The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 14 Issue 82

Tuesday 17 August 1993

Contents

o RISKS-14.83!!! and RISKS-%&#@!!
PGN
o Re: Dorney Park Hercules roller coaster injures 14
Scott Walker
o Re: Surprise! contained in tar file
David Wittenberg
o Re: Terminal compression
csvcjld
o Re: Terminal compromise
Mich Kabay
o Re: Clusters and electromagnetic fields
Kenneth R Foster
o Re: Gripen crash: pilot's view
Martyn Thomas
o Info on RISKS (comp.risks)

 RISKS-14.83!!! and RISKS-%&#@!!

"Peter G. Neumann" <neumann@csl.sri.com>
Tue, 17 Aug 93 10:41:59 PDT
For those of you who wondered where RISKS-14.82 was when you saw RISKS-14.83,
this is it.  In one of the wonders of modern technology, RISKS-14.82 appears
AFTER RISKS-14.83.  This was unintentional, but Steve Smoliar pointed out to
me that it offsets the fact that there were two different issues of Info-mac
yesterday with the same issue number (vol 11, issue 110?), somehow preserving
karmic parity.  Perhaps it all comes out in the wash, but it seemed
appropriate for me to quickly put out RISKS-14.82 to stave off further
requests for the supposedly missing issue.  (Surprisingly, I have had only one
such request thus far this morning, from Jerry Leichter.)

Incidentally, the level of BARFmail and other addressing problems has been
excruciating lately.  The following all seem to be escalating in frequency:

 * Requests from E-mail addresses for which my answer is rejected by the
   originating host!
 * E-mail addresses that worked yesterday but not today, but then might
   work again tomorrow or some time in the future!
 * Requests to reinstate subscribers who think they were dropped from the
   list, where they had in fact been sent mail for weeks or months --- but
   their hosts had been merrily accepting their mail without actually
   delivering it or notifying anyone of nondelivery!
 * BITNET in general.

PGN


Re: Dorney Park Hercules roller coaster injures 14

Scott Walker <walker@eplrx7.es.duPont.com>
Tue, 17 Aug 1993 12:33:37 -0400 (EDT)
> Maryland's Dorney Park
             ^^^^^^^^^^
This park is actually in Allentown, Pennsylvania.  Quite a ride, too!

  [Steve Walker's original item was a clipping from a very local
  newspaper that did not identify its city or state.  I interpolated a
  mis-extrapolation.  Sorry.  Bad idea in general anyway.  PGN]


Re: Surprise! contained in tar file (RISKS-14.81)

David Wittenberg <dkw@cs.brandeis.edu>
Tue, 17 Aug 1993 12:49:11 -0500 (EDT)
In Risks 14.81 Olaf Titz warns us that tar keeps information which can
identify the person who tarred the file.  I've seen two  other simple
failures of anonymous posting, the first a software "feature", the
second a human's misunderstanding.

Many newsreader programs automatically include a .signature file in
all postings.  I've seen such files appear in what were supposed to be
anonymous postings.  Apparently the user didn't realize that he had to
rename his .signature file or it would be appended to his message.

The other was a system where a few people offered to post messages
anonymously if you sent them email.  In one case, someone sent a
message reading "Please post this anonymously.  Thanks, John".  The
woman who posted it didn't notice that John had signed his note, so
when she posted it, there was almost no doubt who it had come from.

The point here is that we usually spend a lot of effort insuring that
the appropriate person gets credit for something.  As a result, we
leave "signatures" of various sorts scattered widely.  It's very hard
to make sure that we've removed all of them.

--David Wittenberg  dkw@cs.brandeis.edu


Re: Terminal compression (Robinson, RISKS-14.83)

<csvcjld@nomvst.lsumc.edu>
17 Aug 93 06:41:24 -0700
  >Also, in the story it notes that voice, fax or data transmissions are
  >detected and that encrypted ones are 'red flagged'.  This is a crock.
  >Bits are bits; there is no way to tell...

