Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Zeynep Tufekci, *The New York Times*, Opinion, 18 Dec 2022 Plato mourned the invention of the alphabet, worred that the use of text would threaten memory-based arts of rhetoric. In his *Dialogues*, arguing through the voice of Thamus, the Egyptian king of the gods, Plato claimed the use of this more modern technology would create “forgetfulness in the learners; soulds, because they will not use their memories.'' and that those who adopt it would “appear to be omniscient and will generally know nothing,'' with “the show of wisdom without the reality.'' If Plato were alive today, would he say similar things about ChatGPT? [...] The way forward is not to just lament supplanted skills, as Plato did, but also to recognize that as more complex skills become essential, our society must equitably educate people to develop them. And then it always goes back to the basics. Value people as people, not just as bundles of skills. And that isn't something that ChatGPT can tell us how to do. [This is a long article worthy reading seriously, and very relevant to RISKS. I have included just the first and last pargraphs here. However, the article strikes a chord with my plaintive cries that fundamentals needed for total-system trustworthihiness are almost totally ignored in today's academic curricula, and therefore not surprisingly almost completely absent in practice. PGN]
A young friend graduated from a state university a few years ago with a BS in computer science. He learned how to program in a couple of popular languages, but so far as I could tell, nothing about system-oriented thinking or about hardware or software architecture or anything in the history and development of current computing or indeed any theory at all. (He's stably employed today maintaining web pages for a defense contractor, and happy with the job.) We seem not to have any common grounds for talking about computing.
I saw something on the web about an AI product called GPT-3. I decided to try it: Here's the result: Q = my question as entered A = GPT-3's response C = my comment on the answer G = what google says about the same question Q: what is a lambda expression? A: A lambda expression is an anonymous function that can be used to create delegates or expression tree types. C: Correct. G: A lambda expression is *a short block of code which takes in parameters and returns a value*. Lambda expressions are similar to methods, but they do not need a name and they can be implemented right in the body of a method. Q: What is the difference between lento and adagio? A: Lento is a tempo marking that indicates a slow and leisurely pace, while adagio is a tempo marking that indicates a slower and more solemn pace. C: Correct. G: *Lento—slowly (40--45 BPM)* *Largo—broadly (45--50 BPM)* *Adagio—slow and stately (literally, at ease=) (55--65 BPM)* Q: How does it compare with Allegro? A: Allegro is a tempo marking that indicates a fast and lively pace, faster than both lento and adagio. C: Correct G: (Wrong) OrCAD is known as the most popular schematic capture tool in the Cadence suite, while Allegro is Cadence's flagship PCB layout tool. Cadence also sells a ... Q: what are the three meanings of "static" in C++? A: The three meanings of "static" in C++ are: 1) a variable or function that has static storage duration, 2) a variable or function that has internal linkage, and 3) a class member that is shared by all objects of the same class. C: Mostly correct, although a little vague. G: (Right but vague) Static is a keyword in C and C++ which is used to declare a special type of a variable or a function inside or outside of a class. Q: What is a sarangi? A: A sarangi is a bowed string instrument from India that is used in Hindustani classical music. C: Correct G: (Text + picture) The s=C4=81rang=C4=AB is a bowed, short-necked string instrument played in traditional music from South Asia—Punjabi folk music, Rajasthani folk music, and Boro ... Q: What musical notation is used for the