RISKS-LIST: Risks-Forum Digest Saturday 17 April 2021 Volume 32 : Issue 60
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <
http://www.risks.org> as
<
http://catless.ncl.ac.uk/Risks/32.60>
The current issue can also be found at
<
http://www.csl.sri.com/users/risko/risks.txt>
Contents:
National Weather Service Internet systems crumbling as key platforms fail
(WashPost)
737 MAX recidivus (Rob Slade)
Cosmic rays causing 30,000 network malfunctions in Japan each year
(The Japan Times)
100 Million More IoT Devices Are Exposed and They Won't Be the Last (WiReD)
GPS is endangered by a misguided FCC decision made during the Trump
administration (WashPost)
Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021
(Zero Day Initiative)
A Casino Gets Hacked Through a Fish-Tank Thermometer (Entrepeneur)
Millions of Devices at Risk From NAME:WRECK DNS Bugs (Alex Scroxton)
Remote exploitation of a man-in-the-disk vulnerability in WhatsApp
(CVE-2021-24027)
``How can a democracy function if we can't talk to one another?''
U.S. justices ask (Reuters)
Texas Man Charged With Planning To Blow Up Ashburn Data Center
(Arlington VA Patch)
NYPD's Robot Dog Returns to Work, Touching Off a Backlash (NYTimes)
The Perils of Overhyping Artificial Intelligence For AI to Succeed,
It First Must Be Able to Fail (Foreign Affairs)
Microchip security continues to confound Pentagon (Techxplorre)
'Miss'taken assumptions lead to plane incident (The Guardian)
The UK Is Trying to Stop Facebook's End-to-End Encryption (WiReD)
Coinbase Makes Its Debut -- and Bitcoin Arrives on Wall Street (WiReD)
My email account needs blockchain maintenance? (Rob Slade)
Scientists studying solar try solving a dusty problem (techxplore.com)
Plan to install green energy storage on Williamsburg roof raises tenants'
ire (Bklyner)
Understanding fruit fly behavior may be next step toward autonomous
vehicles (techxplore.com)
Self-driving vehicles (Car and Driver via Richard Stein)
Supreme Court & Facebook Unwanted Automated Texts (Consumer Reports)
Foreign intel services could abuse ad networks for spying (Henry Baker)
NJ town: Our IT vendor ate our e-mails (North Jersey)
Loot boxes in video games deemed close enough to gambling to warrant
regulation (medicalxpress.com)
"Work From Home" being blamed for security risks (Rob Slade)
He Built a $10 Billion Investment Firm. It Fell Apart in Days. (NYTimes) Marylanders could soon be fined $100 for intentionally releasing balloons
(DCist)
She called off her Wedding. The Internet will never forget (WiReD)
Scientists Create Online Games to Show Risks of AI Emotion Recognition
(Nicola Davis)
AI Comes to Car Repair, and Body Shop Owners Aren't Happy (WiReD)
The Foundations of AI Are Riddled With Errors (WiReD)
We tested the first state's vaccine passport: Here's what to expect
(WashPost)
GoToMeeting/GoToWebinar (Rob Slade)
Re: Antiscience Movement Is ... Killing Thousands (Jose Maria Meteos,
Amos Shapir)
People Count: People Count: Contact-Tracing Apps and Public Health
(Susan Landau, MIT Press 2021)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Sun, 4 Apr 2021 21:54:07 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: National Weather Service Internet systems crumbling as key
platforms fail (WashPost)
Most of the agency's online systems went down Tuesday, and during last
week's tornado outbreak in the South, a vital resource for relaying
information crashed
https://www.washingtonpost.com/weather/2021/03/30/nws-internet-infrastructure-outages/
------------------------------
Date: Sat, 10 Apr 2021 11:52:38 -0700
From: Rob Slade <
rslade@gmail.com>
Subject: 737 MAX recidivus
Some of the planes are grounded because they may not be grounded.
