RISKS-LIST: Risks-Forum Digest Saturday 18 November 2023 Volume 33 : Issue 94

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.94>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
How the Railroad Industry Intimidates Employees Into Putting Speed Before
Safety (ProPublica)
Hikers Rescued After Following Nonexistent Trail on Google Maps (NTimes) Admission of the state of software (David Lamkin)
500 chatbots read the news and discussed it on social media. Guess
how that went. (Business Insider)
The Problem with Regulating AI (Tim Wu)
ChatGPT Created a Fake Dataset With Skewed Results (MedPage Today)
Researchers Discover New Vulnerability in Large Language Models
(Carnegie Mellon University)
Ten ways AI will change democracy (Bruce Schneier)
Fake Reviews Are Rampant Online. Can a Crackdown End Them? (NYTimes)
OpenAI co-founder & president Greg Brockmane quits after firing of
CEO Altman (TechCrunch)
The AI Pin (Rob Slade)
Ukraine's 'Secret Weapon' Against Russia Is a U.S. Tech Company
(Vera Bergengruen)
Cryptographic Keys Protecting SSH Connections Exposed (Dan Goodin)
Developers can't seem to stop exposing credentials in publicly
accessible code (Ars Technica)
Hacking Some More Secure USB Flash Drives -- Part II (SySS Tech Blog)
Social media gets teens hooked while feeding aggression and impulsivity, and
researchers think they know why (CBC)
X marks the non-spot? (PGN adapted from Lauren Weinstein)
It's Still Easy for Anyone to Become You at Experian
(Krebs on Security)
Paying ransom for data stolen in cyberattack bankrolls further crime,
experts caution (CBC)
Toronto Public Library cyber-attack (Mark Brader)
People selling cars via Internet get phished (CBC)
Data breach of Michigan healthcare giant exposes millions of records
(Engadget)
More on iLeakage (Victor Miller)
Using your iPhone to start your car is about to get a lot easier (The Verge) Massive cryptomining rig discovered under Polish court's floor, stealing
power (Ars Technica)
A Coder Considers the Waning Days of the Craft (The New Yorker via
Steve Bacher)
Re: Industrial Robot Crushes Worker to Death (PGN)
Re: Toyota has built an EV with a fake transmission (Peter Houppermans)
Re: Data on 267,000 Sarnia patients going back 3 decades
among cyberattack thefts at 5 Ontario hospitals Digest (Mark Brader)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Wed, 15 Nov 2023 23:43:11 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: How the Railroad Industry Intimidates Employees Into
Putting Speed Before Safety (ProPublica)

Railroad companies have penalized workers for taking the time to make needed repairs and created a culture in which supervisors threaten and fire the
very people hired to keep trains running safely. Regulators say they can’t stop this intimidation.

Bradley Haynes and his colleagues were the last chance Union Pacific had to stop an unsafe train from leaving one of its railyards. Skilled in spotting hidden dangers, the inspectors in Kansas City, Missouri, wrote up so-called “bad orders” to pull defective cars out of assembled trains and send them for repairs.

But on Sept. 18, 2019, the area’s director of maintenance, Andrew Letcher, scolded them for hampering the yard’s ability to move trains on time.

“We're a transportation company, right? We get paid to move freight. We
don't get paid to work on cars,” he said.

https://www.propublica.org/article/railroad-safety-union-pacific-csx-bnsf-trains-freight

------------------------------

Date: Sun, 12 Nov 2023 17:04:52 -0500
From: Jan Wolitzky <jan.wolitzky@gmail.com>
Subject: Hikers Rescued After Following Nonexistent Trail on Google Maps
(

A Canadian search-and-rescue group said it had conducted two missions
recently after hikers may have sought to follow a nonexistent trail on
Google Maps

A search-and-rescue group in British Columbia advised hikers to use a paper
map and compass instead of street map programs after it said two hikers had been rescued by helicopter after likely following a trail that did not
exist but that appeared on Google Maps.

