Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
?Does anyone know if its feasible to buy in America a car or truck without a complex fuel injection and computerized pollution control? Is there any reader who would be willing to comment on the feasibility of a simple engine that could meet current California emission standards? Les DeGroff (Degroff@Intellicorp.com)
Tim Chambers <tbc@hp-lsd.cos.hp.com> writes: >I'd like to know if examples exist of cases where Right Thing technology *has >been* compatible with mass markets. I can think of plenty of counter-examples: >VHS versus Beta ... This isn't a good example. I don't think there was an appreciable difference in the cost of manufacturing Beta VCRs and VHS VCRs. As I understand it, Beta lost because Sony was too restrictive in licensing it, whereas VHS was easily "clonable." Seems more a case of "open-is-better-than-closed." Mark McWiggins, Integration Technologies, Inc. (Intek) 1400 112th Ave SE #202, Bellevue WA 98004 +1 206 455 9935 mark@intek.com
>Here we are in 1991. The two primary operating systems (at least in volume) >are representative of O/S technology of the late 1960s to early 1970s (Unix and >MS-DOS), and the three important languages are C (vintage mid-1960s, i.e., it >is BCPL in disguise), LISP (vintage late 1950s) and Ada (vintage early 1970s). If "most important" equates to "largest volume of code" or "most money being spent upon developing or maintaining in", then COBOL and FORTRAN are still the "most important", as these two languages account for 90% of the code that exists in the world today. I think this would lend support to your statement: Tom Brendza (216) 642-9060 x288 (voice) ..uunet!usenet.ins.cwru.edu!ncoast!ushiva!bellhow!tomb
In one of those scary coincidences, shortly after reading the "worse is better"
discussion that recently appeared in RISKS, I read an article, "Can the U.S.
Stay Ahead in Software", in Business Week (11 March issue). It contains the
following quote: "...Japanese rivals see U.S. inattention to quality as a key
opportunity. As they did in automobiles and electronics, they are pushing
constantly to improve their software. Already, Japanese 'software factories'
churn out programs with half as many defects as compar- able American products,
according to a study by [MIT]." The Europeans are working in the same
direction.
David States wonders if there is some reason why our fundamental computing
standards are flawed. For one thing, standards that survive are usually based
on "current practice"; given the survival value of "quick and dirty" in current
practice, a similar appearance for standards is inevitable.
However, there is a more insidious factor at work. Usually, a standard is
based on an already-existing product. However, if the standard were to be made
IDENTICAL to the existing product's specifications, the current maker would
have a huge advantage. Standards bodies are governed by politics and
trade-offs; because of their structure, they are unwilling to give away
advantages of this kind. Historically, they always make changes - often, quite
minor changes - in order to try to level the playing field among all the
participants in the process. This is well known to anyone who's watched the
standards game.
What's less well known is the flip side: The participants in the development
of a standard themselves will have a major advantage to building products to
it. They thus have an interest in keeping the standard obscure and difficult
for people outside of the select few to understand.
Now, most - probably the vast majority - of people involved in standards work
are NOT trying to make things hard. However, the subtext is there, and it
asserts itself in curious ways. For example, watch the Usenet comp.std.c
newsgroup. The typical pattern is for someone to ask an obscure question,
which generates a lot of debate until one of a small group of cognescenti - who
were involved in drafting the standard - point out that a combination of
apparently-unrelated constraints from five widely-scattered sections makes
"clear" the "only possible" answer. Since the answer is already implicit in
the standard as written, there was no need to state it explicitly. In fact,
"standards culture" actively DISCOURAGES writing out things already entailed by
the standard: Any duplication within the standard might cause problems if the
two statements turned out to be slightly different.
I have heard of at least one instance of a DELIBERATELY misleading standard.
According to someone who was there at the time, some sections of the Ethernet
standard were so written as to make it very difficult for someone to start with
the written text and build a reliable multi-port repeater. Oh, once you built
the repeater and saw some (rare) errors, you could go back and see that you had
missed something - but the process by which the standard was drafted was
essentially "Work out private spec of exactly what is to happen; translate back
to long list of constraints; remove all redundancy from list, ensuring that at
least one item on list is very obscure and of no apparent importance; publish
list - suitably interspersed with other, unrelated discussions - as spec."
