Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
https://www.wsj.com/articles/microsoft-bets-that-fusion-power-is-closer-tha= n-many-think-cb1b09dc I'd bet against it. [It certainly adds to the CON-FUSION. PGN] [Monty Solomon had another related item: Microsoft just made a huge, far-from-certain bet on nuclear fusion Scientists have been dreaming about nuclear fusion for decades. Microsoft thinks the technology is nearly ready to plug into the grid. https://www.theverge.com/2023/5/10/23717332/microsoft-nuclear-fusion-power-plant-helion-purchase-agreement PGN]
Natalie B. Compton, *The Washington Post*, 2 May 2023 Witnesses said two tourists took a wrong turn on April 29 and followed their GPS straight into Honokohau Harbor in Kailua-Kona, Hawaii. https://www.washingtonpost.com/travel/2023/05/02/hawaii-tourists-car-sink-harbor/
https://fox5sandiego.com/news/local-news/man-who-caught-2-navy-ships-nearly-colliding-ordered-to-take-cameras-down/
https://www.npr.org/2023/05/12/1175984778/tennessee-company-refuses-recall-air-bags Reminiscent of the Takada air-bag inflator debacle affecting ~67 million vehicles in 2014. Takada dug in their corporate heals, refused to initiate a mandatory recall until Toyota bailed out of the keretsu. GM being proactive about recall demonstrates responsive corporate governance.
And now for something completely different: some good RISKS news. https://slate.com/business/2023/04/cars-buttons-touch-screens-vw-porsche-nissan-hyundai.html Happily, there is one area where we are making at least marginal progress: A growing number of automakers are backpedaling away from the huge, complex touch screens that have infested dashboard design over the past 15 years. Buttons and knobs are coming back.
https://us.cnn.com/2023/05/06/business/ntsb-automatic-driving-safety/index.html he NTSB has called on regulators to set performance minimums for these features, to test vehicles rigorously against those standards and provide the results to consumers. But we're still waiting. Regulations—performance standards—are "set" by regulators via negotiations with industry. When driverless vehicle manufacturers negotiate, they will advocate for 'achievable' standards which often yield the lowest manufacturing expense with least consumer risk reduction effectiveness. Nevermind explainability for DV actions—that's too hard to achieve in practice.
Toyota: Car location data of 2 million customers exposed for ten years https://www.bleepingcomputer.com/news/security/toyota-car-location-data-of-2-million-customers-exposed-for-ten-years/
https://techcrunch.com/2023/04/28/illumina-dna-tech-fda-security-flaw/ In separate advisories released on Thursday, U.S. cybersecurity agency CISA and the U.S. Food and Drug Administration warned that the security flaw -- tracked as CVE-2023-1968 with the maximum vulnerability severity rating of 10 out of 10—allows hackers to remotely access an affected device over the internet without needing a password. If exploited, the bug could allow hackers to compromise devices to produce incorrect or altered results, or none at all. [Genetically modified plants will never taste the same.]
