[continued from previous message]
configured, and secure.
* Audit network configurations and isolate computer systems that cannot be
updated.
* Audit your network for systems using RDP, closing unused RDP ports,
applying multiple-factor authentication wherever possible, and logging
RDP login attempts.
* Audit logs for all remote connection protocols.
* Train users to identify and report attempts at social engineering.
* Identify and suspend access of users exhibiting unusual activity.
Water and Wastewater Systems Security Recommendations
The following physical security measures serve as additional protective measures:
* Install independent cyber-physical safety systems. These are systems that physically prevent dangerous conditions from occurring if the control system is compromised by a threat actor.
* Examples of cyber-physical safety system controls include:
* Size of the chemical pump
* Size of the chemical reservoir
* Gearing on valves
* Pressure switches, etc.
The benefit of these types of controls in the water sector is that smaller systems, with limited cybersecurity capability, can assess their system from
a worst-case scenario. The operators can take physical steps to limit the damage. If, for example, cyber-actors gain control of a sodium hydroxide
pump, they will be unable to raise the pH to dangerous levels.
TeamViewer Software Recommendations
For a more secured implementation of TeamViewer software:
* Do not use unattended access features, such as Start TeamViewer with
Windows and Grant easy access.
* Configure TeamViewer service to manual start, so that the application
and associated background services are stopped when not in use.
* Set random passwords to generate 10-character alphanumeric passwords.
* If using personal passwords, utilize complex rotating passwords of
varying lengths. Note: TeamViewer allows users to change connection
passwords for each new session. If an end user chooses this option,
never save connection passwords as an option as they can be leveraged
for persistence.
* When configuring access control for a host, utilize custom settings to
tier the access a remote party may attempt to acquire.
* Require remote party to receive confirmation from the host to gain any
access other than view only. Doing so will ensure that, if an
unauthorized party is able to connect via TeamViewer, they will only see
a locked screen and will not have keyboard control.
* Utilize the Block and Allow list which enables a user to control which
other organizational users of TeamViewer may request access to the
system. This list can also be used to block users suspected of
unauthorized access.
------------------------------
Date: Sat, 6 Feb 2021 21:29:30 +1030
From: William Brodie-Tyrrell <
william.brodie.tyrrell@gmail.com>
Subject: NSA at Amazon (Matthew D Green)
Margaret Salter was the author/architect of Dual_EC_DRBG, the best-known instance of the NSA attempting to subvert civilian cryptography and security standards.
Margaret Salter is now Director AWS Applied Cryptography at Amazon.
This is perhaps not what one would call ideal in terms of trust in the
security of the world's largest hosting service.
https://twitter.com/matthew_d_green/status/1357139574858911745
------------------------------
Date: Thu, 11 Feb 2021 14:38:49 -0500
From: Paul Hyland <
paul@paulhyland.com>
Subject: Key TCP/IP Stacks Found Faulty, Vulnerable (Ars Technica)
Unrecognized dependencies represent an important type of vulnerability
related to open-source software, somewhat less evident to many, although clearly evident to RISKS readers.
Here's an interesting case of how an NPM package naming dispute broke the Internet for a few hours. npm is the dominant javascript package manager;
once a startup, it is now owned by Microsoft via GitHub. An NPM command
enabled one developer to remove all of his code after this dispute, and one deleted 17-line program of his was used by countless other software packages
- often without knowing it. This impacted industry and governments
alike. (This could also be a security threat, if such dependency trees could
be used as attack vectors for malware.)
https://arstechnica.com/information-technology/2016/03/rage-quit-coder-unpublished-17-lines-of-javascript-and-broke-the-internet/
------------------------------
Date: Fri, 5 Feb 2021 09:34:44 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: New Chrome Browser 0-day Under Active Update Immediately
Google has patched a zero-day vulnerability in Chrome web browser for
desktop that it says is being actively exploited in the wild.
