RISKS-LIST: Risks-Forum Digest Monday 10 February 2020 Volume 31 : Issue 57

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.57>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Backhoes, squirrels, and woodpeckers as DoS vectors (Richard Forno)
Benjamin Netanyahu's election app potentially exposed data for every Israeli
voter (WashPost)
The app that broke the Iowa caucus, an inside look (CNET)
Tesla Remotely Removes Autopilot Features From Customer's Used Tesla
Without Any Notice (Clean Technica)
Recent Car Thefts May Be Related To Carsharing App Getaround, Warns
D.C. Attorney General (DCist)
SSL Certificates are expiring... (Cryptography)
Nasty Linux, macOS sudo bug found and fixed (ZDNet)
Cisco Flaws Put Millions of Workplace Devices at Risk (WiReD)
Data leakage from portable versions of Open Office and Libre Office
(Arthur T.)
Facebook's Bug Bounty Caught a Data-Stealing Spree (WiReD)
The `manosphere' is getting more toxic as angry men join the incels
(MIT Tech Review)
Explainable AI (Chris Els=C3=A4sser)
Read the FBI's Damning Case Against the Recently Arrested Nintendo Hacker
(Vice)
Who owns your feelings? Short doc shows how big tech uses AI to track
emotions (CBC)
Photo Roulette on the App Store (Gabe Goldberg)
The 'race to 5G' is a myth (WEForum)
Not all fun and memes: What's the trouble with TikTok? (CBC)
The Night Sky Will Never Be the Same (The Atlantic)
Boeing's Starliner space capsule suffered a second software
glitch during December test flight (WashPost)
Boeing Refuses to Cooperate With New Inquiry into Deadly Crash (NYTimes)
NASA Shares Initial Findings from Boeing Starliner Orbital Flight Test
Investigation (NASA)
Re: Boeing 737s can't land facing west (Terje Mathisen)
Re: 99 smartphones ... (3daygoaty, JC Cantrell)
Re: Artificial intelligence-created medicine to be used on humans for
first time (Mark Thorson)
Re: AI-created medicine to be used on humans (Henry Baker)
Re: Election Security At The Chip Level (John R. Levine)
Re: Should Automakers Be Responsible for Accidents? (Gabe Goldberg)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Mon, 10 Feb 2020 08:53:28 -0500
From: Richard Forno <rforno@infowarrior.org>
Subject: Backhoes, squirrels, and woodpeckers as DoS vectors

[The video shows] a wireless antenna in California. Network coverage was disrupted by an Acorn woodpecker, a 3-ounce bird stashing an estimated 35-50 gallons/300lbs of acorns.

http://twitter.com/gunsnrosesgirl3/status/1226715791443148800

Social media have been attributing this to squirrels for a long time. I
of course try to correct people anytime I see this. It just proves that
attribution can be really difficult. RF

[We have had numerous squirrel and a few notable backhoe stories in the
RISKS archives. But woodpeckers also have had their opportunities, e.g.,
in RISKS-17.16: ``Woodpeckers could delay shuttle.'' Furthermore, I note
that the quote "If builders built houses the way programmers write
programs, the first woodpecker that came along would destroy
civilization." managed to peck its way into *three* different issues,
RISKS-10.07 (June 1990), 23.74 (Feb 2005), and 28.21 (August 2014), so
they keep coming back. A hardy bunch, these woodpeckers. They really get
around. Indeed, they really get a round hole where there are not even any
square pegs. PGN]

------------------------------

Date: Mon, 10 Feb 2020 08:36:47 -0800
From: Lauren Weinstein <lauren@vortex.com>
Subject: Benjamin Netanyahu's election app potentially exposed data for
every Israeli voter (WashPost)

https://www.washingtonpost.com/world/middle_east/benjamin-netanyahus-election-app-potentially-exposed-data-for-every-israeli-voter/2020/02/10/98f606c0-4bfe-11ea-967b-e074d302c7d4_story.html

------------------------------

Date: Thu, 6 Feb 2020 16:45:00 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: The app that broke the Iowa caucus, an inside look (CNET)

*A cybersecurity company got hold of the code for Shadow, the app used in
the Iowa caucus, and spoke to CNET about what it found*

EXCERPT:

Results from Monday's Iowa caucus were delayed for days because of problems with a smartphone app used to tabulate and report results, causing chaos and frustration among campaigns and voters. A reported coding issue caused the
app to only report out partial data, Iowa Democratic Chairman Troy Price
said in a statement.

