Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Creative Technology makes Sound Blaster, a sound board used by IBM compatibles
to create game noises and other sound effects. Media Vision, Inc. develops
computer peripherals and also makes a competing Thunder Board, designed to be
compatible with software commonly used with Sound Blaster. However, a new
release of a developer's software apparently works fine with Sound Blaster, but
not with Thunder Board. Media Vision claims Creative Technology inserted a
crash code that disables Media Vision's product, and has sued them for
restraint of trade, unfair competition, and monopolization. (Media Vision was
sued LAST MONTH by Creative Technology for violation of copyrights.) [Source:
Article by Pamela Burdman, San Francisco Chronicle, 12 June 1992, p.B1]
[Sounds like the Suit-of-the-Month Club. Everyone seems to be joining.
By the way, your media vision of RISKS is going to be creatively and
technologically sporadic for a while as we observe Summer Slowdown Time.
New subscribers should not be surprised if the traffic is light. PGN]
Summarized from *The Boston Globe*, June 11, 1992, page 39: The FBI raided the home of a computer bulletin board operator in Millbury, Massachusetts, yesterday, confiscating "several" computers, six modems, and a piece of equipment called "PC Board," which the FBI said was used to run the bulletin board system. The Software Publishers' Association brought the bulletin board to the FBI's attention, claiming that the system, called "Davy Jones' Locker," contained pirated copies of copyrighted software that users were encouraged to download. SPA claimed that there were over 200 different programs on the system, and users who uploaded copies of copyrighted software got free log-on time as a bonus. The alleged operator of the bulletin board, Richard Kenadek, was not arrested. The FBI would not comment on the case. An SPA spokesperson said that the system had nearly 400 subscribers paying $49 for three months or $99 for a year to gain access to downloadable copies of Lotus 1-2-3, Microsoft Word, and other programs. SPA estimated that the system distributed $675,000 worth of software since March of this year. Sanford Sherizen, a computer security specialist in Natick, was quoted as saying, "We're making legal history here," because this case is apparently the first time federal authorities have gone after a bulletin board system for violations of copyright law. The SPA representative said that the organization runs a telephone hotline for reports on bulletin boards offering downloadable copyrighted software, and they get "at least ten calls a day." SPA takes action against about two bulletin boards a week, usually with the threat of a lawsuit. Gary Chapman, Coordinator, The 21st Century Project, Computer Professionals for Social Responsibility, Cambridge, Massachusetts chapman@lcs.mit.edu
This week's Sunday New York Times Magazine has a story by James Gleick, "Chasing bugs in the electronic village," (June 14, 1992, p. 38 ff). It describes users' experiences with the Microsoft Word for Windows product, as reported in a Compuserve forum and at user's group meetings. Gleick reports that, through several successive product versions, the vendor did not fix defects that were reported by many users and claimed the product included features that were incompletely and incorrectly implemented. Gleick also says these problems were not much reported in reviews in the trade magazines, even though they were widely known in the user community. - Jon Jacky, Radiation Oncology RC-08, University of Washington, Seattle 98195
A branch bank officer told me that they had to refuse to accept
deposit of a check for $200,000 because the software, used by several
banks in the area, couldn't handle more than $99,999.99 in the deposit
field. She insisted it was a computer error even though I tried to
explain it was a specification error.
Richard Frantz Jr.
I have a friend who is a clinical psychologist specializing in crisis
counseling. Last weekend one of her patients was in an auto accident and
called the counseling center hotline to ask for my friend. The patient's
record indicated that her behavior could be self-destructive under stress.
Following clinic procedure, the clinic (1) paged my friend. After a 10 minute
wait for a call back they (2) paged her again. After another 10 minutes they
(3) called her home, reaching her immediately. Her pager had been on and the
batteries were fine, but it had not received the page. Anyway, my friend
immediately called the patient to discover that she had taken a large dose of
pills perhaps 30 minutes earlier. An ambulance was called and the woman was
(barely) saved.
My friend's reaction to this failure was to update the patient's record
specifying special handling procedures in the case of a crisis call. She
rather blithely accepted the paging system failure and said that it happens all
the time: phantom pages, missed pages, etc. Some of these are due to keying
errors by the caller, others are due to environmental conditions blocking the
radio signal. This incident is likely neither; two pages were made and my
friend has never missed a page at home before.
