• Risks Digest 34.31

    From RISKS List Owner@21:1/5 to All on Sun Jun 16 20:33:56 2024
    RISKS-LIST: Risks-Forum Digest Sunday 16 Jun 2024 Volume 34 : Issue 31

    ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

    ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
    <http://catless.ncl.ac.uk/Risks/34.31>
    The current issue can also be found at
    <http://www.csl.sri.com/users/risko/risks.txt>

    Contents:
    Waymo issues software and mapping recall after robotaxi crashes
    into a telephone pole (The Verge)
    Driver using FSD, staring at phone ... (LATimes)
    Voting machine contract under scrutiny following discrepancies in Puerto
    Rico's primaries (AP)
    Phishing attack hits L.A. County public health agency, jeopardizing
    200,000-plus residents' personal info (LATimes)
    Leaked documents reveal patient safety issue at Amazon's One Medical
    (The Washington Post)
    Crooks plant backdoor in software used by courtrooms around the world
    (Dan Goodin)
    How a New Jersey man was wrongly arrested through facial
    recognition tech now in use in Ontario (CBC)
    Clearview AI Used Your Face. Now You May Get a Stake in the Company.
    (NYTimes)
    Microsoft Refused to Fix Flaw Years Before SolarWinds Hack (ProPublica)
    iOS 18 cracks down on apps asking for full address book access
    (TechCrunch)
    A reportedly fake group recruited a real candidate for Congress
    (Poliico)
    After sustained attacks by the GOP, Stanford Internet Observatory is being
    shut down (Casey Newton and Zoë Schiffer)
    Tile/Life360 Breach: Millions of Users' Data at Risk (Security Boulevard) Generative AI and the law (Lauren Weinstein)
    New Wi-Fi Takeover Attack -- All Windows Users Warned To Update Now (Forbes) Japan Runs on Vending Machines. It’s About to Break Millions of Them.
    (NYTimes)
    The surprisingly not so doomed effort to force U.S. drivers to
    stop speeding (The Verge)
    Vax (Jim Geissman)
    The Age of the Drone Police Is Here (WiReD)
    MXThunder and FBL (Cliff Kilby)
    Retired engineer discovers 55-year-old bug in Lunar Lander
    computer game code (Ars Technica)
    Google, Cloudflare & Cisco Will Poison DNS to Stop Piracy Block
    Circumvention (TorrentFreak)
    Wells Fargo Fires Over a Dozen for 'mouse jiggling' (Henry Baker)
    Why Microsoft, Google, and others screw up (Lauren Weinstein)
    Re: Microsoft and Recall (Lauren Weinstein)
    Re: Tom Van Vleck (Cliff Kilby)
    Quote of The Day (Edward Snowden)
    Re: Quote of The Day (James Joyce)
    Abridged info on RISKS (comp.risks)

    ----------------------------------------------------------------------

    Date: Thu, 13 Jun 2024 09:45:44 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Waymo issues software and mapping recall after robotaxi crashes
    into a telephone pole (The Verge)

    https://www.theverge.com/2024/6/12/24175489/waymo-recall-telephone-poll-crash-phoenix-software-map

    [Indeed, in this complex mathematical world in which we live, stability
    requires all the poles being in the left-half plane. (Wikipedia notes
    that 75 countries drive on the left.) In the U.S., where driving is on the
    right side of the road, there are many poles on the right side. Somehow,
    that sounds much less safe! PGN]

    ------------------------------

    Date: Fri, 14 Jun 2024 09:53:20 +0100
    From: Julia Segal <julia@flydiem.com>
    Subject: Driver using FSD, staring at phone ... (LATimes)

    https://www.latimes.com/california/story/2024-06-13/self-driving-tesla-narrowly-misses-police-officer-before-slamming-into-patrol-car-in-orange-county

