• Risks Digest 32.91

    From RISKS List Owner@21:1/5 to All on Sat Oct 30 23:41:49 2021
    RISKS-LIST: Risks-Forum Digest Saturday 30 October 2021 Volume 32 : Issue 91

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
    <http://catless.ncl.ac.uk/Risks/32.91>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Lettering on clothes mistaken for license plate (BBC)
    Florida Humidity Grounded Starliner (AVweb)
    Tesla gives ‘Full Self-Driving’ to a new crop of users, then takes it away
    after apparent software bugs (WashPost)
    Blue Line Train Had Derailed Twice Before On The Same Day: NTSB (Patch) Surprise Russian Thruster Firing Prompts Space Station Emergency (NYTimes) Russia's Massive Internet Censorship Project (NYTimes)
    Gun-toting robo-dogs look like a dystopian nightmare. That's why they
    offer a powerful moral lesson (phys.org)
    Teen Girls Are Developing Tics. Doctors Say TikTok Could Be a Factor.
    (Archive)
    I *really* hate Hopin ... (Rob Slade)
    Left vs. Right VS. Facebook (Lauren Weinstein)
    I’m Not a Pilot, but I Just Flew a Helicopter Over California (NYTimes) Anonymity No More? Age Checks Come to the Web. (NYTimes)
    These Neural Networks Know What They're Doing (MIT News)
    Apple and Privacy (Lauren Weinstein)
    Ransomware Activity Report (Googleapis)
    Ransomware attack knocks some Sinclair television stations off the air
    (WashPost)
    Pirate-site operator hacked MLB and tried to extort $150,000, feds say
    (Ars Technica)
    Zero-Day Hacking Attacks Set New Record In 2021 (MIT Tech Review)
    Banning anonymous social media accounts would only stifle free speech and
    democracy (The Guardian)
    No ink, no scan: Canon USA printers hit with class-action suit (ZDNet)
    Thanks to a nasty GPSD bug, real-life time travel trouble arrives this
    weekend (ZDNet)
    Tech workers warned they were going to quit. Now, the problem is spiraling
    out of control (ZDNet)
    Re: Elevator-Pitch Privacy (Arthur T.)
    Re: Trans man says confusion caused cervical screening delay (Amos Shapir) Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Thu, 21 Oct 2021 18:11:22 -0400 (EDT)
    From: Mark Brader <msb@Vex.Net>
    Subject: Lettering on clothes mistaken for license plate (BBC)

    A bus lane camera mistook a woman's sweater for a number plate, and her
    husband received a fine for driving in the bus lane. The camera
    interpreted the word 'KNITTER' as her husband's number plate KN19TER.
    [She would have been *number* if the bus had hit her in the pedestrian
    crossing, but apparently the bus *letter* go. Item PGN-ed]

    http://www.bbc.co.uk/news/uk-england-somerset-58959930

    ------------------------------

    Date: Mon, 25 Oct 2021 15:15:52 -0400
    From: "Gabe Goldberg" <gabe@gabegold.com>
    Subject: Florida Humidity Grounded Starliner (AVweb)

    Boeing’s Starliner spacecraft’s valves may have frozen because they couldn’t
    handle Florida’s humidity, according to a report by United Press International. UPI quotes NASA and Boeing spokespeople as saying the famous Florida stickiness may have caused corrosion in the valves that kept them
    from functioning prior to an uncrewed test launch of the capsule in
    August. The fuel oxidizer that flows through some of those valves
    apparently reacted to the humidity and the resulting corrosion locked up the valves.

    https://www.avweb.com/aviation-news/florida-humidity-grounded-starliner/

    How could anyone predict or plan for that?

    [Let us not forget the loss of the Challenger shuttle, when the scientists
    had warned that the O-rings would not hold at subfreezing temperatures.
    PGN]

    ------------------------------

    Date: Mon, 25 Oct 2021 14:45:38 -0400
    From: "Gabe Goldberg" <gabe@gabegold.com>
    Subject: Tesla gives ‘Full Self-Driving’ to a new crop of users, then takes
    it away after apparent software bugs (WashPost)

    The company has come under criticism from regulators for practices
    related to its Full Self-Driving beta.

    https://www.washingtonpost.com/technology/2021/10/24/tesla-full-self-driving-musk/

    Let's all look forward to wondering how our cars will drive TODAY...