— Jerry
In RISKS 11.21, David States (states@ncbi.nlm.nih.gov) uses as an example
of a clearly and seriously flawed standard:
> 8088 - We who poke fun now would have been millionaires if we had
> had a better design back when it counted.
but there were contemporanious chips that were argueably "better" in every
respect save one. They were dislike the previous standard: The 8080 (and Z-80).
MS-DOS 1.0 and CP/M-80 were very similar and one could (almost) automate
converting software from CP/M-80 on an 8080 system to MS-DOS on an 8088
system. I recall that as an arguement given at the time (before the PC
IBM had sold a 68000 based lab computer).
In fact this is a stronger arguement for his subject ("Are flaws necessary
for a standard to succeed"?) than implying the 8088 was the best of its time.
-dave fetrow- fetrow@bones.biostat.washington.edu
Most official standards are derived from defacto standards. Indeed, the 8088, MS-DOS, and Unix are only defacto standards. The others mentioned (RS-232, C, FORTRAN (not Fortran), and QUERTY) are all dejure standards derived from prior defacto standards. While I cannot claim that proactive standards like IEEE 754 and 854 are without flaw, I suspect you would have to look harder to find their flaws. This does make them pretty clean, elegant, and free of inconsistencies, but it does not make them easy to implement or even to use. Perhaps there are not many with an emotional committment to using them, but anyone who proposes to build a non-IEEE arithmetic is now required to defend that decision. Few of those defenses succeed. David States remarks that a better design than the 8088, back then, would have made one a millionaire, but I disagree. The story I now believe is that it was chosen primarily because they could be bought in quantity, not because anyone thought they were better than other contemporary designs. Even MS-DOS was a second choice, allegedly selected because the CP/M crew were unwilling to sign IBM's (probably heavy-handed) non-disclosure agreement. Such are the butterfly wings that so often determine the course of history. Now, some of these flaws in standards have known roots. In particular, the QUERTY standard succeeded because it slowed down the typist in order to avoid the problem of key jamming. That was so successful that it made typewriters usable, and hence profitable. It is a little hard to object to such success, albeit the standard is decades obsolete and quite deserving of retirement. Present concerns would tend to dictate quite different keyboard layouts to avoid such problems as carpal tunnel syndrome and repetitive stress syndrome caused by the unnatural way ones hands must be held to use the old standard arrangements, even for Dvorack (sp?) key assignments. One new keyboard with palm rests and sockets with four way switches comprising each socket was recently shown on television. When a standard is derived from a defacto standard, usually several or even many of the deficiencies are cleaned up, but a thorough revision is out of the question. The process doesn't start until the defacto standard is sufficiently widespread to generate enough interest to go through the arduous process of creating a standard. This ensures that many of the participants have already formed emotional committments to specific aspects. Given the concensus rules for standards making organizations, this guarantees that inconsistent aspects will remain in the finished standard. Dick Karpinski
Around 1983, the research group I worked in had a machine whose full name was
MIT-FLAME-OF-THE-FOREST. Several FINGER programs around the Internet are said
to have broken when they encountered it, unprepared for such a long name.
My present machine has prompted some problems — "islington-terrace" is too
long for its own disk label, so it must boot under an alias and find out its
full name later. It used to have the alias "it," until a broken local mailer
started sending me all the mail destined for Italy.
Paul Fuqua, Texas Instruments Computer Science Center, Dallas, Texas
pf@csc.ti.com, ti-csl!pf
It's not just student hackers who notice an unusual name; routing software can also notice unusual names and favor a node with unwanted attention. When Aerospace became a node on the MILNET, we needed to register its name along with any acronyms. Unlike many universities and other FCRCs, The Aerospace Corproation has no widely used acronym. In some internal files, the name is abbreviated to TAC, but we thought that would be a particularly poor choice for a hostname. Aerospace's logo is a slanted capital A inside of a circle, and the company is sometimes referred to informally as the Circle-A Ranch, however, "circle-a" seemed both frivolous and esoteric. Lacking any better ideas, we chose the single letter "A" as the abbreviation and duly registered this with the NIC. Unbeknownst to us, CMU had been using single letter names as abbreviations for its several internal machines. Within CMU, one could refer to a particular machine with its single letter. CMU's "A" machine was particularly important because it was the mail host. When the Aerospace abbreviation propagated throughout the network, connections intended for CMUA were made to Aerospace. I don't think there was much pain at Aerospace, but CMU's internal connectivity came apart. After a short period of confusion and diagnosis, the abbreviation for Aerospace was deleted, and a new rule was passed requiring at least two letters in an abbreviation.