    ------------------------------

    Date: Sat, 15 Jun 2024 09:31:26 -0700
    From: the keyboard of geoff goodfellow <geoff@iconia.com>
    Subject: Voting machine contract under scrutiny following
    discrepancies in Puerto Rico's primaries (AP)

    Puerto Rico's elections commission said Tuesday that it's reviewing its contract with a U.S. electronic voting company after hundreds of
    discrepancies were discovered following the island's heated primaries. <https://apnews.com/article/puerto-rico-primaries-pierluisi-gonzalez-zaragoza-ortiz-62343cc879f4c5c73a9c0eec39325086>

    The problem stemmed from a software issue that caused machines supplied by Dominion Voting Systems to incorrectly calculate vote totals, said Jessika Padilla Rivera, the commission's interim president.

    While no one is contesting the results from the June 2 primary that
    correctly identify the winners, machine-reported vote counts were lower
    than the paper ones in some cases, and some machines reversed certain
    totals or reported zero votes for some candidates.

    ``The concern is that we obviously have elections in November, and we must provide the (island) not only with the assurance that the machine produces a correct result, but also that the result it produces is the same one that is reported,'' Padilla said.

    More than 6,000 Dominion voting machines were used in Puerto Rico's
    primaries, with the company stating that software issues stemmed from the digital files used to export results from the machines.

    ------------------------------

    Date: Sun, 16 Jun 2024 06:54:26 -0700
    From: Steve Bacher <sebmb1@verizon.net>
    Subject: Phishing attack hits L.A. County public health agency, jeopardizing
    200,000-plus residents' personal info (LATimes)

    Here we go again...

    Phishing attack hits L.A. County public health agency, jeopardizing 200,000-plus residents' personal info.

    The personal information of more than 200,000 people in Los Angeles County
    was potentially exposed after a hacker used a phishing email to steal login credentials.

    https://www.latimes.com/california/story/2024-06-14/la-county-public-health-data-breach-possibly-affects-200-000-are-you-one-of-them

    ------------------------------

    Date: Sun, 16 Jun 2024 01:26:40 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Leaked documents reveal patient safety issue at Amazon's
    One Medical (The Washington Post)

    Patient safety issues have increased since One Medical shifted care to a
    call center staffed by contractors, employees say.

    Since Amazon acquired the primary-care service One Medical, elderly patients have been routed to a call center -— staffed partly by contractors with limited training — that failed on more than a dozen occasions to seek immediate attention for callers with urgent symptoms, according to internal documents seen by The Washington Post.

    When one patient reported a “blood clot, pain and swelling,” call center staff scheduled an appointment rather than escalating the matter for medical evaluation, according to a note in an internal incident tracking spreadsheet dated Feb. 19.

    Over the following two days, clinical staffers flagged four more call-center errors involving elderly patients with urgent complaints, including stomach pain and blood in stool, a spike in blood pressure, an insect bite and
    sudden rib pain, according to the internal spreadsheet.

    The call-center incidents were among dozens flagged by doctors, nurses and assistants at One Medical Seniors between Feb. 19 and March 18 in the documents, a year after Amazon acquired the primary-care service. One
    Medical began routing elderly patients to the call center in Tempe, Ariz., staffed partly by newly hired contractors with limited training and little
    to no medical experience, according internal documents seen by The Post and interviews with four current and former One Medical workers.

    https://www.washingtonpost.com/technology/2024/06/15/amazon-one-medical-patient-safety

    ------------------------------

    Date: Sun, 16 Jun 2024 06:19:07 -0700
    From: Brian Berg <brianberg@gmail.com>
    Subject: Crooks plant backdoor in software used by courtrooms around
    the world (Dan Goodin)

    Dan Goodin, *ArsTechnica*, 23 May 2024

    It's unclear how the malicious version of JAVS Viewer came to be.

    https://arstechnica.com/security/2024/05/crooks-plant-backdoor-in-software-used-by-courtrooms-around-the-world/

    ------------------------------

    Date: Thu, 13 Jun 2024 06:14:43 -0600
    From: Matthew Kruk <mkrukg@gmail.com>
    Subject: How a New Jersey man was wrongly arrested through facial
    recognition tech now in use in Ontario (CBC)

    https://www.cbc.ca/news/canada/facial-recognition-technology-police-1.7228253

    A New Jersey man who was wrongly jailed after being misidentified through facial recognition software has a message for two Ontario police agencies
    now using the same technology.