The group, North Shore Rescue, said on Facebook that on 6 Nov 2023 Google
Maps had removed the nonexistent trail, which was in a very steep area with cliffs north of Mount Fromme, which overlooks Vancouver.

https://www.nytimes.com/2023/11/12/world/canada/google-maps-trail-british-columbia.html

[Fromme here to eternity? PGN]

------------------------------

Date: Thu, 16 Nov 2023 09:51:56 +0000
From: David Lamkin <drl@shelford.org>
Subject: Admission of the state of software

Having put of buying a 'smart car' for as long as possible I am now the
proud (?) owner of a SEAT Arona. The instruction manual is long and detailed but one statement does not inspire confidence:

As with most state-of-the-art computer and electronic equipment, in
certain cases the system may need to be rebooted to make sure that it operates correctly.

This statement should shame all software engineers!

[Does the SEAT Arona have the classical new-seat aroma as an inSCENTive?
PGN]

------------------------------

Date: Thu, 16 Nov 2023 00:29:03 +0900
From: Dave Farber <farber@gmail.com>
Subject: 500 chatbots read the news and discussed it on social media. Guess
how that went. (Business Insider)

https://www.businessinsider.com/ai-chatbots-less-toxic-social-networks-twitter-simulation-2023-11

------------------------------

Date: Sun, 12 Nov 2023 16:09:15 PST
From: Peter Neumann <neumann@csl.sri.com>
Subject: The Problem with Regulating AI (Tim Wu)

Tim Wu, *The New York Times*, 12 Nov 2023

If the government acts prematurely on this evolving
technology, it could fail to prevent concrete harm.

[... and we certainly don't want AI mixing concrete for bridges
and other life-critical structures. PGN]

Final para: The existence of actual social harm has long been a
touchstone of legitimate state action. But that point cuts both
ways: The state should proceed cautiously in the absence of harm,
but it also has duty, given evidence of harm, to take action. By
that measure, with AI we are at risk of doing too much and too
little at the same time.

[The lesser of weasels? That is indeed a well-crafted weasel. Be
careful of what you ask for. You might get [stuck with] it. PGN]

------------------------------

Date: Mon, 13 Nov 2023 20:59:13 +0000
From: Victor Miller <victorsmiller@gmail.com>
Subject: ChatGPT Created a Fake Dataset With Skewed Results (MedPage Today)

https://www.medpagetoday.com/special-reports/features/107247

[What could possibly go wrong? PGN]

------------------------------

Date: Tue, 14 Nov 2023 16:21:02 +0000
From: Victor Miller <victorsmiller@gmail.com>
Subject: Researchers Discover New Vulnerability in Large Language
Models (Carnegie Mellon University)

https://www.cmu.edu/news/stories/archives/2023/july/researchers-discover-new-vulnerability-in-large-language-models

------------------------------

Date: Wed, 15 Nov 2023 08:48:25 +0000
From: Bruce Schneier <schneier@schneier.com>
Subject: Ten ways AI will change democracy

[PGN-extracted from Bruce's CRYPTO-GRAM, 15 Nov 2023]

A free monthly newsletter providing summaries, analyses,
and commentaries on security: computer and otherwise.

** TEN WAYS AI WILL CHANGE DEMOCRACY

[2023.11.13] [https://www.schneier.com/blog/archives/2023/11/ten-ways-ai-will-change-democrac
y.html]
Artificial intelligence will change so many aspects of society, largely in
ways that we cannot conceive of yet. Democracy, and the systems of
governance that surround it, will be no exception. In this short essay, I
want to move beyond the *AI-generated disinformation* trope and speculate on some of the ways AI will change how democracy functions -- in both large and small ways.

When I survey how artificial intelligence might upend different aspects of modern society, democracy included, I look at four different dimensions of change: speed, scale, scope, and sophistication. Look for places where
changes in degree result in changes of kind. Those are where the societal upheavals will happen.

