RISKS-LIST: Risks-Forum Digest Saturday 24 October 2020 Volume 32 : Issue 33

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.33>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Air Force updates code on plane mid-flight (The Aviationist)
Alexa Causes Evacuation Panic in Boulder County, Colorado
(William Kucharski)
Experts: Florida Voting Machines Ripe for Foreign Hackers (John Pacenti)
FDA Hid Names of Dietary Supplements Linked to Hundreds of Reports of Harm
(Consumer Reports)
Censorship or Sensibility? (The Intercept)
Six Russians Tied to Hacks Aroound Globe (NYTimes)
"We've collected tens of millions of posts to underground crime forums
(Ross Anderson)
Exponential growth in DDoS attack volumes (Google)
The Contest to Protect Almost Everything on the Internet (Sara Castellanos) Researchers find huge, sophisticated black market for trade in online
'fingerprints' (techxplore.com)
Annoying-as-hell ransomware attack in Finland (mikko)
Adblockers installed 300,000 times are malicious and should be removed now
(Ars Technica)
POTUS Twitter account reportedly hacked by Dutch whitehat (Volkskrant)
A shadowy AI service has transformed thousands of women's photos into fake
nudes: ``Make fantasy a reality'' (WashPost)
The AI that spots Alzheimer's from cookie drawing (bbc.com)
Twitter is currently down, perhaps globally (Lauren Weinstein)
How does Google's monopoly hurt you? (WashPost)
DHS, USCIS to Modernize, Define the Collection of Biometrics (THomas Kuhn)
Sony PS5 enables voice recording (The Verge)
Paleontologists See Stars as Software Bleeps Scientific Terms (NYTimes) Ailments in Covid-19 Trials Raise Questions About Vaccine Method (Bloomberg) Networking Theory and Superspreader Events (Rob Slade)
Some notes on publishing (Rob Slade)
Cochlear and bone conduction implants to mitigate hearing (Richard Stein) 'E.T.' 1982 Atari Game: The True Story Behind the Worst Video Game Ever
(MelMagazine)
Re: Fifth of countries at risk of ecosystem collapse (Richard Stein)
Re: Why cars are more "fragile": more technology has reduced robustness
(Wol)
Re: SpaceX Is Building a Military Rocket to Ship Weapons Anywhere in the
World in 1 hour (David Alexander, Erling Kristiansen)
Re: A different way the news is dividing America (John Levine,
Richard Stein, John R. Levine, Steve Bacher)
Re: Continuous glucose monitoring/insulin dosing systems (Richard Stein) Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Tue, 20 Oct 2020 13:14:38 -0400
From: Steve Klein <steven@klein.us>
Subject: Air Force updates code on plane mid-flight (The Aviationist)

U.S. Air Force Performs First Ever Code Change On A Flying U-2 Spyplane
Running Kubernetes

Story: https://theaviationist.com/2020/10/19/u-s-air-force-performs-first-ever-code-change-on-a-flying-u-2-spyplane-running-kubernetes/

Comment: What could possibly go wrong?

------------------------------

Date: Mon, 19 Oct 2020 03:25:19 -0600
From: William Kucharski <kucharsk@mac.com>
Subject: Alexa Causes Evacuation Panic in Boulder County, Colorado

Due to a wildfire, the Boulder County, CO Office of Emergency Management
issued an evacuation order for a region and, to reach people who may have
not had power, they also had the NWS issue a civil evacuation message via
NOAA All Hazards Radio (typically used by NWS for severe weather, but its charter includes dissemination of all official Government warning messages.)

However, the WRSAME codes used to encode location data on AHR can only be delineated down to a county or portion of county.

Normally this isn't an issue as the accompanying voice message broadcast on NOAA AHR gives further information as to the nature of the hazard and the actions required.

However, third-party services like Amazon's Alexa only parse the geographic area and the type of alert from the data header. This normally results in people in the county being alerted there is a Tornado Warning, for example.

