Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Although the investigation is far from complete, some facts that have come
to light (see *The New York Times*, 19 Feb 1996) point to the role of total
system design for safety.
The event recorder aboard the MARC train shows that the train was going
twice as fast as it should have been, just prior to the crash. Why was
this? The train passed a yellow signal, which should have told the engineer
to slow down. But the signal was *before* a station; there is speculation
that during the station stop, the engineer forgot what the signal read, and
just accelerated to normal track speed. (N.B. Investigators have not yet
determined if that signal was truly yellow, or if it changed to yellow while
the train was in the station; these factors would obviously change the
hypothesis given here.)
The interesting part is that the signal used to be after the station,
as is common on passenger lines, precisely to avoid that problem.
But it was moved a few years ago to increase the passenger train
capacity of the line, which is primarily used for freight trains.
Signal spacing is correlated with the maximum speed and weight of
the trains; to increase speed, one should space the signals further
apart and/or add more signals. (A recent New York subway accident
occurred because this was not done as the rolling stock changed.)
Numerous factors apparently interacted to cause this accident:
- The line was used for both freight and passenger trains;
these have different characteristics (weight, frequency,
length of train, signal conventions).
- Simply adding a repeater for the misplaced signal might
have caused operational problems — the rules on that line
require engineers to radio an acknowledgement each time
they pass a signal. Another signal means more radio traffic.
(The crew of the MARC train did make the required report,
but the witnesses don't remember what signal aspect they
reported. Investigators are searching for audio tapes now.)
- The line was set up for Centralized Traffic Control (CTC),
permitting bidirectional operation on both tracks. That
provides flexibility — it let the Amtrak train use to
left-hand track to pass a stopped freight train — but at
the cost of complexity. But it also led to the crash,
which happened as the Amtrak train was about to switch back
to the right-hand track. (Btw — it's worth noting that
CTC is not a new system; according to the references I have
on hand, it became economically feasible as early as 1930.
``Interlocking'' — tying signals to switch track positions
— may date to as early as 1857.)
- Train signals are normally set up so that only one train
at a time can be in a ``block''. If you want a lot of
trains on a line, you need short blocks, but that also
means you need more complex signal indications to tell the
engineer when to slow down to prepare for a red signal
several blocks ahead. This in turn puts more demand on
both the engineer and the signaling logic (though the
latter, at least, does not seem to be implicated here).
- Automatic train control equipment, which regulates the speed
of trains per the signal equipment, would have helped, but
such equipment is rare in the U.S. (Again, this is not new
technology; the Federal rule limiting track speeds to 79 mph
in the absence of such gear dates to 1951.) Why wasn't it
used? Well, it's expensive, commuter lines often don't run
that fast anyway, because of their frequent stops, and this
is primarily a freight line. (MARC paid CSX (the freight line)
for one signal system upgrade in 1993.)
- If the problem is indeed the placement of the signal before the
station, cab signals (vintage: 1921) would have helped. Again,
though, this is expensive equipment. The newspaper article was
silent on this point.
- If any of the equipment I mention here had been used, the cost
would have been greater complexity, which in and of itself
increases the likelihood of failure (though I should note that
railroads have a pretty good record of using fail-safe or
fail-soft equipment — automatic block signaling wasn't adopted
until a fail-safe design was developed).
Though computers were apparently not involved in this accident, the lesson
is the same: many failures are caused by complex interactions. There is
rarely a single cause.
