RISKS-LIST: Risks-Forum Digest Thursday 25 Jul 2024 Volume 34 : Issue 37 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator
***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/34.37> The current issue can also be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: When it comes to math, AI is dumb (Steve Lohr) Microsoft's Global Sprawl Under Fire After Historic Outage (WashPost) Why no public outrage over CrowdStrike/Microsoft and ATT failures? (John Rushby, Andy Poggio) Worldwide BSOD outage (via Rebecca Mercuri) Crowdstrike references (Cliff Kilby) Secure Boot is Completely Compromised (ArsTechnica via Wendy Grossman) Hackers could create traffic jams thanks to flaw in traffic-light controller, researcher says (TechCrunch) Encultured: an AI doomer’s video game startup pivots to medicine. It’ll be fine. (Pivot to AI) New findings shed light on risks and benefits of integrating AI into medical decision-making (medicalxpress.com) Steven Wilson Struggles To Hear That It's Not Him Singingxo AI-Created Songs (Blabbermouth) Limitless AI (Gabe Goldberg) AI captions (Jim Geissman) Switzerland now requires all government software to be open source (ZDNET) Bipartisan legislation that would require all users to use government IDs to access major websites advances in Senate (NBC News) LLM AI Bios (Rob Slade) Re: U.S. Gender Care Is Ignoring Science (Martin Ward) Re: In Ukraine War, AI Begins Ushering In an Age of Killer Robots (Amos Shapir) Re: Fwd: Ozone Hole Mk. II (Cliff Kilby) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Tue, 23 Jul 2024 10:23:22 PDT From: Peter G Neumann <neum...@csl.sri.com> Subject: When it comes to math, AI is dumb (Steve Lohr) Steve Lohr, *The New York Times* Business Section front page, 23 Jul 2024 Early computers followed rules. AI follows probabilities. But in mathematics, there is no probable answer, only the right one. ``This technology does brilliant things, but it doesn't do everything.'' Kristian Hammond ------------------------------ Date: Wed, 24 Jul 2024 10:44:35 -0400 (EDT) From: ACM TechNews <technews-edi...@acm.org> Subject: Microsoft's Global Sprawl Under Fire After Historic Outage"\ (WashPost) Cristiano Lima-Strong, Cat Zakrzewski, and Jeff Stein, *The Washington Post*, 20 Jul 2024 The July 19 computer outage resulting from a defective CrowdStrike update to Windows systems worldwide shines a spotlight on the global economy's dependence on Microsoft. Although Microsoft said only an estimated 8.5 million devices were impacted, accounting for less than 1% of computers running the Windows operating system, U.S. Federal Trade Commission Chair Lina Khan said it underscores "how concentration can create fragile systems." ------------------------------ Date: Tue, 23 Jul 2024 12:30:06 -0700 From: John Rushby <rus...@csl.sri.com> Subject: Why no public outrage over CrowdStrike/Microsoft and ATT failures? There's been plenty of anger at the consequences of these failures, but I'm surprised to see no public outrage over their causes. The CrowdStrike bug was apparently a null dereference in C++ code operating in kernel mode. First of all, this is an inexcusable failure of quality assurance and raises all manner of questions about CrowdStrike's competence. Why C++, why no static analysis and other checks? Then there's the whole rationale for the existence of this stuff. Why do organizations need a third-party virus detector? And why does it need to operate in kernel mode? Because Microsoft's OS is a pile of vulnerabilities. And why does it need to operate in kernel mode? And yet they tout Windows 365 as a security "solution". And we use it. Not to mention that their laggard design combined with ruthless business practices retarded human progress by a decade (compared with might have been from Engelbart/PARC/Apple). It's obvious that any adversary will have cyberattacks ready to go that will inflict greater and more lasting outages during any period of threat or conflict. Then there's the ATT debacle. The public suffers ever more intrusive and ponderous "security" procedures: cryptographically strong and frequently changed passwords, dual-factor authentication, you name it. These impose economic as well as personal costs. Yet in the entire history of computing I doubt there's been any widespread loss due to penetration of individual accounts: why bother when it's easier to get the whole lot from the corporate source? It seems to me that these failures of corporate competence and diligence are of the same order (and have the same source) as Boeing's safety failures, yet the public and government and legislature are not showing comparable outrage and investigative zeal. Why not? Is there something we should be doing? ------------------------------ Date: Tue, 23 Jul 2024 20:37:30 -0700 From: Andy Poggio <pog...