Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
There have been several recent cases where Toyotas have suddenly accelerated out of control. The most notable had a passenger who called 911 and reported her spouse, a Calf. Highway Patrol officer who taught driving safety, was unable to stop their car. They crashed with all on board killed. Toyota has recalled several million cars to replace a floor mat that may jam the accelerator. But the crash raises the question: why couldn't an experienced officer stop a runaway car? a) It was a loaner from the dealer. b) It was equipped with a keyless RFID ignition lock. To force such off, you must *hold* the Start button down for 3+ seconds; touching it is ineffective. c) The transmission was some mix of manual and automatic, with a series of gates to keep you from mis-shifting. Apparently there is no clutch petal. d) There were passerby reports the car brakes were on fire as it went by. I see two big risks here. The first is changing longstanding, well-understood, user interfaces without considering the uninitiated driver. While Windows may have taught some of us that of course we use the Start button to stop; it's not clear such learning transfers to driving. And when you hide a vital safety function behind a time delay.... The second is more alarming. I thought that there was a {?unwritten} requirement that no US road-legal car could even overpower its own brakes; i.e., given full throttle and full brakes; the car stops, period. (This may not be the case for a dedicated race car...) Is this no longer true? Are there production cars where the brakes can't stop a runaway? (That does not say you couldn't fade the brakes into worthlessness, but we can assume the driver knew that.) There are obvious add-ons that could reduce the possibility of a recurrence [Tie brake activation to a throttle cutoff, add a real STOP button to the dash, etc.] but those add complexity or direct costs...and may provoke new problems. While Toyota's head is now on the chopping block; they won't be the last.
David Lesher noted a recent Cedars-Sinai Therac-25-like failure. *WiReD* is reporting another one at an unnamed Cleveland hospital, where medical staff noticed that the patient was out of position and hit the emergency stop button, but the machine didn't correctly put the shielding in place or move the patient out of the machine. The problem was a "known bug" which had been deferred to a future release. Just to be clear, unlike the Therac incident, there was no significant excess radiation involved, and it does not appear that anyone was harmed. No word on whether the bug was in the application software designed for the instrument, or something inherent in the system (e.g., a buggy operating system). Still, the RISKS of software-controlled medical instruments are pretty clear, and are likely to increase as high tech equipment becomes more prevalent. http://www.wired.com/threatlevel/2009/10/gamma/
http://www.sfgate.com/cgi-bin/article.cgi?f=/n/a/2009/10/16/national/a072720D99.DTL&tsp=1 An Alabama man ordered a license plate with seven occurrences of the letter X, to pay homage to Racer X, a favorite character of his. He is now getting as many as 10 tickets a day because the city's traffic enforcement division uses this as a placeholder in their database for cars with no license plates. Yet another instance of an information system failing to account for the unexpected, people working around that limitation, and an edge case arriving some time later to cause trouble. [Apparently $19,000 thus far. Craig Reise suggested that ``Maybe a `missing license plate' checkbox or drop-down would been a good idea in this application... Bob Frankston said, ``Reminds me of people with the name Ng vs. payroll systems.'' RISKS has had a few similar stories in the past. PGN]
It's not just GPSes that get confused by multiple locations having the same name; even weather forecasts can be surprisingly deceptive for the same reason. I recently upgraded my MacBook from OS X 10.5 (Leopard) to 10.6 (Snow Leopard). The weather widget included in the OS changed its information provider with the update; in 10.5 it used AccuWeather, while in 10.6 it gets its information from The Weather Channel. To make the transition as seamless as possible, Apple designed it so that the widget in 10.6 would import its information from the 10.5 version. Or more accurately, it imports the name of the city-- and *nothing else*, even though it's very much possible to enter one's location as a postal code in the widget. You've probably already guessed at the sort of problems this could cause -- and sure enough, it did. In 10.5, I entered my location into the weather widget as the ZIP code 30605, representing the city of Athens, Georgia in the US. This seemed the most unambiguous way of doing it, given the sheer number of towns out there called