Even worse than errant squirrels ... ------- Forwarded Message (from a colleague) I'd like to apologize if you've had trouble contacting me recently. What the floods here in Oregon were unable to do, a cowboy garbage truck driver made up for. It seems that they have this little game they like to play on the way back into town after dumping their load called "swing the cables". They raise the forks (used to lift the dumpsters up over the truck to empty it into the back) to try to flick the big thick telephone cables stretched across the highway. One guy overdid it and ripped out the cable for service to the entire west side of the telephone central office that serves my home and office. It took a lot of work to put that cable back into service considering that it was shredded where it was torn from the shattered telephone poles on both sides of the highway. Meanwhile, five lanes of traffic were driving over the fallen corpse. As I write this the telephone guys are still up there in their little tents, high above the ground, huddled against the rain, slowly splicing it all back together. As a work-around I had the telephone company forward all calls to my cellular phone but somebody made a typographical error setting it up and by calls got forwarded to Timbuktu instead of to my cell phone. Furthermore, I hadn't seen any need to equip my cell phone with FAX or modem so I was FAX-blind and isolated from my e-mail and other internet access. So, if I haven't responded to something that you've sent me or you have been unable to FAX me, please try again now.
If I were going to censor anything about the WWW it would be the use, by those of us who should know better, of the term "publish" to describe the act of making data available from a server. I think much trouble comes from using this unfortunate word. Most people do not understand that surfing the net is much more like placing 'phone calls than reading a magazine found lying on a chair. We have confused the public debate by using the term "publish" because it connotes, to virtually all non-computer-geeks, communication through materials which can be sent or delivered to people who have not requested them. All public discussions of the censorship issue have included statements, sometimes maliciously uttered by activists who know better, but more often repeated by the ignorant, to the effect that evil people will send undesirable images or words to children. Magazines may be mailed to non-subscribers; but only computer geeks know that the images on the web-browser's screen appear only when the user calls for them. The word "broadcast" is even worse. The mere invocation of this word has been claimed to justify censorship precisely because it connotes the possibility of unsolicited delivery. When we use the terms "publish" or "broadcast" we invite the public to misunderstand the 'net. Even when some of us, with the best of motives, demand to be treated "as publishers legally" the effect is to shoot ourselves in the foot. Publishers are required to register with the government, for goodness' sake. The correct legal treatment to request is that accorded private citizens speaking freely to anonymous telephone callers! Links to other folks' pages are akin to giving out a 'phone number--no one who does so should be thought responsible for any message which may be heard by calling it.
Adobe Acrobat 2.1 on the Mac _quietly_ drops text for which it lacks
TrueType fonts. In particular, if your Mac has bitmap fonts for the 'Times'
fonts, but no scalable TrueType fonts, then Acrobat 2.1 doesn't bother
displaying text in the 'Times' fonts at all. This lossage is particularly
curious, since Acrobat has a very sophisticated font-substitution capability
using its 'generic' serif and sans-serif fonts for more obscure fonts.
Even more curious is the fact that on Adobe's own technical notes on
ftp.adobe.com, the following text _will not be displayed_ if your 'Times'
fonts are missing:
"...Adobe Systems Incorporated assumes no responsibility or liability for
any errors or inaccuracies, makes no warranty of any kind (express, implied
or statutory) with respect to this publication, and expressly disclaims any
and all warranties of merchantability, fitness for particular purposes and
noninfringement of third party rights."
If this text is missing from Adobe's _own_ documents, then such disclaimer
text could well be missing from _every_ document, whether from Adobe or some
third party, if this disclaimer is set in one of the 'Times' fonts.
Since many important manuals and forms — including IRS tax forms and many
state tax forms — are now being distributed in 'PDF' (Acrobat) format, the
risks should be obvious.
("All the text that's fit to print ??" 'Sign' of The Times.)
("The dog ate my font ??")
