RISKS Forum mailing list archives
Risks Digest 34.66
From: RISKS List Owner <risko () csl sri com>
Date: Thu, 29 May 2025 8:09:36 PDT
RISKS-LIST: Risks-Forum Digest Thursday 29 May 2025 Volume 34 : Issue 66 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/34.66> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Deep Dive into Ronnie Dugger (Rebecca Mercuri with PGN comments) Re: New NY voting machines face intense skepticism (Steve Backer, Barry Gold) Driverless Semi-Trucks Are Here, With Little Regulation and Big Promises (The New York Times via Gabe Goldberg) Quantum computers may crack RSA encryption with fewer qubits than expected (phys.org) Signal to Windows Recall: Drop dead (Computerworld) Re: BMW remote software update issues spurious warnings (Steve Bacher) Re: Artificial General Intelligence. (3daygoaty) Re: COVID-19, Vaccinated first officer (Anthony Thorn) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Tue, 27 May 2025 16:58:25 -0400 From: DrM Rebecca Mercuri <notable () mindspring com> Subject: Deep Dive into Ronnie Dugger [Ronnie was a spectacular journalist, always honest -- although a quote that he did not always tell ALL OF THE TRUTH is apt. I have put Ronnie's NYTimes obit up at on my private website, just for RISKS readers, because his obit is amazing, reflecting his prescient nature: https://www.csl.sri.com/users/neumann/ private/Ronnie-Dugger-Obit-NYTimes.pdf (PLEASE UNSPLIT IT.) His passing deserves every bit of attention here, because he was with us for a long part of his life. PGN] 2012 interview: https://www.statesman.com/story/news/2012/09/24/ronnie-dugger-the-free-man/9882398007/ Austin American Statesman Obituary: https://www.statesman.com/story/news/local/2025/05/27/ronnie-dugger-obit-texas-observer-founding-editor-died -age-95/83825752007/ Dugger on the Kennedy Assassination (he was on the press bus behind the motorcade too far to have seen what happened -- RM:I was unaware, until just now, that he was IN Dallas at the time, covering the President's visit): -- Nov. 29, 1963: https://www.texasobserver.org/archives-last-voyage-mr-kennedy/ -- A retrospective on Dugger including his writings on Johnson and JFK from <https://spartacus-educational.com/JFKronnie_dugger.htm> (This is a long but good read.) "Dugger wrote several critical articles in the /The Texas Observer <http://www.texasobserver.org/>/ on the Warren Commission <https://spartacus-educational.com/JFKwarrenR.htm>. He was not convinced that Lee Harvey Oswald <https://spartacus-educational.com/JFKoswald.htm> was a lone gunman that killed President John F. Kennedy <https://spartacus-educational.com/USAkennedyJ.htm>. The most significant of these articles was November 22, 1963: The Case is not Closed (11th November 1966) and Batter Up (3rd February 1966)." -- Scroll down the spartacus page for Dugger's acceptance speech on accepting the George Polk Award for Journalism. Texas Observer Interview 12/13/19 <https://www.texasobserver.org/texas-observer-founding-editor-ronnie-dugger-reflects-on-65-years-of-publicat ion/> Google AI on Ronnie Dugger 5/27/25: Ronnie Dugger is known for his public criticism of Lyndon B. Johnson, particularly after Johnson's perceived shift to the right within the Democratic Party under the influence of Herman Brown and George R. Brown. Dugger, a political activist and author, has been vocal about his concerns, especially regarding nuclear weapons and the potential for mass casualties in a nuclear war. He even questioned LBJ about the number of people who would be killed in such a conflict. Here's a more detailed look: * Political Disagreements: Dugger's criticism of Johnson stemmed from his observation of Johnson's political evolution and his perceived move away from the left side of the Democratic Party. * Nuclear Weapons Concerns: Dugger has been a long-time critic of nuclear weapons, questioning their morality and effectiveness. * Public Criticism of Johnson: Dugger has publicly criticized LBJ's policies and decisions, particularly regarding nuclear weapons and the Vietnam War. * Alliance for Democracy: In 1996, Dugger co-founded The Alliance for Democracy, a grassroots populist organization, which further demonstrates his political activism. * Green Party Candidacy: In 2000, Dugger sought the Green Party's nomination for the U.S. Senate in New York, showcasing his engagement with various political platforms. /AI responses may include mistakes./ [1] https://en.wikipedia.org/wiki/Ronnie_Dugger [2] https://en.wikipedia.org/wiki/Lyndon_B._Johnson Studs Terkel Radio Archive (interview of Ronnie Dugger): https://studsterkel.wfmt.com/programs/ronnie-dugger-discusses-his-book-politician-life-and-times-lyndon-johnson [The book was an honest assessment, although Ronnie apparently tricked LBJ into opening up his kimono because he expected a puff-piece from his fellow Texan. PGN] These may keep you busy for a while! [I mentioned in the previous issue that Rebecca and I had both tried to reach Ronnie as he was dying. I also mentioned our four-way relationgship with NYState's Doug Keller dating back to 1988. Today I also received a note from Doug Kellner, to me, Rebecca, and Jim Churchill -- whose mother Mae Churchill were actually the fifth and sixth legs in the hexumvirate in 1988. It's amazing! Just this morning I circulated Ronnie's 1988 New Yorker article to the folks at the League of Women Voters added to the copy list for this email. Rebecca, you, Ronnie and Peter are the folks who introduced me to the election integrity issues that motivated me to get involved in election administration for the last 45 years. Just this morning, prompted by the NYLWV I opened Computer Related Risks for the first time this year. Jim [Well over 50 years ago, Mae Churchill started collecting documents and clippings on election fraud. She invited both Rebecca and me to visit her home in the Los Angeles area before we met Ronnie and Doug. PGN] [It also appears that Ronnie was reaching out to some of us in letting us know of his impending death -- perhaps by shutting down his cell phone. I am thankful that he wrote his own obit in the Texas Observer, because he could have hidden more than he had published. I am very happy that we are still around to honor his memories. PGN] ------------------------------ Date: Wed, 28 May 2025 10:59:20 -0700 From: Steve Bacher <sebmb1 () verizon net> Subject: Re: New NY voting machines face intense skepticism (RISKS-34.65) Thank you for posting this item (and in its entirety). All we hear from the regular media is "Trump is trying to muck up elections by making everyone use paper ballots which will take forever to process." This sheds some light on the actual issues at hand. I know RISKS has been calling attention to voting technology issues for a long time. Your efforts in this regard are highly appreciated. [Thanks. Yes, election integrity was in vol 1 no 1, 40 years ago. PGN] ------------------------------ Date: Tue, 27 May 2025 13:24:04 -0700 From: Barry Gold <BarryDGold () ca rr com> Subject: Re: New NY voting machines face intense skepticism (RISKS-34.65) Using a computer-based voting system that does not leave a paper trail of some sort is an invitation to large-scale fraud. It would be possible for the manufacturer to insert a backdoor that would allow them to modify the votes in any way they chose. And anybody with physical access to the machines can insert "backdoors" that let them control the voting. [That was Rebecca Mercuri's thesis 25 years ago. PGN] And the laws in nearly every state require a provision for a recount, which pretty much requires a hardcopy ballot.
