[33085] in RISKS Forum
Risks Digest 33.63
daemon@ATHENA.MIT.EDU (RISKS List Owner)
Sat Feb 25 19:42:06 2023
From: RISKS List Owner <risko@csl.sri.com>
Date: Sat, 25 Feb 2023 16:34:15 PST
To: risks@mit.edu
RISKS-LIST: Risks-Forum Digest Saturday 25 February 2023 Volume 33 : Issue 63
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/33.63>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
Over 1,000 Trains Derail Each Year in America (NYTimes)
Wearable fitness trackers could interfere with cardiac devices, study finds
(The Guardian)
U.S. Air Force Studies Autonomous Cargo Jets (AVweb)
Put Electrical Transmission Lines Underground? Distributed is far cheaper
(TDWorld)
Power-Grid Attacks Surge and Are Likely to Continue, Study Finds (WSJ)
Climate change hotspots and implications for the global subsea
telecommunications network (M.A. Clare at al., Earth Science Reviews)
Cox Cable phone follies (Gabe Goldberg)
Google Issues article from 14 years ago, still relevant today
(Lauren Weinstein)
Amid cutbacks, desk sharing at Google Cloud, and office downsizing
(Lauren Weinstein)
Congress must act to keep kids off social media (Josh Hawley via
Gabe Goldberg)
Planting Undetectable Backdoors in Machine Learning Models
(IEEE via Victor Miller)
Microsoft's Bing AI Is Leaking Maniac Alternate Personalities Named
Venom and Fury (Futurism)
Is Your Smart Home Controlling You? 9Anna Kode')
Safety Advocates Say Hyundai, Kia's Anti-Theft Upgrade Doesn't Go Far Enough
(The Center for Auto Safety)
macOS targeted by evasive crypto-jacking malware (Apple Insider)
Sensitive U.S. military emails spill online (TechCrunch)
Florida surgeon general fudged data for dubious COVID analysis, tipster says
(Ars Technica)
SpaceX faces a $175,000 fine for not submitting info ahead of a recent
launch (TechCrunch)
Generative AI Is Coming For the Lawyers (WiReD)
U.S. says Google routinely destroyed evidence and lied about use of
auto-delete (Ars Technica)
Amazon hamstrings free app that makes Fire TV remotes reprogrammable
(Ars Technica)
The clever trick that turns ChatGPT into its evil twin (Will Oremus)
AI Search Is a Disaster (The Atlantic)
ChatGPT is a DDoS attack! (Gadi Evron)
Re: Why a Conversation With Bing's Chatbot Left Me Deeply Unsettled
(Kevin Roose)
AI is starting to pick who gets laid off (WashPost)
Re: BBC News: Lufthansa tech failure leaves planes grounded (J0hn Levine)
In the Metaverse, Your Identity Can Be Revealed Just by Moving
(Lewis Maddison)
U.S. Census Data Vulnerable to Attack Without Enhanced Privacy Measures
(U.Penn)
Microsoft Researchers Use ChatGPT to Control Robots, Drones (Michael Kan)
German Court Rules Police Use of Crimefighting Software Unlawful
(Rachel More)
Re: Belated decryption (Wendy M. Grossman)
Re: These 26 words 'created the Internet.' Now the Supreme Court may be
coming for them (Steve Bacher)
Re: SMS-Based Multi-Factor Authentication: What Could Go Wrong? Plenty
(Steve Bacher)
Re: Peabody EDI Office responds to MSU shooting with email written using
ChatGPT (Steve Bacher)
Re: Trying Microsoft's new AI chatbot search engine, some answers are uh-ohs
(Steve Bacher)
Re: Re: rm -rf (Steve Bacher)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Mon, 20 Feb 2023 11:54:48 PST
From: Peter Neumann <neumann@csl.sri.com>
Subject: Over 1,000 Trains Derail Each Year in America (NYTimes)
David Sirota, Julie Rock, Rebecca Burns, and Matthew Cunningham-Cook
*The New York Times* Opinion, 20 Feb 2023
Let's Cut That Number.
The Ohio disaster shows that the government must improve rail safety rules.