https://www.justice.gov/usao-dc/pr/ohio-man-sentenced-stealing-over-712-bitcoin-subjected-forfeiture Hackers are breaking into AT&T email accounts to steal cryptocurrency. AT&T says cybercriminals exploited an API issue to take control of victims' email addresses https://techcrunch.com/2023/04/26/hackers-are-breaking-into-att-email-accounts-to-steal-cryptocurrency/ Makes mattress banking appealing. [Is your house even more secure? PGN]
https://www.reuters.com/world/us/dallas-disrupted-by-hackers-courts-closed-police-fire-sites-offline-2023-05-04/
https://www.nbcnews.com/news/us-news/navy-doctors-dentists-are-told-owe-3-years-service-military-admits-ano-rcna82508
The attackers were in thousands of corporate and government networks. They might still be there now. Behind the scenes of the SolarWinds investigation. https://www.wired.com/story/the-untold-story-of-solarwinds-the-boldest-supply-chain-hack-ever/
Michaeleen Doucleff, *NPR*, May 9, 202312:02 AM ET, Heard on Morning Edition For the first time, the American Psychological Association has issued recommendations for guiding teenager's use of social media. The advisory, released Tuesday, is aimed at teens, parents, teachers and policy makers. This comes at a time when teenagers are facing high rates of depression, anxiety and loneliness. And, as NPR has reported, there's mounting evidence that social media can exacerbate and even cause these problems. "Right now, I think the country is struggling with what we do around social media," says Dr. Arthur Evans, CEO of the APA. The report, he says, marshals the latest science about social media to arm people "with the information that they need to be good parents and to be good policy makers in this area." The 10 recommendations in the report summarize recent scientific findings and advise actions, primarily by parents, such as monitoring teens' feeds and training them in social media literacy, even before they begin using these platforms. https://www.npr.org/sections/health-shots/2023/05/09/1174838633/psychologists-issue-health-advisory-for-teens-and-social-media
Three Companies Supplied Fake Comments to FCC Impersonating Millions of Americans Without Their Knowledge or Consent to Influence Internet Policy (to repeal net neutrality rules) https://ag.ny.gov/press-release/2023/attorney-general-james-secures-615000-companies-supplied-fake-comments-influence
https://www.cnbc.com/2023/04/28/chinese-hackers-outnumber-fbi-cyber-staff-50-to-1-director-wray-says.html Quality of hackers, not quantity, usually determines software product effectiveness in terms of performance, reliability, resource consumption, and other measurable user-space factors. Though, defect escape exploitation discovery likely accelerates with keystroke count. Is the 50:1 ratio due to some state-sponsored generative AI tool—a GPT-like malware generator on steroids, or real bodies typing at keyboards?
https://www.nytimes.com/2023/05/01/technology/ai-problems-danger-chatgpt.html A recent letter calling for a moratorium on AI development blends real threats with speculation. But concern is growing among experts.
Artificial intelligence poses "an existential threat to humanity" akin to nuclear weapons in the 1980s and should be reined in until it can be properly regulated, an international group of doctors and public health experts warned Tuesday in *BMJ Global Health <https://globalhealth.bmj.com/lookup/doi/10.1136/bmjgh-2022-010435>*. What they're saying: "With exponential growth in AI research and development, the window of opportunity to avoid serious and potentially existential harms is closing," wrote the authors, among them experts from the International Physicians for the Prevention of Nuclear War and the International Institute for Global Health. The big picture: The warning comes amid increasing calls for improved oversight of artificial intelligence from the likes of Geoffrey Hinton, the so-called godfather of AI, who announced he was quitting Google over his worries about threats from machine learning, PBS reports <https://www.pbs.org/video/the-future-of-ai-1683317973/>. Zoom in: The physicians and public health experts say the health care community needs to sound the alarm "even as parts of our community espouse the benefits of AI in the fields of health care and medicine." - They cite AI's ability to rapidly analyze sets of data could be misused for surveillance and information campaigns to "further undermine democracy by causing a general breakdown in trust or by driving social division and conflict, with ensuing public health impacts." - They also raised concerns about the development of future weapons systems which could be capable of locating, selecting and killing "at an industrial scale" without the need for human supervision. - And they noted AI's potential impact on jobs. - "While there would be many benefits from ending work that is repetitive, dangerous, and unpleasant, we already know that unemployment is strongly associated with adverse health outcomes and behavior," they said. Between the lines: Health industries have been grappling with the potential benefits of AI—the improved ability to diagnose disease, discover new therapies, answer patient questions and perform menial tasks—and its potential harms. - Studies have cited hospital algorithms that discriminated against Black patients by allocating less care to them. <https://www.ehidc.org/sites/default/files/resources/files/Dissecting racial bias in an algorithm used to manage the health of populations.pdf> Questions have also been raised about the reliability of algorithms, with researchers warning of a "reproducibility crisis <https://www.nature.com/articles/d41586-022-02035-w>" in health care studies... [...] https://www.axios.com/2023/05/10/docs-warn-ai-existential-threat-humanity
