RISKS-LIST: Risks-Forum Digest Friday 7 August 2020 Volume 32 : Issue 18

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.18>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Omniviolence Is Coming and the World Isn't Ready (Nautilus)
Massive 20GB Intel IP Data Breach Floods the Internet, Mentions Backdoors
(Intel Responds)
Cyberattack causes Lafayette, CO city computer outage (Jim Reisert)
Gabrmin reportedly paid multimillion-dollar ransom after suffering
cyberattack (The Verge)
U.S. FAA proposes requiring key Boeing 737 MAX design changes (Reuters)
Beirut explosion (Lauren Weinstein)
NSA Warns Cellphone Location Data Could Pose National-Security Threat (WSJ) Dickson Yeo and spying in the time of social networking (Straits Times) Coleorado police apologize over viral video of officers handcuffing Black
girls in a mistaken stop (WashPost)
Measure twice, sculpt once. (Atlas Obscura)
Dutch Hackers Found a Simple Way to Mess With Traffic Lights (WiReD)
Inside the Courthouse Break-In Spree That Landed Two White-Hat Hackers in
Jail (WiReD)
Inaccurate Mailing Sent To Fairfax County Voters (Patch)
WHO just gave us the worst possible coronavirus prediction (BGR)
California virus-fighting efforts hampered by data delays (sfgate.com)
Do Animals Really Anticipate Earthquakes? Sensors Hint They Do
(Scientific American)
Despite an unexpected monkey wrench, now is the time to install the July
Wirndows and Office patches (Computerworld)
Adapting the user to the software (The Verge)
The case for banning law enforcement from using facial recognition
technology (TJCI)
Why a Data Breach at a Genealogy Site Has Privacy Experts Worried (NYTimes) Computers on verge of designing their own programs (Techxplore)
AI bias detection; aka the fate of our data-driven world (ZDNet)
The Truth Is Paywalled But The Lies Are Free (Current Affairs)
A very good fake message from Facebook (Mike Alexander)
Job-related scams and frauds (CBC)
Cheap, Easy Deepfakes Are Getting Closer to the Real Thing (WiReD)
Blackbaud breach (Gabe Goldberg)
Ajit Pai calls for vigorous debate on Trump's social media crackdown
(Ars Technica)
Sensitive to claims of bias, Facebook relaxed misinformation rules for
conservative pages (NBC News)
A Bug In Instagram's Hashtag Has Been Favoring Donald Trump (BuzzfeedNews)
Big Problem: Twitter users attempting to expose @realDonaldTrump lies are
being blocked for surfacing his lies! (CNN)

From Minecraft Tricks to Twitter Hack: A Florida Teen's Troubled Online Path

(NYTimes)
FBI Used Information From An Online Forum Hacking To Track Down One Of The
Hackers Behind The Massive Twitter Attack (TechDirt)
Pranksters Stream Porn During Zoom Hearing for Alleged 17-Year-Old Twitter
Hacker (gizmodo)
Re: Darwin's tautology? (Peter Bernard Ladkin, PGN)
Re: When tax prep is free, you may be paying with your privacy
(Douglas Lucas, Chris Drewe)
Bill English (Matthew Kruk)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 5 Aug 2020 12:09:02 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Omniviolence Is Coming and the World Isn't Ready (Nautilus)

https://nautil.us/blog/omniviolence-is-coming-and-the-world-isnt-ready

"Technology is, in other words, enabling criminals to target anyone anywhere and, due to democratization, increasingly at scale. Emerging bio-, nano-,
and cybertechnologies are becoming more and more accessible. The political scientist Daniel Deudney has a word for what can result: 'omniviolence.' The ratio of killers to killed, or 'K/K ratio,' is falling. For example,
computer scientist Stuart Russell has vividly described how a small group of malicious agents might engage in omniviolence: 'A very, very small
quadcopter, one inch in diameter can carry a one-or two-gram shaped charge,'
he says. 'You can order them from a drone manufacturer in China. You can program the code to say: 'Here are thousands of photographs of the kinds of things I want to target.'' A one-gram shaped charge can punch a hole in nine millimeters of steel, so presumably you can also punch a hole in someone's head. You can fit about three million of those in a
semi-tractor-trailer. You can drive up I-95 with three trucks and have 10 million weapons attacking New York City. They don't have to be very
effective, only 5 or 10% of them have to find the target."