Re: Computer insecurity in UK government (Paul Leyland), in RISKS 11.32 >[1] Quango — acronym for quasi-autonomous national governmental organisations My understanding is that Quango is a quasi-official acronym within the UK for "Quasi Non-Governmental Organization". Such organizations are one of the means by which the UK government achieves what in American is termed "deniability", a concept which the UK government prefers not to have a name for! Brian Randell, LAAS, 7 Ave du Colonel Roche, 31077 Toulouse, France PHONE = +33 61 336205 (Temporary address, etc., until May 1991)
<...My parents were hosting an exchange student from the Netherlands one year.
Naturally, the young lady brought her trusty alarm clock with her. She
plugged it in one night, set the alarm, and went to sleep. My mom woke to
hear MaryLou in the shower around 4am getting ready for her eight o'clock
classes!...>
Actually, I'm surprised at this, since the USA uses 110V AC mains,
approximately half the voltage provided in most (all?) European countries,
including Holland. Certainly, my electric razor will not run at all on 110V
(it just hums to itself). Conversely, of course, plugging in your 110V clock in
England will not cause you to get up late. More like immediately in order to
call the Fire Brigade.
Hugh.
Nick Andrew's comments about the risks of citizens being droids reminded me of an article about Japan in the most recent _Whole_Earth_Review_ (No. 69, Winter 1990, "Access to Japan", has a yellow cover with an illustration of a Japanese woman in traditional outfit with a cellular phone). The article is "E Pluribus Yamato: The Culture of Corporate Beings" by W. David Kubiak. Excerpts: "We live in the age of Corporate Organisms. [... They] have wrested the control of the earth from Homo sapiens and supplanted us as the planet's dominant species. It is they — the multinationals, government bureaucracies, relious hierarchies, military bodies, et. al. — not individual humans, that generate our era's character, its patterns of wealth and poverty, its technological prowess and ecological peril, its entertainment and political agenda. They have, in short taken over, and nowhere more so than in Japan. [...] "Like most other traits and preferences in a naturla population, the taste for organizational life is randomly distributed. Some people love hierarchical group existence — uniforms and rituals, secure routines, superior/inferior relationships, the sense of merging oneself into a larger whole and greater destiny. Others detest it with the majority falling along a normal ditribution curve somewhere in between. [...] "In early Japan as elsewhere the primitive leftists were fractious, independent types who abhorred hierarchy, "extablishments", authoritarianism and just wanted to be left alone. The rightists were joiner types who flocked to the regimented security of the military, clergy, and other bureaucratic power centers. Since even in those days the big bodies grabbed the lion's share of everything, they occasionally rankled the "little people" to the point of rebellion. But because the antiauthoritarian lefties then as now took orders ungraciously, organized poorly, and thus were usually decimated in confrontations, their gene pool slowly began to bleed away. "Japan's most in ingenious contribution to corporatist eugenics was...the samurai's [...] open-ended license to kill any commoner deemed dangerous, disrespectful or offensive [...which lasted over a period of...] 15 generations.[...] "The Japanese student is trained to not even to question authority, let alone challenge it. The only acceptable behavior is obedience — total, enthusiastic and if possible brilliant obedience. [...] Most young Japanese can tell you "what is thought" but have great difficulty expressing, or placing much importance on, what they themselves think. This creates an extreme permeability to prevailing authority [...] "The kobun [a chronic subordinate to the _oyabun_ or _oyakata_ (parent role/person) who directed their work and lives] and hanninmae ["half helping of man": stunted apprentices...trained to serve useful functions but never permitted to individuate or professionally mature] were cultural antecedants of the compliant salarymen so much in demand in this century. ---end excerpts--- Someone (sorry I can't remember) recently commented in RISKS about the lack of education in this country for dealing with the information needs of the current decade. What happens in Japanese schools happens in American schools but with a different method. I can remember getting a test back in grammar school when a classmate who "didn't do as well" as I did in general and on this particular test complained that he got a much lower grade than I on an essay but had the same content which it did. The teacher made some weak excuse but couldn't deny the facts but didn't change his grade. The almighty curve strikes again. So