The RISKS Digest
Volume 24 Issue 74

Thursday, 19th July 2007

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


"Microsoft Copy Protection Cracked Again" and who's surprised?
Fred Reinke
Re: Microsoft protects me against ... Microsoft
Peter Mellor
Re: Space Shuttle uses 2-version programming
A. Marc Passy
N-version programming & low-probability events
Henry Baker
Re: Hurricane forecasting uncertainty
Jonathan Kamens
Re: Gripen: Risks of safety measures in military jet
Name withheld
Re: Search Engine Dispute Notification
Lauren Weinstein
Nick Brown
Paul Schreiber
Info on RISKS (comp.risks)

"Microsoft Copy Protection Cracked Again" and who's surprised?

<Fred Reinke <>>
Tue, 17 Jul 2007 14:32:42 -0400

Jessica Mintz, AP, 17 Jul 2007
Microsoft Copy Protection Cracked Again
<> &show_article=1&cat=breaking

  Microsoft Corp. is once again on the defensive against hackers after the
  launch of a new program that gives average PC users tools to unlock
  copy-protected digital music and movies.

  The latest version of the FairUse4M program, which can crack Microsoft's
  digital rights management system for Windows Media audio and video files,
  was published online late Friday. In the past year, Microsoft plugged
  holes exploited by two earlier versions of the program and filed a federal
  lawsuit against its anonymous authors. Microsoft dropped the lawsuit after
  failing to identify them.

  The third version of FairUse4M has a simple drag-and-drop interface. PC
  users can turn the protected music files they bought online-either a la
  carte or as part of a subscription service like Napster-and turn them into
  DRM-free tunes that can be copied and shared at will, or turned into MP3
  files that can play on any type of digital music player.

Like an arms race, the DRM folks are spending a lot of cycles on a failing

Like putting lipstick on the proverbial pig, it annoys their paying
customers and is pretty ugly! Some of my biggest irritations, in my
computing career, have been at the hands of "copy protection". Couple that
with bad, or non-existent, support and you have the seeds of a revolt.

I now don't buy content online — music or other kinds — if it has copy
protection. I have a lot of expensive 8 tracks, cassettes, and cds of
"content" that are unusable. Add to that "software", which has stopped
working, stopped being supported, or otherwise orphaned.

My most recent experience was with MusicMatch JukeBox being acquired by
Yahoo and forced to "upgrade". This was one of my last purchases, excuse me
"licensing" — what "barbara streisand"!! —  before my new policy of "no

"No more" locked content. "No more" buying software, excuse me licensing it,
from vendors who are one step below used car salesmen. "No more" operating
systems that require "activation" and have "self-help" provisions.

I look to the open source software makers and happily "donate" to their

I'm calling out the content makers, "software" licensors, and the entire
Microsoft empire as the hucksters they are. At least the snake oil sales men
of yesteryear didn't try and make you "license" the bottle! A plague on all
their houses.

Imagine how I'll be when I get old and crotchety!

Ferdinand J. Reinke, Kendall Park, NJ 08824

Re: Microsoft protects me against ... Microsoft (RISKS-24.73)

Tue, 17 Jul 2007 21:40:07 EDT

On 17 Jan 2007 I suffered a very similar incident.  I had accepted
Microsoft's regular automatic updates to Windows XP without problem for some
time.  On this occasion, it did a massive update taking over an hour, and I
saw that my system had been upgraded from Service Pack 1 (SP1) to SP2.  When
I rebooted as instructed so that the upgrade could take effect, the reboot

To overcome this I had to re-install Windows XP at SP1 level from the issue
disk, and then recover various other facilities such as my broadband
wireless connection.  It took me until the end of January before I had a
satisfactorily working system again (at SP1).

I have disabled automatic updating.

I kept detailed notes of the problem and how I overcame it, in case anyone
is interested in a blow-by-blow account.

Peter Mellor;   Mobile: 07914 045072;   email:
Telephone and Fax: +44 (0)20 8459 7669

Re: Space Shuttle uses 2-version programming (PGN, RISKS-24.73)

<"A. Marc Passy" <>>
Wed, 18 Jul 2007 09:32:59 -0500

> PGN: As I understand it, the following is true: the FIFTH computer is not
> fully functional — it is intended to have just enough programming to land
> the shuttle in the event that the four main computers all fail.  Testing
> it safely under live conditions where the first four computers are
> inoperable is essentially undesirable, if not practically impossible.  The
> fifth system has never been invoked.

