<?xml version="1.0" encoding="UTF-8"?>
 <rdf:RDF xmlns="http://purl.org/rss/1.0/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:cc="http://web.resource.org/cc/" xmlns:syn="http://purl.org/rss/1.0/modules/syndication/" xmlns:admin="http://webns.net/mvcb/">
  <channel rdf:about="http://pinboard.in">
    <title>Pinboard (jm)</title>
    <link>https://pinboard.in/u:jm/public/</link>
    <description>recent bookmarks from jm</description>
    <items>
      <rdf:Seq>	<rdf:li rdf:resource="https://berryvilleiml.com/wp-content/uploads/BIML-LLM24.pdf"/>
	<rdf:li rdf:resource="https://heatherburns.tech/2024/04/29/cheers-ross/"/>
	<rdf:li rdf:resource="https://aisnakeoil.substack.com/p/a-misleading-open-letter-about-sci"/>
	<rdf:li rdf:resource="https://twitter.com/zalaly/status/1529494830820335617"/>
	<rdf:li rdf:resource="https://www.thelancet.com/journals/laninf/article/PIIS1473-3099(22)00223-7/fulltext"/>
	<rdf:li rdf:resource="https://pluralistic.net/2021/11/10/elfin-safety/#mene-mene-tekel"/>
	<rdf:li rdf:resource="https://www.theguardian.com/world/2021/apr/09/tui-plane-serious-incident-every-miss-on-board-child-weight-birmingham-majorca?CMP=Share_AndroidApp_Other"/>
	<rdf:li rdf:resource="https://thebulletin.org/2020/02/the-us-government-insurance-scheme-for-nuclear-power-plant-accidents-no-longer-makes-sense/"/>
	<rdf:li rdf:resource="https://twitter.com/colmmacc/status/978438909834117120"/>
	<rdf:li rdf:resource="http://catless.ncl.ac.uk/Risks/23.07.html#subj10"/>
	<rdf:li rdf:resource="https://motherboard.vice.com/en_us/article/space-weather-cosmic-rays-voting-aaas"/>
	<rdf:li rdf:resource="https://medium.com/making-instapaper/instapaper-outage-cause-recovery-3c32a7e9cc5f#.39bn4xjas"/>
	<rdf:li rdf:resource="http://illmatics.com/Remote%20Car%20Hacking.pdf"/>
	<rdf:li rdf:resource="http://www.theguardian.com/money/2014/dec/14/amazon-glitch-prices-penny-repricerexpress"/>
	<rdf:li rdf:resource="https://www.reddit.com/r/talesfromtechsupport/comments/2mkmlm/the_boss_has_malware_again/"/>
	<rdf:li rdf:resource="http://www.thehindu.com/news/national/karnataka/how-the-biometric-system-has-failed-hard-working-people/article5125374.ece"/>
	<rdf:li rdf:resource="http://jefferai.org/2013/03/24/too-perfect-a-mirror/"/>
	<rdf:li rdf:resource="http://www.popularmechanics.com/technology/aviation/crashes/what-really-happened-aboard-air-france-447-6611877"/>
	<rdf:li rdf:resource="http://voices.washingtonpost.com/securityfix/2009/07/clampi_trojan_the_rise_of_matr.html?wprss=securityfix"/>
      </rdf:Seq>
    </items>
  </channel><item rdf:about="https://berryvilleiml.com/wp-content/uploads/BIML-LLM24.pdf">
    <title>_An Architectural Risk Analysis of Large Language Models_ [pdf]</title>
    <dc:date>2024-07-15T14:36:33+00:00</dc:date>
    <link>https://berryvilleiml.com/wp-content/uploads/BIML-LLM24.pdf</link>
    <dc:creator>jm</dc:creator><description><![CDATA[The Berryville Institute of Machine Learning presents "a basic architectural risk analysis (ARA) of large language models (LLMs), guided by an understanding of standard machine learning (ML) risks as previously identified".

"This document identifies a set of 81 specific risks associated with an LLM application and its LLM foundation model. We organize the risks by common component and also include a number of critical LLM black box foundation model risks as well as overall system risks. Our risk analysis results are meant to help LLM systems engineers in securing their own particular LLM applications. We present a list of what we consider to be the top ten LLM risks (a subset of the 81 risks we identify).

In our view, the biggest challenge in secure use of LLM technology is understanding and managing the 23 risks inherent in black box foundation models. From the point of view of an LLM user (say, someone writing an application with an LLM module, someone using a chain of LLMs, or someone simply interacting with a chatbot), choosing which LLM foundation model to use is confusing. There are no useful metrics for users to compare in order to make a decision about which LLM to use, and not much in the way of data about which models are best to use in which situations or for what kinds of application.