Henry Baker ftp://ftp.netcom.com/pub/hb/hbaker/home.html
We have discovered a serious security problem with Netscape Navigator's 2.0 Java implementation. (The problem is also present in the 1.0 release of the Java Development Kit from Sun.) An applet is normally allowed to connect only to the host from which it was loaded. However, this restriction is not properly enforced. A malicious applet can open a connection to an arbitrary host on the Internet. At this point, bugs in any TCP/IP-based network service can be exploited. We have implemented (as a proof of concept) an exploitation of an old sendmail bug. If the user viewing the applet is behind a firewall, this attack can be used against any other machine behind the same firewall. The firewall will fail to defend against attacks on internal networks, because the attack originates behind the firewall. The immediate fix for this problem is to disable Java from Netscape's "Security Preferences" dialog. An HTTP proxy server could also disable Java applets by refusing to fetch Java ".class" files. We've sent a more detailed description of this bug to CERT, Sun, and Netscape. A second, also serious, bug exists in javap, the bytecode disassembler. An overly long method name can overflow a stack allocated buffer, potentially causing arbitrary native code to be executed. The problem is an unchecked sprintf() call, just like the syslog(3) problem last year. Many such bugs were in the alpha 3 release's runtime, but were carefully fixed in the beta release. The disassembler bug apparently slipped through. This attack only works on users who disassemble applets. The fix is to not run javap until Sun releases a patch. Note that we've only had success in exploiting the first flaw on an SGI. Windows 95 and DEC Alpha versions of Netscape have other bugs in their socket implementations that make it harder (although not necessarily impossible) to exploit the problem. This is the second time that unrelated implementation bugs have prevented us from demonstrating security problems in Java. http://www.cs.princeton.edu/~ddean/java will contain more information soon, including a revised version of our paper, to appear in the 1996 IEEE Symposium on Security and Privacy. Drew Dean <ddean@cs.princeton.edu> Ed Felten <felten@cs.princeton.edu> Dan Wallach <dwallach@cs.princeton.edu> Department of Computer Science, Princeton University For more information, please contact Ed Felten, 609-258-5906, FAX 609-258-1771.
The 5:00PM news broadcast on a local channel here in the Denver area ended
with a story on how the news anchors were a bit worried that they would not
be able to deliver the news that evening.
It seems that someone on the news staff had locked everyone out of the
system used to write-up the "copy".
The news anchor went on to say that if you are not careful while typing in
your name, and that your last name is "Lockheart", you might cause your
fellow workers some anxiety.
The usual "humorous anecdote anchor laugh" followed.
The obvious risks:
o Be careful of the passwords you pick, especially where
your "average" user has the potential to cause harm (that
"!&wjl186" password is starting to look good...)
o Don't let your "talking heads" blurt out what is in effect
your systems root password over the air.
I just hope that the system administrators changed the password,
if not before the anchors gaffe then at least afterword.
Eriks A. Ziemelis eriks_ziemelis@stortek.com
Speaking of problems with filename globbing and the conventions on different systems, I found out about encrypted files under DR DOS the hard way a few years back. I was trying to use sz to download several files from a VMS system to my PC, on which I was newly using DR DOS. The VMS version of sz wouldn't allow wild cards at all, so I issued a DIR command, saved the results in a file, then used this file as input to a DCL command file to invoke sz. For those who aren't familiar, VMS associates a version number with each file, as in FOO.BAR;1 I'd never had any problems with VMS to MS DOS file name conversion before - MS DOS just ignored the ;1 so I didn't pay any attention. All my files downloaded just fine, but I couldn't access them. The file names all looked right, but DR DOS kept telling me the files were password protected. After several frustrating minutes of scrounging through the manuals, I found that DR DOS uses the ";xxxxxx" syntax to specify a password to be associated with a file. Sure enough, all my files had a password of "1","2", or "3". It was hard learning to use a semicolon properly in writing class but I didn't expect it to be that tricky in computing as well ;) John Cigas, Rockhurst College, cigas@acm.org
This is probably just a matter of sloppy programming at Microsoft, in that
the program simply acquires x blocks of disk space, but doesn't zero them
t(out before using them. This way, gaps in the file or at the end are
occupied by old data from the disk. (In your case, probably a piece of your
w{b-browser's history list). Of course, it is also a file-system problem,
in that data is not zeroed-out when a disk block is freed.
