Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Alexander Stepanov and Paul McJones
Elements of Programming
Addison-Wesley
2009
ISBN 978-0-321-63537-2
What could be one of the most important books for developers of low-risk
systems has come to my attention, and deserves your consideration if you are
serious about understanding the mathematical foundations of programming and
applying them sensibly to your practice. It is not an easy read, but it is
a very compelling approach. To support its mathematically oriented
crispness, the book includes the definition of a small but elegant C++
subset that has been crafted by Sean Parent and Bjarne Stroustrup for
illustrative use in the book. I believe this material should be taught
within all computer science curricula.
A long quote and a short one on the back jacket give an idea of what is
involved:
Ask a mechanical, structural, or electrical engineer how far they would
get without a heavy reliance on a firm mathematical foundation, and they
will tell you, `not far.' Yet so-called software engineers often practice
their art with little or no idea of the mathematical underpinnings of what
they are doing. And then we wonder why software is notorious for being
delivered late and full of bugs, while other engineers routinely deliver
finished bridges, automobiles, electrical appliances, etc., on time and
with only minor defects. This book sets out to redress this imbalance.
Members of my advanced development team at Adobe who took the course based
on the same material all benefited greatly from the time invested. It may
appear as a highly technical text intended only for computer scientists,
but it should be required reading for all practicing software engineers.
— Martin Newell, Adobe Fellow
The book contains some of the most beautiful code I have ever seen.
— Bjarne Stroustrup
The bottom of the inside cover suggests that through this book you will come
to understand that mathematics is good for programming, and theory is good
for practice. I applaud that sentiment.
IDG News Service: By some estimates there are 15 to 20 of these secret wiretapping rooms across the country. You're the only AT&T employee who has come forward and talked about them in detail. Why? Mark Klein: Fear. First of all it was a scary time. It still is a scary time, but during the Bush years it was sort of a witch hunt atmosphere and people were afraid. People are afraid of losing their jobs, and it's a rule of thumb that if you become a whistleblower you'll probably lose your job. And if you have a security clearance, you not only lose your job, but you probably will be prosecuted by the government. The Bush administration made that very clear in statements they made over and over again: 'Anybody who reveals anything about our secret programs will be prosecuted and we are running investigations to find out who leaked this to the New York Times.' Well that puts a fear in people. http://www.computerworld.com/s/article/9135645/The_NSA_wiretapping_story_nobody_wanted While campaigning against President George W. Bush, Barack Obama had pledged that there would be "no more wiretapping of American citizens," but President Obama's administration has continued to use many of his predecessor's arguments when it comes to warrantless wiretapping. http://www.computerworld.com/s/article/9135575/Obama_administration_defends_Bush_wiretapping
In George Orwell's "1984," government censors erase all traces of news articles embarrassing to Big Brother by sending them down an incineration chute called the "memory hole." On Friday, it was "1984" and another Orwell book, "Animal Farm," that were dropped down the memory hole - by Amazon.com. In a move that angered customers and generated waves of online pique, Amazon remotely deleted some digital editions of the books from the Kindle devices of readers who had bought them. An Amazon spokesman, Drew Herdener, said in an e-mail message that the books were added to the Kindle store by a company that did not have rights to them, using a self-service function. "When we were notified of this by the rights holder, we removed the illegal copies from our systems and from customers' devices, and refunded customers," he said. Amazon effectively acknowledged that the deletions were a bad idea. "We are changing our systems so that in the future we will not remove books from customers' devices in these circumstances," Mr. Herdener said. [...] [Source: Brad Stone, *The New York Times*, 18 Jul 2009] http://www.nytimes.com/2009/07/18/technology/companies/18amazon.html [Lots of media coverage on this one, especially the 1984 connection. See also an item from David Pogue's Posts: Some E-Books Are More Equal Than Others, 17 Jul 2009. PGN] http://pogue.blogs.nytimes.com/2009/07/17/some-e-books-are-more-equal-than-others/
I see two RISKS-related issues. One is that it undermines the whole e-book industry. The other is a good reminder of what can happen with closed ecosystems. It's been slashdotted and is in many online news sources and blogs. http://news.cnet.com/8301-13860_3-10289983-56.html
The July 7th, 2009 edition of "Ask Amy" (an advice columnist) tells the tale of an interesting RISK of using net filtering and online systems to control your children. Briefly, a high-school student's father was using the school's "check up on your kids" Web site to an excessive degree. The fed-up student used the family's parental control software to find out how often the dad was visiting the site (answer: three times daily) and in the process learned some unsavory details about Dad's browsing habits. http://www.chicagotribune.com/features/columnists/advice/chi-0707-ask-amyjul07,0,2095115.column I suppose the RISK lies in assuming you're smarter than your kids...and forgetting that most tools can be used in multiple ways. Geoff Kuenning geoff@cs.hmc.edu http://www.cs.hmc.edu/~geoff/ In any large population, there are some people who aren't very bright. That's not their fault, it's just in their genes. As an engineer, I have a responsibility to design things that won't kill off the slower ones, just as I have a responsibility to design things that won't harm my neighbor's dog.