    ------------------------------

    Date: Tue, 19 Oct 2021 14:02:23 -0400
    From: "Gabe Goldberg" <gabe@gabegold.com>
    Subject: Blue Line Train Had Derailed Twice Before On The Same Day: NTSB
    (Patch)

    Federal investigators uncovered two previous derailments by the same
    train on the same day last week and other unreported Metro failures.

    Through its investigation of the derailment, NTSB learned that the
    Washington Metropolitan Area Transit Authority (WMATA) was aware of
    potential problems with the wheel and axel assembles of its Series 7000
    trains since at least 2017.

    WMATA told inspectors that Metro trains had experienced two failures of
    their wheel assembles in both 2017 and 2018, four failures in 2019, five
    in 2020, and 18 in 2021.

    "That was before Friday, and that totaled 31," she said. "Adding to that
    number are the failures that were uncovered as a result of their
    inspections, which were initiated on Friday, which uncovered, so far, an additional 21 failures."

    In all, Homendy said the Series 7000 cars had experienced 39 failures in
    2021 for a total of 52 failures since 2017. She added that those were preliminary numbers.

    "Of the 748 cars in the series, they have inspected 514, so that number
    could go up," Homendy said.

    https://patch.com/district-columbia/washingtondc/blue-line-train-had-derailed-3-times-same-day-ntsb

    ------------------------------

    Date: Tue, 19 Oct 2021 14:05:44 -0400
    From: "Gabe Goldberg" <gabe@gabegold.com>
    Subject: Surprise Russian Thruster Firing Prompts Space Station Emergency
    (NYTimes)

    While the astronauts were said to not be in any danger, it was the
    second such incident since July.

    The incident occurred on Friday morning as the Russian astronaut Oleg
    Novitsky was performing a test of the engines aboard the Soyuz MS-18 spacecraft, a crew module that has been docked to the station since
    April. The spacecraft is scheduled to return three passengers to Earth
    on Sunday.

    When the engine test was scheduled to end, “the thruster firing
    unexpectedly continued,” Leah Cheshier, a NASA spokeswoman, said in an
    email, and the station orbital positioning control was lost at 5:13 a.m. Eastern time. Russian officials in Moscow and personnel at NASA’s
    astronaut headquarters in Houston sprang into action during the
    incident, voicing commands to their astronauts to initiate emergency
    protocols.

    “Oleg, take it easy, the station was turned by 57 degrees, no big deal,”
    a Russian mission control official in Moscow was quoted as saying to the astronaut by Interfax, a Russian news agency. “We had to make sure that engines are in order, this is important.”

    “Station, Houston space-to-ground two, we see the loss of attitude
    control warning,” NASA mission control in Houston alerted its astronauts
    on the station, instructing them to begin emergency procedures in the
    crew’s “warning book.” Flight controllers regained control of the
    station within 30 minutes, Ms. Cheshier said.

    ...

    Unexpected jolts to the space station, which is the size of a football
    field, put stress on the forest of instrumentation on its exterior.
    After the Nauka incident, Zebulon Scoville, a NASA flight director who
    managed the agency’s emergency response that day, said on Twitter that
    he had never “been so happy to see all solar arrays + radiators still attached.”

    https://www.nytimes.com/2021/10/15/science/international-space-station-russia.html?referringSource=articleShare

    ------------------------------

    Date: Sat, 23 Oct 2021 08:38:44 -0700
    From: Lauren Weinstein <lauren@vortex.com>
    Subject: Russia's Massive Internet Censorship Project (NYTimes)

    https://www.nytimes.com/2021/10/22/technology/russia-internet-censorship-putin.html

    ------------------------------

    Date: Fri, 22 Oct 2021 15:57:56 +0800
    From: Richard Stein <rmstein@ieee.org>
    Subject: Gun-toting robo-dogs look like a dystopian nightmare.
    That's why they offer a powerful moral lesson (phys.org)

    https://phys.org/news/2021-10-gun-toting-robo-dogs-dystopian-nightmare-powerful.html

    "US-based military robot manufacturer Ghost Robotics has strapped a sniper rifle to a robotic dog, in the latest step towards autonomous weaponry."