The company released 88.0.4324.150 for Windows, Mac, and Linux, with a fix
for a heap buffer overflow flaw (CVE-2021-21148) in its V8 JavaScript
rendering engine. <
https://chromereleases.googleblog.com/2021/02/stable-channel-update-for-desktop_4.html>
"Google is aware of reports that an exploit for CVE-2021-21148 exists in the wild," the company said in a statement. [...]
https://thehackernews.com/2021/02/new-chrome-browser-0-day-under-active.html
------------------------------
Date: Sat, 6 Feb 2021 12:30:53 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Over a dozen Chrome extensions caught hijacking Google search
results for millions (The Hacker News)
New details have emerged about a vast network of rogue extensions for Chrome and Edge browsers that were found to hijack clicks to links in search
results pages to arbitrary URLs, including phishing sites and ads.
Collectively called "CacheFlow" by Avast, the 28 extensions in question -- including Video Downloader for Facebook, Vimeo Video Downloader, Instagram Story Downloader, VK Unblock -- made use of a sneaky trick to mask its true purpose: Leverage Cache-Control <
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cache-Control> HTTP header as a covert channel to retrieve commands from an
attacker-controlled server. <
https://decoded.avast.io/janvojtesek/backdoored-browser-extensions-hid-malicious-traffic-in-analytics-requests/>
All the backdoored browser add-ons have been taken down by Google and
Microsoft as of December 18, 2020, to prevent more users from downloading
them from the official stores. <
https://blog.avast.com/malicious-browser-extensions-avast>
According to telemetry data gathered by the firm, the top three infected countries were Brazil, Ukraine, and France, followed by Argentina, Spain, Russia, and the U.S. [...]
https://thehackernews.com/2021/02/over-dozen-chrome-extensions-caught.html
------------------------------
Date: Sun, 7 Feb 2021 16:40:51 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: New version of Uptane Standard clarifies protection strategies for
vulnerable vehicles (NYU Tandon School of Engineering)
Onboard computing units in cars are similarly vulnerable. The 2020 Global Automotive Cybersecurity Report, released by UpStream Security in December 2020, notes a 99% increase in cyberattacks on vehicles from 2018 to 2019,
and these attacks have increased 700% since 2016.
Uptane, founded at NYU Tandon in 2016 by Justin Cappos, associate professor
of computer science and engineering at the NYU Tandon School of Engineering, and Trishank Kuppusamy, who was a Ph.D. student at the time, is an
open-source software security project designed to address this threat. With direct input from automotive manufacturers and suppliers, its
implementations secure automotive systems by establishing a set of checks
and balances on a vehicle's electronic control units(ECUs) to ensure the authenticity of incoming software updates. Among its adoptions, Uptane is
part of Automotive Grade Linux, an open-source system currently used by many large automakers, and has been implemented by suppliers including Airbiquity and HERE.
https://engineering.nyu.edu/news/new-version-uptane-standard-clarifies-protection-strategies-vulnerable-vehicles
I've wondered about over-the-air updates/upgrades, haven't yet bought a
car capable of that.
------------------------------
Date: Sun, 7 Feb 2021 16:38:05 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: A Bigger Risk Than GameStop? Beware the Ponzi Scheme Next Door
(NYTimes)
Experts have seen an increase in the frauds, many of which are preying on investors who feel they lost out on the market gains of the last few years.
Mr. Pulman knows well. He has spent the past 11 years trying to recover
money lost in Mr. Stanford's scheme. Mr. Pulman said the U.S. Supreme Court
had turned down his group's last appeal to sue one of the insurance brokers directly -- at the end of 2020. ``The only people who made money were the lawyers. Investors are at a return of 5 to 6 cents on the dollar.''
Yet believers persist. Mr. Pulman had a client in his office several years
ago who said he had received $1,000 every month from a $100,000
investment. When the person he gave the money to came up short, he brought
in other investors.
https://www.nytimes.com/2021/02/05/your-money/ponzi-schemes-stock-market.html
------------------------------
Date: 5 Feb 2021 21:21:58 -0500
From: "John Levine" <
johnl@iecc.com>
Subject: Section 230 reform SAFE TECH act would shut down paid Internet
services (Gizmodo and Techdirt)
I wish I was kidding. The proposed bill says you might still have immunity
from suit "unless the provider or user has accepted payment to make the
speech available or, in whole or in part, created or funded the creation of
the speech." That is, if you sell hosting, or take ads, or have Patreon
style sponsors, you are on the hook for anything you host.