Here are my questions:
1) What are the failure modes of pager systems? For example:
Can the system detect that a page is not getting through?
What range of causes are there for a failed page?
Can the person initiating the page be notified of failure?
2) What responsibilities does a paging service have to inform
its users of failures as soon as it can detect them? What
responsibility does it have to inform its users of recent
failure rates?
BTW, The location of this incident was not in a metropolitan area. This means,
apparently, that this paging service has a monopoly.
Bill Griswold, University of California, San Diego
Dept. of Computer Science and Engr. wgg@cs.ucsd.edu
This is a follow-up on the huge local vote-by-phone fiasco. In RISKS-13.56 I wrote about the vote-by-phone system contracted from the telco by the Liberal Party for their leadership convention, following Murphy's Law. On June 8th, the telco held meetings with the Liberal Party, and with the media. As always, there's a little second guessing to do about what the press releases mean. Here's what they *say*: - The system was composted of two software packages which had never been tested together at high call volume. ``All I can say, is it never occurred to anybody in my staff, and it never occurred to me.'' said Colin Lantham, the vice-president of business services for Maritime Tel and Tel. - The first part of the system [presumably the touchtone answering /selection system] was capable of handling 78,000 calls an hour. - The second part of the system, "set up to receive the caller's 8-digit PIN" proved much slower. [I'd guess that this was the interface to the databases that kept track of votes and who had voted. -dm] The *first* part of the system had a dead-session detection function, to keep people from tying up phone lines. However, when the second part of the system started to slow down [transactions queued up? -dm] the first module hung up before the second part issued an acknowledgement. Also, the telco says when voting was restarted, ``some rogue information stayed in the system, causing some voters to be rejected.'' [They didn't reset the who-had-voted list, perhaps? -dm]. On the day of the fiasco, the telco initially blamed the problem on a missing line of code in the software, but they say now that that was a mistake. The problem of people being able to vote twice hasn't been mentioned. The telco says the Liberal Party won't be charged for the services rendered on Saturday. [Like the power utility burning down your house with a million volts by accident, and saying ``Don't worry, you won't be billed for the electricity.'' -dm] 150 telco employees were recruited to test the system, [compared to 8000 voters in the real system! -dm] on Thursday the 11th, and it apparently worked. The telco reduced the number of incoming lines to cut down on system load. The Liberal Party has decided to have another go at the vote-by-telephone system in a few days, but there won't be another convention. The telco will be posting a 350,000$Cdn performance bond on the system, and there will be a paper-ballot backup system on hand. Sme candidates have asked the telco for partial reimbursements of their campain costs on the basis that disclosure of the numbers (leaked via the kid with the scanner listening to the cellular conversations) have destroyed their chances of winning. The telco claims that the numbers leaked (numbers of calls recorded to each of the candidate's phone number) bear no relationship to the number of votes that had been collected or would have been collected. Daniel MacKay, NOC Manager, NSTN Operations Centre, Dalhousie University, Halifax, Nova Scotia, Canada 902-494-NSTN daniel@nstn.ns.ca
I was very impressed by Mr. Shannon's message of a $150 printer hanging up a $0.5M VAXcluster (RISKS-13.57). Meanwhile, it reminded me a common "hang-up" problem we have in my institution (Federal University of Rio de Janeiro - Brazil). It's reasonably easy for us to get money to buy hardware; actually, we have an ever-growing Sun and IBM-PC network. But, it is difficult to get money to buy supplements. This means that we are usually working under bad conditions, because of: 1. lack of paper or toner for our printers 2. lack of tapes to do backup 3. lack of maintenance contracts, due to lack of funds, etc... It can be a third-world problem, but it is really a risk to invest in an expensive system if you cannot afford its maintenance. It can happen that the cheapest choice turns to be just wasted money. Geraldo Xexeo, CERN - PPE Division, 1211 Geneve 23, Switzerland xexeo@dxlaa.cern.ch gxexeo@cernvm.bitnet FAX: (41) (22) 785 - 0207
How can Howard Yerusalim, State Secretary of Transportation, miss the point so
completely while claiming to offer us the "rest of the story"? He accepts the
fact that an anonymous driver was killed in a car accident while in possesion
of Mr. Smith's stolen driver's license, yet completely ignores Mr. Smith's
claim that the anonymous driver was also responsible for the traffic violations
which caused the license to be suspensed.
