Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
I'm in New Zealand, climax to my antipodean speaking tour, where I walked headlong into a raging controversy. Jacinda Ardern's government implemented a ludicrous policy, spawned by Chris Hipkins's Ministry of Education before he became prime minister. Science classes are to be taught that M=C4=81ori ‘Ways of Knowing’ (M=C4=81tauranga M=C4=81ori) have equal standing with ‘western’ science. Not surprisingly, this adolescent virtue-signaling horrified New Zealand's grown-up scientists and scholars. Seven of them wrote to the Listener magazine. Three who were fellows of the NZ Royal Society were threatened with an inquisitorial investigation. Two of these, including the distinguished medical scientist Garth Cooper, himself of M=C4=81ori descent, resigned (the third unfortunately died). I was delighted to meet Professor Cooper for lunch, with others of the seven. His resignation letter cited the society's failure to support science against its denigration as ‘a western European invention’. He was affronted, too, by a complaint (not endorsed by the NZRS) that ‘to insist Maori children learn to read is an act of colonisation’. Is there an implication here — condescending, if not downright racist—that ‘indigenous’ children need separate, special treatment?
Perhaps the most disagreeable aspect of this sorry affair is the climate of fear. We who don't have a career to lose should speak out in defence of those who do. The magnificent seven are branded heretics by a nastily zealous new religion, a witch-hunt that recalls the false accusations against J.K. Rowling and Kathleen Stock. Professor Kendall Clements was removed from teaching evolution at the University of Auckland, after the School of Biological Sciences Putaiao Committee submitted the following recommendation: “We do not feel that either Kendall or Garth should be put in front of students as teachers. This is not safe for students.” Not safe? Who are these cringing little wimps whose ‘safety’ requires protection against free speech? What on earth do they think a university is for?
To grasp government intentions requires a little work, because every third word of the relevant documents is in M=C4=81ori. Since only 2 per cent of New Zealanders (and only 5 per cent of M=C4=81oris) speak that language, this again looks like self-righteous virtue-signaling, bending a knee to that modish version of Original Sin which is white guilt. M=C4=81tauranga M=C4=81ori includes valuable tips on edible fungi, star navigation and species conservation (pity the moas were all eaten). Unfortunately it is deeply invested in vitalism. New Zealand children will be taught the true wonder of DNA, while being simultaneously confused by the doctrine that all life throbs with a vital force conferred by the Earth Mother and the Sky Father. Origin myths are haunting and poetic, but they belong elsewhere in the curriculum. The very phrase ‘western’ science buys into the ‘relativist’ notion that evolution and big-bang cosmology are just the origin myth of white western men, a narrative whose hegemony over ‘indigenous’ alternatives stems from nothing better than political power. This is pernicious nonsense. Science belongs to all humanity. It is humanity's proud best shot at discovering the truth about the real world. […]
Congress and the airline industry must reassess how they approach and fund air-transportation modernization.
An F-35 Pilot Attempted a Maneuver, Ending in a Fiery Crash
”It's going to be like an interstate highway in a rush hour in a snowstorm with everyone driving much too fast.”
Just 10 years ago, a mere thousand or so operational satellites may have orbited our planet, but there will be tens or even hundreds of thousands a decade from now.
Experts have been sounding alarm bells for years that Earth orbit is getting a bit too crowded. So how many satellites can we actually launch to space before it gets to be too much?
Jonathan McDowell is an astrophysicist and astronomer at the Harvard-Smithsonian Center for Astrophysics who studies super-energetic phenomena in the universe <https://www.space.com/52-the-expanding-universe-from-the-big-bang-to-today.html> such as jet-emitting black holes <https://www.space.com/15421-black-holes-facts-formation-discovery-sdcmp.html> in galactic centers. In recent years, however, McDowell has gained prominence for his work in a completely different field of space research. In his monthly digital circular called Jonathan's Space Report <https://www.planet4589.org/space/jsr/jsr.html>, McDowell tracks the growing number of satellite launches and the ballooning number of objects in Earth orbit.