Some items on my list are still speculative, but none require
science-fictional levels of technological advance. And we can see the first stages of many of them today. When reading about the successes and failures
of AI systems, it's important to differentiate between the fundamental limitations of AI as a technology, and the practical limitations of AI
systems in the fall of 2023. Advances are happening quickly, and the
impossible is becoming the routine. We don't know how long this will
continue, but my bet is on continued major technological advances in the
coming years. Which means it's going to be a wild ride.

So, here's my list:

1. AI as educator. We are already seeing AI serving the role of
teacher. It's much more effective for a student to learn a topic from an
interactive AI chatbot than from a textbook. This has applications for
democracy. We can imagine chatbots teaching citizens about different
issues, such as climate change or tax policy. We can imagine candidates modern society, democracy included, I look at four different dimensions of change: speed, scale, scope, and sophistication. Look for places where
changes in degree result in changes of kind. Those are where the societal upheavals will happen.

Some items on my list are still speculative, but none require
science-fictional levels of technological advance. And we can see the first stages of many of them today. When reading about the successes and failures
of AI systems, it's important to differentiate between the fundamental limitations of AI as a technology, and the practical limitations of AI
systems in the fall of 2023. Advances are happening quickly, and the
impossible is becoming the routine. We don't know how long this will
continue, but my bet is on continued major technological advances in the
coming years. Which means it's going to be a wild ride.

So, here's my list:

1. AI as educator. We are already seeing AI serving the role of
teacher. It's much more effective for a student to learn a topic from an
interactive AI chatbot than from a textbook. This has applications for
democracy. We can imagine chatbots teaching citizens about different
issues, such as climate change or tax policy. We can imagine candidates
[https://www.theatlantic.com/technology/archive/2023/04/ai-generated-political-ads-election-candidate-voter-interaction-transparency/673893/]
of themselves, allowing voters to directly engage with them on various
issues. A more general chatbot could know the positions of all the
candidates, and help voters decide which best represents their
position. There are a lot of possibilities here.

2. AI as sense maker. There are many areas of society where accurate
summarization is important. Today, when constituents write to their
legislator, those letters get put into two piles -- one for and another
against -- and someone compares the height of those piles. AI can do much
better. It can provide a rich summary [https://theconversation.com/ai-could-shore-up-democracy-heres-one-way-207278]
of the comments. It can help figure out which are unique and which are
form letters. It can highlight unique perspectives. This same system can
also work for comments to different government agencies on rulemaking
processes -- and on documents generated during the discovery process in
lawsuits.

3. AI as moderator, mediator, and consensus builder. Imagine online
conversations in which AIs serve the role of moderator. This could ensure
that all voices are heard. It could block hateful -- or even just
off-topic -- comments. It could highlight areas of agreement and
disagreement. It could help the group reach a decision. This is nothing
that a human moderator can't do, but there aren't enough human moderators
to go around. AI can give this capability
[https://slate.com/technology/2023/04/ai-public-option.html] to every
decision-making group. At the extreme, an AI could be an arbiter -- a
judge -- weighing evidence and making a decision. These capabilities
don't exist yet, but they are not far off.

4. AI as lawmaker. We have already seen proposed legislation written
[https://lieu.house.gov/media-center/press-releases/rep-lieu-introduces-first-federal-legislation-ever-written-artificial]
by AI
[https://www.politico.com/newsletters/digital-future-daily/2023/07/19/why-chatgpt-wrote-a-bill-for-itself-00107174],
albeit more as a stunt than anything else. But in the future AIs will
help craft legislation, dealing with the complex ways laws interact with
each other. More importantly, AIs will eventually be able to craft
loopholes
[https://www.technologyreview.com/2023/03/14/1069717/how-ai-could-write-our-laws/]
in legislation, ones potentially too complicated for people to easily
notice. On the other side of that, AIs could be used to find loopholes in
legislation -- for both existing and pending laws. And more generally,
AIs could be used to help develop policy positions.