It doesn't get any better. Gizmodo has a good overview:
https://gizmodo.com/democrats-new-section-230-bill-could-devastate-the-inte-1846206984
And Techdirt has some good rants:
https://www.techdirt.com/articles/20210205/10384946193/now-democrats-turn-to-destroy-open-internet-mark-warners-230-reform-bill-is-dumpster-fire-cluelessness.shtml
https://www.techdirt.com/articles/20210205/12142446194/senators-warner-hirono-klobuchar-demand-end-internet-economy.shtml
------------------------------
Date: Fri, 5 Feb 2021 14:32:36 -0800
From: Lauren Weinstein <
lauren@vortex.com>
Subject: The SAFE TECH Act would overhaul Section 230, but law's defenders
warn of major side effects (TechCrunch)
The SAFE TECH Act would overhaul Section 230, but law's defenders warn
of major side effects.
Changes to 230 being proposed by the right & left would BOTH ultimately eliminate most UGC (user generated content) from the Web. Neither side understands what they are doing. -L
https://techcrunch.com/2021/02/05/safe-tech-act-section-230-warner/
------------------------------
Date: Sat, 6 Feb 2021 11:15:52 +0000
From: Andrew Yeomans <
security@yeomns.org.uk>
Subject: Where in the world is mobile data?
I've been forced to use a mobile data dongle, after a car demolished the
street junction box (another risk, putting infrastructure in a vulnerable position). My work activities have been triggering security alerts -- it appears that I'm rapidly traveling all over the country, from Edinburgh, Northern Ireland, South Shields, Manchester and now Salisbury -- despite
never leaving my home office! I'm guessing that carrier-grade NAT combined
with GPS or wifi-location from other users' devices has led to this virtual mobility.
------------------------------
Date: Sat, 6 Feb 2021 12:32:54 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Beware: New Matryosh DDoS Botnet Targeting Android-Based Devices
(The Hacker News)
A nascent malware campaign has been spotted co-opting Android devices into a botnet with the primary purpose of carrying out distributed
denial-of-service (DDoS) attacks.
Called "Matryosh by Qihoo 360's Netlab researchers, the latest threat has
been found reusing the Mirai botnet framework and propagates through exposed Android Debug Bridge (ADB) interfaces to infect Android devices and ensnare them into its network. <
https://blog.netlab.360.com/matryosh-botnet-is-spreading-en/>"
ADB is a command-line tool part of the Android SDK that handles
communications and allows developers to install and debug apps on Android devices.
<
https://developer.android.com/studio/command-line/adb>
While this option is turned off by default on most Android smartphones and tablets, some vendors ship with this feature enabled, thus allowing unauthenticated attackers to connect remotely via the 5555 TCP port and open the devices directly to exploitation. [...]
https://thehackernews.com/2021/02/beware-new-matryosh-ddos-botnet.html
------------------------------
Date: Mon, 8 Feb 2021 10:11:17 -0800
From: Lauren Weinstein <
lauren@vortex.com>
Subject: British police arrest man over offensive Captain Moore tweet,
giving it a vast international audience (BoingBoing)
Meet the Streisand Effect
https://boingboing.net/2021/02/08/british-police-arrest-man-over-offensive-captain-moore-tweet-giving-it-a-vast-international-audience.html
------------------------------
Date: Mon, 8 Feb 2021 11:30:40 -0500
From: Rebecca Mercuri <
notable@mindspring.com>
Subject: Calling All Ham Radio Operators
I'd have thought if they were smarter they'd have used a more obscure
code, but this was readily available and reasonably ubiquitous.
https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/
Writer Lawrence Abrams describes the attack as follows:
A email includes an HTML attachment named in such a way as to appear to be
an Excel invoice for the company. These attachments are named in the format '[company_name]_invoice_[number]._xlsx.hTML.'