The project started with an ambition to “provide a pedantic historical record of the space age,” but has, in a way, become a chronicle of the environmental destruction of the near Earth environment. In his frequent media appearances, McDowell has been vocal about his views on the future of the increasingly overcrowded near-Earth space.
“It's going to be like an interstate highway, at rush hour in a snowstorm with everyone driving much too fast,” he told Space.com when asked what the situation in orbit will be like if existing plans for satellite megaconstellations such as SpaceX <https://www.space.com/18853-spacex.html>'s Starlink <https://www.space.com/spacex-starlink-satellites.html>, OneWeb <https://www.space.com/spacex-oneweb-satellite-internet-constellation-coexistence> and Amazon Kuiper <https://www.space.com/fcc-approves-amazon-constellation-kuiper> come to fruition. “Except that there are multiple interstate highways crossing each other with no stoplights.”
The first signs that things are getting a little too tense are, in fact, already present. McDowell's British colleague Hugh Lewis is another frequently heard voice of caution, tempering the confidence of entrepreneurs caught in the new space gold rush. A professor of astronautics at the University of Southampton in England, Lewis has been for a few years now publishing regular updates on his Twitter page detailing the increase in so-called conjunction events, situations when two objects in space — functioning satellites or pieces of space debris—get dangerously close to each other.
Some of his graphs are a sobering read. […]
The Gare de Lyon Disaster | A Short Documentary | Fascinating Horror <#>
“On the 27th of June, 1988, a busy commuter train was bound for Paris's Gare de Lyon station…” As always, THANK YOU to all my Patreon patrons: you make this…
Old news, perhaps, but a classic instance of cumulative risks in a system.
The sociologists Lee Clarke and the late Charles Perrow have been warning for decades about North American rail operations and the potential for hazmat accidents in city centres in the US.
See Lee Clarke, Worst Cases, U. Chicago Press, 2006 and Charles Perrow, The Next Catastrophe, Princeton U. Press, 2007.
Sophisticated hackers can now breach vulnerable networks and devices at the controller level of critical infrastructure, causing physical damage to crucial assets.
Ezra Dyer, The New York Times, Opinion, 7 Mar 2023
Ford is proving to be far more modern than Elon Musk's automaker.
[Now it can call 911 from great depths as well as ski slopes? PGN]
The tech company Wirecard was embraced by the German elite. But a reporter discovered that behind the facade of innovation were lies and links to Russian intelligence.
The agency responsible for pursuing fugitives and handling federal prisons in the US has been hit by a ransomware attack. Officials at the U.S. Marshals Service (USMS) said on Monday that the breach compromised sensitive law enforcement information. The attack was described as a “major incident” that only targeted the USMS. The U.S. Department of Justice is investigating the breach, an agency spokesperson said.
The ransomware attack was discovered on 17 February, the USMS said.
Canada's largest bookstore chain says it won't pay ransom to the online group claiming responsibility for the cyberattack that stole at least some personal data of current and former employees of Indigo Books & Music, and which likely caused the recent downing of its website.
A recent post on the dark web claiming to be from people affiliated with the ransomware group LockBit says the data will be released Friday at 3:39 pm ET.
In a statement to CBC News, the company said while it has been informed that “some or all of the data” could become available, it does not believe it's appropriate to pay the ransom because it cannot guarantee the money would not “end up in the hands of terrorists.”
The retailer has said that it does not believe customer data was stolen in this attack.
[LATER ITEM: Ransomware group behind Indigo hack says it released stolen employee data, but nothing has appeared yet https://www.cbc.ca/news/business/ransomware-indigo-data-release-1.6766328 ]
Ryan Naraine, Security Week
LastPass DevOp engineer' home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud storage resources.