https://lite.cnn.com/en/article/h_f62e279af56640bf9ab1bb07de9eda16
------------------------------
Date: Mon, 5 Apr 2021 12:30:51 +0900
From: Dave Farber <
farber@keio.jp>
Subject: Cosmic rays causing 30,000 network malfunctions in Japan each year
(The Japan Times)
https://www.japantimes.co.jp/news/2021/04/04/business/tech/ntt-cosmic-rays/ https://cdn-japantimes.com/wp-content/uploads/2021/04/np_file_79612.jpeg
The Japan Times, 4 Apr 2021 (Bloomberg)
Nippon Telegraph and Telephone Corp. has found that cosmic rays are causing
an estimated 30,000 to 40,000 temporary malfunctions in domestic network communication devices in Japan every year. 9BLOOMBERG)
Most so-called soft errors, or temporary malfunctions, in the firm's
hardware are automatically corrected via safety devices, but experts said in some cases they may have led to disruptions.
It is the first time the actual scale of soft errors in domestic information infrastructures has become evident.
Soft errors occur when the data in an electronic device is corrupted after neutrons, produced when cosmic rays hit oxygen and nitrogen in the Earth's atmosphere, collide with the semiconductors within the equipment.
Cases of soft errors have increased as electronic devices with small and high-performance semiconductors have become more common. Temporary
malfunctions have sometimes led to computers and phones freezing, and have
been regarded as the cause of some plane accidents abroad.
Masanori Hashimoto, professor at Osaka University's Graduate School of Information Science and Technology and an expert in soft errors, said the malfunctions have actually affected other network communication devices and electrical machinery at factories worldwide.
There is a chance that `greater issues' will arise as society's
infrastructure becomes `more reliant on electronic devices' that use such technologies as artificial intelligence and automated driving, Hashimoto
said.
He emphasized the need for the government and businesses to further research and implement countermeasures.
However, identifying the cause of soft errors and implementing measures
against them can be difficult due to them not being reproducible in trials, unlike mechanical failures.
NTT therefore measured the frequency of soft errors through an experiment whereby semiconductors are exposed to neutrons, and concluded there are
about 100 errors per day in its domestic servers.
Although NTT did not reveal if network communication disruptions have
actually occurred, the company said it was ``implementing measures against major issues'' and ``confirming the quality of the safety devices and
equipment design through experiments and presumptions.''
------------------------------
Date: Wed, 14 Apr 2021 19:41:06 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: 100 Million More IoT Devices Are Exposed and They Won't Be the Last
(WiReD)
The Name:Wreck flaws in TCP/IP are the latest in a series of vulnerabilities with global implications.
https://www.wired.com/story/namewreck-iot-vulnerabilities-tcpip-millions-devices/
------------------------------
Date: Thu, 15 Apr 2021 13:05:27 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: GPS is endangered by a misguided FCC decision made during the Trump
administration (WashPost)
The Biden administration has an opportunity to undo a potentially
devastating ruling that ignored government-wide, bipartisan criticism.
https://www.washingtonpost.com/opinions/2021/04/14/gps-is-endangered-by-misguided-fcc-decision-made-during-trump-administration/
------------------------------
Date: Wed, 14 Apr 2021 14:06:05 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Windows, Ubuntu, Zoom, Safari, MS Exchange Hacked at Pwn2Own 2021
(Zero Day Initiative)
The 2021 spring edition of *Pwn2Own* <
https://www.zerodayinitiative.com/blog/2021/4/2/pwn2own-2021-schedule-and-live-results>
hacking contest concluded last week on April 8 with a three-way tie between Team Devcore, OV, and Computest researchers Daan Keuper and Thijs Alkemade.
A total of $1.2 million was awarded for 16 high-profile exploits over the course of the three-day virtual event organized by the Zero Day Initiative (ZDI).
Targets with successful attempts included Zoom, Apple Safari, Microsoft Exchange, Microsoft Teams, Parallels Desktop, Windows 10, and Ubuntu Desktop operating systems.
Some of the major highlights are as follows:
- Using an authentication bypass and a local privilege escalation to
completely take over a Microsoft Exchange server, for which the Devcore
team netted $200,000
- Chaining a pair of bugs to achieve code execution in Microsoft Teams,
earning researcher OV $200,000
- A zero-click exploit targeting Zoom that employed a three-bug chain to
exploit the messenger app and gain code execution on the target system.