5. AI as political strategist. Right now, you can ask your favorite chatbot
questions about political strategy: what legislation would further your
political goals, what positions to publicly take, what campaign slogans
to use. The answers you get won't be very good, but that'll improve with
time. In the future we should expect politicians to make use of this AI
expertise: not to follow blindly, but as another source of ideas. And as
AIs become more capable at using tools
[https://www.wired.com/story/does-chatgpt-make-you-nervous-try-chatgpt-with-a-hammer/],
they can automatically conduct polls and focus groups to test out
political ideas. There are a lot of possibilities
[https://www.technologyreview.com/2023/07/28/1076756/six-ways-that-ai-could-change-politics/]
here: AIs could also engage in fundraising campaigns, directly soliciting
contributions from people.

6. AI as lawyer. We don't yet know which aspects of the legal profession can
be done by AIs, but many routine tasks that are now handled by attorneys
will soon be able to be completed by an AI. Early attempts at having AIs
write legal briefs haven't worked
[https://www.reuters.com/legal/new-york-lawyers-sanctioned-using-fake-chatgpt-cases-legal-brief-2023-06-22/],
but this will change as the systems get better at accuracy. Additionally,
AIs can help people navigate government systems: filling out forms,
applying for services, contesting bureaucratic actions. And future AIs
will be much better at writing legalese, reducing the cost of legal
counsel.

7. AI as cheap reasoning generator. More generally, AI chatbots are really
good at generating persuasive arguments. Today, writing out a persuasive
argument takes time and effort, and our systems reflect that. We can
easily imagine AIs conducting lobbying campaigns
[https://www.nytimes.com/2023/01/15/opinion/ai-chatgpt-lobbying-democracy.html],
generating and submitting comments
[https://www.belfercenter.org/publication/we-dont-need-reinvent-our-democracy-save-it-ai]
on legislation and rulemaking. This also has applications for the legal
system. For example: if it is suddenly easy to file thousands of court
cases, this will overwhelm the courts. Solutions for this are hard. We
could increase the cost of filing a court case, but that becomes a burden
on the poor. The only solution might be another AI working for the court,
dealing with the deluge of AI-filed cases -- which doesn't sound like a
great idea.

8. AI as law enforcer. Automated systems already act as law enforcement in
some areas: speed trap cameras are an obvious example. AI can take this
kind of thing much further, automatically identifying people who cheat on
tax returns or when applying for government services. This has the
obvious problem of false positives, which could be hard to contest if the
courts believe that *the computer is always right.* Separately, future
laws might be so complicated [https://slate.com/technology/2023/07/artificial-intelligence-microdirectives.html]
that only AIs are able to decide whether or not they are being
broken. And, like breathalyzers, defendants might not be allowed to know
how they work.

9. AI as propagandist. AIs can produce and distribute propaganda faster than
humans can. This is an obvious risk, but we don't know how effective any
of it will be. It makes disinformation campaigns easier, which means that
more people will take advantage of them. But people will be more inured
against the risks. More importantly, AI's ability to summarize and
understand text can enable much more effective censorship.

10. AI as political proxy. Finally, we can imagine an AI voting on behalf of
individuals. A voter could feed an AI their social, economic, and
political preferences; or it can infer them by listening to them talk and
watching their actions. And then it could be empowered to vote on their
behalf, either for others who would represent them, or directly on ballot
initiatives. On the one hand, this would greatly increase voter
participation. On the other hand, it would further disengage people from
the act of understanding politics and engaging in democracy.

When I teach AI policy at HKS, I stress the importance of separating the specific AI chatbot technologies in November of 2023 with AI's technological possibilities in general. Some of the items on my list will soon be
possible; others will remain fiction for many years. Similarly, our
acceptance of these technologies will change. Items on that list that we
would never accept today might feel routine in a few years. A judgeless courtroom seems crazy today, but so did a driverless car a few years ago.
Don't underestimate our ability to normalize new technologies. My bet is
that we're in for a wild ride.