Opening the black box would make these decisions possible (and easier) and would in turn make managing hidden LLM foundation risks possible. For this reason, we are in favor of regulating LLM foundation models. Not only the use of these models, but the way in which they are built (and, most importantly, out of what) in the first place."

This is excellent as a baseline for security assessment of LLM-driven systems. (via Adam Shostack)]]></description>
<dc:subject>security infosec llms machine-learning biml via:adam-shostack ai risks</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:91d02bc3b8f3/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:infosec"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:llms"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:machine-learning"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:biml"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:via:adam-shostack"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:risks"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://heatherburns.tech/2024/04/29/cheers-ross/">
    <title>Heather Burns farewells Ross Anderson</title>
    <dc:date>2024-04-29T13:45:53+00:00</dc:date>
    <link>https://heatherburns.tech/2024/04/29/cheers-ross/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Worth it for this fantastic single sentence quote from Anderson:

<blockquote>"The idea that complex social problems are amenable to cheap technical solutions is the siren song of the software salesman and has lured many a gullible government department on to the rocks."</blockquote>

touché...]]></description>
<dc:subject>aphorisms ross-anderson tech risks government technology</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:cb5d5dd45a1c/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:aphorisms"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ross-anderson"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:tech"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:risks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:government"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:technology"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://aisnakeoil.substack.com/p/a-misleading-open-letter-about-sci">
    <title>A misleading open letter about sci-fi AI dangers ignores the real risks</title>
    <dc:date>2023-03-31T08:59:22+00:00</dc:date>
    <link>https://aisnakeoil.substack.com/p/a-misleading-open-letter-about-sci</link>
    <dc:creator>jm</dc:creator><description><![CDATA[This essay is spot on about the recent AI open letter from the Future of Life Institute, asking for "a 6-month pause on training language models “more powerful than” GPT-4":

<blockquote>Over 1,000 researchers, technologists, and public figures have already signed the letter. The letter raises alarm about many AI risks:

"Should we let machines flood our information channels with propaganda and untruth? Should we automate away all the jobs, including the fulfilling ones? Should we develop nonhuman minds that might eventually outnumber, outsmart, obsolete and replace us? Should we risk loss of control of our civilization?"

We agree that misinformation, impact on labor, and safety are three of the main risks of AI. Unfortunately, in each case, the letter presents a speculative, futuristic risk, ignoring the version of the problem that is already harming people. It distracts from the real issues and makes it harder to address them. The letter has a containment mindset analogous to nuclear risk, but that’s a poor fit for AI. It plays right into the hands of the companies it seeks to regulate. 
</blockquote>

Couldn't agree more.
]]></description>
<dc:subject>ai scifi future risks gpt-4 regulation</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:4292c5fac6fe/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ai"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:scifi"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:future"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:risks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:gpt-4"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:regulation"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://twitter.com/zalaly/status/1529494830820335617">
    <title>Vaccines provide poor protection against Long Covid</title>
    <dc:date>2022-05-26T08:53:01+00:00</dc:date>
    <link>https://twitter.com/zalaly/status/1529494830820335617</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Well, this is some worrying news: based on this study of 13 million people in Nature Medicine, COVID-19 vaccines only reduce Long Covid risk by 15%, with the largest risk reduction in blood clots and pulmonary sequelae, but less protection of other organ systems.

Also, post-vaccination, immunocompromised people have a higher risk of Long Covid than others.

As the author says: "Now that we know that vaccines are not sufficient as a sole line of defense, we need to urgently develop and deploy additional layers of protection to reduce risk of Long Covid. These may include vaccines specifically designed to reduce risk of Long Covid, and therapeutics that could be taken in the acute phase to reduce risk. Paxlovid and other antivirals must be urgently tested in trials for Long Covid."

(via Akiko Iwasaki)]]></description>
<dc:subject>long-covid covid-19 vaccines risks disease paxlovid papers</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:3fa82bee0b68/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:long-covid"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:covid-19"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:vaccines"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:risks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:disease"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:paxlovid"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:papers"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.thelancet.com/journals/laninf/article/PIIS1473-3099(22)00223-7/fulltext">
    <title>Venous or arterial thrombosis and deaths among COVID-19 cases: a European network cohort study - The Lancet Infectious Diseases</title>
    <dc:date>2022-05-16T10:24:31+00:00</dc:date>
    <link>https://www.thelancet.com/journals/laninf/article/PIIS1473-3099(22)00223-7/fulltext</link>
    <dc:creator>jm</dc:creator><description><![CDATA["For people with a positive PCR test or a diagnosis of COVID-19, 90-day cumulative incidence ranged from 0.2% to 0.8% for venous thromboembolism and 0.1% to 0.8% for arterial thromboembolism".