The attachments include JavaScript that maps letters and numbers to Morse
code. For example, the letter '*a*' is mapped to '*.-*' and the letter '*b*'
is mapped to '*-...*', etc.
The script then calls a decodeMorse() function to decode a Morse code string into a hexadecimal string. This hexadeciimal string is further decoded
into JavaScript tags that are injected into the HTML page. These injected scripts combined with the HTML attachment contain the various resources necessary to render a fake Excel spreadsheet that states their sign-in timed out and prompts themĀ to enter their password again.
Once a user enters their password, the form will submit the password to a remote site where the attackers can collect the login credentials.
This campaign is highly targeted, with the threat actor using the logo.clearbit.com [possible garble here] service to insert logos for the recipient's companies into the login form to make it more convincing. If a
logo is not available, it uses the generic Office 365 logo.
These attachments are named in the format
'[company_name]_invoice_[number]._xlsx.hTML.'
The attachments includes JavaScript that maps letters and numbers
to Morse code. For example, the letter '<strong>a</strong>' is
mapped to '<strong>.-</strong>' and the letter '<strong>b</strong>'
is mapped to '<strong>-...</strong>', etc.
The script then calls a decodeMorse() function to decode a Morse code
string into a hexadecimal string. This hexadecimal string is
further decoded into JavaScript tags that are injected into the HTML
page. These injected scripts combined with the HTML attachment
contain the various resources necessary to render a fake Excel
spreadsheet that states their sign-in timed out and prompts
themĀ to enter their password again
Once a user enters their password, the form will submit the password
to a remote site where the attackers can collect the login
credentials. This campaign is highly targeted, with the threat actor
using the logo.clearbit.comservice to insert logos for the
recipient's companies into the login form to make it more convincing.
If a logo is not available, it uses the generic Office 365 logo.
------------------------------
Date: Mon, 8 Feb 2021 11:20:37 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: You cannot be serious: electronic line judges make Grand Slam debut
(AFP)
The days of tennis players arguing whether balls are in or out could be
coming to a close, after the smooth introduction of electronic line judging
at the Australian Open on Monday.
Line calls have been at the centre of many a tennis conflagration, from John McEnroe's "You cannot be serious" rant at Wimbledon in 1981 to Martina
Hingis's meltdown in the 1999 French Open final. But the coronavirus
pandemic has prompted a major change, with human judges replaced by ball-tracking cameras to reduce the number of people on site at Melbourne
Park.
Serena Williams and Naomi Osaka were among the players to give their seal of approval as the electronic system made its Grand Slam debut. The cameras
are set up along each line and automatically announce their decisions in
real time, with a recorded human voice calling "out", "fault" and "foot
fault". "It's interesting, It's definitely different," said 23-time Grand
Slam winner Williams after powering into the second round. "I'm loving it here, so... I just needed to adapt, and now I'm adapted to it. I think it's
for the best." "I think it's not too much that can be wrong," she added. "I think there can be some close calls that you can check, but I think it's
good."
The electronic calls feature pre-recorded voices of Australia's front-line workers in the country's pandemic response such as firefighters and other emergency response personnel.
*- 'No room for mistakes' -* [...]
https://news.yahoo.com/cannot-serious-electronic-line-judges-083755583.html
------------------------------
Date: Sun, 7 Feb 2021 15:14:11 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: AI and the List of Dirty, Naughty, Obscene, and Otherwise Bad Words
(WiReD)
It started as a way to restrict autocompletes on Shutterstock. Now it grooms search suggestions on Slack and influences Google's artificial intelligence research.
https://www.wired.com/story/ai-list-dirty-naughty-obscene-bad-words/
------------------------------
Date: Fri, 12 Feb 2021 11:49:04 +0800
From: Dan Jacobson <
jidanni@jidanni.org>
Subject: Data fallacies: Cherry Picking, Data Dredging...
https://www.geckoboard.com/best-practice/statistical-fallacies/
Data fallacies: Cherry Picking, Data Dredging, Survivorship Bias, Cobra
Effect, False Causality, Gerrymandering, Sampling Bias, Gambler's Fallacy, Regression Toward the Mean, Hawthorne Effect, Simpson's Paradox, McNamara Fallacy, Overfitting, Publication Bias.
