RISKS-LIST: Risks-Forum Digest Wednesday 12 May 2021 Volume 32 : Issue 66

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/32.66>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
The Pentagon Inches Toward Letting AI Control Weapons (WiReD)
DarkSide hacking group responsible for the Colonial Pipeline shutdown
(CNBC and Bloomberg via geoff goodfellow)
U.S. Declares Emergency in 17 States Over Fuel Pipeline Cyberattack
(The Hacker News)
What the U.S. Colonial pipeline cyberattack means for Europe
(Politico Europe)
ISPs Funded 8.5 Million Fake Comments Opposing Net Neutrality (WiReD)
Tesla backseat driver was arrested then released; now he says he is back at
it (Electrek)
Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks (The Hacker News) U.S. Intelligence Agencies Warn About 5G Network Weaknesses (The Hacker News) Pro tip for the "but how do we protect ourselves?" folks (Brian Krebs) Twitter's Tip Jar Privacy Fiasco Was Entirely Avoidable (WiReD)
I have been pwned! -- but not really (Rob Slade)
Marvin Minsky hacked? (Tom Van Vleck)
That reminds me of Bob Fenichel's Turing Hack (Tom Van Vleck)
96% of U.S. Users Opt Out of App Tracking in iOS 14.5, Analytics Find
(Samuel Axon)
FaceApp misprepresentation (WashPost)
A risk of computerizing what worked fine without the computer
(NotAlwaysRight)
Apple's new Airtags can be easily abused by stalkers (WashPost)
Michigan GOP lawmaker floats bill to register, fine 'fact checkers'
(Lauren Weinstein)
Re: A mom panicked when her 4-year-old bought $2,600 in SpongeBob Popsicles
(Amos Shapir)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Tue, 11 May 2021 00:51:30 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: The Pentagon Inches Toward Letting AI Control Weapons (WiReD)

But as the drone demonstrations highlight, more widespread use of AI will sometimes make it more difficult to keep a human in the loop. This might
prove problematic, because AI technology can harbor biases or behave unpredictably
<https://www.wired.com/story/foundations-ai-riddled-errors/>. A vision algorithm trained to recognize a particular uniform might mistakenly target someone wearing similar clothing. Chung says the swarm project presumes that
AI algorithms will improve to a point where they can identify enemies with enough reliability to be trusted.

https://www.wired.com/story/pentagon-inches-toward-letting-ai-control-weapons/

Presumes... what could go wrong?

------------------------------

Date: Mon, 10 May 2021 09:22:38 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: DarkSide hacking group responsible for the Colonial Pipeline shutdown

- A hacker group called DarkSide is behind the cyberattack on Colonial
Pipeline that shut down a major oil pipeline over the weekend.
- DarkSide makes ransomware hacking tools, but only largely goes after
for-profit companies from English-speaking countries.

The DarkSide hacker gang that is responsible for the devastating Colonial Pipeline attack this weekend is a relatively new group, but cybersecurity analysts already know enough about them to determine just how dangerous they are. <https://www.cnbc.com/2021/05/09/gasoline-futures-jump-as-much-of-vital-pipeline-remains-shutdown-following-cyberattack.html>

According to Boston-based Cybereason, DarkSide is an organized group of
hackers set up along the *ransomware as a service* business model, meaning
the DarkSide hackers develop and market ransomware hacking tools, and sell
them to other criminals who then carry out attacks. Think of it as the evil twin of a Silicon Valley software start-up.

Bloomberg first reported <https://www.bloomberg.com/news/articles/2021-05-09/colonial-hackers-stole-data-thursday-ahead-of-pipeline-shutdown>
that DarkSide may be involved in the attack on Colonial Pipeline. The FBI confirmed Monday that DarkSide was behind the attack.

On Monday, Cybereason provided CNBC with a new statement from DarkSide's website that appears to address the Colonial Pipeline shutdown.

Under a heading, *About the latest news*, DarkSide claimed it's not
political and only wants to make money without causing problems for society

``We are apolitical, we do not participate in geopolitics, do not need to
tie us with a defined government and look for our motives,'' the statement said. ``Our goal is to make money, and not creating problems for society.