If the bytes are uniformly distributed, there is a good chance they
are encrypted.

    [But NOT NECESSARILY.  A simple compression code such as a Huffman
    code encodes into a random string of bits if the source text is
    chosen independently.  But then, there would be no compression if there
    was not contextual dependence in the first place, so simplifications
    are tricky.  PGN]


Terminal Compromise (Robinson, RISKS-14.83)

"Mich Kabay / JINBU Corp." <75300.3232@compuserve.com>
17 Aug 93 13:45:40 EDT
The book is entitled TERMINAL COMPROMISE.

Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn


Re: Clusters and electromagnetic fields

Kenneth R Foster <kfoster@eniac.seas.upenn.edu>
Tue, 17 Aug 93 14:15:34 -0400
I briefly respond to the recent posting by Phil Agre.

The posting that he referred to was my article on reproductive risk and use of
VDTs, from _Phantom Risk_, MIT Press, June 1993.  The clusters I discussed
were reported clusters of miscarriage among women users of VDTs, that were
reported around 1980.  As I argue, the dozen epidemiologic studies that were
performed in the decade following (virtually all negative) shows that the
clusters were almost surely chance events, with no indication of reproductive
risks from VDTs.

Mr. Agre brings up a totally different issue -- reports of clusters of
childhood among California schoolchildren, as described in a _New Yorker_
article by Paul Brodeur.  I had not previously expressed any opinion about
this in my posting to this newsgroup and I object to Mr. Agre's inferring that
I did.

For what it is worth, here are my comments on the issue.

Mr. Agre brings up a totally different issue, clusters of cancer cases in
California schools supposedly associated with high power lines, as publicized
by Paul Brodeur.  Without offering any opinion about Brodeur or his motives, I
note that the interpretation of these observed clusters is very unclear, far
more so than he indicated in Brodeur's _New Yorker_ articles on the subject.
The interpretation of "clusters" has been well discussed in the epidemiologic
literature; whole issues of epi journals have been devoted to the matter.  The
question is not whether some kids in school near power lines got cancer (there
are lots of kids in California schools, and invariably some of them will get
cancer), but whether going to a school that is located near a power line
conveys higher risk of childhood cancer.  A few isolated cases does not allow
one to draw any inferences one way or the other.  Ray Neutra, a highly
respected epidemiologist with the State of California, has investigated these
clusters (of childhood cancer in California schools) and found no indication
of any link with power lines.  Given the large number of California
schoolchildren, one would expect several "clusters" like those Brodeur
reported every year, by chance alone.

For a good discussion how an epidemiologist would investigate a report of a
cluster (and many clusters of various kinds are reported to health officials
around the country, alleging all sorts of things) I refer you to a special
issue on clusters published in (I recall) the American Journal of Epidemiology
about 2 years ago.

I note that Brodeur also described the clusters of miscarriage among women VDT
users in his _New Yorker_ articles, but gave neither a fair assessment of the
difficulties of interpreting them, nor a fair and complete survey of the
relevant epidemiological studies.


Gripen crash: pilot's view

Martyn Thomas <mct@praxis.co.uk>
Tue, 17 Aug 1993 10:34:15 +0100 (BST)
Flight International today quotes the pilot of the Gripen FBW fighter that
crashed at the Stockholm display.

"It was like sitting on a big ball feeling like you're sliding off it. When
I entered the turn, the computer overcompensated by roughly 10 degrees. When
I then straightened out the aircraft, I got an undemanded pitch oscillation
and, when I tried to compensate for that one, the aircraft kind of sat down
and became impossible to control." He described the feeling of loss of
control as being ".. like butter on a hot potato".

Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK.
Tel:    +44-225-444700.   Email:   mct@praxis.co.uk     Fax: +44-225-465205

Please report problems with the web pages to the maintainer

Top