RISKS-LIST: Risks-Forum Digest Thursday 29 May 2025 Volume 34 : Issue 66

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, founder and still moderator

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/34.66>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Deep Dive into Ronnie Dugger (Rebecca Mercuri with PGN comments)
Re: New NY voting machines face intense skepticism
(Steve Backer, Barry Gold)
Driverless Semi-Trucks Are Here, With Little Regulation and Big Promises
(The New York Times via Gabe Goldberg)
Quantum computers may crack RSA encryption with fewer qubits than expected
(phys.org)
Signal to Windows Recall: Drop dead (Computerworld)
Re: BMW remote software update issues spurious warnings (Steve Bacher)
Re: Artificial General Intelligence. (3daygoaty)
Re: COVID-19, Vaccinated first officer (Anthony Thorn)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Tue, 27 May 2025 16:58:25 -0400
From: DrM Rebecca Mercuri <notable@mindspring.com>
Subject: Deep Dive into Ronnie Dugger

[Ronnie was a spectacular journalist, always honest -- although a quote
that he did not always tell ALL OF THE TRUTH is apt. I have put Ronnie's
NYTimes obit up at on my private website, just for RISKS readers, because
his obit is amazing, reflecting his prescient nature:
https://www.csl.sri.com/users/neumann/
private/Ronnie-Dugger-Obit-NYTimes.pdf (PLEASE UNSPLIT IT.)
His passing deserves every bit of attention here, because he was with
us for a long part of his life. PGN]

2012 interview: https://www.statesman.com/story/news/2012/09/24/ronnie-dugger-the-free-man/9882398007/

Austin American Statesman Obituary: https://www.statesman.com/story/news/local/2025/05/27/ronnie-dugger-obit-texas-observer-founding-editor-died
-age-95/83825752007/

Dugger on the Kennedy Assassination (he was on the press bus behind the motorcade too far to have seen what happened --  RM:I was unaware, until
just now, that he was IN Dallas at the time, covering the President's
visit): -- Nov. 29, 1963: https://www.texasobserver.org/archives-last-voyage-mr-kennedy/ -- A retrospective on Dugger including his writings on Johnson and JFK from <https://spartacus-educational.com/JFKronnie_dugger.htm>
(This is a long but good read.)

"Dugger wrote several critical articles in the /The Texas Observer <http://www.texasobserver.org/>/ on the Warren Commission <https://spartacus-educational.com/JFKwarrenR.htm>. He was not convinced
that Lee Harvey Oswald <https://spartacus-educational.com/JFKoswald.htm> was
a lone gunman that killed President John F. Kennedy <https://spartacus-educational.com/USAkennedyJ.htm>. The most significant of these articles was November 22, 1963: The Case is not Closed (11th November 1966) and Batter Up (3rd February 1966)."

-- Scroll down the spartacus page for Dugger's acceptance speech on
accepting the George Polk Award for Journalism.

Texas Observer Interview 12/13/19 <https://www.texasobserver.org/texas-observer-founding-editor-ronnie-dugger-reflects-on-65-years-of-publicat
ion/>

Google AI on Ronnie Dugger 5/27/25: Ronnie Dugger is known for his public criticism of Lyndon B. Johnson, particularly after Johnson's perceived shift
to the right within the Democratic Party under the influence of Herman Brown and George R. Brown. Dugger, a political activist and author, has been
vocal about his concerns, especially regarding nuclear weapons and the potential for mass casualties in a nuclear war. He even questioned LBJ about the number of people who would be killed in such a conflict.

Here's a more detailed look:

* Political Disagreements: Dugger's criticism of Johnson stemmed from
his observation of Johnson's political evolution and his perceived
move away from the left side of the Democratic Party.
* Nuclear Weapons Concerns: Dugger has been a long-time critic of
nuclear weapons, questioning their morality and effectiveness.
* Public Criticism of Johnson: Dugger has publicly criticized LBJ's
policies and decisions, particularly regarding nuclear weapons and
the Vietnam War.
* Alliance for Democracy: In 1996, Dugger co-founded The Alliance for
Democracy, a grassroots populist organization, which further
demonstrates his political activism.
* Green Party Candidacy: In 2000, Dugger sought the Green Party's
nomination for the U.S. Senate in New York, showcasing his
engagement with various political platforms.