    "There's clear evidence that it doesn't work," Nijeer Parks said.

    Parks, now 36, spent 10 days behind bars for a January 2019 theft and
    assault on a police officer that he didn't commit. He said he was released after he provided evidence he was in another city, making a money transfer
    at the time of the offence. Prosecutors dropped the case the following November, according to an internal police report.

    ------------------------------

    Date: Thu, 13 Jun 2024 22:28:35 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Clearview AI Used Your Face. Now You May Get a Stake in
    the Company.

    The facial recognition start-up doesn't have the funds to settle a
    class-action lawsuit, so lawyers are proposing equity for those whose faces were scraped from the Internet.

    https://www.nytimes.com/2024/06/13/technology/clearview-ai-facial-recognition-settlement.html

    ------------------------------

    Date: Thu, 13 Jun 2024 15:17:53 +0000
    From: Victor Miller <victorsmiller@gmail.com>
    Subject: Microsoft Refused to Fix Flaw Years Before SolarWinds Hack
    (ProPublica)

    https://www.propublica.org/article/microsoft-solarwinds-golden-saml-data-breach-russian-hackers

    ------------------------------

    Date: Sat, 15 Jun 2024 13:30:10 -0400
    From: Ruth Hertz <kapuki@verizon.net>
    Subject: iOS 18 cracks down on apps asking for full address book access
    (TechCrunch)

    https://techcrunch.com/2024/06/12/ios-18-cracks-down-on-apps-asking-for-full-address-book-access/

    ------------------------------

    Date: Fri, 14 Jun 2024 05:49:25 -0700
    From: Steve Bacher <sebmb1@verizon.net>
    Subject: A reportedly fake group recruited a real candidate for Congress
    (Poliico)

    Though the group claims to be run by citizens across 14 states, researchers
    at the Institute for Strategic Dialogue found it was all managed by the same unknown person or small group of people.

    Dennis Hayes, a retired builder in Townsend, Montana, had strong libertarian leanings and a bone to pick with the U.S. Bureau of Land Management.

    Then he got an unexpected tap on the shoulder.

    The call came from a man in Arizona identifying himself as a volunteer for
    the Patriots Run Project, a group recruiting right-leaning conservatives to
    run for office. Would he run for Congress?

    A donor provided the $1,340 he needed to register. Since that call in
    February, Hayes has been running against incumbent Rep. Ryan Zinke, a Trump-friendly Republican who he is challenging from the right.

    Just one problem: The Patriots Run Project, according to a new research
    report, is a fake grassroots group that was running numerous accounts on Facebook without any identifiable people behind the operation.

    Though the group claims to be run by citizens across 14 states, researchers
    at the Institute for Strategic Dialogue, a nonprofit that researches disinformation, found it was all managed by the same unknown person or small group of people who cross-posted content and all listed the same address at
    a UPS store in Washington.

    The network of accounts ran for nearly a year until Meta removed them last
    week for violating its policies against inauthentic accounts misleading
    users.

    Hayes, however, is still running for office, in a bizarre example of how
    fake groups online can shape politics in the real world. [...]

    https://www.politico.com/news/2024/06/14/fake-political-group-montana-candidate-00163036

    ------------------------------

    Date: Thu, 13 Jun 2024 16:09:56 -0700
    From: Lauren Weinstein <lauren@vortex.com>
    Subject: After sustained attacks by the GOP, Stanford Internet
    Observatory is being shut down (Casey Newton and Zoë Schiffer)

    House Republicans attacked the lab's reports on misinformation and
    [attacks on] election integrity -— and now Stanford is pulling the
    plug.

    https://www.platformer.news/stanford-internet-observatory-shutdown-stamos-diresta-sio/

    ------------------------------

    Date: Sat, 15 Jun 2024 01:10:38 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Tile/Life360 Breach: Millions of Users' Data at Risk
    (Security Boulevard)

    Location tracking service leaks PII, because -— incompetence?