However, this time this resulted in Boulder County residents as a whole
being warned by their Alexa devices that they needed to evacuate their
homes, causing confusion, fear and some panic.

It's hard to know how this could be fixed in the future without inserting a human into the loop to listen to or read the actual message sent and
intervene accordingly.

https://www.boulderoem.com/issue-with-noaa-weather-radio-alert/

------------------------------

Date: Wed, 21 Oct 2020 12:05:06 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: Experts: Florida Voting Machines Ripe for Foreign Hackers
(John Pacenti)

via ACM TechNews, Wednesday, October 21, 2020

Experts: Florida Voting Machines Ripe for Foreign Hackers
Government Technology (10/16/20) John Pacenti

Computer scientists have expressed concerns about the security of voting machines used in 49 Florida counties. Although election officials claim the machines are not vulnerable to remote hacking because they are never
connected to the Internet, the DS200 voting tabulator uses a wireless connection to transmit results. Finnish computer scientist Harri Hursti said the machine features software that operates like a cellphone and uses
Internet Protocol when connecting to the wireless network. Princeton University's Andrew Appel said a hacker could penetrate a border router from the Internet or by walking near a polling place with a Stingray, a portable device that can capture data by mimicking a cellphone tower.

https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-279a2x225bc1x066052&

------------------------------

Date: Sat, 17 Oct 2020 19:44:07 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: FDA Hid Names of Dietary Supplements Linked to Hundreds of Reports
of Harm (Consumer Reports)

https://www.consumerreports.org/dietary-supplements/fda-hid-names-of-dietary-supplements-linked-to-hundreds-of-reports-of-harm/

------------------------------

Date: Mon, 19 Oct 2020 11:48:13 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Censorship or Sensibility? (The Intercept)

Just weeks before the election, the tech giants unite to block access to incriminating reporting about their preferred candidate. [...]

https://theintercept.com/2020/10/15/facebook-and-twitter-cross-a-line-far-more-dangerous-than-what-they-censor/

------------------------------

Date: Tue, 20 Oct 2020 12:52:31 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Six Russians Tied to Hacks Aroound Globe (NYTimes)

Michael S. Schmidt and Nicole Perlroth, *The New York Times*, 20 Oct 2020
(front page, National Edition)

This article consiers the charges that have just been unsealed relating to
"an aggressive worldwide hacking campaign that caused mass disruption and
cost billions of dollars attaching targets like a French presidential
election, the electricity grid in Ukraine and Internet access to the 2018 Winter Olympics."

John Demers (Asst AG for national security) is quoted: "Their cyberattack combined the emotional maturity of a petulant child with the resources of a nation-state."

------------------------------

Date: Fri, 16 Oct 2020 13:32:19 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: We've collected tens of millions of posts to underground crime
forums (Ross Anderson)

They're not just an amazing resource for research in cybersecurity and criminology, but also for natural language processing: https://www.lightbluetouchpaper.org/2020/10/15/three-paper-thursday-applying-natural-language-processing-to-underground-forums/
via https://twitter.com/rossjanderson/status/1317070576696123393

------------------------------

Date: Fri, 16 Oct 2020 13:27:49 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Exponential growth in DDoS attack volumes (Google)

Security threats such as distributed denial-of-service (DDoS) attacks
disrupt businesses of all sizes, leading to outages, and worse, loss of
user trust. These threats are a big reason why at Google we put a premium
on service reliability that's built on the foundation of a rugged network.

To help ensure reliability, we've devised some innovative ways to
defend against advanced attacks. In this post, we'll take a deep
dive into DDoS threats, showing the trends we're seeing and
describing how we prepare for multi-terabit attacks, so your sites stay up
and running.

Taxonomy of attacker capabilities

With a DDoS attack, an adversary hopes to disrupt their victim's service
with a flood of useless traffic. While this attack doesn't expose user data
and doesn't lead to a compromise, it can result in an outage and loss of
user trust if not quickly mitigated.