@csl.sri.com> Subject: Why no public outrage over CrowdStrike/Microsoft and ATT failures? I am very sympathetic to John Rushby’s concerns, and concur with his analysis. With respect to Internet security, the guilty parties are the Internet creators, of which SRI was one of three -— the other two were BBN in Cambridge, MA and ISI in Santa Monica, CA. Vint Cerf at DARPA was a leader and driving force. We just didn’t consider security -— it was challenging enough to get things to work at all. To give you an example, in the 70s and 80s there were a few Packet Radio networks around (the precursor to cellular networks). One was in the the San Francisco Bay Area with its central router located at SRI. There were a number of radio nodes scattered around local mountain tops as well as in a van (a model of which is in SRI’s Menlo Park lobby) and other locations. Anybody could send a certain type of packet to a radio node. When the radio node received the packet and determined that it was this certain type, it executed a JUMP to the first word of the packet payload and executed whatever code the packet happened to contain. These packets were called “flying subroutines”. Why would anyone implement such a dangerous capability? 1. The mountaintop nodes had no connection to anything besides the radio connection. And, the nodes were time-consuming to reach physically. We needed to have the nodes make changes that we couldn’t predict in advance, and the nodes were very resource limited, especially RAM. The flying subroutines solved the problem in an effective, if insecure, way. 2. There were no bad guys. Essentially no one outside of the research community had ever heard of the Internet, let alone had any access to it. So security wasn’t yet an issue. To my knowledge, no malicious use of flying subroutines ever occurred. So, the take away is: let’s not do this again. And my question is: are we doing it again with AI and its currently, promising technologies, LLMs and friends? What security issues are not being addressed? [Some of you will remember the four-hour ARPAnet collapse on 27 Oct 1980, when multiple bit-corrupted once-a-minute status messages accidentally propagated, overflowing the buffers when the six-bit indices could not be deleted: A > B > C > A with unchecked wrap-around and the first-ever failure of the deletion algorithm for the previous status messages). There's an article in my ACM SIGSOFT Software Engineering Notes, vol 6 no 1. by Eric Rosen, Vulnerabilities of network control protocols, January 1981, pp. 6-8. It's online, along with all other SEN issues (thanks to Will Tracz). BBN learned that the status messages circulating on the net needed error-detection or even error-correction. PGN] ------------------------------ Date: Tue, 23 Jul 2024 16:31:21 -0400 From: DrM <nota...@mindspring.com> Subject: Worldwide BSOD outage Pete Buttigieg announced today that the Department of Transportation has opened an investigation into Delta over flight disruptions. (Search -- pete Buttigieg Delta -- for a whole bunch of other links to recent news coverage regarding that carrier.) Here's his recent postings on X: .@USDOT has opened an investigation into Delta Air Lines to ensure the airline is following the law and taking care of its passengers during continued widespread disruptions. All airline passengers have the right [PGN noted Delta's Delays Signal Slow Recovery from Tech Outage Christine Chung and Yan Zhuang, *The New York Times* Business Section front page, 23 Jul 2024 Scalded by Buttigieg for *unacceptable customer service*.] ------------------------------ Date: Wed, 24 Jul 2024 08:43:27 -0400 From: Cliff Kilby <cliffjki...@gmail.com> Subject: CrowdStrike references If your org had to do a manual recovery from CrowdStrike, you should probably rotate your BitLocker recovery keys, as this appears to have happened. https://old.reddit.com/r/sysadmin/comments/1ea5x7t/who_converted_all_of_their_bitlocker_keys_to_qr/ https://www.itsupportguides.com/knowledge-base/windows-10/windows-10-how-to-reset-bitlocker-recovery-key/ You should probably review your companies' secure token/authentication policies as well. I'm seeing a lot of admins needing to be written up, or An Excel sheet with every BitLocker recovery key? Shared? Google Sheets to generate the QR? I can sympathize with the problem of needing to manually key in a long password on lots of End-User Devices, or kiosk devices, but creating massive security vulnerabilities to expedite management... wait, no that's Windows. Nevermind, as you were. ------------------------------ Date: Thu, 25 Jul 2024 19:09:48 +0100 From: "Wendy M. Grossman" <wen...@pelicancrossing.net> Subject: Secure Boot is Completely Compromised (ArsTechnica_ https://arstechnica.com/security/2024/07/secure-boot-is-completely-compromised-on-200-models-from-5-big-device-makers/?utm_brand=arstechnica&utm_social-type=owned&utm_source=mastodon&utm_medium=social The worst is the device you think you can trust. ------------------------------ Date: Thu, 18 Jul 2024 22:53:34 -0400 From: Monty Solomon <mo...@roscom.com> Subject: Hackers could create traffic jams thanks to flaw in traffic-light controller, researcher says (TechCrunch) https://techcrunch.com/2024/07/18/hackers-could-create-traffic-jams-thanks-to-flaw-in-traffic-light-controller-researcher-says/ ------------------------------ Date: Sun, 21 Jul 2024 18:24:15 -0400 From: "Gabe Goldberg" <g...