Cluster bombs are horrifying Cold War relics. The Convention on Cluster Munitions has been signed by 108 nations (see https://treaties.un.org/Pages/ViewDetails.aspx?src=TREATY&mtdsg_no=XXVI-6&chapter=26&lang=en).
Non-state actors are not bound by treaty. An autonomous cluster bomb would
be unconscionable to say the least.

Artificial swarm intelligence (https://en.wikipedia.org/wiki/Swarm_intelligence) technology emerged
several years ago. ASI deployed as a weapon of mass destruction (WMD) represents a significant force multiplier. An autonomous cluster bomb would
be unconscionable and terrifying.

Fortunately, domestic public safety services, and international
intelligence, and military are employed to proactively deter, detect, and suppress WMD deployment.

Anthony Burgess' novel, "A Clockwork Orange," introduced 'ultra-violence' as
a label for extreme delinquency. As a headline, 'omniviolence' earns a rank
of eleven on the eyeball attracting scale.

A bad sci-fi movie template: (Enemy du jour, favorite criminal organization,
or script kiddie cutout) blackmails a city, state, or nation into paying
X. It backs the threat to pay ransom (click here to view WMD video) by fabricating 1 million plastique-equipped micro-drones, fuels them, ships
them via containerized cargo from Elbonia to a port where the load 'accidentally' jackknifes during transit to launch the autonomous payload toward preset destination...Amateur weather buff observes atypical Doppler weather patterns...alerts situation room authorities who scramble to home-on-jam intra-swarm communications...emergency broadcast signal (electromagnetic pulse) clears threat from the sky (and, possibly, a few civilian aircraft)...another day, another dollar in the situation
room. "Round up the usual suspects" following drone triage. Roll credits, including https://www.statista.com/statistics/913398/container-throughput-worldwide/ which shows ~802M cargo containers -- twenty-foot equivalent units (TEUs) -- shipped globally in 2019.

------------------------------

Date: August 7, 2020 5:53:06 JST
From: Richard Forno <rforno@infowarrior.org>
Subject: Massive 20GB Intel IP Data Breach Floods the Internet, Mentions
Backdoors (Intel Responds)

[via Dave Farber]

https://www.tomshardware.com/news/massive-20gb-intel-data-breach-floods-the-internet-mentions-backdoors

------------------------------

Date: Tue, 4 Aug 2020 13:19:57 -0600
From: Jim Reisert AD1C <jjreisert@alum.mit.edu>
Subject: Cyberattack causes Lafayette, CO city computer outage

This is the part I found particularly interesting:

"In a cost/benefit scenario of rebuilding the City's data versus paying
the ransom, the ransom option far outweighed attempting to rebuild."

Does this mean that the attackers requested too little ransom for the key to unlock the data? Certainly at some higher level of ransom, the cost/benefit analysis could tip the other way.

https://cityoflafayette.com/civicalerts.aspx?AID=5729

Posted on: August 4, 2020
Cyberattack causes City computer outage

In the early morning hours of July 27, a ransomware cyberattack on the
City's computer system disabled network services resulting in disruptions
to phone service, email, and online payment and reservation systems. 9-1-1
and emergency dispatch services were not affected. Staff detected the
infection and ransom notification at approximately 6:50am and disabled all
network connections to contain the malware spread. Mutual aid from
neighboring jurisdictions was brought onsite to assist, and a
cybersecurity analyst was contracted to provide forensic investigation and
recovery. Additional resources were deployed from the Boulder Office of
Emergency Management and the State Office of Information Technology.