Since 1970, the overall number of train cars derailed each year *fell* ...
while the number of cars carrying hazardous materials *grew*.
A chart lists the fate of the derailed train's cargo, contents of each
train car, and what happened to it.
Lots of lessons -- ignored warnings, weak standards and poor enforcement,
lobbies, lack of electronic brakes, crew of two on a train over 1.7 miles
long, no detectors for toxic leaks and fires?, misclassifying the train as
not *high-hazard flammable* and violation of HHFT regulations, lack of
detailed online content information for the hazmat team trying to cope
with 100-foot flames and highly toxic releases, and more. Another
total-system problem with optimization for saving money without including
the costs of disasters? PGN
------------------------------
Date: Thu, 23 Feb 2023 19:20:37 +0000
From: paul cornish <paul.a.cornish@googlemail.com>
Subject: Wearable fitness trackers could interfere with cardiac devices,
study finds (The Guardian)
Oh great. Another unintended consequence. Your health sensing smart watch
could seriously impact your health.
An example of the observer effect in smart tech?
https://www.theguardian.com/technology/2023/feb/22/wearable-fitness-trackers-could-interfere-with-cardiac-devices-study-warns?CMP=3DShare_iOSApp_Other
[ https://en.m.wikipedia.org/wiki/Observer_effect_(physics) ]
------------------------------
Date: Tue, 21 Feb 2023 00:55:08 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: U.S. Air Force Studies Autonomous Cargo Jets (AVweb)
The Air Force has awarded a contract to Silicon Valley firm Reliable
Robotics to study the feasibility of flying its biggest iron autonomously.
The company will look at whether it makes sense to fly multi-engine jet
cargo planes from gate to gate with a remote pilot monitoring from the
ground.
https://www.avweb.com/aviation-news/air-force-studies-autonomous-cargo-jets/
Maybe Tesla can help...
------------------------------
Date: Sat, 25 Feb 2023 02:19:19 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: Put Electrical Transmission Lines Underground? Distributed
is far cheaper (TDWorld)
In the rush for renewable energy, there has been a loud outcry for more
electrical transmission capacity. Unfortunately, almost all of these plans
call for large numbers of *above ground* electrical transmission towers and
wires, thus destroying the *visual environment*, if not the actual
environment through additional forest fires (cough, cough, PG&E).
One alternative is to *bury* these transmission lines underground, but this
is not a 'silver bullet', as underground lines cost 4-10X the equivalent
above-ground transmission lines, and may last only 40% as long.
Furthermore, even underground transmission lines are vulnerable to a host of
risks, including lightning, earthquakes, etc., and may take far longer to
fix when a failure does occur.
Bottom line: let's significantly raise the planning costs of electrical
transmission, to make *local* *distributed* 'microgrids' better able to
compete. At the end of the day, rooftop solar panels are going to be a heck
of a lot more attractive than covering every inch of currently un-despoiled
land with transmission towers and power lines.
https://www.tdworld.com/intelligent-undergrounding/article/21215620/overhead-or-underground-transmission-that-is-still-the-question
INTELLIGENT UNDERGROUNDING, Jon T. Leman, Robert G. Olsen
Overhead or Underground Transmission? That is (Still) the Question
Feb. 24, 2022
Part one in a two-part series examines where things stand with the
challenges of using underground high-voltage ac lines to transmit bulk
electrical power.
------------------------------
Date: Wed, 22 Feb 2023 06:06:31 +0000 ()
From: danny burstein <dannyb@panix.com>
Subject: Power-Grid Attacks Surge and Are Likely to Continue, Study Finds
(WSJ)
Physical attacks on the U.S. power grid rose 71% last year compared with
2021 and will likely increase this year, according to a confidential
industry analysis viewed by The Wall Street Journal.
A division of the grid oversight body known as the North American Electric
Reliability Corporation found that ballistic damage, intrusion and vandalism
largely drove the increase. The analysis also determined that physical
security incidents involving power outages have increased 20% since 2020,
attributed to people frustrated by the onset of the pandemic, social
tensions and economic challenges.