if a majority of the students on the hump of the grade curve regularly reiceve this kind of feedback, is it surprising that when dealing with institutions (schools, work, etc) and other droids the droidism gets passed on? The American educational system (and maybe others, anyone?) seems suited to producing "workers" (accent a la Tom Peters imitation of GM management) and has yet to kick in for the 1980's much lees the 1990's. This decades old trend is made worse by the touchy-feely attitude towards learning that Alan Bloom and the Objectivists (they're not connected) are fighting against. And while there seems to be a change with science education going more to get younger students interested, most of the money winds up in bureaucracies for political patronage. New motto: Encourage critical thinking whenever possible! [I step off my soap box.] Bill Bill Biesty, Electronic Data Systems Corp, 7223 Forest Lane, Dallas, TX 75230 (214) 661 - 6058 edsr.eds.com!wjb wjb@edsr.eds.com
nick@kralizec.fido.oz.au (Nick Andrew) writes:
>Droid, n:
> A person (esp. an employee of a business), exhibiting most of the
>following characteristics:
> [naive trust, unwillingness to think, follows rules but won't
Just a comment on this:
This is what we (as the public) get when a company decides to spend zillions
of $$$ on a neat computer system, and then hires people at minimum wage to use
it.
- Ken
This also applies to many of the IBM PC clones on the market today - no parity
bits! The Radio Shack Tandy 1000 series is a good example of this - only 8
bits per byte rather than the 9 in the true-blue IBM PC's.
- David Horvath
Signature rubber stamps have been around for years. A scanned signature is essentially no different. You don't say what if any proof Orbit requires that a client is the authentic bearer of the signature. If Orbit makes that simple requirement, then potential for abuse is _much_ reduced. > How do I know that Orbit Enterprises does not have nefarious > designs on my signature? One can ask the same question about your local office supply store that makes the rubber stamp. >This has been a potential problem for a long time, but the low cost involved >($60) opens up a new criminal method to the masses. The rubber stamp is much cheaper :-)
> What is the legality of a laser printed signature? Under the rules of evidence, a document that is signed creates a "rebuttable presumption" of authenticity. (In this context, a "sign" can be any mark attributable in any way to a supposed author; remember, this law *originated* from stamped seals.) This puts the burden of proof of authenticity on the contestor of authenticity. In a civil trial, proof is by preponderance of evidence, but in a criminal trial proof must be beyond reasonable doubt. Thus, laser signatures would always be sufficient to establish authenticity where uncontested; and might carry sufficient weight of proof in a civil case; but could not by itself provide the degree of proof required for a criminal conviction where authenticity was disputed, though they could contribute in the accumulated evidence. A laser-printed signature creates a presumption of the signator's responsibility for the the document; but not such a strong one as does a personal signature; and one that is more easily outweighed, in the mind of the trier of the fact, by denials of authenticity made by the supposed author. In other words, common sense prevails in the court of law (at least, it's supposed to).
Since I am preparing a talk on desktop publishing fraud to be given at an
upcoming conference, I find that there are some related issues to Berg's
message. Here are some of the risks.
There are a number of instances where signatures are scanned, sometimes without
the "owner" knowing that it is happening. For example, many documents are now
being scanned in offices, either as part of a records retention imaging process
or as part of automating files and forms. The signature is not the target but
is incidentally picked up as part of a larger process to control paper or
distribute information.
Another example of collecting signatures is found with new business offers.
There is at least one bank-by-mail service that advertises that it will process
all authorized payments and, by the way, include your signature on each of the
payment forms after it is scanned. (The company notes that the process is
secure since it is protected by passwords!)
Beyond signatures, however, is the larger issue of copying of documents for
illegal purposes. Documents that have been forged through desktop publishing
have already been used to collect money. At least one group has been traveling
around the U.S. cashing forged payroll checks from a fictitious company that
they created on their computer. Fake ID and immigration papers are being sold
for $20 a piece. Desktop forgery is joining computer crime and viruses as
serious problems of the Information Age.