------------------------------

Date: Tue, 4 Aug 2020 13:17:06 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Garmin reportedly paid multimillion-dollar ransom after suffering
cyberattack (The Verge)

Fitness brand Garmin paid millions of dollars in ransom after an attack took many of its products and services offline last month, Sky News reports. The payment was reportedly made through a ransomware negotiation company called Arete IR, in order for Garmin to recover data held hostage as a result of
the attack.

BleepingComputer reported last week that Garmin had received a decryption
key to access data encrypted by the virus, and that the initial ransom
demand was for $10 million. [...]

https://www.theverge.com/2020/8/4/21353842/garmin-ransomware-attack-wearables-wastedlocker-evil-corp

[See also:
Garmin reportedly paid millions to resolve its recent ransomware attack
(Engadget) https://www.engadget.com/garmin-cyber-attack-ransomware-payment-180211805.html
]

------------------------------

Date: Tue, 4 Aug 2020 07:09:21 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: U.S. FAA proposes requiring key Boeing 737 MAX design changes
(Reuters)
https://mobile.reuters.com/article/BigStory12/idUSKCN24Z2HK

"The agency is issuing a proposed airworthiness directive to require updated flight-control software, revised display-processing software to generate alerts, revising certain flight-crew operating procedures, and changing the routing of some wiring bundles."

I believe the proposal includes revisions to automatic test equipment and
test program software applied for line replaceable unit (LRU)
maintenance. The FAA's draft proposal can be found here: https://www.faa.gov/news/media/attachments/19_035n-R3-8-3-20.pdf. I found
this on page 24: "Note 1 to paragraph (g): Guidance for doing the
installation and installation verification of the FCC OPS software can be
found in Boeing 737-7/8/8200/9/10Aircraft Maintenance Manual (AMM), Section 22-11-33." I gather the AMM includes provisions for ATE/TPS
updates/revisions.

These proposals will require significant investment to successfully
complete. Apparently they incur less expenditure than would be required to undertake a new air-frame design and re-certification effort. Cheaper to
keep a ~50 year old air-frame in the product catalog, and hack than start
from scratch.

"The changes are designed to prevent the erroneous activation of a key
system known as MCAS tied to both crashes, to alert pilots if two AOA
sensors are receiving conflicting data and to ensure flight crew can
recognize and respond to erroneous stabilizer movement.

"The FAA said the changes minimize 'dependence on pilot action and the
effect of any potential single failure' and added that design changes
address seven safety issues, including several involving MCAS."

------------------------------

Date: Tue, 4 Aug 2020 18:47:51 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Beirut explosion

REPORT: Beirut explosion caused by welding operations at unsecured
warehouse holding over 2700 tons of ammonium nitrate accumulated over
six years.

[The risks? Utter stupidity, long-term storage of volatile substance,
arc-welding, lack of security, oblivious of oblivion... PGN]

------------------------------

Date: Wed, 5 Aug 2020 01:13:00 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: NSA Warns Cellphone Location Data Could Pose National-Security
Threat (WSJ)

*Disable location-sharing on apps, agency says in new guidance for military
and intelligence personnel*

The National Security Agency issued new guidance on Tuesday for military and intelligence-community personnel, warning about the risks of cellphone
location tracking through apps, wireless networks and Bluetooth technology.

The detailed warning from one of the nation's top intelligence agencies is
an acknowledgment that Silicon Valley's practice of collecting and selling cellphone location information <https://www.wsj.com/articles/house-investigating-company-selling-phone-location-data-to-government-agencies-11593026382>
for
advertising and marketing purposes poses a serious national-security risk
to many inside the government.

``Location data can be extremely valuable and must be protected. It can
reveal details about the number of users in a location, user and supply movements, daily routines (user and organizational), and can expose
otherwise unknown associations between users and locations,'' the NSA
bulletin warned.

Among its recommendations, the NSA advises disabling location-sharing
services on mobile devices, granting apps as few permissions as possible
and turning off advertising permissions. The NSA also recommends limiting mobile web browsing, adjusting browser options to not allow the use of
location data, and switching off settings that help track a misplaced or
stolen phone.

