Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
David Sirota, Julie Rock, Rebecca Burns, and Matthew Cunningham-Cook The New York Times Opinion, 20 Feb 2023 Let's Cut That Number.
The Ohio disaster shows that the government must improve rail safety rules. Since 1970, the overall number of train cars derailed each year fell … while the number of cars carrying hazardous materials grew.
A chart lists the fate of the derailed train's cargo, contents of each train car, and what happened to it.
Oh great. Another unintended consequence. Your health sensing smart watch could seriously impact your health.
An example of the observer effect in smart tech?
[ https://en.m.wikipedia.org/wiki/Observer_effect_(physics) ]
The Air Force has awarded a contract to Silicon Valley firm Reliable Robotics to study the feasibility of flying its biggest iron autonomously. The company will look at whether it makes sense to fly multi-engine jet cargo planes from gate to gate with a remote pilot monitoring from the ground.
https://www.avweb.com/aviation-news/air-force-studies-autonomous-cargo-jets/
Maybe Tesla can help…
In the rush for renewable energy, there has been a loud outcry for more electrical transmission capacity. Unfortunately, almost all of these plans call for large numbers of above ground electrical transmission towers and wires, thus destroying the visual environment, if not the actual environment through additional forest fires (cough, cough, PG&E).
One alternative is to bury these transmission lines underground, but this is not a ‘silver bullet’, as underground lines cost 4-10X the equivalent above-ground transmission lines, and may last only 40% as long.
Furthermore, even underground transmission lines are vulnerable to a host of risks, including lightning, earthquakes, etc., and may take far longer to fix when a failure does occur.
Bottom line: let's significantly raise the planning costs of electrical transmission, to make local distributed ‘microgrids’ better able to compete. At the end of the day, rooftop solar panels are going to be a heck of a lot more attractive than covering every inch of currently un-despoiled land with transmission towers and power lines.
INTELLIGENT UNDERGROUNDING, Jon T. Leman, Robert G. Olsen Overhead or Underground Transmission? That is (Still) the Question Feb. 24, 2022
Part one in a two-part series examines where things stand with the challenges of using underground high-voltage ac lines to transmit bulk electrical power.
Physical attacks on the U.S. power grid rose 71% last year compared with 2021 and will likely increase this year, according to a confidential industry analysis viewed by The Wall Street Journal.
A division of the grid oversight body known as the North American Electric Reliability Corporation found that ballistic damage, intrusion and vandalism largely drove the increase. The analysis also determined that physical security incidents involving power outages have increased 20% since 2020, attributed to people frustrated by the onset of the pandemic, social tensions and economic challenges.
https://www.sciencedirect.com/science/article/pii/S0012825222003804
[Richard's summary focused superficially on the undersea communications, pointing out they dominate satellite communications. However, it gave no hint of the breadth and depth of this remarkable report. Instead, I have excerpted from the conclusions section:]
The critical role played by subsea cables in global communications means it is important that they remain as resilient as possible over their design lives. This study provides the first global review of how hazards to subsea cables are anticipated to change in response to future climate change scenarios. Our overarching conclusion is that ocean conditions are highly likely to change on a global basis as a result of projected climate change, but the feedbacks and links between climate change, natural processes and human activities can be extremely complicated, resulting in pronounced spatial and temporal variability. Not all regions will be affected in the same way (nor at the same time) by the same processes, and in many cases, there is anticipated to be local variability. Therefore, future cable routes should be carefully selected based on local conditions.
I lift phone handset, hear broken dial tone meaning voicemail. I'm not supposed to, turned off voicemail years ago, use in-house answering machine.
So of course I don't remember how to check voicemail messages. Wander Cox website, find list of calls, one noted with voicemail. But no transcript available and no link to play message from website.
I call my number from my number, get greeting that I haven't set up voicemail. Well, I did a while ago—and turned it off. So I go through process of setting pin, recording my name, picking greeting. Then, finally, it tells me I have a message. It reads me the number it's from, speaking at 110 BPS. Finally plays message, it's junk, of course, so I delete. Then I hunt down settings where voicemail is enabled—shouldn't be—so I turn it off. Then I check wife's line's settings—voicemail is off but Call Waiting is on—which she doesn't want and I'd also previously turned off. So I Turn THAT off.
It's hard to believe Cox changed these settings deliberately so I'm sure it's some misbegotten software update.
I was just reminded (thanks!) of this article in Techdirt from almost exactly 14 (egads, 14?) years ago regarding my proposals for a Google Ombudsman. It could be argued that in significant ways this situation is far more critical now. (14 years … ouch).
Sidenote: I was once sitting in the office of a Google exec at Mountain View CA, pushing my oft-quoted concept for a Google Ombudsman. He pushed back but asked if I was volunteering for the job. Given the totality of my situation at the time, I said no. I've often wondered what would have happened if I'd said yes. I really should have. -L
https://www.techdirt.com/2009/03/03/does-google-need-an-ombudsman/
My own view is that more extensive use of remote work makes more sense than ever. Google operated quite effectively for a prolonged period during COVID with the vast majority of workers remote. -L
The Washington Post, 16 Feb 2023
Congress could blunt these harms by simply passing a law that would keep kids off social media until they're at least 16 and better positioned to use the technologies safely.
