[continued from previous message]

Subject: Super-rich preppers' planning to save themselves from the
apocalypse (The Guardian)

https://www.theguardian.com/news/2022/sep/04/super-rich-prepper-bunkers-apocalypse-survival-richest-rushkoff

Tech billionaires are buying up luxurious bunkers and hiring military
security to survive a societal collapse they helped create, but like
everything they do, it has unintended consequences

------------------------------

Date: Thu, 8 Sep 2022 07:33:35 -0600
From: Matthew Kruk <mkrukg@gmail.com>
Subject: Major telecoms sign deal to keep some phone services running during
future outages (CBC Canada)

https://www.cbc.ca/news/politics/champagne-telecommunications-agreement-1.6574900

------------------------------

Date: Fri, 09 Sep 2022 07:21:13 +0300
From: Mike Rechtman <mike@rechtman.com>
Subject: Israel: Health Ministry website faces cyberattack, oversea access
blocked (I14 News)

Pro-Iranian hackers based in Iraq, calling themself Altahrea Team, claimed responsibility for the cyberattack. Israel's Health Ministry website faced disrupted access to users abroad, reportedly due to a cyberattack, the
ministry said Sunday.

https://www.i24news.tv/en/news/israel/defense/1658119439-israel-health-ministry-website-faces-cyberattack-oversea-access-blocked

------------------------------

Date: Sat, 10 Sep 2022 08:07:32 -0500
From: Paul Robinson <paul@paul-robinson.us>
Subject: Groove.cm Breaks the Internet

I saw an ad for a service that has a lot of features. Then I discover it's free. It's https://groove.cm , offering a bunch of tools that I think I can
use (lots of marketing-related tools), and it claims it's free, no credit
card required, so, based on what the ad showed, I decided to check it out.

One of the things going through my head - which you should always keep in
mind when examining/checking out a free offer - is, "how are they going to monetize this?" Or more simply, how can they make money from something free? Because if they can't make money from *somewhere*, they aren't going to be around long. Very few things are subsidized in a way that someone else isn't paying, usually involuntarily, such as through taxes. Well, I discover they
do have and are offering is a free tier, with a number of nice looking
features available, but, they have paid tiers as well. This, I don't have a problem with. Since there are only two industries where the people who
consume their products "users" - software developers and drug dealers - it
is appropriate in both industries to offer a free sample of your wares to
get users hooked, then offer them the pricey stuff. It also mentions that
the prices on these are reduced, if you don't take them at sign up, they
will be more expensive later. This is also not unreasonable; getting people
to take an offering on the expectation that it's a limited-time offer is a common marketing tactic. Nothing that they are offering in any of the paid tiers is anything that I would need, the free tier appears to be more than enough, so I can decline all of them and take the "free forever" tier. So,
it asks for first name, last name, email address, username, password, and verify password. Nothing unusual here.

Well, anyway, I give the first four items, and am on the "password"
field. Accepting Firefox's suggestion to use a randomly-generated password
it creates for this occasion, I do, and I fill both fields with the same
long string of characters. I click on the submit button - labeled "Register"
I think - and it "bangs back" with an angry, red error message, saying all fields must be filled in. I'm looking to see if there's any other
fields. Nope, only then I discover both password fields are blanked out. I
must have done something wrong, so I have Firefox insert the random password
in both places and try again. Same problem.

At this point, it kind of dawns on me that maybe the password is *too long!*
I try using a shorter password, and, as too many people do, a password I've used elsewhere. This, it accepts. Bad practice. Shorter passwords are easier
to crack, and there are not really difficult ways to add tremendous levels
of security, (see https://xkcd.com/936/ for an example on how to increase password strength exponentially) especially since any conscientious website does not store passwords, only the hashes of passwords

If you think this is only what I'm complaining about, "just wait, there's more!"

It turns out it's a good idea that I used a password I can remember, because I'm going to need to use it again, because the screen changes to a blank
page with a black stripe across the top, and the message, "Our app is only optimized for use in Chrome. Please download it from here" with the last
word being a link that I presume is to Google's download site.

First, it might have been a good idea to tell me this *before* I registered. Second, if this is what people who will connect to it to see/use whatever I have used with them - one of the offerings is a free blog system as an alternative to Wordpress - will be told, that is going to cut off a large
part of the potential audience. Third, the World Wide Web - and the Internet
of which the web is just one of hundreds of services it can offer - are
built on open standards that are [i]not supposed to be proprietary.[/i]
(Yes, I know Chrome is open source, but if you mandate one specific browser, you've made your site proprietary to whatever features it offers and others don't.) It is this sort of expletives deleted] that damn near Balkanized
the early web, when people had to implement two versions of their site, one
for Internet Explorer browser users, and one for everyone else. For a lot of people, this was too much, and if you weren't using IE, you'd be told to download it. Just like now.

I can see no reason to restrict sites to one browser, and a lot of reasons
not to. First, is common practice. Huge, popular sites: Amazon, Google, Wikipedia, YouTube, Facebook, Twitter and hundreds of millions of others -
all work satisfactorily on all browsers.

This is bad practice, and just pure laziness, an unwillingness to go along
with the common standards that provide good experiences for website
users. Regressing back to the days of web Balkanization where if you were on the wrong browser, you got the equivalent treatment to someone from the
ghetto trying to better themselves, and being discriminated against.

This is wrong. Groove, fix your broken website, don't penalize people for
using "the wrong browser," and "play nice with others" by sticking with the huge number of non-proprietary technical standards that work on all
browsers.

