RISKS Forum mailing list archives
Risks Digest 31.13
From: RISKS List Owner <risko () csl sri com>
Date: Thu, 21 Mar 2019 15:52:57 PDT
RISKS-LIST: Risks-Forum Digest Thursday 21 March 2019 Volume 31 : Issue 13 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/31.13> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: German Air Traffic Control with software error (Tagesschau) Doomed Jets Lacked 2 Safety Features That Boeing Sold as Extras (NYTimes) 737 Max issues, breakdown and analysis (Bob Poortinga) How a 50-year-old design came back to haunt Boeing with its troubled 737 Max jet (Los Angeles Times) Boeing 737 Max: Software patches can only do so much (ZDNet) Millions of Facebook passwords exposed internally (BBC News) Accidentally exposing the data of 230M people (WiReD) Locking more than the doors as cars become computers on wheels (NYTimes) The Attack That Broke the Net's Safety Net (NYTimes) Inside YouTube's struggles to shut down video of the New Zealand shooting -- and the humans who outsmarted its systems (WashPost) Fewer than 200 people watched the New Zealand massacre live. A hateful group helped it reach millions. (WashPost) Aadhaar: unique numbers for all residents in India (Reetika Khera) Spy cameras in Seoul secretly live-streamed 1,600 hotel guests for subscribers. Then police caught on. (WashPost) Ransomware Fighter Lives in Fear for his Life (Security Boulevard) Why The Promise Of Electronic Health Records Has Gone Unfulfilled (npr.org) How to Check Your Hotel Room for Hidden Cameras (ThePointsGuy) Browser also fills in bad guy address with good guy address (Dan Jacobson) DNA and a Coincidence Lead to Arrest in 1999 Double (NYTimes) Is Computer Code a Foreign Language? (William Egginton) Lookin' in my back door (Henry Baker) ESPN Slips Up, Revealing the NCAA Women's Bracket Four Hours Early (NYTimes) Re: Is curing patients, a sustainable business model? (Martin Ward) Re: The Rapid Decline Of The Natural World ... (Jurek) Re: Security Holes Found in Big Brand Car Alarms (Amos Shapir) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Thu, 21 Mar 2019 18:27:50 +0100 From: weberwu <weberwu () HTW-Berlin de> Subject: German Air Traffic Control with software error (Tagesschau) The ARD Tagesschau reports that there is a software error in the air-traffic control system over Germany. They are following up a report by Deutschlandfunk. https://www.tagesschau.de/wirtschaft/flugsicherung-panne-software-101.html The DFS (Deutsche Flugsicherung) uses a system that displays so-called control strips. The control strips contain information for the air traffic controllers such as vessel type, route, time of airspace crossing. This system is not working correctly. The system used in Langen in Hessia is showing errors, so that the controllers must take more time to inspect what they are doing. All other systems are said to be operational. This concerns the airspace from Constance to Kassel and from the French border to Thuringia. No other airspaces are said to be affected. Travelers should expect delays of around 30 minutes. Prof. Dr. Debora Weber-Wulff, HTW Berlin, Treskowallee 8, 10313 Berlin ------------------------------ Date: Thu, 21 Mar 2019 09:47:42 -0400 From: Monty Solomon <monty () roscom com> Subject: Doomed Jets Lacked 2 Safety Features That Boeing Sold as Extras (NYTimes) Airlines had to pay more for two optional upgrades that could warn pilots about sensor malfunctions. The company will now make one of the features standard. https://www.nytimes.com/2019/03/21/business/boeing-safety-features-charge.html ------------------------------ Date: March 20, 2019 at 09:37:23 GMT+9 From: Bob Poortinga <w9iz () w9iz us> Subject: 737 Max issues, breakdown and analysis A friend of mine who is both an IT professional and a private pilot has written a nice analysis of the 737 Max situation. https://drive.google.com/file/d/1249KS8xtIDKb5SxgpeFI6AD-PSC6nFA5/view R, Bob Poortinga, Bloomington, IN [via Dave Farber in Japan] [Note: Monty Solomon noted a second Seattle Times article after the one noted previously: Flawed analysis, failed oversight: How Boeing, FAA certified the suspect 737 MAX flight control system https://www.seattletimes.com/business/boeing-aerospace/failed-certification-faa-missed-safety-issues-in-the-737-max-system-implicated-in-the-lion-air-crash/ PGN] ------------------------------ Date: Mon, 18 Mar 2019 17:55:23 -0700 From: Richard Stein <rmstein () ieee org> Subject: How a 50-year-old design