@gabegold.com> Subject: Encultured: an AI doomer’s video game startup pivots to medicine. It’ll be fine. (Pivot to AI) Encultured AI was started in 2022 by regulars of AI doomsday site LessWrong to work out new safety benchmarks for existential risk — whether the AI would turn us all into paperclips. [LessWrong, 2022] They needed some way to get humans to engage with the testing. So they thought: Let’s write a video game! [LessWrong, 2022] The comments rapidly filled with worries about a game AI somehow transmuting into a human-level AI, realizing it was being tested in a video game, and deciding to lie so it could escape the box and go full Skynet. Because these are normal worries about a video game. [LessWrong, 2022] We’re a bit safer now from the prospect of end-of-level bosses escaping into reality — because Encultured has pivoted to launching, not one, but two medical startups: HealthcareAgents and BayesMed! [HealthcareAgents; BayesMed] BayesMed will use AI for “Summarizing patient records; Linking records to medical best-practices; Organizing statistical reasoning about diagnoses and treatments.” Now, you might think this sounds rather more like an incredibly tempting way for a cheap organization to abuse an LLM. HealthcareAgents will “advocate for patients to get them early access to AI-enhanced healthcare services.” The problem patients actually have is being fobbed off onto a bot rather than a human, but anyway. Jaan Tallinn of Encultured has a track record of achievements, having co-founded Skype and Kazaa. But then he discovered LessWrong. Nowadays, his companies are writing paragraphs like this: [blog post] Our vision for 2027 and beyond remains similar, namely, the development of artificial general healthcare: Technological processes capable of repairing damage to a diverse range of complex systems, including human cells, organs, individuals, and perhaps even groups of people. Why so general? The multi-agent dynamical systems theory needed to heal internal conflicts such as auto-immune disorders may not be so different from those needed to heal external conflicts as well, including breakdowns in social and political systems. We don’t expect to be able to control such large-scale systems, but we think heal best word to describe our desired relationship with them: As a contributing member of a well-functioning whole. Remember that this is a pivot from writing video games. That’s one pretty versatile game AI. https://pivot-to-ai.com/2024/07/21/encultured-an-ai-doomers-video-game-startup-pivots-to-medicine-itll-be-fine/ ------------------------------ Date: Tue, 23 Jul 2024 10:11:34 +0000 From: Richard Marlon Stein <rmst...@protonmail.com> Subject: New findings shed light on risks and benefits of integrating AI into medical decision-making (medicalxpress.com) https://medicalxpress.com/news/2024-07-benefits-ai-medical-decision.html "Integration of AI into health care holds great promise as a tool to help medical professionals diagnose patients faster, allowing them to start treatment sooner," said NLM Acting Director, Stephen Sherry, Ph.D. "However, as this study shows, AI is not advanced enough yet to replace human experience, which is crucial for accurate diagnosis." IBM Watson déjà vu all over again? Human experience is like institutional or corporate memory: if you'd worked 'here' long enough, you would know what to do or where to go without asking a colleague for help. ------------------------------ Date: Wed, 24 Jul 2024 10:40:25 -0700 From: Steve Bacher <seb...@verizon.net> Subject: Steven Wilson Struggles To Hear That It's Not Him Singing AI-Created Songs (Blabbermouth) Acclaimed British musician, singer-songwriter and record producer Steven Wilson has expressed his concern for the rise of artificial intelligence in the music industry. His comments come after several songs used AI technology to "clone" his vocals and create new tracks. (Other artists comment as well.) https://blabbermouth.net/news/steven-wilson-struggles-to-hear-that-its-not-him-singing-a-i-created-songs-this-is-uncanny-almost-surreal ------------------------------ Date: Tue, 23 Jul 2024 19:52:56 -0400 From: Gabe Goldberg <g...@gabegold.com> Subject: Limitless AI Go beyond your mind’s limitations Personalized AI powered by what you’ve seen, said, and heard. https://www.limitless.ai/ All seeing/hearing/knowing/telling -- what could go wrong? ------------------------------ Date: Thu, 25 Jul 2024 08:47:43 -0700 From: Jim Geissman <jgeiss...@socal.rr.com> Subject: AI captions If you turn on closed captioning for BBC News on cable, you will see that the text is first put out on the screen and then corrected. It looks like there is AI, because often the initial text is nothing like the sounds being spoken, and the corrections totally change it. It seems to me the initial text is a chatbot-type guess at what will be said next, not an interpretation of the sounds, at least not initially. ------------------------------ Date: Wed, 24 Jul 2024 13:59:42 -0700 From: geoff goodfellow <ge...