Athens. Upon upgrading to 10.6, nothing seemed incredibly out of the ordinary at first glance during the summer and the beginning of fall — any glitches could easily have been excused by the cached weather information being a couple hours stale. As fall weather began to arrive, however, I noticed more and more discrepancies between what the weather widget claimed and the actual weather I encountered outside. And yet, the widget was still showing "Athens" as the location, as if nothing had changed. I decided today to take a look at the properties for the widget... and sure enough, despite the fact that I originally entered the location as a postal code, the stored location had been changed to Athens, *Greece*. Oops. Judging from the order in which The Weather Channel lists its disambiguations for these city names, I imagine the same thing would occur for anyone living in Rome, Georgia; Birmingham, England; Portland, Maine; Paris, Texas; London, Ontario... and, depending on weather patterns, could easily have gone unnoticed for as long as it did for me. Cody "codeman38" Boisclair cody@zone38.net http://www.zone38.net/
(Re: Lesher, RISKS-25.81) 206 people received 8 times the expected dose of X-rays as a result of a misunderstanding setting a CT machine...and then not finding it for 18 months. It was finally found when one of the patient complained about his hair falling out after a test. "You have to be pretty confident to think you know more than the guys who designed the equipment." [Source: latimes.com, 13 Oct 2009] http://www.latimes.com/news/local/la-me-cedars13-2009oct13,0,1200257.story
Internet Pioneers Speak Out on Net Neutrality http://www.vortex.com/FCC-Net-Neutrality-Letter.pdf http://lauren.vortex.com/archive/000625.html 15 October 2009 Honorable Julius Genachowski Chairman, Federal Communications Commission Washington, DC Dear Mr. Chairman: We appreciate the opportunity to send you this letter. As individuals who have worked on the Internet and its predecessors continuously beginning in the late 1960s, we are very concerned that access to the Internet be both open and robust. We are very pleased by your recent proposal to initiate a proceeding for the consideration of safeguards to that end. In particular, we believe that your network neutrality proposal's key principles of "nondiscrimination" and "transparency" are necessary components of a pro-innovation public policy agenda for this nation. This initiative is both timely and necessary, and we look forward to a data-driven, on-the-record proceeding to consider all of the various options. We understand that your proposal, while not even yet part of a public proceeding, already is meeting with strong and vocal resistance from some of the organizations that the American public depends upon for broadband access to the Internet. As you know, the debate on this topic has been lengthy, and many parties opposing the concept have systematically mischaracterized the views of those who endorse and support your position. We believe that the existing Internet access landscape in the U.S. provides inadequate choices to discipline the market through facilities-based competition alone. Your network neutrality proposals will help protect U.S. Internet users' choices for and freedom to access all available Internet services, worldwide, while still providing for responsible network operation and management practices, including appropriate privacy-preserving protections against denial of service and other attacks. One persistent myth is that "network neutrality" somehow requires that all packets be treated identically, that no prioritization or quality of service is permitted under such a framework, and that network neutrality would forbid charging users higher fees for faster speed circuits. To the contrary, we believe such features are permitted within a "network neutral" framework, so long they are not applied in an anti-competitive fashion. We believe that the vast numbers of innovative Internet applications over the last decade are a direct consequence of an open and freely accessible Internet. Many now-successful companies have deployed their services on the Internet without the need to negotiate special arrangements with Internet Service Providers, and it's crucial that future innovators have the same opportunity. We are advocates for "permissionless innovation" that does not impede entrepreneurial enterprise. We commend your initiative to protect and maintain the Internet's unique openness, and support the FCC process for considering the adoption of your proposed nondiscrimination and transparency principles. Respectfully, Vinton G. Cerf, Internet Pioneer Stephen D. Crocker, Internet Pioneer David P. Reed, Internet Pioneer Lauren Weinstein, Internet Pioneer Daniel Lynch, Internet Pioneer