*Pilot program aims to see if AI will cut time that medical staff spend replying to online inquiries* Behind every physician's medical advice is a wealth of knowledge, but soon, patients across the country might get advice from a different source: artificial intelligence. In California and Wisconsin*, *OpenAI's GPT generative artificial intelligence is reading patient messages and drafting responses from their doctors. The operation is part of a pilot program in which three health systems test if the AI will cut the time that medical staff spend replying to patients' online inquiries. UC San Diego Health and UW Health began testing the tool in April. Stanford Health Care aims to join the rollout early next week. Altogether, about two dozen healthcare staff are piloting this tool. Marlene Millen, a primary care physician at UC San Diego Health who is helping lead the AI test, has been testing GPT in her inbox for about a week. Early AI-generated responses needed heavy editing, she said, and her team has been working to improve the replies. They are also adding a kind of bedside manner: If a patient mentioned returning from a trip, the draft could include a line that asked if their travels went well. “It gives the human touch that we would,'' Millen said. There is preliminary data that suggests AI could add value. ChatGPT scored better than real doctors at responding to patient queries posted online, according to a study published Friday in the journal JAMA Internal Medicine, in which a panel of doctors did blind evaluations of posts. [...] <https://jamanetwork.com/journals/jamainternalmedicine/fullarticle/10.1001/jamaainternmed.2023.1838?guestAccessKey=6d6e7fbf-54c1-49fc-8f5e-ae7ad3e02231&utm_source=For_The_Media&utm_medium=referral&utm_campaign=ftm_links&utm_content=tfl&utm_term=042823>
These generative models eat a whole lot of prose and compute the probability of the next word. (Emacs has had "dissociated-press" for many years.) There is no logic. prompted with "the Moon is made of..." it can say "rocks" or "green cheese" but probably not "colorless green ideas." Using ChatGPT to answer patients is an attempt to trick the patient into thinking that their inquiry is being answered, and sending random garbage instead. People expect their medical advice to be based on knowledge and reasoning. This is not. Joe would indeed be horrified. https://www.theregister.com/2023/04/28/column/?td=rt-3a has some facts. For an article on what people want when accessing medical reports, https://www.newyorker.com/news/essay/the-curious-side-effects-of-medical-transparency [Tom added later: I remember Joe telling me, probably late 60s, that he believed that it was very unethical for any programmer to work on speech recognition, because of the potential for totalitarian misuse. Now, most smart phones, smart speakers, etc. listen to what people say and act on what they hear, and thriller movies give the impression that the NSA listens in to all phone conversations in the world for key words. PGN]
Using ChatGPT to detect plagiarism is a bit ironic, considering that what ChatGPT does, essentially, is to compose text by combining text written by others—the very definition of plagiarism.
ChatGPT is back in business in Italy, with added privacy features Alfred Ng, 28 Apr 2023 Italy's data protection officials on Friday said they are reopening the doors for OpenAI, after the company announced several privacy changes to its popular artificial intelligence chatbot ChatGPT.
Daniela Sirtori-Cortina and Rachel Metz, Bloomberg 9 May 2023 via ACM TechNews, 12 May 2023 In June, Wendy's plans to test an artificial intelligence (AI)-powered chatbot's ability to take drive-thru orders at a store near Columbus, OH. Powered by Google Cloud's AI software, the system purportedly can understand requests phrased differently from the menu and answer frequently asked questions. Wendy's said there are no plans to reduce labor in response to the chatbot's deployment, but it will shift crew responsibilities to handle an increase in drive-thru and digital orders. During the pilot, staff will oversee the chatbot to ensure it can handle all requests and will be on hand to step in if customers insist on speaking with a human. [W(h)en-dees boigers are overcooked, I presume the chatbot will have a smart-ass response ready to go as well. PGN]
https://twitter.com/0xgaut/status/1650867275103174660 Twitter says "Hmm...this page doesn't exist. Try searching for something else."