------------------------------
Date: Sun, 7 Feb 2021 08:11:55 -0800
From: Peter G Neumann <
Neumann@CSL.SRI.COM>
Subject: Quantum computing hash function reversal (Bloomberg)
https://www.bloomberg.com/news/articles/2021-02-07/a-swiss-company-says-it-found-weakness-that-imperils-encryption
Though not published, there are reports of development of a quantum
annealing. Security experts have long worried that advances in quantum computing could eventually make it easier to break encryption that protects
the privacy of people's data. That's because these sophisticated machines
can perform calculations at speeds impossible for conventional computers, potentially enabling them to crack codes previously thought indecipherable.
Now, a Swiss technology company says it has made a breakthrough by using quantum computers to uncover vulnerabilities in commonly used encryption.
The company believes it's found a security weakness that could jeopardize
the confidentiality of the world's Internet data, banking transactions and emails.
Terra Quantum AG <
https://www.bloomberg.com/quote/1799515D:SW> said its discovery ``upends the current understanding of what constitutes
unbreakable'' encryption and could have major implications for the world's leading technology companies, such as Alphabet Inc. <
https://www.bloomberg.com/quote/GOOGL:US>'s Google, Microsoft Corp. <
https://www.bloomberg.com/quote/MSFT:US>, and International Business
Machines Corp. <
https://www.bloomberg.com/quote/IBM:US>
But some other security experts said they aren't nearly ready to declare a major breakthrough, at least not until the company publishes the full
details of its research. ``If true, this would be a huge result,'' said
Brent Waters <
https://www.cs.utexas.edu/~bwaters/>, a computer science professor who specializes in cryptography at the University of Texas at
Austin. ``It seems somewhat unlikely on the face of it. However, it is
pretty hard for experts to weigh in on something without it being
published.''
IBM spokesman Christopher Sciacca said his company has known the risks for
20 years and is working on its own solutions to address the issue of post-quantum security. ``This is why the National Institute of Science & Technology (NIST) has been hosting a challenge to develop a new quantum safe crypto standard,'' he said in an email. ``IBM has several proposals for this new standard in the final round, which is expected in a few years.''
Brian LaMacchia <
https://www.microsoft.com/en-us/research/people/bal/>, distinguished engineer at Microsoft, said company cryptographers are collaborating with the global cryptographic community to prepare customers
and data centers for a quantum future. ``Preparing for security in a post-quantum world is important not only to protect and secure data in the future but also to ensure that future quantum computers are not a threat to
the long-term security of today's information.''
Google didn't reply to a message seeking comment.
Terra Quantum AG has a team of about 80 quantum physicists,
cryptographers and mathematicians, who are based in Switzerland, Russia, Finland and the U.S. ``What currently is viewed as being post-quantum
secure is not post-quantum secure,'' said Markus Pflitsch, chief
executive officer and founder of Terra Quantum, in an interview. ``We can
show and have proven that it isn't secure and is hackable.''
Pflitsch founded the company in 2019. He's a former finance executive
who began his career as a research scientist at CERN
<
https://home.cern/>, the European Organization for Nuclear Research.
Terra Quantum's research is led by two chief technology officers =93
Gordey Lesovik
<
https://terraquantum.swiss/team/prof-gordey-b-lesovik-2/>, head of the Laboratory of Quantum Information Technology at the Moscow Institute of
Physics and Technology, and Valerii Vinokur <
https://www.bloomberg.com/news/terminal/QNHMM0MEQTXE>, a Chicago-based physicist who in 2020 won the Fritz London Memorial Prize for his work
in condensed matter and theoretical physics.
