Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
NASA accidentally lost contact with its Voyager 2 probe after sending a wrong command. It could mean the end of its 46-year-old mission.
https://www.businessinsider.com/nasa-loses-contact-voyager-2-sent-wrong-command-mistake-space-2023-8
The close call was the fourth time this year aircraft at Logan have inadvertently flown close to one another, according to FAA records.
https://www.foxnews.com/us/unlikely-animal-falls-from-sky-knocks-power-out-thousands-new-jersey-town
A fish dropped out of the sky by its bird captor caused a power outage for a section of homes in a New Jersey town, officials say. “There is a large area of Lower Sayreville without power. [Jersey Central Power & Light] is reporting a [fish emoji] was found on a transformer.”
High winds => downed power lines => sparked fires => melted water lines + pumping power loss => no way to fight the fires.
Reminds me of the ‘Useless Box’ that Turns Itself Off: https://www.youtube.com/watch?v=3KTilOsXBmU
Lahaina clearly demonstrates the Major Risk ofcentralized electrical power systems; to gain resilience, we have to move to distributed electrical power systems, aka ‘microgrids’:
https://www.nrel.gov/grid/microgrids.html
“Advanced microgrids enable local power generation assets—including traditional generators, renewables, and storage—to keep the local grid running even when the larger grid experiences interruptions or, for remote areas, where there is no connection to the larger grid.”
https://www.nytimes.com/2023/08/13/us/lahaina-water-failure.html
As Inferno Grew, Lahain's Water System Collapsed
Firefighters who rushed to contain the Maui wildfire found that hydrants were running dry, forcing crews to embark instead on a perilous rescue mission.
West Maui's water system relies on electrical power to pump water through the network and deliver it to fire hydrants, and officials at Hawaiian Electric, the state's main electrical utility, have said that the need to maintain this pumping capability has made it difficult to shut off power when high winds pose a fire risk.
“Pre-emptive, short-notice power shut-offs have to be coordinated with first-responders and in Lahaina, electricity powers the pumps that provide the water needed for firefighting,” said Jim Kelly, a spokesman for the utility.
Windows Secure Time Seeding resets clocks months or years off the correct time.
A few months ago, an engineer in a data center in Norway encountered some perplexing errors that caused a Windows server to suddenly reset its system clock to 55 days in the future. The engineer relied on the server to maintain a routing table that tracked cell phone numbers in real time as they moved from one carrier to the other. A jump of eight weeks had dire consequences because it caused numbers that had yet to be transferred to be listed as having already been moved and numbers that had already been transferred to be reported as pending. […]
Sarah Kessler and Tiffany Hsu, The New York Times business front page, 17 Aug 2023
AI Village was part of a White-House endorsed contest to expose weak spots before the criminals can. [PGN-ed]
https://www.cbc.ca/radio/asithappens/san-francisco-robotaxi-traffic-jam-1.6= 938440
The day after California approved an expansion of driverless taxis, 10 of them came to a grinding halt on a busy San Francisco street, creating a gridlock that encompassed several blocks.
The culprit? A music festival.
“Cell phones were overwhelmed, and as a result, they were not able to take control of these cars—which is a pretty frightening systemic defe= ct,”
Aaron Peskin, president of the San Francisco Board of Supervisors (SFBV), told As It Happens guest host Paul Hunter.
Not only was there the 10-car back-up of Cruise-owned autonomous taxis in city's North Shore neighbourhood on Friday, but on the other side of the city, closer to the Outside Lands music festival, Peskin said “there were also scores of them that came to a grinding halt.”
Of course, just a handful of days ago the CPUC said Waymo and Cruise could vastly expand their fleets in SF. At least the DMV has some sense about this half-baked tech. -L
The technology is not ready. The alarms are blinking RED. It's beyond irresponsible to push out this half-baked tech this way. -L
https://www.theverge.com/2023/8/15/23831170/robotaxi-cpuc-sf-waymo-cruise-traffic-halt
I know it's difficult to stop a media trend once it has begun but there is no current functionally complete AI available. I propose the counter inflamatory term Dijkstra's demon. The underlying algorithms that drive LLMs are essentially pathfinders. Instead of connecting points for paths, they connect glyphs to form new glyphs (to borrow a term from Hofstadter) Comparing a LLM to a less than ideal way of connecting two subjects is a more accurate model to work from than the popular construction of a “thinking” machine.
Also, in my non-legal opinion, start reserving derivative works in any of your statement of work negotiations. ChatGPT is almost entirely unusable now because it doesn't have a provenance for what it's spitting out. Now that you ask, yes, I am in fact in an armchair.
Date: Fri, 4 Aug 2023 14:06:42 -0400 From: Gabe Goldberg <gabe@gabegold.com> Subject: Crypto smart contracts still stupid (Amy Castor)
Curve: smart contracts, stupid humans
“Smart contracts” are small programs that run right there inside a blockchain. In enterprise computing, these would be called “database triggers” or “stored procedures.”
You never use triggers or stored procedures unless you absolutely have to, because they're very easy to get wrong and a pain in the backside to debug. In the real world, you keep your financial data and the programs working on it separate.
So, of course, crypto uses programs embedded in the database for everything and touts the difficulty in working with them as a feature and not evidence of the idea's incredible stupidity.
A smart contract full of crypto can reasonably be treated as a piata, just waiting for you to whack it in the right spot and get the candy.