came back to haunt Boeing with its troubled 737 Max jet (Los Angeles Times) https://www.latimes.com/local/california/la-fi-boeing-max-design-20190315-story.html "That low-to-the-ground design was a plus in 1968, but it has proved to be a constraint that engineers modernizing the 737 have had to work around ever since. The compromises required to push forward a more fuel-efficient version of the plane -- with larger engines and altered aerodynamics -- led to the complex flight control software system that is now under investigation in two fatal crashes over the last five months. "But the decision to continue modernizing the jet, rather than starting at some point with a clean design, resulted in engineering challenges that created unforeseen risks." Legacy 737 fuselage design constraints led to MCAS development and deployment decades later, which apparently caused the deadly aircraft incidents. Risk: Legacy system feature preservation for economic motives versus a full redesign to negate technical debt accumulation. ------------------------------ Date: Tue, 19 Mar 2019 20:20:01 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Boeing 737 Max: Software patches can only do so much (ZDNet) https://www.zdnet.com/article/boeing-737-max-software-patches-can-only-do-so-much/ ------------------------------ Date: Thu, 21 Mar 2019 13:53:16 PDT From: "Peter G. Neumann" <neumann () csl sri com> Subject: Millions of Facebook passwords exposed internally (BBC News) Developers working for Facebook logged the passwords in plain text as they wrote code for the site. User passwords were accessible to as many as 20,000 FB employees. Brian Krebs noted up to 600M passwords. http://www.bbc.com/news/technology-47653656 [Several people have noted this today. PGN] ------------------------------ Date: Tue, 19 Mar 2019 12:00:22 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Accidentally exposing the data of 230M people (WiReD) Hardigree also still maintains that the data Exactis aggregated and then exposed wasn't actually sensitive, and that the outrage over its exposure was overblown. He says much of it was pulled from sources like public records and census data. Exactis combined that public information with data it traded for and bought, with sources ranging from payday loan and auto companies to surveys to registration forms for business publications. Hardigree claims that hundreds of small companies possess similar data. He argues that anyone can buy a less refined version of the same collection, what's known as a Consumer Master File, for around $1,000. "This data is out there, and it always has been out there," Hardigree says. But Troy Hunt, the security researcher and data breach expert who manages HaveIBeenPwned, says that the Exactis data was indeed sensitive enough to justify the wave of pain that hit the company after its security lapse. He argues the data is, in fact, sufficiently detailed to contribute to identity theft, and certainly detailed enough to creep out anyone who finds themselves in it. https://www.wired.com/story/exactis-data-leak-fallout/ ------------------------------ Date: Mon, 18 Mar 2019 21:50:50 -0400 From: Monty Solomon <monty () roscom com> Subject: Locking more than the doors as cars become computers on wheels (NYTimes) Concern that cars could be seriously hacked —- by criminals, terrorists or even rogue governments —- has prompted a new round of security efforts on the part of the auto industry. https://www.nytimes.com/2019/03/07/business/car-hacks-cybersecurity-safety.html ------------------------------ Date: Mon, 18 Mar 2019 21:35:37 -0400 From: Monty Solomon <monty () roscom com> Subject: The Attack That Broke the Net's Safety Net (NYTimes) A killer determined to make terrorism go viral beat a system designed to keep the worst of the web out of sight. https://www.nytimes.com/2019/03/18/opinion/facebook-youtube-mass-shootings.html ------------------------------ Date: Wed, 20 Mar 2019 02:15:05 -0400 From: Monty Solomon <monty () roscom com> Subject: Inside YouTube's struggles to shut down video of the New Zealand shooting -- and the humans who outsmarted its systems (WashPost) https://www.washingtonpost.com/technology/2019/03/18/inside-youtubes-struggles-shut-down-video-new-zealand-shooting-humans-who-outsmarted-its-systems/ ------------------------------ Date: Wed, 20 Mar 2019 12:49:17 -0400 From: Monty Solomon <monty () roscom com> Subject: Fewer than 200 people watched the New Zealand massacre live. A