Those are _very_ high incidences for these rare and very risky conditions.]]></description>
<dc:subject>thromboembolism risks covid-19 sars-cov-2 papers embolism thrombosis health</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:0732db44c454/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:thromboembolism"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:risks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:covid-19"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:sars-cov-2"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:papers"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:embolism"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:thrombosis"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:health"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://pluralistic.net/2021/11/10/elfin-safety/#mene-mene-tekel">
    <title>&quot;Risk compensation&quot; is garbage</title>
    <dc:date>2021-11-23T12:16:50+00:00</dc:date>
    <link>https://pluralistic.net/2021/11/10/elfin-safety/#mene-mene-tekel</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>Risk compensation does occur in very narrow and specific circumstances, but all the studies purporting to show that it is a widespread, predictable outcome of any safety regulation have failed to replicate. [...]

Risk compensation and health-and-safety panic are both part of a safety nihilism campaign that serves big business's deregulatory agenda, and the cruel moralizing of right wing religious maniacs, the traditional turkeys-voting-for-Christmas coalition.

But risk compensation is especially salient in these covid days, where it's being used to fight rapid testing ("encourages risky behavior").</blockquote>

]]></description>
<dc:subject>risk-compensation risks safety</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:ea9d02f5fca1/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:risk-compensation"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:risks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:safety"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.theguardian.com/world/2021/apr/09/tui-plane-serious-incident-every-miss-on-board-child-weight-birmingham-majorca?CMP=Share_AndroidApp_Other">
    <title>Tui plane in ‘serious incident’ due to software bug</title>
    <dc:date>2021-04-09T08:21:32+00:00</dc:date>
    <link>https://www.theguardian.com/world/2021/apr/09/tui-plane-serious-incident-every-miss-on-board-child-weight-birmingham-majorca?CMP=Share_AndroidApp_Other</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Holy cow this could have been pretty serious:

<blockquote>A software mistake caused a Tui flight to take off heavier than expected as female passengers using the title “Miss” were classified as children, an investigation has found.

The departure from Birmingham airport to Majorca with 187 passengers on board was described as a “serious incident” by the Air Accidents Investigation Branch (AAIB).

An update to the airline’s reservation system while its planes were grounded due to the coronavirus pandemic led to 38 passengers on the flight being allocated a child’s “standard weight” of 35kg as opposed to the adult figure of 69kg.  This caused the load sheet – produced for the captain to calculate what inputs are needed for take-off – to state that the Boeing 737 was more than 1,200kg lighter than it actually was.</blockquote>

]]></description>
<dc:subject>flight aviation bugs risks software flying tui titles i18n</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:fc94152fdea8/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:flight"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:aviation"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:bugs"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:risks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:software"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:flying"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:tui"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:titles"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:i18n"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://thebulletin.org/2020/02/the-us-government-insurance-scheme-for-nuclear-power-plant-accidents-no-longer-makes-sense/">
    <title>The Bulletin of the Atomic Scientists on nuclear power plant risks</title>
    <dc:date>2020-03-05T10:34:50+00:00</dc:date>
    <link>https://thebulletin.org/2020/02/the-us-government-insurance-scheme-for-nuclear-power-plant-accidents-no-longer-makes-sense/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>The Japan Center for Economic Research, a source sympathetic to nuclear power, recently put the long-term costs of the 2011 Fukushima accident as about $750 billion. [...]

The main public risk of nuclear power plants comes from rare but devastating nuclear accidents. Because data on such accidents is sparse, the probability of their occurrence has to be calculated on the basis of a model, rather than obtained from experience. Moreover, the extent of an accident and its monetary consequences are postulated on the basis of models that are limited by analysts’ imagination. Who would have imagined, for example, that the Fukushima accident would involve several reactors? Or that Japan would subsequently shut down all its other nuclear power plants?</blockquote>]]></description>
<dc:subject>fukushima nuclear nukes power risks danger probability insurance nuclear-power reactors</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:cbdecda4acb6/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:fukushima"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:nuclear"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:nukes"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:power"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:risks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:danger"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:probability"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:insurance"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:nuclear-power"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:reactors"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://twitter.com/colmmacc/status/978438909834117120">
    <title>Colm MacCárthaigh on TLS 1.3 and the risks of 0-RTT</title>
    <dc:date>2018-03-27T21:11:25+00:00</dc:date>
    <link>https://twitter.com/colmmacc/status/978438909834117120</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>here's my advice: if you see a server supporting 0-RTT and that server doesn't give you an iron-clad guarantee that when the key is used, it's deleted, and that your EARLY CONVERSATION can't be repeated ... don't use it.</blockquote>

