A short-ish study  on the usability of aircraft avionics: > The purpose of this study was to evaluate the accessibility of information > provided by the avionics system of a technically advanced aircraft. The > evaluation employed a tool developed by Schvaneveldt et al. (2004)  > which considers the importance of the information source when evaluating > information accessibility. Results showed that the TAA avionics had > relatively little clutter but low accessibility ratings, especially in the > area of Communication. The interface showed to the operator is an important factor in how a system works. This topic has been discussed in RISKS on many occasions, but I thought this item might be of some interest.  http://psychology.wichita.edu/surl/usabilitynews/81/AvionicsSystems.htm  http://www.hf.faa.gov/docs/508/docs/gaPriorityReport.pdf
Many years ago I told [PGN] about a Northwest Airlines airplane in Detroit unable to take off since the computer could not boot. The airline switched equipment (planes). You suggested that I should have ... sent it to RISKS. The following item was in the *International Herald Tribune*, p. 24, in "The International Traveler Q&A", 3 Mar 2006: ... Los Angeles to London with American Airlines, we took off four hours late because of a defective computer, and then were diverted to New York to pick up a new computer ... The new computer wasn't working, so we had to change planes. We arrived in London nine hours behind schedule ... George B. Lambrakis, London
http://yro.slashdot.org/yro/06/03/06/1736234.shtml NJ Bill Would Prohibit Anonymous Posts on Forums Posted by ScuttleMonkey on Monday March 06, @02:06PM from the glad-we're-not-in-nj dept. Privacy The Internet An anonymous reader writes "The New Jersey legislature is considering a bill that would require operators of public forums to collect users' legal names and addresses, and effectively disallow anonymous speech on online forums. This raises some serious issues, such as to what extent local and state governments can go in enacting and enforcing Internet legislation." link to proposed bill: http://www.njleg.state.nj.us/2006/Bills/A1500/1327_I1.HTM IP Archives at: http://www.interesting-people.org/archives/interesting-people/ [This of course would have considerable impact on all Internet newsgroups, and opens up the question of liability that out-of-state moderators would have. It also greatly increases the difficulties for whistle-blowers who might wish to publicly air vital concerns without the obvious risks of retribution. Seems like a bad piece of legislation to me. PGN]
An organisation called the Mobile Malware Researchers Association has said that it has identified (indeed, that it has a copy of) the "first" virus that can infect both Win32 desktops and Windows Mobile Pocket PC machines and spreads from the former to the latter. The story was distributed by the UK IEE Newsletter this week: http://www.iee.org/oncomms/sector/informationpro/SectionNews/Object/B54B7AF4-CEDB-41F9-1B0278A0A33B97E6 MARA can be found at http://www.mobileav.org along with its list of members. Peter B. Ladkin, University of Bielefeld, Germany <www.rvs.uni-bielefeld.de>
> Sorry, but if I've learned anything in almost 20 years of malware research, > it's that active content can lead to trouble. This seems even worse to me than to Rob Slade. Dangerous technology, and deployed at (in significant part) the wrong end of the problem. What we'd like isn't so much to authenticate a browser (and thus, presumably, the person at the keyboard) to the site; what we'd like is something to authenticate the site to the user. At the cost of telling legitimate users they can only ever use one computer to get to their accounts, the technology does nothing about the use of stolen personal information to establish new accounts or to establish fraudulent first-time online access to existing accounts. Meanwhile, it convinces users to set browser security in such a way that sites users believe they should trust can execute (potentially) arbitrary code. Whee.
Back in the late 80's I was doing my degree at Massey University (NZ). In many Technology & Physics papers we were taught & graded mercilessly on getting the 'error' correct for the calculations. And showing the error on the result as well. Everything that Don Norman says about showing the correct precision for the calculation is correct. You lost marks in exams for this. Why have we suddenly lost the ability to do it in real life now? Could it be because much of this work is left up to young people who might be great at coding, but simply don't have an understanding of the reality behind the calculations they're being asked to program. How many people who write software actually have relevant experience in the real world for things they're doing? 10%? Probably less?