This essay previously appeared on the Harvard Kennedy School Ash Center's website: https://ash.harvard.edu/ten-ways-ai-will-change-democracy

------------------------------

Date: Mon, 13 Nov 2023 17:37:27 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Fake Reviews Are Rampant Online. Can a Crackdown End Them?
(NYTimes)

A wave of regulation and industry action has placed the flourishing fake
review business on notice. But experts say the problem may be
insurmountable.

https://www.nytimes.com/2023/11/13/technology/fake-reviews-crackdown.html

------------------------------

Date: Fri, 17 Nov 2023 16:29:37 -0800
From: Lauren Weinstein <lauren@vortex.com>
Subject: OpenAI co-founder & president Greg Brockmane quits after firing of
CEO Altman (TechCrunch)

https://techcrunch.com/2023/11/17/greg-brockman-quits-openai-after-abrupt-firing-of-sam-altman/

------------------------------

Date: Fri, 17 Nov 2023 09:45:44 -0800
From: Rob Slade <rslade@gmail.com>
Subject: The AI Pin

The name is obviously intended to capitalize on the recent interest in generative/large language model artificial intelligence. Equally
obviously, some AI is involved, as long as you allow your definition of AI
to extend to mere speech-to-text capability.

Humane's AI Pin is a smartphone. With no screen. Attaching to your
clothing with a magnet, it can make calls, take pictures, access the
Internet, and even at need, project text (presumably later it will do
images) onto surfaces using lasers.

In one sense, this is what I always figured that smartphones would become.
It is styled as a "smart assistant." If you have a human assistant, you
give them orders verbally, you don't type out commands. (Unless you're
sending them texts ...)

------------------------------

Date: Fri, 17 Nov 2023 10:55:40 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: Ukraine's 'Secret Weapon' Against Russia Is a U.S. Tech Company
(Vera Bergengruen)

Vera Bergengruen, *Time*, 14 Nov 2023

U.S. facial recognition company Clearview AI has become Ukraine's "secret weapon" in its war against Russia. More than 1,500 officials across 18 Ukrainian government agencies are using its technology, which has helped
them identify more than 230,000 Russian soldiers and officials who have participated in the Russian invasion. Ukraine also relies on the company to assist with other tasks, including processing citizens who lost their identification and locating abducted Ukrainian children. Ukraine has run at least 350,000 searches of Clearview's database in the 20 months since the outbreak of the war. Said Clearview AI CEO Hoan Ton-That, "Using facial recognition in war zones is something that's going to save lives."

------------------------------

Date: Wed, 15 Nov 2023 11:57:51 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: Cryptographic Keys Protecting SSH Connections Exposed
(Dan Goodin)

Dan Goodin, *Ars Technica*, 13 Nov 2023, via ACM Tech News

Researchers at the University of California, San Diego (UCSD) demonstrated
that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic is vulnerable, and were able to calculate the private portion of almost 200 unique SSH keys they observed in public
Internet scans. The vulnerability occurs when there are errors during the signature generation that takes place when a client and server are
establishing a connection. It affects only keys using the RSA cryptographic algorithm, which the researchers found in roughly a third of the SSH
signatures they examined, translating to about 1 billion signatures, about
one in a million of which exposed the private key of the host. Said UCSD's Keegan Ryan, "Our research reiterates the importance of defense in depth in cryptographic implementations and illustrates the need for protocol designs that are more robust against computational errors."

[Lauren Weinstein suggests looking at this:
Passive SSH Key Compromise via Lattices
https://eprint.iacr.org/2023/1711.pdf
PGN]

------------------------------

Date: Thu, 16 Nov 2023 14:15:59 +0000
From: Victor Miller <victorsmiller@gmail.com>
Subject: Developers can't seem to stop exposing credentials in publicly
accessible code (Ars Technica)

https://arstechnica.com/security/2023/11/developers-cant-seem-to-stop-exposing-credentials-in-publicly-accessible-code/

------------------------------

Date: Mon, 13 Nov 2023 02:06:07 +0000
From: Victor Miller <victorsmiller@gmail.com>
Subject: Hacking Some More Secure USB Flash Drives -- Part II
(SySS Tech Blog)
https://blog.syss.com/posts/hacking-usb-flash-drives-part-2/

------------------------------

Date: Thu, 16 Nov 2023 05:49:16 -0700
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Social media gets teens hooked while feeding aggression
and impulsivity, and researchers think they know why (CBC)

https://www.cbc.ca/news/health/smartphone-brain-nov14-1.7029406

Kids who spend hours on their phones scrolling through social media are
showing more aggression, depression and anxiety, say Canadian researchers.