People who use computers and the Internet as major professional tools are all getting closer to dying. The organiser (organiser? provoker) of our traditional music group died suddenly last year and his professional and personal correspondence was inaccessible. Nobody could find out who Mario knew or whom he was encouraging to come to our sessions. And not just us -- he organised a lot for concertina players throughout Germany. (I wrote a couple of poems in tribute, one in English and one in German, accessible through irishsessionbielefeld.de ) Today I heard belatedly about the death of one of my most extensive correspondents of the last 17 years. His son found the e- mail address of a mailing-list correspondent of ours in his papers. Not on his machine, mind — in his A4 bleached- wood-fibre Nachlass. Which leads to the moral: * Please leave access details to computerised personal and professional information in a secure place to which your executors will have access when you fall over. The question is precisely how you organise your computerised life so that your executors can find out, for example, whom you know, and how to pass on info to others if you organised groups, while keeping those things inaccessible which you don't wish to bequeath to posterity. I don't think there are obvious general answers. But telling your executor about the most obvious stuff is not hard. Peter Bernard Ladkin, Causalis Limited and University of Bielefeld www.causalis.com www.rvs.uni-bielefeld.de
This seems to me to be an inherent risk of any automated backup aging process: adding a bunch of new data to be backed up will cause a bunch of old backups to be deleted. If you want the computer to decide without consulting you how many of your backups to keep, then you relinquish the power to decide how many of your backups to keep.
Re: Cloud Danger, literally... M$ loses T-mobile data One aspect of Sidekick's design that was not directly Microsoft's fault is both a caution, and maybe a lesson, for the design and legal communities. Unlike most of the competition; the Sidekick user allegedly had no way to do her/his own backups, and still doesn't. Palms, iPhones, etc not just allow such but make it simple to do so to a local computer. But from what I've read, Sidekick users had no such option bundled with their purchase. (There was reportedly some extra cost add-on that could back up *Danger's* copy of same to a user machine, but no direct way. And with the Danger database corrupted...it's too late now.) Now we know that many many [but not all] of the customers would never bother to perform a local backup. [I'm hard pressed to imagine Sidekick's most famous user, Paris Hilton, on the phone to Tech Support asking for backup help....] But if it's true that their users had no real option to do so, that surely dilutes one legal excuse for Microsoft, that backups were really the users' responsibility. Another dimension of the saga... where do such cloud based devices fall in the world of Carnivore err DCS-1000? I suspect the legal stance DoJ takes is the user voluntarily shared the data (be it calendar data, pictures, or voice recordings) with Microsoft/Danger; ergo she had no expectations of privacy. Hmm, I wonder if users can FOIA their lost data back from the FBI?
John Murrell <jmurrell@bayareanewsgroup.com> Sidekick depression eases; Microsoft says recovery under way The prospects for recovering the personal data lost by T-Mobile Sidekick customers in a server snafu at Microsoft's Danger unit have gone from bleak to hazy to substantially brighter. In a post early today, Roz Ho, Microsoft's VP for (ideally) Premium Mobile Experiences, said "We are pleased to report that we have recovered most, if not all, customer data for those Sidekick customers whose data was affected by the recent outage. We plan to begin restoring users' personal data as soon as possible, starting with personal contacts, after we have validated the data and our restoration plan. We will then continue to work around the clock to restore data to all affected users, including calendar, notes, tasks, photographs and high scores, as quickly as possible. We now believe that data loss affected a minority of Sidekick users." She went on: "We have determined that the outage was caused by a system failure that created data loss in the core database and the back-up. We rebuilt the system component by component, recovering data along the way. This careful process has taken a significant amount of time, but was necessary to preserve the integrity of the data. ... We have made changes to improve the overall stability of the Sidekick service and initiated a more resilient backup process to ensure that the integrity of our database backups is maintained." http://click1.newsletters.siliconvalley.com/wsqfqmtdr_ohmctgnpjnp_myfvsqln.html That said, Microsoft continued to run away from Danger lest its other cloud computing efforts be injured. Microsoft spokeswoman Tonya Klause said Wednesday, "The Danger Service platform, which experienced the outage, is a standalone service operating on non-Microsoft technologies, and is not related to Microsoft's cloud services platform or Windows Live. Other and future Microsoft mobile products and services are entirely based on Microsoft technologies and Microsoft's cloud service platform and software." The good news on the recovery front arrived too late to stop the first wave of the inevitable lawsuits including a pair in Northern California that seek class action status and assert negligence and false claims by Microsoft and T-Mobile. [Source: MediaNews Group, 1560 Broadway, Ste. 2100, Denver, CO 80202]