Such a law would need teeth, of course. So let's give it some. We can require real age verification processes and direct the Federal Trade Commission to carry out periodic audits to ensure compliance. And we can empower parents to bring lawsuits against companies that break the rules.
https://www.washingtonpost.com/opinions/2023/02/16/children-social-media-protection-congress/
[Nice small government initiative there…]
https://ieeexplore.ieee.org/abstract/document/9996741
We not only have to worry about AI systems giving us false information, = but we have to worry about which personality we are getting the = information from!
https://futurism.com/microsofts-bing-ai-leaking-maniac-alternate-personali= ties
Anna Kode', The New York Times
The proliferation of devices creates more opportunities for people to lose access or power over aspects of the home.
On the first night in his new home, Clint Basinger was unpacking a few stray boxes in the living room, when out of nowhere at around midnight, he heard a voice echoing down the hallway from the other side of the house. “Good night. It's bedtime.” the voice said.
Then, he heard the sound of locks clicking. “I couldn't do anything with the doors, all the windows were armed, all the motion sensors turned on.” said Mr. Basinger, who had spent 15 years saving up to buy the three-bedroom, split-level house in Asheville, NC. “I had no clue what to do, so I just stayed locked inside the house that night.”
Turns out, the home's previous owner had installed a smart security system that he neglected to tell Mr. Basinger about. “It was really disconcerting, being in a new place and having no control over what was happening,” said Mr. Basinger, 36, the host of a YouTube channel for retro technology and video game reviews. […]
On one of the first days in the fall of 2019, Aaron Barden came home to find that the temperature inside his house was at 78 degrees. “It was incredibly hot, and I was just wondering, what's going on?” said Mr. Barden, 32, an engineer living in New Hope, Minn. “That's when I realized there was already programming in the smart thermostat.”
https://www.nytimes.com/2023/02/17/realestate/smart-home-devices.html
Hyundai and Kia announced last week the new, optional software update could curb the number of thefts, but safety advocates believe the automakers should have issued a safety recall. […]
While the announcement of a free software upgrade is good news for drivers who previously faced costly options for fixing the problem, auto safety groups tell NBC 5 they believe federal regulators should have done more to protect the public.
“It's caused death and injuries. It's happening all over the country,” said safety advocate Sean Kane with Strategies & Research, Inc. “And the watchdog agency, the National Highway Traffic Safety Administration, has apparently brokered a deal that doesn't require [the automakers] to do a recall.”
https://appleinsider.com/articles/23/02/23/macos-targeted-by-evasive-crypto-jacking-malware
https://techcrunch.com/2023/02/21/sensitive-united-states-military-emails-spill-online/
The state closed the investigation, leaving more questions than answers.
Generative AI Is Coming For the Lawyers—Large law firms are using a tool made by OpenAI to research and write legal documents. What could go wrong?
But the problems with current generations of generative AI have already started to show. Most significantly, their tendency to confidently make things up—or hallucinate. That is problematic enough in search, but in the law, the difference between success and failure can be serious, and costly. […]
Sereduick says that while the outputs from legal AI will need careful monitoring, the inputs could be equally challenging to manage. “Data submitted into an AI may become part of the data model and/or training data, and this would very likely violate the confidentiality obligations to clients and individuals' data protection and privacy rights,” he says.
https://www.wired.com/story/chatgpt-generative-ai-is-coming-for-the-lawyers
Filing: Google deleted chats for nearly four years despite requirement to keep them.
https://arstechnica.com/?p=1918835
Will Oremus, The Washington Post, Reddit users are pushing the limits of popular AI chatbot ChatGPT and finding ways around its safeguards.
https://www.washingtonpost.com/technology/2023/02/14/chatgpt-dan-jailbreak/
“The trouble arises when we treat chatbots not just as search bots, but as having something like a brain—when companies and users trust programs like ChatGPT to might be a distant goal, and the road to it is winding and clouded: The programs analyze their finances, plan travel and meals, or provide even basic information. Instead of forcing users to read other Internet pages, Microsoft and Google have proposed a future where search engines use AI to synthesize information and package it into basic prose, like silicon oracles. But fully realizing that vision might be a distant goal, and the road to it is winding and clouded: The programs currently driving this change, known as large language models, generating simple sentences but pretty awful at everything else.”
Shirking responsibility for decisive actions suggest these AI agents are promotional harbingers for the next carastrophic industrial or strategic accident.
Neil Clarke and other editors share in the comments how they get flooded by fiction / short story submissions written with ChatGPT, which has now created a true challenge to editors. Or, in security language, a DDoS attack on the human side of this.
Reading the comments is a glimpse into the future, and how we may need to adapt.