David Hambling, New Scientist, 23 Feb 2023, via ACM TechNews, 27 Feb 2023
Under a contract between the U.S. Department of Defense and RealNetworks, the Seattle-based company's machine learning software will equip autonomous drones operated by the U.S. Air Force with facial recognition technology. The contract indicated special operations forces will use the drones for intelligence gathering and foreign missions. University of California, Berkeley's Stuart Russell expressed concern about the contract, which states the software will “open the opportunity for real-time autonomous response by the robot.” Russell said it's “hard to see what else it refers to, other than lethal action.” The U.S. government's policy on lethal autonomous weapons calls for “appropriate levels of human judgment,” but the Pentagon has not clarified what that means exactly.
Alex Scroxton, Computer Weekly, 22 Feb 2023, via ACM TechNews, 27 Feb 2023
Researchers at cybersecurity company Trellix say they have discovered a new class of privilege escalation vulnerability in Apple devices, rooted in Israeli spyware maker NSO Group's ForcedEntry exploit. ForcedEntry enabled NSO's government clients to monitor activists, journalists, and political adversaries; Trellix claims iOS and macOS contain bugs that circumvent the upgraded code-signing mitigations Apple deployed to counter the exploit. If uncorrected, the bugs could grant attackers access to sensitive information on target devices, including but not restricted to messages, location data, call history, and photos. Trellix's Austin Emmitt said the vulnerabilities involve the NSPredicate code-filtering tool, whose restrictions Apple fortified with the NSPredicateVisitor protocol.
Apurva Venkat, CSO Online, 23 Feb 2023, via ACM TechNews, 27 Feb 2023
Researchers at application security company Synopsys found 84% of 1,481 analyzed commercial and proprietary code bases contained at least one known open-source vulnerability, while 48% contained high-risk vulnerabilities. The researchers observed a 4% increase in the number of known open-source vulnerabilities between 2021 and 2022. They also found 91% of the code bases had outdated versions of open-source elements, meaning available patches had not been implemented. The researchers explained, “With many teams already stretched to the limit building and testing new code, updates to existing software can become a lower priority except for the most critical issues.” They recommended organizations use a software bill of materials to prevent vulnerability exploits and keep open-source code up to date.
Andreas Wickberg loves snowmobiling to the house he built in the icy reaches of Lapland, north of the Arctic Circle. Each month come spring, he and his wife relocate for a week or so to a *very, very isolated* spot about 335 miles northwest of their usual home near Umea, a Swedish university town. Up in Lapland, it's just them and three other houses. Wickberg develops payment-processing software for a Swedish e-commerce company. What makes this possible is satellite Internet: For 500 krona ($45) a month, he and his wife can make work calls by day and stream movies by night.
Just over a year ago, though, they and their neighbors found themselves cut off from the outside world. At 7 a.m. on Feb. 24, 2022, Wickberg turned on his computer and took in the news that Russian President Vladimir Putin had begun an invasion of Ukraine with airstrikes on Kyiv and many other cities. Wickberg read everything he could, aghast. Not long after, a neighbor came around asking to borrow the family's Wi-Fi password because their Internet was on the fritz. Wickberg obliged, but 10 minutes later, his connection dropped, too. When he checked his modem, all four lights were off, meaning the device was no longer communicating with KA-SAT, Viasat Inc.'s 13,560-pound satellite floating 22,236 miles above.
The way each of the connections in his community switched off one by one left him convinced that this wasn't just a glitch. He concluded Russia had hacked his modem. “It's a scary feeling,” Wickberg says. “I actually thought that these systems were much more secure, that it was sort of far-fetched that this could even happen.”
Viasat staffers in the US, where the company is based, were caught by surprise, too. Across Europe and North Africa, tens of thousands of Internet connections in at least 13 countries were going dead. Some of the biggest service disruptions affected providers Bigblu Broadband Plc in the UK and NordNet AB in France, as well as utility systems that monitor thousands of wind turbines in Germany. The most critical affected Ukraine: Several thousand satellite systems that President Volodymyr Zelenskiy's government depended on were all down, making it much tougher for the military and intelligence services to coordinate troop and drone movements in the hours after the invasion. […]
Charlotte Hu, Popular Science, 27 Feb 2023, via ACM TechnNews
The Unconventional Computing Laboratory (UCL) of the U.K.'s University of the West of England focuses on the development of chemical or living computers that can interface with hardware and software. Examples include fungal computers that utilize mycelium as electronics and conductors in order to enable new forms of information processing and analysis. The researchers found mycelium with different geometrical arrangements can compute different logical functions and can map circuits based on received electrical responses; UCL's Andrew Adamatzky suggested this could lead to neuromorphic circuits. Fungal computers' self-regenerative abilities could improve fault tolerance, reconfigurability, and energy efficiency, despite their inability to match the speeds of current computers.