In RISKS-25.80 Donald Norman lectures us on simplicity versus complexity issues and admonishes "please don't write about topics on which you are not an expert". In software, that would lead to almost total silence on software's biggest challenge, expressing it simply. At present there is no software language technology available which provides for simplicity of expression as advanced as what was designed at IBM in the early 1970s and implemented at Digital Equipment Corporation in the early 1980s. I have seen no evidence of organizations or leadership in software that aspire to expertise that advanced. If there is I would like to hear about it. The capabilities of the most advanced facilities for executing simply-expressed software have moved backwards over the past 20 years. The expertise has been fading too. Twenty five years ago, expressions such as: * count every person whose spouse is veteran; * sum revenue of every year after 1981; * every element of where some isotope of it is stable; could be executed as part of general purpose programming and database language, but not today. There are three sources of inexcusable complexity plaguing software today where software leaders have mostly obstructed progress. They can be eliminated by: — combining structural with functional expressiveness, - using data objects that are designed to be easily arranged, — increasing language generality. They are described in "Inexcusable Complexity" at http://users.rcn.com/eslowry . One result of neglecting simplification is that students everywhere are routinely taught how to arrange pieces of information by teachers who have little idea what is a reasonable structure for well-designed pieces of information. Decades of obstructing simplification has undermined public safety and some currently high priorities of the US government: * technical education, * innovation, * cyber security, * reducing health care costs, * reducing government spending. The risks of neglecting progress in a fundamental part of information technology for 35 years: a widening swath of death destruction, ignorance, agony, waste, criminality, and dangers to national security.
>> The more complex the machinery, the simpler the interface will be." > This last sentence, without more context, explanation, or scope of > applicability, is worse than a simple conundrum; it is a disservice to > public understanding of the perils of complexity that the RISKS forum, as > I've known it, serves to explore. Indeed. But even if we take the sentiment as a whole, rather than focusing on the last sentence, I think I'd go further than you and say that this way of looking at things is not only a disservice to the public, but a danger to the public, and even each of us in our private lives. It's not only wrong on occasion; it's wrong frequently enough that I believe we should never think about things this way: we should be appropriately suspicious when we do ever think about it this way. How wrong this idea can go was made most viscerally clear to me when, after some years of film photography on '60s- and '70s-era cameras, I bought a digital SLR. I spent quite some time (almost two hours, actually) writing up a detailed example of the differences, but it became too large for a RISKS post. When you start analyzing in detail the use of the three simple settings (focus, aperture and shutter speed) that are the primary controls on both digital and analogue cameras, you run into huge, unforeseen (and often not seen terribly clearly afterward) differences well before you even reach those modes on the dial beyond 'M', 'A', 'S' and 'P' that instead have funny pictures (and even more mysterious effects on those three settings --though those setting are all that they affect). Through thinking about this a bit more, I now have great sympathy for any Airbus pilot who pushed a little hard on the rudders. How was he to know? I'd do the same. I think it comes down to Fred Brooks' essential vs. inessential complexity; the essential doesn't go away: it just gets disguised, and in the disguising of it, we lose the instincts we've developed and have to relearn them, perhaps without realising, in the moment, that we need to do so. > It may have been wrong of me to call it exactly as I saw it, an > unintended parody, suggesting that complexity of machinery and the > complexity of its interface are inversely related. No, they are proportionally related. As I now know too well, and yet not well enough. Curt Sampson <cjs@starling-software.com> +81 90 7737 2974