<https://www.cnet.com/news/as-iowa-caucuses-arrive-facebook-has-a-trust-problem/>
<https://www.cnet.com/news/iowa-caucus-results-delayed-due-to-reporting-inconsistencies-after-switching-to-new-tech-system/>
<https://www.cnet.com/news/iowa-caucus-app-debacle-what-went-wrong/>

Cybersecurity company Blue Hexagon obtained a copy of the app, created by a company called Shadow, Inc. Blue Hexagon's head of cyberthreat intelligence
and operations, Irfan Asrar, spoke with CNET's Dan Patterson about what went wrong and the overarching cybersecurity concerns this presents for the rest
of the 2020 election. <https://www.cbsnews.com/video/cyber-experts-weigh-in-on-the-app-that-crashed-the-iowa-caucus/>
<https://www.zdnet.com/article/the-scariest-hacks-and-vulnerabilities-of-2019/>

Blue Hexagon is still diagnosing exactly why the app failed. But the final version of the app has several problems within the code, including links to people's personal websites, Asrar said. "What we believe is, this is an oversight, and an example of the app being rushed into production," he
added. The larger concern is that the app was so easy to obtain, which
means anyone could access the infrastructure supporting it and potentially cause damage, Asrar said.

Watch the video for the full interview <https://www.cnet.com/videos/inside-shadow-an-exclusive-look-at-the-mobile-app-that-broke-the-iowa-caucus/>
and more insight into the Shadow, Inc. app. [...] https://www.cnet.com/news/the-app-that-broke-the-iowa-caucus-an-inside-look/

[The whole situation smells of gross incompetence, trust in flaky
outsourcing, lack of assurance, testing, and many other problems long
considered in RISKS. If every computer system is simply badly conceived
and ultimately flawed and compromisable internally or externally, why
would you expect anything else here?

In addition to all of the above, Rachel Maddow had on her 6 Feb 2020 show
a reprise of the massive denial of service in 2002 in the New Hampshire
election for Sununu that disrupted telephone banks intending to get out
the vote for Democrats. This exact DoS was repeated by the Reps in 2020
to totally disrupt the Iowa caucus after the Dems turned to phone lines to
call in the results. This kind of disruption is clearly out of control,
even with the Dem's having overprovisioned their servers. PGN]

------------------------------

Date: Mon, 10 Feb 2020 08:54:45 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: Tesla Remotely Removes Autopilot Features From Customer's Used
Tesla Without Any Notice (Clean Technica)

EXCERPT:

One of the less-considered side effects of car features moving from
hardware to software is that important features and abilities of a car can
now be removed without any actual contact with a given car. Where once de-contenting involved at least a screwdriver (or, if you were in a hurry,
a hammer), now thousands of dollars of options can vanish with the click of
a mouse somewhere. And that's exactly what happened to one Tesla owner,
and, it seems many others.

Alec (I'll withhold his last name for privacy reasons) bought a 2017 Tesla Model S on December 20 of last year, from a third-party dealer who bought
the car directly from Tesla via auction on November 15, 2019. The car was
sold at auction as a result of a California Lemon Law buyback, as the car suffered from a well-known issue where the center-stack screen developed a noticeable yellow border. <https://cleantechnica.com/2019/07/06/tesla-rolls-out-uv-light-fix-for-yellowing-screen-border/>

When the dealer bought the car at auction from Tesla on November 15, it was optioned with both Enhanced Autopilot and Tesla's confusingly-named Full
Self Driving Capability
together, these options totaled $8,000. You can see them right on the
Monroney sticker for the car:... <https://jalopnik.com/tesla-is-still-using-the-phrase-full-self-driving-to-de-1835012651>
https://jalopnik.com/tesla-remotely-removes-autopilot-features-from-customer-1841472617

------------------------------

Date: Wed, 5 Feb 2020 18:05:36 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Recent Car Thefts May Be Related To Carsharing App Getaround,
Warns D.C. Attorney General (DCist)

“Vehicles listed on Getaround could be at increased risk of theft because keys are left inside of the car and the car’s location is visible to anyone searching the platform,” according to a release from the OAG.

https://dcist.com/story/20/02/05/recent-car-thefts-may-be-related-to-carsharing-app-getaround-warns-d-c-attorney-general/

Ya think?