There is also the related problem of modification of documents, particularly if
they are on-line, so that unauthorized changes can be made and distributed on
what appears to be authentic and official documents. Employees and others can
obtain corporate letterhead and signatures and create "official" documents
containing false statements, illegal offers, and libelous comments that are
almost guaranteed to cause serious problems for organizations.
Inexpensive computers, laser printers, scanning devices, and desktop publishing
technology provide wide opportunities for counterfeiting and creation of
fraudulent documents for other illegal or unethical uses. Much of our society's
functions are based on a view that documents can be trusted, with the result
that we do not call back the senders of letters to inquire whether they truly
did sent the letters. We trust that college resumes are authentic if they look
right and come from an authorized source. We assume that most of our paper
currency is real.
We even trust that photos are true recordings of events with the result that
public opinion is shaped by how wars and political events are brought to us by
the media. Yet, these and other documents not only can be created by
computer-enhanced technics but copied and changed without indications that there
have been changes. Think about how Woody Allen appears in historical events in
the movie ZELIG. Read Fred Ritchin's fascinating IN OUR OWN IMAGE: THE COMING
REVOLUTION IN PHOTOGRAPHY (Aperature, 1990). See the Office of Technology
report INTELLECTUAL PROPERTY RIGHTS IN AN AGE OF ELECTRONICS AND INFORMATION for
some of the difficult copyright issues.
>Is it possible to detect a laser printed signature easily?
The authentication of a photo could be known by looking at the negative. Now,
not only are there cameras/computers that use disks that do not make negatives
and can be reused but a photo can be scanned into a computer and modified so
that it can appear as the original even when it is an alteration or forgery. I
have heard that the FBI has had difficulty in determining some of these
alterations, particularly in a way to prove it in a court of law.
>What is the legality of a laser printed signature?
Once again it is a problem of old law and new technology. The law accepts that
under certain circumstances, that images can be replacements for storing
original documents. The Best Evidence Rule, the Federal Business Records Act,
and the Uniform Photographic Copies of Business and Public Records as Evidence
Act are relevant sources. The law will change as there are more challenges and
problems come to the surface but that is not a quick process. Yet, if a
signature is used by someone other than its owner and the original document gets
replaced by a stored electronic document, it may be very difficult to prove that
an illegal act has taken place.
So, guard your signatures from scanning and your souls from technology.
Otherwise, as the songtitle say, "From the Gutter to You Ain't Up."
Sandy
Sanford Sherizen, Data Security Systems, Inc., 5 Keane Terrace, Natick, MA
01760 USA (508) 655-9888 MCI MAIL: SSHERIZEN (396-5782)
Has anyone thought of copyrighting their thumb (and finger) prints? Would this
have any legal significance? Would the benefits outweigh the problems, namely
(a) that you have sent your finger prints to "Big Brother" already, and (b) you
may have to have a copyright notice tatooed on your fingers to enforce your
copyright?
David Wonnacott
As described, the CA database is illegal under the ADA (Americans with Disabilities Act) in that it denies services (Driver's licenses, ID cards, etc.) to anyone who DOES NOT have a right thumb.
Actually, the DMV has to treat each of its thumb prints as being as sensitive
as might ever become. The way this is stated, the DMV might keep separate
databases at different security levels. Consider, however, an accountant who,
late in life, changes careers slightly and becomes an undercover investigator
for the Federal Reserve Bank, investigating some sort of bank fraud cases by
posing as a crooked bookkeeper. This is not really terribly likely, but it is
not impossible. The accountant's thumb print would go from not terribly
sensitive to highly sensitive.
Bill White
American Airlines announced today that it is delaying delivery of a second
MD-11 jet until some problems with the cockpit computer are resolved.
Apparently, the problems cause some screens in the cockpit to ``malfunction''.
They did say they feel like they're making progress, though.
Delta Airlines, which has two MD-11s, is happy with them, though they've
repaired some ``computer glitches'' and once had to fly back empty from Tokyo
to repair something.
--Steve Bellovin
Please report problems with the web pages to the maintainer