On confidence intervals around predictions: Don Norman's well-written piece on learning from crash accidents (RISKS-24.17) highlights the major risk here but skirts around it a little, perhaps for sound, rhetorical effect. It is required engineering practice, and indeed in courts of law the same principle is applied to expert evidence: show the tolerance factor. What is the likelihood of error? How sure are you? If you produce a prediction without assessing the confidence interval around the prediction you have just shown that you don't understand the problem you are trying to solve. If you can't answer the "likelihood of error" question in a court of law, then your status as an expert witness can be seriously undermined. It has been said that the human race did quite well for several millions of years without statistics and confidence intervals. Well, it's time to grow up. The major RISK is that many people, even some so-called experts, fail to understand this principle.
> I have seen this problem before: overly precise computations > produce more trust than is warranted. I collect slide rules as a hobby. One common topic in discussions with other collectors: Modern calculators and computers make it too easy to fall into the false-precision trap (e.g. 10-digit answers to problems with 3-digit input data). It's harder to do this with a slide rule, partly because of the limited precision of the instrument, but also because the scales graphically illustrate the decreasing significance of the rightmost digits. Successively finer scale divisions are squeezed closer together, but all digits on a calculator display are equally prominent. > I propose a design rule: never give an answer with more precision than is > warranted. Ideally show locations on a map as a smudge, the size > comparable to the statistical likelihood. An excellent suggestion: Use an analog display to illustrate the limited precision that's obscured by the bare digital display. Aviation is one of the few fields in which slide rule-type devices are still in common use, primarily as backup calculators in case the electronic systems fail. So it would be ironic if overly precise digital computations were a contributing factor in the Southwest Airlines crash. George C. Kaplan, Communication & Network Services, University of California at Berkeley 1-510-643-0496 firstname.lastname@example.org
NEW SECURITY PARADIGMS WORKSHOP, Call for Papers Schloss Dagstuhl, Germany, September 18-21, 2006 Submissions due 26 March 2006 http://www.nspw.org NSPW is a unique workshop that is devoted to the critical examination of new paradigms in security. Each year, since 1995, we examine proposals for new principles upon which information security can be rebuilt from the ground up. We conduct extensive, highly interactive discussions of these proposals, from which we hope both the audience and the authors emerge with a better understanding of the strengths and weaknesses of what has been discussed. In his seminal book "The Structure of Scientific Revolutions", Thomas Kuhn describes the progress of science as "a series of peaceful interludes punctuated by intellectually violent revolutions." These revolutions, which he called "paradigm shifts", are periods during which "one conceptual world view is replaced by another." A paradigm shift is thus not an incremental contribution to an established branch of science; it is an attempt to replace the fundamental dogma of a branch of science with a different, and completely incompatible, set of core principles. The New Security Paradigms workshop is dedicated to the proposition that what Kuhn called "anomalies" - signs that the prevailing paradigm can no longer explain phenomena observed in the real world - are already visible in the science of information security, and, indeed, that the anomalies are so obvious and so serious that the prevailing information security paradigm is or soon will be in crisis. NSPW aspires to be the philosophical and intellectual breeding ground from which a revolution in the science of information security will emerge. We solicit and accept papers on any topic in information security subject to the following caveats: 1) Papers that present a significant shift in thinking about difficult security issues are welcome. 2) Papers that build on a recent shift are also welcome. 3) Contrarian papers that dispute or call into question accepted practice or policy in security are also welcome. 4) We solicit papers that are not technology-centric, including those that deal with public policy issues and those that deal with the psychology and sociology of security theory and practice. 5) We discourage papers that represent established or completed works as well as those that substantially overlap other submitted or published papers. 