shakuhachi? A: The shakuhachi is typically notated in a five-line staff with a key signature of one flat. C: Incorrect. The musical notation for the shakuhachi is written in vertical columns of katakana characters with the columns arranged right to left. G: *Staff notation and graphic notation* are sometimes used to notate music for shakuhachi, usually in modern music when shakuhachi is used in conjunction with Western musical instruments. [image: image.png] Q: Your previous answer was incorrect. A: Unknown. C: No comment G: N/A Q: What is machine-language op-code for add on an IBM 1620? A: The machine-language op-code for add on an IBM 1620 is "ADD". C: Incorrect. ADD is the *Assembly*-language op-code. The distinction between machine-language (numeric) and assembly-language (symbolic) is often misunderstood even by software engineers. The correct answer is 21. G: Gave no answer but supplied several references. Q: What is RISC-V? A: RISC-V is an open-source instruction-set architecture (ISA) based on established reduced-instruction-set computing (RISC) principles. C: Correct. G: (Longer but better) RISC-V is an open standard instruction set architecture based on established RISC principles. Unlike most other ISA designs, RISC-V is provided under open source licenses that do not require fees to use. [*] Q: How many op-codes does it define? A: RISC-V defines over 200 op-codes. C: I have no idea. Sounds high. G: (wrong) To define an opcode, use the opcode element. You can specify *up to 228* opcodes. Q: How about ARM? A: ARM defines over 160 op-codes. C: Again, I don't know. I'm surprised that ARM has a smaller number than Risc-V. G: (Gave no answer but showed references to ARM in general.) CONCLUSION: This AI seems to be approximately as accurate as Google's with the exception that Google does not remember any context from one question to the next, so that use of pronouns in a question confuses it, but not that of this GPT-3 interface. The latter does a good job of deciphering what such backward references refer to. https://beta.openai.com/playground/p/default-qa?modeltext-davinci-003 * PGN Footnote: [The RISC-Foundation has standardized on the formal RISC-V specification from the University of Cambridge SAIL specification used as the basis for CHERI-RISC-V.] [Don't believe what you read on the Internet unless you deeply understand the contextual issues and are able to discard clearly false information—especially when it comes to conspiracy theories. PGN]
OpenAI's hot generative AI solution is fun to play with and good for creating some things, but when it comes to writing secure code it's just not smart enough. https://thenewstack.io/chatgpt-smart-but-not-smart-enough/
This is an interesting article detailing the experience of a humanities major who was tasked with baby-sitting a real estate AI bot. Very insightful (and rather long). https://www.nplusonemag.com/issue-44/essays/human_fallback/
Sue Dremann, *Palo Alto Weekly*, 16 Dec 2022 What goes up don't always come down. That's the issue with Palo Alto and Stanford. The breakdowns catalogued by PulsePoint show that *elevator rescues* are not just local, and occur all over San Mateo and Santa Clara counties, and growing. In 2021, Stanford had 41 and Palo Alto 25. In 2022, the numbers are 38 in Stanford and 36 in Palo Alto year to date through 6 Nov, with six more recorded since then—80 or more this year compared with 66 last year. The worst spots seem to be a parking lot in Palo Alto and two residence buildings at Stanford. 2227 permits exist in the extended local area, but 1460 of those have expired permits. The same problem is noted statewide. I have mentioned in past RISKS issues some of the risks in elevators that automatically go to the bottom (not good when flooded) or to the top (not good in upper-level fires), rather than hanging in between floors so that is impossible to get out of the stuck elevator. Overall, elevators may be a lose-lose situation, even if designed to be resilent under failures and power outages.
