposal to be made public.] https://www.nytimes.com/2022/12/08/us/politics/spyware-nso-pegasus-paragon.html
Northeastern University installed heat sensors under the desks of graduate student workers, without their consent, allegedly to conduct a study on desk usage. <https://news.techworkerscoalition.org/2022/11/29/issue-19/>
Raspberry Pi hires a former cop, and responds poorly to the public response https://www.resetera.com/threads/raspberry-pi-hires-a-former-cop-and-responds-poorly-to-the-public-response.662539/
Law enforcement has objected in the past to encrypting iCloud accounts After years of delay under government pressure, Apple said Wednesday that it will offer fully encrypted backups of photos, chat histories and most other sensitive user data in its cloud storage system worldwide, putting them out of reach of most hackers, spies and law enforcement. https://www.washingtonpost.com/technology/2022/12/07/icloud-apple-encryption/
https://papersplease.org/wp/2022/12/06/tsa-argues-for-impunity-for-checkpoint-staff-who-rape-travelers/ [The cited full story is even scarier than its subject line, and is omitted here. Note that this is a problem not just in foreign airports. Seems as if TSA absurdly wants to whitewash outright crimes, but perhaps it is something appealing to would-be molesters whom they might hire as more aggressive agents. This item is either ridiculously bad PR for TSA, or ridiculously bad journalism—or perhaps both. PGN]
Hertz said it will pay $168m (£137.4m) to customers who were wrongly accused by the rental company of vehicle theft. The pay-out will settle 364 claims against the company, some from innocent customers who were falsely reported to the authorities for stealing rental cars, Hertz announced on Monday. Some customers said they were arrested or jailed over the accusations. In a statement, Hertz CEO Stephen Scherr said his company "will not always be perfect". https://www.bbc.com/news/world-us-canada-63879250 [It really hertz to be falsely arrested. PGN]
DeepMind's new artificial intelligence system called AlphaCode was able to "achieve approximately human-level performance" in a programming competition <https://www.science.org/content/article/ai-learns-write-computer-code-stunning-advance>. The findings have been published in the journal Science <https://www.science.org/doi/10.1126/science.abq1158?adobe_mc=MCORGID=242B6472541199F70A4C98A6%40AdobeOrg|TS=1670536877>. Slashdot reader sciencehabit <https://developers.slashdot.org/~sciencehabit> shares a report from Science Magazine:AlphaCode's creators focused on solving those difficult problems. Like the Codex researchers, they started by feeding a large language model many gigabytes of code from GitHub, just to familiarize it with coding syntax and conventions. Then, they trained it to translate problem descriptions into code, using thousands of problems collected from programming competitions. For example, a problem might ask for a program to determine the number of binary strings (sequences of zeroes and ones) of length n that don't have any consecutive zeroes. When presented with a fresh problem, AlphaCode generates candidate code solutions (in Python or C++) and filters out the bad ones. But whereas researchers had previously used models like Codex to generate tens or hundreds of candidates, DeepMind had AlphaCode generate up to more than 1 million. To filter them, AlphaCode first keeps only the 1% of programs that pass test cases that accompany problems. To further narrow the field, it clusters the keepers based on the similarity of their outputs to made-up inputs. Then, it submits programs from each cluster, one by one, starting with the largest cluster, until it alights on a successful one or reaches 10 submissions (about the maximum that humans submit in the competitions). Submitting from different clusters allows it to test a wide range of programming tactics. That's the most innovative step in AlphaCode's process, says Kevin Ellis, a computer scientist at Cornell University who works AI coding. After training, AlphaCode solved about 34% of assigned problems, DeepMind reports this week in Science <http://www.science.org/doi/10.1126/science.abq1158?adobe_mc=MCORGID=242B6472541199F70A4C98A6%40AdobeOrg|TS=1670536877>. (On similar benchmarks, Codex achieved single-digit-percentage success.) To further test its prowess, DeepMind entered AlphaCode into online coding competitions. In contests with at least 5000 participants, the system outperformed 45.7% of programmers. The researchers also compared its programs with those in its training database and found it did not duplicate large sections of code or logic. It generated something new—a creativity that surprised Ellis. The study notes the long-term risk of software that recursively improves itself. Some experts say such self-improvement could lead to a superintelligent AI that takes over the world. Although that scenario may seem remote, researchers still want the field of AI coding to institute guardrails, built-in checks and balances. https://developers.slashdot.org/story/22/12/08/226221/ai-learns-to-write-computer-code-in-stunning-advance
Bitcoin miners say they can help stabilize a shaky power grid and prevent blackouts. Experts say it will make the problem worse. In Bratcher's terms, it works like this: In periods of low demand, big crypto mines can plug into sources of renewable power that would otherwise be wasted, thereby increasing the profitability of wind and solar and encouraging new development. Then, when demand from the grid is high, miners shut off their operations to allow power to be channeled toward regular people. Although Texas produces more renewable energy than any other U.S. state, its grid is propped up by an aging fleet of fossil fuel plants, some of which have been running without maintenance to keep pace with energy demand. At an average age of 50 and 30 years, respectively, the state's coal and gas plants are reaching the end of their useful lives. Core to [Gov] Abbott's plan is the theory that the additional demand for energy created by new bitcoin-mining facilities will establish *an investment incentive* that brings new sources of power generation to Texas. Then, when energy demand goes through the roof during a heat wave or cold snap, the state will have more energy flowing through its grid and the option to redirect power as a last resort. The plan to use crypto mines as giant batteries is controversial, to say the least. Ed Hirs, an energy fellow at the University of Houston, claims the battery analogy is "nonsense" because miners don't store and release energy, but rather only promise to stop consuming when it's urgently needed elsewhere. And he disputes the idea that crypto mining will bring additional energy generation to the grid, which he describes as misdirection designed to distract from the price increases people will incur due to an overall rise in energy demand. Demand for energy in Texas is set to skyrocket as a result of Abbott's plan. Miners in the state are currently using around 2 gigawatts (GW) of energy, with peak capacity for the state topping out at 80 GW. By 2026 it's estimated that Texas bitcoin miners will draw as much as 29 GWfour times as much as the whole of New York City. https://www.wired.com/story/bitcoin-texas-power-grid
Tens of thousands of websites belonging to government agencies, Fortune 500 companies and other organizations host Twitter computer code that sends visitor information to the social media giant, according to research first reported by The Cybersecurity 202. And virtually none of them have used a Twitter feature to put restrictions on what the company can do with that data, said digital ad analysis firm Adalytics, which conducted the study. The presence of Twitter's code—known as the Twitter advertising pixel -- has grown more troublesome since Elon Musk purchased the platform. That's because under the terms of Musk's purchase, large foreign investors were granted special privileges. Anyone who invested $250 million or more is entitled to receive information beyond what lower-level investors can receive. Among the higher-end investors include a Saudi prince[?] holding company and a Qatari fund. “Government agencies, hospitals, over half of all U.S. members of Congress, media publishers, and brands may not be aware that they are sharing terabytes of their visitors' and audience's data with Twitter,'' Adalytics founder Krzysztof Franaszek wrote.