    ------------------------------

    Date: Tue, 19 Oct 2021 07:43:12 -0600
    From: "Matthew Kruk" <mkrukg@gmail.com>
    Subject: Teen Girls Are Developing Tics. Doctors Say TikTok Could Be a
    Factor. (Archive)

    https://archive.ph/UNbpQ

    When teens started turning up in doctors' offices with sudden, severe
    physical tics, specialists suspected social media: The girls had been
    watching Tourette syndrome TikTok videos

    ------------------------------

    Date: Thu, 21 Oct 2021 12:15:06 -0700
    From: Rob Slade <rmslade@shaw.ca>
    Subject: I *really* hate Hopin ...

    I, somewhat famously, hate Slack.

    Or, at least, I thought I hated Slack until I was forced to use Teams. And
    I thought I hated teams until I was forced to use Hopin.

    I really, *really* hate Hopin.

    I had to use Hopin because BSidesEdmonton used Hopin. It took two days to
    get the settings right, and, even then, there was no way to see what I was actually presenting. (One of Hopin's "functions" is that you *can't* sign
    on more than once on one account. And I hate Hopin so much that I'm
    *really* not eager to go and create a *second* Hopin account just to fix
    their shortcomings.) I got through the BSidesEdmonton presentation OK.

    BSidesCalgary (today and tomorrow) *also* is using Hopin. It *also* took
    two days to try and find settings that would work for Hopin with them, even though I was already into Hopin with BSidesEdmonton. And, when I signed on this morning, with the same computer, and the same browser, all of a sudden
    my cmarea wouldn't work. (I have just spent another hour with someone from
    the conf, chasing through Control Panel and browser settings, all of which seemed to be set properly, but seeming to have to reboot the computer to get
    it to work properly. And I have limited confidence that it is still going
    to work in a couple of hours when I have to actually present.) (It's a good thing that I'm a bit obsessive about this stuff, and tend to overprepare.)

    Even on that test call with someone from the conference, some weirdnesses
    were apparent. Although she said my voice was coming through with problems, she obviously didn't hear me at times, and *her* voice would drop out at
    random times. (Actually, I don't think they *were* random. I think Hopin
    was *deliberately* dropping her voice out *just* when she was giving the
    most important details. I hate Hopin.)

    It may be that Hopin, like others of its ilk, is a victim of its own
    success. The BSidesCalgary people have done a great job (aside from their choice of Hopin), and about 260 attendees are online right now. It's
    possible that this is responsible for the fact that it can take over a
    minute for slides to change, and for some of the voice dropouts.

    I've been doing teleconferencing, for teaching, for over 35 years now. And,
    as I've said, it's disappointing to see how little its realy worked for teaching in all that time ...

    [I've been *hopin'* for many years that a telecon facility would emerge
    with fundamental design goals to be be reliable, resilient, and secure --
    and (above all) would provide a really pleasant friendly user experience.
    However, each would-be successor seems to be worse than its predecessors.
    No one seems to be learning from past shortcomings. PGN]

    ------------------------------

    Date: Sun, 24 Oct 2021 19:10:58 -0700
    From: Lauren Weinstein <lauren@vortex.com>
    Subject: Left vs. Right VS. Facebook

    So the Right is screaming that employees inside Facebook wanted to remove
    their content -- and the Left is screaming that management at Facebook
    didn't actually do so. More & more, this looks like an effort from both
    sides to give governments micromanagement of content. VERY BAD.

    ------------------------------

    Date: Tue, 26 Oct 2021 00:31:35 -0400
    From: "Gabe Goldberg" <gabe@gabegold.com>
    Subject: I’m Not a Pilot, but I Just Flew a Helicopter Over California
    (NYTimes)

    New technology, a few iPads and a quick tutorial can help anyone act
    like a pilot. Dealing with air traffic control is another matter.

    But there was a caveat: As I flew, a licensed pilot sat beside me. He
    talked me through the flight and generally kept me in check. At one
    point, I turned east and twisted the joystick with a little too much confidence. He reached over, grabbed the joystick and corrected my attitude.