6) We discourage papers which extend well-established security models with incremental improvements. 7) We encourage a high level of scholarship on the part of contributors. Authors are expected to be aware of related prior work in their topic area, even if it predates Google. In the course of preparing an NSPW paper, it is far better to read an original source than to cite a text book interpretation of it. Our program committee particularly looks for new paradigms, innovative approaches to older problems, early thinking on new topics, and controversial issues that might not make it into other conferences but deserve to have their try at shaking and breaking the mold. Participation in the workshop is limited to authors of accepted papers and conference organizers. Each paper is typically the focus of 45 to 60 minutes of presentation and discussion. Prospective authors are encouraged to submit ideas that might be considered risky in some other forum, and all participants are charged with providing feedback in a constructive manner. The resulting intensive brainstorming has proved to be an excellent medium for furthering the development of these ideas. The proceedings, which are published after the workshop, have consistently benefited from the inclusion of workshop feedback. We welcome three categories of submission: 1) Research papers. These should be of a length commensurate with the novelty of the paradigm and the amount of novel material that the reviewer must assimilate in order to evaluate it. 2) Position papers. These should be 5 - 10 pages in length and should espouse a well reasoned and carefully documented position on a security related topic that merits challenge and / or discussion. 3) Discussion topic proposals. Discussion topic proposals should include an in-depth description of the topic to be discussed, a convincing argument that the topic will lead to a lively discussion, and supporting materials that can aid in the evaluation of the proposal. The later may include the credentials of the proposed discussants. Discussion topic proposers may want to consider involving conference organizers or previous attendees in their proposals. Submissions must include the following: 1) The submission in PDF format, viewable by Adobe Acrobat reader. 2) A justification for inclusion in NSPW. Specify the category of your submission and describe, in one page or less, why your submission is appropriate for the New Security Paradigms Workshop. A good justification will describe the new paradigm being proposed, explain how it departs from existing theory or practice, and identify those aspects of the status quo it challenges or rejects. The justification is a major factor in determining acceptance. 3) An Attendance Statement specifying how many authors wish to attend the workshop. Accepted papers require the attendance of at least one author for the entire duration of the workshop. Attendance is limited, and we cannot guarantee space for more than one author. No submission may have been published elsewhere nor may a similar submission be under consideration for publication or presentation in any other forum during the NSPW review process. The submission deadline is Monday, 26 March 2006. Notification of acceptance will be Monday, 28 May, 2006. See http://www.nspw.org for details of the workshop policies and for submission procedures. John McDermott, Publicity Chair, New Security Paradigms Workshop '06 [Slightly pruned for RISKS. This is a very important workshop. PGN]
2006 USENIX Annual Technical Conference May 30-June 3, 2006, Boston, MA http://www.usenix.org/usenix06/proga Early Bird Registration Deadline: May 12, 2006 We're pleased to invite you to attend the 2006 USENIX Annual Technical Conference. This year we're offering 5 days of training running alongside a 3-day conference program filled with the latest research, security breakthroughs, and practical approaches to the questions and problems you wrestle with. You'll also have many opportunities to chat with peers who share your concerns and interests. --- Training: Tuesday-Saturday, May 30-June 3, 2006 USENIX '06 offers 5 days of tutorials led by highly respected Instructors covering crucial topics including: * Measuring Security, Dan Geer * Ajax and Advanced Responsive WebApp Development, Alex Russell * Administering Linux in Production Environments, AEleen Frisch * Building a Logging Infrastructure and Log Analysis for Security, Abe Singer * Defense Against the Dark Arts: Repelling the Wily Hacker, Bill Cheswick To view the entire training program, see: http://www.usenix.org/events/usenix06/training/ --- Technical Sessions: Thursday-Saturday, June 1-3, 2006 The 3-day technical program begins with the keynote