RISKS Forum mailing list archives
Risks Digest 31.66
From: RISKS List Owner <risko () csl sri com>
Date: Fri, 10 Apr 2020 11:21:39 PDT
RISKS-LIST: Risks-Forum Digest Friday 10 April 2020 Volume 31 : Issue 66 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/31.66> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: The ancient computers in the Boeing 737 Max are holding up a fix (The Verge via Gabe Goldberg) Boeing 787s must power cycle every 51 days (The Register via John Levine) Privacy Cannot Be a Casualty of the Coronavirus (NYTimes) FTC, FCC crack down on coronavirus robocall scams (WashPost) What about contact lenses? (Paul Wexelblat) Re: Firefox Cloudflare DNS (Dmitri Maziuk) Re: A computer virus expert looks at CoVID-19 (Rob Slade) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Fri, 10 Apr 2020 00:25:12 -0400 From: Gabe Goldberg <gabe () gabegold com> Subject: The ancient computers in the Boeing 737 Max are holding up a fix (The Verge) Nothing, it seems, will prompt the FAA to send this particular design back to the drawing board. Instead, Boeing will once again attempt to compensate for a hardware flaw on the 737 Max with slightly rewritten software. It's the same design philosophy that created this catastrophe for Boeing in the first place -— and it's the same philosophy that has failed, so far, to produce a safe and reliable airplane. https://www.theverge.com/2020/4/9/21197162/boeing-737-max-software-hardware-computer-fcc-crash ------------------------------ Date: 9 Apr 2020 19:45:56 -0400 From: John Levine <johnl () iecc com> Subject: Boeing 787s must power cycle every 51 days (The Register) In article <5.CMM.0.90.4.1586470789.risko () chiron csl sri.com11844> you write:
[Noted by Tom Van Vleck. I thought RISKS has noted this before, but I did not find it. PGN]
It's gotten worse. Back in 2015 you needed to reboot only every 248 days: https://www.theregister.co.uk/2015/05/01/787_software_bug_can_shut_down_planes_generators/ [JL] [Tom Russ noted that 51 days is roughly 2^32 milliseconds. Perhaps another integer overflow/wrap-around problem?] [Craig S. Cottingham found an earlier reference in RISKS-31.34 that I remembered, but could not find. However, that item from Steve Golson related to Airbus, not Boeing: Airbus A350 software bug forces airlines to turn planes off and on every 149 hours (The Register), which seemingly related to a 32-bit counter that updates every 125 microseconds. http://catless.ncl.ac.uk/Risks/31/34#subj4.1 So, it's just another calendar-clock implementation foresight. Y2K, Why-not-2K? It's only 32 bits. PGN] ------------------------------ Date: Tue, 7 Apr 2020 19:49:57 -0400 From: Monty Solomon <monty () roscom com> Subject: Privacy Cannot Be a Casualty of the Coronavirus (NYTimes) Privacy Cannot Be a Casualty of the Coronavirus https://www.nytimes.com/2020/04/07/opinion/digital-privacy-coronavirus.html [It must not. Unfortunately, it can, and is already. PGN] ------------------------------ From: Monty Solomon <monty () roscom com> Date: Fri, 3 Apr 2020 16:57:59 -0400 Subject: FTC, FCC crack down on coronavirus robocall scams (WashPost) Americans were bombarded with more than 132 million robocalls a day in March as the pandemic worsened. https://www.washingtonpost.com/business/2020/04/03/ftc-fcc-crack-down-coronavirus-robocall-scams/ ------------------------------ Date: Thu, 9 Apr 2020 22:22:53 -0400 From: Paul Wexelblat <wexelblat () gmail com> Subject: What about contact lenses? COVID-10 Curiosity — I have heard nothing about the care which should (must) be taken with contact lenses - Cleaning - Removal - Insertion [Use sterilized rubber tweezers? Return to your old-fashioned eye-glasses that you alcohol-wipe before putting them on? PGN] ------------------------------ Date: Thu, 9 Apr 2020 19:06:30 -0500 From: dmaziuk <dmaziuk () bmrb wisc edu> Subject: Re: Firefox Cloudflare DNS (RISKS-31.65) I had a bit of a Whaa??? moment on this, thank you Lauren for pointing this out and making me go to settings and change them back to "no proxy". Gotta wonder who at Firefox makes these kinds of decisions and what they are smoking. Changing my network settings behind my back and without notice is bad enough, resolving domain names differently in their product (so a different http client could take you to an entirely different server for the same URL -- and with a different chain of built-in "trusted" CA's, both could potentially be "very secure") is a whole 'nother story. I guess in Mozilla-verse two wrongs make a right, if one of them's really badly wrong. ------------------------------ Date: Fri, 10 Apr 2020 08:22:58 -0700 From: Rob Slade <rmslade () shaw ca> Subject: Re: A computer virus expert looks at CoVID-19 (RISKS-31.65) Let me say that I *absolutely* agree with the comments Peter excerpted and posted:
I will just say please don't allow the high frequency of contribution by a regular contributor lend a credibility to the quality of the contribution that isn't there when the topic is outside the contributor's expertise. (Perhaps this is a RISK in itself? A halo effect arising from contribution frequency?).
Particularly in a time of crisis, accurate and correct information is vital. Challenging (and, hopefully, correcting) errors is a function which becomes more important, not less, in an emergency situation. ------------------------------ Date: Mon, 14 Jan 2019 11:11:11 -0800 From: RISKS-request () csl sri com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-31.00 Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 31.66 ************************
Current thread:
- Risks Digest 31.66 RISKS List Owner (Apr 10)