Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Tom Yager, E-prescription for IT disaster, *Infoworld* Blog, 19 Nov 2008 http://weblog.infoworld.com/yager/archives/2008/11/eprescribing_mo.html?source=NLC-DAILY&cgd=2008-11-19 The federal paperless prescription mandate is a model for pathetic planning that will leave users and IT blamed for failures Researchers just finished mapping a patient's leukemia tumor genome, finding only eight differences between her tumor cells and normal ones taken from her skin. This breakthrough in medical technology was somehow accomplished while the American Medical Association and U.S. government health agencies are doing a rip and replace of the nation's medication distribution system. Taking the prescription system paperless has been on the national road map since timeshared mainframes were the rage, but up to now, those delivering, managing, regulating, and receiving health care always found wiser uses for the time and money required for a prescription system overhaul. Now, in the final seconds before an administration sworn to reform health care takes office, e-prescribing is being lofted as a Hail Mary pass by interests with a mix of honorable and questionable intentions. It has not remotely begun to gel, but now it is poor planning made law, and it falls to practitioners, pharmacies, and IT to make it work. Make it work now, or the government will dock already inadequate reimbursement for treatment under Medicare and Medicaid. Company-paid insurance can't be handled any other way. It probably seems that I'm casting too jaundiced an eye on the issue. Who could oppose the modernization of a paper system whose flaws exact tolls in lives and taxpayer dollars lost to fraud? Trouble is, e-prescribing is loaded with agendas, with conduits for control and work-arounds for potential future regulation and reformation (whatever those may be). It is being executed under the rubric of urgent social necessity, but the health care system has far more pressing issues to deal with. Doctors have less time to see patients, new reasons to refuse to treat patients on government assistance, and new levels of complication that tacitly discourage certain types of prescriptions. Ain't broke E-prescribing is sold as an essential modernization of a creaky, error-prone, inefficient, and costly paper system that cannot keep pace with the explosive growth of prescriptions. If you didn't know better, you might say they're right. This archaic system has its roots in simpler times when small-town pharmacists knew small-town doctors and their office staff personally. Pharmacists' experience and face-to-face dealings with patients red-flagged erroneous or suspicious prescriptions. [...]
A computer virus infection has forced a number of London hospitals to shut down their IT systems, and revert to manual operation. [Searching on this turned up many reports, naming St Bartholomew's, the Royal London Hospital, and the London Chest Hospital, all part of the Barts and London NHS Trusts. The URL Patrick gave me did not seem to work. PGN]
The Records Act does not prevent the use of a Blackberry - all you have to do is record what you send (and receive) - a relatively simple matter. The fact that sending classified over a blackberry is a problem is, of course, a limitation, but hardly a surprise. The other challenge relates to the traceability of the blackberry to a location and the ability to use this information to deliver smart weapons on target. And then there is the use of the voice part for recording conversations when it appears to be off. And of course the list goes on. But isn't this a good thing for computer security? After all, we can secure things like this if we want to, and the fact that so public an official has to deal with these sorts of issues should be an eye-opener for lots of folks. It's a good thing that it is being brought up, but it should not force him to stop using the device. Assuming it is properly managed. That brings us to the real issue. The security of Federal systems and the measures taken to protect (and not protect) them are problematic, they tend to get low scores on relatively simple tests of security, and of course the White House computer systems have been broken into recently (according to the news stories) and emails revealed - blackberry not even involved. At the dawn of the information age, as it enters the highest parts of our government, we may actually see an executive who has to deal with these issues and a serious effect on notional policy and operational decisions. Change is coming, but will that change be change we can rely on? Fred Cohen & Associates, 572 Leona Drive, Livermore, CA 94550 http://all.net/ 1-925-454-0171 http://tech.groups.yahoo.com/group/FCA-announce/join
Most of what has been written about the President-elect and his BlackBerry is nonsense. As President, he may not have time for as big a time-suck as a BlackBerry, but neither the Presidential Records Act nor security concerns (for unclassified material) should be an issue. A BlackBerry certainly meets all the retention requirements of the PRA (actually, these would be met by the underlying mail system-Exchange, Lotus Domino, or GroupWise.) With respect to security, the BlackBerry has picked up a long list of approvals, including certification under FIPS for "sensitive but unclassified" information. BlackBerrys are widely used within the government, including by law enforcement agencies, as is a similar technology for Windows Mobile and Palm from Motorola Good Mobile Messaging. Steve Wildstrom, Technology & You columnist, BusinessWeek, 1200 G St NW Suite 1100, Washington, DC 20005 www.businessweek.com/technology/wildstrom.htm
... Risks of using poorly customized map software ... http://news.bbc.co.uk/2/hi/in_depth/629/629/7600053.stm The BBC Box uses GPS based satellite transponder technology. The Box pings its location every 24 hours. The Box should ping its location every 11 hours, or some oddball number smaller than 24. Sadly, the sample ping sample interval is too small — and the mapping software is not bright enough to use arcs between sample points to avoid clearly wrong map displays. In this case The Box's trip around Taiwan looks totally wrong (19/10/2008 & 20/10/2008). The ship did not plow thru the Taiwanese mountains! Also, the trip around Indonesia, and Malaya to Singapore looks totally wrong as well. And the trip skirting around Sri Lanka does not look right either. And Yemen, eeesh! * These nation's EEZ's are somewhat unsafe due to piracy, but that issue needs to be tackled by the UN. * I don't believe that a smaller ping interval is any less safe, if the new data point is delayed from being displayed by 120 minutes. What other visual mapping gaffes will we have to tolerate for the next year? The Box project will last a year at least. I actually hope the BBC inserts interpolated data points, or even better -- get a GPS log of the container ship's route. The GPS unit in use here probably stores a data point every 15 minutes, and can probably send trip logs autonomously. Max Power, CEO, Power Broadcasting, http://HireMe.geek.nz