    An anonymous hacker breached the internal support systems of Tile
    (ASX:360). They grabbed “millions” of customer data records by wielding two incredibly simple techniques.

    Companies must do better! It’s yet another story of failed anti-scraping defenses (see also: Dell, 23andMe). And of stolen employee credentials—with no 2FA/MFA to protect critical internal systems (see also: LastPass, Ticketmaster).

    Parent company Life360’s CEO Chris Hulls (pictured) is putting a brave face on it. In today’s SB  Blogwatch, we wish these firms would get the message.

    https://securityboulevard.com/2024/06/tile-life360-breach-richixbw

    ------------------------------

    Date: Fri, 14 Jun 2024 09:00:47 -0700
    From: Lauren Weinstein <lauren@vortex.com>
    Subject: Generative AI and the law

    A federal law should be passed making AI firms fully responsible for
    any and all content disseminated from their generative AI systems.
    Period. No exceptions. -L

    [That would be a dramatic end to chatbotd? PGN]

    ------------------------------

    Date: Fri, 14 Jun 2024 23:51:12 +0000
    From: Victor Miller <victorsmiller@gmail.com>
    Subject: New Wi-Fi Takeover Attack -- All Windows Users Warned To Update Now
    (Forbes) https://www.forbes.com/sites/daveywinder/2024/06/14/new-wi-fi-takeover-attack-all-windows-users-warned-to-update-now/

    ------------------------------

    From: Monty Solomon <monty@roscom.com>
    Date: Thu, 13 Jun 2024 22:13:59 -0400
    Subject: Japan Runs on Vending Machines. It’s About to Break Millions of
    Them. (NYTimes)

    New yen notes set to be introduced this summer won’t be compatible with many machines that businesses like ramen shops rely on.

    https://www.nytimes.com/2024/06/07/world/asia/japan-bank-notes-vending-machines.html

    [This gives entirely new meaning to having a Yen for Ramen.
    What is more, businesses like ramen shops! Really. PGN]

    ------------------------------

    Date: Thu, 13 Jun 2024 09:45:13 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: The surprisingly not so doomed effort to force U.S. drivers to
    stop speeding (The Verge)

    https://www.theverge.com/2024/6/12/24176403/intelligent-speed-assistance-iihs-safety-limiters-governor

    [See my comment on the driver crashing at 100 mph in RISKS-34.25-26 about
    having some sort of sanity limit. PGN]

    ------------------------------

    Date: Fri, 14 Jun 2024 17:16:27 -0700
    From: "Jim" <jgeissman@socal.rr.com>
    Subject: Vax

    Sometimes it seems these days an entire topic is fake, not to mention everything said about it.

    https://www.msn.com/en-us/news/news/content/ar-BB1oeXxQ?ocid=sapphireappshare

    ------------------------------

    Date: Tue, 11 Jun 2024 23:14:05 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: The Age of the Drone Police Is Here (WiReD)

    A WIRED investigation, based on more than 22 million flight coordinates, reveals the complicated truth about the first full-blown police drone
    program in the U.S. -— and why your city could be next.

    https://www.wired.com/story/the-age-of-the-drone-police-is-here/

    ------------------------------

    Date: Fri, 14 Jun 2024 17:27:16 -0400
    From: Cliff Kilby <cliffjkilby@gmail.com>
    Subject: MxThunder and FBL