@iconia.com> Subject: Switzerland now requires all government software to be open source (ZDNET) *The United States remains reluctant to work with open source, but European countries are bolder.* Several European countries are betting on open-source software. In the United States, eh, not so much. In the latest news from across the Atlantic, Switzerland has taken a major step forward with its "Federal Law on the Use of Electronic Means for the Fulfillment of Government Tasks" (EMBAG). <https://datenrecht.ch/en/bundesgesetz-ueber-den-einsatz-elektronischer-mittel-zur-erfuellung-von-behoerdenaufgaben-embag-in-schlussabstimmung-angenommen/> This groundbreaking legislation mandates using open-source software (OSS) in the public sector. This new law requires all public bodies to disclose the source code of software developed by or for them unless third-party rights or security concerns prevent it. This "public money, public code" approach aims to enhance government operations' transparency, security, and efficiency. Also: German state ditches Microsoft for Linux and LibreOffice <https://www.zdnet.com/article/german-state-ditches-microsoft-for-linux-and-libreoffice/> Making this move wasn't easy. It began in 2011 when the Swiss Federal Supreme Court published its court application, Open Justitia, under an OSS license <https://www.openjustitia.ch/DE/interne_Open_Justitia.html>. The proprietary legal software company Weblaw <https://www.weblaw.ch/> wasn't happy about this. There were heated political and legal fights for more than a decade. Finally, the EMBAG was passed in 2023. Now, the law not only allows the release of OSS by the Swiss government or its contractors, but also requires the code to be released under an open-source license "unless the rights of third parties or security-related reasons would exclude or restrict this." [...] https://www.zdnet.com/article/switzerland-now-requires-all-government-software-to-be-open-source/ ------------------------------ Date: Thu, 25 Jul 2024 14:03:27 -0700 From: Lauren Weinstein <lau...@vortex.com> Subject: Bipartisan legislation that would require all users to use government IDs to access major websites advances in Senate (NBC News) Under the guise of "protect the children" (it would only actually hurt them in the long run), both parties continue to push legislation that would require all users of social media (and eventually, most sites) to link government IDs to their accounts, enabling new levels of privacy invasions, cybercrime when data leaks, massive government tracking, and worse. -L https://www.nbcnews.com/politics/congress/senate-push-forward-children-online-safety-bills-week-rcna163335 ------------------------------ Date: Thu, 25 Jul 2024 08:31:44 -0700 From: Rob Slade <rsl...@gmail.com> Subject: LLM AI Bios Did you know that large language models are described in the Bible? And not just in the New Testament. Isaiah 28:10 literally translates as, "For it is precept upon precept, precept upon precept; line upon line, line upon line; a little here, a little there." But, in the original Hebrew, it reads more like, "Tzav la-tzav, tzav la-tzav, kav la-kav, kav la-kav z=E2= =80=98eir sham, z=E2=80=98eir sham." In other words, what it is really saying is, "H= e keeps telling us blah blah blah blah blah." Both literally and idiomatically this is a *really* great description The bloom seems to be coming off the AI rose. Yes, corporations are still investing millions, and even billions, of dollars in artificial intelligence, mostly in companies that are pursuing the "Large Language Model" chimera. Initially, I thought that the large language models were a cute trick, and might possibly have some uses. As time went on, we found out about "hallucinations," disinformation, "jailbreaking," and a whole bunch of other problems with large language models. What we *didn't* find was any activity or process where the large language models were really useful. Businesses said we can use these large language models to automate mundane tasks. But, really, how mundane does the task have to get before we entrust it to a large language model? And if the task gets that mundane, is it really a task that we need to do? I am reminded of Peter Drucker's famous quote that there is nothing so useless as doing, efficiently, that which should not be done at all. So, for quite a while, my take on the large language models has been that they are a solution in search of a problem. Given the money being thrown at them, that search seems to have become more desperate. I have been doing presentations, to various groups, on artificial intelligence and the different types of approaches to the field that preceded the large language models, and would seem to be considerably different in approach. As well as the various risks, both in not pursuing artificial intelligence, and of pursuing artificial intelligence too avidly. Recently I was given a date for a presentation to a group that I knew would want a bio. I hate writing bios. I hate *listening* to bios, for that matter. They always seem to be full of stock phrases and puff pieces, and rather short on actual facts or reasons that