($200,000)
- The exploitation of an integer overflow flaw in Safari and an
out-of-bounds write to get kernel-level code execution ($100,000)
- An exploit aimed at the Chrome renderer to hack Google Chrome and
Microsoft Edge (Chromium) browsers ($100,000)
- Leveraging *use-after-free*
<
https://cwe.mitre.org/data/definitions/416.html>, race condition, and
integer overflow bugs in Windows 10 to escalate from a regular user to
SYSTEM privileges ($40,000 each)
- Combining three flaws -- an uninitialized memory leak, a stack
overflow, and an integer overflow -- to escape Parallels Desktop
and execute code on the underlying operating system ($40,000)
- Exploiting a memory corruption bug to successfully execute code on the
host operating system from within Parallels Desktop ($40,000)
- The exploitation of out-of-bounds access bug to elevate from a
standard user to root on Ubuntu Desktop ($30,000)
The *Zoom vulnerabilities* <
https://twitter.com/thezdi/status/1379855435730149378> exploited by Daan Keuper and Thijs Alkemade of Computest Security are particularly noteworthy because the flaws require no interaction of the victim other than being a participant on a Zoom call. What's more, it affects both Windows and Mac versions of the app, although it's not clear if Android and iOS versions are vulnerable as well. [...]
https://thehackernews.com/2021/04/windows-ubuntu-zoom-safari-ms-exchange.html
------------------------------
Date: Fri, 16 Apr 2021 17:49:35 +0300
From: Amos Shapir <
amos083@gmail.com>
Subject: A Casino Gets Hacked Through a Fish-Tank Thermometer (Entrepeneur)
Hackers gain entry to a casino's internal net via a fish tank, and steal
list of customers:
https://www.entrepreneur.com/article/368943
------------------------------
Date: Wed, 14 Apr 2021 12:09:28 -0400 (EDT)
From: ACM TechNews <
technews-editor@acm.org>
Subject: Millions of Devices at Risk From NAME:WRECK DNS Bugs (Alex Scroxton)
Alex Scroxton, *Computer Weekly*, 13 Apr 2021 via ACM TechNews, 14 Apr 2021
Researchers at cybersecurity provider Forescout Research Labs and Israeli cybersecurity consultancy JSOF discovered nine new Domain Name System (DNS) vulnerabilities that could imperil more than 100 million connected Internet
of Things (IoT) devices, at least a third of them located in the UK. Collectively designated NAME:WRECK, the bugs affect four popular
Transmission Control Protocol/Internet Protocol (TCP/IP) stacks: FreeBSD, IPnet, Nucleus NET, and NetX. Malefactors who exploit the vulnerabilities in
a denial of service or remote code execution attack could disrupt or hijack targeted networks. Forescout's Daniel dos Santos said, "Complete protection against NAME:WRECK requires patching devices running the vulnerable versions
of the IP stacks, and so we encourage all organizations to make sure they
have the most up-to-date patches for any devices running across these
affected IP stacks."
https://orange.hosting.lsoft.com/trk/click?ref=znwrbbrs9_6-2a7bbx22a5bdx069869&
------------------------------
Date: Wed, 14 Apr 2021 14:00:06 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: Remote exploitation of a man-in-the-disk vulnerability in WhatsApp
(CVE-2021-24027)
CENSUS has been investigating for some time now the exploitation potential
of Man-in-the-Disk (MitD) [01] vulnerabilities in Android. Recently, CENSUS identified two such vulnerabilities in the popular WhatsApp messenger app
for Android [34]. The first of these was possibly independently reported to Facebook and was found to be patched in recent versions, while the second
one was communicated by CENSUS to Facebook and was tracked as CVE-2021-24027 [33]. As both vulnerabilities have now been patched, we would like to share
our discoveries regarding the exploitation potential of such vulnerabilities with the rest of the community.
In this article we will have a look at how a simple phishing attack through
an Android messaging application could result in the direct leakage of data found in External Storage (/sdcard). Then we will show how the two aforementioned WhatsApp vulnerabilities would have made it possible for attackers to remotely collect TLS cryptographic material for TLS 1.3 and TLS 1.2 sessions. With the TLS secrets at hand, we will demonstrate how a man-in-the-middle (MitM) attack can lead to the compromise of WhatsApp communications, to remote code execution on the victim device and to the extraction of Noise [05] protocol keys used for end-to-end encryption in
user communications.