From today we introduce moderation and check each company that our partners want to encrypt to avoid social consequences in the future.''

Cybereason reports that DarkSide has a perverse desire to appear ethical,
even posting its own code of conduct for its customers telling them who and what targets are acceptable to attack. Protected organizations not to be
harmed include hospitals, hospices, schools, universities, nonprofit organizations, and government agencies. Also apparently protected are
entities based in former Soviet countries. Fair game, then, are all
for-profit companies in English speaking countries. [...]

https://www.cnbc.com/2021/05/10/hacking-group-darkside-reportedly-responsiblee-for-colonial-pipeline-shutdown.html

[See also David Sanger and Nicole Perlroth, FBI Identifies Group Behind
Pipeline Hack, *The New York Times*, 11 May 2021.

------------------------------

Date: Tue, 11 May 2021 12:36:14 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: U.S. Declares Emergency in 17 States Over Fuel Pipeline Cyber-Attack
(The Hacker News)

The ransomware attack <https://thehackernews.com/2021/05/ransomware-cyber-attack-forced-largest.html> against Colonial Pipeline's networks has prompted the U.S. Federal Motor Carrier Safety Administration (FMCSA) to issue a regional emergency
declaration <https://www.fmcsa.dot.gov/sites/fmcsa.dot.gov/files/2021-05/ESC-SSC-WSC%20-%20Regional%20Emergency%20Declaration%202021-002%20-%2005-09-2021.pdf>
in 17 states and the District of Columbia (D.C.).

The declaration provides a temporary exemption to Parts 390 through 399 of
the Federal Motor Carrier Safety Regulations (FMCSRs <https://www.fmcsa.dot.gov/regulations>), allowing alternate transportation
of gasoline, diesel, and refined petroleum products to address supply
shortages stemming from the attack.

"Such [an] emergency is in response to the unanticipated shutdown of the Colonial pipeline system due to network issues that affect the supply of gasoline, diesel, jet fuel, and other refined petroleum products throughout
the Affected States," the directive said. "This Declaration addresses the emergency conditions creating a need for immediate transportation of
gasoline, diesel, jet fuel, and other refined petroleum products and
provides necessary relief."

The states and jurisdictions affected by the pipeline shut down and
included in the Emergency Declaration are Alabama, Arkansas, District of Columbia, Delaware, Florida, Georgia, Kentucky, Louisiana, Maryland, Mississippi, New Jersey, New York, North Carolina, Pennsylvania, South Carolina, Tennessee, Texas, and Virginia.

The exemptions, which aim to alleviate any supply disruptions that may
arise as a result of Colonial halting its pipeline operations, are expected
to be in effect until the end of the emergency or June 8, 2021, 11:59 p.m., whichever is earlier.
FBI Confirms DarkSide Ransomware. [...] https://thehackernews.com/2021/05/us-declares-emergency-in-17-states-over.html

------------------------------

Date: Tue, 11 May 2021 11:16:19 PDT
From: Peter G Neumann <neumann@csl.sri.com>
Subject: What the U.S. Colonial pipeline cyberattack means for Europe
(Politico Europe)

America Hernandez and Laurens Cerulus, Politico Europe, 11 May 2021

The shutdown of a major fuel pipeline in the U.S. is a cybersecurity wakeup call for EU energy operators.

Preliminary investigations indicate that a group of Russian criminal hackers known as Darkside were likely behind the ransomware attack that shut down
the nearly 9,000-kilometer Colonial Pipeline -- which transports almost half the jet fuel, diesel, gasoline and heating fuel used on the East Coast of
the United States.

Similar incidents have happened in Europe.

Russia-based cyberattacks on critical energy infrastructure have put the EU
on high alert since 2014, when the annexation of Crimea and war in the
Donbas led to Ukraine being hit with a series of attacks crippling
everything from power grids to election systems.

Those infiltrations culminated in the 2017 NotPetya attack, which paralyzed multinationals like the Danish shipping giant Maersk, logistics giant FedEx, pharma company Merck and other major corporations, and cost an estimated $10 billion to clean up.