    The new technology required more than 15 minutes of training. Though I
    could turn and twist and climb, I could not handle the radio
    communication with air traffic controllers during takeoff and landing,
    and I needed help setting a course across the valley. Learning those
    tasks may ultimately be more intimidating and more difficult than flying
    the aircraft.

    “You still need someone with training in communications protocols, what
    speed and elevation to fly and where the system is unsafe to operate,”
    said Jessica Rajkowski, head of artificial intelligence and autonomous
    systems at Mitre, a nonprofit that runs a research and development
    center for the Federal Aviation Administration.

    https://www.nytimes.com/2021/10/25/technology/automated-flight-helicopter-skyryse.html

    ------------------------------

    Date: Thu, 28 Oct 2021 00:22:26 -0400
    From: "Gabe Goldberg" <gabe@gabegold.com>
    Subject: Anonymity No More? Age Checks Come to the Web. (NYTimes)

    To protect children online, more companies and governments are forcing
    users to prove how old they are.

    https://www.nytimes.com/2021/10/27/technology/internet-age-check-proof.html

    ------------------------------

    Date: Mon, 18 Oct 2021 12:42:26 -0400 (EDT)
    From: ACM TechNews <technews-editor@acm.org>
    Subject: These Neural Networks Know What They're Doing (MIT News)

    Adam Zewe, MIT News, 14 oct 2021 via ACM TechNews; Monday, October 18, 2021

    Massachusetts Institute of Technology (MIT) researchers have demonstrated
    that a specific neural network can learn the cause-and-effect structure of a navigation task it is taught. The researchers observed that a Neural Circuit Policy (NCP) system assembled by liquid neural network cells can
    autonomously control a self-driving vehicle using just 19 control
    neurons. They determined that when an NCP is being trained to complete a
    task, the network learns to interact with the environment and factor in interventions, or to recognize if an intervention is altering its output,
    and then it can relate cause and effect together. Tests put NCPs through various simulations in which autonomous drones performed navigation
    tasks. MIT's Ramin Hasani said, "Once the system learns what it is actually supposed to do, it can perform well in novel scenarios and environmental conditions it has never experienced." https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-2d2bcx22e8edx073553&

    [Please don't forget the usually forgotten corner cases. PGN]

    ------------------------------

    Date: Sat, 23 Oct 2021 19:19:46 -0700
    From: Lauren Weinstein <lauren@vortex.com>
    Subject: Apple and Privacy

    Steve Jobs was commonly accused of having a Reality Distortion Field. Apple nowadays has a "Privacy Distortion Field" -- their "privacy" push is not
    really what it appears to be at first glance, along a variety of vectors.

    ------------------------------

    Date: Fri, 29 Oct 2021 19:37:49 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Ransomware Activity Report (Googleapis)

    https://storage.googleapis.com/vtpublic/vt-ransomware-report-2021.pdf

    ------------------------------

    Date: Mon, 18 Oct 2021 20:22:48 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Ransomware attack knocks some Sinclair television stations off
    the air (WashPost)

    The company says hackers targeted several of its servers and workstations, a= nd took unspecified data.

    https://www.washingtonpost.com/business/2021/10/18/sinclair-broadcasting-ran= somware-attack/

    ------------------------------

    Date: Fri, 29 Oct 2021 22:11:29 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Pirate-site operator hacked MLB and tried to extort $150,000,
    feds say (Ars Technica)

    https://arstechnica.com/tech-policy/2021/10/pirate-site-operator-hacked-mlb-and-tried-to-extort-150000-feds-say/

    ------------------------------

    Date: Fri, 29 Oct 2021 19:29:11 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Zero-Day Hacking Attacks Set New Record In 2021 (MIT Tech Review)

    https://gadgets.ndtv.com/internet/news/zero-day-hacking-attack-2021-record-unprecedented-mit-technology-review-2551866

    ------------------------------

    Date: Mon, 25 Oct 2021 18:41:01 -0700
    From: Lauren Weinstein <lauren@vortex.com>
    Subject: Banning anonymous social media accounts would only stifle free
    speech and democracy (The Guardian)

    https://www.theguardian.com/commentisfree/2021/oct/25/banning-anonymous-social-media-accounts-stifle-free-speech-abuse

    ------------------------------

    Date: Thu, 21 Oct 2021 20:32:42 -0400
    From: "Gabe Goldberg" <gabe@gabegold.com>
    Subject: No ink, no scan: Canon USA printers hit with class-action suit
    (ZDNet)

    A class-action lawsuit has been launched against Canon for its 4-in-1
    printers refusing to scan when one of their ink tanks is empty. [...]

