1. Forum
  2. Usenet
  3. COMP.RISKS

  • Risks Digest 32.70 (3/3)

    From RISKS List Owner@21:1/5 to Martin Ward on Sun Jun 6 03:24:41 2021
    [continued from previous message]

    Subject: Re: Irish Health Service hit by ransomware (BBC, RISKS-32.68)

    Ongoing disruption and consequences, costs : https://www.irishtimes.com/news/health/hse-cyberattack-has-had-devastating-impact-cancer-services-director-says-1.4576211
    "The search for handwritten or printed-out notes can exacerbate delays,
    causing “a devastating impact on . . . the speed at which we can
    assess patients”."

    https://www.irishtimes.com/news/health/cyberattack-hse-faces-final-bill-of-at-least-100m-1.4577076

    " The cyberattack on IT systems in the health service will cost it at least €100 million, according to chief executive Paul Reid. This is at
    the lower end of estimates of the total cost, he indicated, and includes the cost of restoring the network, upgrading systems to Microsoft 365 and the disruption caused to patients." (From Windows 7)

    In other news, citizen contra-attackers: https://www.irishtimes.com/news/crime-and-law/members-of-public-send-messages-to-cyber-gang-that-attacked-hse-1.4575230
    " An online message thread established by the cyber gang that attacked the Health Service Executive has been accessed by a number of unknown people,
    with gardaí trying to establish who they are and what their motivations
    are. At least one person who accessed the thread sent sexually explicit and racist comments to the attackers in recent days."

    ------------------------------

    Date: Mon, 31 May 2021 12:17:23 -0700
    From: "Stephen E. Bacher" <sebmb1@verizon.net>
    Subject: Re: Why GitHub Refuses to Provide Key Evidence to a Man on Death
    Row (Gizmodo)

    Apart from the social media (Facebook/Twitter/etc.) ramifications, this
    story evokes another risk: the risk of relying without question on "expert"
    DNA analysis to prove innocence (or guilt).

    Some time ago the public radio program "This American Life" featured an in-depth story which delved anecdotally into the ins and outs of analyzing
    DNA data; it raised some skepticism, at least in my mind, about the accuracy and reliability of the resulting evidence presented in courtrooms.

    This is , to be sure, a journalistic issue at least as much as a legal one.

    ------------------------------

    Date: Wed, 2 Jun 2021 16:55:23 -0400 (EDT)
    From: Eli the Bearded <*@eli.users.panix.com>
    Subject: Re: NoScript is immoral? (Re: Ward, RISKS-32.69)

    The Twitter account Sh_t User Story (name censored for profanity filters)
    has a wealth of examples of bad technology design many of which would be at home with RISKS. All are presented in the "User Story" format. One relevant
    to this post:

    As a...
    web user
    I want to...
    whitelist news websites from my ad-blocker plugin
    so that...
    I can take a long break between the first two paragraphs of
    the article, and then be served with a paywall

    Link ROT-13rd, again for profanity filters:

    uggcf://gjvggre.pbz/FuvgHfreFgbel/fgnghf/1352299991969243138

    There are real risk lurking in all of this. Some of them:

    1. People who can pay for news get it, but propaganda remains free.

    2. Ads have become the normalized way of making micropayments on the web,
    but ads frequently include enough unpleasantness that people take a lot
    of steps to avoid them (NoScript and ad blockers).

    a. There's no real middle between ad based micropayments and long term
    subscriptions.

    b. There's not always an easy way to find comparable news stories on a
    site one already subscribes to. This is particularly true for stories
    passed as URL without further details.

    3. Search engine discoverability is critical for many sites, and search
    engines don't typically run javascript, so JS disabled access often has
    to work.

    ------------------------------

    Date: Thu, 3 Jun 2021 23:43:53 +0200
    From: kaufmann@winning.com
    Subject: Re: NoScript is immoral? (RISKs 32.69) notsp

    In RISKs 32.69, Martin Ward writes:

    Is it really morally wrong to choose *not* to execute by default every piece >of code that is handed to you by any web site that you decide to visit?

