1. Forum
  2. Usenet
  3. COMP.RISKS

  • Risks Digest 32.15

    From RISKS List Owner@21:1/5 to All on Tue Jul 28 19:36:09 2020
    RISKS-LIST: Risks-Forum Digest Tuesday 28 July 2020 Volume 32 : Issue 15

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
    <http://catless.ncl.ac.uk/Risks/32.15>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    EncroChat (ZDNet)
    China's Huawei holds a 5G trump card (Reuters)
    Elon and Jeff are brilliant! Surely *they* can solve our broadband issues.
    (Amitel)
    Why Scientists Stored "The Wizard of Oz" in DNA (Popular Mechanics)
    Coronavirus misinformation goes wild again (NYTimes Tech)
    The dishonest reporting on the riots is breathtaking. The crisis in our
    media deepens... (Twitter)
    NIST study finds that masks defeat most facial recognition algorithms
    Only those with plastic visors were infected: Swiss government warns
    against face shields (TheLocal.ch)
    Long-Lost Computation Dissertation of Unix Pioneer Dennis Ritchie
    (Rebecca Mercuri via PGN)
    PDF signatures *worse than* useless (Anthony Thorn)
    Re: Darwin's tautology? (Martin Ward)
    Re: The three worst things about email (Dmitri Maziuk)
    Re: Unsolicited Chinese seeds? (Devon McCormick)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Mon, 27 Jul 2020 16:54:54 -0700
    From: Peter Neumann <neumann@csl.sri.com>
    Subject: EncroChat (ZDNet)

    Law enforcement in the United Kingdom has touted the takedown of encrypted communications platform EncroChat as its "biggest ever" operation, so far resulting in the arrest of 746 individuals, the seizing of 54 million pounds
    in cash, 77 firearms, and over two tons of drugs.

    EncroChat was one of the largest providers of encrypted communications and offered a secure mobile-phone instant-messaging service. Its sole use was
    for coordinating and planning the distribution of illicit commodities, money laundering, and plotting to kill rival criminals, the UK's National Crime Agency said.

    https://zd.net/2WAPHGQ

    ------------------------------

    Date: July 28, 2020 at 08:16:44 GMT+9
    From: geoff goodfellow <geoff@iconia.com>
    Subject: China's Huawei holds a 5G trump card (Reuters)

    Huawei is not so easy for Western countries to rip out. The Chinese telecommunications-equipment giant founded by Ren Zhengfei owns a huge trove
    of next-generation wireless patents. As a global standard for 5G emerges, Huawei technology may become essential to carriers.

    For years, the Shenzhen-based company has dominated the mobile
    infrastructure market, outselling rivals Nokia and Ericsson by offering
    cheaper alternatives. But U.S. concerns that Huawei equipment could be used
    by Beijing for espionage has gained traction: officials in the UK and France are purging their own networks of Chinese-made kit. A similar reaction elsewhere will seriously dent a business that generated nearly $43 billion
    in revenue for Huawei last year, roughly a third of the company's
    total.

    Replacing antennas and mast towers is one thing, though. Even if the likes
    of Britain's Vodafone and BT remove all existing Huawei equipment -- a move
    the UK government conservatively estimates will cost 2 billion pounds --
    global carriers will still be dependent on technology from Huawei to roll
    out next generation networks. Research firm IPlytics has found that the
    Chinese outfit owns the most 5G-related patents, and of that, roughly 15% of the essential ones.

    Simply put, these are technical specifications global carriers can build to
    in order to ensure different networks are compatible with each other. Having one unified standard will be vital for 5G, which is meant to seamlessly link
    up billions of machines, cars, and gadgets around the world. [...]

    https://www.reuters.com/article/us-huawei-tech-5g-security-breakingviews/breakingviews-chinas-huawei-holds-a-5g-trump-card-idUSKCN24S09Y

    ------------------------------

    Date: Mon, 27 Jul 2020 13:14:51 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Elon and Jeff are brilliant! Surely *they* can solve our broadband
    issues. (Amitel)

    Much has happened since we last visited the wacky world of low-earth orbit (LEO) satellite constellations and their use in providing improved broadband service to Canada's rural and remote users. This past Tuesday, July 21, all
    of Iqaluit, the capital of the Territory of Nunavut was without
    communication services; no Internet, no landline, no cell service, no cable
    TV -- simply because it was raining! In a first-world country like Canada
    this is unacceptable. We need better broadband service in Canada's North
    NOW.