I should listen to this particular person, who is doing this presentation not out of any particular interest in or insight into the topic, but as a means of reaching for the next rung on the ladder of fame and success. I hate doing them, on myself. So, I thought it would be amusing to have ChatGPT write a bio of me. ChatGPT is, after all, the tool that pretty much everybody thinks about when they think about the large language models. In order to see how much the technology has improved over the past few months, I decided to also submit the same request to Claude, the tool from Anthropic. (Claude is supposed to have better "guard rails" against jailbreaking, than does ChatGPT.) And, today, Meta announced Llama 3.1, so I included Meta AI. Well, It was somewhat amusing. But it has also become part of my presentation. The bios that all three systems produced point out, in large measure, the problems associated with the large language models of artificial intelligence. Rob Slade was born, variously, in 1948, 1952, and "the 1950's." That last is accurate, but rather imprecise. I had not known that there was so much controversy over the date of my birth (although I *was* very young, at the time), especially since it is not exactly a secret. So, some of the material is purely in error. I have absolutely no idea where they got 1952 and 1948 from. I also wonder why all three systems decided that it is important to give the year of my birth, but none mentions where I was born, or lived most of my life, or, indeed, where I live now. (Claude *did* manage to figure out that I am Canadian.) Again, there is no particular secret about this. I gave them a three hundred word limit, and, somewhat to my surprise, given the weird and wonderful errors that LLMs seem to be capable of making, all three did come in "under budget," at 246, 268, and 279 words. All three systems wasted an awful lot of their word count on what could primarily be called promotional or sales material. I had noted that this is a tendency in the large language models. This isn't terribly surprising, given that most of the material that they would have been able to abstract from the Internet, would have been primarily sales, marketing, or other promotional material. I don't know whether this speaks to the tendency, on the part of the large language models, to hallucinate. It is nice to know that I am renowned, with a career spanning several decades, have made significant contributions to the field of cybersecurity, authoring numerous books and papers, with a solid foundation for my expertise, I'm influential and my publications have served as essential resources for both novices and seasoned professionals, I give engaging presentations, and my ability to demystify complex security concepts make me a sought-after speaker and educator, with a career marked by significant achievements and a commitment to advancing the field of information security, my work has been instrumental in shaping the understanding of digital threats and has left an indelible mark on the information security landscape. My legacy serves as a testament to the importance of dedication, expertise, and innovation in the ever-evolving landscape of information security. You will note that none of these claims are really verifiable, and so they are also basically unchallengeable. On the other hand, my contributions have been recognized with several awards. (Well, I *did* get a mug from IBM, at an event ...) I am also known as "The Father of Viruses." Oh, gee, thanks, Meta. ChatGPT found three of my books, Claude two, and Meta one. Nobody found all five. There are other Robert Slades on the Internet. Over thirty years ago we had the "Robert Slade Internet Club, with a membership of about a dozen. There is a Robert Slade who publishes on Greek pottery and inscriptions, another who publishes on fishing lures, another who teaches mathematics, and another who is a DJ for events and parties. In order to give AI the best chance, I specified that I wanted a biography of the Robert Slade who was an information security expert. To their credit, none of the models came up with specific references to the publications of these other Robert Slades. ------------------------------ Date: Mon, 22 Jul 2024 10:27:35 +0100 From: Martin Ward <mward...@gmail.com> Subject: Re: U.S. Gender Care Is Ignoring Science (Pamela Paul, RISKS-34.36) [Thanks to Martin for debunking this item. I ran it because I generally trust *The New York Times* fact checkers -- although sometimes only a few days later. PGN] > Imagine a comprehensive review of research on a treatment for > children found ``remarkably weak evidence'' that it was effective. The so-called "comprehensive review" is the UK Cass Report which has been widely criticised for ignoring 98% of the published science: because these studies did not use double-blind testing. But in a medical environment where a treatment is already known to be effective, double-blind testing is unethical and evil. Even so the following quotes are instructive: "After 4 years of research the Cass Report found that only 10 