hateful group helped it reach millions. (WashPost) New details reveal just how quickly the video spread across the world and rocketed out of tech companies' control. https://www.washingtonpost.com/technology/2019/03/19/fewer-than-people-watched-new-zealand-massacre-live-hateful-group-helped-it-reach-millions/ ------------------------------ From: Reetika Khera <reetikak () iima ac in> Date: Thu, 21 Mar 2019 08:16:05 +0530 Subject: Aadhaar: unique numbers for all residents in India Aadhaar is a 12-digit unique number assigned to all Indian residents. Its uniqueness is supposed to be guaranteed by the use of biometrics (fingerprints, iris and photographs). Besides biometrics, the Unique Identification Authority of India (UIDAI) also collects demographic information. Aadhaar is being made compulsory for an increasing number of applications in India. An extensive household survey conducted by our team [1] revealed various issues related to this measure, including exclusion problems, transaction costs, and its impact on corruption. For example, people experience issues with enrolling [2] for Aadhaar, when they lose it [3], when they try to link [4] it to the appropriate registry, when they try to authenticate [5] themselves biometrically, and so on. More issues are highlighted in this Youtube playlist [6] (not all have subtitles). The consequences [7] of this range from cancellation or suspension of benefits, to delays and deaths [8]. 1: https://www.epw.in/journal/2017/50/special-articles/aadhaar-and-food-security-jharkhand.html 2: https://www.youtube.com/watch%3Fv%3DKYwDkZ0l4wY 3: https://twitter.com/roadscholarz/status/1069616152152748034 4: https://twitter.com/roadscholarz/status/949317693789822977 5: https://www.thequint.com/news/india/uidai-ceo-admits-aadhaar-authentication-failure-rate-12 6: https://www.youtube.com/watch%3Fv%3DfVSVqbW6dP0%26list%3DPLdHEUXbHHVe30wNaeZqdb04XyJ5j3_ehc 7: https://www.washingtonpost.com/news/theworldpost/wp/2018/08/09/aadhaar/%3Fnoredirect%3Don%26utm_term%3D.b57578095146 8: https://www.nytimes.com/2018/01/21/opinion/india-aadhaar-biometric-id.html [If you might have any thoughts about youtube/twitter postings possibly being being unreliable, what were used here were precisely what was recorded and compiled during the data collection exercise. PGN] ------------------------------ Date: Wed, 20 Mar 2019 12:46:57 -0400 From: Monty Solomon <monty () roscom com> Subject: Spy cameras in Seoul secretly live-streamed 1,600 hotel guests for subscribers. Then police caught on. (WashPost) Two arrested after hundreds of hotel guests were filmed in south Korea for live-stream subscribers. https://www.washingtonpost.com/world/2019/03/20/spy-cameras-secretly-live-streamed-hotel-guests-subscribers-then-police-caught/ ------------------------------ Date: Tue, 19 Mar 2019 20:22:04 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: Ransomware Fighter Lives in Fear for his Life (Security Boulevard) https://securityboulevard.com/2019/03/ransomware-fighter-lives-in-fear-for-his-life/ ------------------------------ Date: Mon, 18 Mar 2019 16:21:46 -0700 From: Richard Stein <rmstein () ieee org> Subject: Why The Promise Of Electronic Health Records Has Gone Unfulfilled (npr.org) https://www.npr.org/sections/health-shots/2019/03/18/704475396/why-the-promise-of-electronic-health-records-has-gone-unfulfilled A transparency deficit contributes to the EHR catastrophe: "Entrenched policies continue to keep software failures out of public view. Vendors of electronic health records have imposed contractual 'gag clauses' that discourage buyers from speaking out about safety issues and disastrous software installations -- and some hospitals fight to withhold records from injured patients or their families." Risk: Missing incentives among stakeholders (equipment vendors, EHR vendors, medical service providers, physicians, administrators) to align and standardized EHR content/metadata/coding structures, communications, and platform protocols. Possibly corrected through better regulation, legislation, or perpwalks. ------------------------------ Date: Thu, 21 Mar 2019 10:17:35 -0400 From: Monty Solomon <monty () roscom com> Subject: How to Check Your Hotel Room for Hidden Cameras (ThePointsGuy) https://thepointsguy.com/guide/how-to-detect-hidden-cameras-in-your-hotel-room/ ------------------------------ Date: Thu, 21 Mar 2019 08:56:27 +0800 From: Dan Jacobson <jidanni () jidanni org> Subject: Browser also fills in bad