A similar discovery around 6-7 years ago nearly torpedoed Prodigy
(whether this would have been a good thing is open to debate. :). In a
perfectly sensible manner, Prodigy created a cache file on the disk. The
program grabbed a fairly large amount of space for this file, although it
did not fill up right away. Somebody looking through this file discovered
bits and pieces of their own data, and rumors flew from there.
I personally believe that this is a MUCH more severe problem then is
commonly realized. Most file-systems do not overwrite old data, then many
programs compound this flaw by simply grab space. I think the risks are
obvious, especially in a multi-user environment. E.G., one could
conceivably write a program to grab a block on disk, search through them for
interesting data (eg the public key a security paranoid uses for his e-mail,
which happened to get swapped out to disk for a moment), mark the block as
read, and then free it. Or who knows what interesting tidbits may have
inadvertently found their way into major ftp archives (now available on
CD-Rom).
Nicholas C. Weaver nweaver@cs.berkeley.edu http://www.cs.berkeley.edu/~nweaver
>If Joe Klein, a well-known political writer, is indeed the author, it is >clear that he didn't learn one of the first lessons of Washington. If >you're going to leak information or quotes to the world, make sure you use >the diction of your enemy. On the other hand, if Joe Klein is *not* the author, then it is clear that the real author *did* learn that lesson. That's the trouble with Washington. The people who are telling you that you are being lied to might be lying. Erann Gat gat@jpl.nasa.gov gat@power.net
>pjo33@mailbox.rl.ac.uk (Philip Overy) says; >The following type of example should be borne in mind when comparing safety >propaganda and safety spending with "common sense solutions": Asthma is >generally reckoned to be a disease caused by vehicle pollution: In the UK >last year 4m pounds was spent on asthma research 6m pounds was spent on >POLICING demonstrations against the proposed new M11 road. Maybe this type of statement is the "Glaring Light" to show the problems with "The Measurement of Risk". People who have Asthma may be sensitive to vehicle pollution, but Asthma existed long before the invention of the automobile. And people with Asthma are often sensitive to lots of other air borne items besides vehicle pollution, such as pollen, dander, etc. So, Phillip, gives us a perfect example of a statement designed to enrage and scare people to get more funding for his "pet disease". (And villify, a technological item that he disagrees with, motor vehicles.) >As for Telstra's radio emissions, well, I suppose...it was the technical >world telling them that radioactivity was good for you... The UK must be a really strange place, I don't remember hearing this in the US. Even the old 50's movies show that exposure to radioactivity would create, "The Amazing Colosso Man" or "The Incredible Shrinking Woman". Arthur Byrnes
The following thread is developing in misc.transport.air-industry. Quite frankly I have stopped reading the group because in the desire to engage in enlightened discourse with other reasonable minds, the unreasonableness of the legal system intrudes. I see the risk as: Any communication by an individual using a company domain name is legally perceived as being a representative of that company without regards to any efforts to distance the user from the provider. I know of at least one case where this was true, and while the individual included a disclaimer, the inclusion of the disclaimer was itself construed as meaning that the individual was attempting to speak for the company. Until this is actually tried in court, I think that the safe assumption has to be that anything you say can, and will, be used against you. - - - - - - - - - - - - Subject: [ADMIN] CENSORSHIP OF MISC.TRANSPORT.AIR-INDUSTRY - misc.transport.air-industry #6069 In article <4g2vmc$9a9@gsb-birr.Stanford.EDU>, rna@gsb-birr.Stanford.EDU (Robert Ashcroft) wrote: A few days ago, misc.transport.air-industry moderators received the following message. With the permission of the author, we repeat it here. All misc.transport.air-industry moderators have received a copy of this message, and know who the author is. We can tell you the author is a long-time contributor to the newsgroup, not given to extreme opinions, but we will not identify the author further for obvious reasons. We have no reason to doubt the veracity or motivation of the author (this author has not been involved in the debates on Airbus safety or subsidies so far as we know). >This may seem like a strange request, and I will understand if you cannot >comply with it. Airbus Corporate Legal sent a Letter