The company said that its research found vulnerabilities that affect
symmetric encryption ciphers <
https://www.hypr.com/symmetric-cipher/#:~:text=3DA%20symmetric%20cipher%20is%20one,into%20ciphertext%20and%20vice%20versa.>,
including the Advanced Encryption Standard <
https://csrc.nist.gov/projects/cryptographic-standards-and-guidelines/archived-crypto-projects/aes-development>,
or AES, which is widely used to secure data transmitted over the Internet
and to encrypt files. Using a method known as quantum annealing <
https://docs.dwavesys.com/docs/latest/c_gs_2.html>, the company said its research found that even the strongest versions of AES encryption may be decipherable by quantum computers that could be available in a few years
from now.
Vinokur said in an interview that Terra Quantum's team made the discovery
after figuring out how to invert what's called a ``hash function <
https://sandilands.info/crypto/HashFunctionsandMACs.html>,'' a mathematical algorithm that converts a message or portion of data into a numerical
value. The research will show that ``what was once believed unbreakable
doesn't exist anymore,'' Vinokur said, adding that the finding ``means a thousand other ways can be found soon.''
The company, which is backed by the Zurich-based venture capital firm
Lakestar LP <
https://www.bloomberg.com/quote/1080945D:SW>, has developed a
new encryption protocol that it says can't be broken by quantum
computers. Vinokur said the new protocol utilizes a method known as quantum
key distribution <
https://qt.eu/discover-quantum/underlying-principles/quantum-key-distribution-qkd/>.
Terra Quantum is currently pursuing a patent for the new protocol. But
the company will make it available for free, according to Pflitsch. ``We
will open up access to our protocol to make sure we have a safe and
secure environment,'' said Pflitsch. ``We feel obliged to share it with
the world and the quantum community.''
The U.S. government, like China, has made research in quantum computing research an economic and national security priority, saying that the
world is on the cusp of what it calls a new ``quantum revolution <
https://www.nist.gov/topics/physics/introduction-new-quantum-revolution/second-quantum-revolution>.''
In addition, technology companies including Google, Microsoft, and IBM
have made large investments in quantum computing in recent years.
------------------------------
Date: Sun, 7 Feb 2021 12:44:34 -1000
From: the keyboard of geoff goodfellow <
geoff@iconia.com>
Subject: The Battery Is Ready to Power the World (WSJ)
*After a decade of rapidly falling costs, the rechargeable lithium-ion
battery is poised to disrupt industries*
Rechargeable lithium-ion batteries were first commercially used in hand-held camcorders in 1991. Laptops soon followed. A decade later, batteries enabled the rise of tech titans such as Apple Inc. by powering smartphones and
wearable devices, then made their way into electric vehicles. The basic technology throughout remained pretty much the same: Lithium ions move
through a liquid from the cathode to the anode, and back again.
This, however, was just the beginning. After a decade of rapidly falling
costs, the battery has reached a tipping point. No longer just for consumer products, it is poised to transform the way the world uses power.
In the energy sector, affordable batteries are making it possible for
companies to store electricity and harvest renewable power. In the auto industry, they are set to challenge the gas-powered engine's century-long domination. Costs have come down so far and so fast that most car makers
expect that electric vehicles, which are currently more expensive than their gas-powered counterparts, will cost the same amount to build within the next five years.
The gains are likely to continue. Electric vehicles are currently the main source of demand for battery cells. As demand grows and costs fall further, batteries will become even more disruptive across industries. Batteries recently scored a win at General Motors Co., which said it hoped to phase
out gasoline- and diesel-powered vehicles from its showrooms world-wide by 2035.
The battery boom could erode demand for crude oil and byproducts such as gasoline -- as well as for natural gas, which is primarily used in power plants. While mining materials and manufacturing batteries produce some greenhouse gas emissions, analysts believe shifting to batteries in the auto and energy sectors would reduce emissions overall, boosting efforts to
tackle climate change.
U.S. power plants alone produce about a quarter of the country's emissions, while light-duty vehicles such as cars and vans contribute another 17%.
The rise of rechargeable batteries is now a matter of national security and industrial policy. Control of the minerals and manufacturing processes
needed to make lithium-ion batteries is the 21st-century version of oil security.