address: "Planetlab: Evolution vs. Intelligent Design in Planetary-Scale Infrastructure," by Larry Peterson, Princeton University and PlanetLab Consortium, and includes other Invited Talks of note, such as: * Plenary Session: "Why Mr. Incredible and Buzz Lightyear Need Better Tools: Pixar and Software Development," by Greg Brandeau, Vice President of Technology, Pixar Animation Studios * Closing Session: "Real Operating Systems for Real-time Motion Control," by Trevor Blackwell, CTO, Anybots * Peiter "Mudge" Zatko, BBN Technologies, on "Success, Failure, and Alternative Solutions for Network Security" * Matt Welsh, Harvard University, on "Deploying a Sensor Network on an Active Volcano" * And more! The Systems Practice and Experience track is the premier forum for presenting the latest in groundbreaking research. Be among the first to check out the latest innovative work on the topics you need most. Check out the full technical program at: http://www.usenix.org/events/usenix06/tech/ Finally, don't miss the opportunity to pose your toughest questions to the experts in the Guru Is In Sessions. Mingle with colleagues and leading experts at the Birds-of-a-Feather sessions and at the various evening social events, including a Poster Session & Happy Hour, vendor sessions, and an off-site conference reception. USENIX '06 promises to be an exciting showcase for the latest in innovative research and cutting-edge practices in technology. We look forward to seeing you in Boston in May. Register today at: http://www.usenix.org/events/usenix06/registration/ On behalf of the USENIX '06 Organizers, Atul Adya, Microsoft Erich Nahum, IBM T.J. Watson Research Center USENIX '06 Program Co-Chairs 2006 USENIX Annual Technical Conference May 30-June 3, 2006, Boston, MA http://www.usenix.org/usenix06/proga Early Bird Registration Deadline: May 12, 2006
BKPRILFB.RVW 20051117 "Practical Internet Law for Business", Kurt M. Saunders, 2001, 1-58053-003-6, U$73.00 %A Kurt M. Saunders %C 685 Canton St., Norwood, MA 02062 %D 2001 %G 1-58053-003-6 %I Artech House/Horizon %O U$73.00 800-225-9977 fax: 617-769-6334 email@example.com %O http://www.amazon.com/exec/obidos/ASIN/1580530036/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1580530036/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1580530036/robsladesin03-20 %O Audience s- Tech 1 Writing 2 (see revfaq.htm for explanation) %P 162 p. %T "Practical Internet Law for Business" The preface states that this book is intended to allow business and system managers to understand the legal issues surrounding electronic commerce. Chapter one provides a brief and basic historical overview of the Internet, stressing the decentralized nature, and the fact that nobody is in charge. Jurisdiction, and the rulings in regard to it, are discussed in chapter two. (Somewhat ironically, in view of the topic, while international decisions are mentioned, the material is definitely oriented to the legal system of the United States.) Encryption is the topic of chapter three, which deals with export controls on cryptographic software (even though the regulations have been extensively liberalized) and electronic signature laws (even though many of these laws allow for completely unencrypted "signatures"). Chapter four very briefly examines the issue of trade secrets, seemingly without much relation to the Internet. Trademarks, on the other hand, do have a great deal of relevance to the net in cybersquatting cases and the like, and are addressed in chapter five. Some of the material on copyright, in chapter six, repeats content dealt with in chapter five. Chapter seven provides an interesting and detailed examination of email privacy in the workplace. Chapter eight is rather vague, since its definition of "online crime" is not very specific. (Some of the case law presented is also reported simplistically: the account of United States vs Thomas, for example, does not deal with the issue of community standards that made the material legal in California but not in Tennessee.) The book closes with patent law, in chapter nine (oddly separated from the other intellectual property topics in chapters four to six), most of which deals with the non-patentability of software. This work is a lot about law, and not very much about the Internet. How practical it may be is a question that individual readers will have to answer. copyright Robert M. Slade, 2005 BKPRILFB.RVW 20051117 firstname.lastname@example.org email@example.com firstname.lastname@example.org http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