Emma Duerden holds the Canada Research Chair in neuroscience and learning disorders at Western University, where she uses brain imaging to study the impact of social media use on children's brains.

She and others found that screen time has fallen just slightly from the
record 13 hours a day some Canadian parents reported for six- to
12-year-olds in the early months of the COVID-19 pandemic.

"We're seeing lots of these effects. Children are reporting high levels of depression and anxiety or aggression. It really is a thing."

------------------------------

Date: Fri, 17 Nov 2023 16:37:46 -0800
From: Lauren Weinstein <lauren@vortex.com>
Subject: X marks the non-spot? (PGN adapted)

* Warner Bros Discovery "pauses" its ads on X for "the foreseeable future"
* Comcast suspends X ads; OpenAI employees hold all-hands meeting in
wake of exec turmoil
* Lionsgate Entertainment and Paramount Global suspend ads on X
* Google should stop all participation with Twitter/X or any other Musk
enterprises as soon as contractually practical, or be branded a supporter
of his horrific views [LW]

------------------------------

Date: Tue, 14 Nov 2023 14:47:20 +0000 (UTC)
From: Steve Bacher <sebmb1@verizon.net>
Subject: It's Still Easy for Anyone to Become You at Experian
(Krebs on Security)

https://krebsonsecurity.com/2023/11/its-still-easy-for-anyone-to-become-you-at-experian/

------------------------------

Date: Sat, 18 Nov 2023 13:37:55 -0700
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Paying ransom for data stolen in cyberattack bankrolls
further crime, experts caution (CBC)

https://www.cbc.ca/radio/spark/cyberattacks-ransomware-paying-ransom-crime-1.7030579

When the town of St. Marys, Ont., fell victim to a cyberattack last year, lawyers advised the municipality to pay a ransom of $290,000 in
cryptocurrency.

The decision was made after an analysis by firms specializing in
cybersecurity. Al Strathdee, mayor of the southwestern Ontario town of
about 7,000 residents, said the potential risk to people's data was too
high not to pay up.

------------------------------

Date: Sat, 18 Nov 2023 01:53:56 -0500 (EST)
From: Mark Brader <msb@Vex.Net>
Subject: Toronto Public Library cyber-attack

[Note: This was previously reported as ransomware.
Now they just say that no ransom has been paid.]

The Toronto Public Library reported a cyber-attack on October 28, and later said that "a large number of files" were stolen, including personal
information of library staff. While they're working on the problem, the library's web site is down. (You get forwarded to an information page currently at: https://torontopubliclibrary.typepad.com/tpl_maintenance/toronto-public-library-website-maintenance.html)

The public computers and printers at all 100 library branches are also down. All this means that you (meaning me) can't request a book be held for you,
and you also can't search the electric catalog that replaced the old card catalogs.

See also: http://www.cbc.ca/news/any-1.7028982

------------------------------

Date: Sat, 18 Nov 2023 02:00:47 -0500 (EST)
From: Mark Brader <msb@Vex.Net>
Subject: People selling cars via Internet get phished (CBC)

It says here
http://www.cbc.ca/news/any-1.7028730
that people who post car-for-sale ads are being sought by scammers.
The seller gets what appears to be an offer, but it requests the
seller use a specific source to provide the vehicle's history --
a source that's actually phishing for credit-card information.

