Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
https://www.bbc.com/news/articles/cw0769446nyo
Women Who Code (WWC), a charity that supports women who work in the technology sector, has announced it is shutting down because of a lack of funding.
The U.S.-based organisation says it had 360,000 people in its community, across 145 countries.
I am not a member or supporter of either Women Who Code or Girls Who Code (separate non-profits that both started in 2011), but have been aware of the existence of these two groups. Certainly, it is important for women and girls to feel comfortable learning how to code, and to be able to find work and equal pay in coding-related fields. Unfortunately, I feel that neither group has/had successfully addressed the problems of bias and harassment against girls and women who code.
What has long been needed for all in the computing fields, is to learn how to work side-by-side with people of all genders, where mutual respect and acknowledgment of everyone's contributions are encouraged and nurtured. Splitting into same-sex support groups has not and does not create healthy, safe, and fair workplaces. It is possible that these same-sex non-profits may have inadvertently reinforced the stereotype of “lesser than or different” while not appropriately addressing the very real biases and affronts that women and girls and others continue to battle in schools and the workplace.
While belated and often posthumous recognitions of female coders occasionally occurs, such as for the Women of the ENIAC and Grace Murray Hopper, extreme bias in prizes continues to be blatant and overlooked. A very visible example of gender bias is exemplified by the Association of Computing Machinery's Turing Award. Over the 58 years of its issuance, there have only been 3 women, as compared to 74 men, given this esteemed prize. The last woman received her Turing in 2012. Since Google endowed it in 2014 with $1,000,000.00 for each award, precisely ZERO women have been selected for the honor. It is utterly appalling that Turing himself (wrongly convicted by the British government of sexual indecency, submitted to chemical castration, and possibly murdered) continues to be exploited with this highly biased award being presented annually, often to coders, in his name, without his permission. THIS NEEDS TO STOP.
In conclusion, we must see that new and better support groups are created that will expose and expunge wrongs and biases in workplaces, schools, governments, professional organizations, non-profits, and other entities that make decisions and set policies based on antiquated ideas of genders and sexualities. Those who code should help to create a level playing field, where all people can find ways to work together with egalitarianism and mutual respect.
Rebecca Mercuri, PhD
I remember in 1998 attending an event in 1998 at which ACM had a session on the incredible(?) “shrinking pipeline”, which had studied the reasons women were leaving computing.
The choices included image (geeks), the hours (medicine was seen as eventually getting better, but computing not), etc. Not included, but widely written in: “sexual harassment”.
Soon after I had dinner with a woman who sold large computer systems. I told her about the survey. She immediately said: “Did they mention sexual harassment?”
I know I wrote about it somewhere, but can't locate where.
A WashPost examination found that losses of engine power, part of what the Dali experienced when it crashed into the Key Bridge in Baltimore, are not uncommon.
https://www.washingtonpost.com/investigations/2024/04/16/dead-ships-propulsion-loss/
https://www.theregister.com/2024/04/20/cybertruck_car_wash_mode/
Alaska Airlines briefly grounded all flights after an error was found in a software upgrade calculating the plane mass and balance. “Alaska said it had experienced an issue ‘while performing an upgrade to the system that calculates our weight and balance.’”
The airline had a similar problem in February 2023. In that case:
“To determine the thrust and speed settings for takeoff, Alaska’s pilots and others use a performance calculation tool supplied by a Swedish company called DynamicSource.
It delivers a message to the cockpit with crucial weight and balance data, including how many people are on board, the jet’s empty and gross weight and the position of its center of gravity.
In a cockpit check before takeoff, this data is entered into the flight computer to determine how much thrust the engines will provide and at what speed the jet will be ready to lift off.“
https://www.seattletimes.com/business/boeing-aerospace/all-alaska-airline-flights-grounded/
Three 5.25-inch floppy disks help keep Muni running every morning. A tech upgrade could take until 2030.
https://www.wired.com/story/san-francisco-muni-trains-floppy-disks/
Interesting, a bit surprising, but still:
https://www.theregister.com/2024/04/17/gpt4_can_exploit_real_vulnerabilities/
OpenAI's GPT-4 large language model (LLM) can autonomously exploit vulnerabilities in real-world systems if given a CVE advisory describing the flaw.
The global Internet relies on 800,000 miles of undersea cables that are constantly breaking. This is the story of the 22 aging ships that fix them.
