Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit precedence: bulk Subject: Risks Digest 32.15 RISKS-LIST: Risks-Forum Digest Tuesday 28 July 2020 Volume 32 : Issue 15 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at as The current issue can also be found at Contents: EncroChat (ZDNet) China's Huawei holds a 5G trump card (Reuters) Elon and Jeff are brilliant! Surely *they* can solve our broadband issues. (Amitel) Why Scientists Stored "The Wizard of Oz" in DNA (Popular Mechanics) Coronavirus misinformation goes wild again (NYTimes Tech) The dishonest reporting on the riots is breathtaking. The crisis in our media deepens... (Twitter) NIST study finds that masks defeat most facial recognition algorithms Only those with plastic visors were infected: Swiss government warns against face shields (TheLocal.ch) Long-Lost Computation Dissertation of Unix Pioneer Dennis Ritchie (Rebecca Mercuri via PGN) PDF signatures *worse than* useless (Anthony Thorn) Re: Darwin's tautology? (Martin Ward) Re: The three worst things about email (Dmitri Maziuk) Re: Unsolicited Chinese seeds? (Devon McCormick) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Mon, 27 Jul 2020 16:54:54 -0700 From: Peter Neumann Subject: EncroChat (ZDNet) Law enforcement in the United Kingdom has touted the takedown of encrypted communications platform EncroChat as its "biggest ever" operation, so far resulting in the arrest of 746 individuals, the seizing of 54 million pounds in cash, 77 firearms, and over two tons of drugs. EncroChat was one of the largest providers of encrypted communications and offered a secure mobile-phone instant-messaging service. Its sole use was for coordinating and planning the distribution of illicit commodities, money laundering, and plotting to kill rival criminals, the UK's National Crime Agency said. https://zd.net/2WAPHGQ ------------------------------ Date: July 28, 2020 at 08:16:44 GMT+9 From: geoff goodfellow Subject: China's Huawei holds a 5G trump card (Reuters) Huawei is not so easy for Western countries to rip out. The Chinese telecommunications-equipment giant founded by Ren Zhengfei owns a huge trove of next-generation wireless patents. As a global standard for 5G emerges, Huawei technology may become essential to carriers. For years, the Shenzhen-based company has dominated the mobile infrastructure market, outselling rivals Nokia and Ericsson by offering cheaper alternatives. But U.S. concerns that Huawei equipment could be used by Beijing for espionage has gained traction: officials in the UK and France are purging their own networks of Chinese-made kit. A similar reaction elsewhere will seriously dent a business that generated nearly $43 billion in revenue for Huawei last year, roughly a third of the company's total. Replacing antennas and mast towers is one thing, though. Even if the likes of Britain's Vodafone and BT remove all existing Huawei equipment -- a move the UK government conservatively estimates will cost 2 billion pounds -- global carriers will still be dependent on technology from Huawei to roll out next generation networks. Research firm IPlytics has found that the Chinese outfit owns the most 5G-related patents, and of that, roughly 15% of the essential ones. Simply put, these are technical specifications global carriers can build to in order to ensure different networks are compatible with each other. Having one unified standard will be vital for 5G, which is meant to seamlessly link up billions of machines, cars, and gadgets around the world. [...] https://www.reuters.com/article/us-huawei-tech-5g-security-breakingviews/breakingviews-chinas-huawei-holds-a-5g-trump-card-idUSKCN24S09Y ------------------------------ Date: Mon, 27 Jul 2020 13:14:51 -1000 From: geoff goodfellow Subject: Elon and Jeff are brilliant! Surely *they* can solve our broadband issues. (Amitel) Much has happened since we last visited the wacky world of low-earth orbit (LEO) satellite constellations and their use in providing improved broadband service to Canada's rural and remote users. This past Tuesday, July 21, all of Iqaluit, the capital of the Territory of Nunavut was without communication services; no Internet, no landline, no cell service, no cable TV -- simply because it was raining! In a first-world country like Canada this is unacceptable. We need better broadband service in Canada's North NOW. There is a rash of breathless newspaper stories in the mainstream media touting LEO service as arriving soon to resolve our remote and rural broadband issues. I wrote about it before , that Elon Musk is not coming to save us any time soon. I also wrote about the Chapter 11 bankruptcy of the early leader to provide LEO service to the Arctic, OneWeb, here . So where do we stand now on July 27, 2020? Well on July 10, the U.S. bankruptcy court of the Southern District of New York (SDNY) approved a joint $1 billion bid for OneWeb by Britain and Bharti Airtel. The UK government and Bharti Global, an arm of Bharti Enterprises, which part owns India's Airtel, will each have roughly 45 per cent of OneWeb. The existing secured creditors, including SoftBank of Japan, OneWeb's former biggest shareholder, will own the balance. But the landscape has changed from before OneWeb's descent into Chapter 11 in the spring. OneWeb's original mission was to *connect the unconnected*; ie it wanted to provide broadband service to the millions of people around the world that do not have