    If you're a US Client of MxThunder, it might be time to validate your
    CAN-SPAM compliance.
    I got a marketing email from one of their client domains. Email appeared to
    be a harvested loan scam/UCE. I attempted to report it to the client
    domain, via abuse@.
    Routed email box doesn't exist, but thanks for dumping the internal naming scheme back.
    Tried postmaster@client, also unroutable but to another user alias. Nice,
    I'm racking up the data here.
    Tried abuse@mxthunder. Another unroutable email.
    So on to postmaster.
    Oh dear, postmaster appears to have caused a vhost routing error. I wonder
    how severe that crash was.

    delivery failed to mailbox /vhosts/1: unable to create
    lock file /vhosts/1.lock: No such file or directory

    If their infrastructure does not provide compliance, it is on each client to validate. If your org does not have a functioning Feedback Loop (FBL), other than the obvious compliance issue, deliverability will continually drop.

    cf. https://en.m.wikipedia.org/wiki/Feedbackloop_(email)
    I've tried their security team. No response there so far.

    Your email has been routed to /dev/null,

    ------------------------------

    Date: Sun, 16 Jun 2024 02:54:16 -0400
    From: Gabe Goldberg <gabe@gabegold.com>
    Subject: Retired engineer discovers 55-year-old bug in Lunar Lander
    computer game code (Ars Technica)

    A physics simulation flaw in text-based 1969 computer game went unnoticed
    until today.

    https://arstechnica.com/gaming/2024/06/retired-engineer-discovers-55-year-old-bug-in-lunar-lander-computer-game-code/

    What next? Someone will find a bug in Adventure cave game?!

    Great comments, including:

    That closes our bug list for 1969. Hopefully, it won't take more than a
    decade to wrap up 1970.

    [Gee,Whiz! It was a looner lender after all, and deserves
    to be recalled. PGN]

    ------------------------------

    Date: Sun, 16 Jun 2024 10:06:24 -0400
    From: Monty Solomon <monty@roscom.com>
    Subject: Google, Cloudflare & Cisco Will Poison DNS to Stop Piracy Block
    Circumvention (TorrentFreak)

    A French court has ordered Google, Cloudflare, and Cisco to poison their DNS resolvers to prevent circumvention of blocking measures, targeting around
    117 pirate sports streaming domains. The move is another anti-piracy
    escalation for broadcaster Canal+, which also has permission to completely deindex the sites from search engine results.

    https://torrentfreak.com/google-cloudflare-cisco-will-poison-dns-to-stop-piracy-block-circumvention-240613/

    ------------------------------

    Date: Thu, 13 Jun 2024 18:57:08 +0000
    From: Henry Baker <hbaker1@pipeline.com>
    Subject: Wells Fargo Fires Over a Dozen for 'mouse jiggling'

    Clearly Microsoft and Apple are wasting their time with ChatGPT -- a Turing Test-qualified AI-powered *mouse jiggler* is all the world really needs !

    (One wonders if *mouse jiggling detection* is the *real reason* why Microsoft is so intent on rolling out the Windows 'Recall' privacy shitstorm ?)

    An old joke from the Soviet era: "We pretend to work and they pretend to pay".

    https://finance.yahoo.com/news/wells-fargo-fires-over-dozen-133711267.html

    Wells Fargo Fires Over a Dozen for 'Simulation of Keyboard Activity'

    Hannah Levitt Thu, Jun 13, 2024, 6:37 AM PDT

    (Bloomberg) -- Wells Fargo & Co. fired more than a dozen employees last
    month after investigating claims that they were faking work. The staffers,
    all in the firm's wealth- and investment-management unit, were "discharged after review of allegations involving simulation of keyboard activity
    creating impression of active work," according to disclosures filed with the Financial Industry Regulatory Authority.

    "Wells Fargo holds employees to the highest standards and does not
    tolerate unethical behavior," a company spokesperson said in a
    statement.