guy address with good guy address You know the helpful browser form filler feature where it fills in your name, address, phone number, and email? It works great, except when reporting crimes, where you better check before clicking "submit" that it didn't also helpfully go back and re-fill in the bad guys' name, address, phone number... using guess who's data... https://bugs.chromium.org/p/chromium/issues/detail%3Fid%3D944351 ------------------------------ Date: Tue, 19 Mar 2019 13:24:46 -0400 From: Monty Solomon <monty () roscom com> Subject: DNA and a Coincidence Lead to Arrest in 1999 Double (NYTimes) https://www.nytimes.com/2019/03/19/us/alabama-dna-murder-arrest.html For 19 years, police were unable to identify the person who fatally shot two 17-year-olds. Then they turned to the technique used in the Golden State Killer case. ------------------------------ Date: March 18, 2019 at 10:15:32 PM GMT+9 From: Dewayne Hendricks <dewayne () warpspeed com> Subject: Is Computer Code a Foreign Language? (William Egginton) William Egginton, Mar 17 2019 No. And high schools shouldn't treat it that way. https://www.nytimes.com/2019/03/17/opinion/code-foreign-language.html Maryland's legislature is considering a bill to allow computer coding courses to fulfill the foreign-language graduation requirement for high school. A similar bill passed the Florida State Senate in 2017 (but was ultimately rejected by the full Legislature), and a federal version proposed by Senators Bill Cassidy, Republican of Louisiana, and Maria Cantwell, Democrat of Washington, is being considered in Congress. The animating idea behind these bills is that computer coding has become a valuable skill. This is certainly true. But the proposal that foreign-language learning can be replaced by computer coding knowledge is misguided: It stems from a widely held but mistaken belief that science and technology education should take precedence over subjects like English, history, and foreign languages. As a professor of languages and literatures, I am naturally skeptical of such a position. I fervently believe that foreign-language learning is essential for children's development into informed and productive citizens of the world. But even more urgent is my alarm at the growing tendency to accept and even foster the decline of the sort of interpersonal human contact that learning languages both requires and cultivates. Language is an essential -- perhaps the essential -- marker of our species. We learn in and through natural languages; we develop our most fundamental cognitive skills by speaking and hearing languages; and we ultimately assume our identities as human beings and members of communities by exercising those languages. Our profound and impressive ability to create complex tools with which to manipulate our environments is secondary to our ability to conceptualize and communicate about those environments in natural languages. The difference between natural and computer languages is not merely one of degree, with natural languages' involving vocabularies that are several orders of magnitude larger than those of computer languages. Natural languages aren't just more complex versions of the algorithms with which we teach machines to do tasks; they are also the living embodiments of our essence as social animals. We express our love and our losses, explore beauty, justice and the meaning of our existence, and even come to know ourselves all though natural languages. The irony is that few people appreciate the uniqueness of human language more than coders working in artificial intelligence, who wrestle with the difficulty of replicating our cognitive abilities. The computer scientist Alan Turing noted that the question of whether a machine can think is incredibly difficult to determine, not least because of the lack of a clear definition of `thinking'; he proposed investigating instead the more tractable question of whether a machine can convince a human interlocutor that it's human -- the so-called Turing test. One of the important lessons of Turing's test is the reminder that in our interactions with other people, we are fundamentally limited in how much we can know about another's thoughts and feelings, and that this limitation and the desire to transcend it is essential to our humanity. In other words, for us humans, communication is about much more than getting information or following instructions; it's about learning who we are by interacting with