------------------------------
Date: Tue, 21 Feb 2023 23:08:45 +0000
From: Richard Marlon Stein <rmstein@protonmail.com>
Subject: Climate change hotspots and implications for the global subsea
telecommunications network (M.A. Clare at al., Earth Science Reviews)
https://www.sciencedirect.com/science/article/pii/S0012825222003804
[Richard's summary focused superficially on the undersea communications,
pointing out they dominate satellite communications. However, it gave no
hint of the breadth and depth of this remarkable report. Instead, I have
excerpted from the conclusions section:]
The critical role played by subsea cables in global communications means it
is important that they remain as resilient as possible over their design
lives. This study provides the first global review of how hazards to subsea
cables are anticipated to change in response to future climate change
scenarios. Our overarching conclusion is that ocean conditions are highly
likely to change on a global basis as a result of projected climate change,
but the feedbacks and links between climate change, natural processes and
human activities can be extremely complicated, resulting in pronounced
spatial and temporal variability. Not all regions will be affected in the
same way (nor at the same time) by the same processes, and in many cases,
there is anticipated to be local variability. Therefore, future cable routes
should be carefully selected based on local conditions.
------------------------------
Date: Wed, 22 Feb 2023 14:43:35 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Cox Cable phone follies
I lift phone handset, hear broken dial tone meaning voicemail. I'm not
supposed to, turned off voicemail years ago, use in-house answering machine.
So of course I don't remember how to check voicemail messages. Wander Cox
website, find list of calls, one noted with voicemail. But no transcript
available and no link to play message from website.
I call my number from my number, get greeting that I haven't set up
voicemail. Well, I did a while ago -- and turned it off. So I go through
process of setting pin, recording my name, picking greeting. Then, finally,
it tells me I have a message. It reads me the number it's from, speaking at
110 BPS. Finally plays message, it's junk, of course, so I delete. Then I
hunt down settings where voicemail is enabled -- shouldn't be -- so I turn
it off. Then I check wife's line's settings -- voicemail is off but Call
Waiting is on -- which she doesn't want and I'd also previously turned
off. So I Turn THAT off.
It's hard to believe Cox changed these settings deliberately so I'm sure
it's some misbegotten software update.
------------------------------
Date: Thu, 23 Feb 2023 11:26:05 -0800
From: Lauren Weinstein <lauren@vortex.com>
Subject: Google Issues article from 14 years ago, still relevant today
I was just reminded (thanks!) of this article in *Techdirt* from almost
exactly 14 (egads, 14?) years ago regarding my proposals for a Google
Ombudsman. It could be argued that in significant ways this situation is far
more critical now. (14 years ... ouch).
Sidenote: I was once sitting in the office of a Google exec at Mountain View
CA, pushing my oft-quoted concept for a Google Ombudsman. He pushed back but
asked if I was volunteering for the job. Given the totality of my situation
at the time, I said no. I've often wondered what would have happened if I'd
said yes. I really should have. -L
https://www.techdirt.com/2009/03/03/does-google-need-an-ombudsman/
------------------------------
Date: Thu, 23 Feb 2023 09:16:48 -0800
From: Lauren Weinstein <lauren@vortex.com>
Subject: Amid cutbacks, desk sharing at Google Cloud, and office downsizing
My own view is that more extensive use of remote work makes more sense than
ever. Google operated quite effectively for a prolonged period during COVID
with the vast majority of workers remote. -L
https://www.cnbc.com/2023/02/22/google-asks-some-employees-to-share-desks-amid-office-downsizing.html
------------------------------
Date: Wed, 22 Feb 2023 16:44:22 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Congress must act to keep kids off social media (Josh Hawley)
*The Washington Post*, 16 Feb 2023
Congress could blunt these harms by simply passing a law that would keep
kids off social media until they're at least 16 and better positioned to use
the technologies safely.
Such a law would need teeth, of course. So let's give it some. We can
require real age verification processes and direct the Federal Trade
Commission to carry out periodic audits to ensure compliance. And we can
empower parents to bring lawsuits against companies that break the rules.
https://www.washingtonpost.com/opinions/2023/02/16/children-social-media-protection-congress/
[Nice *small government* initiative there...]