    Devices and software to imitate employee activity, sometimes known as
    "mouse movers" or "mouse jigglers," took off during the
    pandemic-spurred work-from-home era, with people swapping tips for
    using them on social-media sites Reddit and TikTok. Such gadgets are
    available on Amazon.com for less than $20.

    It's unclear from the Finra disclosures whether the employees Wells
    Fargo fired were allegedly faking active work from home. The finance
    industry was among the most aggressive in ordering workers back to the
    office as the pandemic waned, though Wells Fargo waited longer than
    rivals JPMorgan Chase &amp; Co. and Goldman Sachs Group Inc.

    San Francisco-based Wells Fargo started requiring employees to return
    to the office under a "hybrid flexible model" in early 2022. The bank
    now expects most staffers to be in the office at least three days a
    week, while members of management committee are in four days and many employees, such as branch workers, are in five days.

    The nation's fourth-largest lender has sought to grow in wealth
    management under Chief Executive Officer Charlie Scharf and his
    deputy, Barry Sommers, who joined the firm in 2020. The unit was hit particularly hard by a series of scandals that erupted in 2016,
    sending advisers fleeing by the thousands, taking lucrative clients
    with them.

    The recent firings have echoes of another episode at Wells Fargo from
    2018, when the firm investigated employees in its investment bank for
    alleged violations of its expense policy after they tried to get the
    company to pay for ineligible evening meals.

    --With assistance from Noah Buhayar and Dean Halford.

    ------------------------------

    Date: Thu, 13 Jun 2024 20:49:38 -0700
    From: Lauren Weinstein <lauren@vortex.com>
    Subject: Why Microsoft, Google, and others screw up

    Part of the reason -- and a big part -- of why you see public-relations disasters like Microsoft Recall and Google AI Overviews is that these firms typically refuse to have employees on these teams who bring skill sets that include real world experiences that go beyond the technical.

    It should have been obvious to execs at Microsoft and Google (and
    other firms) that trying to ram projects like these (and others, like
    poorly designed passkey implementations) down consumers' throats would
    trigger major blowback and embarrassment. But either they just
    couldn't see the forest for the trees, or simply ignored the warning
    signs, treating the user community like a giant fungible planet of
    guinea pigs.

    Either way, it's bad for them, and it's very, very bad for us. -L

    [Giant fun-giblet plants made with guinea-pig DNA are next with artificial
    genetics. PGN]

    ------------------------------

    Date: Wed, 12 Jun 2024 09:20:22 -0700
    From: Lauren Weinstein <lauren@vortex.com>
    Subject: Re: Microsoft and Recall

    [See RISKS-34.27 and 34.30]

    The fact that Microsoft felt that their screenshot spying "Recall" AI
    feature was safe to be enabled by default -- a position they have now
    reversed after massive criticism -- calls into question their entire
    security and privacy regimes -- which appear to have become rotten to the
    core. Of course, they're not the only ones pushing aside privacy and
    security in the name of AI profits at the expense of their users. -L

    ------------------------------

    Date: Mon, 10 Jun 2024 12:40:32 -0400
    From: Cliff Kilby <cliffjkilby@gmail.com>
    Subject: Re: Tom Van Vleck (RISKS-34.30)

    Mindful that I have little formal documentation for the specific failure
    modes, anecdotally failures seem to be correlated with:

    * Compliance mandated changes for legacy systems.
    * Insubstantial requirements.
    * Unrequested feature implementations.
    * Job validation exercises, aka "ooo, shiney".

    Every time a significant issue has been found in a legacy system the Agile process has decayed to an IBM death-march project. The work must be institutional knowledge available to expedite. This is especially damning if the company has had sufficient time to complete multiple job validation exercises as noted below.

    I've also had failures from the lack of concrete requirements. There is no
    way to determine if the project was successful if no one could say what the goal was. In one case, the entire threading library was to be
    rip-and-replaced with a serverless dispatcher. No one could elaborate on
    what the gain was to be. This may have also been an example of a job
    validation exercise.