Attackers are constantly developing new techniques to disrupt systems. They give their attacks fanciful names, like Smurf, Tsunami, XMAS tree, HULK, Slowloris, cache bust, TCP amplification, javascript injection, and a dozen variants of reflected attacks. Meanwhile, the defender must consider every possible target of a DDoS attack, from the network layer (routers/switches
and link capacity) to the application layer (web, DNS, and mail servers).
Some attacks may not even focus on a specific target, but instead attack
every IP in a network. Multiplying the dozens of attack types by the
diversity of infrastructure that must be defended leads to endless possibilities.

So, how can we simplify the problem to make it manageable? Rather than
focus on attack methods, Google groups volumetric attacks into a handful of
key metrics:

- bps network bits per second: attacks targeting network links
- pps network packets per second: attacks targeting network equipment
or DNS servers
- rps HTTP(S) requests per second: attacks targeting application servers

This way, we can focus our efforts on ensuring each system has sufficient capacity to withstand attacks, as measured by the relevant metrics. Trends
in DDoS attack volumes. [...] https://cloud.google.com/blog/products/identity-security/identifying-and-protecting-against-the-largest-ddos-attacks

------------------------------

Date: Mon, 19 Oct 2020 12:04:59 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: The Contest to Protect Almost Everything on the Internet
(Sara Castellanos)

Sara Castellanos, *The Wall Street Journal(, 7 Oct 2020, via ACM TechNews,
19 Oct 2020

Hundreds of the world's leading cryptographers are participating in a competition overseen by the U.S. National Institute of Standards and
Technology to develop new encryption standards for protecting online data against classical and quantum-computing cyberattacks. The contest aims to replace commonly used public-key cryptography methods by 2023, including the popular RSA approach, whose basis on integer factorization makes it
vulnerable to quantum computers. Cryptographers warn that hackers could
already be harvesting massive amounts of data to decrypt, in anticipation of quantum computers. Among the most promising contest submissions are
algorithms based on mathematical lattices, which can resemble geometric
shapes with more than 1,000 dimensions. https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-27924x225a4fx066851&

------------------------------

Date: Sat, 24 Oct 2020 09:28:14 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Researchers find huge, sophisticated black market for trade in
online 'fingerprints' (techxplore.com)

https://techxplore.com/news/2020-10-huge-sophisticated-black-online-fingerprints.html

"Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale" @ https://arxiv.org/pdf/2009.04344.pdf details "evidence of an emerging
criminal infrastructure enabling impersonation attacks at
scale. Impersonation-as-a-Service (IMPaaS) allows attackers to
systematically collect and enforce user profiles (consisting of user credentials, cookies, device and behavioural fingerprints, and other
metadata) to circumvent risk-based authentication system and effectively
bypass multi-factor authentication mechanisms."

The authors attribute leaked credentials, phishing kits, and malware as key attack strategies contributing to IMPaaS operations.

Excellent detective and research reveals the scope and sophistication of
this criminal enterprise, a worrisome synthesis of technical skills and motivation to rake profit from targeted individuals. The IMPaaS business
model and life cycle is explored in substantial detail.

------------------------------

Date: Sat, 24 Oct 2020 19:09:29 +0000 ()
From: danny burstein <dannyb@panix.com>
Subject: Annoying-as-hell ransomware attack in Finland (mikko)

Highly unusual ransom case underway here in Finland: a private psychotherapy clinic was hacked, and the therapist notes for maybe even 40,000 patients
were stolen. Now the attacker has emailed the victims, asking each for 200 [euro's] ransom in Bitcoin.

rest (thread, some in Finnish): https://twitter.com/mikko/status/1320061214647439360

------------------------------

Date: Tue, 20 Oct 2020 20:44:23 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Adblockers installed 300,000 times are malicious and should be
removed now (Ars Technica)

https://arstechnica.com/information-technology/2020/10/popular-chromium-ad-blockers-caught-stealing-user-data-and-accessing-accounts/