Since then, the EU has moved to strengthen its energy system resilience --
but the work is far from over.

``The attack on Colonial just screams out for new regulation on critical infrastructure companies,'' said Bart Groothuis, a Dutch member of the
European Parliament who leads negotiations on draft EU rules for
cybersecurity of networks and IT systems.

According to the European Union's Cybersecurity Agency (ENISA), the sector reported roughly 100 significant cybersecurity incidents in 2020 -- half of which were ransomware attacks.

Assessing the vulnerabilities

Energy system operators in Europe have so far faced only limited
requirements under the bloc's first-ever 2016 cybersecurity legislation, the Networks and Information Security (NIS) Directive<https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2013/0027(COD)&l=en>
-- as well as some sectoral legislation. <https://ec.europa.eu/info/news/tackling-cybersecurity-challenges-energy-commission-adopts-recommendation-cybersecurity-energy-sector-2019-apr-03_en>

Those include applying minimum cybersecurity standards and promptly
reporting incidents as they happen.

According to the EU Agency for the Cooperation of Energy Regulators (ACER),
the most exposed elements of the bloc's pipeline systems are so-called
SCADAs -- supervisory control and data acquisition systems that govern
hardware such as pressure-reducing stations, valves and compressor stations.

``These are typically not linked to any other network, precisely to reduce the exposure to cyberattacks,'' said ACER spokesperson Una Shortall.

The Colonial attack, however, didn't directly hit the infrastructure.
Instead, it targeted the business-side computer systems of the private operator, which shut down the pipeline as a precaution.

``In a case like this, the company itself is the first line of defense and
the first line of response to crisis,'' Shortall added.

Planning for the worst

The bloc has several measures in place to ensure it can weather emergency shutdowns.

To avoid the kind of fuel shortages and gasoline price increases currently being experienced in parts of the U.S., all EU countries are required under
the Oil Stocks Directive to keep at least 90 days' worth of crude oil or petroleum product imports on hand, or 61 days' worth of consumption -- whichever is greater.

But it's not always respected. In December, the European Commission
chastised Bulgaria, Romania and the Czech Republic for repeatedly failing to keep the minimum supplies on hand, in some cases going as far back as 2013.

The good news is that upwards of 80 percent the bloc's crude imports
arrive on oil tankers and trucks, according to the International Association
of Oil and Gas Producers (IOGP). Refined products like gasoline and diesel
are also transported through the EU by truck and rail, rather than through fixed pipelines -- vastly upping flexibility.

``The EU crude oil pipeline network is a lot less dense -- pipe imports of crude are a very small share,'' said Nareg Terzian, EU spokesperson for
IOGP. ``It actually makes sense if you think about it: Historically, the
oil market has been more liquid and open than the gas one, also because oil
is simply much easier to store and transport than gas.''

Natural gas is a bigger worry for the EU.

Following the 2006 and 2009 gas crises, Europe's network of gas
transmission system operators has conducted regular simulations of supply interruptions on all EU import pipelines -- and prepared rerouting plans
using the Continent's system of cross-border interconnectors, underground storage reserves and liquefied natural gas (LNG) terminals.

The most recent analysis<https://entsog.eu/sites/default/files/2020-10/INV0332-20%20Addendum%20to%20the%20SoS%202017%20-%20for%20publication.pdf>,
published in October, simulated winter gas cutoffs of up to two months on
three major Russian supply routes: via Finland and down to the Baltic
States; via Ukraine; and along the Trans-Balkan pipeline flowing to Romania, Bulgaria and Greece.

In the Finnish case, the response would be ramping up LNG imports in
Lithuania to maximum capacity and tapping Latvia's storage reserves to
supply the region. The Baltic connector pipeline -- which launched in
December 2019 and links Estonia to Finland -- would send flows north.

Should the Trans-Balkan pipeline shut down, flows destined for Bulgaria
could be sent through the second line of TurkStream, at the
Turkish-Bulgarian border.