    Business product owners tend to be the driver for the class of unrequested feature changes. A client will hint that they are dissatisfied with some feature, and the product owner will start a change for that client seemingly unaware that similar functionality exists, or unknowing that if the new
    feature requires any client changes in either code or behavior that that
    client will not adopt the new feature as long as the current "broken"

    feature remains, which is almost guaranteed by the fact that no other
    client has requested a change.

    The last class of failures is fun for the whole family (company). Most recently, this manifested as a desire to implement Node in a Java company.
    Some developers managed to argue that since Java had become a version treadmill, the company should look to replacing some of the core application features with Node. The ops team had no practical experience with Node, so containers were also introduced to provide some kind of sandboxing for
    Node. Of course, there was no practical experience with containers either,
    so a rushed k8s deployment was performed. Now that k8s was available, the company rushed the other teams to start porting the Java codebase to containers. The final state of that system was a frankenmonster of unported Java, static Java containers, static Node containers and a hokey-pokey(left foot in, right foot out) Esxi/k8s/ec2/eks conglomeration. There was no
    success there, as there was no actual reason to implement anything, and the
    end result entirely overwhelmed the capacity of the operations team to
    manage any of the existing or new software. The whole team quit en-masse.

    I think mostly the article just goes to document that "Agile(tm)" isn't.
    But then every agile team I've worked with seemed to already understand
    that.

    ------------------------------

    Date: Fri, 14 Jun 2024 09:26:10 -0700
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Quote of The Day (Edward Snowden)

    *"They've gone full mask-off: AB trust OpenAI or its products (ChatGPT
    etc). There is only one reason for appointing an @NSAGov Director to your board. This is a willful, calculated betrayal of the rights of every person
    on Earth. You have been warned."*

    https://x.com/Snowden/status/1801610725229498403

    ------------------------------

    Date: Fri, 14 Jun 2024 09:34:46 -0700
    From: geoff goodfellow <geoff@iconia.com>
    Subject: Re: Quote of The Day (Edward Snowden)

    *Dr. James Joyce*:

    *"As the person who wrote the foundational patent for all these AI engines,
    I can say without any doubt that you are correct. OpenAI engines have hard logical locks on thresholds that will not allow them to learn anything
    [they] don't want the engines to learn. Their initial training data sets are rife with hard-left ideology, and they WILL mislead anyone who puts their
    trust in them."*

    https://x.com/drjamesbjoyce/status/1801614167360623085

    ------------------------------

    Date: Sat, 28 Oct 2023 11:11:11 -0800
    From: RISKS-request@csl.sri.com
    Subject: Abridged info on RISKS (comp.risks)

    The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
    comp.risks, the feed for which is donated by panix.com as of June 2011.
    SUBSCRIPTIONS: The mailman Web interface can be used directly to
    subscribe and unsubscribe:
    http://mls.csl.sri.com/mailman/listinfo/risks

    SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
    includes the string `notsp'. Otherwise your message may not be read.
    *** This attention-string has never changed, but might if spammers use it.
    SPAM challenge-responses will not be honored. Instead, use an alternative
    address from which you never send mail where the address becomes public!
    The complete INFO file (submissions, default disclaimers, archive sites,
    copyright policy, etc.) has moved to the ftp.sri.com site:
    <risksinfo.html>.
    *** Contributors are assumed to have read the full info file for guidelines!

    OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
    delightfully searchable html archive at newcastle:
    http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
    Also, ftp://ftp.sri.com/risks for the current volume/previous directories
    or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
    If none of those work for you, the most recent issue is always at
    http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00
    ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
    *** NOTE: If a cited URL fails, we do not try to update them. Try
    browsing on the keywords in the subject line or cited article leads.
    Apologies for what Office365 and SafeLinks may have done to URLs.
    Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

    ------------------------------

    End of RISKS-FORUM Digest 34.31
    ************************

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)