Apps often collect and share anonymized location data with third-party
location data brokers who in turn sell their commercial products to
government and corporate customers <https://www.wsj.com/articles/digital-group-urges-controls-on-flow-of-cellphone-data-to-government-11592946810?mod=searchresults&page=1&pos=12>,
The Wall Street Journal has reported. The sale of the data, especially to
the government, is generally done without consumer awareness.

Other services can estimate a phone's location based on its proximity to
other Bluetooth devices or Wi-Fi networks. More invasive technologies used
by law-enforcement and intelligence services -- such as Stingray cell-tower simulators often used by police to collect location information, as well as Wi-Fi sniffers that can extract information about a phone based on network information -- can collect a phone's location without user permission.

The agency's warning extended beyond phones, noting that fitness trackers, smartwatches, Internet-connected medical devices, other smart-home devices
and modern automobiles all contain location-tracking potential. [...] https://www.wsj.com/articles/nsa-warns-cellphone-location-data-could-pose-national-security-threat-11596563156

------------------------------

Date: Mon, 3 Aug 2020 12:41:41 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Dickson Yeo and spying in the time of social networking (Straits Times)

https://www.straitstimes.com/singapore/spying-in-the-time-of-social-networking (behind paywall).

Note: https://www.nytimes.com/reuters/2020/07/25/world/asia/25reuters-usa-china-spy-singapore.html
details the arrest.

The Straits Times author details how Yeo was recruited by PRC Intelligence.
In turn, Yeo recruited and paid multiple U.S. persons as sources to author reports on non-public (but sensitive) strategic, tactical and/or technical information on the F-35 sale to Japan, South China Sea foreign policy, trade policy, etc.

"At the behest of a Chinese intelligence operative, two years ago,
Singaporean Dickson Yeo conjured up a consultancy firm and posted a fake job posting on professional networking site LinkedIn.

"The response floored him.

"He got over 400 resumes, most of them from U.S. military and government employees with security clearances. He sent on those he found interesting to
a Chinese operative."

"The Financial Times, in a report last Friday (https://www.ft.com/content/0a0e62a9-65ba-494c-a7bb-86f5f66d627f, also
behind paywall), said Yeo's case underscores 'growing fears among
intelligence agencies around the world that they are unable to parry China's increasingly astute online espionage efforts aimed at officials with
high-level security clearances.'"

Social media, while convenient for advertising goods and gigs, also
facilitates espionage recruiting. Correlate candidate CV content against the U.S. office of personnel management (OPM) breach (or the HR breach du jour)
to cherry-pick targets. Plan to hook them into your network via compromise (financial problems, addiction, embarrassing personal information).

A smartphone and a file-share (Dropbox) are all that's needed to boost and relay information. No more dead drops, no more snail mail. Employ a cutout,
a mutually trusted intermediary, to shield network handler origin if/when
cover is blown.

Spying is an age-old problem. Effective counter-intelligence can suppress
human sources, and cyber-security can limit surreptitious digital data exfiltration.

A hypothetical "spy versus spy" social media human intelligence recruiting entrapment effort might consist of the following:

1) Use GPT-3 to author a few thousand phony CVs and credentials for "fake worker background" with clearances, and periodically update recruiting sites
to trap human intelligence recruiters. Might be difficult to fake the
existence of a student at XYZU having written a thesis on "Pulsed-quantum computation adiabatic decoherence mitigation" that successfully vets against
an adversary's alumnus network correlation tool. 2) Include "I speak and
write ABC" in the adversary's native character set to elevate profile "optional" correlation assessment points. Add a few bogus project code words (lifted from 'Dilbert' cartoons). Include a few phony roles, dates, and locations (a business park hosting a front company) to goose up the
candidate score: Procurement and sourcing manager for sub-decibel hypersonic anti-submarine warfare flotation technology. Lead investigator on simulation
of quantum network micro-satellite deployment with impulse drive propulsion.
3) Author a social media page, and post a few items to various blogs of interest with faked photos from mountain climbs, botanical gardens,
high-school proms, etc.

