Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
[ From the Minneapolis Star Tribune, 1-Sep-1991, Section B. I will let it speak for itself. See if you can keep from laughing. - mkc ] LOTTERY MAY USE NINTENDO AS ANOTHER WAY TO PLAY Several kinks have yet to be worked out [...] Minnesota gamblers soon could be winning jackpots as early as 1993 from the comfort of their own living rooms... the state will begin testing a new system next summer that will allow gamblers to pick numbers and buy tickets at home by using a Nintendo control deck. [...] The system, to be created by the state and Control Data Corp., would be somewhat similar to banking with an automated teller machine card. Gamblers would use a Nintendo control deck and a state lottery cartridge [...] The cartridge would be connected by phone to the lottery's computer system, allowing players to pick Lotto America, Daily 3 and Gopher 5 numbers, and play the instant cash games. Players would gain access to the system by punching in personal security codes or passwords. Incorrect passwords would be rejected. Only adults would be allowed to play. [...A] number of kinks, including setting up a pay-in-advance system for players to draw on, computer security and adult registration, must be worked out. [...] 32% of Minnesota households have Nintendo units. About half of those who use the units are older than 18 [...] [...] Those chosen to participate [in the summer experiment] will be given a Nintendo control deck, phone modem and lottery cartridge.
>The recent Salomon Brothers securities scandal was caused in part by sloppy >database design according to an employee in the database programming department... I can't let this this abuse of the concept of "responsibility" go by. Saying that Salomon's DB programmers in any way "caused" the scandal, even "in part", is like saying that police "caused" an automobile accident because they didn't happen to catch the speeder before s/he hit somebody! After all, the police *do* have "responsibility" for catching speeders. It is incredible to me how we have moved away from the concept of individual responsibility and toward reliance on various societal "mommies and daddies" to watch over behavior. I can't help but think that our newfound ability to create computerized "mommies" encourages this trend. Jeff Berkowitz, Sequent Computer Systems: uunet!sequent!jjb or jjb@sequent.com
The LA Times of Sept 6 ran an article on the DEMOS network in Moscow as it
operated during the coup attempt. Larry Press, who played a major role, felt
that this article did not do justice to the full set of facts. Here is his
version:
------- Forwarded Message
Date: Fri 6 Sep 91 11:46:51-PDT
From: Laurence I. Press <LPRESS@ISI.EDU>
To: lincoln%iris@rand.org
Copyright, Larry Press, August 26, 1991, do not reproduce or quote without
permission. This file may be forwarded around the net as long as this note is
attached.
A Computer Network for Democracy and Development
Larry Press
"Oh, do not say. I've seen the tanks with my own eyes. I
hope we'll be able to communicate during the next few days.
Communists cannot rape the Mother Russia once again!"
This message was sent from Moscow at 5:01 AM on August 19. It was written by
26 year-old Vadim Antonov, a senior programmer at the Demos Cooperative in the
Soviet Union. Demos operates a computer-based communication network which
spans the Soviet Union, and within a few hours, Vadim's message had been
relayed to computers in 70 Soviet cities from Leningrad in the West to
Vladivostok in the East.
The message had also been sent to a computer in Helsinki Finland, which is
connected to the non-Soviet computer networks. From Finland, the message was
relayed to networks such as The Internet, serving millions of users on all
continents. Seconds after it reached Finland, I could read it at my computer
in Los Angeles, California. The message was particularly important to me
because the week before the coup attempt I had been in Moscow and spent several
days with Vadim and his colleagues at Demos. We met professionally and as
friends.
Demos' RELCOM (RELiable COMmunication) network celebrated the first birthday of
its link to Finland on August 22. During that first year, RELCOM spread to 70
Soviet cities, and over 400 organizations were using it — universities,
research institutes, stock and commodity exchanges, news services, high
schools, politicians, and government agencies. As is typical with computer
networks, noone knows how many users RELCOM actually reaches.
During the Coup
During the days of the coup, RELCOM was pressed into service in support of the
constitutional government. The junta moved quickly to control mass media.