]]></description>
<dc:subject>colmmacc tls security ssl risks networking crypto</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:546abaf443d3/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:colmmacc"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:tls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ssl"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:risks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:networking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:crypto"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://catless.ncl.ac.uk/Risks/23.07.html#subj10">
    <title>Don Norman on &quot;Human Error&quot;, RISKS Digest Volume 23 Issue 07 2003</title>
    <dc:date>2018-01-15T15:02:01+00:00</dc:date>
    <link>http://catless.ncl.ac.uk/Risks/23.07.html#subj10</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>It is far too easy to blame people when systems fail. The result is that
over 75% of all accidents are blamed on human error.  Wake up people! When
the percentage is that high, it is a signal that something else is at fault
-- namely, the systems are poorly designed from a human point of view. As I
have said many times before (even within these RISKS mailings), if a valve
failed 75% of the time, would you get angry with the valve and simply
continual to replace it? No, you might reconsider the design specs. You would
try to figure out why the valve failed and solve the root cause of the
problem. Maybe it is underspecified, maybe there shouldn't be a valve there,
maybe some change needs to be made in the systems that feed into the valve.
Whatever the cause, you would find it and fix it. The same philosophy must
apply to people.</blockquote>

]]></description>
<dc:subject>don-norman ux ui human-interface human-error errors risks comp.risks failures</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:dbe5f8ce9cce/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:don-norman"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ux"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ui"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:human-interface"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:human-error"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:errors"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:risks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:comp.risks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:failures"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://motherboard.vice.com/en_us/article/space-weather-cosmic-rays-voting-aaas">
    <title>How Space Weather Can Influence Elections on Earth - Motherboard</title>
    <dc:date>2017-02-20T14:40:54+00:00</dc:date>
    <link>https://motherboard.vice.com/en_us/article/space-weather-cosmic-rays-voting-aaas</link>
    <dc:creator>jm</dc:creator><description><![CDATA[oh, god -- I'm not keen on this take: how's about designing systems that recognise the risks?

<blockquote>"Everything was going fine, but then suddenly, there were an additional 4,000 votes cast. Because it was a local election, which are normally very small, people were surprised and asked, 'how did this happen?'"

The culprit was not voter fraud or hacked machines. It was a single event upset (SEU), a term describing the fallout of an ionizing particle bouncing off a vulnerable node in the machine's register, causing it to flip a bit, and log the additional votes. The Sun may not have been the direct source of the particle—cosmic rays from outside the solar system are also in the mix—but solar-influenced space weather certainly contributes to these SEUs.</blockquote>]]></description>
<dc:subject>bit-flips science elections voting-machines vvat belgium bugs risks cosmic-rays</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:82f747a43970/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:bit-flips"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:science"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:elections"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:voting-machines"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:vvat"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:belgium"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:bugs"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:risks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:cosmic-rays"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://medium.com/making-instapaper/instapaper-outage-cause-recovery-3c32a7e9cc5f#.39bn4xjas">
    <title>Instapaper Outage Cause &amp; Recovery</title>
    <dc:date>2017-02-14T10:42:03+00:00</dc:date>
    <link>https://medium.com/making-instapaper/instapaper-outage-cause-recovery-3c32a7e9cc5f#.39bn4xjas</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Hard to see this as anything other than a pretty awful documentation fail by the AWS RDS service:

<blockquote>Without knowledge of the pre-April 2014 file size limit, it was difficult to foresee and prevent this issue. As far as we can tell, there’s no information in the RDS console in the form of monitoring, alerts or logging that would have let us know we were approaching the 2TB file size limit, or that we were subject to it in the first place. Even now, there’s nothing to indicate that our hosted database has a critical issue.</blockquote>

]]></description>
<dc:subject>limits aws rds databases mysql filesystems ops instapaper risks</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:70ad5bf26582/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:limits"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:aws"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:rds"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:databases"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:mysql"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:filesystems"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ops"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:instapaper"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:risks"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://illmatics.com/Remote%20Car%20Hacking.pdf">
    <title>background doc on the Jeep hack</title>
    <dc:date>2015-08-11T13:05:52+00:00</dc:date>
    <link>http://illmatics.com/Remote%20Car%20Hacking.pdf</link>
    <dc:creator>jm</dc:creator><description><![CDATA["Remote Exploitation of an Unaltered Passenger Vehicle", by Dr. Charlie Miller (cmiller@openrce.org) and Chris Valasek (cvalasek@gmail.com).  QNX, unauthenticated D-Bus, etc.