I am not comforted by Mr. Yerusalim claims that State Law prohibits him from
from disclosing details of an individual's driving record, when he then accuses
Mr. Smith of vague and sweeping "disregard for state traffic safety laws" in a
public newspaper. If Mr. Smith is cleared by the police investigation, will he
sue the state for lost wages, related damages, and slander? It might help
motivate Pennsylvania to correct the situation.
Perhaps some RISKS readers know what procedures are used by other state
transportation departments to prevent similar situations, or could this happen
to you?
Michael Favor, favor@csuchico.edu
> I'm very suprised that the Coast Guard could have been caught out by this: It
> suggests that the "decimal minutes" representation is non-intuitive, or at
> least counter to the way most "non-mariner" people (e.g. the radio amateurs
> providing voice relays) have been educated to read geographical coordinates.
> (Or, perhaps, there are two different readout systems currently in use?)
Having raced "the big boats" for 9 years or so now, primarily as navigator,
I may be able to supply a little background information here. With the advent
of reliable and relatively inexpensive Loran navigational equipment, decimal
minutes has become a very popular "readout system" for displaying position.
Most, if not all, units allow the user to select either degrees-minutes-
seconds or degrees-minutes-decimal minutes for display. Most users opt for the
decimal minutes display. It is usually easier to plot to the nearest tenth of
a minute, it is usually sufficient accuracy (approx. 200 yards - depends on
latitude), and Loran isn't much more accurate than that for absolute position
anyway. I do because all of my racing marks have been measured and listed in
this manner by the local racing association, probably because of the above
reasons. GPS units provide increased accuracy, of course, but 200 yards is
usually plenty close most of the time. It is not unusual for a powerboat with
a Loran or GPS coupled autopilot to collide with the buoy selected as a
waypoint by an inattentive skipper.
I am also surprised that the Coast Guard couldn't figure it out. At the
very least, the previous day's position would make it obvious, and the leading
zero would make me suspicious.
Scott (traurig@ncavax.decnet.lockheed.com)
>As a sidenote, when you check in for Saturn service, your car's history is also >uploaded to Saturn HQ. Every engine stall, my salesman told me, is recorded, as >is the entire service history for each vehicle. Hmm, how 'bout every engine overspeed (or overrev)? Or, since I suspect the engine knows what gear the transmission is in, how 'bout %time over 65mph? I can see it now. "I'm sorry, Mr Foo, but we show that you drive this car outside of it's limits. We can't do any warranty sevice because of this" When engine computers were newer, I read in Car and Driver that Cadillac's new engine computer would record overspeeds. The person they were talking to implied that this might be used later if you reported engine problems. Bruce O'Neel, NASA/GSFC/STX/Code 664 oneel@heasfs.gsfc.nasa.gov
There were actually several reassuring things about the Perot incident,
especially as per the full AP story. First, of course, they did have backups.
Not only that, the backups were stored off-site. Second, the spokesperson said
that they didn't store sensitive information on that machine, because too many
people had access to it. Finally, he implied that the level of computer
security wasn't that high, precisely because anyone, from anyone else's
campaign, could have walked in off the street and achieved a position of trust.
In other words, don't worry about your technical security measures if your
other protections, including personnel screening, don't match up. Security is
as strong as the weakest link, not the strongest.
--Steve Bellovin
One of the local radio stations broadcasting the report of this incident noted
that the Perot office had been staffed over the weekend with untrained *and
unsupervised* volunteers. The broadcast drew no conclusions from this
statement, but it strongly suggests that the problem may have the result of an
innocent mistake in a poorly organized activity.
While it may in fact be somebody's deliberate attempt at sabotage, I'm more
inclined at this point to agree with the old adage that one should not ascribe
to malice anything which can be explained by simple stupidity. (On the other
hand, this *is* a political environment, in which most rules are stood on their
heads...)