------------------------------

Date: February 1, 2020 at 9:08:55 AM GMT+9
From: Henry Baker <hbaker1@pipeline.com>
Subject: SSL Certificates are expiring... (Cryptography)

``Forget the Y2K bug, "things" are starting to break as SSL Certificates
start expiring.''

Several authority certificates are expiring:
5/30/2020
6/21/2020
9/22/2020
12/31/2020

IoT -- Internet of Expired Certificates.

Perfectly good HW, but with firmware that can't be updated.

I just hope that implantable medical devices can have their builtin certificates updated!

I wonder how many "smart" *cars* will stop running when their builtin SSL certificates expire?

Problems: bad hash functions (MDx,SHA1) are also causing certificate
problems even though the RSA algorithm -- even at 1024 bits -- still seems
to be holding.

------------------------------

Date: Wed, 5 Feb 2020 01:02:54 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Nasty Linux, macOS sudo bug found and fixed (ZDNet)

Sudo is a very popular, very simple Unix-system sysadmin application. It enables users to switch identities for the purpose of running a single
command. Usually, but not always, it lets you run a command as the root,
system administrator, user. Sudo's easy to abuse, but it's so darn useful, until it's not. A recently discovered sudo bug once more spells out why you should be wary of this command.

In this latest security hole, CVE-2019-18634, Apple Information Security researcher Joe Vennix discovered that if the "pwfeedback" option is enabled
in your sudoers configuration file, any user, even one who can't run sudo or
is listed in the sudoers file, can crack a system.

https://www.zdnet.com/article/nasty-linux-macos-sudo-bug-found-and-fixed/

------------------------------

Date: Fri, 7 Feb 2020 10:32:15 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Cisco Flaws Put Millions of Workplace Devices at Risk (WiReD)

To exploit the bugs, attackers would first need a foothold inside a target's network, but from there they could fan out quickly, compromising one
vulnerable Cisco device after another to bore deeper into a system. And once attackers controlled a switch or router they could start to intercept unencrypted network data, like files and some communications, or access a company's *active directory*, which manages authentication for users and devices.

``It's still hop by hop. As a hacker, you still need an initial attack vector into the network,'' says Ang Cui, founder of the IoT security firm Red
Balloon, who has disclosed numerous Cisco bugs. ``But once you’re there, at each hop you have the same vulnerability present -- all the switches, firewalls, and routers in a network could be affected by this. So you're
going to have to own a lot of devices, but once you own all of them you've literally taken over every single piece of the network.''

https://www.wired.com/story/cisco-cdp-flaws-enterprise-hacking/

------------------------------

Date: Fri, 07 Feb 2020 01:06:34 -0500
From: "Arthur T." <risks202002.6.atsjbt@xoxy.net>
Subject: Data leakage from portable versions of Open Office and Libre Office

Note: this post is Windows-centric. I'm not sure if a similar problem occurs
on other platforms.

Many people run the portable version of Office (Open or Libre) from a
specific location (such as a thumb drive) in order to keep all data off of other locations (such as the C: drive). This might not be working as
expected.

One of the first things one does in such a case is verify the locations of default files, temp files, etc. The temp files location is a few directories down from %temp% (or maybe %tmp%) and probably on C:. So one changes it to a directory on the same drive where Office resides. Unfortunately, that
doesn't work. More unfortunately, Office doesn't tell you that it didn't
work.

My first indication was that when I restarted the program, its temp
directory had reverted to within %temp%. I thought that, even though it remembered other changes, it somehow wasn't remembering that one.