------------------------------

Date: Thu, 22 Oct 2020 11:10:58 -0400
From: Richard Forno <rforno@infowarrior.org>
Subject: POTUS Twitter account reportedly hacked by Dutch whitehat
(Volkskrant)

Dutch Ethical Hacker Logs into Trump's Twitter Account https://www.volkskrant.nl/nieuws-achtergrond/dutch-ethical-hacker-logs-into-trump-s-twitter-account~badaa815/

Last week a Dutch security researcher succeeded in logging into the Twitter account of the American President Donald Trump. Trump, an active Twitterer
with 87 million followers, had an extremely weak and easy to guess password
and had according to the researcher, not applied two-step verification.

On Friday morning, almost absentmindedly, Gevers tries a number of passwords and their variations. On the fifth attempt: bingo! He tries `maga2020'
(short for make America great again) and suddenly finds himself in the
Twitter account of the American President. He is flabbergasted. Gevers: ``I expected to be blocked after four failed attempts. Or at least would be
asked to provide additional information.'' None of that.

On that Friday morning, Gevers has access to what is perhaps the most
important Twitter account in the world and is in a position to send a
message to 87 million people, the attentive world press, and government leaders. Gevers: ``I did think: Here we go again.''

[This item needs some verification. A screenshot is provided.]

------------------------------

Date: Tue, 20 Oct 2020 17:46:39 -0400
From: Monty Solomon <monty@roscom.com>
Subject: A shadowy AI service has transformed thousands of women's photos
into fake nudes: ``Make fantasy a reality'' (WashPost)

More than 100,000 photos of women have had their clothing removed by the software, including of girls younger than 18. ``Would a lab not
dominated by men have been so cavalier and so careless about the
risks?â''

https://www.washingtonpost.com/technology/2020/10/20/deep-fake-nudes/

------------------------------

Date: Fri, 23 Oct 2020 10:34:22 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: The AI that spots Alzheimer's from cookie drawing (bbc.com)

https://www.bbc.com/news/technology-54538228

"The AI model, developed by IBM Research and pharmaceutical giant Pfizer,
uses natural language processing to analyse short excerpts of speech taken
from the Cookie Theft cognitive test. The test, used for many years in the diagnosis of dementia and other cognitive illnesses, asks people to describe what they see in the picture.

"The AI spotted subtle changes to language, such as grammatical errors and different sentence structure, which indicate cognitive decline."

https://www.researchgate.net/publication/332061806_Describing_the_Cookie_Theft_picture_Sources_of_breakdown_in_Alzheimer's_dementia
explains Cookie Theft test merit and apparent success: "Speech-language pathologists routinely use picture description tasks to assess expository discourse in clients with disorders such as aphasia and dementia."

https://catless.ncl.ac.uk/Risks/search?query=speech+recognition&evol=1&lvol=32 reveals 37 prior comp.risks submission and replies.

Speech can be used as a bio-marker to assist neurological health
assessment. See https://en.wikipedia.org/wiki/Speech_disorder.

Automated speech recognition has at least a 5% false positive/false negative conversion-to-text error rate.

Applying this technology to indicate dementia or Alzheimer's risks appears convenient, especially if there's a deficit of specialized and qualified personnel. As a definitive diagnostic tool, there's much to improve. The
essay acknowledges deficiencies.

------------------------------

Date: Thu, 15 Oct 2020 15:04:13 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Twitter is currently down, perhaps globally

Twitter is currently down, perhaps globally

------------------------------

Date: Tue, 20 Oct 2020 01:17:52 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: How does Google's monopoly hurt you? (WashPost)

Right under our noses, the Internet's most-used website has been getting
worse.

https://www.washingtonpost.com/technology/2020/10/19/google-search-results-monopoly/

------------------------------

Date: Sat, 17 Oct 2020 15:05:02 -0400
From: Thomson Kuhn <tmk000@gmail.com>
Subject: DHS, USCIS to Modernize, Define the Collection of Biometrics

[Unfortunately, the comment period has closed.]