Slashdot just ran a story about a lead substitute based on bisumth. http://tech.slashdot.org/article.pl?sid=08/11/19/2330241 As I had expected, some of the commenters (me among them) noted that the removal of lead from solder to meet European RoHS requirements is causing problems with the formation of tin whiskers. http://www.siliconfareast.com/whiskers.htm So, now, the question you have to ask yourselves is: what happens when one of those tin whiskers shorts out a critical piece of avionics in the plane you're flying in? And, more importantly... has that thought already occurred to people who build avionics, and make RoHS laws... and if so, why does Google have so much trouble finding evidence thereof? http://www.google.com/search?q=rohs+tin+whiskers+avionics Everybody seems to be trying to *fix* this potential problem, but the whole point of RoHS was, as I understand it, keeping lead out of landfills. How many avionics and other such life-critical items end up in landfills in the first place? Jay R. Ashworth, Ashworth & Associates, St Petersburg FL +1 727 647 1274 http://baylink.pitas.com http://photo.imageinc.us
The risk of not being able to read aging storing media / formats is no doubt familiar to many RISKS readers, but this particular story seems like a textbook example. "Scientists hope to recover lost data from the Apollo moon missions using a 40-year-old tape drive borrowed from the Australian Computer Museum Society (ACMS). NASA lost its original tapes - containing data from studies of lunar dust but thankfully back-ups were stored at Sydney University. Work is now underway to restore a 1960s-era IBM 729 Mark V tape drive so the tapes can be read." More info at: http://www.abc.net.au/news/stories/2008/11/10/2415393.htm The real irony here is that the ACMS's valuable, historical collection of computers has been evicted twice and struggles for funding. I suspect we went awfully close to never being able to retrieve NASA's lost data.
While the problem (loss of data due to obsolete formats/equipment) is real, consider this: the moon dust/rock samples have been carefully preserved and are available for analysis by qualified scientists. It would probably be cheaper to re-run the chemical and isotopic analyses. The analytic technology has progressed to be able to use much smaller masses and would probably offer more precision and flexibility. It's been discussed thoroughly before, but a more significant problem, in my opinion, is the loss of data due to aging of storage media, and specifically the loss of time sensitive data. For instance, 30-year-old photographs that, when compared against current images, might lead to major astronomical findings by showing long-term changes in positions or conditions of celestial objects.
Jeffrey Darlington of the Digital Preservation Department of the The National Archives wrote in 2003 about the rescue in an article in Ariadne, a magazine for information professionals in archives, libraries and museums: http://www.ariadne.ac.uk/issue36/tna/
In other words, they have bound the data format from the start to specific hardware implementations, which were rare even then. This put an extra burden on the archivers who would necessarily have to convert it later. (Maybe this reflects the general attitude in a country where power is still measured by horses, and people are weighed by stones :-)) Once data is digitized, it would certainly fare much better if it was kept in the most simple form; I suspect it would have been easier to rescue even if it was all put on punched cards!
In fairness, that was always the plan. The original schedule when Phoenix landed in May was to operate for three months during the Martian summer, but it worked well enough that they extended the mission twice until it ran out of sunlight. I wonder why they didn't design it to go to sleep and try waking it up when the days get longer. Perhaps they figure that by then there will be so much dust on it that it won't get enough sunlight to restart. John Levine, firstname.lastname@example.org, http://www.johnlevine.com Primary Perpetrator of "The Internet for Dummies",
It's not Excel auto-formatting. It's a breakdown in the communication of significance between those who know what something means and those who just manipulate spreadsheets without knowing what they mean; compounded by last-minute rush and pressure and lack of supervision. see http://www.sysmod.com/praxis/prax0811.htm Some of my comments are: "A maximum of one minute checking time, then. If you delegate work, you have the responsibility to check it. Spotting 179 differences in 1000 rows is not that hard. Lawyers always work with paper evidence, so a simple check would have been to print the excel sheet as received, print the PDF, and visually compare the pagination. If they had had to do it by midnight, then at least the largest numbers could be checked in 15-20 mins. After all, even with the late submission by the client, counsel had nearly four hours just to look at it and convert it to PDF. If the check had been done on Sept 18, much embarrassment would have been spared." "Let's look at the interface between client and lawyer. Clients should be able to expect well-paid lawyers to exercise vigilance and help protect the clients against themselves. As well as their first job which is to review the substantive content of documents, it should be standard practice in to review all received files for metadata and hidden data. It could be hidden text in a Word document, blacked-out text in a PDF, or file properties in an Office document that reveal identities. However, lawyers are rather expensive IT reviewers, so for one's own protection, one should review documents both in content and form before release. Form includes not just hidden data, but anything that is not manifestly clear to the parties involved and could be a source of confusion. Is "Y/N" in column Z a sufficient indicator, and was its significance made plain?" I have not read about the judgment yet on the case which was due Nov. 5 Patrick O'Beirne, Systems Modelling Ltd. http://www.sysmod.com/ (+353)(0) 5394 22294
Please report problems with the web pages to the maintainer