In fact, it's more sinister. Not only is it not remembering it, it's not
using the updated location. When it starts, it immediately creates files in
its temp directory, and it keeps using that same directory until Office is closed, regardless of what you type in as an override once the program is running. Really, it shouldn't let you type an override in for that
directory, so you'd know it can't be overridden.

I use Open Office, but web searches suggest: that Libre Office has the same problem, that it has existed for a long time, and that it has not been
fixed.

For myself, I created a .bat file to reset temp and tmp before starting Open Office, and that appears to fix the problem. My .bat file to run Office from drive E: is:

setlocal
set tmp=e:\temp
set temp=e:\temp
start "Open Office on E" "e:\Program
Files\OpenOffice\OpenOfficePortable.exe"
endlocal

------------------------------

Date: Sun, 9 Feb 2020 21:29:23 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Facebook's Bug Bounty Caught a Data-Stealing Spree (WiReD)

A few months ago, the company disclosed that apps were siphoning data from
up to 9.5 million of its users. It only found out thanks to a bug bounty submission.

https://www.wired.com/story/facebook-bug-bounty-app-data-stealing/

------------------------------

Date: Sat, 8 Feb 2020 11:42:35 -0500
From: Monty Solomon <monty@roscom.com>
Subject: The `manosphere' is getting more toxic as angry men join the incels
(MIT Tech Review)

Men from the less extreme end of the misogynistic spectrum are drifting
toward groups that espouse violence against women, a new study suggests.

https://www.technologyreview.com/s/615155/the-manosphere-is-getting-more-toxic-as-angry-men-join-the-incels/

------------------------------

From: Chris Els=C3=A4sser <chris.elsaesser@comcast.net>
Date: Thu, Feb 6, 2020 at 11:55 AM
Subject: Explainable AI

Geoff, Looking over your recent posts on IS & RISKS, I noticed this at the end (probably from MIT Tech Review):

Ehsan is part of a small but growing group of researchers trying to make AIs better at explaining themselves, to help us look inside the black box. The
aim of so-called interpretable or explainable AI (XAI) is to help people understand what features in the data a neural network is actually learning
-- and thus whether the resulting model is accurate and unbiased. [=A6]

Once again, AI is reinvented!

But first, it would be nice if the Tech Review writer (Douglas Heaven) knew that *interpretable* and *explainable* are not the same thing.

Second, it would be nice if the writer looked at the extensive literature on explanation in AI systems; goes back to the great-grandparent of AI systems, MYCIN, and its explanation subsystem. [note: MYCIN's `certainty factors'
were soon supplanted at Stanford by Bayes networks]

Per Geoff Hinton, Deep learning NNs are approximations of (full) Bayesian classifiers. Explanation of Bayesian inference has long been seen to be in
need of `explanation' (or perhaps `convincing' :-)) because human reason
under uncertainty has often been found to deviate from Bayesian inference (which is provably optimal).

The earliest reference to explanation of Bayesian inference I've found is
the following (and it should be obvious why I looked no further ;-)):

Elsaesser, Christopher (1987) Explanation of Probabilistic Inference for Decision Support Systems *Proceedings of the Third Conference on
Uncertainty in Artificial Intelligence (UAI-87),* Morgan Kaufmann, San Francisco, CA.

That paper reported work I did for my PhD thesis at Carnegie Mellon. My techniques were substantially improved and extended by Merek Druzdzel. For example:

Henrion, M. and M. J. Druzdzel (1990). Qualitative and linguistic
explanations of probabilistic reasoning in belief networks. Proceedings of
the Sixth Conference on Uncertainty in Artificial Intelligence, pages 10-20 Cambridge, MA, Association for Uncertainty in AI.