*The proposed rule would authorize biometrics collection for identity verification in addition to new techniques. Voice, iris and facial
recognition technologies are fast, accurate ways to confirm the identity of
an applicant that don't require physical contact. The proposed rule also authorizes DHS to collect DNA or DNA test results to verify a claimed
genetic relationship when the applicant or petitioner is unable to provide sufficient documentary evidence to establish the claimed relationship. Using DNA or DNA test results to help establish *family units* would help
petitioners and DHS verify claims of genetic relationships and keep adults
who are in custody from misrepresenting themselves as biological parents of minors who are not related to them. By using DNA or DNA tests to establish bona-fide genetic relationship between adults and minors in DHS custody, DHS can better protect the well-being of children.*

https://www.dhs.gov/news/2020/09/01/dhs-uscis-modernize-define-collection-biometrics

------------------------------

Date: Sat, 17 Oct 2020 14:44:56 -0700
From: Henry Baker <hbaker1@pipeline.com>
Subject: Sony PS5 enables voice recording (The Verge)

"Anything you say in a voice chat *could* be sent to Sony without your
explicit consent"
"It doesn't seem as if Sony is actively listening to *all* of your
conversations you're having with your pals"

Is it just me, or do others think that this 'feature' may run afoul of many *state laws* regarding the consents necessary for the recording of conversations?

Jay Peters@jaypeters, *The Verge*, 14 Oct 2020
Sony will let PS5 owners record their voice chats and snitch on fellow players The perhaps unwelcome feature arrived as part of the PS4's 8.0 update https://www.theverge.com/2020/10/14/21516928/sony-ps5-playstation-5-owners-record-listen-voice-chats-moderation-4-8-0-software-update

Some PlayStation 4 users who downloaded the latest 8.0 update got an
unwelcome surprise this morning: their console informed them that Sony had
the right to record their voice for moderation purposes.

Here are some examples:

Not only did sony break every ps4 due to how bad the update was,
they're even recording us #PS4 pic.twitter.com/006eQznRdf

-- Mini (@_Minii17) October 14, 2020

So apparently, in case y'all didn't know this beforehand. But
apparently the newest Sony update to the PS4 and will continue onto 5
will be recording your voice while in party chat. pic.twitter.com/T0VIbwIpZe

-- TSN | Ittarra BooOda : Still recovering (@IttarraOda) October 14, 2020

Initially, the update's release notes contained no mention of voice
recordings. But at some point today, Sony clarified what the messages meant
in an update to its official blog post.

Here is Sony's exact language:

Following this update, users are seeing a notification about Party Safety
and that voice chats in parties may be recorded. Voice chat recording for moderation is a feature that will be available on PS5 when it launches, and will enable users to record their voice chats on PS5 and submit them for moderation review. The pop up you're seeing on PS4 right now is to let you
know that when you participate in a chat with a PS5 user (post-launch), they may submit those recordings from their PS5 console to SIE.

To translate that statement, it seems that by joining a voice chat, even
with the older PlayStation 4, your voice can be recorded and submitted to
Sony for moderation by another user. This could certainly be invasive -- in theory, anything you say in a voice chat could be sent to Sony without your explicit consent. But the feature could also be a useful tool to help people report bad party members that may be harassing them.

Based on Sony's language, it doesn't seem as if Sony is actively listening
to all of your conversations you're having with your pals during your latest rounds of Fall Guys.

The 8.0 software also changes the way parties and messages work and adds new avatars, parental communication controls, and support for authenticator apps for two-factor authentication.

And in another move to prepare for the PS5's launch, Sony has rebranded the
PS4 Remote Play mobile, Mac, and PC apps to PS Remote Play, and you'll be
able to use the app to connect to a PlayStation 5 when the new console
launches next month.