    There is a rash of breathless newspaper stories in the mainstream media
    touting LEO service as arriving soon to resolve our remote and rural
    broadband issues. I wrote about it before <https://www.amitel.com/elon/>,
    that Elon Musk is not coming to save us any time soon. I also wrote about
    the Chapter 11 bankruptcy of the early leader to provide LEO service to the Arctic, OneWeb, here <https://www.amitel.com/oneweb/>. <https://www.amitel.com/oneweb/> So where do we stand now on July 27, 2020?

    Well on July 10, the U.S. bankruptcy court of the Southern District of New
    York (SDNY) approved a joint $1 billion bid for OneWeb by Britain and Bharti Airtel. The UK government and Bharti Global, an arm of Bharti Enterprises, which part owns India's Airtel, will each have roughly 45 per cent of
    OneWeb. The existing secured creditors, including SoftBank of Japan,
    OneWeb's former biggest shareholder, will own the balance.

    But the landscape has changed from before OneWeb's descent into Chapter 11
    in the spring. OneWeb's original mission was to *connect the unconnected*;
    ie it wanted to provide broadband service to the millions of people around
    the world that do not have access to the Internet. The UK has invested $500M into OneWeb for other strategic reasons, mainly to mitigate the effects of Brexit on British industry. I sure hope they realize that it is going to
    cost them more, much more and that $500M was just the table stakes to play
    in the LEO game. [...]

    https://www.amitel.com/leo/

    ------------------------------

    Date: Mon, 27 Jul 2020 13:13:51 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Why Scientists Stored "The Wizard of Oz" in DNA (Popular Mechanics)

    *DNA Is Millions of Times More Efficient Than Your Computer's Hard Drive*

    - DNA can store far more data than a magnetic hard drive, but the
    technology is limited because the genetic material is prone to errors. <https://www.popularmechanics.com/technology/gear/a31787710/best-external-hard-drive/>

    - Scientists at the University of Texas at Austin have come up with a
    way to store information in strands of DNA, while also correcting those
    errors.
    <https://cns.utexas.edu/news/power-of-dna-to-store-information-gets-an-upgrade>

    - To prove it, they've put the entirety of *The Wizard of Oz --
    translated into Esperant -- into strands of DNA, with greater accuracy
    than prior methods.

    When the Voyager spacecrafts launched in 1977, ready to study the outer
    limits of our solar system, they brought with them two golden phonograph records that each contained an assemblage of sounds and images meant to represent life on Earth. But in the future, the perfect next-gen space
    capsule could be found within our bodies. <https://www.popularmechanics.com/space/deep-space/a29684597/voyager-2-interstellar-space-results/>

    That's because DNA is millions of times more efficient at storing data than your laptop's magnetic hard drive. Since DNA can store data far more
    densely than silicon, you could squeeze all of the data in the world inside just a few grams of it. "Because DNA has been chosen by all of life as the information storage medium of choice...it turns out to be very robust," Ilya Finkelstein, an associate professor of molecular biosciences at the
    University of Texas at Austin, tells *Popular Mechanics. "*Long after our magnetic storage becomes obsolete, nature will still be using DNA." <https://blocksandfiles.com/2020/03/18/catalog-cdna-data-storage-economically-feasible/>
    <https://www.popularmechanics.com/technology/gadgets/a29396384/how-to-wipe-computer/>

    Finkelstein is part of a team at the University of Texas at Austin who are pushing the limits on DNA-based storage methods. While this research area at the intersection of molecular biology and computer science has been around since the 1980s, scientists have struggled to find a way to correct the
    errors that DNA can be so prone to making.