After reaching a settlement with Fox News for $787.5 Million, Dominion Voting Systems speaks exclusively with Axops Pro Rata author Dan Primack. Dominion Voting Systems was once an obscure, private equity-owned election machine maker. It seems to wish it still was, despite securing a $787.5 million settlement from Fox News. Why it matters: Three key players from Dominion, speaking exclusively with Axios Pro Rata author Dan Primack, describe the Fox settlement as a shot across the bow for defendants in six remaining cases. Four takeaways from Dan's interviews with Dominion CEO John Poulos; Hootan Yaghoobzadeh, co-founder of Staple Street Capital, Dominion's private equity owner; and Stephen Shackelford, outside attorney on the Fox case: 1. Dominion felt its business was badly burned by accusations Fox aired about the 2020 presidential election. Existing employees received death threats, sometimes including their home addresses. Recruiting new employees became almost impossible. Dominion had some customers cancel contracts early. Some potential clients said the firm was too politically radioactive to hire.Staple Street Capital, which bought the business in 2018, had laid out a growth plan and was prepping a series of acquisitions and international expansion. All of that was disrupted in the days following the 2020 election. 2. Staple Street's CEO felt a sense of deja vu. Yaghoobzadeh's family immigrated to the U.S. from Iran when he was 5-years old, fearing persecution during that country's revolution. 3. Dominion wasn't very interested in an on-air apology. The company didn't believe it would have been sincere. Shackelford adds that things might have gone a bit differently if Fox had publicly apologized early. 4. Tucker Carlson's firing wasn't a condition of the settlement. But Dominion and its lawyers believe the lawsuit and the pre-trial discovery "got that rock moving." Dominion appears to be going full steam ahead on six other pending lawsuits against One America News, Newsmax, Sidney Powell, Rudy Giuliani, Patrick Byrne and Mike Lindell. Reality check: None of those are expected to reach trial before 2024." Dominion Voting Systems tells its Fox News lawsuit story
This item reminded me of this survey published recently in Canada: https://bcchamber.org/wp-content/uploads/2021/10/Cyber-Security-and-Business-Survey-Summary-Report.pdf I think the main difference wrt the original submission is that this survey includes all types of businesses, not only IT firms. "While 72% of responding businesses rated their level of cyber security knowledge as average, above average, or expert, nearly two thirds (61%) of businesses have experienced a cyber security incident. ***Despite this, almost three quarters (74%) of businesses didn't report it.***"
>All that went out the window when the Inmarsat-41 satellite signal failed. Something is seriously garbled here. There is no Inmarsat-41 satellite. They are probably referring to Inmarsat-4 F1 which failed on April 16 and came back into service on 19 Apr 2023. BUT, that is a geosynchronous communication satellite in orbit at about 36000 Km. It has nothing whatsoever to do with GPS, which is an unrelated system using 38 satellites in 20000 Km orbits. I believe something went wrong that made the tractors fail, but it wasn't GPS. I wonder what it was.
GNSS positioning needs at least four good quality satellite signals to calculate an accurate 3-D+Time fix (by solving simultaneous equations). To get cm level accuracy requires a GPS receiver which also receives messages with accuracy corrections for satellite orbits, regional ionospheric and tropospheric conditions; see: https://www.septentrio.com/en/learn-more/insights/gnss-corrections-demystified Because of space weather, satellite signal interference, and occasional service outages, these signals from regional broadcast satellite services, like that from Inmarsat I-4 F1, are usually backed up by other satellites, terrestrial internet and/or radio alternatives, including mobile 3GPP, which these Australian farmers, or their equipment suppliers, appear not to have considered essential to ensure operation.