[I read this over breakfast on paper. Thanks to Lauren Weinstein for the URL.] Jonathan Zittrain, Lost in the Cloud, *The New York Times*, 20 Jul 2009 Earlier this month Google announced a new operating system called Chrome. It's meant to transform personal computers and handheld devices into single-purpose windows to the Web. This is part of a larger trend: Chrome moves us further away from running code and storing our information on our own PCs toward doing everything online - also known as in "the cloud" - using whatever device is at hand. Many people consider this development to be as sensible and inevitable as the move from answering machines to voicemail. With your stuff in the cloud, it's not a catastrophe to lose your laptop, any more than losing your glasses would permanently destroy your vision. In addition, as more and more of our information is gathered from and shared with others - through Facebook, MySpace or Twitter - having it all online can make a lot of sense. The cloud, however, comes with real dangers. [...] http://www.nytimes.com/2009/07/20/opinion/20zittrain.html
Cloud Computing certainly exposes one to the consequence of other people's actions, but law enforcement's lack of selectivity is nothing new. Consider the Secret Service raid on Steve Jackson Games years ago. http://www.sjgames.com/SS/
<http://www.sundayherald.com/news/heraldnews/display.var.2174801.0.scientists_crack_security_system_of_millions_of_cars.php> Ruhr University scientists say it is now relatively straightforward to clone the remote control devices that act as the electronic keys. They have overcome the KeeLoq security system, which is made by US-based Microchip Technology and is used by Honda, Toyota, Volvo, Volkswagen and other manufacturers to transmit access codes using radio frequency identification technology. The KeeLoq's security relies on poor key management, in which every key is derived from a master that's stored in the reading device. Moreover, it uses a proprietary algorithm that had already been shown to generate cryptographically-weak output.
Meanwhile, although experts say that some RFID technologies are quite secure, a University of Virginia security researcher's analysis of the NXP Mifare Classic (see Hack, November/December 2008), an RFID chip used in fare cards for the public-transit systems of Boston, London, and other cities, has shown that the security of smart cards can't be taken for granted. "I think we are in the growing-pains phase," says Johns Hopkins University computer science professor Avi Rubin, a security and privacy researcher. "This happens with a lot of technologies when they are first developed." ... [Source: Erica Naone, RFID's Security Problem: Are U.S. passport cards and new state driver's licenses with RFID truly secure? Technology Review, Jan/Feb 2009; PGN-ed] http://www.technologyreview.com/computing/21842/
(Todd Lewan) To protect against skimming and eavesdropping attacks, federal and state officials recommend that Americans keep their e-passports tightly shut and store their RFID-tagged passport cards and enhanced driver's licenses in "radio-opaque" sleeves. That's because experiments have shown that the e-passport begins transmitting some data when opened even a half inch, and chipped passport cards and EDLs can be read from varying distances depending on reader technology. [Source: Todd Lewan, The Associated Press, 12 Jul 2009; PGN-ed] http://www.washingtonpost.com/wp-dyn/content/article/2009/07/11/AR2009071101929.html
Now I've seen everything... Apparently, a leading South African bank has fitted 11 ATMs around the Cape Peninsula with pepper spray cans in an effort to prevent card skimming and ATM bombing. I guess the person who thought of this wasn't a reader of Risks Digest. According to the following Guardian article http://www.guardian.co.uk/world/2009/jul/12/south-africa-cash-machine-pepper-spray ...the mechanism backfired in one incident last week when pepper spray was inadvertently inhaled by three technicians who required treatment from paramedics. Patrick Wadula, spokesman for the Absa bank, which is piloting the scheme, told the Mail & Guardian Online: "During a routine maintenance check at an Absa ATM in Fish Hoek, the pepper spray device was accidentally activated. "At the time there were no customers using the ATM. However, the spray spread into the shopping centre where the ATMs are situated." What's next? PCs that pepper spray their users when they download a virus or malware? Hmmmm... perhaps not a bad idea :-) Thomas Dzubin, Calgary, Saskatoon, or Vancouver CANADA
This is IMHO a rather promising new development in security, mainly because it appears to promise more security without too much usability impact. And it may ruin Powerpoint presentations, another point in its favour :-). It neatly uses the fact that most modern laptops have a camera built in. Source: http://www.siliconvalley.com/ci_12743292 ======== Anderson calls it his "aha" moment — a flash of insight from which he drew a career-altering connection between decades-old research and his job as a computer security expert. Nearly two years ago, Anderson had a comfortable job as vice president at an established computer security company. But while reading "Consciousness Explained," a book by philosopher Daniel Dennett, Anderson learned about one scientist's research into variations in the way the human eye reads and processes text and images. "This obscure characteristic ... suddenly struck me as (a solution to) a security problem," said Anderson, 42, who has a doctorate in cryptology. "I said, 'Holy cow. No one has thought of using this to protect the contents of a screen.' It was just some obscure research." Anderson quit his job at SafeNet, raised $1.2 million in seed money from friends and family and plunged full time into developing his idea — a software program that allows only an authorized user to read text on the screen, while everyone else sees gibberish. [..] The private version of the product can already be bought from the company at http://oculislabs.com, at a price well below your average privacy screen. From their website it appears the "look, your mother is watching" Pro version is not yet released.
In 2003, researchers at a federal agency proposed a long-term study of 10,000 drivers to assess the safety risk posed by cellphone use behind the wheel. They sought the study based on evidence that such multitasking was a serious and growing threat on America's roadways. But such an ambitious study never happened. And the researchers' agency, the National Highway Traffic Safety Administration, decided not to make public hundreds of pages of research and warnings about the use of phones by drivers - in part, officials say, because of concerns about angering Congress. ... [Source: Matt Richtel, *The New York Times*, 21 Jul 2009; PGN-ed] http://www.nytimes.com/2009/07/21/technology/21distracted.html
Hello:
Would you like to report a bug in an Adobe product? Here is the URL:
https://www.adobe.com/cfusion/mmform/index.cfm?name=wishform
They do have rather stringent terms. You have to affirm lots of things
about interest in your bug report, oops, Idea. My favourite bit is "You
represent and affirm that you are 18 years of age or older." Oh, to be 17
again.
How many people take one look at that page and decide not to bother? Does
this affect the quality of Adobe software?