The world’s emails, TikToks, classified memos, bank transfers, satellite surveillance, and FaceTime calls travel on cables that are about as thin as a garden hose. There are about 800,000 miles of these skinny tubes crisscrossing the Earth’s oceans, representing nearly 600 different systems, according to the industry tracking organization TeleGeography. The cables are buried near shore, but for the vast majority of their length, they just sit amid the gray ooze and alien creatures of the ocean floor, the hair-thin strands of glass at their center glowing with lasers encoding the world’s data.
If, hypothetically, all these cables were to simultaneously break, modern civilization would cease to function. The financial system would immediately freeze. Currency trading would stop; stock exchanges would close. Banks and governments would be unable to move funds between countries because the Swift and U.S. interbank systems both rely on submarine cables to settle over $10 trillion in transactions each day. In large swaths of the world, people would discover their credit cards no longer worked and ATMs would dispense no cash. As U.S. Federal Reserve staff director Steve Malphrus said at a 2009 cable security conference, “When communications networks go down, the financial services sector does not grind to a halt. It snaps to a halt.”
Corporations would lose the ability to coordinate overseas manufacturing and logistics. Seemingly local institutions would be paralyzed as outsourced accounting, personnel, and customer service departments went dark. Governments, which rely on the same cables as everyone else for the vast majority of their communications, would be largely cut off from their overseas outposts and each other. Satellites would not be able to pick up even half a percent of the traffic. Contemplating the prospect of a mass cable cut to the UK, then-MP Rishi Sunak concluded, “Short of nuclear or biological warfare, it is difficult to think of a threat that could be more justifiably described as existential.”
Fortunately, there is enough redundancy in the world’s cables to make it nearly impossible for a well-connected country to be cut off, but cable breaks do happen. On average, they happen every other day, about 200 times a year. The reason websites continue to load, bank transfers go through, and civilization persists is because of the thousand or so people living aboard 20-some ships stationed around the world, who race to fix each cable as soon as it breaks.
https://www.theverge.com/c/24070570/internet-cables-undersea-deep-repair-ships
YouTube videos of 6K celebrities helped train AI model to animate photos in real time.
On Tuesday, Microsoft Research Asia unveiled VASA-1, an AI model that can create a synchronized animated video of a person talking or singing from a single photo and an existing audio track. In the future, it could power virtual avatars that render locally and don't require video feeds”or allow anyone with similar tools to take a photo of a person found online and make them appear to say whatever they want.
Hospitals' trauma activation fees are unregulated and extremely variable.
Since 2021, federal law has required hospitals to publicly post their prices, allowing Americans to easily anticipate costs and shop around for affordable care—as they would for any other marketed service or product. But hospitals have mostly failed miserably at complying with the law.
A 2023 KFF analysis on compliance found that the pricing information hospitals provided is “messy, inconsistent, and confusing, making it challenging, if not impossible, for patients or researchers to use them for their intended purpose.” A February 2024 report from the nonprofit organization Patient Rights Advocate found that only 35 percent of 2,000 US hospitals surveyed were in full compliance with the 2021 rule.
But even if hospitals dramatically improved their price transparency, it likely wouldn't help when patients need emergency trauma care. After an unexpected, major injury, people are sent to the closest hospital and aren't likely to be shopping around for the best price from the back of an ambulance. If they did, though, they might also need to be treated for shock.
According to a study published Wednesday in JAMA Surgery, hospitals around the country charge wildly different prices for trauma care. Prices for the same care can be up to 16-fold different between hospitals, and cash prices are sometimes significantly cheaper than the negotiated prices that insurance companies pay.
[This has been known since Mar 2021.]
If you have a Chirp lock, someone else could have already been home by now.
https://krebsonsecurity.com/2024/04/crickets-from-chirp-systems-in-smart-lock-key-leak/
Producer remained vague about whether AI was used to edit photos.
An executive producer of the Netflix hit What Jennifer Did has responded to accusations that the true crime documentary used AI images when depicting Jennifer Pan, a woman currently imprisoned in Canada for orchestrating a murder-for-hire scheme targeting her parents.
What Jennifer Did shot to the top spot in Netflix's global top 10 when it debuted in early April, attracting swarms of true crime fans who wanted to know more about why Pan paid hitmen $10,000 to murder her parents. But quickly the documentary became a source of controversy, as fans started noticing glaring flaws in images used in the movie, from weirdly mismatched earrings to her nose appearing to lack nostrils, the Daily Mail reported, in a post showing a plethora of examples of images from the film.