Today's piñata is Curve Finance, a DeFi exchange used for trading stablecoins and other tokens. Curve was hacked on July 30 due to a bug in the Vyper language compiler. Smart contracts that were using Vyper versions 0.2.15, 0.2.16, and 0.3.0 were vulnerable. About $70 million in funds was drained from liquidity pools whose smart contracts used these versions. [Twitter, archive; Twitter, archive]
Vyper, which is inspired by Python, was supposed to have been an improvement over the hilariously awful Solidity—a.k.a. “JavaScript with a concussion” — that most Ethereum Virtual Machine smart contracts are written in. Unfortunately, the Vyper compiler had a bug that meant compiled code was exploitable. So you could mathematically prove your smart contract program was correct # and the compiled version could still be exploited. This could hit any Vyper smart contract using vulnerable versions. [Twitter, archive]
Once crude and unsophisticated, DDoSes are now on par with those by nation-states.
The protracted arms race between criminals who wage Distributed Denial- of-Service attacks and the defenders who attempt to stop them continues, as the former embraces alarming new methods to make their online offensives more powerful and destructive, researchers from content-delivery network Cloudflare reported Wednesday. With a global network spanning more than 300 cities in more than 100 countries around the world, Cloudflare has visibility into these types of attacks that's shared by only a handful of other companies. The company said it delivers more than 63 million network requests per second and more than 2 trillion domain lookups per day during peak times. Among the services that Cloudflare provides is mitigation for the[se] attacks. [… LONG and rather repetitive text PGN-truncated]
https://arstechnica.com/security/2023/07/attackers-find-new-ways-to-deliver= -ddoses-with-alarming-sophistication/
María Luisa Paúl https://www.washingtonpost.com/nation/2023/08/04/bitfinex-hack-guilty-plea/
Heather Morgan and Ilya Lichtenstein hadn't been implicated in the 2016 Bitfinex hack itself - until Lichtenstein delivered a bombshell revelation Thursday.
Microsoft has removed an article that advised tourists to visit the “beautiful” Ottawa Food Bank on an empty stomach, after facing ridicule about the company's reliance on artificial intelligence for news.
But an unnamed Microsoft spokesperson later blamed the article's publication on “human error,” rather than “unsupervised AI.”
Counterfeits are the bane of the Parmigiano Reggiano Consortium, which is now trialling tech in the rind
https://www.theregister.com/2023/07/20/ukraine_busts_russian_bot_farm/
“Ukrainian cops have disrupted a massive bot farm with more than 100 operators allegedly spreading fake news about the Russian invasion, leaking personal information belonging to Ukrainian citizens, and instigating fraud schemes.”
After conducting 21 searches, the country's cyber and national police seized computer equipment, mobile phones, more than 250 GSM gateways, and about 150,000 SIM cards.
“The Cyber Police established that the attackers used special equipment and software to register thousands of bot accounts in various social networks and subsequently launch advertisements that violated the norms and legislation of Ukraine,” according to machine translation of the news alert issued by the police.
Insiders in Vinnytsia, Zaporizhzhia, and Lviv were involved in the bot farm, we're told.
I'm guessing that will also take some of the load problems from Twitter..
A 3-hour phone call that brought her to tears: Imposter scams cost Americans billions
Valeria Haedo, a visual artist based in New York City, was caught off guard when she was targeted in a complex phone scam.
It was a Monday in the middle of the day when Valeria Haedo got a phone call from a number she didn't recognize. She doesn't normally pick those up, but she did that day. The caller said his name was Officer Robert Daniels from U.S. Customs and Border Protection and he had a warrant for her arrest.
He told Haedo she could verify him by Googling his name and department. She did, and it checked out. But what Haedo didn't realize in that moment is she'd just been targeted in an intricate scam. She was kept on the phone for more than three hours and eventually brought to tears.
The scam is known as an imposter scam and is the top fraud in the U.S. right now. It involves the perpetrator impersonating an authority figure and using scare tactics to reel in victims. While these scams have been around forever, they've become more believable because con artists use real names of law enforcement officers that show up with caller ID from an actual office and even local accents. […]
https://www.npr.org/2023/06/19/1182464826/scammer-phone-calls-imposter-fraud\
A 2021 ransomware breach at Gigabyte reportedly compromised more than 112 gigabytes of data including code and other information related to widely-used baseboard management controllers (BMC) processors on system boards.
The exposed defects reportedly include zero-day and code execution vulnerabilities. An update is being prepared to address known issues.
I have long advocated connecting to BMC and similar control interfaces using a physically separate LAN. Remote access is necessary, but access to the isolated “walled garden” should be through a separate gateway portal.
The Ars Technica article:
The Internet Archive also reached a confidential settlement with book publishers.
Major record labels are suing the Internet Archive, accusing the nonprofit of “massive” and “blatant” copyright infringement “of works by some of the greatest artists of the Twentieth Century.”
The lawsuit was filed Friday in a US district court in New York by UMG Recordings, Capitol Records, Concord Bicycle Assets, CMGI, Sony Music Entertainment, and Arista Music. It targets the Internet Archive's “Great 78 Project,” which was launched in 2006. […]
https://arstechnica.com/?p=1961146
There's a simple and inexpensive way to fight back: The NYT could surround the real text of their sites by a thick wall of AI-generated nonsense, invisible to regular users but accessible to parasitic AI's crawlers.
This way, their sites would quickly become detrimental to the parasite's contents.
>https://neurosciencenews.com/cellphone-radiation-brain-cancer-18889/
It has come to my attention that the same publication published the exactly opposite results in 2022:
https://neurosciencenews.com/cell-phone-brain-tumor-20314/
Please report problems with the web pages to the maintainer