This article missed the major issue, which was that a virus outbreak crippled the Windows desktops of a large government utility. I have talked to some insiders, and thought the facts might be of interest to Risks readers. The organisation is a large electrical distribution utility in Australia. It has around 2700 Windows desktops in a head office, and some dozen regional offices, all connected via a WAN. I haven't heard how the virus (W32.virut.cf) got into the internal network initially (if anybody knows), but I heard that the anti-virus software was out of date, and while it could recognise infected exe's it couldn't kill the virus process or stop it spreading via Windows file shares. The virus infected exe files, then the anti-virus software detected this and quarantined the files — with the result that soon there were no exe's left to run, and the desktop boxes were junk. Initially the scale and seriousness of the situation wasn't realised, and after several days a high percentage of the organisation's desktops were close to useless. The effect on day to day operations was crippling. As the original article mentioned, the SCADA system is on Solaris and so was not at risk. However, the trouble ticket system runs on Windows servers, and while not affected was at risk. Eventually the decision was made that all desktops had to be re-imaged to get rid of the virus, and it took more than 2 weeks from the initial detection of the virus to get most of the desktops back in operation. The most obvious risk is that of letting anti-virus software get out of date. However, that shouldn't blind us to the bigger risk of having the day to day operation of a large organisation dependent on a large collection of Windows computers — which will always be vulnerable to a zero-day exploit of some kind. I know there's no easy fix for this risk, but that doesn't make the risk go away. Finally, I'm not an anti-Windows zealot, but I just can't resist ! How will the Windows marketing droids spin the lower TCO of Windows, and discount the cost of thousands of employees twiddling their thumbs for a few weeks ?
(John Markoff on W. Brian Arthur) John Markoff has a very interesting column in The New York Times' Science Times, 20 Oct 2009, on what appears to be a very interesting new book: W. Brian Arthur The Nature of Technology: What It Is and How it Evolves Free Press, 246 pages, 2009 Markoff notes that this book "reframes the relationship between science and technology as part of an effort to come up with a comprehensive theory of innovation. The relationship is more symbiotic than is generally conceded." Arthur was trained as an engineer, mathematician, and economist, and those disciplines are all brought to bear. Markoff concludes with this paragraph: "Dr. Arthur's view is that technology is something that defines us as human and that, in the end, we will be able to control a set of technologies that rather than conquering us will extend our humanity." This has of course been an ongoing topic here in one guise or another, and can benefit from Arthur's analysis — particularly as it might (or might not) relate to the computer field. (That might be a subject for John Markoff's blog!)
Organizers of the 20th annual ACM Computers, Freedom, and Privacy conference, which takes place June 15-18, 2010, in San Jose, have announced a call for proposals to help shape the program for next year's gathering. The theme of the conference is Computers, Freedom, and Privacy in the Networked Society and seeks to address how constant connection in social, communication, information, and physical environments impacts freedom and privacy, and how computers can be used to improve freedom and privacy. Organizers are seeking suggestions for speakers, topics, workshops, tutorials, and panel sessions. The proposals should take advantage of the location of the conference, include a diverse set of panelists and new voices, offer a number of perspectives on challenging issues, and explore cutting-edge technology, legal, and policy issues. Possible topics include social networks, cloud computing, surveillance networks, anonymity in a networked world, ethics and computing, accessibility, open source, and media concentration, advertising, and political campaigning on the Internet. The final program will be assembled partly from the proposals. The early bird deadline for proposals is Dec. 1, 2009, and the final deadline is Jan. 31, 2010. http://usacm.acm.org/usacm/weblog/index.php?p=3D749#more-749
Please report problems with the web pages to the maintainer