That chat stirs memories of a 1964 Twilight Zone episode:
From Agnes With Love
A computer programmer (Wally Cox) receives advice on his love life from a computer that is in love with him. <https://en.wikipedia.org/wiki/Wally_Cox>
As layoffs rave the tech industry, algorithms once used to help hire could now be helping to lay people off.
https://www.washingtonpost.com/technology/2023/02/20/layoff-algorithms/
This is hardly a new issue. As far back as the 1850s railroads depended on telegraphs to schedule their trains, including management of two-way traffic on single-track lines. No telegraph, no trains.
[And it still may get blamed when the trains are not tele-prompt.
Lewis Maddison, TechRadar, 21 Feb 2023, via ACM TechNews, 22 Feb 2023
University of California, Berkeley researchers found simple head and hand movements by participants in the Metaverse can expose their identities. The researchers analyzed more than 50,000 subjects with more than 2.5 million virtual reality (VR) data recordings linked to them when playing the game Beat Saber in Meta's VR ecosystem. The game requires near-constant hand movement and sometimes head movement. Artificial intelligence analysis could identify individual players with 94% accuracy, as well as identifying more than half of the 50,000 participants using just two seconds' worth of data. The researchers said the data also allowed them to determine each user's dominant hand, height, and gender with a high degree of accuracy. https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-30242x239bcdx069544&
Devorah Fischler, (Penn Engineering Today(, 21 Feb 2023, via ACM TechNews, 22 Feb 2023
A team of researchers led by University of Pennsylvania (Penn) computer scientists confirmed the existence of vulnerabilities that leave U.S. Census data open to exposure and theft. Using a commercial laptop and a basic machine learning algorithm, the researchers were able to reverse-engineer aggregated data released by the U.S. Census Bureau to reveal individual respondents' protected information. Penn's Michael Kearns said, “What's novel about our approach is that we show that it's possible to identify which reconstructed records are most likely to match the answers of a real person. Others have already demonstrated it's possible generate real records, but we are the first to establish a hierarchy that would allow attackers to, for example, prioritize candidates for identity theft by the likelihood their records are correct.”
Michael Kan, PC Magazine, 21 Feb 2023, via ACM TechNews, 22 Feb 2023
Microsoft scientists are controlling robots and aerial drones with OpenAI's ChatGPT chatbot. The researchers used ChatGPT to simplify the process of programming software commands to guide the robots, because the artificial intelligence model was trained on massive datasets of human text. They initially outlined in a text prompt the various commands the model could use to control a given robot, which ChatGPT used to write the computer code for the robot. The researchers programmed ChatGPT to fly a drone and have it perform actions, as well as to control a robot arm to assemble the Microsoft logo from wooden blocks.
Rachel More, Reuters, 16 Feb 2023, via ACM TechNews, 22 Feb 2023
A top German court has ruled that police use of automated data analysis to prevent crime in some German states violates their constitutions, backing opponents of software provided by U.S. company Palantir Technologies. The constitutional court determined provisions regulating the technology's employment in the states of Hesse and Hamburg breach the right to informational self-determination. The German Society for Civil Rights argued the case against police data analysis, claiming Palantir software used innocent people's data to sow suspicion, and could generate errors that impact people in danger of police discrimination. The court has given Hesse until 30 Sep 2023 to redraft its provisions, and annulled legislation in Hamburg, where the technology had yet to be used.
> A lesson for those who ignore one of the reasons for stronger crypto — > not having something broken years later?
Well, it's been a few centuries since those letters were written. That ought to be sufficient!
A related item on Politico: https://www.politico.com/news/2023/02/20/big-tech-supreme-court-00083543
Big Tech is about to have an epic week in the Supreme Court.
The stakes are high as the Supreme Court takes its first look at a law Republicans and Democrats have both criticized for giving too much protection to the tech industry.
The PCMag article concludes with this: “The lesson is clear. For any site that gives you a choice, don't opt for SMS-based authentication. If it's an important account that doesn't offer any other choice, say, your bank, contact the organization and tell them to do better.”
So what is a better choice? The article doesn't say. And even if it did, if your bank doesn't offer that better option (whatever it is), should you just go with an unauthenticated account instead?
The likely result of this episode is that in the future, institutions will use ChatGPT to write the same kinds of post-tragedy messages but affix their real names to the message. In other words, they will lie about the authorship. It's still easier than struggling to say something new every time this sad story is repeated.
Frankly, the factual inaccuracies from the chatbots are no worse than the accuracy (or lack thereof) of the summary of quick answers you often get from a standard Google search. One quickly learns to treat those answers with the suspicion that they deserve.
A similar problem exists in Bourne shell scripts, especially those distributed by computer vendors to perform Linux installations. There's a line:
cd $some_directory
followed by operations on the presumed newly-changed-to current working directory, e.g.,:
rm some_files_or_other
A simple addition to the cd command protects you:
cd $some_directory || exit 1
(or better: cd “$some_directory” || exit 1 # to solve another frequent but unrelated problem)
I always made sure never to code a cd command without it.
Please report problems with the web pages to the maintainer