Android 10 introduced the scoped storage feature [13], as a proactive
defense against these types of attacks. With scoped storage, apps get by default access only to their own content on External Storage. Apps bearing
a certain permission [36] can also access content shared by other
applications. Finally, full access to External Storage is only granted to special purpose apps (e.g. file managers) that have been audited by Google. Android 11 is the first version to fully enforce the scoped storage rules
on all apps, while Android 10 included a permissive mode of operation to provide developers with the needed time to transition to the new file
access scheme.
The techniques presented in this article apply to mobile devices running Android versions up to and including Android 9. It is possible to perform similar attacks using file-based access in Android 10, but we have not
included these for reasons of brevity. Even without Android 10 in the
picture, the number of affected devices remains quite large. Appbrain statistics [35] hint that devices running Android up to and including
version 9 may very well constitute a 60% of all devices running Android
today. [...]
https://census-labs.com/news/2021/04/14/whatsapp-mitd-remote-exploitation-CVE-2021-24027/
------------------------------
Date: Wed, 14 Apr 2021 14:22:31 -1000
From: geoff goodfellow <
geoff@iconia.com>
Subject: ``How can a democracy function if we can't talk to one another?''
U.S. justices ask (Reuters)
Two U.S. Supreme Court justices from opposite ends of the ideological
spectrum are calling on Americans to learn to talk civilly to each other or risk lasting damage to the nation's democratic system.
Speaking in a pre-recorded discussion released on Wednesday, liberal Justice Sonia Sotomayor and conservative Justice Neil Gorsuch both bemoaned the
current state of public discourse, which they said was abetted by the spread
of disinformation on social media.
The United States in the past year has endured a contentious presidential campaign, former President Donald Trump's false claims of a stolen
election, an attack on the U.S. Capitol by a pro-Trump mob and police
incidents that triggered protests against racial injustice.
``We have a ... very heated debate going on. And that's not necessarily a
bad thing, but it can turn into an awful thing, into something that destroys the fabric of our community, if we don't learn to talk to each other,'' Sotomayor said. [...]
https://www.reuters.com/article/us-usa-court-justices-idUSKBN2C12VN
------------------------------
Date: Mon, 12 Apr 2021 18:05:11 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Texas Man Charged With Planning To Blow Up Ashburn Data Center
(Arlington VA Patch)
Federal prosecutors have charged Seth Aaron Pendley of Wichita Falls, Texas, with trying to blow up an Amazon data center in Ashburn. [...] Last
Thursday, Pendley again met with the undercover FBI agent to pick up what he believed to be explosive devices. However, the agent gave Pendley inert devices. After the agent showed Pendley how to arm and detonate the devices, the defendant loaded them into his car, according to the complaint. Pendley was then arrested by FBI agents who monitored the delivery of the inert devices.
https://patch.com/virginia/arlington-va/texas-man-charged-planning-blow-ashburn-data-center
Brilliant, give street name and show picture! Fortunately, this one's a
moron -- but why paint a bulls eye for someone else?
------------------------------
Date: Thu, 15 Apr 2021 13:04:33 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: NYPD's Robot Dog Returns to Work, Touching Off a Backlash
(NYTimes)
Deployed at a public housing building, the device drew condemnation as a
stark example of police power and misplaced priorities.
A group of police officers marched out of a public housing building in Manhattan on Monday with a man who they said had a gun and had been hiding
in an apartment with a woman and her baby.
But it was what came out of the building next that really grabbed attention while feeding into a far-reaching debate about policing in New York: a
70-pound robotic dog outfitted with lights, cameras and artificial intelligence.
The four-legged device had only gone into and out of the building's lobby without playing an active role in the operation, the police said. Still,
its mere presence at a public housing building ignited a fierce backlash,
with many people condemning it as a stark example of police power and
misplaced priorities even as calls to address both roil the United States.
“You can't give me a living wage, you can't raise a minimum wage, you can't give me affordable housing; I'm working hard and I can't get paid leave, I can't get affordable child care,” Representative Jamaal Bowman, a first-term Democrat who represents parts of the Bronx and Westchester County, said in a video posted on Twitter. “Instead we got money, taxpayer money, going to robot dogs?” [...]