But if the Ukrainian route to the EU is hit with a long-term outage in the
dead of winter, Romania could be left stranded -- even if Russian gas flows
are maintained through Belarus and through Germany's Nord Stream pipeline.

``Romania has no other possibilities to import gas'' after its storage
stocks are used up, the analysis warns.

The scenarios don't account for countries dialing down usage. They also
focus more on accidents on individual routes, rather than deliberate
shutdowns on multiple routes by a single supplier like Russia.

``The EU must think long and hard about energy diversification and consider once again the risks of Nord Stream 2<https://politico.us8.list-manage.com/track/click?u=e26c1a1c392386a968d02fdbc&id=c65a90dc4e&e=b93961e7ed>,
which, if built, will concentrate 80 percent of all Russian gas
supplies=20to Europe to one submarine pipeline system,'' said Sergiy
Makogon, CEO of Ukraine's gas grid operator.

``Digital threats have just come to the fore, but they can't overshadow physical security,'' Makogon added. ``We have seen mysterious accidents
reshape the European energy landscape in 2009, when an unexplained blast<https://politico.us8.list-manage.com/track/click?u=e26c1a1c392386a968d02fdbc&id=20db2acd86&e=b93961e7ed>
destroyed a portion of the Turkmenistan-Russia pipeline, ending exports of Turkmen gas to Europe. Or the 2006 pipeline exposition<https://politico.us8.list-manage.com/track/click?u=e26c1a1c392386a968d02fdbc&id=b3b63382f8&e=b93961e7ed>
that left Georgia and Armenia without gas in the middle of winter.''

The rise of digital attacks could change the way those scenarios are modeled.

``Cyber has introduced in the energy sector a new way to think about
threats and risks: Better to simulate and stimulate a reaction and to derive
a preventive strategy than to have a scenario that will rarely repeat twice
on large scale infrastructures,'' ACER's Shortall said.

Policies in the pipeline

European companies could soon face tougher cybersecurity rules, when EU legislators pass a proposal<https://oeil.secure.europarl.europa.eu/oeil/popups/ficheprocedure.do?reference=2020/0359(COD)&l=en>
by the European Commission to strengthen the NIS regime.

In the draft law, energy firms risk being fined up to 2 percent of their
annual turnover if they don't put in place security audits, have incident response policies and check the security of their suppliers. The proposal
also added a range of subsectors of the energy market to the scope of the
law, including hydrogen production, district heating, electricity production and central oil stockholding.

The EU is also working on a ``network code'' on cybersecurity for electricity firms that would be adopted next year; a similar code for gas is also in the works. And the sector is already working with public authorities to share information on attacks
and incidents within a European Energy Information Sharing and Analysis Center.

``The sector is catching up in terms of cybersecurity,'' said Evangelos Ouzounis, head of secure infrastructure and services at ENISA, adding that
more investments and continuous information sharing were needed to rule out incidents like the Colonial catastrophe.

------------------------------

Date: Sun, 9 May 2021 16:10:02 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: ISPs Funded 8.5 Million Fake Comments Opposing Net Neutrality
(WiReD)

The secret campaign, backed by major broadband companies, used real people's names without their consent.

The largest Internet providers in the US funded a campaign that generated
`8.5 million fake comments' to the Federal Communications Commission as part
of their fight against net neutrality rules during the Trump administration, according to a report issued Thursday by New York state attorney general Letitia James.

Nearly 18 million out of 22 million comments were fabricated, including both pro- and anti-net-neutrality submissions, the report said. One 19-year-old submitted 7.7 million comments supporting net neutrality under fake,
randomly generated names. But the astroturfing effort by the broadband
industry stood out because it used real people's names without their
consent, with third-party firms hired by the industry faking consent
records, the report said.

The New York Attorney General's Office began its investigation in 2017 and
said it faced stonewalling from then FCC chair Ajit Pai, who refused
requests for evidence. But after a years-long process of obtaining and analyzing "tens of thousands of internal emails, planning documents, bank records, invoices, and data comprising hundreds of millions of records," the office said it "found that millions of fake comments were submitted through
a secret campaign, funded by the country's largest broadband companies, to manufacture support for the repeal of existing net neutrality rules using
lead generators."