From the description of ExpressVote XL, it appears to be secure against
these kinds of attacks. In the event of a challenge, the paper ballots can be be run through an independent tallying system and/or hand-counted. Any discrepancy between the human-readable hardcopy and the barcodes would be readily detected. But the article mentions two other problems: 1. the system is expensive compared with other computer-assisted systems, and 2. voters report that it was difficult to use. I should mention that Los Angeles County (and maybe all of California?) used a system similar to that described by Steve Bacher in at least one election where I voted. For all I know, it was the ExpressVote XL system. I (having spent about half my 43-year career working on the security problems in using computers for really important tasks) was quite satisfied with the process, except for a long line because there were only two machines available. ------------------------------ Date: Wed, 28 May 2025 01:02:52 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Driverless Semi-Trucks Are Here, With Little Regulation and Big Promises (The New York Times) As the trucking industry struggles to recruit drivers, driverless trucks won't need sleep, won't speed and won't get road rage. But experts and truck drivers say they are not a panacea. And Ms. Griffin wondered if the lack of a driver might slow the response time if an autonomous truck runs over a pedestrian, or freezes in the road and gets rear-ended. (Mr. Urmson, the Aurora chief, declined to say how many people in a remote assistance center would be assigned to each robotruck.) Semi-trucks, the skeptics note, bring dangers different from those posed by the self-driving cars that have started to take over the streets of San Francisco, Phoenix, Austin and Las Vegas. The trucks are far heavier, and need at least a football field's length to come to a complete stop at highway speeds. Some carry flammable or hazardous materials. The rollout of robocars has itself been bumpy. In Arizona in 2018, a driverless car ran over a pedestrian walking a bicycle, killing her. In San Francisco and Austin, the vehicles have slowed emergency response times and caused accidents. With larger vehicles, the critics say, the dangers multiply. The risks seemed to crystallize on an Arizona highway in 2022, when an autonomous truck with a driver aboard veered across Route 10 and careened into a concrete barrier. (Nobody was hurt.) “It’s potentially disastrous from a safety perspective,” said John Samuelsen, head of the Transport Workers Union of America, who is also worried about trucking jobs being automated out of existence. Mr. Samuelsen appears to have public opinion on his side. A survey conducted by AAA this year found that 61 percent of motorists in the United States feared self-driving vehicles and that 26 percent were unsure about them. Mr. Urmson, the Aurora chief, vowed that his trucks would be safe. “We have something like 2.7 million tests that we run the system through,” he said. https://www.nytimes.com/2025/05/27/business/driverless-semi-trucks-aurora-innovation.html?smid=nytcore-ios-share&referringSource=articleShare ------------------------------ Date: Wed, 28 May 2025 12:49:09 +0000 From: Richard Marlon Stein <rmstein () protonmail com> Subject: Quantum computers may crack RSA encryption with fewer qubits than expected (phys.org) https://phys.org/news/2025-05-quantum-rsa-encryption-qubits.html "Some in the field have accepted a theory that a quantum computer capable of cracking such codes in a reasonable amount of time would have to have at least 20 million qubits. In this new work, the team at Google suggests it could theoretically be done with as few as a million qubits -— and it could be done in a week." Whatever the quantity of qubits -- Mega or Giga -- the decoherence problem must be mitigated sufficiently for the decipher to reliably complete. Quantum computing seems to be evolving and refining capability like early supercomputers (see ILLIAC-IV). There was an ILLIAC-IV installed at NASA AMES/Moffet Field in Silicon Valley. Armed guards patrolled the machine room as hydrophone and sonar data was crunched to detect Soviet submarine locations and predicted motion vectors. The ILLIAC-IV's hardware was unstable: multiple runs (morning and afternoon batch) on the same input deck ensured output was reliable -- matched closely -- before results were sent to Naval Ops. [CORRECT. It was an 8x8 grid of special-purpose subcomputers. Unfortunately. in that every one of the 64 subcomputers had to be running, the probability of failure of each subcomputer was high enough that the Illiac-4 crashed frequently; there was no recovery process other than replacing the faulty grid component. The operating system was minimal, designed by the same folks who designed the hardware, if I recall correctly. It was the best they could do, but still a very valuable early step. PGN] Quantum decoherence is a stubborn problem. Will either Circular Rydberg qubits or nitrogen vacancy center diamond qubits lead to mass production of reliable quantum computation? ------------------------------ Date: Wed, 28 May 2025 02:43:13 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Signal to Windows Recall: Drop dead (Computerworld) Quoting