------------------------------

Date: Wed, 5 Aug 2020 09:03:43 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Colorado police apologize over viral video of officers handcuffing
Black girls in a mistaken stop (WashPost)

Two of the family's Black children were handcuffed by police at gunpoint,
and all four, including a six-year-old, were ordered to lay face-down on the parking lot.

https://www.washingtonpost.com/nation/2020/08/04/aurora-pd-handcuffs-family-gunpoint/

------------------------------

Date: Wed, 5 Aug 2020 19:50:26 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Measure twice, sculpt once. (Atlas Obscura)

Coade Stone Caryatids ó London, England - Atlas Obscura

A measuring mishap led to these artificial stone ladies losing their
stomachs.

https://www.atlasobscura.com/places/coade-stone-caryatids

------------------------------

Date: Fri, 7 Aug 2020 00:46:50 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Dutch Hackers Found a Simple Way to Mess With Traffic Lights (WiReD)

By reverse engineering apps intended for cyclists, security researchers
found they could cause delays in at least 10 cities from anywhere in the
world.

https://www.wired.com/story/hacking-traffic-lights-netherlands/

------------------------------

Date: Thu, 6 Aug 2020 00:34:57 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Inside the Courthouse Break-In Spree That Landed Two White-Hat
Hackers in Jail (WiReD)

When two men were hired to break into Iowa judicial buildings, they thought
it was just another physical security audit -- until they were charged with burglary.

https://www.wired.com/story/inside-courthouse-break-in-spree-that-landed-two-white-hat-hackers-in-jail/

------------------------------

Date: Thu, 6 Aug 2020 14:34:00 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Inaccurate Mailing Sent To Fairfax County Voters (Patch)

The Center for Voter Information sent out absentee ballot applications
with an incorrect return address.

Fairfax County, VA -- A mailing going out to Fairfax County voters from a nonprofit organization has incorrect information, according to Fairfax
County's Office of Elections.

The mailing from the Center for Voter Information includes pre-filled
absentee ballot applications with return envelopes. The problem is, the
return address is the City of Fairfax's registrar, not Fairfax County's.

"This mailing is causing great confusion and concern among voters who have
been contacting our office," said Fairfax County General Registrar Gary
Scott in a news release. "While the mailing may appear to be from an
official government agency, the Fairfax County Office of Elections did not
send it."

A county statement says the absentee ballot application went out to voters without their request. The mailing is also causing confusion among voters
who already requested ballots from Fairfax County.

The county is working with the City of Fairfax to ensure applications
received from the inaccurate mailing will be processed by Fairfax County.

The Center for Voter Information shared the following statement:

The Center for Voter Information recently sent vote by mail applications
to voters in Virginia, encouraging them to safely participate in
democracy. We are aware that some of the mailers may have directed the
return envelopes to the wrong election offices, particularly in the
Fairfax area of northern Virginia.

Approximately half a million applications sent to eligible voters in
Virginia included incorrect information, and we are working diligently to
address the issues. Mistakes in our programming are very rare, but we take
them seriously, and our methods overall are extraordinarily effective. In
fact, we have worked with our partner, the Voter Participation Center, to
successfully generate nearly 800,000 vote by mail applications across the
country, and helped over 5-million people register to vote in our history.

We know voters are on high alert as the November election approaches, and
we regret adding to any confusion. Please rest assured that we are working
with local election officials in Virginia to re-direct the vote by mail
applications to the proper locations, and will rectify any errors at our
own expense.

https://patch.com/virginia/annandale/s/h78j9/inaccurate-mailing-sent-to-fairfax-county-voters

Brilliant. Nice favor this organization did. It's so comforting that their programming mistakes are rare. This is a very Blue area -- and I understand
one must first assume incompetence when something worse might be
suspected. Still...

------------------------------

Date: Mon, 3 Aug 2020 01:17:00 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: WHO just gave us the worst possible coronavirus prediction (BGR)

- The coronavirus transmission risk remains high, warned the World
Health Organization during a meeting of its emergency committee.