------------------------------

Date: Mon, 19 Oct 2020 05:42:34 -0400
From: Jan Wolitzky <jan.wolitzky@gmail.com>
Subject: Paleontologists See Stars as Software Bleeps Scientific Terms
(NYTimes)

https://www.nytimes.com/2020/10/18/science/paleontology-banned-words-convey.html

------------------------------

Date: Sat, 17 Oct 2020 19:43:23 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Ailments in Covid-19 Trials Raise Questions About Vaccine Method
(Bloomberg)

https://www.bloomberg.com/news/articles/2020-10-17/ailments-in-covid-19-trials-raise-questions-about-vaccine-method
or https://www.msn.com/en-us/health/medical/ailments-in-covid-19-trials-raise-questions-about-vaccine-method/ar-BB1a7yuE

------------------------------

Date: Sat, 17 Oct 2020 11:23:18 -0700
From: Rob Slade <rmslade@shaw.ca>
Subject: Networking Theory and Superspreader Events

Recently there has been a great deal of concern about the exact
interpretation of rules about how many people you can have at your dinner party, or wedding, or funeral, or school classroom (or funeral following a dinner party). Journalists are tasking medical experts for precise numbers. People are saying they won't follow *the rules* because they aren't clear. That's kind of like saying that you won't wear warm clothes when you go out because the weather forecast is predicting five to thirty millimetres of
rain, and that isn't explicit enough.

Very few people understand formal, mathematical, networking theory,
including many of those who work in the field of networking. This seems to
be the basis of a great deal of the misunderstanding or objection to limitations on gathering numbers.

First of all, the more people you are in contact with, the greater your risk
of getting this (or any other communicable) disease. The closer the
contact, the greater the risk. The longer the contact, the greater the
risk. This is basic. Location, duration, relation.

In regard to numbers, *the rules* are different in different places. And
they are *best guess* advice. Nobody can say that a dinner party of six is safe, but a dinner party of seven will result in someone getting CoVID. However, let's take six as an example. You can have a dinner party with
five other people. That's probably OK. But if you then have another five people over for dinner the next night, and then five more over the night
after that, by the end of two weeks (which is a good period to consider
because it is widely acknowledged as the rough estimate of when most people will be infectious) you will have had dinner with seventy people. Six
people might be relatively safe. Seventy people is definitely getting dangerous. Keeping your individual party small is not terribly safe if you keep having a lot of different parties.

And that's just basic numbers, even before we start to add in the real networking aspects. If you have five people over for dinner, were each of
them out to dinner with five other people the night before? You now have indirect contact with twenty-five people with your small dinner party. And
if we go back to the day before that, you then have third-party contact with one hundred and twenty-five people. (By the time we get back two weeks, you are almost exceeding the population of the planet.) In terms of sexually transmitted infections, it is often said that whenever you have sex with someone, you have sex with everyone they ever had sex with. That is the way
to think about how safe your small party is.

And that's just dinner. If anyone in any of those circles plays football,
that adds contact with twenty-five more people, closely, and breathing very heavily, for every practice, and fifty for every game. Where do any of
those people work? And, if still working, does their work environment
involve people/not many people, masks/no masks, partitions/no partitions?

And then there are the *bubbles*. Originally, bubbles referred to your household, and the people you couldn't avoid having contact with. Then
people started to talk about expanding the bubbles, so that you could pick
one other family, or household, to bubble with, to safely (and even that's questionable) expand your social circle. After all, if you are taking precautions, and the one other family is taking precautions, then it should
be reasonably safe.

The thing is, when talking about expanding the bubbles, people immediately forgot that *one other* aspect. One other family might be safe. It's manageable. You know what's going on in that one other family. But as soon
as you get beyond one other, all bets are off. If you bubble with only two other bubbles, and each of them bubbles with two others, then indirectly you are connected with four other bubbles. And if each of them is doing two bubbles, then at third hand ...