------------------------------

Date: Thu, 8 Sep 2022 10:40:58 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: This $30 mouse jiggler makes it look like you're working when
you're not (CNBC)

- As employers surveil employees with productivity-monitoring software,
workers are turning to mouse jigglers.
- Mouse jigglers, or mouse movers, simulate cursor movement, preventing
your computer from going into sleep mode.
- CNBC's Sofia Pitt tested a mouse jiggler for a day.

Employers are monitoring productivity more than ever, in part thanks to the boom in remote work. <https://www.cnbc.com/2022/08/12/malcolm-gladwell-on-the-evolution-of-his-working-from-home-stance.html>

Employees are turning to gadgets to outsmart monitoring software. One such
tool is a mouse mover, or mouse jiggler, that's supposed to keep your screen on. I decided to give one a try to see if it works.

I learned about mouse jigglers on TikTok. A mouse mover is a device that
claims to be undetectable by your computer. As the name indicates, the
device simulates mouse movement, preventing your computer from going into
sleep mode.

So-called *tattleware*, or surveillance software is being installed on company-issued devices track employee screen time, keyboard usage, and
clicks. The mouse jiggler may not help with keyboard usage or clicks, but it should address screen time monitoring by keeping your computer's display on. *Here's how a mouse jiggler works*. [...]

<https://www.nytimes.com/wirecutter/blog/how-your-boss-can-spy-on-you/>

------------------------------

Date: Sat, 10 Sep 2022 16:06:09 -0700
From: geoff goodfellow <geoff@iconia.com>
Subject: Obsessively watching the news can make you mentally and physically
sick (Study Finds)

Keeping up with the latest news can be very bad for your health, according
to a new study. Researchers at Texas Tech University found that Americans
who obsessively follow the news are more likely to suffer from both physical and mental health problems, including anxiety and stress.

Those who constantly check the latest headlines end up with *significantly greater physical ill-being* than those who tune in less often, according to
the findings. The team adds that constantly keeping on top of the latest developments can lead to a vicious cycle where people always check for more updates, rather than tuning out after a quick read.

This can start interfering with people's personal lives, leaving them
feeling powerless and distressed about global events including the pandemic, the war in Ukraine, and climate change.

``Witnessing these events unfold in the news can bring about a constant
state of high alert in some people, kicking their surveillance motives into overdrive and making the world seem like a dark and dangerous place,'' says Bryan McLaughlin, associate professor of advertising at the College of Media and Communication at Texas Tech University, in a media release, 1 in 6 have
a *severely problematic* news addiction. [...]

https://studyfinds.org/part-of-the-brain-doomscrolling/ https://www.eurekalert.org/news-releases/962341 https://studyfinds.org/watching-news-can-make-you-sick/

------------------------------

Date: Wed, 7 Sep 2022 09:49:58 -0400
From: John Stewart <ivatt260@gmail.com>
Subject: Re: High Seas Deception: How Shady Ships Use GPS to Evade
International Law (NYTimes, RISKS-33.43)

The issue with spamming AIS is that, AIS transmitters if installed, (at
least for us non-professional boat owners), must have their own GPS decoder
and VHF antenna connection, by law from what I read.

And, the MMSI (ship international registration) number is "program once" in
the AIS box and not able to be changed by the user. (Satellite positioning
-- I'm not sure that qualifies as AIS, but I would not mind to be corrected)
to go dark by turning off the AIS box.

If I wanted to move myself, it would easier to just send a bunch of AIS
traffic from another box, but that is not an above-board commercial product
(as far as I know!) so one would have to some computer smarts to do this.

As an aside - the last time the Canadian SnowBirds aerobatic team were due
to fly over our area, I checked for ADS-B data from them so I could see if
they were getting close, and, well, I guess they don't send ADS-B...

------------------------------

Date: Mon, 5 Sep 2022 14:50:17 -0500
From: Craig Cottingham <craig.cottingham@gmail.com>
Subject: Re: Hand-counting elections riskier than computer counts?
(CNN, RISKS 33.43)

I am reminded of the old aphorism: âA person with one watch knows what time
it is -- but a person with two watches is never sure.

If the computer count and the hand count disagree, which one should be accepted?

------------------------------

Date: Mon, 5 Sep 2022 07:50:44 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: Honda Clocks Are Stuck 20 Years In The Past; There Isn't A Fix
(RISKS-33.43)

Link to article:

https://jalopnik.com/honda-clocks-are-stuck-20-years-in-the-past-and-this-mi-1848306970

------------------------------

Date: Sun, 04 Sep 2022 20:06:52 +0000
From: Henry Baker <hbaker1@pipeline.com>
Subject: Re: 3D gun printing operation busted in Calgary (Bacher, R-33.43)

[Im]moral hazard?

https://www.chron.com/news/houston-texas/article/Houston-3D-printed-gun-buyback-program-17345782.php

Houston man sells dozens of 3D-printed guns at city's first gun buyback.
The man traded in 62 3D-printed guns, often referred to as 'ghost guns,' and received $50 per gun. He claimed making the weapons cost only $3 each.
[Oops!!]

Which reminds me of other 'bounty' programs gone horribly/LOL wrong: https://en.wikipedia.org/wiki/Great_Hanoi_Rat_Massacre https://freakonomics.com/podcast/the-cobra-effect-2/

------------------------------

Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.

SUBSCRIPTIONS: The mailman Web interface can be used directly to

subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks

SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that

includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.

SPAM challenge-responses will not be honored. Instead, use an alternative

address from which you never send mail where the address becomes public!

The complete INFO file (submissions, default disclaimers, archive sites,

copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!

OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's

searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-33.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.

Special Offer to Join ACM for readers of the ACM RISKS Forum:

<http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 33.44
************************

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)