------------------------------
Date: Fri, 24 Feb 2023 06:04:29 -0800
From: Victor Miller <victorsmiller@gmail.com>
Subject: Planting Undetectable Backdoors in Machine Learning Models
(IEEE Conference Publication)
https://ieeexplore.ieee.org/abstract/document/9996741
------------------------------
From: Gene Spafford <spaf@purdue.edu>
Date: Sun, 19 Feb 2023 19:17:54 -0500
Subject: Microsoft's Bing AI Is Leaking Maniac Alternate Personalities Named
Venom and Fury (Futurism)
We not only have to worry about AI systems giving us false information, =
but we have to worry about which personality we are getting the =
information from!
https://futurism.com/microsofts-bing-ai-leaking-maniac-alternate-personali=
ties
------------------------------
Date: Thu, 23 Feb 2023 20:26:43 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Is Your Smart Home Controlling You?
Anna Kode', *The New York Times*
The proliferation of devices creates more opportunities for people to
lose access or power over aspects of the home.
On the first night in his new home, Clint Basinger was unpacking a few stray
boxes in the living room, when out of nowhere at around midnight, he heard a
voice echoing down the hallway from the other side of the house. ``Good
night. It's bedtime.'' the voice said.
Then, he heard the sound of locks clicking. ``I couldn't do anything with
the doors, all the windows were armed, all the motion sensors turned on.''
said Mr. Basinger, who had spent 15 years saving up to buy the
three-bedroom, split-level house in Asheville, NC. ``I had no clue what to
do, so I just stayed locked inside the house that night.''
Turns out, the home's previous owner had installed a smart security system
that he neglected to tell Mr. Basinger about. ``It was really
disconcerting, being in a new place and having no control over what was
happening,'' said Mr. Basinger, 36, the host of a YouTube channel for retro
technology and video game reviews. [...]
On one of the first days in the fall of 2019, Aaron Barden came home to find
that the temperature inside his house was at 78 degrees. ``It was incredibly
hot, and I was just wondering, what' going on?'' said Mr. Brden, 32, an
engineer living in New Hope, Minn. "That's when I realized there was already
programming in the smart thermostat."
https://www.nytimes.com/2023/02/17/realestate/smart-home-devices.html
------------------------------
Date: Thu, 23 Feb 2023 23:20:13 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Safety Advocates Say Hyundai, Kia's Anti-Theft Upgrade
Doesn't Go Far Enough (The Center for Auto Safety)
Hyundai and Kia announced last week the new, optional software update could
curb the number of thefts, but safety advocates believe the automakers
should have issued a safety recall. [...]
While the announcement of a free software upgrade is good news for drivers
who previously faced costly options for fixing the problem, auto safety
groups tell NBC 5 they believe federal regulators should have done more to
protect the public.
``It's caused death and injuries. It's happening all over the country,''
said safety advocate Sean Kane with Strategies & Research, Inc. ``And the
watchdog agency, the National Highway Traffic Safety Administration, has
apparently brokered a deal that doesn't require [the automakers] to do a
recall.''
https://www.autosafety.org/safety-advocates-say-hyundai-kias-anti-theft-upgrade-doesnt-go-far-enough/
------------------------------
Date: Fri, 24 Feb 2023 12:19:11 -0500
From: Monty Solomon <monty@roscom.com>
Subject: macOS targeted by evasive crypto-jacking malware (Apple Insider)
https://appleinsider.com/articles/23/02/23/macos-targeted-by-evasive-crypto-jacking-malware
------------------------------
Date: Tue, 21 Feb 2023 21:03:01 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Sensitive U.S. military emails spill online (TechCrunch)
https://techcrunch.com/2023/02/21/sensitive-united-states-military-emails-spill-online/
------------------------------
Date: Sat, 25 Feb 2023 00:55:07 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Florida surgeon general fudged data for dubious COVID analysis,
tipster says (Ars Technica)
The state closed the investigation, leaving more questions than answers.