When I learned of the coup, I immediately sent a worried message to Vadim's
wife Polina Antonova, who also works at Demos. I did not receive her answer
until August 20 at 12:17 AM Moscow time:
"Dear Larry,
Don't worry, we're OK, though frightened and angry. Moscow is
full of tanks and military machines — I hate them. They try
to close all mass media, they stopped CNN an hour ago, and
Soviet TV transmits opera and old movies. But, thank Heaven,
they don't consider RELCOM mass media or they simply forgot
about it. Now we transmit information enough to put us in
prison for the rest of our life.
Greetings from Natasha.
Cheers,
Polina."
The Demos staff had learned of the coup around 6 AM on the 19th, and
immediately began sending political information to the Soviet Union and the
outside world. By 12:30 PM, Moscow time, I was reading news releases from the
independent Soviet news agency Interfax. Although outlawed by the junta, news
from Interfax, the Radio Moscow World Service, the Russian Information Agency,
Northwest Information Agency (Leningrad), and Baltfax was disseminated by
RELCOM throughout the coup attempt.
RELCOM also distributed news from official sources opposed to the coup. For
example, a copy of the letter Boris Yeltsin read from a tank turret in front of
the Russian Parliament building was brought to Demos headquarters (a short
trip), entered into a computer, and forwarded across the network. By early
evening, several people in the United States had also translated it, and an
English-language version was broadcast to the non-Soviet networks.
There were also many eye-witness reports. Pay phones were working in Moscow,
and people in the streets could phone news in. At one point, Polina told me
she was leaving for the Russian Parliament Building with a portable computer so
she could report from there. Later I learned that she had not gone because the
phone service to the building was unreliable.
Of course all the news did not come from Moscow. The network was buzzing with
reports and official notices from Leningrad, Kiev, the Baltic capitals, and
many other Soviet cities.
News also came in from the West. I wrote regular summaries of the news as
broadcast on radio and television in the United States. Jonathan Grudin, a
colleague in Denmark, did the same for BBC news. Regular reports were also
posted from Finland, giving both Finnish and Baltic news summaries. These were
translated into Russian by Polina and others, and transmitted throughout the
Soviet Union.
Western news was welcome, but the link to Finland became a bottleneck. Before
the coup, 6,000 messages were passed between Finland and RELCOM on a typical
day. After the coup began, traffic increased substantially, prompting Vadim to
broadcast this message at 6:44 PM on the 19th:
"Please stop flooding the only narrow channel with bogus messages
with silly questions. Note that it's neither a toy nor a means to
reach your relatives or friends. We need the bandwidth to help
organize the resistance. Please, do not (even unintentionally)
help these fascists!"
This plea notwithstanding, traffic rose to a high of 13,159 messages on the
21st.
While news of tank movements, demonstrations, and official political statements
was of practical value, it also provided emotional support. When the coup was
finished, and there was time to rest, I received a message from Polina that
said in part "You can't even imagine how grateful we are for your help and
support in this terrible time! The best thing is to know that we aren't
alone." That message paid me 1,000 times for the hours spent at my computer
keyboard.
Danger
At the beginning of the coup, memories of the Hungarian revolt, Kruschev's
ouster, the Prague Spring, and Tiananmen Square did not give one much hope.
Had the coup succeeded, the Demos staff and people using their network would
have been in great danger. As Vadim noted in a message to Doug Jones, a
professor at the University of Iowa:
"If these dogs win, for certain they'll throw us in prison --
we distributed the proclamation from Yeltsin and the Moscow
and Leningrad Soviets throughout the entire Soviet Union,
together with the forbidden communiques from Interfax ...
Greetings from the underground."
Demos headquarters is in a small building near the Kremlin. The KGB knew of
RELCOM, and had they decided to, they could have easily shut the network off
early in the coup. When a friend asked why they didn't, Polina replied "Thank
Heaven, these cretins don't consider us mass media!" After the coup, she and
others speculated that the KGB was generally passive because they were not
confident the coup would succeed.
Sensing danger, the Demos staff arranged for backup computers to substitute for
the vulnerable headquarters machine if necessary. On the 20th at 8:30 PM
Moscow time, Vadim sent this message to Doug Jones:
"Yes, we already prepared to shift to underground; you know --
reserve nodes, backup channel, hidden locations. They'll have
a hard time catching us! Anyway, our main communication line
is still open and it makes us more optomistic."
