Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Korean researchers are developing a humanoid “pibot” that looks like a character from a 1960s science fiction sitcom but unlike most autonomous flight systems, this one can literally fill in for pilots in any aircraft. The team at the Korea Advanced Institute of Science and Technology (KAIST) say their creation can fly a plane without any modifications to the flight deck. “Pibot is a humanoid robot that can fly an [airplane] just like a human pilot by manipulating all the single controls in the cockpit, which is designed for humans,” David Shim, an associate professor of electrical engineering at KAIST, told Euronews Next.
Pibot has arms and hands with enough dexterity to manipulate controls as accurately in turbulence as a human, but the team says it has other capabilities that far outstrip those of mere mortals. For instance, the full library of Jeppesen charts is stored in memory as are any relevant manuals and reference material. It also gets real-time video from cameras mounted inside and outside the flight deck. The data for the aircraft it’s flying is loaded into that memory without bias learned from other platforms. Artificial intelligence allows it to understand all that information, including emergency procedures, and apply it to the mission at hand. “With the pilot robot, if we teach individual aeroplane configuration, then you can fly the aeroplane by simply clicking the aeroplane’s type,” Shim told Euronews Next.
https://www.avweb.com/aviation-news/pibot-better-than-human-pilots-say-researchers/
https://arstechnica.com/?p=1962625
Op-ed: PC makers used to need to bring their own add-on bloatware”no longer.
The “out-of-box experience” (OOBE, in Microsoft parlance) for Windows 7 walked users through the process of creating a local user account, naming their computer, entering a product key, creating a “Homegroup” (a since-discontinued local file- and media-sharing mechanism), and determining how Windows Update worked. Once Windows booted to the desktop, you'd find apps like Internet Explorer and the typical in-box Windows apps (Notepad, Paint, Calculator, Media Player, Wordpad, and a few other things) installed.
Keeping that baseline in mind, here's everything that happens during the OOBE stage in a clean install of Windows 11 22H2 (either Home or Pro) if you don't have active Microsoft 365/OneDrive/Game Pass subscriptions tied to your Microsoft account: (Mostly) mandatory Microsoft account sign-in. Setup screen asking you about data collection and telemetry settings.
This process is annoying enough the first time, but at some point down the line, you'll also be offered what Microsoft calls the “second chance out-of-box experience,” or SCOOBE (not a joke), which will try to get you to do all of this stuff again if you skipped some of it the first time. This also doesn't account for the numerous one-off post-install notification messages you'll see on the desktop for OneDrive and Microsoft 365. (And it's not just new installs; I have seen these notifications appear on systems that have been running for months even if they're not signed in to a Microsoft account, so no one is safe).
And the Windows desktop, taskbar, and Start menu are no longer the pristine places they once were. Due to the Microsoft Store, you'll find several third-party apps taking up a ton of space in your Start menu by default, even if they aren't technically downloaded and installed until you run them for the first time. Spotify, Disney+, Prime Video, Netflix, and Facebook Messenger all need to be removed if you don't want them (this list can vary a bit over time).
https://arstechnica.com/gadgets/2023/08/windows-11-has-made-the-clean-windows-install-an-oxymoron/
The Biden administration has changed its mind about a Massachusetts state law giving mechanics and car owners access to more diagnostic data.
https://www.wired.com/story/nhtsa-massachusetts-right-to-repair-letter/
How a Well-Regarded Mac App Became a Trojan Horse
NightOwl was supposed to make Macs work in dark mode. After a recent update, one developer discovered it was siphoning users’ data through a botnet.
https://gizmodo.com/how-nightowl-for-mac-added-a-botnet-1850740785
https://gizmodo.com/dea-falls-for-crypto-scam-55-000-dollars-stolen-funds-1850771607
https://gizmodo.com/tornado-cash-money-laundering-charges-1850767649
Recent reports of new security incidents involving Clear have some lawmakers concerned that TSA isn't doing enough to keep airports safe.
https://www.washingtonpost.com/transportation/2023/08/10/tsa-clear-enhanced-= id-checks/
Gizmodo’s tests found the higher-ed gatekeeper shares GPAs, SAT scores, and other data with big tech.
https://gizmodo.com/sat-college-board-tells-facebook-tiktok-your-scores-gpa-1850768077
[…] I'll note here the fundamental issue. In their promotion of passkeys, Google attempts to gloss over a key weakness (no pun intended) in their passkey implementation, and in my discussions with them to try “minimize” the importance of this problem.
Google's current passkey implementation is completely dependent on the device security on which passkeys have been deployed. Google has not provided any mechanism for secondary passwords or other authentication methods to specifically protect passkeys if a device is compromised.
Every day, many devices are stolen and their access authentication bypassed, sometimes by thieves who see the actual authentication sequence before stealing phones, etc., sometimes since the user has set relatively weak authentication in the first place.
This means that once access is gained to the phone past the device security level, there is no additional protection available for the passkeys that can give access to every user account that is passkey protected via that device.
That's the executive summary. The details are lengthy.
https://www.cbc.ca/news/health/paralysis-brain-speech-1.6943743
New technology is ‘big advance’ in interpreting brain signals to let someone speak, say researchers
Radiocarbon dates are defined as the number of years BP “before present” meaning the number of years before 1 Jan 1950. This is partly because soon after 1950, large scale atmospheric testing of nuclear weapons altered the global ratio of carbon-14 to carbon-12.
A similar epoch is currently occurring with the Internet as vast quantities of AI generated information, and misinformation, are being poured into web sites and message boards with no reliable way to distinguish AI generated and human generated content.