<blockquote>
'Since a vehicle can scan for other vulnerable vehicles and the exploit doesn’t require any user interaction, it would be possible to write a worm. This worm would scan for vulnerable vehicles, exploit them with their payload which would scan for other vulnerable vehicles, etc. This is really interesting and scary. Please don’t do this. Please.'
</blockquote>]]></description>
<dc:subject>jeep hacks exploits d-bus qnx cars safety risks</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:679039190480/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:jeep"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:hacks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:exploits"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:d-bus"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:qnx"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:cars"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:safety"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:risks"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.theguardian.com/money/2014/dec/14/amazon-glitch-prices-penny-repricerexpress">
    <title>Amazon sellers hit by nightmare before Christmas as glitch cuts prices to 1p | Technology | The Guardian</title>
    <dc:date>2014-12-14T19:39:32+00:00</dc:date>
    <link>http://www.theguardian.com/money/2014/dec/14/amazon-glitch-prices-penny-repricerexpress</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>From 7-8pm on Friday, [RepricerExpress] software, used by third-party sellers to ensure their products are the cheapest on the market, went a bit haywire and reduced prices to as little as 1p.</blockquote>

]]></description>
<dc:subject>1p amazon resellers repricer-express fail price-cutting automation risks undercutting</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:10f434e3efd7/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:1p"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:amazon"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:resellers"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:repricer-express"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:fail"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:price-cutting"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:automation"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:risks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:undercutting"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="https://www.reddit.com/r/talesfromtechsupport/comments/2mkmlm/the_boss_has_malware_again/">
    <title>The boss has malware, again... : talesfromtechsupport</title>
    <dc:date>2014-11-21T20:46:39+00:00</dc:date>
    <link>https://www.reddit.com/r/talesfromtechsupport/comments/2mkmlm/the_boss_has_malware_again/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[<blockquote>Finally after all traditional means of infection were covered; IT started looking into other possibilities. They finally asked the Executive, “Have there been any changes in your life recently”? The executive answer “Well yes, I quit smoking two weeks ago and switched to e-cigarettes”. And that was the answer they were looking for, the made in china e-cigarette had malware hard coded into the charger and when plugged into a computer’s USB port the malware phoned home and infected the system. Moral of the story is have you ever question the legitimacy of the $5 dollar EBay made in China USB item that you just plugged into your computer? Because you should, you damn well should.</blockquote>

(Via Elliot)]]></description>
<dc:subject>via:elliot malware e-cigarettes cigarettes smoking china risks</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:f8cb713f6c77/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:via:elliot"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:malware"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:e-cigarettes"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:cigarettes"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:smoking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:china"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:risks"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.thehindu.com/news/national/karnataka/how-the-biometric-system-has-failed-hard-working-people/article5125374.ece">
    <title>Biometric authentication failing in Mysore</title>
    <dc:date>2013-09-16T21:01:17+00:00</dc:date>
    <link>http://www.thehindu.com/news/national/karnataka/how-the-biometric-system-has-failed-hard-working-people/article5125374.ece</link>
    <dc:creator>jm</dc:creator><description><![CDATA[Biometrics was rolled out for food distribution in order to cut down on fraud, but it's now resulting in a subset of users being unable to authenticate:

<blockquote>The biometric authentication system installed at the PDS outlets fails to establish the identity of many genuine beneficiaries, mostly workers, as their daily grind in the agricultural fields, construction sites or as domestic help have eroded the lines on their thumb resulting in distorted impressions.</blockquote>

]]></description>
<dc:subject>fail risks biometrics authentication mysore security india fingerprinting</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:23b329ba8068/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:fail"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:risks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:biometrics"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:authentication"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:mysore"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:india"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:fingerprinting"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://jefferai.org/2013/03/24/too-perfect-a-mirror/">
    <title>KDE's brush with git repository corruption: post-mortem</title>
    <dc:date>2013-03-24T20:26:16+00:00</dc:date>
    <link>http://jefferai.org/2013/03/24/too-perfect-a-mirror/</link>
    <dc:creator>jm</dc:creator><description><![CDATA[a barely-averted disaster... phew.