access to the Internet. The UK has invested $500M into OneWeb for other strategic reasons, mainly to mitigate the effects of Brexit on British industry. I sure hope they realize that it is going to cost them more, much more and that $500M was just the table stakes to play in the LEO game. [...] https://www.amitel.com/leo/ ------------------------------ Date: Mon, 27 Jul 2020 13:13:51 -1000 From: geoff goodfellow Subject: Why Scientists Stored "The Wizard of Oz" in DNA (Popular Mechanics) *DNA Is Millions of Times More Efficient Than Your Computer's Hard Drive* - DNA can store far more data than a magnetic hard drive, but the technology is limited because the genetic material is prone to errors. - Scientists at the University of Texas at Austin have come up with a way to store information in strands of DNA, while also correcting those errors. - To prove it, they've put the entirety of *The Wizard of Oz -- translated into Esperant -- into strands of DNA, with greater accuracy than prior methods. When the Voyager spacecrafts launched in 1977, ready to study the outer limits of our solar system, they brought with them two golden phonograph records that each contained an assemblage of sounds and images meant to represent life on Earth. But in the future, the perfect next-gen space capsule could be found within our bodies. That's because DNA is millions of times more efficient at storing data than your laptop's magnetic hard drive. Since DNA can store data far more densely than silicon, you could squeeze all of the data in the world inside just a few grams of it. "Because DNA has been chosen by all of life as the information storage medium of choice...it turns out to be very robust," Ilya Finkelstein, an associate professor of molecular biosciences at the University of Texas at Austin, tells *Popular Mechanics. "*Long after our magnetic storage becomes obsolete, nature will still be using DNA." Finkelstein is part of a team at the University of Texas at Austin who are pushing the limits on DNA-based storage methods. While this research area at the intersection of molecular biology and computer science has been around since the 1980s, scientists have struggled to find a way to correct the errors that DNA can be so prone to making. In a new paper published this week in the journal *Proceedings of the National Academy of Sciences*, Finkelstein and company detail their new error correction method, which they tested out on a classic novel. They were able to store the entirety of *The* *Wizard of Oz*, translated into Esperanto, with more accuracy than prior DNA storage methods ever could have. We're on the yellow brick road toward the future of data storage. A Brief History of DNA Storage. [...] https://www.popularmechanics.com/science/a33327626/scientists-encoded-wizard-of-oz-in-dna/ ------------------------------ Date: Tue, 28 Jul 2020 10:19:19 -0700 From: Peter Neumann Subject: Coronavirus misinformation goes wild again (Shira Ovide) Shira Ovide [PGN-excerpted from a piece called `Amazon is Jeff Bezos', *The New York Times* online On Tech Newsletter, 28 Jul 2020. Another timely item for our coverage of misinformation and truthiness. PGN]] https://www.nytimes.com/2020/07/28/technology/amazon-jeff-bezos.html In just a few hours yesterday, another video with false information about the coronavirus spread like wildfire on Facebook before the company started to stamp it out. The video -- which I won't link to here, but you can find on Breitbart News -- showed a group of purported doctors touting unproven treatments. One of the videos racked up 14 million views in six hours, my colleague Kevin Roose tweeted. A few months ago, another video filled with coronavirus conspiracies, called *Plandemic* was watched more than eight million times on YouTube, Facebook and other spots over multiple days. Some of you may be wondering why it's so bad for people to watch a couple of videos that go against the consensus of health experts. After all, there's a lot about the virus we don't understand. The problem is that it's not so easy to correct the record once someone sees bogus ideas. We've seen that good information doesn't necessarily undo bad information. Doses of falsehoods can make people doubt the recommendations of proven health experts -- or even, the validity of elections. That's why Facebook, YouTube and other Internet companies, which have highlighted coronavirus information from authoritative sources such as the Centers for Disease Control and Prevention, have said they also would be aggressive about deleting false information related to the virus. (On Tuesday, Twitter temporarily limited some functions of the account of Donald Trump Jr., one of the president's sons, as punishment for posting the video with misleading information.) And yet, this latest bogus video went wild, again making me wonder whether Facebook and other popular Internet sites are so sprawling that the companies can't control even the most high-profile kinds of false information. ------------------------------ Date: Mon, 27 Jul 2020 13:11:57 -1000 From: geoff goodfellow Subject: The dishonest reporting on the riots is breathtaking. The crisis in our media deepens... (Twitter) https://twitter.com/brithume/status/1287725331198205953 ------------------------------ Date: Mon, 27 Jul 2020 10:26:12 -0700 From: Lauren Weinstein Subject: NIST study finds that masks defeat most facial recognition algorithms (VentureBeat) https://venturebeat.com/2020/07/27/nist-study-finds-that-masks-defeat-most-facial-recognition-algorithms/ [As kids in the 1940s, some of us learned that some masked men were good -- e.g, The Lone Ranger!] ------------------------------ Date: Mon, 27 Jul 2020 11:31:08 +0900 From: farber@keio.jp Subject: Only those with plastic visors were infected: Swiss government warns against face shields (TheLocal.ch) https://www.thelocal.ch/20200715/only-those-with-plastic-visors-were-infected-swiss-government-warns-against-face-shields ------------------------------ Date: Tue, 28 Jul 2020 14:19:52 -0400 From: Rebecca Mercuri Subject: Long-Lost Computation Dissertation of Unix Pioneer Dennis Ritchie Great article, especially for Ritchie fans -- check it out! https://thenewstack.io/the-long-lost-computation-dissertation-of-unix-pioneer-dennis-ritchie/ Poll: Should he have been awarded the Ph.D. posthumously? Yes / No [(Please to not submit your vote to RISKS.) Back-story: Dennis's thesis was never properly entered into the Harvard dissertation archives, because he did not submit a bound copy, although his PhD was indeed properly awarded. Risks? Having archaic rules that do not adapt to online submission, where today the bound copy would not have to be manually torn up in order to be scanned in -- assuming it could instead now be submitted online as a pdf! How does one submit a bound copy online? Unless the rule has changed, we might presume an online might today be optional rather than mandatory? PGN] ------------------------------ Date: Mon, 27 Jul 2020 07:53:50 +0200 From: Anthony Thorn Subject: PDF signatures *worse than* useless (Re: RISKS-32.14) Thanks to Mr Brodie-Tyrrell -- and of course the researchers -- for bring this to our attention. I just want to make a small correction ;-) The title should be PDF signatures WORSE THAN useless, because they give the appearance of security without providing it, whereas although an unsigned PDF has the same "layers" vulnerability, it dose not claim to be authentic. ------------------------------ From: Martin Ward Date: Tue, 28 Jul 2020 10:56:37 +0100 Subject: Re: Darwin's tautology? (Harper, RISKS-32.12) > Tautologies often need to be pointed out. Mathematics textbooks from > Euclid's Elements onward are full of them, but millions still buy them > because they are useful. There are useful tautologies, such as mathematical theorems, and content-free tautologies such as "Brexit means Brexit!". An argument such as the following is viciously circular and therefore fallacious: "God exists because the Bible says so. The Bible is true because it is the Word of God". A similar fallacious argument is: "Miracles don't happen. Therefore, any actual report of a miracle must be false. Therefore, there are no true reports of miracles. Therefore, miracles don't happen". On the other hand, an argument such as the Ontological Argument (for example, as formalised by mathematician Kurt Gödel) is a valid argument and tells us something useful about God: that if it is possible that God exists, then God does in fact necessarily exist. The argument is often criticised by saying "The conclusion is implicit in the premises": but this is just a property of every valid mathematical argument. "Survival of the fittest" is often defined in a way that is viciously circular: the "fittest" are defined as "those best fitted to survive" and "those best fitted to survive" are determined by looking at survival rates. The statement then becomes the content-free assertion "survival of those that survived". However, we can define "fittest" in terms of heritable characteristics, then the statement becomes "survivors survive, reproduce and therefore propagate any heritable characters which have affected their survival and reproductive success" which is a meaningful statement with a testable hypothesis: that such heritable characteristics actually exist. ["A rose is a rose is a rose" is arisen. PGN] ------------------------------ Date: Sun, 26 Jul 2020 21:04:17 -0500 From: dmaziuk Subject: Re: The three worst things about email (RISKS-32.14) This is all very interesting I'm sure, but what does it have to do with e-mail? The article is using "issues" with 3 major web-based "e-mail providers": Microsoft, Google, and Yahoo, as a promo for the new "e-mail provider" startup who will get Everything Right(tm). It's just a promo piece for something called "Hey", the only risk here is someone might believe it has anything to do with RISKS. ------------------------------ Date: Sun, 26 Jul 2020 23:36:11 -0400 From: Devon McCormick Subject: Re: Unsolicited Chinese seeds? (RISKS-32.14) I received an email like this but in my case, I have actually ordered seeds online that came to me from China. Each delivery was in a squarish grey non-rip plastic envelope with the contents listed as "stud earrings". The whole thing looked very amateurish, from the unlabeled enclosed tiny ziploc bag to the return address which was something like "the south side of the gate, ..." I wonder if this alert is simply the result of mis-delivered seed packages that were actually ordered by people. Given the slap-dash appearance of what I've received, that does not seem far-fetched. ------------------------------ Date: Mon, 1 Jun 2020 11:11:11 -0800 From: RISKS-request@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: ------------------------------ End of RISKS-FORUM Digest 32.15 ************************ .