They not only hid the computers, many people left Demos headquarters and
communicated from their homes and other locations. Polina told me:
"Don't worry; the only danger for us is if they catch and
arrest us, as we are sitting at home (valera is at Demos) and
distributing all the information we have."
When the coup was finally defeated, George Tereshko, broadcast the following
thanks for the risk taken by the Demos staff:
"When the dark night fell upon Moscow, RELCOM was one source of
light for us. Thanks to these brave people we could get
information and hope."
Of course, for now, the story appears to have had a happy ending. At 3:07 PM
on the 21st, I received this from Polina:
"Really good news. Right now we're listening to Radio Russia
(without any jamming!); they told that the eight left Moscow,
noone knows where ... Hard to believe ... Maybe, they've
really run away?"
And on the 22nd at 1:31 PM she wrote:
"Now Vadim and I have to do our usual work (that's so nice!)
and Valera and Mike Korotaev went to sleep. They were on duty
the whole night. Now there is celebration in Moscow. We just
watched president Gorbachev on TV."
RELCOM in Peace Time
In the past, a network like RELCOM would have been prohibited in the Soviet
Union. Like any communication media, it is incompatible with repressive
dictatorship. Gorbachev's Glasnost made RELCOM possible, and in one year, it
became a significant segment of the Soviet communication infrastructure.
Part of the reason for RELCOM's success is the fact that postal and telephone
service in the Soviet Union are poor, making electronic mail very attractive.
Another element of their success is that they use low-cost, appropriate
technology. The primary technology used by RELCOM is the voice phone system,
low cost modems, and standard personal computers. The final element in their
success is the people at Demos. They are very skillful as technicians and as
entrepreneurs (Demos is 100% free enterprise), yet they are different than
their counterparts in the United States. They are more idealistic and less
competitive. If they were in the US, my guess is they would either be graduate
students in computer science or they would be driving BMWs and sipping Perrier.
As such, RELCOM may be a good model for other countries with poor
telephone and postal systems, little capital, and well educated,
motivated young professionals. Networks like RELCOM, probably
using satellite technology, may change the face of the earth in
peace time as well as helping to keep the peace.
[Larry Press is Professor of Computer Information Systems at California State
University at Dominguez Hills. He has visited Chile several times, most
recently as an organizer of the EIES held last July. The week before the
coup, Press co-chaired a conference on human-computer interaction in Moscow.
While there, he spent several days visiting the Demos Cooperative, which
operates RELCOM, an important Soviet computer network. During the coup, he
relayed news to his friends at Demos.]
I'm afraid that the author chases a vacuous ghost. She apparently doesn't
really understand how the direct mail business works but evidently hopped onto
a seemingly significant process. The true situation is the quote from Krause
in the final paragraph.
Her facts are correct but the implications are not. If one moves, there
will be some collection of mail that he will want forwarded. Among the
set will be journal and technical magazines subscriptions, favorite mail
order outlets, the family's hobby magazines, the children's items,
charitable organizations that one supports and wishes to hear from, — on
and on.
Address information is traded and exchanged on a huge basis and any legitimate
address change will readily and quickly find its way into the whole direct mail
system.
Try the following experiment. Move but have no mail forwarded to the new
residence; route it to a POBox. Then place just one order from some mail order
house and have it delivered to the new residence address. Sit back and log the
buildup of direct-mail materials. It will startle you how quickly your address
gets around.
Such a phenomenon is of course the fallacy, if not silliness, of writing
to the Direct Mail Marketing Association and asking to be removed from
circulation. It will only do some good if one also forswears to never
again order anything by mail.
The most that the USPS update-list sales will do is possibly shorten the
response time of updating mailing lists — although it isn't certain that the
USPS is indeed swifter than other methods; and it facilitates the job of the
list maintainers by providing material in machine readable form from a single
source. These are, to be sure, important points but not the ones that the
author identified in the article.
For an extensive treatment of direct mail marketing and its list ramifications,
see the report of the Privacy Protection Study Commission.