/AI responses may include mistakes./
[1] https://en.wikipedia.org/wiki/Ronnie_Dugger
[2] https://en.wikipedia.org/wiki/Lyndon_B._Johnson

Studs Terkel Radio Archive (interview of Ronnie Dugger): https://studsterkel.wfmt.com/programs/ronnie-dugger-discusses-his-book-politician-life-and-times-lyndon-johnson
[The book was an honest assessment, although Ronnie apparently tricked LBJ
into opening up his kimono because he expected a puff-piece from his
fellow Texan. PGN]

These may keep you busy for a while!

[I mentioned in the previous issue that Rebecca and I had both tried to
reach Ronnie as he was dying. I also mentioned our four-way relationgship
with NYState's Doug Keller dating back to 1988. Today I also received a
note from Doug Kellner, to me, Rebecca, and Jim Churchill -- whose mother
Mae Churchill were actually the fifth and sixth legs in the hexumvirate in
1988.

It's amazing! Just this morning I circulated Ronnie's 1988 New Yorker
article to the folks at the League of Women Voters added to the copy
list for this email. Rebecca, you, Ronnie and Peter are the folks who
introduced me to the election integrity issues that motivated me to get
involved in election administration for the last 45 years. Just this
morning, prompted by the NYLWV I opened Computer Related Risks for the
first time this year. Jim

[Well over 50 years ago, Mae Churchill started collecting documents
and clippings on election fraud. She invited both Rebecca and me to
visit her home in the Los Angeles area before we met Ronnie and Doug.
PGN]

[It also appears that Ronnie was reaching out to some of us in
letting us know of his impending death -- perhaps by shutting down
his cell phone. I am thankful that he wrote his own obit in the
Texas Observer, because he could have hidden more than he had
published. I am very happy that we are still around to honor his
memories. PGN]

------------------------------

Date: Wed, 28 May 2025 10:59:20 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: New NY voting machines face intense skepticism (RISKS-34.65)

Thank you for posting this item (and in its entirety).  All we hear from the regular media is "Trump is trying to muck up elections by making everyone
use paper ballots which will take forever to process."  This sheds some
light on the actual issues at hand.  I know RISKS has been calling attention to voting technology issues for a long time.  Your efforts in this regard
are highly appreciated.

[Thanks. Yes, election integrity was in vol 1 no 1, 40 years ago. PGN]

------------------------------

Date: Tue, 27 May 2025 13:24:04 -0700
From: Barry Gold <BarryDGold@ca.rr.com>
Subject: Re: New NY voting machines face intense skepticism (RISKS-34.65)

Using a computer-based voting system that does not leave a paper trail of
some sort is an invitation to large-scale fraud. It would be possible for
the manufacturer to insert a backdoor that would allow them to modify the
votes in any way they chose. And anybody with physical access to the
machines can insert "backdoors" that let them control the voting.

[That was Rebecca Mercuri's thesis 25 years ago. PGN]

And the laws in nearly every state require a provision for a recount, which pretty much requires a hardcopy ballot.

From the description of ExpressVote XL, it appears to be secure against

these kinds of attacks. In the event of a challenge, the paper ballots can
be be run through an independent tallying system and/or hand-counted. Any discrepancy between the human-readable hardcopy and the barcodes would be readily detected.

But the article mentions two other problems: 1. the system is expensive compared with other computer-assisted systems, and 2. voters report that it
was difficult to use.

I should mention that Los Angeles County (and maybe all of California?)
used a system similar to that described by Steve Bacher in at least one election where I voted. For all I know, it was the ExpressVote XL system.

I (having spent about half my 43-year career working on the security
problems in using computers for really important tasks) was quite satisfied with the process, except for a long line because there were only two
machines available.

------------------------------

Date: Wed, 28 May 2025 01:02:52 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Driverless Semi-Trucks Are Here, With Little Regulation and Big
Promises (The New York Times)

As the trucking industry struggles to recruit drivers, driverless trucks
won't need sleep, won't speed and won't get road rage. But experts and truck drivers say they are not a panacea.

And Ms. Griffin wondered if the lack of a driver might slow the response
time if an autonomous truck runs over a pedestrian, or freezes in the road
and gets rear-ended. (Mr. Urmson, the Aurora chief, declined to say how many people in a remote assistance center would be assigned to each robotruck.)