After the New York police deployed their dog during a hostage situation in
the Bronx in February, Representative Alexandria Ocasio-Cortez, a Democrat
who represents parts of the borough and Queens, likened the Digidog on
Twitter to a `robotic surveillance ground' drone. [...]
In response to questions about the robotic dog, the Police Department on Wednesday referred to a February tweet that said New York officers had been using robots for 50 years in hostage situations and hazardous material
settings where humans could be in danger. [...]
“We're powerless,” she said. “We're like the scapegoats in society. To further read that they are trying it out and testing it out on us --
everything that happens bad in our community happens here first.”
https://www.nytimes.com/2021/04/14/nyregion/robot-dog-nypd.html?referringSourcerticleShare
Where to start, looking at this nonsense, much of it from people who
should know better. Cops use robot dog to avoid putting people in danger,
people are hysterical.
------------------------------
Date: Wed, 7 Apr 2021 14:25:57 +0900
From: David Farber <
farber@keio.jp>
Subject: The Perils of Overhyping Artificial Intelligence For AI to Succeed,
It First Must Be Able to Fail
https://www.foreignaffairs.com/articles/united-states/2021-04-06/perils-overhyping-artificial-intelligence
------------------------------
Date: Sat, 10 Apr 2021 10:22:29 +0800
From: Richard Stein <
rmstein@ieee.org>
Subject: Microchip security continues to confound Pentagon (Techxplorre)
https://techxplore.com/news/2021-04-microchip-confound-pentagon.html
"The Pentagon is trying to find out how industry does it. The department is writing into the contracts it signs with chip designers and foundries a requirement to provide access to corporate data on assessing chip
reliability, according to Brett Hamilton, deputy principal director of the Pentagon's microelectronics office, which is part of the office of the undersecretary for research and engineering."
Enhanced corporate transparency -- disclosure of microelectronic design,
test, manufacturing data (test plans, results, design reviews, internal discussions) can reveal issues affecting intellectual property design/publication viability and/or manufactured product reliability.
Over-the-shoulder inspection of commercial operations assumes the looker possesses the subject matter to intelligently assess the content for engineering merit and risk.
When an unaddressed issue materializes in a supplier's product (e.g., a
design defect), what action should the product designer or manufacturer, or customer, undertake to mitigate it? Who should pay for the mitigation?
Risk: Risk of risks
------------------------------
Date: Fri, 9 Apr 2021 14:41:24 -0400 (EDT)
From: Eli the Bearded <*@eli.users.panix.com>
Subject: 'Miss'taken assumptions lead to plane incident (The Guardian)
https://www.theguardian.com/world/2021/apr/09/tui-plane-serious-incident-every-miss-on-board-child-weight-birmingham-majorca
An update to the airline's reservation system while its planes were
grounded due to the coronavirus pandemic led to 38 passengers on the
flight being allocated a child's "standard weight" of 35kg as opposed to
the adult figure of 69kg.
This caused the load sheet -- produced for the captain to calculate what
inputs are needed for take-off -- to state that the Boeing 737 was more
than 1,200kg lighter than it actually was.
Investigators described the glitch as "a simple flaw" in an IT system. It
was programmed in an unnamed foreign country where the title "Miss" is
used for a child and "Ms" for an adult female.
The fix is apparently somewhat flawed:
The operator subsequently introduced manual checks to ensure adult females
were referred to as `Ms' on relevant documentation.
Risk is bad heuristics instead of asking for needed information ("adult or child?") from the customers.