others. The interpersonal essence of language learning extends to learning as a whole. We know that small-group, in-person instruction is more effective than traditional lectures. We ask questions, are asked in return, and we learn more, learn faster and retain more when we care about the people we are interacting with. It's no accident that despite the initial enthusiasm generated by MOOCs, or massive online open courses, they have in fact been a major disappointment, with completion rates as low as 5 percent. By comparison, online courses with smaller groups of students and direct feedback from the professor show completion rates as high as 85 percent. [Furthermore, the types of computer-language skills may be quite different from natural-language skills. For example, computer programming requires some intense left-brained activities that learning to *speak* natural languages does not, and total-system design and development requires synergy between the left-brain and right-brain activities. (See my book chapter, Zen and the Art of System Programming: Psychosocial Implications of Computer Software Development and Use: Zen and the Art of Computing, in Theory and Practice of Software Technology, D. Ferrari, M. Bolognani, and J. Goguen (editors), North-Holland, 1983, 221--232. However, learning to *write* grammatically in a natural language does require more left-brain activity. Besides, adequate natural-language learning (even English for a First Language) seems to be declining seriously. Sloppy use of natural languages seems to be tolerated, whereas sloppy use of computer languages is the source of many of the risks in RISKS. The concept of teaching programming as a natural language is *really* misguided, for many reasons. PGN] ------------------------------ Date: Tue, 19 Mar 2019 10:25:20 -0700 From: Henry Baker <hbaker1 () pipeline com> Subject: Lookin' in my back door [Apologies to Creedence Clearwater Revival.] NSA FOMO... Whether you trust Huawei's words or not, at least they give lip service to "no back doors", which is more than the 5i's will give. "Huawei, in other words, hampers US efforts to spy on whomever it wants." "Prism, prism on the wall. Who's the most trustworthy of them all?" "Huawei has not and will never plant backdoors. And we will never allow anyone to do so in our equipment." https://www.ft.com/content/b8307ce8-36b3-11e9-bb0c-42459962a812 The US attacks on Huawei betray its fear of being left behind Proliferation of our technology hampers American efforts to spy on whomever it wants Guo Ping February 27, 2019 As a top Huawei executive, I'm often asked why the US has launched a full-scale assault on us. The Americans have charged us with stealing technology and violating trade sanctions, and largely blocked us from doing business there. Mike Pence, US vice-president, recently told Nato of "the threat posed by Huawei", and Mike Pompeo, secretary of state, warned allies that using our telecommunications equipment would make it harder for the US to "partner alongside them." On Tuesday at the Mobile World Congress, the industry's largest trade show, a US delegation led by Ajit Pai, Federal Communications Commission chair, repeated the call to keep Huawei out of global 5G networks. Washington has cast aspersions on Huawei for years. A 2012 report by the House Intelligence Committee labeled us a threat. But, until recently, these attacks were relatively muted. Now that the US has brought out the heavy artillery and portrayed Huawei as a threat to western civilisation, we must ask why. I believe the answer is in the top secret US National Security Agency documents leaked by Edward Snowden in 2013. Formed in 1952, the NSA monitors electronic communications, such as email and phone calls, for intelligence and counter-intelligence purposes. The Snowden leaks shone a light on how the NSA's leaders were seeking to "collect it all" -- every electronic communication sent, or phone call made, by everyone in the world, every day. Those documents also showed that the NSA maintains "corporate partnerships" with particular US technology and telecom companies that allow the agency to "gain access to high-capacity international fibre-optic cables, switches and/or routers throughout the world". Huawei operates in more than 170 countries and earns half of its revenue abroad but its headquarters are in China. This significantly reduces the odds of a "corporate partnership". If the NSA wants to modify routers or switches