https://arstechnica.com/science/2023/02/floridas-polarizing-surgeon-general-accused-of-manipulating-covid-data/
------------------------------
Date: Sun, 19 Feb 2023 19:17:38 -0500
From: Monty Solomon <monty@roscom.com>
Subject: SpaceX faces a $175,000 fine for not submitting info ahead of a
recent launch (TechCrunch)
https://techcrunch.com/2023/02/17/spacex-faces-a-175000-fine-for-not-submitting-info-ahead-of-a-recent-launch/
------------------------------
Date: Wed, 22 Feb 2023 16:17:06 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Generative AI Is Coming For the Lawyers (WiReD)
Generative AI Is Coming For the Lawyers -- Large law firms are using a tool
made by OpenAI to research and write legal documents. What could go wrong?
But the problems with current generations of generative AI have already
started to show. Most significantly, their tendency to confidently make
things up -- or *hallucinate*. That is problematic enough in search, but in
the law, the difference between success and failure can be serious, and
costly. [...]
Sereduick says that while the outputs from legal AI will need careful
monitoring, the inputs could be equally challenging to manage. ``Data
submitted into an AI may become part of the data model and/or training data,
and this would very likely violate the confidentiality obligations to
clients and individuals' data protection and privacy rights,'' he says.
https://www.wired.com/story/chatgpt-generative-ai-is-coming-for-the-lawyers
------------------------------
Date: Sat, 25 Feb 2023 00:53:42 -0500
From: Monty Solomon <monty@roscom.com>
Subject: U.S. says Google routinely destroyed evidence and lied about use
of auto-delete (Ars Technica)
Filing: Google deleted chats for nearly four years despite requirement to
keep them.
https://arstechnica.com/tech-policy/2023/02/us-says-google-routinely-destroyed-evidence-and-lied-about-use-of-auto-delete/
------------------------------
Date: Mon, 20 Feb 2023 17:06:32 -0500
From: Monty Solomon <monty@roscom.com>
Subject: Amazon hamstrings free app that makes Fire TV remotes
reprogrammable (Ars Technica)
https://arstechnica.com/?p=1918835
------------------------------
Date: Sun, 19 Feb 2023 19:15:36 -0500
From: Monty Solomon <monty@roscom.com>
Subject: The clever trick that turns ChatGPT into its evil twin
(Will Oremus)
Will Oremus, *The Washington Post*,
Reddit users are pushing the limits of popular AI chatbot ChatGPT
and finding ways around its safeguards.
https://www.washingtonpost.com/technology/2023/02/14/chatgpt-dan-jailbreak/
------------------------------
Date: Sat, 25 Feb 2023 02:08:31 +0000
From: Richard Marlon Stein <rmstein@protonmail.com>
Subject: AI Search Is a Disaster (The Atlantic)
https://www.theatlantic.com/technology/archive/2023/02/google-microsoft-search-engine-chatbots-unreliability/673081/
``The trouble arises when we treat chatbots not just as search bots, but as
having something like a brain -- when companies and users trust programs
like ChatGPT to might be a distant goal, and the road to it is winding and
clouded: The programs analyze their finances, plan travel and meals, or
provide even basic information. Instead of forcing users to read other
Internet pages, Microsoft and Google have proposed a future where search
engines use AI to synthesize information and package it into basic prose,
like silicon oracles. But fully realizing that vision might be a distant
goal, and the road to it is winding and clouded: The programs currently
driving this change, known as *large language models,* generating simple
sentences but pretty awful at everything else.''
Shirking responsibility for decisive actions suggest these AI agents are
promotional harbingers for the next carastrophic industrial or strategic
accident.
------------------------------
Date: Mon, 20 Feb 2023 23:41:44 +0200
From: Gadi Evron <gevron@gmail.com>
Subject: ChatGPT is a DDoS attack!
Neil Clarke and other editors share in the comments how they get flooded by
fiction / short story submissions written with ChatGPT, which has now
created a true challenge to editors. Or, in security language, a DDoS attack
on the human side of this.