[Also noted by Rory Crispin, Kees Huyser, Paul Cornish, Wendy Grossman,
and Tom Van Vleck. In addition,
Lars-Henrik Eriksson noted:
Cultural differences cause incorrect flight load calculation
https://www.theregister.com/2021/04/08/tui_software_mistake/
David Lamkin noted:
Perils of internationalisation: incorrect airline load sheet
https://www.gov.uk/aaib-reports/aaib-investigation-to-boeing-737-8k5-g-tawg-21-july-2020
PGN]
------------------------------
Date: Sun, 4 Apr 2021 22:07:01 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: The UK Is Trying to Stop Facebook's End-to-End Encryption
(WiReD)
The government's latest attack is aimed at discouraging the company from following through with its planned rollout across platforms.
https://www.wired.com/story/uk-trying-to-stop-facebook-end-to-end-encryption/
------------------------------
Date: Thu, 15 Apr 2021 18:00:33 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Coinbase Makes Its Debut -- and Bitcoin Arrives on Wall Street
(WiReD)
All of this means that Coinbase's listing is a little like bitcoin's stock market debut, too. Which is weird, when you think about where bitcoin
started. In his 2019 book, Narrative Economics, the Nobel Prize-winning economist Robert Shiller describes the rise of bitcoin as a feat of storytelling. There was the benefit of being the first, he writes, and in
the technology's unique independence from authority, which the story held
made it a hedge against government collapse and inflation. Others, including Bloomberg's Joe Weisenthal, have gone so far as to call bitcoin a “faith-based” asset. Faith as in religion. It started with its pseudonymous prophet, Satoshi Nakamoto, who compiled the code and vanished. It has code words, a sacred white paper, a ritualistic schedule for `halving' the
creations of new blocks on the chain. Yes, all assets require faith. But
faith in the dollar is not faith in a physical paper or a coin, it's in the
US government. With bitcoin, the faith is in the thing itself, the network
that generates the coins and keeps them secure.
The conviction of bitcoin's adherents is important, given the lack of
earthly evidence for its value. Bitcoin is scarce, sure, because the code ensures only 21 million bitcoins will ever be created. But that doesn't make
it an investible asset on its own. There are limited use cases. Bitcoin
can't be spent efficiently, much as people are trying to make that
happen. The network in which people place their faith is still somewhat immature, leading to fears that the bitcoin market could be subject to manipulation.
The masses have not been resoundingly faithful to this movement. The mathematical epidemiologist Adam Kucharski, known for his work explaining
the transmission of diseases like Covid-19, writes about bitcoin as a form
of contagion spread through word of mouth and media mentions. But in network terms, the series of booms and busts reveals a *disconnected* contagion --
an epidemic that flares up but doesn't spread too far. During a frenzy lots
of people jump in, and the value rises, for a while, but the overall impact
is limited. Recent surveys suggest that fewer than 10 percent of Americans
have dabbled in cryptocurrency. About half of those people said they have regrets.
https://www.wired.com/story/coinbase-debut-bitcoibuildingn-arrives-wall-street/
------------------------------
Date: Tue, 13 Apr 2021 14:42:35 -0700
From: Rob Slade <
rslade@gmail.com>
Subject: My email account needs blockchain maintenance?
OK, this is a weird one.
I've got what is obviously some type of phishing spam, which reports that my email account needs some kind of blockchain maintenance in order to improve user experience and reduce the rate of spam. (Nice touch.)
Yeah. I'll get on that right away.
BLOCKCHAIN IS NOT THE ANSWER!!!
------------------------------
Date: Mon, 5 Apr 2021 21:03:39 +0800
From: Richard Stein <
rmstein@ieee.org>
Subject: Scientists studying solar try solving a dusty problem
(techxplore.com)
https://techxplore.com/news/2021-04-scientists-solar-dusty-problem.html
"Solar's getting deployed, but we're losing energy because solar's getting deployed in dusty locations.
"The energy lost annually from soiling amounts to as much as 7% in parts of
the United States to as high as 50% in the Middle East."
Where's the Rosie, the Jetson's robot maid, when you need her (it)?
The Middle East, during the heat of the day, is dangerous for human health: sunstroke, dehydration, etc. The article mentions a patent that can indicate when to deploy cleanup, which costs ~US$ 5K for a 10MW photovoltaic installation that powers ~2Khomes. Sol's photons might be free, but to catch and convert into power is costly.
Risk: Housekeeping operation expense from dust accumulating on photovoltaic packages (reduced photon to electron conversion efficiency).