- WHO chief Tedros Adhanom Ghebreyesus said that the COVID-19 pandemic is a
``once-in-a-century health crisis'' with effects that will be felt for
``decades to come.''

- The health crisis already taught us that some COVID-19 patients will
take weeks or even months to recover and may sustain internal damage from
the infection that could lead to long-lasting medical conditions.

The novel coronavirus is here to stay, even once vaccines are widely
available. It's still too early to tell how long COVID-19 immunity lasts,
but infectious disease experts think the new virus will behave just like
other human coronaviruses. That means reinfection could be possible as soon
as six to twelve months after the first bout, and vaccine protection will be limited without regular booster shots. Even if vaccines are approved this
fall or winter, it will be months until public immunization campaigns can
start <https://bgr.com/2020/07/26/coronavirus-vaccine-availability-several-months-in-2021-fauci-interview/>
in earnest. The initial vaccine supply will not meet demand, as the entire world might need 15 billion doses to inoculate everyone -- and some people
will always resist vaccines, while others are in remote regions that may not
be accessible. Therefore, it will be years before a large percentage of the world's population is vaccinated against COVID-19, and that's assuming the current candidates are effective. Other drugs are also in human trials <https://bgr.com/2020/07/08/coronavirus-treatment-regeneron-monoclonal-antibodies-cure-regn-cov2-5852677/>
and they could provide new effective therapies to prevent COVID-19 complications or death.

With all that in mind, it seems unlikely for the novel coronavirus to
disappear anytime soon and the world will have to learn to live with it,
just like it did with other infectious diseases. The World Health
Organization (WHO) made this prediction several months ago <https://bgr.com/2020/05/14/coronavirus-cure-covid-19-may-never-go-away-but-well-have-treatment-5829547/>,
as researchers learned more details about the new illness. But now, the WHO just gave the world the worst possible forecast about the novel coronavirus.

WHO chief Tedros Adhanom Ghebreyesus spoke to reporters on Friday as the organization's emergency committee evaluated the situation six months after declaring COVID-19 an international emergency. [...]

https://bgr.com/2020/08/01/coronavirus-transmission-risk-high-effects-felt-for-decades/

------------------------------

Date: Fri, 7 Aug 2020 11:02:50 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: California virus-fighting efforts hampered by data delays (sfgate.com)

https://www.sfgate.com/news/article/California-virus-fighting-efforts-hampered-by-15462869.php
and https://www.latimes.com/california/story/2020-08-05/coronavirus-test-results-collecting-hampering-pandemic-response

CalREDIE -- California Reportable Disease Information Exchange -- embodies
the core data collection platform licensed for access and disease incidence reporting from laboratories, hospitals, public health agencies. State public health officials and the elected governance functions are operating under a high-latency reporting condition.

A root cause for the sluggishness has not been disclosed. Estimates claim
50% of COVID-19 case counts are missing from public reports. Probably a
huge XML payload to database insert backlog. Deficient elasticity scale-up
in the infrastructure.

Risk: Inaccurate reporting of disease statistics reduces public vigilance to apply safeguards against infection. If the latency remained undiscovered, public health spending priorities would be irresponsibly reduced.

------------------------------

Date: Mon, 3 Aug 2020 13:18:48 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Do Animals Really Anticipate Earthquakes? Sensors Hint They Do
(Scientific American)

https://www.scientificamerican.com/article/do-animals-really-anticipate-earthquakes-sensors-hint-they-do/

Reliable earthquake precursors are challenging to identify. A few seconds advanced warning can save lives. A few hours advance notice, enough to
evacuate a vulnerable city, would be miraculous. Instrumented animals, and their environmentally-adapted swarm intelligence, might hold the key to
early quake detection.

"For example, 'we did a study on Galápagos marine iguanas, and we know
that they are actually listening in to mockingbirds’ warnings about the Galápagos hawks,' he adds. 'These kinds of systems exist all over the
place. We’re just not really tuned in to them yet.'"