    Of course not. The way I look at is, it's my computer and my Internet connection, both paid for with my dollars. I have every right to exercise
    full control over what bits are downloaded with that connection and what happens to them after they arrive on my computer. To argue otherwise is
    to suggest that it's also morally wrong to leave the room during the
    commercial breaks in television programs. If there are copyright or other considerations the publisher wishes enforce, then they should be at
    least nominally negotiated before the content is made available (perhaps
    even if it's only a "click here to accept our terms" button). I guess
    we're all still waiting for a viable micropayments system.

    ------------------------------

    Date: 30 May 2021 23:17:05 -0400
    From: "John Levine" <johnl@iecc.com>
    Subject: Re: NoScript is immoral? (Re: Ward, RISKS-32.69)

    I wouldn't say it's morally wrong, but as I may have said a few times
    before, reporters need to eat, so you're definitely a freeloader.

    ------------------------------

    Date: Mon, 31 May 2021 07:38:51 -0700
    From: Henry Baker <hbaker1@pipeline.com>
    Subject: Re: Security of the IMPs (Cosell, RISKS-32.69)

    In an episode of the "The Americans" about deep cover Soviet spies, an
    ARPAnet IMP makes a brief appearance, as well as a PDP-10 they call "The Beast".

    Here is a still clip from the episode showing the front panel of the IMP.

    Don Hopkins, Arpanet Bullshit, 21 Oct 2015
    From The Americans, Season 2 Episode 7: Arpanet.
    https://www.youtube.com/watch?v=hVth6T3gMa0

    ------------------------------

    Date: Mon, 31 May 2021 12:58:55 +0200
    From: Toebs Douglass <risks@winterflaw.net>
    Subject: Re: Truth, Lies, and Automation (RISKS-32.69)

    Among other achievements, it has drafted an op-ed that was commissioned by The Guardian,

    So, what happened here is that eight different opt-eds were produced by
    GPT-3; they were all kept short, and this was deliberate, because one of the fundamental and unsolved issues with artificial text generation is its inability to make sense over longer bodies of text; any given sentence is
    fine, a couple of sentences usually fine, something longer is problematic -
    and always will be, I suspect, because you'd need such a vast amount of content, to be able to develop a neural net which has seen enough material
    on enough subjects to be able to fake it for extended bodies of text, that
    it is impossible - that much content doesn't actually exist. It's a sort of n^n problem. You end up needing an *awful* lot more data and computational power just to move ahead a tiny bit.

    Of these eight documents, the editors at the Guardian then edited them all,
    as they saw fit, to produce the single document which was published.

    I may be wrong, but I suspect they took the most sane paragraphs from the
    eight attempts, fixed them up, and re-ordered them to make sense.

    If you're thinking this whole piece is the *direct* product of a text generator, it really isn't, and the areas where humans helped are exactly
    the areas where the method used is fundamentally and inherently weak.

    written news stories that a majority of readers thought were written by humans,

    This claim is backed up by a link to an arxiv white paper.

    In the white paper, various AI models (of increasing size, culminating in GPT-3) were given an original 200 or so word news piece written by a human
    and asked to generate text based on this primer. The generated text was presented to the humans, who had to decide if it was human or AI written.

    I may well just not be seeing it, but all I can see is the claim that as the size of the model increases, the time taken to decide increases, and the success rate drops. No actual numbers appear to be given.

    As before, short text is being used because of the fundamental and inherent difficulty in producing longer texts.

    and devised new Internet memes.

    This claim is backed up by a link to a tweet. The tweet appears to show
    in a video of sequential still images a series of short, one or two word phases, submitted to GPT-3 by some guy, and its response. The only other information about what was done is that "explaining the meme in the priming improves the consistency/quality". Presumably also these represent the best results found, as selected by a human.

    In light of this breakthrough, we consider a simple but important question: can automation generate content for disinformation campaigns?

    Examining the claims made so far, there has been no breakthrough.

    I've not read the document published by the Center for Security and Emerging Technology. It may be it is a well-balanced, rational and reasonable
    document. However, this one paragraph, being more closely examined, appears
    to be sensationalism; the claims made are misleading, and seem far in excess
    of the basis upon which they are made.

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.70
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)