Mostly true, but it has been tested extensively in simulation.  (It actually
has both Ascent & entry functions - just no orbital functions.  It can get
you to orbit, just not do anything there but bring you home.)

> PGN: "Worse yet, it has most likely not been maintained for compatibility
> with the other four.  "

This is Flat Wrong.  EVERY change to Shuttle software is evaluated for both
PASS (primary Software) and BFS (Backup) impacts.  It is maintained to
EXACTLY the same standards as the PASS.  (Though now, by just a different
workgroup, not a whole different company.)

Marc Passy, Former NASA Flight Controller

  [Marc, TNX for that.  I appreciate your expert view.  However, "tested
  extensively in simulation" strikes my formal-methods funny-bone rather
  oddly, given all the risks of what might be called `proof by simulation'.
  But I am glad to hear that PASS/BFS incompatibilities are not a problem.

N-version programming & low-probability events

<Henry Baker <>>
Thu, 19 Jul 2007 09:08:08 -0700

I've seen too many people dismiss errors that occur only once in 10^9 or
even in 10^12 events.  These seem like very small probabilities, which most
people would suggest are acceptable error rates.  However, with today's
video files growing to 100 or 1000 gigabytes (hidef 10 MByte/sec for 10,000
secs = 100 GBytes), we now are facing even chances of errors *on every
single video file*.  If such an error occurs in the portion of the file
which indicates its structure, one can easily lose substantial fractions of
the entire file.

Another way to think about this problem is the following thought experiment,
which was prompted by the "branch prediction" capability of today's
microprocessors.  Program a loop to execute 10^12 times, which is feasible
on today's processors.  Since the probability of exiting the loop is 10^-12,
and therefore negligible, we can dispense with the exit test entirely and
replace the loop with an infinite loop.  QED

Re: Hurricane forecasting uncertainty (Gresko, RISKS-24.69)

<Jonathan Kamens <>>
Tuesday, July 10, 2007 9:03 AM

> The National Oceanic and Atmospheric Administration chief has said written
> that the anticipated failure of QuikScat ("an aging weather satellite
> crucial to accurate predictions on the intensity and path of hurricanes",
> launched in 1999 and designed to last only a few years) could add
> uncertainty to forecasts and broaden the areas over which hurricane
> warnings and watches would have to be invoked.

For the record, Bill Proenza, the "chief" referred to above, has now been
replaced, in no small part because of his public statements about the
QuickScat risk.

Much of the staff at the NOAA's hurricane center disagreed with Proenza
about the risk, and they were concerned that his the-sky-is-falling message
might prompt Congress not to budget more money to replace QuickScat, but
rather to take money from other parts of the NOAA budget which the staff
felt were more important.

They first attempted to air their concerns privately.  When that failed to
have any effect, they published a letter, signed by 23 of the center's 50
employees, demanding his ouster.  A quote from the letter: "The center needs
a new director, and, with the heart of the hurricane season fast
approaching, urges the Department of Commerce to make this happen as quickly
as possible. The effective functioning of the National Hurricane Center is
at stake."

Jonathan Kamens, IT Manager / Principal Engineer, Tamale Software
320 Congress Street, Boston, MA  02210   1-617-261-0264 ext. 133

Re: Gripen: Risks of safety measures in military jet (Mellor, R-24.73)

<Name withheld by request>
Wed, 18 Jul 2007 16:02:44 +0100 (BST)

> "Perhaps someone familiar with the Eurofighter could supply some
> authoritative information"

Eurofighter Typhoon has no automatic initiation of the Escape System other
than linking the front and rear cockpits in the two seat variant, but even
in this case the escape system has to be initiated by the aircrew.

Regarding the initiation of the escape system in Gripen allegedly by the
anti-g suit, I find this highly unlikely.  The Gripen uses the Martin-Baker
Mk10 ejection seat, you can see some details here:

The picture clearly shows the firing handle. In order to initiate the
ejection the handle must be pulled to release it from its retaining bracket;
on the Mk10 seat this will require a force of at least 15 pounds and then
the handle must be pulled further (probably around one inch) whilst
maintaining a force of at least 15 pounds.

You can see that the seat firing handle sits very close to what Monty Python
referred to as "the naughty bits". Inflation of the anti-g trousers, if they
contact the firing handle, is likely to impart force on either side of the
handle in a sideways direction but none (or very little) in the upwards
direction that is necessary to fire the system.

The handle itself is flexible and can be deformed; it's like stiff wire, so
if the anti-g suit is responsible then it must impart at least 15 pounds of
force upwards after deforming the handle and move the handle at least one
inch. Something which I really can't see happening.