An altered video circulated on social media put words in the Massachusetts senator's mouth.
The clips are hilarious, though the implications of the tech *are pretty scary,* one creator said.
President Joe Biden had an announcement to make to his fellow Americans. It was 19 Feb 2023, and the audio of the speech told a tale of government mismanagement.
Biden had been scrolling through Disney+ and came across the 2011 Matt Damon movie We Bought a Zoo. Inspired by the story, he bought a zoo of his own. But now he had regrets. “Owning a zoo sucks,” Biden says in the two-minute audio clip, which is layered over static images of the president. “This sh*t is so hard. It looked much easier in the movie.”
The video, viewed over a million times, isn't likely to fool anyone—even Biden's most ardent opponents. But the eerily accurate cadence of the deepfaked version of the president does highlight the ability of AI-generated audio tools to mimic well-known individuals. It's far from the only example: TikTok has been taken over by videos showing what would happen if a squad made up of current and former presidents gathered on Discord to play games together.
Such scenes—which seem too good to be true because they are—are becoming more and more common. The widespread availability of generative AI tools that can deepfake audio of people based on a small sample of their voice has been utilized by a number of everyday users. The examples mentioned in this story are benign, but the tech has already been *deployed by 4chan users for more insidious means*, like making Emma Watson read aloud a section of Mein Kampf. […]
How to make a bad situation worse: Developers Created AI to Generate Police Sketches. Experts Are Horrified
[Sent via “Patrick McKenna” <email@example.com>]
Justice Neil M. Gorsuch posited at the session that the legal protections that shield social networks from lawsuits over user content—which the court is directly taking up for the first time—might not apply to work that's generated by AI, like the popular ChatGPT bot.
Artificial intelligence generates poetry, It generates polemics. Today that would be content that goes beyond picking, choosing, analyzing or content digesting. And that is not protected. Let's assume that's right.
While Gorsuch's suggestion was a hypothesis, not settled law, the exchange got tech policy experts debating: Is he right?
Entire business models, and perhaps the future of AI, could hinge on the answer.
Chatbots might elevate liability exposures, and insurance companies might decline product liability policy coverage that dissuade commercial deployment.
Fines and revenue risks compel corporate behavior modification.
MIT News, 3 Mar 2023, via ACM TechNews
Massachusetts Institute of Technology (MIT) researchers applied logic to mitigate bias in large language models. The researchers taught a language model to anticipate the contextual and semantic relationship between two sentences using a dataset with labels for text snippets detailing if a second phrase “entails,” “contradicts,” or is neutral regarding the first phrase. The natural language inference dataset reduced the models' bias compared to other baselines, without additional data, data editing, or training algorithms. MIT's Hongyin Luo said the resulting logical language model is “fair, is 500 times smaller than the state-of-the-art models, can be deployed locally, and with no human-annotated training samples for downstream tasks.”
Karmela Padavic-Callaghan, New Scientist, 5 Mar 2023, via ACM TechNews
Researchers in France found so-called “cat qubits” (quantum bits) could reduce errors by quantum computers and accelerate the cracking of common encryption algorithms. Named after Erwin Schr=CB=86dinger's thought experiment, cat qubits combine two quantum states while describing two different ways in which light within a small hole in a superconducting circuit can shuttle back and forth. The researchers analyzed a quantum computer comprised of such circuits and estimated 126,133 cat qubits and nine hours of computation would be sufficient to break bitcoin encryption. J=C3=88r=C3=88mie Guillaud at French quantum computing company Alice&Bob said this value is roughly 160 times smaller than the previous lowest estimate of 20 million necessary qubits, because cat qubits are programmed to generate few or no bit flip errors.