It was clear before Pai completed the repeal in December 2017 that millions
of people—including dead people—were impersonated in net neutrality comments. Even industry-funded research found that 98.5 percent of genuine comments opposed Pai's deregulatory plan. But Thursday's report reveals more details about how many comments were fake and how the broadband industry was involved.

https://www.wired.com/story/isps-funded-85-million-fake-comments-opposing-net-neutrality/

Hey, there's a bright side -- 4+ million comments were real. Nice work, Pai
-- suppressing evidence.

------------------------------

Date: Wed, 12 May 2021 09:30:03 -0700
From: Lauren Weinstein <lauren@vortex.com>
Subject: Tesla backseat driver was arrested then released; now he says he is
back at it (Electrek)

https://electrek.co/2021/05/12/tesla-backseat-driver-arrested-releases-back-at-it/

Why does this person still have a driver's license?

If Elon Musk had an ounce of integrity, @Tesla would shut down all driver assist and self-drive capabilities of anyone found to be abusing those
systems, including of course back seat drivers.

------------------------------

Date: Wed, 12 May 2021 07:58:48 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Nearly All Wi-Fi Devices Are Vulnerable to New FragAttacks
(

Three design and multiple implementation flaws have been disclosed in IEEE 802.11 technical standard that undergirds Wi-Fi, potentially enabling an adversary to take control over a system and plunder confidential data.

Called FragAttacks <https://www.fragattacks.com/> (short for FRgmentation
and AGgregation attacks), the weaknesses impact all Wi-Fi security
protocols, from Wired Equivalent Privacy (WEP) all the way to Wi-Fi
Protected Access 3 (WPA3), thus virtually putting almost every
wireless-enabled device at risk of attack.

"An adversary that is within radio range of a victim can abuse these vulnerabilities to steal user information or attack devices," Mathy Vanhoef,
a security academic at New York University Abu Dhabi, said. "Experiments indicate that every Wi-Fi product is affected by at least one vulnerability
and that most products are affected by several vulnerabilities."

IEEE 802.11 provides the basis for all modern devices using the Wi-Fi family
of network protocols, allowing laptops, tablets, printers, smartphones,
smart speakers, and other devices to communicate with each other and access
the Internet via a wireless router.

Introduced in January 2018, WPA3 <https://www.wi-fi.org/discover-wi-fi/security> is a third-generation
security protocol that's at the heart of most Wi-Fi devices with several enhancements such as robust authentication and increased cryptographic
strength to safeguard wireless computer networks.

According to Vanhoef, the issues <https://github.com/vanhoefm/fragattacks> = stem from "widespread" programming mistakes encoded in the implementation of the standard, with some flaws dating all the way back to 1997. The vulnerabilities have to do with the way the standard fragments and
aggregates frames, allowing threat actors to inject arbitrary packets and
trick a victim into using a malicious DNS server, or forge the frames to
siphon data.

The list of 12 flaws <https://github.com/vanhoefm/fragattacks/blob/master/SUMMARY.md>
[...]

https://thehackernews.com/2021/05/nearly-all-wifi-devices-are-vulnerable.html

------------------------------

Date: Tue, 11 May 2021 12:27:29 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: U.S. Intelligence Agencies Warn About 5G Network Weaknesses
(The Hacker News)

Inadequate implementation of telecom standards, supply chain threats, and weaknesses in systems architecture could pose major cybersecurity risks to
5G networks, potentially making them a lucrative target for cybercriminals
and nation-state adversaries to exploit for valuable intelligence.

The analysis, which aims to identify and assess risks and vulnerabilities introduced by 5G adoption, was published on Monday by the U.S. National Security Agency (NSA), in partnership with the Office of the Director of National Intelligence (ODNI) and the Department of Homeland Security's
(DHS) Cybersecurity and Infrastructure Security Agency (CISA).