Joe Morris
[There was also a related comment from Bill
Bauserman, william.d.bauserman@gte.sprint.com]
In RISK Volume 13 Issue 55, David Parnas writes: > Isn't it just like our technocratic society to react to such an accident, > caused by a completely unnecessary luxury becoming too complex, by making it > even more complex? Wouldn't the simpler solution be to ban automatic windows Integrating new technology into society is never painless. There is constant conflict between pressure for new technology (or new features) and need for stability. New technology causes changes no one can foresee, even less control. There is no easy solution. Public debate involving specialists, interest groups and lay people, and economic pressure on those "responsible" seems to be the least bad way of "controlling" technology. Banning products usually harms the consumer more than protects him. Banning specific products or features can be feasible in clear cut cases, but cases usually are not clear cut. If they are, we usually have a case for product liability not a ban. Value of products can never be stated objectively. Its always relevant to a person or a group. What is useless to some does have value for others. (Very few things, if any, can be shown to have objective value independent of a person or a group). Complex regulations on safety usually lead to more complex products, that are more expensive and more error prone. And worse it releases producers from responsibility, because they can refer to the regulations. There is a conflict between goverment intervention and freedom. To much or too little harms the public, not the producers. Through public debate and by placing (economic) responsibility were its possible, pressure can be built to increase product quality and safety. Under pressure products become simpler and safer, and their price reflects the producers risk of producing, because he can not put that risk anywhere else. Private replies to: B. Skulason, Univ. of Iceland, beggi@rhi.hi.is
CALL FOR PARTICIPATION VIA ELECTRONIC MAIL
STUDENT PUGWASH USA SEVENTH BIENNIAL CONFERENCE ON
SCIENCE, TECHNOLOGY, AND SOCIAL RESPONSIBILITY
VISIONS FOR A SUSTAINABLE WORLD
Emory University, Atlanta, Georgia
June 14-20, 1992
The Student Pugwash USA Biennial Conference assembles ninety students from
around the world for a week-long conference to address the impact of science
and technology on society. The students will join accomplished men and women
from science, government, industry, and academe for an intensive week of
discussion and interaction focusing on the following issues:
- Environmental Challenges for Developing Countries
- Energy Options: Their Social and Environmental Impact
- Health Care in Developing Countries
- Changing Dynamics of Peace and Global Security
- Educating for the Socially Responsible Use of Technology
- Ethics and the Use of Genetic Information
We are inviting all members of the e-mail community to take part in an
online symposium discussing the topics at the conference. Each day, a
summary of the plenary and working group discussions will be mailed out
as soon as possible following their completion. Participants in the online
symposium are invited to send back their replies, commenting on what you
receive. Copies will be redistributed back through electronic mail, and
printed and used at the conference. Of course, you're welcome to sign up
for the mailings even if you won't have the time to participate.
If you are interested in participating, send e-mail to
porten@eniac.seas.upenn.edu. You will be sent more information about
Student Pugwash USA, and will receive all conference summaries. Feel
free to subscribe anytime during the conference, or even after it's
over, as all messages will be archived and can be sent out at any time.
Please include in your message your full name; we would also appreciate
if you include your current occupation (or student affiliation), and your
city, state, and country, but this is optional.
You can also call the Student Pugwash electronic bulletin board at
215/898-2019, for more information about Student Pugwash, and to participate
in ongoing discussion about the impact of science and technology on society.
Feel free to write me, as well, if you have any specific questions.
Student Pugwash USA is a non-partisan, non-profit organization with chapters
at 35 colleges and high schools across the country. Sister Student/Young
Pugwash organizations exist in 20 countries on four continents. For more
information, reply to this message at porten@eniac.seas.upenn.edu.
More information about the conference follows.
For each of the listed topics, student and senior participants form small
working groups in which they will meet every morning throughout the conference
week to discuss areas of mutual interest and expertise. These intensive
discussions offer an invaluable opportunity for students to explore the
ethical and value questions posed by advances in science and technology with
forward-thinking professionals.
Senior Participants will be present from the U.S. Congress, National
Institutes of Health, National Academy of Sciences, Carter Center, Centers
for Disease Control, Brookings Institution, Emory University, and many
other prominent institutions. Several special events will also be held,
including a day at the Carter Presidential Center in Atlanta and an
interactive, multi-media World Game Workshop.
The separate working group meetings are complemented by afternoon and evening
plenary sessions for the full conference. Plenaries will address issues which
cut across disciplinary boundaries such as ethical conduct in scientific
research, race and gender in science, technology and global responsibility,
and religion and science.
Student Pugwash USA is committed to representing a broad spectrum of
political,international, and disciplinary perspectives. Previous conferences
have attracted participants from over thirty nations. We are striving for even
greater international, intergenerational, and interdisciplinary representation
at the 1992 conference.
Jeff Porten, Annenberg School for Communication, UPenn
Graduate Group in American Civilization, UPenn
Please report problems with the web pages to the maintainer