NOT that re-invention is not worthwhile. Just that at least in this case
its nothing new. :-)

------------------------------

Date: Tue, 4 Feb 2020 18:03:22 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Read the FBI's Damning Case Against the Recently Arrested Nintendo
Hacker (Vice)

The hacker who stole from Nintendo for years bragged about it online, and didn't even try to hide his real name or activities.

https://www.vice.com/en_us/article/akwkk5/read-the-fbis-damning-case-against-the-recently-arrested-nintendo-hacker

------------------------------

Date: Thu, 6 Feb 2020 18:55:58 -0700
From: "Matthew Kruk" <mkrukg@gmail.com>
Subject: Who owns your feelings? Short doc shows how big tech uses AI to
track emotions (CBC)

https://www.cbc.ca/news/canada/montreal/stealing-ur-feelings-1.5362954

Watching Noah Levenson's short documentary Stealing Ur Feelings is
undoubtedly intended to be an uncomfortable experience.

The short film, which premiered in Montreal as part of the International Documentary Festival this week, explains how big business has the capacity
to use artificial intelligence programs and facial recognition software to track and monitor the emotions of its users.

But he does this by using the same technology against the viewers of the
film. "It uses facial emotion recognition AI to watch you back. So it
analyzes your face as you react to content it shows you," explained
Levenson.

"So, the film uses the camera in your device to make you the star of the
film."

------------------------------

Date: Wed, 5 Feb 2020 00:58:38 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Photo Roulette on the App Store

In Photo Roulette you compete with your friends to quickly guess whose photo
is shown! Play with random photos from you (sic) and your friends' phones in this social and exciting Photo Roulette game! Feel the thrill before each picture and share the hilarious moments that occur with the pictures of your friends and family!

https://apps.apple.com/us/app/photo-roulette/id1050443738

Nevermind someone hacking your phone for pictures, play the game and see
what's distributed.

------------------------------

Date: Fri, 7 Feb 2020 12:26:13 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: The 'race to 5G' is a myth (WEForum)

EXCERPT:

Telecommunications providers relentlessly extol the power of
fifth-generation (5G) wireless technology. Government officials and policy advocates fret that the winner of the "5G race" will dominate the Internet
of the future, so America cannot afford to lose out. Pundits declare that 5G will revolutionize the digital world.

<https://www.weforum.org/agenda/2018/01/the-world-is-about-to-become-even-more-interconnected-here-s-how/>
<https://www.cnn.com/2020/01/24/perspectives/america-china-5g-race/index.html> <https://www.weforum.org/agenda/2019/01/here-s-how-5g-will-revolutionize-the-digital-world/>

It all sounds very thrilling. Unfortunately, the hype has gone too far. 5G systems will, over time, replace today's 4G, just as next year's iPhone 12
will improve on this year's 11. 5G networks offer significantly greater transmission capacity. However, despite all the hype, they won't represent a radical break from the current mobile experience. First of all, the "race
to 5G" is a myth. 5G is a marketing term for a family of technologies, which carriers can stretch to cover a variety of networks. The technical standards are still under development <https://www.brookings.edu/research/5g-in-five-not-so-easy-pieces/>, so what counts as "true" 5G is arguable. As with 4G, the 5G rollout will take years,
as carriers upgrade their networks with new gear and users buy new
phones. Just as they do today, connections will fall back to slower speeds
when users aren't near enough to a tower, or if the network is overloaded. There's no magic moment when a carrier, or a nation, "has" 5G.

Even if there was a race, it's over: South Korea and China have already
built <https://www.cnn.com/2019/11/01/tech/5g-china/index.html> much more extensive 5G networks than the United States. But that shouldn't be cause
for panic. Customers in those countries may have a leg up on faster connections, but that doesn't necessarily create a sustainable strategic advantage. Romania is one of 10 countries with significantly faster <https://www.speedtest.net/global-index> average fixed broadband connections than America today, yet no one in Washington seems concerned that will give Romanian firms a dominant advantage. The major tech platforms delivering innovative digital services to the world are still based in the United
States and China. There are important concerns <https://www.cnn.com/2019/12/05/tech/huawei-us-ban-lawsuit/index.html> about the Chinese networking firm Huawei creating backdoors for surveillance or tilting the carrier equipment market toward Chinese-defined standards. Your
5G user experience, however, won't depend on who makes the gear in the guts
of the network. The overheated rhetoric is based on the misconception that
5G heralds a new era of services for end-users. In reality, the claimed performance -- hundreds of megabits or even gigabits per second
-- is misleading. Averages and ideal numbers mask huge variations
depending <https://www.cnn.com/2019/08/09/tech/5g-review/index.html> on distance to an antenna, obstructions, weather and other factors. The fastest speeds require "millimeter wave" spectrum, which doesn't penetrate walls or foliage well, and is generally less reliable than the lower frequencies used today. Millimeter wave requires a much denser network of antennas, which
could be cost-prohibitive outside dense urban areas. Even if that hurdle is overcome, a gigabit per second to millions of phones requires a network able
to move traffic at that speed end-to-end, which doesn't exist today. [...]