article: Microsoft's Recall is a security disaster disguised as a feature. Messaging app Signal is doing what it can to block it. Windows, as all but the most besotted Microsoft fans know, has historically been a security disaster. Seriously, what other program has a dedicated day each month to reveal its latest security holes? But now, Windows Recall, the AI-powered *feature* that continuously takes snapshots of your screen to create a searchable timeline of everything you do, has arrived for Copilot+ PCs running Windows 11 version 24H2 and newer. After a year of controversy and multiple delays prompted by widespread privacy and security concerns, Microsoft has significantly changed Recall’s architecture. The feature is now opt-in, requires Windows Hello biometric authentication, encrypts all snapshots locally, filters out sensitive data such as credit card numbers, and allows users to filter out specific apps or websites from being captured. I am so unimpressed. A few days ago, in the latest Patch Tuesday release, Microsoft revealed five -— count ’em, five! -— zero-day security holes in Windows alone. Do you expect me to trust Recall with a track record like this? Besides, even if I don't enable the feature, what if our beloved federal government decides that for our protection, it would be better if Microsoft turned on Recall for some users? After all, it’s almost impossible to run Windows these days without having a Microsoft ID, making it easy to pick and choose who gets what “update.” https://www.computerworld.com/article/3994265/signal-to-windows-recall-drop-dead.html ------------------------------ Date: Wed, 28 May 2025 10:51:12 -0700 From: Steve Bacher <sebmb1 () verizon net> Subject: Re: BMW remote software update issues spurious warnings Note these two bullet points: - The information regarding the fault was hidden at the end of a lengthy message starting with uninformative boilerplate. - The car's drivers are trained through this process to ignore messages regarding potentially serious malfunctions. This puts me in mind of the old joke "How was the food? Like poison! And such small portions!" If users won't read the entire message they won't be led to ignore the malfunction indicator. But I guess drivers are damned if they do and damned if they don't. ------------------------------ Date: Wed, 28 May 2025 11:56:53 +1000 From: 3daygoaty <threedaygoaty () gmail com> Subject: Re: Artificial General Intelligence. (Shamir and Ward, RISKS-34.64) Here are some entertaining ephemera I picked up in my career studying AI from the 1980s. 1. At IJCAI 93 in Chambery, France, I interviewed keynote Ian Havel, the token philosopher there to question the dense AI hype at the conference. I asked him when we would have AGI. He said 100 years. 2. I can answer prompts for an hour and the energy I need can be obtained from eating one Timtam. About eight-five Calories. I understand that ChatGPT4o needs about 120 million Timtams to do this same task. I just bought some shares in Arnotts Biscuits. 3. I studied AI as part of thing called Cognitive Science in the 80s. The idea was getting students ready for the inevitable AGI, for which I am still waiting. My thesis caused trouble because I supposed that an AGI would experience all the human bigotry we have dished out on anyone different who is actually really clever. Apropos to Prof Shapir: the goal posts will be moved away from whatever AGI appears, perhaps due to xenophobia? ------------------------------ Date: Wed, 28 May 2025 13:50:14 +0200 From: Anthony Thorn <anthony.thorn () atss ch> Subject: Re: COVID-19, Vaccinated first officer (RISKS-34.65)
... Mention of it [appeared to be] a throw-away line in what I ran here. ... PGN]
[I was WRONG. I did not read the cited source. PGN] I strongly disagree. My impression was that the main point of the article was to imply that COVID-19 Vaccination is dangerous. And of course other outlets have taken up the meme, e.g.: https://countylocalnews.com/2025/05/19/shocking-lufthansa-incident-pilotless-flight-for-10-minutes-lufthansa-flight-emergency-pilot-medical-emergency-aviation-safety-incident-2025/ The Role of COVID-19 Vaccination The situation has reignited discussions about the implications of COVID-19 vaccinations on pilot health. ... This incident serves as a reminder that more research may be needed to understand the full effects of vaccinations on those in high-responsibility roles." Have your readers forgotten that all Lufthansa pilots were vaccinated? It was COMPULSORY. [I apparently had disfogotten that. PGN] https://www.aerotime.aero/articles/28695-lufthansa-require-covid-19-shots-crew The same for most other airlines (especially for international flights). CBS: "Nearly all major airlines mandate COVID vaccine for employees" https://www.cbsnews.com/news/covid-19-vaccine-mandate-major-airlines/ So I can at least agree with PGN about it being "nonsense" ;-) ------------------------------ Date: Sat, 28 Oct 2023 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) has moved to the ftp.sri.com site: <risksinfo.html>. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's delightfully searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 34.66 ************************
Current thread:
- Risks Digest 34.66 RISKS List Owner (May 29)