``As new 5G policies and standards are released, there remains the potential for threats that impact the end-user. For example, nation states may
attempt to exert undue influence on standards that benefit their proprietary technologies and limit customers' choices to use other equipment or
software.''

Specifically, the report cites undue influence from adversarial nations on
the development of technical standards, which may pave the way for adopting untrusted proprietary technologies and equipment that could be difficult to update, repair, and replace. Also of concern, per the report, are the
optional security controls baked into telecommunication protocols, which,
if not implemented by network operators, could leave the door open to
malicious attacks.

A second area of concern highlighted by the NSA, ODNI, and CISA is the
supply chain. Components procured from third-party suppliers, vendors, and service providers could either be counterfeit or compromised, with security flaws and malware injected during the early development process, enabling threat actors to exploit the vulnerabilities at a later stage.
[...] https://thehackernews.com/2021/05/us-intelligence-agencies-warn-about-5g.html

------------------------------

Date: Tue, 11 May 2021 12:09:50 -1000
From: geoff goodfellow <geoff@iconia.com>
Subject: Pro tip for the "but how do we protect ourselves?" folks
(Brian Krebs)

Pro tip for the "but how do we protect ourselves?" folks. DarkSide
ransomware, like many other strains, will not install on systems where
certain Cyrillic keyboard and other scripts are already installed. So,
install the Russian keyboard. You don't have to use it.

https://twitter.com/briankrebs/status/1392163072970829830

------------------------------

Date: Sun, 9 May 2021 16:05:43 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Twitter's Tip Jar Privacy Fiasco Was Entirely Avoidable (WiReD)

Sending its users to PayPal has created all sorts of problems that Twitter should have caught ahead of time.

On Thursday, Twitter continued its grand tradition of embracing features
users had unofficially pioneered (see also: the @-reply, the retweet, the hashtag) by instituting a Tip Jar. Enjoy someone's tweet? Send them some
money straight from the app, via the online payment processor of their
choice. Simple enough. And yet, predictably, not so simple, especially for those who value their anonymity online.

Within a few hours of Twitter's Tip Jar announcement, security researcher Rachel Tobac found an unfortunate wrinkle: Sending someone money via PayPal revealed to them her home address. Not long after, former Federal Trade Commission chief technologist Ashkan Soltani discovered that using PayPal
for the Tip Jar could reveal a user's email address, even if no transaction took place.

https://www.wired.com/story/twitter-tip-jar-privacy-fiasco-entirely-avoidable/

The risk? Good intentions.

------------------------------

Date: Mon, 10 May 2021 12:05:56 -0700
From: Rob Slade <rslade@gmail.com>
Subject: I have been pwned! -- but not really

Today I received a notification from haveibeenpwned.com, informing that I
was "pwned" in the DriveSure data breach.

The notification lists my email address, the breach, the date (December of 2020), the number of accounts, the compromised data (email addresses, names, passwords, phone numbers, physical addresses, and vehicle details), and a description of the breach.

The thing is, I don't recall dealing with DriveSure.

And the email address given was my rslade@gmail.com address.

Aha!

I get *lots* of email through that account that isn't for me. It isn't
exactly spam, either. It is directed at someone, and, although some of it
is marketing bumpf, some of it is quite personal. A lot of people think
that rslade@gmail.com is *their* email address, and provide it to friends
and business contacts.

The upside is that, no, my password and personal details probably haven't
been pwned.

The downside is that there is a risk in using a very popular email platform.

------------------------------

Date: Tue, 11 May 2021 08:15:30 -0700
From: Tom Van Vleck <thvv@multicians.org>
Subject: Marvin Minsky hacked?

Compsci boffin publishes proof-of-concept code for 54-year-old zero-day in Universal Turing Machine

The Register https://www.theregister.com/2021/05/11/turing_machine_0day_no_patch_available/

[Marvin Minsky taught my 2nd computer course at MIT. THVV]

------------------------------

Date: Tue, 11 May 2021 17:25:27 -0700
From: Tom Van Vleck <thvv@multicians.org>
Subject: That reminds me of Bob Fenichel's Turing Hack

Bob Fenichel was an assistant professor at MIT in 1965. He wrote a set of
FAP macros to simulate a Turing machine. As the macros were expanded, they defined other macros with temporary names. You invoked the top-level macro something like TURING A,B,C where A was the tape, B the initial position, C
the transition table.