> Does anyone know if there have been any desire to automagically fix this > problem? or do we just continue to kick the can down another 1024 > [weeks]? PGN This *has* been addressed, by kicking the can even further down the road: For several years now, the GPS signal has extended the 10-bit week number by an additional 3 bits, i.e., it is now a ~160-year rollover instead of every ~20 years. You do need updated GPS receiver firmware to be able to use that 13-bit week number though, and there are many other ways to solve the issue: The most obvious is probably to just have a writable flash-memory record where the current year is written every week/month/year: On a full reset/restart you read that field and use it to determine which week epoch you are in. This works as long as the year field is updated at least once every 20 years. An even cheaper solution would be to hardcode the compilation date of the firmware, but this has already failed (after 20 years!) in embedded equipment where firmware is effectively never updated.
It could be caused by your provider's network signal being weak sending or your phone decoding glitchy https://en.wikipedia.org/wiki/NITZ messages, your phone roaming to another provider's network with a weak signal, or it could be an improperly configured Cell-Site Simulator/IMSI Catcher/"Stringray" device run by law enforcement or other entity or organization, drowning out any cell network provider signal. There is a GPS 1024 week rollover about every 19.6 years, the last was 2019 Apr 6 Sat/7 Sun, the next will be 2038 Nov 20 Sat/21 Sun (GPS time - epoch == TAI @ 1980 Jan 6 Sun == TAI - 19s since 2017 == UTC + 18s since 2017). The real problem is cheap receivers do not decode the GPS messages with extended 13-bit 8192-week numbers (possibly using only a receiver chip vendor's basic reference design or licensed IP), so they add windowing based on some build date, and after 1024 weeks, or sometimes a smaller portion of that (as decided by the vendor), the receiver time decoding reaches EoL and wraps around. > Does anyone know if there have been any desire to automagically fix this > problem? or do we just continue to kick the can down another 1024 [weeks]? Effectively, yes, but with more engineering in the major supported NTP daemons ntpd, chrony, ntpsec, which have all added similar GPS week rollover window mitigation, based on the daemon build date (perhaps by now some significant accurate persistent file system date info also), to compensate for GPS dates before the build (or file system or file) date, and add weeks to adjust the messages to the current time.
Rebecca Mercuri noted a remarkably relevant one-hour Software Engineering podcast episode, from the IEEE Computer Society, with Ross Anderson on Software Obsolescence, with interesting related links: https://www.se-radio.net/2023/04/se-radio-559-ross-anderson-on-software-obsolescence/ There are some pithy examples for RISKS, but I would rather you got them from Ross.
StopRansomware.gov is the U.S. Government's official one-stop location for resources to tackle ransomware more effectively. https://www.cisa.gov/stopransomware
May 31 Talk with Ina Schaefer, Professor of Software Engineering Register now for the next free ACM TechTalk, "Correctness-by-Construction - How Can We Build Better Software?" (https://acm-org.zoom.us/webinar/register/WN_354Ix98JTSSKqVoxqKGmyg), presented on Wednesday, May 31 at 12:00 PM ET/16:00 UTC by Ina Schaefer, Professor of Software Engineering at Karlsruhe Institute of Technology (KIT), Germany. Will Tracz, Former Chair of ACM SIGSOFT and member of the ACM Professional Development Committee, will moderate the questions and answers session following the talk. Leave your comments and questions with our speaker now and any time before the live event on ACM's Discourse Page (https://on.acm.org/t/correctness-by-construction-how-can-we-build-better-softwa re/2805). And check out the page after the webcast for extended discussion with your peers in the computing community, as well as further resources on large language models, generative AI, and more. (If you'd like to attend but can't make it to the virtual event, you still need to register to receive a recording of the TechTalk when it becomes available.) Note: You can stream this and all ACM TechTalks on your mobile device, including smartphones and tablets.
Please report problems with the web pages to the maintainer