------------------------------
Date: Tue, 6 Apr 2021 19:25:11 -0400
From: Gabe Goldberg <
gabe@gabegold.com>
Subject: Plan to install green energy storage on Williamsburg roof raises
tenants' ire (Bklyner)
A proposal to install energy infrastructure on a Williamsburg roof to ease
the load on north Brooklyn's power grid faces angry opposition from tenants
who say they're being left in the dark.
https://bklyner.com/plan-to-install-green-energy-storage-on-williamsburg-roof-raises-tenants-ire/
Risks? Power infrastructure, NIMBY, landlords.
------------------------------
Date: Wed, 7 Apr 2021 20:38:35 +0800
From: Richard Stein <
rmstein@ieee.org>
Subject: Understanding fruit fly behavior may be next step toward autonomous
vehicles (techxplore.com)
https://techxplore.com/news/2021-04-fruit-behavior-autonomous-vehicles.html
"With over 70% of respondents to a AAA annual survey on autonomous driving reporting they would fear being in a fully self-driving car, makers like
Tesla may be back to the drawing board before rolling out fully autonomous self-driving systems. But new research from Northwestern University shows us
we may be better off putting fruit flies behind the wheel instead of
robots."
The essay discusses Drosophila's ability to learn how to navigate an environment (using heat obstacles), and applies the mechanism to simulate a DV's learning ability. The simulation incorporated a genetic algorithm to optimize evolution. It concludes:
"This simulation demonstrated that 'hard-wired' vehicles eventually evolved
to perform nearly as well as flies. But while real flies continued to
improve performance over time and learn to adopt better strategies to become more efficient, the vehicles remain 'dumb' and inflexible."
https://en.wikipedia.org/wiki/List_of_animals_by_number_of_neurons tabulates animal neuron and synapse counts, proxies for learning and intelligence capabilities.
Drosophila have ~250K neurons/10M synapses. Homo sapiens have ~9.0*10^10 neurons/10^14 synapses. Order 10^5 neuron/synapse count difference. A very large neural network simulation applies ~2.5M neurons: "The four biggest challenges in brain simulation," from 24JUL2019 retrieved from
https://www.nature.com/articles/d41586-019-02209-z on 07APR2014.
Somewhere in the fly and homo sapien neuroanatomies, there's learning and intelligence capabilities that enable survival, despite individual mistakes.
No telling what size neural network, or how many, are deployed by a
commercial DVonics (driverless vehicle-onics) platforms. Clearly,
environmental stimulus (obstacles and other conditions) provides valuable
input to adjust behavior that minimizes harmful outcome.
Risk: Neural network evolution and representation limits of complex human behaviors (aka common sense and contextual awareness).
Potential news headline: Bug brain beats Buick bot at Daytona 500
------------------------------
Date: Wed, 7 Apr 2021 11:57:32 +0800
From: Richard Stein <
rmstein@ieee.org>
Subject: Self-driving vehicles
https://www.caranddriver.com/news/a35844915/ntsb-letter-nhtsa-self-driving-vehicles/
'"NHTSA's general and voluntary guidance of emerging and evolutionary technological advancements shows a willingness to let manufacturers and operational entities define safety. We urge NHTSA to lead with detailed guidance and specific standards and requirements," the letter states."'
DV industry self-regulation is a good idea, but organizational overreach introduces significant public health and safety risks that can render spectacular failures (e.g. Boeing 737-MAX). Public embrace of DV fleets summoned from handheld hailing apps will not materialize without widespread consumer trust.
Brands earn trust from marketplace performance history (Alka Seltzer,
anyone?), often a decades-long endeavor consisting of public trial and
error, and sometimes spectacular failures that sadly teach and refine regulations affecting product design, engineering and manufacturing. These incidents comprise the technological equivalent of Niles Eldredge and
Stephen J. Gould's punctuated evolution.
"One of the NTSB's concerns is the testing of potential autonomous-driving technology on public roads without any sort of standard methodology for
NHTSA to track vehicle data. In June 2020, the Department of Transportation (DOT) announced a voluntary Automated Vehicle Transparency and Engagement
for Safe Testing (AV TEST) initiative. But without making it compulsory, there's no penalty for failing to report an issue with a test vehicle."
DV software stacks are apparently opaque about decision logic that affects movement, steering, etc. NHTSA would need to see these logs for post-mortem
[continued in next message]
--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)