youths out of 3,488 had stopped transition-related treatments" "The report also recommends to spend millions and create regional clinics to better serve trans populations" "In a new interview, Cass contradicts many parts of her own report. She said that hormone blockers are prescribed too late and hormone treatment should be available based on individual needs. Either she has not read her report or has already changed her mind" This page contains links to 51 published studies that found that gender transition improves the well-being of transgender people. There are only 4 studies that contain mixed or null findings on the effect of gender transition on transgender well-being. https://whatweknow.inequality.cornell.edu/topics/lgbt-equality/what-does-the-scholarly-research-say-about-the-well-being-of-transgender-people/ We conducted a systematic literature review of all peer-reviewed articles published in English between 1991 and June 2017 that assess the effect of gender transition on transgender well-being. We identified 55 studies that consist of primary research on this topic, of which 51 (93%) found that gender transition improves the overall well-being of transgender people, while 4 (7%) report mixed or null findings. We found no studies concluding that gender transition causes overall harm. As an added resource, we separately include 17 additional studies that consist of literature reviews and practitioner guidelines. ------------------------------ Date: Mon, 22 Jul 2024 17:13:32 +0300 From: Amos Shapir <amos...@gmail.com> Subject: Re: In Ukraine War, AI Begins Ushering In an Age of Killer Robots (The New York Times, RISKS-34.36) Meanwhile, in Lebanon: https://www.timesofisrael.com/top-hezbollah-field-commander-killed-in-idf-drone-strike-in-south-lebanon/ Makes one wonder... ------------------------------ Date: Sat, 13 Jul 2024 14:56:15 -0400 From: Cliff Kilby <cliffjki...@gmail.com> Subject: Re: Fwd: Ozone Hole Mk. II (Ward) https://phys.org/news/2024-06-satellite-megaconstellations-jeopardize-recovery-ozone.html Dr Ward, As to the amount, and its relation to the background amounts, I have to admit my ignorance. My point was that humanity has already once started a mass consumer epidemic that severely impacted the ozone layer, from which we still have not recovered. This article points to a source of long-tail reactions which will tend to produce the same effects that Montreal was drafted to fix. This is even more of a concern with each launch burning vast quantities of carbon. SpaceX Merlin is RP-1 fueled (https://en.m.wikipedia.org/wiki/SpaceX_Merlin). Other rockets use other fuels like the Ariane Vulcan ( https://en.m.wikipedia.org/wiki/Ariane_5). But, all indications seem to be that bulk hydrogen is not carbon neutral as the feedstock is still mostly methane, and that carbon isn't being sequestered during reforming. This uncaptured carbon makes grey H and has the same net results as burning the feedstock directly. As of 2023, less than 1% of dedicated hydrogen production is low-carbon, i.e. blue hydrogen, green hydrogen, and hydrogen produced from biomass ( https://www.iea.org/energy-system/low-emission-fuels/hydrogen). I find it hard to believe that the cost of installing a network of microwave backhauls or 4g+ cell towers is more expensive than having to renew an entire constellation every decade. This is especially difficult to believe considering cell coverage maps ( https://www.cellularmaps.com/5g-coverage/). I know those are US biased, but most of the US is not densely populated, yet we've managed to almost fill the map. ------------------------------ Date: Sat, 28 Oct 2023 11:11:11 -0800 From: risks-requ...@csl.sri.com Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: The mailman Web interface can be used directly to subscribe and unsubscribe: http://mls.csl.sri.com/mailman/listinfo/risks => SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that includes the string `notsp'. Otherwise your message may not be read. *** This attention-string has never changed, but might if spammers use it. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you never send mail where the address becomes public! => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) has moved to the ftp.sri.com site: <risksinfo.html>. *** Contributors are assumed to have read the full info file for guidelines! => OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's delightfully searchable html archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue. Also, ftp://ftp.sri.com/risks for the current volume/previous directories or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume If none of those work for you, the most recent issue is always at http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00 ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001) *** NOTE: If a cited URL fails, we do not try to update them. Try browsing on the keywords in the subject line or cited article leads. Apologies for what Office365 and SafeLinks may have done to URLs. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 34.37 ************************