------------------------------

Date: Tue, 14 Nov 2023 22:27:15 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Data breach of Michigan healthcare giant exposes millions of
records (Engadget)

https://www.engadget.com/data-breach-of-michigan-healthcare-giant-exposes-millions-of-records-153450209.html

------------------------------

Date: Thu, 16 Nov 2023 19:26:39 -0800
From: Victor Miller <victorsmiller@gmail.com>
Subject: More on iLeakage

[...] We show how an attacker can induce Safari to render an arbitrary
webpage, subsequently recovering sensitive information present within it
using speculative execution. In particular, we demonstrate how Safari allows
a malicious webpage to recover secrets from popular high-value targets, such
as Gmail inbox content. Finally, we demonstrate the recovery of passwords,
in case these are autofilled by credential managers.

Virtually all modern CPUs use a performance optimization where they predict
if a branch instruction will be taken or not, should the outcome not be
readily available. Once a prediction is made, the CPU will execute
instructions along the prediction, a process called speculative execution.
If the CPU realizes it had mispredicted, it must revert all changes in the state it performed after the prediction. Both desktop and mobile CPUs
exhibit this behavior, regardless of manufacturer (such as Apple, AMD, or Intel).

A Spectre attack coerces the CPU into speculatively executing the wrong flow
of instructions. If this wrong flow has instructions depending on sensitive data, their value can be inferred through a side channel even after the CPU realizes the mistake and reverts its changes.

We disclosed our results to Apple on September 12, 2022 (408 days before
public release).

------------------------------

Date: Thu, 16 Nov 2023 21:12:33 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Using your iPhone to start your car is about to get a
lot easier (The Verge)

https://www.theverge.com/2023/11/16/23964379/apple-iphone-digital-key-uwb-ccc-fira-working-group

[Except where there is no cell-phone coverage??? And if that has been
overcome by making your iPhone a key-dongle, then thefts of cell phones
*and* cars may increase! PGN]

------------------------------

Date: Thu, 16 Nov 2023 22:41:25 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Massive cryptomining rig discovered under Polish court's
floor, stealing power (Ars Technica)

https://arstechnica.com/?p=1984512

[What's yours is mine(d). PGN]

------------------------------

Date: Fri, 17 Nov 2023 10:33:36 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: A Coder Considers the Waning Days of the Craft (The New Yorker)

www.newyorker.com

James Somers, a professional coder, writes about the astonishing scripting skills of A.I. chatbots like GPT-4 and considers the future of a once
exalted craft.

https://www.newyorker.com/magazine/2023/11/20/a-coder-considers-the-waning-days-of-the-craft

I really disagree with some of what the writer says about
programming/coding.

"What I learned was that programming is not really about knowledge or
skill but simply about patience, or maybe obsession."

Almost certainly he got that attitude because he started, from no
experience, with the worst possible programming language, Visual C++. 
There's no way anyone should begin learning how to code with any C++
variant.  Those of us who started with Basic (or even FORTRAN, in my case) ended up doing better.  Not to mention Logo.

------------------------------

Date: Mon, 13 Nov 2023 10:13:49 PST
From: Peter Neumann <neumann@csl.sri.com>
Subject: Re: Industrial Robot Crushes Worker to Death (R 33 93)

[Here's the rest of that item. PGN]

CBS News, 09 Nov 2023

An industrial robot crushed a worker to death at a vegetable packaging
factory in South Korea's southern county of Goseong. According to police,
the victim was grabbed and pressed against a conveyor belt by the machine's robotic arms. The machine was equipped with sensors designed to identify
boxes. "It wasn't an advanced, artificial intelligence-powered robot, but a machine that simply picks up boxes and puts them on pallets," said Kang
Jin-gi at Goseong Police Station. According to another police official, security camera footage showed the man had moved near the robot with a box
in his hands, which could have triggered the machine's reaction. Similar incidents have happened in South Korea before.

------------------------------

Date: Tue, 14 Nov 2023 21:34:36 +0100
From: Peter Houppermans <peter@houppermans.net>
Subject: Re: Toyota has built an EV with a fake transmission
(RISKS-33.93)

It depends on your perspective -- there is actually a good use case for it.

You may argue that this will eventually be a thing of the past*, but
changing gear manually is very prevalent in Europe. I would posit that this

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)