The macro-assembler assembled the macros, simulating the operation of the specified machine, and eventually assembled either PZE 1 or PZE 0 depending
if the machine stopped on a 1 or 0 on the tape.

So all the "computation" was done in (conditional) macro expansion. This
was a practical demonstration that a macro language that allowed macros to define other macros is able to compute anything computable. Of course, the
FAP simulation was in practice limited by the storage available on the assembler's macro expansion tape, but the cost of 7094 time was an even more practical limit on these experiments. It is still one of the neatest hacks I've seen.

------------------------------

Date: Wed, 12 May 2021 12:25:21 -0400 (EDT)
From: ACM TechNews <technews-editor@acm.org>
Subject: 96% of U.S. Users Opt Out of App Tracking in iOS 14.5, Analytics
Find (Samuel Axon)

Samuel Axon, Ars Technica, 7 May 2021, via ACM TechNews, 12 May 2021

U.S. users have opted out of application tracking nearly all (96%) of the
time following Apple's release of iOS 14.5 in April, according to mobile app analysis platform Flurry Analytics. That release was accompanied by Apple's launch of enforcement of the App Tracking Transparency policy, which
requires iPhone, iPad, and Apple TV apps to request user consent to monitor their activity across multiple apps for data collection and ad targeting.
Based on data from roughly 1 million mobile apps, Flurry Analytics said U.S. users agree to be tracked only 4% of the time; globally, the firm found that number reaching 12%.

https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-2af34x22b1c8x069859&

------------------------------

Date: Wed, 12 May 2021 09:53:55 -0400
From: Monty Solomon <monty@roscom.com>
Subject: FaceApp misprepresentation (WashPost)

A beautiful female biker was actually a 50-year-old man using FaceApp. After
he confessed, his followers liked him even more.

The middle-aged father's big reveal sparked a debate over identity in the
Internet age: ``The only thing I'm creating is my appearance. Everything
else is me.''

https://www.washingtonpost.com/technology/2021/05/11/japan-biker-faceapp-soya-azusagakuyuki/

------------------------------

Date: Tue, 11 May 2021 22:42:45 -0400
From: "Mark Lutton" <mlutton@rcn.com>
Subject: A risk of computerizing what worked fine without the computer
(NotAlwaysRight)

https://notalwaysright.com/gordon-was-their-glue/233352/

This story comes from the web site "Not Always Right."

Gordon was a janitor, odd-job man, and general get-things-done man at a
care facility for vulnerable adults and the elderly. He was happy,
friendly, cheerful, and competent, kept the infrastructure running well,
and kept the place spick and span. Basically, he was really good at his
job and went above and beyond as the necessity presented itself.

Come the day when the place was computerised. The requirement was now that
he book all his activities on a computerised timesheet, for which he had
to have a computer of his own or a mobile phone. Gordon did not have a
computer and didn't have the most up-to-date phone; all he needed to do
was to take phone calls, which he managed perfectly well with his old
model.

This latest requirement gave him a lot of trouble. He managed to get
around it by being allowed to use one of the computers in the office,
which was not part of his domain, and he felt socially awkward in
there. Not only was it a complicated, fiddly, and awkwardly buggy piece of
software - it used to crash when you didn't enter the operations in the
correct order - but Gordon did not take easily to learning how to use a
computer. Equally unfortunately, there was nobody in the facility who was
skilled in training a technological newcomer, and he was getting shouted
at plenty, so of course, he found himself shouting back.

It didn't end well. He was given an ultimatum: shape up or ship out. He
was close to retirement anyway, so he took that early retirement and
shipped out before the facility had even begun to think about getting his
replacement trained up. They were forced to rely completely on the agency
staff who had been used on a temporary basis on the occasions when Gordon
was on leave. While competent enough at general janitorial duties, such

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)