https://www.cnn.com/2020/02/03/perspectives/5g-disruption/index.html

------------------------------

Date: Thu, 6 Feb 2020 18:57:47 -0700
From: "Matthew Kruk" <mkrukg@gmail.com>
Subject: Not all fun and memes: What's the trouble with TikTok? (CBC)

https://www.cbc.ca/news/technology/tiktok-criticism-expansion-in-canada-1.5336375
It's been a bad week for TikTok.

The Chinese-owned video-sharing app, wildly popular with teens, was forced
to issue a rare public statement about its data security practices and
whether it censors content on behalf of Beijing.

In short, TikTok said it can be trusted with its users' data and that it doesn't delete videos just because of "sensitivities related to China." But that's done little to quiet the app's increasingly vocal critics who worry
the platform, with its short lip-sync and comedy videos, is the latest
example of Beijing's overseas intelligence-gathering operation.

Toronto-based privacy advocate Ann Cavoukian told CBC News she is skeptical
of TikTok's defence, because "surveillance among the Chinese is non-stop."

------------------------------

Date: Fri, 7 Feb 2020 12:25:16 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: The Night Sky Will Never Be the Same (The Atlantic)

*If Elon Musk has his way, thousands of bright artificial lights will
streak through the dark*
EXCERPT:

Last year, Krzysztof Stanek got a letter from one of his neighbors. The neighbor wanted to build a shed two feet taller than local regulations
allowed, and the city required him to notify nearby residents. Neighbors,
the notice said, could object to the construction. No one did, and the shed went up.

Stanek, an astronomer at Ohio State University, told me this story not
because he thinks other people will care about the specific construction
codes of Columbus, Ohio, but rather because it reminds him of the network of satellites SpaceX is building in the space around Earth. ``Somebody puts up
a shed that might obstruct my view by a foot, I can protest. But somebody
can launch thousands of satellites in the sky and there's nothing I can do?
As a citizen of Earth, I was like, *Wait a minute*.''

Since last spring, SpaceX has launched into orbit dozens of small
satellites -- the beginnings of Starlink, a floating scaffold that the company's founder, Elon Musk, hopes will someday provide high-speed
Internet to every part of the world. <https://www.theatlantic.com/science/archive/2019/05/spacex-satellites-starlink/590269/>

SpaceX sent a letter too, in a way. After filing for permission to build
its constellation in space, federal regulators held the required comment period, open to the public, before the first satellites could launch.

These satellites have turned out to be far more reflective than anyone, even SpaceX engineers, expected. Before Starlink, there were about 200 objects in orbit around Earth that could be seen with the unaided eye. In less than a year, SpaceX has added another 240. ``These are brighter than probably 99 percent of existing objects in Earth orbit right now,'' says Pat Seitzer, a professor emeritus at the University of Michigan who studies orbital
debris. For months, astronomers have shared images online of their
telescopes' fields of view with diagonal white streaks cutting across the darkness, the distinct appearance of Starlink satellites. More satellites
are now on the way, both from SpaceX and other companies. If, as Musk hopes, these satellites number in the tens of thousands, ignoring them will be difficult, whether you're an astronomer or not.