Twitter to Charge $11 Per Month for Twitter Blue on iPhone, $7 on Website (MacRumors) ProTip: Elon's hate speech site isn't worth 11 cents per month -L https://www.macrumors.com/2022/12/07/twitter-blue-relaunch-subscription-fees/ https://dnyuz.com/2022/12/08/how-the-global-spyware-industry-spiraled-out-of-control/ Musk's Neuralink faces federal probe, employee backlash over animal tests https://news.yahoo.com/exclusive-musk-neuralink-faces-federal-221949094.html Musk and Direct Messages: It seems absolutely clear from Musk's behavior over the last few days that he cannot be trusted with the massive #Twitter stockpile of Direct Messages (DMs), which include a vast variety of sensitive materials including major firms' account-verified support interactions with customers and much more. QED -L Elon Musk slams San Francisco for probe of bedrooms at Twitter HQ https://www.redlandsdailyfacts.com/2022/12/07/musk-slams-san-francisco-for-probe-of-bedrooms-at-twitter-hq/ New Letter from Congressmen Schiff and Takano re hate speech on Twitter https://schiff.house.gov/imo/media/doc/letter_to_twitter.pdf Elton John leaves Twitter Due to Misinformation, Musk begs him to come back https://deadline.com/2022/12/elton-john-quits-twitter-elon-musk-responds-1235195130/ More Twitter and DMs: #Twitter could easily release a statement saying that user DMs are safe from snooping by Musk or anyone else without specific legal process. Twitter has so far chosen not to issue such an assurance. Why? -L Musk's Devious Plan Is Obvious" Musk is attempting to leverage the public's lack of knowledge about the complex tasks of moderating social media content to prevent spam, hate speech, crime, terrorism, child abuse, and many more horrors—at enormous scale—to portray Twitter as engaging in a grand conspiracy where none exists. He's smart enough to realize this, but he's devious enough to play this all for maximal personal advantage, just as tyrants and authoritarians have done in their own contexts throughout history. -L How Twitter saved lives by blocking: It was completely appropriate and admirable for the former #Twitter management to block and/or not amplify tweets/accounts spouting COVID disinformation or other harmful lies, irrespective of the political affiliations of the senders. The fact that by far most of this disinformation came (and still comes) from right-wing accounts does not indicate a bias against the right, but a healthy bias against disinformation. While the process wasn't perfect, it probably saved many innocent lives. -L Twitter claims reporters they're permitting to rummage around internal messages don't have access to user DMs—but says nothing about Musk or others' access. -L Why disinformation needs to be stopped BEFORE it spreads: Let's be super clear about why you need to stop disinformation *before* it is widely amplified. Every study looking at this that I've seen shows clearly that misinformation and disinformation—usually by virtue of their alarmist natures—have vastly greater reach than any attempts to correct the falsehoods after the fact. Efforts to use accurate information to "answer" misinformation and purposeful lies are either disbelieved, ignored, and shared to a dramatically lessor extent. Meanwhile, the liars and conspiracy promoters move on to their next topics, and their next victims. -L Twitter Blue returns, 3 Trust and Safety Council members resign, and Twitter goes silent when asked key questions. Any advertisers touching Twitter with a 10 foot pole are insane. -L https://arstechnica.com/tech-policy/2022/12/twitter-blue-is-coming-back-with-more-colors-and-assurances-from-musk/ #Twitter Direct Messages and Musk: As far as I know, Musk has still not made a statement regarding the privacy and sanctity of the enormous collection of Direct Messages (DM) data that #Twitter presumably has maintained possibly since the feature was originally deployed many years ago. This contains the personal discussions of individuals, firms, companies, and probably government agencies providing customer support via account numbers and other personal data, and much more. Do we have any assurance whatsoever that Musk would not feel free to go rummaging through that mass of data and use and/or publicly expose anything and everything that he felt would be beneficial to his personal goals? Given Musk's ongoing behavior, the question would be laughable if it wasn't so serious. -L
Please report problems with the web pages to the maintainer