This means that The Internet Archive is now a priceless resource: it contains a copy of the last remaining version of the Internet consisting of text almost entirely generated by humans and not tainted by AI language models. Any future AI large language models which make use of current or later Internet content, will be unable to avoid the vicious feedback caused by training an AI on AI generated content.
You note in RISKS-33.79 that the warning sirens in Lahaina might not have been activated because they were just designed to warn of a tsunami which might have prompted a dangerous response. Clearly a range of siren codes ought to have been set up and widely advertised, besides just ‘tsunami’ and (I assume) an ‘all clear’.
When I first visited Hawaii some years ago, I stayed in a hotel in Hilo where there were prominent warning posters explaining the four possible emergency warnings and what to do about them:
I concluded that Hawaii was a dangerous place and that nowhere was safe. But notably the risk of wild fires was not on that list.
Lawsuit: Sotheby's $24M sale to FTX gave Bored Ape NFTs “an air of legitimacy.”
The Sotheby's auction house has been named as a defendant in a lawsuit filed by investors who regret buying Bored Ape Yacht Club NFTs that sold for highly inflated prices during the NFT craze in 2021. A Sotheby's auction duped investors by giving the Bored Ape NFTs “an air of legitimacy… to generate investors' interest and hype around the Bored Ape brand,” the class-action lawsuit claims.
The boost to Bored Ape NFT prices provided by the auction “was rooted in deception,” said the lawsuit filed in US District Court for the Central District of California. It wasn't revealed at the time of the auction that the buyer was the now-disgraced FTX, the lawsuit said.
“Sotheby's representations that the undisclosed buyer was a ‘traditional’ collector had misleadingly created the impression that the market for BAYC NFTs had crossed over to a mainstream audience,” the lawsuit claimed. Lawsuit plaintiffs say that harmed investors bought the NFTs “with a reasonable expectation of profit from owning them.”
Sotheby's sold a lot of 101 Bored Ape NFTs for $24.4 million at its “Ape In!” auction in September 2021, well above the pre-auction estimates of $12 million to $18 million. That's an average price of over $241,000, but Bored Ape NFTs now sell for a floor price of about $50,000 worth of ether cryptocurrency, according to CoinGecko data accessed today.
Election conspiracy theorist Mike Lindell claims he's going to stop voting fraud by flying drones near polling places to determine whether voting machines are connected to the Internet.
Lindell, the My Pillow CEO who helped finance Donald Trump's baseless election protests, “demonstrated” the technology at an event he hosted in Missouri this week (see video). Lindell's innovation appears to be a wireless sniffing device mounted on a drone, apparently attached with velcro.
“This was the lie that's been told to every person in our country… these electronic voting machines”from routers to printers to polling books”they're not online. Well, what if I told you there was a device that's been made for the first time in history that can tell you that that machine was online?”
The drone flew into the building and onto the stage, with Lindell pulling the device off the drone and telling the audience, “This wireless monitoring device, it just grabbed all of your cell phones, everybody in this room, every device that's on the Internet right now.”
The flying wireless monitor may have impressed Lindell's audience, but there doesn't appear to be any major advance in network monitoring technology here. Lindell said the gadget, which he calls a “WMD” for “Wireless Monitoring Device,” detects nearby Wi-Fi networks and MAC addresses.
“Now we've got a way to monitor; we've never had this before in history. They can't lie to us anymore,” Lindell said. “For this fall's election, we want to get every single parish in Louisiana covered, we're doing this right now.” A Daily Beast article said Lindell's plan might violate Louisiana state laws on criminal trespassing and the use of unmanned aircraft to conduct surveillance. Lindell claimed he's already used the device in Florida.
The risk? A stomach ache from laughing at wonderful/scathing comments, like:
There's a lot of stupidity to parse here, but did anyone think to tell him that the acronym WMD has some … shall we say, historical baggage to consider?
The article said that Wegmans notified the customers when they could (presumably when the sale was tied to a frequent shopper account) and reversed all of the dup charges. What else would you expect them to do?
Given how much duct tape and baling wire there is in the way credit cards are processed, it's surprising it doesn't happen more often. Double posting is a well known database problem that gets harder to avoid as the transaction rate increases, since the customers don't want to wait for a full three-way handshake.
They handled it correctly, but blaming a “glitch” makes it sounds like—oh well, stuff happens. Nothing to see here, move along. No, someone made a mistake or a system failed. “Glitch” is weasel language disclaiming responsibility.
I was just double charged by a restaurant—amounts before and after tip. That wasn't a “glitch”, someone made a mistake or a system failed.
The way charge settlement works, there's no “wait for three-way handshake”. It's: - auth request, approved or denied in real time - settlement hours later
What this probably means is that they did double settlement for some reason, in both cases. Now that might be because their processor screwed up and gave a failure indicator when it actually worked; we'll never know.
The scary/sad part is that in days of yore, there would be logs and someone tasked with giving a *** about them so when this happens, there would be a way to track it down and figure it out. That's assuming the bogus failure indicator case, not just human error—but if it happens often enough, it would be worth the proceessor's while to do things like compare batches and say “Hey, these are the same” .
Actually, now that I think more on it, the settlement includes the approval, so this is arguably 100% the processor's fault: they should have said “BTDT, not gonna run this one again”.
Or if the Wegman's back-end system (which they'll have, unlike Gabe's small restaurant) did double approvals, the processor could have heuristics that say “This type business is hella unlikely to produce identical amounts for the same card, flag it” (unlike, say, McDonald's, where a large drink might get ordered repeatedly.)
Please report problems with the web pages to the maintainer