The flow of batteries is currently dominated by Asian countries and
companies. Nearly 65% of lithium-ion batteries come from China. By
comparison, no single country produces more than 20% of global crude oil output.
Companies are working on new configurations -- such as solid-state
batteries, which don't transfer ions through liquid -- that could
significantly enhance the power and further lower battery prices. The value
of such a breakthrough could be measured in the billions of dollars, if not trillions.
``There's still a huge amount of innovation to come,'' says Christina Lampe-Onnerud, chief executive at Connecticut-based battery startup Cadenza Innovation Inc. Her company envisions that buildings could someday have
their own batteries, giving them reserves of electricity they could use
during peak hours to reduce costs. [...]
https://www.wsj.com/articles/the-battery-is-ready-to-power-the-world-11612551578?st=3Drdspf6n95se7cy5
------------------------------
Date: Fri, 12 Feb 2021 14:03:33 -0500
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Fairfax County vs Virginia on vaccinations
Fairfax Health District Not Participating in Statewide COVID-19 Vaccine Registration System At This Time
https://fairfaxcountyemergency.wpcomstaging.com/2021/02/12/fairfax-health-district-not-participating-in-statewide-covid-19-vaccine-registration-system-at-this-time/
Local Vaccine Registration Forms To Close As VA Takes Over System The
Virginia Department of Health has directed all local health districts to
close their vaccine registration forms at 5 p.m. on Friday.
https://patch.com/virginia/annandale/s/hfelm/local-vaccine-registration-forms-to-end-as-va-takes-over-system
------------------------------
Date: Tue, 9 Feb 2021 14:44:26 -0500 (EST)
From:
eli@panix.com (B. Elijah Griffin)
Subject: Re: Terraria port to Google Stadia sunk by bad Google support
In RISKS-32.48, the
https://killedbygoogle.com/ site was mentioned. Google Stadia, their game platform isn't yet there, although Google has killed
their team developing exclusive games for it. And now, through heavy-handed punishment and ineffective user support, Google has facilitated killing a
game port to Stadia.
https://arstechnica.com/gadgets/2021/02/terraria-developer-cancels-google-stadia-port-after-youtube-account-ban/
Some "strike" in Youtube escalated into locking all related accounts for one
of the co-developers of the game Terraria. Gmail, paid for apps and content
on Android, etc. It sounds like the Terraria team did not use well separated accounts (a risk). And that the Google response with unhelpful suggestions
via public twitter interactions like asking about accessing the email
account to restore the Youtube account (said account locked because of the Youtube thing) could well be a risk of treating all customer support as insignificant to the company.
The net effect, however, is after three weeks with no resolution, the
developer has called the bridge "burned" and doing business with Google "a liability". Consequently the port of Terraria to Stadia is canceled.
Many people in the comments at Ars Technica point out how for some people, getting their Google account blocked turns them into an "unperson". Google Drive documents and backups, email, phone apps, all simultaneously
locked. With Google Fi even phone service can be locked out. Good luck
dealing with that if all your evidence of being correct was in your email or Drive documents.
------------------------------
Date: Fri, 5 Feb 2021 23:21:22 -0500
From: Isaac Morland <
isaac.morland@gmail.com>
Subject: Re: The `Dumb Money' Outfoxing Wall Street Titans (Baker,
RISKS-32.48)
I don't believe this is correct.
Suppose person A has a share. They loan it to B, who sells it to C. Then C loans it to D, who sells it to E. Now the ownership is as follows:
A: 1 (loaned to B)
B: -1 (owed to A)
C: 1 (bought from B and loaned to D)
D: -1 (owed to C)
E: 1 (bought from D)
Total: 1 - 1 + 1 - 1 + 1 = 1
Yet, the total short interest in this scenario is 2, even though only one *original* share is involved.
I think the confusion may arise from the difference between total ownership
(in money terms, currency plus bank deposits minus bank loans) and assets on hand (in money terms, currency only). In the scenario above, only E actually "has" a share; A and C only have the right to demand their share be
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)