Apple said it complied with orders from the Chinese government to remove the Meta-owned WhatsApp and Threads from its App Store in China. Apple also removed Telegram and Signal from China.
Accounts with stored payment information went for as little as $0.50 each.
Everyone with a Roku TV or streaming device will eventually be forced to enable two-factor authentication after the company disclosed two separate incidents in which roughly 600,000 customers had their accounts accessed through credential stuffing.
Credential stuffing is an attack in which usernames and passwords exposed in one leak are tried out against other accounts, typically using automated scripts. When people reuse usernames and passwords across services or make small, easily intuited changes between them, actors can gain access to accounts with even more identifying information and access.
Christina Szalinski, Undark Magazine, 29 Apr 2024
Some experts have concerns over the safety of the genetically modified bacteria.
https://arstechnica.com/health/2024/04/the-gmo-tooth-microbe-that-is-supposed-to-prevent-cavities/
How AI Publishing Academy works.
https://www.esquire.com/entertainment/books/a45751827/make-a-living-as-a-writer/
It’s so difficult for most authors to make a living from their writing that we sometimes lose track of how much money there is to be made from books, if only we could save costs on the laborious, time-consuming process of writing them.
The Internet, though, has always been a safe harbor for those with plans to innovate that pesky writing part out of the actual book publishing. On the Internet, it’s possible to copy text from one platform <https://www.poetryfoundation.org/harriet-books/2010/04/retyping-an-entire-book-is-one-thing-cutting-pasting-an-entire-book-is-another> and paste it into another seamlessly, to share text files <https://bookriot.com/how-easy-is-it-to-pirate-books/>, to build vast databases of stolen books <https://www.theatlantic.com/technology/archive/2023/08/books3-ai-meta-llama-pirated-books/675063/>. If you wanted to design a place specifically to pirate and sleazily monetize books, it would be hard to do better than the Internet as it has long existed.
Now, generative AI has made it possible to create cover images, outlines, and even text at the click of a button.
https://www.vox.com/culture/24128560/amazon-trash-ebooks-mikkelsen-twins-ai-publishing-academy-scam
The answer has been known for many decades: for any safety-critical software you develop the software using formal methods to prove that it is correct. You implement it in a compiled language that is designed from the start to have no undefined behavior, to check for and prevent array index overflow and to handle all memory management. The language is compiled using a provably correct compiler. And you also have extensive unit and system tests.
Another possibility is that the very wealthy companies who produce these chatbots have an interest in influencing the outcome of the elections, and that the factually false information they are spreading may be a feature, not a bug.
The companies certainly do have QA departments, but maybe the department's job is to ensure that the correct biases are being promulgated by the chatbots. Just as Microsoft's QA department was tasked to ensure that Windows would not work properly with DR-DOS.
Brad Silverberg wrote to Jim Allchin “DR-DOS has problems running windows today, and I assume will have more problems in the future.” Allchin replied: “You should make sure it has problems in the future. :-)”
https://www.theregister.com/1999/11/05/how_ms_played_the_incompatibility/
> The U.S. Air Force is putting AI in the pilot's seat.
After the use of drones to kill enemies half way around and thus avoid the guilt and the possibility of getting the killers arrested and prosecuted, this is the second bad idea that the Pentagon had.
If a weapon can be used remotely, it can also be hacked remotely.
A real-life ‘Azdak’ judge !!
Berthold Brecht's play The Caucasian Chalk Circle includes a character named Azdak who is an idiot, but who inadvertently becomes a judge in the middle of political chaos.
Apparently, Brecht's feeling was that a completely random judge is fairer than a judge who judiciously applies the law in a universally biased fashion. https://www.litcharts.com/lit/the-caucasian-chalk-circle/act-5-the-chalk-circle
“Azdak removes his judge's gown, stating that it has gotten too hot for him to wear it any longer—he signs the elderly couple's divorce papers and leaves the chambers, inviting all present to join him outside for a dance. When Shauwa checks the divorce document, he sees that ***Azdak has divorced the wrong couple***—he has divorced Grusha from Jussup rather than divorcing the elderly couple.”
Please report problems with the web pages to the maintainer