In some ways, these satellites pose a familiar problem, a matter of managing the competing interests that scientists, commercial companies, and the
public might have in a limited natural resource. But the use of outer space
-- particularly the part in close vicinity to our planet -- has never been tested quite like this before. For most of history, scientists, particularly those who observe the cosmos on visible wavelengths, have had relatively
little competition for access to the sky. Passing satellites were considered nuisances and sometimes wrecked data, but they were rare. Some astronomers
are now calling for legal action but even those who wouldn't push that far describe Starlink's satellites as a wake-up call: What happens when new and powerful neighbors have a distinct -- and potentially disruptive -- plan for
a place you value?... <https://room.eu.com/news/legal-action-could-be-used-to-stop-starlink-ruining-the-night-say-astronomers>,

[...] https://www.theatlantic.com/science/archive/2020/02/spacex-starlink-astronomy/606169/

------------------------------

Date: Fri, 7 Feb 2020 11:14:15 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Boeing's Starliner space capsule suffered a second software
glitch during December test flight (WashPost)

Boeing's Starliner space capsule suffered a second software glitch during December test flight

https://www.washingtonpost.com/technology/2020/02/06/boeings-starliner-space-capsule-suffered-second-software-glitch-during-december-test-flight/

------------------------------

Date: Thu, 6 Feb 2020 14:33:07 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Boeing Refuses to Cooperate With New Inquiry into Deadly Crash
(NYTimes)

https://www.nytimes.com/2020/02/06/business/boeing-737-inquiry.html

In both the Max accidents and the 2009 crash, which involved a 737 NG, Boeing’s design decisions allowed a single malfunctioning sensor to trigger
a powerful computer command, even though the plane was equipped with two sensors. For both models, the company had determined that if a sensor
failed, pilots would recognize the problem and recover the plane. But Boeing did not provide pilots with key information that could have helped them counteract the automation error.

After the 2009 crash, regulators required airlines to install a software
update for the NG that allowed comparison of data from the two available sensors — much the same fix that Boeing has now proposed for the Max. In the case of the NG, Boeing had developed a software update before the 2009 accident, but it wasn't compatible with all existing models, including the
jet that crashed near Amsterdam.

------------------------------

Date: Mon, 10 Feb 2020 08:17:07 -0500
From: Jan Wolitzky <jan.wolitzky@gmail.com>
Subject: NASA Shares Initial Findings from Boeing Starliner Orbital Flight
Test Investigation (NASA)

https://blogs.nasa.gov/commercialcrew/2020/02/07/nasa-shares-initial-findings-from-boeing-starliner-orbital-flight-test-investigation/

------------------------------

Date: Wed, 5 Feb 2020 11:04:31 +0100
From: Terje Mathisen <terje.mathisen@tmsw.no>
Subject: Re: Boeing 737s can't land facing west (RISKS-31.54)

I think this data item, along with the very limited number of identified problematic runways provide a strong clue:

The flight software splits the circle into quadrants, then for at least one quadrant boundary the logic to determine which one is broken, i.e.
something like

if (angle < 270.0) quadrant = 3;
else if (angle > 270.0) quadrant = 4;

For these particular runways, the planners had enough freedom to be allowed
to place each runway exactly where they wanted and decided to draw a
perfectly straight line <E-W> using RTK GPS surveying so that the actual direction is 270 degrees exactly, while on all the other "Runway 27"s
(approx) in the world which have been certified for 737 landings, there is a small but sufficient angular offset.

I would have expected such an error to also happen in the opposite direction though, that's why I'm guessing at individual code for each boundary.

------------------------------

From: "3daygoaty" <threedaygoaty@gmail.com>
Date: Wed, 5 Feb 2020 11:11:12 +1100
Subject: Re: 99 smartphones ... (RISKS-31.56)

This involved 99 real smart phones running the Google maps app. Can the
same effect be achieved by simulating the phones on fewer- or one- physical device(s)? How easy is it then to tell Google Maps you are somewhere you actually aren't?

The hack looks like it could be used to flock self-driving cars away from
some route or alternatively, funnel them into some sort of trap.
Self-driving cars likely being rather posh cars might be desirable for car jacking, say.

The service that allows the authorities to get all green lights driving
across the city for the movement of sensitive freight, high profile people
or prisoners - I would presume their route is fixed and not subject to
traffic? Gerry Adams came to Melbourne. They organised 5 routes from the airport to a certain Irish pub. At the last minute they picked one of
them. Can I use the above hack to route Gerry where I want him?


[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)