"Wendy Bohon, a geologist at the Incorporated Research Institutions for Seismology in Washington, D.C., who was not involved with the new study, is skeptical of the air ionization idea. Numerous geologists have
unsuccessfully tried to find such a precursory signal of impending
earthquakes, she notes. Bohon does allow that Wikelski and his co-authors
did some 'cool things' to explore the possibility of animals predicting earthquakes. But she wonders whether there were instances in which the creatures showed unusual activity and there was no earthquake or did not
react before one did occur. 'My cat could act crazy before an earthquake,'
she says. 'But my cat also acts crazy if somebody uses the can opener.' In order to use the animals as prognosticators, it would be imperative to establish that they exhibited unusual behavior only in reaction to upcoming seismic events, Bohon says. 'Otherwise,' she adds, 'it becomes the ‘'Boy
Who Cried Wolf’' problem.'”

Risk: Alarm fatigue.

[Earthquake sensor-equipped birds fowl detection?]

[Bill Kautz, one of my colleagues at SRI in the 1970s, was part of a
California-based project that had sensors scattered around the state, but
also had farmers linked up to report unusuual animal behavior. The
Chinese also claimed back then that they evacuated an entire city based on
abnormal animal behavior. PGN]

------------------------------

Date: Mon, 3 Aug 2020 15:19:39 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Despite an unexpected monkey wrench, now is the time to install the
July Windows and Office patches (Computerworld)

If it weren't for the schizophrenic behavior of Microsoft's preview patches, July updating would be a slam dunk. As things stand, you'd be well advised
to go ahead and patch -- but be aware of the odd behavior.

https://www.computerworld.com/article/3569589/despite-an-unexpected-monkey-wrench-now-is-the-time-to-install-the-july-windows-and-office-patches.html

Rhetorical questions:

How are normal people supposed to cope with nonsense like this?

How has Microsoft let patches -- previously largely reliable -- deteriorate
to this egregious level of complexity and risk?

------------------------------

Date: Thu, 06 Aug 2020 23:37:47 -0400
From: scs@eskimo.com (Steve Summit)
Subject: Adapting the user to the software (The Verge)

We've probably all had our frustrations with Microsoft Excel: powerful, ubiquitous, often pretty useful, occasionally insanely frustrating. It
would never have occurred to me to make formal redefinitions across an
entire industry just to coddle its peculiar predilections, though:

https://www.theverge.com/2020/8/6/21355674/human-genes-rename-microsoft-excel-misreading-dates

A string like "MARCH1" -- which to a geneticist used to be the accepted abbreviation for the Membrane Associated Ring-CH-Type Finger 1 gene -- is
taken by default by Excel as a date, and while there's a way to force it to
be treated as a regular string, it's easy enough to forget to that errors
have been unacceptably prevalent. So the Membrane Associated Ring-CH-Type Finger 1 gene is now "MARCHF1", and several dozen other genes have been similarly reabbreviated.

------------------------------

Date: Fri, 07 Aug 2020 13:47:29 +0200
From: "Diego.Latella" <diego.latella@isti.cnr.it>
Subject: The case for banning law enforcement from using facial recognition
technology (TJCI)

The Justice Collaborative Institute
The Case for Banning Law Enforcement from Using Facial Recognition Technology https://tjcinstitute.com/research/the-case-for-banning-law-enforcement-from-using-facial-recognition-technology/

"The Justice Collaborative Institute is home to a collection of the nation's top scholars and thinkers bound together by a common mission to produce rigorous, practical research that contributes to an America with more
dignity and freedom for all of us, starting with those who are the most vulnerable. We translate our research into pragmatic resources for public officials, reporters, advocates, and other scholars, including polling
memos, policy briefs, model laws and policies, and amicus briefs."

https://tjcinstitute.com/about/

------------------------------

Date: Sat, 1 Aug 2020 18:00:33 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Why a Data Breach at a Genealogy Site Has Privacy Experts Worried

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)