to my company's >corporate offices complaining about a posting of mine on an Internet >newsgroup. I believe that it was this news group. The posting was >really quite benign (it wasn't on the ever present safety issue). It >was taken completely out of context, but that is really beside the point. >First of all, I have been asked (by my legal department) if that posting >and the entire thread is retrievable. My guess was that it isn't, but I >told them I would ask. > >Thankfully, I work for a company which values free speech (as I do this on >my on time on my own computer), but I still find it somewhat chilling that >rather than participate in the discussion in this group; Airbus is looking >to silence people via threats to their companies. If they are going to >come after me due to a benign third part[y] comment on performance, what >are they going to do to some of these other folks? Obviously the moderators of misc.transport.air-industry are concerned about any attempt at censorship of this newsgroup. It's unclear exactly what this group should or can do about it, and we welcome your suggestions. We all have an interest in keeping debate both open and lively in misc.transport.air-industry (and more generally, on the net as a whole). RNA misc.transport.air-industry comoderator, for the m.t.a-i moderators - - - - - - - - - - - - In article <1996Feb16.222312.1@eisner.decus.org>, mezei_jf@eisner.decus.org (Jean-Francois Mezei) wrote: In article <4g2vmc$9a9@gsb-birr.Stanford.EDU>, rna@gsb-birr.Stanford.EDU (Robert Ashcroft) writes: [...] If a poster has a signature file that makes reference to whom his employer is, even if there is a "my opinions are mine and not my employers" type of statement, and that employer has contractual ties to the plaintif (Airbus), then I can -understand- why the plaintif would send a complaint to the employer since one of its employees made public statements *possibly* containing information that was obtained under non-disclosure etc. However, no matter how slanderous a statement is posted by an individual without any reference to an employer, there should never be any legal retributions possible. The issue is not of censorship but that of representation. When an employer is mentioned, the poster is linked (like it or not, disclaimer or not) to that company and represents it in some way. When the employer's name is posted to give credibility to the poster, the link is all that much stronger. So, if an individual (or his employer) has problems with another entity (individual, corporation, government), the problem is not at the Internet/newsgroup level and moderators should not worry. - - - - - - - - - - - - In article <4g5fgj$h31@bronze.coil.com>, ebright@coil.com (Jim Ebright) writes: >In article <4g2vmc$9a9@gsb-birr.Stanford.EDU>, >Robert Ashcroft <rna@gsb-pound.stanford.edu> wrote: > ... >Obviously the moderators of misc.transport.air-industry are concerned >about any attempt at censorship of this newsgroup. It's unclear >exactly what this group should or can do about it, and we welcome >your suggestions. We all have an interest in keeping debate both open >and lively in misc.transport.air-industry (and more generally, on the >net as a whole). Avoiding obviously libelous statements is almost certainly an obligation of both posters and moderators. But what is libel? _Sullivan vs The New York Times_ set the standard for libel of `public figures' in the USofA. I suspect newsworthy corporations fall under this umbrella ... but I have not researched this. (Consult your favorite lawyer for paid research :) Three tests must ALL be passed for a statement (posting) to be libelous: 1) the statement must be false. 2) the poster must have known the statement was false at the time he/she made it. 3) the statement must have been made with malicious intent by the poster. With these criteria, I know of no postings in the mentioned newsgroups that are libelous. (Beware, standards are much more strict for non-public figures...but this probably isn't operative in this case.) Of course, most other countries have less protection for free speech. But if you don't go there, they can't do anything to you :) 'moo2u from osu' Jim Ebright ebright@bronze.coil.com Internet/newsgroup level and moderators should not worry. [Variant spellings of "libelous" unified by PGN. By the way, PLEASE note that I almost always routinely remove the disclaimers at the end of each submitted message, relying on the blanket disclaimer at the end of each issue. Submitters must assume that all contributions become public statements, and you should be intellectually accountable for what you write — irrespective of any legal implications thereof. PGN]
Please report problems with the web pages to the maintainer