Willis H. Ware
As a ham radio operator, for years I have had an amateur radio license plate. In the late '60s, when motor vehicle departments were first computerizing, I was pulled over one night by a policeman. When I asked why he had stopped me, he said that my license number was not valid - the computer (in Topeka, KS) would not accept a license number of WA0DVD - although I suspect that this same computer had originally issued the registration. This took some explaining, and if the police dispatcher that night had not been a friend of mine I might have had an even tougher time of it. John Moore anasaz!john@asuvax.eas.asu.edu
Bob Frankston's posting about strange characters on New Hampshire license plates reminds me of one of the little bits of dirt that came out about the Ed King administration in Massachusetts back when Dukakis was elected for the second time. Seems the registry of motor vehicles had been issuing special license plates to friends of the governor that contained stars, squiggles, and other symbols expressly chosen because they had no representation on the registry's computer system. Talk about diplomatic immunity!
> There is a proposed character set, Unicode, that is intended to encode
> all glyphs.
Sorry, this is not quite correct. Unicode is an attempt at a universal
character set, not a glyph set. In some cases a Unicode character may be
represented by more than one glyph; choosing which glyph is then a rendering
(font, maybe?) problem.
Rich
I was, perhaps, a bit sloppy in my use of the term "glyph". I did indeed mean to say that each numeric code stood for a canonical character not a rendering. Unicode is a great improvement over ASCII but doesn't solve all the encoding and representation problems. While Unicode doesn't preserve font distinctions it does preserve case distinctions but sometimes the case distinction is not signficant but the font distinction might be or the shading or ...
Regarding the discussion of unusual characters in licence plates: it's not surprising there should be difficulties interfacing with the "real world" when we can't even interface with our technically-defined software world. Back in the late 70's and early 80's I maintained Carnegie-Mellon's RDMAIL system; when we shifted to supporting RFC733, we implemented the whole thing (there was even a hack for handling :postal:) except for retrieving foreign mailing lists on :include:. We immediately broke most other mailers on the net, and got so much flack that we had to turn off half the stuff in the RFC for outgoing mail. I wasn't too surprised that folks didn't want to parse :include:, but was a bit more suprised nobody wanted to handle spaces in names (at the time we were the only site we knew of that would let your mail name be "David Lamb@cmu-10a" (if that's who you really were, of course)). I'm not sure what this has to do with RISKS, unless it's something along the line of "forall x,y, x wants y to adhere to x's standards".
One way to have a permanent email address is to subscribe to one of the more stable and inexpensive services (say, The Well) and put in a .forward file to wherever you happen to be at the moment. If you change jobs, delete the .forward file and read your mail on the public access site until you get a new address.
The discussion of "risks of using electronic mail" that I started, began at
the trivial level and seems to be descending even further. I wished to remind
users of a simple risk, not to suggest that an employer had any obligation for
forward the mail of former employees or that there was no solution for people
who had advance warning that they would be leaving. Those things are obvious.
There is however one difference between the situation with "snail mail" and
that for electronic mail. In the former case it is not necessary that the
owner or new occupant of your house or apartment be cooperative. In the
electronic mail situation they are involved. They can discard your mail, store
it in a deep electronic well, read it, respond to it, etc. If you tell your
snail mail service that you are moving, the new occupants need not be involved
at all and cannot intercept your love letters.
Dave
[Well, mail for the former occupant tends to get (mis)delivered anyway,
including after the one-year forwarding expires. Worse yet, my mailman
apparently cannot read English, although he is pretty good at numbers.
I often get mail for neighboring streets for which the street number
matches! PGN]
Will we have this same discussion ten years from now when cellular phones are cheap, and the expanded cellular communications infrastructure means we all have one in our hip pocket? Our cellphone numbers won't be tied to geographic locations, as they are with wired telephones, but rather associated with an individual. I have a bad feeling that we'll all be arguing about the risks of universal identifiers like SSNs while publishing our universal telephone numbers in our network signatures. (We'll also need voice mail built into those hip pocket cellphones!) John Sloan NCAR/SCD, P.O. Box 3000, Boulder CO 80307 +1 303 497 1243
A security system that implements the `born classified' doctrine must try to deny access to information which, if properly related to other marginally sensitive information, will allow conclusions to be drawn which will compromise the national interest. The act of declaring a particular piece of information to be sensitive alerts the bad guy to its importance. Since the information is protected by only the very lowest levels of national security restrictions, it is likely to be available to moderately well-connected information brokers. Two consequences: First, modest restrictions on the availability of data impact the ordinary citizen's access to information about how the world works much more than it protects `us' from the bad guys. Second, material that's completely innocuous must also be declared sensitive, to avoid giving the bad guys information about which data the security establishment considers to be important and providing them with a starting point in using the powerful correlation techniques that will turn these hints into solid intelligence. Note that I use this last word in a technical sense; no judgement as to the wisdom of playing this game is intended.