in order to eavesdrop, a Chinese company will be unlikely to co-operate. This is one reason why the NSA hacked into Huawei's servers. "Many of our targets communicate over Huawei-produced products," a 2010 NSA document states. "We want to make sure that we know how to exploit these products." Clearly, the more Huawei gear is installed in the world's telecommunications networks, the harder it becomes for the NSA to "collect it all". Huawei, in other words, hampers US efforts to spy on whomever it wants. This is the first reason for the campaign against us. The second reason has to do with 5G. This latest generation of mobile technology will provide data connections for everything from smart factories to electric power grids. Huawei has invested heavily in 5G research for the past 10 years, putting us roughly a year ahead of our competitors. That makes us attractive to countries that are preparing to upgrade to 5G in the next few months. If the U.S. can keep Huawei out of the world's 5G networks by portraying us as a security threat, it can retain its ability to spy on whomever it wants. America also directly benefits if it can quash a company that curtails its digital dominance. Hobbling a leader in 5G technology would erode the economic and social benefits that would otherwise accrue to the countries that roll it out early. Meanwhile, a range of US laws, including most recently the Cloud Act, empowers the US government to compel telecom companies to assist America's programme of global surveillance, as long as the order is framed as an investigation involving counter-intelligence or counterterrorism. The fusillade being directed at Huawei is the direct result of Washington's realisation that the US has fallen behind in developing a strategically important technology. The global campaign against Huawei has little to do with security, and everything to do with America's desire to suppress a rising technological competitor. The writer is a rotating chairman of Huawei Technologies https://www.huawei.com/en/press-events/news/2019/2/guoping-global-3rd-party-assurance-cyber-security "Choose Huawei for greater security", Says Huawei's Guo Ping In his keynote address at MWC 2019, Rotating Chairman Guo Ping calls for global 3rd party assurance to cyber security. Feb 26, 2019 [Barcelona, Spain, February 26, 2019] Guo Ping, Huawei's Rotating Chairman, calls for international collaboration on industry standards and appeals to governments across the world to listen to cyber security experts. His requests come during a keynote speech at Mobile World Congress 2019. Huawei is the first company to deploy 5G networks at scale, Guo said. His MWC 2019 keynote address - "Bringing you 5G safer, faster, smarter" - outlined how Huawei has developed the most powerful, simple, and intelligent 5G networks in the world, and argued that such innovation is nothing without security. He urges the industry and governments to work together and adopt unified cyber security standards. Guo Ping, Huawei's Rotating Chairman, made a keynote speech at Mobile World Congress 2019. Summary of MWC 2019 keynote address by Guo Ping, Rotating Chairman, Huawei: 1. Innovation Guo used the first half of his keynote to outline Huawei's position as the global leader in 5G but asserted that security is the basis of the company's commitment to innovation. * "Huawei is the first company that can deploy 5G networks at scale. More importantly, we can deliver the simplest possible sites with better performance." * "The more we invest in engineering science, the more value we can create. At Huawei, we can bring powerful, simple, and intelligent 5G networks to carriers anywhere in the world, faster than anyone else. Huawei is the global leader in 5G. But we understand innovation is nothing without security." 2. Security In the second half of the keynote, Guo responded to recent allegations directed at Huawei by the U.S. government and called for fact-based regulation, referring to the recommendations made by GSMA, the industry organization for mobile network operators worldwide, for governments and mobile operators to work together. * "To build a secure cyber environment for everyone, we need standards, we need fact-based regulation, and we need to work together." * "To build a system that we all can trust, we need aligned responsibilities, unified standards, and clear regulation." * "I fully agree with recent recommendations: Governments and mobile operators should work