<blockquote>
while we planned for the case of the server losing a disk or entirely biting the dust, or the total loss of the VM’s filesystem, we didn’t plan for the case of filesystem corruption, and the way the corruption affected our mirroring system triggered some very unforeseen and pathological conditions. [...] the corruption was perfectly mirrored... or rather, due to its nature, imperfectly mirrored. And all data on the anongit [mirrors] was lost.</blockquote>

One risk demonstrated: by trusting in mirroring, rather than a schedule of snapshot backups covering a wide time range, they nearly had a major outage.  Silent data corruption, and code bugs, happen -- backups protect against this, but RAID, replication, and mirrors do not.

Another risk: they didn't have a rate limit on project-deletion, which resulted in the "anongit" mirrors deleting their (safe) data copies in response to the upstream corruption.  Rate limiting to sanity-check automated changes is vital.  What they should have had in place was described by the fix: 'If a new projects file is generated and is more than 1% different than the previous file, the previous file is kept intact (at 1500 repositories, that means 15 repositories would have to be created or deleted in the span of three minutes, which is extremely unlikely).']]></description>
<dc:subject>rate-limiting case-studies post-mortems kde git data-corruption risks mirroring replication raid bugs backups snapshots sanity-checks automation ops</dc:subject>
<dc:identifier>https://pinboard.in/u:jm/b:6ba6f59d2552/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:rate-limiting"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:case-studies"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:post-mortems"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:kde"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:git"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:data-corruption"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:risks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:mirroring"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:replication"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:raid"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:bugs"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:backups"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:snapshots"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:sanity-checks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:automation"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ops"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://www.popularmechanics.com/technology/aviation/crashes/what-really-happened-aboard-air-france-447-6611877">
    <title>Air France 447 Flight-Data Recorder Transcript - What Really Happened Aboard Air France 447 - Popular Mechanics</title>
    <dc:date>2011-12-08T15:55:06+00:00</dc:date>
    <link>http://www.popularmechanics.com/technology/aviation/crashes/what-really-happened-aboard-air-france-447-6611877</link>
    <dc:creator>jm</dc:creator><description><![CDATA[The (comp.)risks of overautomation strike again. "When trouble suddenly springs up and the computer decides that it can no longer cope—on a dark night, perhaps, in turbulence, far from land -- the humans might find themselves with a very incomplete notion of what's going on. They'll wonder: What instruments are reliable, and which can't be trusted?"]]></description>
<dc:subject>aviation crash flight flying autopilot stalls warnings alarms ui af447 risks automation</dc:subject>
<dc:source>https://pinboard.in/</dc:source>
<dc:identifier>https://pinboard.in/u:jm/b:cc02b8859dac/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:aviation"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:crash"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:flight"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:flying"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:autopilot"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:stalls"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:warnings"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:alarms"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:ui"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:af447"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:risks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:automation"/>
</rdf:Bag></taxo:topics>
</item>
<item rdf:about="http://voices.washingtonpost.com/securityfix/2009/07/clampi_trojan_the_rise_of_matr.html?wprss=securityfix">
    <title>Security Fix - Clampi Trojan: The Rise of Matryoshka Malware</title>
    <dc:date>2009-08-01T10:21:06+00:00</dc:date>
    <link>http://voices.washingtonpost.com/securityfix/2009/07/clampi_trojan_the_rise_of_matr.html?wprss=securityfix</link>
    <dc:creator>jm</dc:creator><description><![CDATA['[Joe] Stewart said the sophistication and stealth of this malware strain has become so bad that it's time for Windows users to start thinking of doing their banking and other sensitive transactions on a dedicated system that is not used for everyday Web surfing.'  it's that bad]]></description>
<dc:subject>joe-stewart secureworks malware reverse-engineering clampi trojans banking security danger risks windows microsoft fraud</dc:subject>
<dc:identifier>https://pinboard.in/u:jm/b:fef3de2648ed/</dc:identifier>
<taxo:topics><rdf:Bag>	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:joe-stewart"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:secureworks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:malware"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:reverse-engineering"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:clampi"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:trojans"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:banking"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:security"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:danger"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:risks"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:windows"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:microsoft"/>
	<rdf:li rdf:resource="https://pinboard.in/u:jm/t:fraud"/>
</rdf:Bag></taxo:topics>
</item>
</rdf:RDF>