Reading the comments is a glimpse into the future, and how we may need to
adapt.
https://www.facebook.com/641905658/posts/pfbid02MidgRs9VWfK6HJ13xzbBDDitPnn4uvMb7k92NeUoTR2Vn9mzYNuvE7a2yr1uLT2zl/
------------------------------
Date: Mon, 20 Feb 2023 09:56:13 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: Why a Conversation With Bing's Chatbot Left Me Deeply Unsettled
(Kevin Roose)
That chat stirs memories of a 1964 Twilight Zone episode:
From Agnes With Love
A computer programmer (Wally Cox) receives advice on his love life from a
computer that is in love with him.
<https://en.wikipedia.org/wiki/Wally_Cox>
------------------------------
Date: Mon, 20 Feb 2023 11:26:06 -0500
From: Monty Solomon <monty@roscom.com>
Subject: AI is starting to pick who gets laid off (WashPost)
As layoffs rave the tech industry, algorithms once used to help hire could
now be helping to lay people off.
https://www.washingtonpost.com/technology/2023/02/20/layoff-algorithms/
------------------------------
Date: 19 Feb 2023 22:44:30 -0800
From: "John Levine" <johnl@iecc.com>
Subject: Re: BBC News: Lufthansa tech failure leaves planes grounded
(RISKS-33.62)
This is hardly a new issue. As far back as the 1850s railroads depended on
telegraphs to schedule their trains, including management of two-way traffic
on single-track lines. No telegraph, no trains.
[And it still may get blamed when the trains are not tele-prompt.
------------------------------
Date: Wed, 22 Feb 2023 11:10:20 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: In the Metaverse, Your Identity Can Be Revealed Just by Moving
(Lewis Maddison)
Lewis Maddison, *TechRadar*, 21 Feb 2023, via ACM TechNews, 22 Feb 2023
University of California, Berkeley researchers found simple head and hand
movements by participants in the Metaverse can expose their identities. The
researchers analyzed more than 50,000 subjects with more than 2.5 million
virtual reality (VR) data recordings linked to them when playing the game
Beat Saber in Meta's VR ecosystem. The game requires near-constant hand
movement and sometimes head movement. Artificial intelligence analysis could
identify individual players with 94% accuracy, as well as identifying more
than half of the 50,000 participants using just two seconds' worth of
data. The researchers said the data also allowed them to determine each
user's dominant hand, height, and gender with a high degree of accuracy.
https://orange.hosting.lsoft.com/trk/click?ref=3Dznwrbbrs9_6-30242x239bcdx069544&
------------------------------
Date: Wed, 22 Feb 2023 11:10:20 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: U.S. Census Data Vulnerable to Attack Without Enhanced Privacy
Measures (U.Penn)
Devorah Fischler, (Penn Engineering Today(, 21 Feb 2023,
via ACM TechNews, 22 Feb 2023
A team of researchers led by University of Pennsylvania (Penn) computer
scientists confirmed the existence of vulnerabilities that leave U.S. Census
data open to exposure and theft. Using a commercial laptop and a basic
machine learning algorithm, the researchers were able to reverse-engineer
aggregated data released by the U.S. Census Bureau to reveal individual
respondents' protected information. Penn's Michael Kearns said, ``What's
novel about our approach is that we show that it's possible to identify
which reconstructed records are most likely to match the answers of a real
person. Others have already demonstrated it's possible generate real
records, but we are the first to establish a hierarchy that would allow
attackers to, for example, prioritize candidates for identity theft by the
likelihood their records are correct.''
------------------------------
Date: Wed, 22 Feb 2023 11:10:20 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: Microsoft Researchers Use ChatGPT to Control Robots, Drones
(Michael Kan)
Michael Kan, *PC Magazine*, 21 Feb 2023, via ACM TechNews, 22 Feb 2023
Microsoft scientists are controlling robots and aerial drones with
OpenAI's ChatGPT chatbot. The researchers used ChatGPT to simplify the
process of programming software commands to guide the robots, because
the artificial intelligence model was trained on massive datasets of
human text. They initially outlined in a text prompt the various
commands the model could use to control a given robot, which ChatGPT
used to write the computer code for the robot. The researchers
programmed ChatGPT to fly a drone and have it perform actions, as well
as to control a robot arm to assemble the Microsoft logo from wooden
blocks.