Semi-trucks, the skeptics note, bring dangers different from those posed by
the self-driving cars that have started to take over the streets of San Francisco, Phoenix, Austin and Las Vegas. The trucks are far heavier, and
need at least a football field's length to come to a complete stop at
highway speeds. Some carry flammable or hazardous materials.

The rollout of robocars has itself been bumpy. In Arizona in 2018, a
driverless car ran over a pedestrian walking a bicycle, killing her. In San Francisco and Austin, the vehicles have slowed emergency response times and caused accidents.

With larger vehicles, the critics say, the dangers multiply. The risks
seemed to crystallize on an Arizona highway in 2022, when an autonomous
truck with a driver aboard veered across Route 10 and careened into a
concrete barrier. (Nobody was hurt.)

“It’s potentially disastrous from a safety perspective,” said John Samuelsen, head of the Transport Workers Union of America, who is also
worried about trucking jobs being automated out of existence.

Mr. Samuelsen appears to have public opinion on his side. A survey conducted
by AAA this year found that 61 percent of motorists in the United States
feared self-driving vehicles and that 26 percent were unsure about them.

Mr. Urmson, the Aurora chief, vowed that his trucks would be safe. “We have something like 2.7 million tests that we run the system through,” he said.

https://www.nytimes.com/2025/05/27/business/driverless-semi-trucks-aurora-innovation.html?smid=nytcore-ios-share&referringSource=articleShare

------------------------------

Date: Wed, 28 May 2025 12:49:09 +0000
From: Richard Marlon Stein <rmstein@protonmail.com>
Subject: Quantum computers may crack RSA encryption with fewer qubits than
expected (phys.org)

https://phys.org/news/2025-05-quantum-rsa-encryption-qubits.html

"Some in the field have accepted a theory that a quantum computer capable of cracking such codes in a reasonable amount of time would have to have at
least 20 million qubits. In this new work, the team at Google suggests it
could theoretically be done with as few as a million qubits -— and it could be done in a week."

Whatever the quantity of qubits -- Mega or Giga -- the decoherence problem
must be mitigated sufficiently for the decipher to reliably complete.
Quantum computing seems to be evolving and refining capability like early supercomputers (see ILLIAC-IV).

There was an ILLIAC-IV installed at NASA AMES/Moffet Field in Silicon Valley. Armed guards patrolled the machine room as hydrophone and sonar data was crunched to detect Soviet submarine locations and predicted motion vectors.

The ILLIAC-IV's hardware was unstable: multiple runs (morning and afternoon batch) on the same input deck ensured output was reliable -- matched closely
-- before results were sent to Naval Ops.

[CORRECT. It was an 8x8 grid of special-purpose subcomputers.
Unfortunately. in that every one of the 64 subcomputers had to be
running, the probability of failure of each subcomputer was high enough
that the Illiac-4 crashed frequently; there was no recovery process other
than replacing the faulty grid component. The operating system was
minimal, designed by the same folks who designed the hardware, if I
recall correctly. It was the best they could do, but still a very
valuable early step. PGN]

Quantum decoherence is a stubborn problem. Will either Circular Rydberg qubits or nitrogen vacancy center diamond qubits lead to mass production of reliable quantum computation?

------------------------------

Date: Wed, 28 May 2025 02:43:13 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Signal to Windows Recall: Drop dead (Computerworld)

Quoting article:

Microsoft's Recall is a security disaster disguised as a feature. Messaging app Signal is doing what it can to block it. Windows, as all but the most besotted Microsoft fans know, has historically been a security
disaster. Seriously, what other program has a dedicated day each month to reveal its latest security holes?

But now, Windows Recall, the AI-powered *feature* that continuously takes snapshots of your screen to create a searchable timeline of everything you
do, has arrived for Copilot+ PCs running Windows 11 version 24H2 and newer.

After a year of controversy and multiple delays prompted by widespread
privacy and security concerns, Microsoft has significantly changed Recall’s architecture. The feature is now opt-in, requires Windows Hello biometric authentication, encrypts all snapshots locally, filters out sensitive data
such as credit card numbers, and allows users to filter out specific apps or websites from being captured.

I am so unimpressed. A few days ago, in the latest Patch Tuesday release, Microsoft revealed five -— count ’em, five! -— zero-day security holes in Windows alone. Do you expect me to trust Recall with a track record like
this?

