RISKS-LIST: Risks-Forum Digest Friday 10 April 2020 Volume 31 : Issue 66

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.66>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
The ancient computers in the Boeing 737 Max are holding up a fix
(The Verge via Gabe Goldberg)
Boeing 787s must power cycle every 51 days (The Register via John Levine) Privacy Cannot Be a Casualty of the Coronavirus (NYTimes)
FTC, FCC crack down on coronavirus robocall scams (WashPost)
What about contact lenses? (Paul Wexelblat)
Re: Firefox Cloudflare DNS (Dmitri Maziuk)
Re: A computer virus expert looks at CoVID-19 (Rob Slade)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Fri, 10 Apr 2020 00:25:12 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: The ancient computers in the Boeing 737 Max are holding up a fix
(The Verge)

Nothing, it seems, will prompt the FAA to send this particular design back
to the drawing board. Instead, Boeing will once again attempt to compensate
for a hardware flaw on the 737 Max with slightly rewritten software. It's
the same design philosophy that created this catastrophe for Boeing in the first place -— and it's the same philosophy that has failed, so far, to produce a safe and reliable airplane.

https://www.theverge.com/2020/4/9/21197162/boeing-737-max-software-hardware-computer-fcc-crash

------------------------------

Date: 9 Apr 2020 19:45:56 -0400
From: John Levine <johnl@iecc.com>
Subject: Boeing 787s must power cycle every 51 days (The Register)

In article <5.CMM.0.90.4.1586470789.risko@chiron.csl.sri.com11844> you write:

[Noted by Tom Van Vleck.
I thought RISKS has noted this before, but I did not find it. PGN]

It's gotten worse. Back in 2015 you needed to reboot only every 248 days: https://www.theregister.co.uk/2015/05/01/787_software_bug_can_shut_down_planes_generators/
[JL]

[Tom Russ noted that 51 days is roughly 2^32 milliseconds. Perhaps
another integer overflow/wrap-around problem?]

[Craig S. Cottingham found an earlier reference in RISKS-31.34 that I
remembered, but could not find. However, that item from Steve Golson
related to Airbus, not Boeing:

Airbus A350 software bug forces airlines to turn planes off and on every
149 hours (The Register), which seemingly related to a 32-bit counter
that updates every 125 microseconds.
http://catless.ncl.ac.uk/Risks/31/34#subj4.1

So, it's just another calendar-clock implementation foresight.
Y2K, Why-not-2K? It's only 32 bits. PGN]

------------------------------

Date: Tue, 7 Apr 2020 19:49:57 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Privacy Cannot Be a Casualty of the Coronavirus (NYTimes)

Privacy Cannot Be a Casualty of the Coronavirus https://www.nytimes.com/2020/04/07/opinion/digital-privacy-coronavirus.html

[It must not. Unfortunately, it can, and is already. PGN]

------------------------------

From: Monty Solomon <monty@roscom.com>
Date: Fri, 3 Apr 2020 16:57:59 -0400
Subject: FTC, FCC crack down on coronavirus robocall scams (WashPost)

Americans were bombarded with more than 132 million robocalls a day in March
as the pandemic worsened.

https://www.washingtonpost.com/business/2020/04/03/ftc-fcc-crack-down-coronavirus-robocall-scams/

------------------------------

Date: Thu, 9 Apr 2020 22:22:53 -0400
From: Paul Wexelblat <wexelblat@gmail.com>
Subject: What about contact lenses?

COVID-10 Curiosity — I have heard nothing about the care which should (must) be taken with contact lenses - Cleaning - Removal - Insertion

[Use sterilized rubber tweezers? Return to your old-fashioned eye-glasses
that you alcohol-wipe before putting them on? PGN]

------------------------------

Date: Thu, 9 Apr 2020 19:06:30 -0500
From: dmaziuk <dmaziuk@bmrb.wisc.edu>
Subject: Re: Firefox Cloudflare DNS (RISKS-31.65)

I had a bit of a Whaa??? moment on this, thank you Lauren for pointing this
out and making me go to settings and change them back to "no proxy".

Gotta wonder who at Firefox makes these kinds of decisions and what they are smoking.

Changing my network settings behind my back and without notice is bad
enough, resolving domain names differently in their product (so a different http client could take you to an entirely different server for the same URL
-- and with a different chain of built-in "trusted" CA's, both could potentially be "very secure") is a whole 'nother story.

I guess in Mozilla-verse two wrongs make a right, if one of them's really
badly wrong.

------------------------------

Date: Fri, 10 Apr 2020 08:22:58 -0700
From: Rob Slade <rmslade@shaw.ca>
Subject: Re: A computer virus expert looks at CoVID-19 (RISKS-31.65)

Let me say that I *absolutely* agree with the comments Peter excerpted and posted:

I will just say please don't allow the high frequency of contribution by
a regular contributor lend a credibility to the quality of the
contribution that isn't there when the topic is outside the
contributor's expertise. (Perhaps this is a RISK in itself? A halo
effect arising from contribution frequency?).

Particularly in a time of crisis, accurate and correct information is vital. Challenging (and, hopefully, correcting) errors is a function which becomes more important, not less, in an emergency situation.

------------------------------

Date: Mon, 14 Jan 2019 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.

SUBSCRIPTIONS: The mailman Web interface can be used directly to

subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks

SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that

includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.

SPAM challenge-responses will not be honored. Instead, use an alternative

address from which you never send mail where the address becomes public!

The complete INFO file (submissions, default disclaimers, archive sites,

copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!

OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's

searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.

Special Offer to Join ACM for readers of the ACM RISKS Forum:

<http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 31.66
************************

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)