Most of us humans aren't good at numbers. We can usually “see” seven
items. Anything more than that is just “a lot,” and we have only a
vague idea of how big anything is beyond that. By dint of practice, we
learn arithmetic, but, aside from a relative few, it never really comes naturally to us. And exponential growth in numbers is something that seems
to be beyond our immediate comprehension. This becomes very dangerous when
we are faced with having to make decisions, literally life and death
decisions, about how big of a network, and how many contacts, are safe, when every additional contact increases the risk. That is why public health agencies try to provides rules with specific numbers. The thing is, those numbers are estimates. They are not perfect. That's why there is so little agreement between them. And each jurisdiction has slight differences in environment and situation, which also modifies the numbers. So many people think that, if the numbers don't agree, then you can just ignore the rules.

The thing is, the public health agencies, and their calculations, may not be perfect. But they are based on work, and facts, and study, and expertise
that the agencies have, and you don't. Their guesses may be guesses, but
they are better than yours. Follow the rules. Look for accommodation, not loopholes.

Now go wash your hands.

------------------------------

Date: Wed, 21 Oct 2020 12:25:33 -0700
From: Rob Slade <rmslade@shaw.ca>
Subject: Some notes on publishing

Well, I finished and turned in the text of my latest book at the end of
August. (As I always say to those who want advice on getting published,
that's the easy part done.) It won't actually be available in hard copy for about another four months now, but. shortly thereafter, I did a search on Amazon (using the title, "Cybersecurity Lessons from CoVID-19") and found
that the publisher had already announced it, and even given it an ISBN. It
was (unsurprisingly) the first item that popped up when I searched using the title.

(A note on titles: the title is not my fault. It's the publisher who gets
the final say on titles.)

So, in the ongoing process of getting to print, I got the galley proofs yesterday. (I have to answer questions, check that they haven't added any errors, and do the index.) An error reminded me to check on Amazon again,
and see if the error was reproduced there.

I searched on the title again, and the results were quite different. A
number of titles have had SEO (Search Engine Optimization) done on them in
the month or so since I first checked, and a number of titles having nothing
to do with security and CoVID popped up, even before mine. In addition, someone has produced a pamphlet entitled "Cybersecurity Lessons From the COVID-19 Pandemic," which seems to be merely a "stay safe online" article.

There's more than one type of plagiarism in the publishing world these days ...

------------------------------

Date: Fri, 16 Oct 2020 11:34:12 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Cochlear and bone conduction implants to mitigate hearing

This RISKS submission summarizes product problems and patient medical device reports for cochlear and bone conduction implants extracted from the FDA's Total Product Lifecycle (TPLC) reporting system.

Cochlear hearing-assist devices are implanted in a patient's middle ear, connecting amplified audio output to the ear's bone structure. Battery
powered, they require periodic servicing. An overview of these devices can found here: https://en.wikipedia.org/wiki/Cochlear_implant. Digital signal processors comprise part of these devices.

CI reprogramming via telehealth engagement: https://www.yalemedicine.org/stories/remote-cochlear-implants/
Bone-conduction implantation: https://www.earscience.org.au/clinic/hearing-implants/bone-conduction-implants

The FDA product code classification scheme allocates several product codes
to categorize hearing assist devices. The product codes classify device regulatory scope, and are used for reporting purposes (recalls, premarket approvals, device reports, etc.).

These seven (7) hearing-assist device product codes yield comparatively few retrieved TPLC records: OSM, PLK, QDD, EWD, EWE, OAF, and PGQ. The product codes yielding the largest record counts of product device issues and
medical device reports (MDRs) extracted from TPLC are: MCM -- cochlear implants, and MAH, LXB -- bone conduction implant devices.

To learn the apparent advantages/disadvantages of each: https://www.aarp.org/health/conditions-treatments/info-2015/implanted-hearing-devices.html

Product device problems and MDRs comprise two TPLC categories. Both
categories, and their TPLC search yield, are directly correlated. The MDRs

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)