Besides, even if I don't enable the feature, what if our beloved federal government decides that for our protection, it would be better if Microsoft turned on Recall for some users? After all, it’s almost impossible to run Windows these days without having a Microsoft ID, making it easy to pick and choose who gets what “update.”

https://www.computerworld.com/article/3994265/signal-to-windows-recall-drop-dead.html

------------------------------

Date: Wed, 28 May 2025 10:51:12 -0700
From: Steve Bacher <sebmb1@verizon.net>
Subject: Re: BMW remote software update issues spurious warnings

Note these two bullet points:

- The information regarding the fault was hidden at the end of a lengthy
message starting with uninformative boilerplate.

- The car's drivers are trained through this process to ignore messages
regarding potentially serious malfunctions.

This puts me in mind of the old joke "How was the food?  Like poison!  And such small portions!"

If users won't read the entire message they won't be led to ignore the malfunction indicator.

But I guess drivers are damned if they do and damned if they don't.

------------------------------

Date: Wed, 28 May 2025 11:56:53 +1000
From: 3daygoaty <threedaygoaty@gmail.com>
Subject: Re: Artificial General Intelligence. (Shamir and Ward, RISKS-34.64)

Here are some entertaining ephemera I picked up in my career studying AI
from the 1980s.

1. At IJCAI 93 in Chambery, France, I interviewed keynote Ian Havel, the
token philosopher there to question the dense AI hype at the conference. I asked him when we would have AGI. He said 100 years.

2. I can answer prompts for an hour and the energy I need can be obtained
from eating one Timtam. About eight-five Calories. I understand that ChatGPT4o needs about 120 million Timtams to do this same task. I just
bought some shares in Arnotts Biscuits.

3. I studied AI as part of thing called Cognitive Science in the 80s. The
idea was getting students ready for the inevitable AGI, for which I am
still waiting. My thesis caused trouble because I supposed that an AGI
would experience all the human bigotry we have dished out on anyone
different who is actually really clever. Apropos to Prof Shapir: the goal posts will be moved away from whatever AGI appears, perhaps due to
xenophobia?

------------------------------

Date: Wed, 28 May 2025 13:50:14 +0200
From: Anthony Thorn <anthony.thorn@atss.ch>
Subject: Re: COVID-19, Vaccinated first officer (RISKS-34.65)

... Mention of it [appeared to be] a throw-away line in what I ran here. ... PGN]

[I was WRONG. I did not read the cited source. PGN]

I strongly disagree. My impression was that the main point of the article
was to imply that COVID-19 Vaccination is dangerous.

And of course other outlets have taken up the meme, e.g.:

https://countylocalnews.com/2025/05/19/shocking-lufthansa-incident-pilotless-flight-for-10-minutes-lufthansa-flight-emergency-pilot-medical-emergency-aviation-safety-incident-2025/

The Role of COVID-19 Vaccination The situation has reignited discussions
about the implications of COVID-19 vaccinations on pilot health. ... This incident serves as a reminder that more research may be needed to understand the full effects of vaccinations on those in high-responsibility roles."

Have your readers forgotten that all Lufthansa pilots were vaccinated?
It was COMPULSORY. [I apparently had disfogotten that. PGN]

https://www.aerotime.aero/articles/28695-lufthansa-require-covid-19-shots-crew

The same for most other airlines (especially for international flights).

CBS: "Nearly all major airlines mandate COVID vaccine for employees" https://www.cbsnews.com/news/covid-19-vaccine-mandate-major-airlines/

So I can at least agree with PGN about it being "nonsense" ;-)

------------------------------

Date: Sat, 28 Oct 2023 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.

SUBSCRIPTIONS: The mailman Web interface can be used directly to

subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks

SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that

includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.

SPAM challenge-responses will not be honored. Instead, use an alternative

address from which you never send mail where the address becomes public!

The complete INFO file (submissions, default disclaimers, archive sites,

copyright policy, etc.) has moved to the ftp.sri.com site:
<risksinfo.html>.
*** Contributors are assumed to have read the full info file for guidelines!

OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's

delightfully searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-34.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.

Special Offer to Join ACM for readers of the ACM RISKS Forum:

<http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 34.66
************************

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)