Typhoon uses the Martin-Baker Mk16A seat which, in terms of how the aircrew
operate the escape system, is very similar to the Mk10 except that at least
30 pounds of force is needed to lift the handle.

To date there have been no un-commanded ejections from Typhoon.

Interestingly enough, looking at the Martin-Baker web-site the F35 Lightning
II (JSF) uses a Mk16E seat which does have an auto initiate capability
though I have no idea what conditions would activate this.

Re: Search Engine Dispute Notification (Kirakowski, R-24.73)

<Lauren Weinstein <>>
Tue, 17 Jul 2007 13:09:22 -0700 (PDT)

Jurik apparently misunderstood a key premise in my public thinking on this
subject, e.g.:

In particular, I have *not* suggested an "on-demand" system for search
engine results dispute notifications.


a) First line application would always be the legal system.

b) A third-party "independent entity" — whether a formal organization or a
   distributed, virtual construct, would evaluate disputes that could not be
   directed to the legal system.

c) Only *very serious* attacks — mainly against individuals (at the level
   of defamation, for example) — would be considered for dispute link

d) Displayed dispute links would be ignored for the purposes of search
   engine page ranking calculations.

e) Dispute links would simply point to a location for more information about
   the particular situation — they would not themselves provide detailed
   information about the dispute.

In other words, this would definitely not be an "on demand" system.

Fundamentally, I want to make sure that there is recourse for people like a
woman featured on CNN recently.  She has been mercilessly harassed by a
fellow with vicious false Web pages.  She obtained a court judgment against
him, but he fled the country and his sites are now beyond the reach of a
U.S. takedown order.

Naturally, search engines continue to steer traffic to his defaming sites,
without any indication that something could be "wrong" about those pages, or
that a U.S. court has ruled against them.  The damage to the targeted woman

I am unwilling to accept the concept that there must be no mechanism to warn
of very serious disputes, simply because there are many disputes that do not
rise to the level appropriate for such dispute link notifications.

Lauren Weinstein or +1 (818) 225-2800

Re: Search Engine Dispute Notification (Kirakowski, RISKS-24.73)

<"BROWN Nick" <>>
Wed, 18 Jul 2007 14:56:58 +0200

> I offer this more in the spirit of a 'straw man' since there must be an
> obvious rejoinder which unfortunately this morning I just can't see.

Allow me to try :-)

> This is not a route available to the bogus site owner [B] who does not
> have the same peer network as I do.

I suspect that, since she is prepared to spoof your site, she is probably
also prepared to contact C and D - or rather, the interns or minimum-wager
McJobbers who maintain C and D's links pages - probably even before you
notice that B is spoofing you.

(By getting her retaliation in first, she will have established a useful bit
of psychological legitimacy too.  A few years ago, some friends of mine had
problems with noisy, antisocial neighbours.  The first thing the neighbours
did when they moved into their house - before turning up the volume on the
hi-fi, banging on the walls, etc - was to call the police and complain that
their neighbours (my friends) were harassing them from day one.  As a
result, it took months and several independent depositions (fortunately,
there were other neighbours) before it was realised who were the real

> It will be in the best interests of [C], [D]... to assist me in this as
> they themselves may one day come under attack in this way.

In addition to the "intern" consideration above, this also assumes that the
people who make policy at C and D have the time and the inclination to make
the world a better place by signing up to a social movement which promises
them some potential future benefit, without any guarantees.  I suspect that
this will not find much space in their timetable between the modern Holy
Trinity (budget, deadline, and quality plan).

Nick Brown, Strasbourg, France.

Re: Search Engine Dispute Notifications (Cowan, RISKS-24.71)

<Paul Schreiber <>>
Thu, 5 Jul 2007 10:05:19 -0700

> ... individuals who feel defamed by slanderous web sites just need to
> copyright or otherwise classify that information about themselves as
> intellectual property, and then issue a DMCA take-down order.  :-)

I know this was intended as a joke, but Crispin get the details wrong, make it
slightly less funny and muddying an already confusing issue.

* You can't copyright "information about themselves" Facts are not
  copyrightable. You can only copyright something fixed in material form. If
  you had written something and they had copied it verbatim, that *might* be

* "or otherwise intellectual property" The DMCA only applies
  to copyrighted works, not to trademarked or patented items.

As for the real world, well, you could probably get away with it, because
experience shows DMCA take-down notices are rarely verified.

Please report problems with the web pages to the maintainer