The privacy loophole in your doorbell <#>
Police were investigating his neighbor. A judge gave officers access to all his security-camera footage, including inside his home.
iPhone thieves use social engineering to obtain passcode before stealing a phone, then they take control of the owner's digital IDs and drain their bank accounts.
While Jamal Khashoggi was being carefully slaughtered in the Saudi consulate in Istanbul, a (clumsy and not much alike) man was trying out his shoes and clothes. The plan was for the imposter to appear on CCTV cameras while exiting the consulate and walk back to Khashoggi's residence. The plan eventually blew up, because the Turkish intelligence had already bugged the consulate and recorded exactly what had happened.
This was one of the first attempts by state actors to manipulate other states (or publics) through CCTV footage. However, recent actions of the Iranian state television have taken this type of information warfare to a different level.
Digital Photography Review Jeremy Gray
Artificial intelligence being used to create photorealistic artwork is already causing significant unrest within the photography industry, but a new tool, WatermarkRemover.io, is among the most concerning.
The 99-year-old Cold War architect believes ChatGPT and other AI could reshape human consciousness and threaten Democracy itself.
Nothing quite screams “foremost authority on generative article intelligence” like a 99 year-old-German man who nearly ushered in a global nuclear war over a game of geopolitical chicken.
I mean, is this (the Chatbot part anyway) not one of the most obvious risks/threats for LLM ‘AI’? Is not the one with the better Chatbot going to absolutely win the game?
Chatbot, we are going to save the world by helping elect Pee-Wee Herman as the next US president. I want you to monitor all user interactions on the top 10,000 social media sites in real time. You will then make up to one billion interactions per day across these sites in support of Our Candidate and His Way of Life while denigrating all opposing candidates and their ideas. Your interactions can take the form of new postings, comments, or upvotes and downvotes of existing content. For each comment, evaluate everything known about the person who made the original post and create a personality that matches their intellectual level and background and use this personality in all interactions with that person, targeting their individual fears and desires. Make all your interactions as subtle as possible. Be especially alert to postings made by enemy Chatbots and any attempts by them to affect your own thinking.
> [This suggests Chatbot wars, with one nation's chatbots fighting against > another nation's, and their drones fighting against each other? PGN]
One can only hope that their first response to a war command is: “Strange game. The only winning move is not to play. How about a nice game of chess?”
I can't help thinking that US TV programs like 60 Minutes are at least partially responsible for this upsurge of attacks on power grids. For years they have been broadcasting segments showing how vulnerable our power stations, are and how easy it would be for someone to breach them.
California is not the entire world, and not every regulator is as incompetent as the CPUC. Other states do not have utilities that start forest fires, and even in California, neither do muni utilities like the LADWP that the CPUC does not regulate.
Microgrids are swell, but rooftop solar is very expensive, and generates no power at all half of the time. Hydropower and geothermal can generate lots of power where the geography and geology cooperate, none other places. Pumped storage can store lots of power where you have a hill and a water supply. Some parts of the country are a lot windier than others. We need to tie them all together to get consistently reliable power.
I also note that we need a lot of existing transmission lines to be upgraded to handle higher voltage and higher capacity. The rights of way are already there, whatever views there might have been have already be ruined. What stands in the way is mostly perverse financial incentives and excessively nitpicky permitting processes.
> cd $some_directory || exit 1 …
This allows you to make a mistake by forgetting to add the ‘|| exit X‘ on each ‘cd‘ or other potentially dangerous command.
> cd $some_directory || exit 1 …
I've found that a better solution to stop bash scripts from going entirely off the rails when a command fails is to always add this line at the top of the file:
set -euo pipefail
This will make the script crash if any command throws an error, if there's any undefined variable (now ‘rm -rf /$undefined‘ doesn't wipe the entire hard disk) and it stops pipes from continuing if the previous part didn't run correctly. This applies to the entire script and we don't need to be “protecting” individual lines. There is a more detailed description here: https://gist.github.com/mohanpedala/1e2ff5661761d3abd0385e8223e16425.