    In a new paper published this week in the journal *Proceedings of the
    National Academy of Sciences*, Finkelstein and company detail their new
    error correction method, which they tested out on a classic novel. They were able to store the entirety of *The* *Wizard of Oz*, translated into
    Esperanto, with more accuracy than prior DNA storage methods ever could
    have. We're on the yellow brick road toward the future of data storage.

    A Brief History of DNA Storage. [...] https://www.popularmechanics.com/science/a33327626/scientists-encoded-wizard-of-oz-in-dna/

    ------------------------------

    Date: Tue, 28 Jul 2020 10:19:19 -0700
    From: Peter Neumann <neumann@csl.sri.com>
    Subject: Coronavirus misinformation goes wild again (Shira Ovide)

    Shira Ovide [PGN-excerpted from a piece called `Amazon is Jeff Bezos', *The
    New York Times* online On Tech Newsletter, 28 Jul 2020. Another timely
    item for our coverage of misinformation and truthiness. PGN]]

    https://www.nytimes.com/2020/07/28/technology/amazon-jeff-bezos.html

    In just a few hours yesterday, another video with false information about
    the coronavirus spread like wildfire on Facebook before the company started
    to stamp it out.

    The video -- which I won't link to here, but you can find on Breitbart News
    -- showed a group of purported doctors touting unproven treatments.

    One of the videos racked up 14 million views in six hours, my colleague
    Kevin Roose tweeted. A few months ago, another video filled with coronavirus conspiracies, called *Plandemic* was watched more than eight million times
    on YouTube, Facebook and other spots over multiple days.

    Some of you may be wondering why it's so bad for people to watch a couple of videos that go against the consensus of health experts. After all, there's a lot about the virus we don't understand.

    The problem is that it's not so easy to correct the record once someone sees bogus ideas. We've seen that good information doesn't necessarily undo bad information. Doses of falsehoods can make people doubt the recommendations
    of proven health experts -- or even, the validity of elections.

    That's why Facebook, YouTube and other Internet companies, which have highlighted coronavirus information from authoritative sources such as the Centers for Disease Control and Prevention, have said they also would be aggressive about deleting false information related to the virus. (On
    Tuesday, Twitter temporarily limited some functions of the account of Donald Trump Jr., one of the president's sons, as punishment for posting the video with misleading information.)

    And yet, this latest bogus video went wild, again making me wonder whether Facebook and other popular Internet sites are so sprawling that the
    companies can't control even the most high-profile kinds of false
    information.

    ------------------------------

    Date: Mon, 27 Jul 2020 13:11:57 -1000
    From: geoff goodfellow <geoff@iconia.com>
    Subject: The dishonest reporting on the riots is breathtaking. The crisis in
    our media deepens... (Twitter)

    https://twitter.com/brithume/status/1287725331198205953

    ------------------------------

    Date: Mon, 27 Jul 2020 10:26:12 -0700
    From: Lauren Weinstein <lauren@vortex.com>
    Subject: NIST study finds that masks defeat most facial recognition algorithms
    (VentureBeat)

    https://venturebeat.com/2020/07/27/nist-study-finds-that-masks-defeat-most-facial-recognition-algorithms/

    [As kids in the 1940s, some of us learned that some masked men were good
    -- e.g, The Lone Ranger!]

    ------------------------------

    Date: Mon, 27 Jul 2020 11:31:08 +0900
    From: farber@keio.jp
    Subject: Only those with plastic visors were infected: Swiss government
    warns against face shields (TheLocal.ch)

    https://www.thelocal.ch/20200715/only-those-with-plastic-visors-were-infected-swiss-government-warns-against-face-shields

    ------------------------------

    Date: Tue, 28 Jul 2020 14:19:52 -0400
    From: Rebecca Mercuri <notable@mindspring.com>
    Subject: Long-Lost Computation Dissertation of Unix Pioneer Dennis Ritchie

    Great article, especially for Ritchie fans -- check it out!

    https://thenewstack.io/the-long-lost-computation-dissertation-of-unix-pioneer-dennis-ritchie/