You're going to have the NIC very mad at you; registrations for WHOIS are sent
to REGISTRAR@NIC.DDN.MIL, not NIC@NIC.DDN.MIL. Furthermore, there is a special
template to use. I presume the newest template is in the NETINFO: directory
somewhere; here's a slightly old one:
FULL NAME:
U.S. MAIL ADDRESS:
PHONE:
AUTHORIZING HOST:
PRIMARY LOGIN NAME:
PRIMARY NETWORK MAILBOX:
ALTERNATE NETWORK MAILBOXES (if any):
MILNET TAC ACCESS? (y/n):
TERMINATION DATE:
--Dave
My understanding of the charter of the `whois' database is that it is meant to provide a directory of the people who make the Internet work, not of all the people who use the Internet. I'm in the database because I'm the zone technical contact for the mindcraft.com domain. The NIC is not in the business of providing a directory service for everyone on the Internet. Maybe there's a business opportunity here ... Chuck Karish, Mindcraft, Inc karish@mindcraft.com (415) 323-9000
Cracking systems is often called the electronic equivalent of breaking and entry. I'd like to propose another model: Say I telephone your residence, and your six year old child answers. I tell her to go to a filing cabinet, and retrieve a document. She does so. I tell her to read the document to me over the phone. She does so. I hang up. Models like these are an important part of deciding how to penalize crackers. We must be careful to base our laws on the right model. My opinion is that organizations (eg att) are using the "breaking and entry" model to shift public perception of the problem. Instead of "our vulnerable systems are being compromised" we have "our systems are being victimized by criminals".
Prize for Most Useful Computer Virus
Computer virus specialist Fred Cohen writes an intriguing article in the
September/October 1991 issue of The Sciences (published by the New York Academy
of Sciences). In short, Dr. Cohen describes ways in which computer viruses and
virus-like programs can be beneficial.
These include automated bill-collectors, where, "each bill
collector virus is a small program designed to collect one bill";
this program modifies itself depending on the debtor's response.
Another instance is maintenance viruses which dispose of
temporary files or hung programs.
Dr. Cohen has published "A Short Course on Computer Viruses". Curiously, his
publisher is offering a $1,000 prize for the most useful computer virus.
However, "contest rules prohibit any entries that have been released into a
computing environment without the permission of the owner or without mechanisms
to control their spread"
He points out that malicious and unauthorized viruses have given a bad name to
viruses. I'll say! Strangely, though, I've heard less of viruses in the past
year than in years past. I wonder if the fad is finally passing?
-Cliff Stoll cliff@cfa.harvard.edu
[Cliff, I guess you have not been reading VIRUS-L, which documents the
continuing incidents and the continuing proliferation of new strains. PGN]
In 1989, I wrote, "The Cuckoo's Egg", the true story of how we tracked down a computer intruder. Figuring that a few people might wish to communicate with me, I included my e-mail address in the book's forward. To my astonishment, it became a bestseller and I've received a tidal wave of e-mail. In 2 years, about 15,000 letters have arrived over four networks (Internet, Genie, Compuserve, and AOL). This suggests that about 1 to 3 percent of readers send e-mail. I've been amazed at the diversity of the questions and comments: ranging from comments on my use of "hacker" to improved chocolate chip cookie recipes. Surprisingly, very few flames and insulting letters arrived - a few dozen or so. I've tried to answer each letter individually; lately I've created a few macros to answer the most common questions. About 5% of my replies bounce, I wonder how many people don't get through. I'm happy to hear from people; it's a gas to realize how far the book's reached (letters from Moscow, the South Pole, Finland, Japan, even Berkeley); but I'm going to spend more time doing astronomy and less time answering mail. Cheers, Cliff Stoll cliff@cfa.harvard.edu
Please report problems with the web pages to the maintainer