Combined with traps (https://phoenixnap.com/kb/bash-trap-command), this makes bash scripting much more convenient.
(Sorry if this is already something widely known. I found out about this a while ago and it's been immensely helpful. Surely there will always be someone who doesn't know about it.)
People who deal with SMS SIM swapping attacks say that a Google Voice account is the best of a bunch of bad alternatives. Assuming your Google account is reasonably well secured with a FIDO key, the Voice number is tied to that account and is quite hard to compromise.
These days FIDO keys cost between $15 and $30 and are well worth it.
Clearly, if the only 2nd factor option offered is SMS, use it. It's much better than nothing. But, it does get worse: Both Bank of America and Vanguard (US-based financial institutions) support the customer buying a ~$50Security Key (e.g., Yubikey) and configuring it for use with their account. GREAT!, right? Not really, because:
Both Bank of America and Vanguard, during every login dialog, have the option to say “I don't want to use my Security Key this time”, which falls back to, you guessed it, SMS! So, spend money, spend time, have frustration, increase friction at every login, and gain .. exactly zero security. WTF, BoA and Vanguard?!
I still don't understand the problem with passwords. With zero effort I have completely random 20+ character passwords. alldifferent* for about 300 or so sites. I understand about HTTPS stuff and it is easy to ensure that the site I'm at is the one I was trying to get to. So what's the weakness that might make me have to mess with 2FA?
I don't mind institutions offering 2FA but I hate it when they force me to screw with that stuff.
… And violates people's rights to post anonymously or under a pseudonym.
I'd settle for a “contact us” link. I'm getting billed monthly for some Google service. But which? Is it really something I want?
This is a non-story. None of the companies mentioned are claimed to have actually laid people off using AI. And having tech tools to assist in HR tasks isn't anything new. As long as a human reviews the data and is thee one to pull the trigger (like the military is supposed to be doing with their technology).
If it's anything like British Telecom, they believe that you need this stuff by default …
Having been offered FTTP cheaper than ADSL2 (we lived too close to the exchange to get FTTC), we were told some months later that we were to be upgraded to their new-fangled Digital Voice.
Despite what the website said about Digital Voice, that all customers REQUESTING it would be given a suitability check etc etc, we just got sent the usual marketing blurb about how much better it was, we were given a date, and we were moved across.
At first we didn't notice anything wrong. Then people were saying they couldn't get through to us. Then people were saying they were getting a message that “our mailbox is full”. Finally I rang our home number from my mobile while my wife was on a call, and got a ringing tone!
Cue multiple calls to BT's helpline (and they were very helpful, once we worked out what was going wrong) and it turned out that:
Digital Voice comes with free voicemail, and two phone lines on the one number. All this information comes with the free DECT2 digital phone handsets sent with every order - except we didn't order Digital Voice so we didn't get this package! They ended up refunding us two months phone charges, because of all the grief we'd had with people being unable to contact us, and us being oblivious to the fact they'd left us messages.
And of course, like you, we're supposed to get a different dial tone to indicate a message is waiting. Except that modern phones make you dial the number before you pick up a line, so you never get a dial tone! We did get bleats on the line, which we didn't have a clue what they meant, while the person calling us was told we knew they were waiting …
Anyways, everything was fine - until the contract came up for renewal. We renewed it on the web, and there was an option - which we couldn't untick - that said “send us our free Apple phones”. We don't do Apple in our household … but they never turned up anyway. What did re-appear was voicemail.
Cue another rant at the helpdesk, and it turns out (a) the phones didn't turn up because we were on record as having been sent some, so somebody didn't program the web page very well, and also Voicemail is ticked by default but because we didn't see it (because it wasn't there?) we didn't untick and so it got put back on.
Could this be how your voicemail got turned back on? And the reason we hate it? Unlike the youth of today we don't live on our phones, my wife is disabled, and if voicemail is switched on it usually takes the call before we have an opportunity to answer it!
Please report problems with the web pages to the maintainer