    Poll: Should he have been awarded the Ph.D. posthumously? Yes / No

    [(Please to not submit your vote to RISKS.)
    Back-story: Dennis's thesis was never properly entered into the Harvard
    dissertation archives, because he did not submit a bound copy, although
    his PhD was indeed properly awarded. Risks? Having archaic rules that do
    not adapt to online submission, where today the bound copy would not have
    to be manually torn up in order to be scanned in -- assuming it could
    instead now be submitted online as a pdf! How does one submit a bound
    copy online? Unless the rule has changed, we might presume an online
    might today be optional rather than mandatory? PGN]

    ------------------------------

    Date: Mon, 27 Jul 2020 07:53:50 +0200
    From: Anthony Thorn <anthony.thorn@atss.ch>
    Subject: PDF signatures *worse than* useless (Re: RISKS-32.14)

    Thanks to Mr Brodie-Tyrrell -- and of course the researchers -- for bring
    this to our attention.

    I just want to make a small correction ;-)

    The title should be PDF signatures WORSE THAN useless, because they give the appearance of security without providing it, whereas although an unsigned
    PDF has the same "layers" vulnerability, it dose not claim to be authentic.

    ------------------------------

    From: Martin Ward <martin@gkc.org.uk>
    Date: Tue, 28 Jul 2020 10:56:37 +0100
    Subject: Re: Darwin's tautology? (Harper, RISKS-32.12)

    Tautologies often need to be pointed out. Mathematics textbooks from Euclid's Elements onward are full of them, but millions still buy them because they are useful.

    There are useful tautologies, such as mathematical theorems, and
    content-free tautologies such as "Brexit means Brexit!". An argument such
    as the following is viciously circular and therefore fallacious: "God exists because the Bible says so. The Bible is true because it is the Word of
    God". A similar fallacious argument is: "Miracles don't happen. Therefore, any actual report of a miracle must be false. Therefore, there are no true reports of miracles. Therefore, miracles don't happen".

    On the other hand, an argument such as the Ontological Argument (for
    example, as formalised by mathematician Kurt Gödel) is a valid argument and tells us something useful about God: that if it is possible that God exists, then God does in fact necessarily exist. The argument is often criticised
    by saying "The conclusion is implicit in the premises": but this is just a property of every valid mathematical argument.

    "Survival of the fittest" is often defined in a way that is viciously
    circular: the "fittest" are defined as "those best fitted to survive" and "those best fitted to survive" are determined by looking at survival
    rates. The statement then becomes the content-free assertion "survival of
    those that survived". However, we can define "fittest" in terms of
    heritable characteristics, then the statement becomes "survivors survive, reproduce and therefore propagate any heritable characters which have
    affected their survival and reproductive success" which is a meaningful statement with a testable hypothesis: that such heritable characteristics actually exist.

    ["A rose is a rose is a rose" is arisen. PGN]

    ------------------------------

    Date: Sun, 26 Jul 2020 21:04:17 -0500
    From: dmaziuk <dmaziuk@bmrb.wisc.edu>
    Subject: Re: The three worst things about email (RISKS-32.14)

    This is all very interesting I'm sure, but what does it have to do with
    e-mail?

    The article is using "issues" with 3 major web-based "e-mail providers": Microsoft, Google, and Yahoo, as a promo for the new "e-mail provider"
    startup who will get Everything Right(tm).

    It's just a promo piece for something called "Hey", the only risk here is someone might believe it has anything to do with RISKS.

    ------------------------------

    Date: Sun, 26 Jul 2020 23:36:11 -0400
    From: Devon McCormick <devonmcc@gmail.com>
    Subject: Re: Unsolicited Chinese seeds? (RISKS-32.14)

    I received an email like this but in my case, I have actually ordered seeds online that came to me from China. Each delivery was in a squarish grey non-rip plastic envelope with the contents listed as "stud earrings". The whole thing looked very amateurish, from the unlabeled enclosed tiny ziploc
    bag to the return address which was something like "the south side of the <something> gate, <some city>..."

    I wonder if this alert is simply the result of mis-delivered seed packages
    that were actually ordered by people. Given the slap-dash appearance of
    what I've received, that does not seem far-fetched.

    ------------------------------

    Date: Mon, 1 Jun 2020 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.15
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)