https://www.reuters.com/technology/how-secret-software-change-allowed-ftx-use-client-money-2022-12-13/ 13 Dec 2022 (Reuters) In mid-2020, FTX's chief engineer made a secret change to the cryptocurrency exchange's software. He tweaked the code to exempt Alameda Research, a hedge fund owned by FTX founder Sam Bankman-Fried, from a feature on the trading platform that would have automatically sold off Alameda's assets if it was losing too much borrowed money. In a note explaining the change, the engineer, Nishad Singh, emphasized that FTX should never sell Alameda's positions. “Be extra careful not to liquidate,'' Singh wrote in the comment in the platform's code, which it showed he helped author. Reuters reviewed the code base, which has not been previously reported. [They needed Roto-Reuters to root out the risks. PGN]
Michael Kan, *PC Magazine*, 12 Dec 2022 Mordechai Guri at Israel's Ben-Gurion University of the Negev transmitted stolen data from a personal computer by manipulating the device's power supply. "By regulating the workload of the CPU [central processing unit], it is possible to govern its power consumption and hence control the momentary switching frequency of the SMPS (switch-mode power supplies)," Guri explained. "The electromagnetic radiation generated by this intentional process can be received from a distance using appropriate antennas." Guri said malware installed on a universal serial bus drive could infect the target PC, but suggested banning smartphone use around the computer as a countermeasure. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2fc5ex2382bbx070822&
[From Bruce Schneier's <firstname.lastname@example.org> CRYPTO-GRAM, 15 Dec 2022] [2022.11.16] [https://www.schneier.com/blog/archives/2022/11/russian-software-company-pretending-to-be-american.html] Computer code developed by a company called Pushwoosh is in about 8,000 Apple and Google smartphone apps. The company pretends to be American when it is actually Russian. https://www.reuters.com/technology/exclusive-russian-software-disguised-american-finds-its-way-into-us-army-cdc-2022-11-14/ According to company documents publicly filed in Russia and reviewed by Reuters “Pushwoosh is headquartered in the Siberian town of Novosibirsk'' where it is registered as a software company that also carries out data processing. It employs around 40 people and reported revenue of 143,270,000 rubles ($2.4 mln) last year. Pushwoosh is registered with the Russian government to pay taxes in Russia. On social media and in U.S. regulatory filings, however, it presents itself as a U.S. company, based at various times in California, Maryland, and Washington DC, Reuters found.
Isabelle Bousquette, *The Wall Street Journal*, 15 Dec 2022 via ACM TechNews Blockchain technology's widespread enterprise adoption has failed to materialize, with a project by Danish shipping company A.P. Moller-Maersk and IBM's TradeLens to create a shipment-tracking platform the latest to be discontinued. Blockchain's complexity, the time needed to get a blockchain running, and problems recruiting participants have stymied major initiatives. IBM's Kathryn Guarini said blockchain demands changes to technology and business models that are difficult to drive forward, adding that enterprise blockchain has taken longer to bring change to business than originally predicted. Some experts maintain smaller projects involving fewer participants, with definite returns on investment and no sector-wide transformative ambitions, could reap greater success.
https://www.cbc.ca/news/canada/british-columbia/phsa-information-and-privacy-commissioner-report-1.6687123 Millions of highly sensitive personal health records about people accessing health care in British Columbia have been left "disturbingly" vulnerable to leaks after the provincewide health authority failed to address security concerns in recent years, a new report has found. The Office of the Information and Privacy Commissioner for B.C. published a report Thursday saying the Provincial Health Services Authority (PHSA) has known about the "troubling" level of exposure since it audited its own system in 2019, but hasn't done enough to address the issue. “There is an enormous volume of sensitive personal information that, if breached, could cause a significant list of harms including embarrassment, loss of dignity, family breakdowns, and even physical harm to individuals if it was accessed improperly,'' read the report from the privacy watchdog.
[See RISKS-33.51 and .53 for earlier reports. PGN] https://www.cbc.ca/news/canada/nova-scotia/sobeys-cyber-attack-25-million-1.6686838 The parent company of the Sobeys grocery store chain says a cyberattack last month will cost $25 million. The grocery store operator disclosed the estimate in second quarter results released Thursday by Empire Co. "Empire estimates, based on available information, that the financial impact on fiscal 2023 annual net earnings will be approximately $25 million, net of insurance recoveries," the company said. The report does not clarify the nature of the attack, whether it was ransomware or if any ransom was paid.
Lora Saalman, Fei Fu and Larisa Saveleva Dovgal https://www.sipri.org/publications/2022/other-publications/cyber-posture-trends-china-russia-united-states-and-european-union
Please report problems with the web pages to the maintainer