    In addition, since inkjet ink costs an astronomical $12,000 a gallon, the
    ink prices are also outrageous. It comes as no surprise that according to a 2019 Consumer Reports printer use survey, the "most common complaint was the high cost and hassle of replacing ink cartridges."

    https://www.zdnet.com/article/untrustworthy-canon-printer-lawsuit/

    ------------------------------

    Date: Thu, 21 Oct 2021 20:34:32 -0400
    From: "Gabe Goldberg" <gabe@gabegold.com>
    Subject: Thanks to a nasty GPSD bug, real-life time travel trouble arrives
    this weekend (ZDNet)

    On October 24, 2021, some time-keeping systems are going to take a trip
    back in time to March 2002, unless you update your GPSD programs.

    "Does anybody really know what time it is? Does anybody really care?"

    Actually, if you use computers for pretty much anything, you do. Oh, you
    may not know it if you're not a system or network administrator, but
    security, identification, networks, everything that makes the Internet
    go depends on accurate time-keeping. Some systems rely on Global
    Positioning Systems (GPS) appliances and the GPSD daemon to tell the
    exact time, and a nasty bug's been uncovered in GPSD that's going to pop
    up on October 24, 2021. If left unpatched, it's going to switch your
    time to some time in March 2002, and your system will crash with a
    resounding kaboom. Here's how it works.

    First, Earth time is not absolute. Earth's spin speed varies in response
    to geological events. The International Earth Rotation and Reference
    Systems Service (IERS) tracks this, and every few years, it adds a
    leap-second to the year. This is done to Coordinated Universal Time
    (UTC), which is the standard universal time system. UTC is used by the Internet's Network Time Protocol (NTP). In turn, NTP is used to keep all Internet-connected devices in sync with each other.

    https://www.zdnet.com/article/thanks-to-a-nasty-gpsd-bug-real-life-time-travel-trouble-arrives-this-weekend/

    ------------------------------

    Date: Fri, 22 Oct 2021 12:54:51 -0600
    From: "Matthew Kruk" <mkrukg@gmail.com>
    Subject: Tech workers warned they were going to quit. Now, the problem is
    spiraling out of control (ZDNet)

    https://www.zdnet.com/article/tech-workers-warned-they-were-going-to-quit-now-the-problem-is-spiralling-out-of-control/

    ------------------------------

    Date: Mon, 18 Oct 2021 00:18:24 -0400
    From: "Arthur T." <risks202110.6.atsjbt@xoxy.net>
    Subject: Re: Elevator-Pitch Privacy (RISKS-32.89)

    I am not a lawyer, but...

    At least two U.S. states require "all parties" to accept (or at least be
    aware of) audio recording. Pennsylvania requires it for electronic
    listening, even if there is no recording being made. That suggests that the ability to silently tap into an elevator's microphone (or at least making
    use of that ability) might be illegal in some places.

    ------------------------------

    Date: Sat, 23 Oct 2021 19:45:33 +0300
    From: Amos Shapir <amos083@gmail.com>
    Subject: Re: Trans man says confusion caused cervical screening delay
    (RISKS-32.90)

    The bug here seems to be that of trying to use a data item -- gender --
    which was collected for one purpose, for a slightly different purpose -- namely, to determine which patients have a cervix.

    The rather recent changes of attitudes towards gender identification, may
    have changed the value of the "gender" item from a binary to a multi-valued element. But for a longer while now, modern medicine has enabled changes in the human body, such as removal or implantation of gender-related organs. Medical databases should take note of such changes, and implement better distinctive data elements, instead of a single M/F flag.

    ------------------------------

    Date: Mon, 1 Aug 2020 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) is online.
    <http://www.CSL.sri.com/risksinfo.html>
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 32.91
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)