Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
>From Channel 4 news last night (Tue. 28th Aug.): It is reported that Iraq may be deploying some of the Royal Navy's latest high-tech weaponry. Apparently this is causing US commanders to be reluctant to send aircraft carriers into the northern area of the Gulf. The villain of the piece is the smart mine 'Stonefish', developed by Marconi Underwater Systems under contract to the Royal Navy. This little charmer is so cute it listens to the engine noise of ships passing overhead, and can tell what type of vessel is within range. It 'hides' from minesweepers, and blows the backside off anything else. At the heart of the system is (you've guessed it!) 'highly sophisticated and classified' *software*. The Channel 4 investigators have in their possession the 'Technical Description and Specification' of Stonefish. The cover sheet and first few pages of this document were actually shown on screen, and looked pretty authentic, with the Marconi logo and classification 'UK restricted: commercial in confidence' clearly visible. C4's copy, however, comes not from Marconi's Watford HQ, but from a source not a million miles removed from Cardoen International, a Chilean firm (no boring restrictions on arms sales there!) described by an expert from Jane's as being specialists in the 'laundering' of military technology for the benefit of third world countries (at least, those with adequate oil revenues to pay for it). Cardoen has well-established links with Iraq. The implication is not that Stonefish has been sold bundled to Iraq, but enough technical information is in dubious hands for the Iraqis to have a good go at building a look-alike. Carlos Cardoen, filmed at a news conference, said that he had a very close relationship with Marconi, and some of their guys had visited him. Marconi said 'We have no relationship with Cardoen.' and refused to be interviewed. An expert from an outfit called something like 'Naval Weapons Review' gave it as his opinion that Iraq probably has 'a limited number of quite sophisticated mines', but implied that we shouldn't worry too much, since 'the Navy would not let a UK contractor simply hand over the software for a weapons system'. So there you have it. Saddam Hussein is in the Stonefish plug-compatible market, but our Navies are safe provided he can't get his hands on the operating system. All of which prompts me to wonder:- 1. If the Iraqis have the software for a 'limited number' of mines, why haven't they got enough for an unlimited number? (Perhaps the blockade is working, and they haven't got enough floppy disks to make the copies. :-) 2. How does Stonefish 'hide' from a minesweeper? The cylindrical object shown in the newsreel shots doesn't look as though it is capable of crawling under a rock. Perhaps it just switches off its disk drive to stop the noise and pretends to be an oil-drum. :-) 3. How reliably can Stonefish identify ships by their engine noise signature? What happens if your cruiser's big ends are rattling? 4. Does Stonefish rely on some sort of sonar transponder to distinguish friend from foe? (Remember the Falklands helicopter!) 5. What are the chances that Iraq already has the software? (After all, we all know Arabs can't write programs, and software is rather difficult to smuggle through customs. :-) 6. The sophistication of Stonefish's recognition system argues for some kind of artificial intelligence. If it's that smart, would it know who was winning and change sides accordingly? :-) 7. Isn't it time that Jane's produced 'All the World's Software'? Peter Mellor, Centre for Software Reliability, City University, Northampton Sq. London EC1V 0HB +44(0)71-253-4399 Ext. 4162/3/1 p.mellor@uk.ac.city (JANET)
RISKS readers will recognize this as an old risk but it made this academic chuckle as we begin another semester. The computer at the campus bookstore prints out a tag for each required textbook indicating the course number, instructor, number of copies ordered, etc. Given that textbooks are often used by more than one course, the computer kindly prints out a cross-list of other courses using the same text. One card caught my eye with its unusually long list of cross-listings. Curious as to what textbook was so popular this term, I looked closer to see the title. Being an author I had hopes that maybe it was mine :-) Alas, the title of this very popular text was NO TEXT REQUIRED. I wonder who gets the royalties on that textbook? :-) --Gary McClelland, U. of Colorado
There have been several RISKS submissions recently discussing the legal status of reverse-engineering of copyrighted material. Reading them, however, one could easily conclude that copyright law is the only governing issue involved. It isn't: in fact, most of the products I've seen (both mainframe and personal computer) assert not only copyright but also contract rights. For example, IBM's FY90 GSA schedule in Special Item 132-30, section 4(a)6 (page 44) includes the item: (6) The Government shall not reverse assemble or reverse compile the licensed programs in whole or in part. Almost all vendors have a corresponding clause in their software license agreements, so the question of copyright law permitting reverse engineering is usually moot. Of course, we now have the issue of deciding which parts of the contract are legally enforcable. (Cf. Vault v. Quaid, in which my memory says the court held that the shrink-wrap "license contract" in PC software was unenforcable.) Shakespeare was right: shoot all the lawyers.
It was somewhat disturbing to discover that all of the people who took time to comment on the "electronic house arrest" units focussed on the technology, and none apparently noticed that this is a safety-critical application. I.e., failure of the system may lead to the re-incarcenation of a parolee. I would feel more comfortable if our court/prison/parole system were funded in such a way as to permit personal contact between the parolee and parole officer. Martin Minow
#On page 63 of the August 1990 _World_Press_Review_: #"Unreliable Computers", by Nick Nuttall, "The Times," London #Two Australian scientists are calling for a world-wide ban on the use of #computers in sensitive areas, such as hospital intensive-care wards, the #nuclear-power industry, air-traffic control stations, and early-warning defense #systems. The reference is- Forester, T., & Morrison, P. Computer Unreliability and Social Vulnerability, Futures, June 1990, pages 462-474. # 22 fatal crashes of the Black Hawk helicopter -- #which flies by computer — used by the U. S. Air Force We refer to the death of 22 *servicemen* in *5* blackhawk crashes since 1982. Our reference is B. Cooper and D. Newkirk, Risks, November 1987. We didn't have a vol or issue no. If this is incorrect, please let us know. Perry Morrison [The item was from RISKS-5.58 (15 November 1987). It reappeared in in Software Engineering Notes, vol 13, no 1 (January 1988), page 7. The original source was a wire service report from 12 November 1987. The RISKS issues on the Black Hawk also included RISKS-5.56 (9 Nov 87), 5.59 (16 Nov 87), and 5.60 (18 Nov 87). I hope that helps. PGN]
Date: Tue, 21 Aug 90 9:31:25 EDT From: Telecom Privacy List Moderator <telecom-priv-request@PICA.ARMY.MIL> To: telecom-priv@PICA.ARMY.MIL Subject: Telecom Privacy List Hello, Everyone. The caller id list is now up and running. I have anout 35 names on it currently. The address is telecom-priv@pica.army.mil Currently, the list will not be moderated or digestified. This might change due to volume. On Caller-Id .... I believe it should be available, however the following should apply: 1) It should be blockable at no charge for any number. 2) Name or address (or the fact it is a pay phone) should be made available. 3) Actual calling number should be used not billing number. 4) Under no circumstances should a third number be used shown as the actual calling number (i.e. Law Enforcement Officer dailing from one number having the id number showing up as a different number). Optional - Show if number is listed as residental or business. Dennis -- Bruce C. Klopfenstein | klopfens@barney.bgsu.edu Radio-TV-Film Department | klopfenstein@bgsuopie.bitnet 318 West Hall | klopfens@bgsuvax.UUCP Bowling Green State University | (419) 372-2138; 372-8690 Bowling Green, OH 43403 | fax (419) 372-2300 [We've probably had enough on this issue in RISKS, so here is a new outlet. I've also been rejecting ATM and Electronic house arrest items unless they are particularly cogent. PGN]
Please report problems with the web pages to the maintainer