together to agree upon Europe's assurance testing and certification regime. NESAS is a very good idea and I would recommend extending it to the world." * "Huawei has not and will never plant backdoors. And we will never allow anyone else to do so in our equipment." * The irony is that the US CLOUD Act allows their governmental entities to access data across borders. FULL TEXT: Guo Ping's Keynote at MWC Barcelona 2019 Bringing you 5G safer, faster, smarter Ladies and gentlemen, good morning. It's great to see you all again. There has never been more interest in Huawei. We must be doing something right. Of course, the past few months have been a challenge for us. On one hand, our 5G solutions are widely recognized in the industry. On the other hand, there has been a lot of speculation about the security of our 5G solutions. Today, I would like to talk about Huawei's latest innovations and our views on cyber security. Innovation – It's all in the details On the 2018 EU R&D Investment Scoreboard, Huawei ranks number 5 globally. Last year, we invested more than 15 billion US dollars. This consistent investment has produced many positive results. Through nonstop investment, we can keep providing our customers with new, innovative products and more efficient services. 5G is a perfect example of this. Powerful. Simple. Intelligent. Huawei is the first company that can deploy 5G networks at scale. More importantly, we can deliver the simplest possible sites with better performance. With 100 megahertz, our 5G can reach more than 14 gigs-per-second; that's for a single sector. We are at the leading edge of performance. Strong capacity also needs strong transmission equipment. * If fiber is available, we only need to install a blade, attach one fiber, and we can bring bandwidth up to 200 Gbps. It's incredible. * If fiber is not available, carriers can use microwave. However, the bandwidth of traditional microwave is only 1 Gbps. To address this problem, we use innovative architecture to boost that bandwidth to 20 Gbps. * With our 5G smartphone and CPE, Huawei is able to provide end-to-end 5G solutions. We have begun to help carriers deploy 5G at scale. Proven in field tests and commercial use Last month, Zealer published a report, saying that Huawei's 5G is 20 times faster than the so-called 5G in the US. That's in field tests. In commercial use, it is not 20 times faster, but it's still much, much faster. So I fully understand what President Donald Trump said last week. The United States needs powerful, faster, and smarter 5G. In the two charts on the left, we have the results from IMT-2020's phase 3 tests in China. As you can see, Huawei is far ahead of the game when it comes to single site throughput. The third chart compares the speeds of a commercial 5G network deployed by several vendors. This is a real customer network. On Huawei 5G, single user speed reaches 1.3 Gbps. Powerful Innovation is in the details. Let's start with capacity. * For example, with performance algorithm, we can more than triple cell throughput. * For hardware, our 5G chips support 64 channels, the highest in the industry. We have also increased the computing power of these chips by 2.5 times. For microwave, we can support 10 times greater transmission bandwidth than other solutions on the market. Little by little, we are pushing the physical limits of our technology. Simple We are also making sites as simple as possible, without sacrificing performance. For example, if we made 64T antennas with old techniques, one 5G antenna would be bigger than a door. Can you imagine installing that? If we put one here on the beach, it would be blown down. To address this issue, we are using new materials. We have reduced the number of components by 99%, and with lighter covers, we can reduce weight by 40%. These new AAUs are as wide as a backpack and very strong. They can survive grade-15 typhoons. This happened in Shenzhen last year. Installation is super easy. We can install them directly on a 4G site, or even on a lamp pole. Simple sites greatly reduce carrier CAPEX and OPEX. In Europe, where space is limited, we can help you save 10,000 euros on site rental, every site, every year. Intelligent In the telecom industry, someone said we are using 5G networks of the 21st century. However, network Operation and Maintenance is still in the 18th century. Let's look at one figure. Globally, 70% of network faults are from human limitations. To make life easier for