[This suggests Chatbot wars, with one nation's chatbots fighting against
another nation's, and their drones fighting against each other? PGN]
------------------------------
Date: Wed, 22 Feb 2023 11:10:20 -0500 (EST)
From: ACM TechNews <technews-editor@acm.org>
Subject: German Court Rules Police Use of Crimefighting Software Unlawful
(Rachel More)
Rachel More, Reuters, 16 Feb 2023, via ACM TechNews, 22 Feb 2023
A top German court has ruled that police use of automated data analysis to
prevent crime in some German states violates their constitutions, backing
opponents of software provided by U.S. company Palantir Technologies. The
constitutional court determined provisions regulating the technology's
employment in the states of Hesse and Hamburg breach the right to
informational self-determination. The German Society for Civil Rights argued
the case against police data analysis, claiming Palantir software used
innocent people's data to sow suspicion, and could generate errors that
impact people in danger of police discrimination. The court has given Hesse
until 30 Sep 2023 to redraft its provisions, and annulled legislation in
Hamburg, where the technology had yet to be used.
------------------------------
Date: Mon, 20 Feb 2023 10:43:46 +0000
From: "Wendy M. Grossman" <wendyg@pelicancrossing.net>
Subject: Re: Belated decryption (RISKS-33.62)
> A lesson for those who ignore one of the reasons for stronger crypto --
> not having something broken years later?
Well, it's been a few centuries since those letters were written. That ought
to be sufficient!
------------------------------
Date: Mon, 20 Feb 2023 09:36:44 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: These 26 words 'created the Internet.' Now the Supreme Court
may be coming for them (RISKS-33.62)
A related item on Politico:
https://www.politico.com/news/2023/02/20/big-tech-supreme-court-00083543
Big Tech is about to have an epic week in the Supreme Court.
The stakes are high as the Supreme Court takes its first look at a law
Republicans and Democrats have both criticized for giving too much
protection to the tech industry.
------------------------------
Date: Mon, 20 Feb 2023 09:18:20 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: SMS-Based Multi-Factor Authentication: What Could Go Wrong?
The PCMag article concludes with this: ``The lesson is clear. For any site
that gives you a choice, don't opt for SMS-based authentication. If it's an
important account that doesn't offer any other choice, say, your bank,
contact the organization and tell them to do better.''
So what is a better choice? The article doesn't say. And even if it did, if
your bank doesn't offer that *better* option (whatever it is), should you
just go with an unauthenticated account instead?
------------------------------
Date: Mon, 20 Feb 2023 09:26:29 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: Peabody EDI Office responds to MSU shooting with email written
using ChatGPT (RISKS-33.62)
The likely result of this episode is that in the future, institutions will
use ChatGPT to write the same kinds of post-tragedy messages but affix their
real names to the message. In other words, they will lie about the
authorship. It's still easier than struggling to say something new every
time this sad story is repeated.
------------------------------
Date: Mon, 20 Feb 2023 10:14:25 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: Trying Microsoft's new AI chatbot search engine, some answers
are uh-ohs (RISKS-33.62)
Frankly, the factual inaccuracies from the chatbots are no worse than the
accuracy (or lack thereof) of the summary of quick answers you often get
from a standard Google search. One quickly learns to treat those answers
with the suspicion that they deserve.
------------------------------
Date: Mon, 20 Feb 2023 10:19:31 -0800
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: Re: rm -rf (RISKS-33.61)
A similar problem exists in Bourne shell scripts, especially those
distributed by computer vendors to perform Linux installations. There's a
line:
cd $some_directory
followed by operations on the presumed newly-changed-to current working
directory, e.g.,:
rm some_files_or_other
A simple addition to the cd command protects you:
cd $some_directory || exit 1
(or better: cd "$some_directory" || exit 1 # to solve another frequent but
unrelated problem)
I always made sure never to code a cd command without it.
------------------------------
Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: The mailman Web interface can be used directly to
subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks
=> SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that
includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you never send mail where the address becomes public!
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!
=> OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's
searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
<http://www.acm.org/joinacm1>
------------------------------
End of RISKS-FORUM Digest 33.63
************************