BKCBRRGS.RVW 20051202 "CyberRegs", Bill Zoellick, 2002, 0-201-72230-5, U$39.99/C$59.95 %A Bill Zoellick %C P.O. Box 520, 26 Prince Andrew Place, Don Mills, Ontario M3C 2T8 %D 2002 %G 0-201-72230-5 %I Addison-Wesley Publishing Co. %O U$39.99/C$59.95 416-447-5101 fax: 416-443-0948 email@example.com %O http://www.amazon.com/exec/obidos/ASIN/0201722305/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/0201722305/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/0201722305/robsladesin03-20 %O Audience i Tech 1 Writing 2 (see revfaq.htm for explanation) %P 307 %T "CyberRegs: A Business Guide to Web Property Privacy and Patents" The introduction states that the nature of the Web is in flux. Those who take too strong and doctrinaire a stance on the character of the Internet will be subject to failures in their attempts to do business there. In addition, the author states his opinion, based on the research conducted for the book, that attempts to apply regulation to the net should be sparing. Part one deals with copyright. Chapter one reviews the past history of copyright legislation and purposes, and also the recent case of Napster. (The book was completed before the Napster case concluded.) "DVD Jon" and the DeCSS case is the topic of chapter two. The author's experiences with the publishing and sale of special reports forms the basis for an examination of licensing, in chapter three, and also the balance of rights between publisher and user/consumer. The development and shift in copyright regulations and perspectives is given in chapter four. Chapter five lists further reading on the topic: an annotated bibliography of text and online sources. The works are well chosen and the annotations provide good overviews of the material. Part two addresses patents. Chapter six outlines the Amazon "1-Click" patent, and the issue of an idea versus a specific implementation. A variety of other patents and lawsuits are examined in chapter seven. Chapter eight deals with the issue of patentability of an entity or item. The issue of patenting business methods is dealt with in chapter nine. Chapter ten examines the impact of patents on the Internet. Walker Digital and the business of creating and holding business patents is in chapter eleven. Recent US legislation amending patent concepts and applicability is covered in chapter twelve. Chapter thirteen opines about the future and fourteen closes off the topic with the reference section. Part four surveys electronic signatures and the E-Sign act. Chapter fifteen discusses the provisions of the act itself, including the fact that it doesn't (in any significant way) define what an electronic signature can be, thus obviating the need for many of the functions of a signature. (This is followed by a brief section entitled "A Deeper Look" that explains the technical concept of digital signatures.) Business will increase because of the act, says chapter sixteen. Chapter seventeen makes the case (rather weakly, perhaps) that E-Sign is a good act, because it doesn't impede allowable technologies. Eighteen is the references chapter for electronic signatures. Part four moves in on privacy. Chapter nineteen cites a couple of cases of the market for private information. US legal precedents regarding the right to privacy are in chapter twenty. Consumer concerns, in chapter twenty-one, are followed up by "A Deeper Look" at cookies and Web bugs, and by another on the Platform for Privacy Preferences Project (P3P). US legislative moves regarding privacy are discussed in chapter twenty-two. (It is interesting to note that Zoellick quotes a legislator stating that privacy acts would be passed before 2002. This did not happen. In addition, of the various aspects discussed in the chapter, bill S.1789, before the Senate as this review is being written, addresses only access and enforcement.) Chapter twenty-three tries, without much success, to propose a framework for privacy. Again, twenty-four contains references. An epilogue finishes out the book by opining that businesses can, and should, work at understanding the Web better, so that they can shape its future development. As long as they develop it the way the author suggests. Oddly, this work does not seem to add materially to other discussions of Internet law. That it examines intellectual property issues in such depth is interesting, but not illuminating. However, Zoellick does have a much more engaging writing style than other authors who have written on legal topics in relation to the net, and the text is much more readable than most such books. There is a good deal of valuable information in this volume on the subjects examined: but there is a lot of opinion as well. copyright Robert M. Slade, 2005 BKCBRRGS.RVW 20051202 firstname.lastname@example.org email@example.com firstname.lastname@example.org http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
Please report problems with the web pages to the maintainer