carriers, our goal is to build intelligent networks. Last October, Huawei launched the world's most powerful AI chips: Ascend 910 and Ascend 310. We can use these to bring intelligence to all scenarios, and reduce computing power costs for carrier networks. Building on these chips, Huawei has developed many algorithms and models for carrier networks. With AI, we can increase resource efficiency, make O&M easier, and reduce power consumption for telecom networks. Conclusion The more we invest in engineering science, the more value we can create. At Huawei, we can bring powerful, simple, and intelligent 5G networks to carriers anywhere in the world, faster than anyone else. ------------------------------ Date: Mon, 18 Mar 2019 21:37:58 -0400 From: Monty Solomon <monty () roscom com> Subject: ESPN Slips Up, Revealing the NCAA Women's Bracket Four Hours Early For the second time in three years, an NCAA basketball tournament bracket leaked after it was provided to the network that paid to reveal the results. Among the revelations? UConn is a No. 2 seed. https://www.nytimes.com/2019/03/18/sports/espn-womens-bracket-leak.html ------------------------------ Date: Wed, 20 Mar 2019 12:04:23 +0000 From: Martin Ward <martin () gkc org uk> Subject: Re: Is curing patients, a sustainable business model? Mixing business with medicine is ethically horrible. When healthcare is a business, the more sick people there are (especially those that need expensive treatments), the more profit there is to be made. This has many bad consequences: (1) Managing symptoms is more profitable than curing a disease; (2) Expensive drugs are more profitable than, for example, recommending simple changes to diet: so vastly more resources are poured into drug research than into any other form of cure; (3) The more unhealthy the population, the more money is to be made. So encouraging unhealthy habits is beneficial to a healthcare company. (It might be seen as a bit *too* obviously cynical for a healthcare company to buy a tobacco company and heavily advertise and subsidise tobacco: but there is a strong business case!) (4) Tests, tests and more tests! Testing is expensive but can be carried out on apparently healthy people: so its a good business practice to test for everything, "just in case". If you are lucky, you might even discover some condition that needs expensive treatment. Contrast this with universal healthcare and government-funded medical research. If you are allocated with a certain budget per person and tasked with improving health you will have a very different set of priorities. Not having universal healthcare, the U.S. spends around twice as much per person, compared to other countries, but millions of people still don't have any healthcare, and overall the population is less healthy than other first world countries which do have universal health care. ------------------------------ Date: Wed, 20 Mar 2019 14:51:59 +0000 From: Jurek <jzk () uxp ie> Subject: Re: The Rapid Decline Of The Natural World ... Is it possible that 500 experts can be found in 50 countries who can compile an 8,000 plus page report to the effect that we are actually managing our resources as well as we can to accommodate the expanding world population? Yes, there *is* a risk here: when a scientific hypothesis (with I presume its obligatory attendant verification-only studies) is taken as a statement of reality and a political bandwagon is created onto which all sorts of famous scientists are keen to hop... rational analysis seems to evaporate. In my experience, science and technology courses do not pay enough attention to educating students about the philosophy of science... like, who has time for THAT kind of stuff in a crowded curriculum, right? That's the real risk. ------------------------------ Date: Tue, 19 Mar 2019 17:48:57 +0200 From: Amos Shapir <amos083 () gmail com> Subject: Re: Security Holes Found in Big Brand Car Alarms (RISKS-31.12) ... "enabling hackers to activate car alarms, unlock vehicle doors, and start engines" In view of another article: "Toyota patents system to dispense tear gas on car thieves", it's possible to add to this list "if the hacked car is a Toyota, also spray occupants with tear gas" ------------------------------ Date: Mon, 14 Jan 2019 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00 Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 31.13 ************************
Current thread:
- Risks Digest 31.13 RISKS List Owner (Mar 21)