The RISKS Digest
Volume 26 Issue 06

Saturday, 8th May 2010

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


The Stock Market Fiasco of 6 May 2010
"Dead-man control" works as planned in NYC subway
Danny Burstein
100 people not really killed on French train
Mark Brader
Surgical Robot Examined in Injuries
Steven J Klein
Cell Phone IDs owner by heart rhythm
Steven J Klein
Anatomical ridicule raises body-scanning concerns
Marnie Hunter via Paul Saffo
Facebook's Gone Rogue
Ryan Singel via Lauren Weinstein
Facebook Security Gaffe Reveals /Unauthorized/ Live Chat Contents
Lauren Weinstein
Fingerprinting Paper with Laser
Fred Cohen
Re: Clouds and Phones and Untrustworthiness
Patrick Kobly
Re: Don't forget to back up the car before reloading the software
Doug Hosking
Wikipedia risks to personal reputation: In the Matter of Herb Schildt
Edward G. Nilges
Info on RISKS (comp.risks)

The Stock Market Fiasco of 6 May 2010

"Peter G. Neumann" <>
Sat, 8 May 2010 13:34:10 PDT

According to current news sources, there is still no clear definitive
understanding of what really happened.  Some stock prices went to almost
zero, some went wildly higher, and some wild attempted profit-taking ensued.
My guess is that there is no one cause—it is a combination of the
fat-fingered Billion-vs-Million transaction, the incredibly short-fuse
automated programmed microtrading that is inherently unstable with
self-destructive feedback, the absence of effective audit trails. a lack of
regulation of derivatives, greed, uncertainty about the Greek situation, and
probably many other factors.

  “In one of the most dizzying half-hours in stock market history, the Dow
  plunged nearly 1,000 points before paring those losses in what possibly
  could have been a trader error.''  [CNBC]

  “According to multiple sources, a trader entered a `b' for billion
  instead of an `m' for million in a trade possibly involving Procter &
  Gamble, a component in the Dow. (CNBC's Jim Cramer noted suspicious price
  movement in P&G stock on air during the height of the market selloff.
  Watch.)''  [CNBC]

  “We have a market that responds in milliseconds, but the humans
  monitoring respond in minutes, and unfortunately billions of dollars of
  damage can occur in the meantime," said James Angel, a professor of
  finance at the McDonough School of Business at Georgetown University.'
  [*The New York Times*]

  “Nasdaq Operations said it will cancel all trades executed between 2:40
  p.m. to 3 p.m. showing a rise or fall of more than 60 percent from the
  last trade in that security at 2:40 p.m or immediately prior.  Nasdaq said
  the stocks affected and break points will be disseminated soon.''

Dow Falls 1000 Then Rebounds, Shaking Market, *The NYTimes* 7 May 2010

  [Thanks to Gunnar Peterson, Jeremy Epstein, and Gabriel Goldberg
  for contributing items and their own personal comments.  PGN]

"Dead-man control" works as planned in NYC subway.

danny burstein <>
Fri, 7 May 2010 14:27:47 -0400 (EDT)

  [Just a reminder that sometimes safety features can, indeed, do what
   they're supposed to.  DB]

Unfortunately, it was well named... the train operator did, indeed, die. But
the control worked as designed, the train stopped, and no one else was hurt.

100 people not really killed on French train

Mark Brader
Fri, 7 May 2010 21:37:22 -0400 (EDT)

"Modern Railways" magazine reports in its May 2010 issue that someone at
SNCF, the French national railway, made a little mistake in March.

During a training exercise for staff to practice responding to a major
disaster, the disaster scenario was inadvertently posted to the SNCF's
website and the public began reading about an "explosion of unknown origin"
on a TGV at Macon, with over 100 deaths.  Only when large numbers of people
started phoning for more information was it realized what had happened.

Surgical Robot Examined in Injuries

Steven J Klein <>
Wed, 5 May 2010 11:44:57 -0400

The *Wall Street Journal* reports on the high rate of complications at
Wentworth-Douglass Hospital when doctors used a new surgical robot:

  The da Vinci has been billed as a breakthrough in the quest to make
  surgery less invasive. With its four remote-controlled arms and
  sophisticated camera, it enables surgeons to operate through small
  incisions with greater precision and visibility.

  At Wentworth-Douglass, however, the robot has been used in several
  surgeries where injuries occurred. One patient... required four more
  procedures to repair the damage. In earlier robotic surgeries, two
  patients suffered lacerated bladders.

The article seems to place blame on insufficient training and practice:

  Surgeons who use the da Vinci regularly say the robot is technologically
  sound and an asset in the hands of well-trained doctors. But they caution
  that it requires considerable practice.

  As a small regional hospital, Wentworth-Douglass has used the da Vinci
  about 300 times in four years. That's a fraction of the usage rate of some
  big medical centers and, some surgeons say, too little for the doctors at
  the hospital to master it.


Steven Klein Computer Service  1-248-YOUR-MAC 1-248-968-7622

Cell Phone IDs owner by heart rhythm

Steven J Klein <>
Thu, 6 May 2010 12:11:31 -0400

Apple recently filed a patent application for a "Seamlessly Embedded Heart
Rate Monitor" to be used in a mobile phone.

*From the patent application:
  For example, the durations of particular portions of a user's heart
  rhythm, or the relative size of peaks of a user's electrocardiogram (EKG)
  can be processed and compared to a stored profile to authenticate a user
  of the device.

According to an article about the patent:
  The system could then allow only the owner of the phone to use it, and
  block out those who do not match the unique biometric data.

I wonder if a user having a heart attack would be able to call for an
ambulance?  Or might the abnormal heart rhythm prevent the phone from
recognizing them?


Steven Klein 1-248-YOUR-MAC or (248) 968-7622

Anatomical ridicule raises body-scanning concerns (Marnie Hunter)

Paul Saffo <>
Fri, 07 May 2010 16:23:35 -0700

[Source: Marnie Hunter, Anatomical ridicule raises body-scanning
concerns, CNN 7 May 2010]

Full-body scanning machines may reveal a little too much, if an incident of
workplace violence this week among Transportation Security Administration
screeners is any indication.  A TSA worker at Miami International Airport in
Florida was arrested for allegedly assaulting a co-worker who had repeatedly
teased him about the size of his genitals.  The insults stemmed from an
X-ray of the accused captured during a training exercise with the airport's
full-body scanning machines, the report said.

Rolando Negrin "stated he could not take the jokes anymore and lost his
mind," allegedly striking the victim with a police baton.  According to the
report, a witness heard Negrin say in Spanish, "get on your knees or I will
kill you and you better apoligise [sic]."  In response to the incident, TSA
said it has a zero-tolerance policy for workplace violence. "At the same
time, we are investigating to determine whether other officers may have
violated procedures in a training session with coworkers and committed
professional misconduct," the agency said in a statement.

The incident puts the spotlight back on technology some privacy advocates
liken to a virtual strip search.  "As far as I'm concerned, this really
demonstrates exactly how detailed the images are, exactly how invasive the
search is," said John Verdi, senior counsel with the Electronic Privacy
Information Center, a Washington-based research center specializing in civil
liberties and privacy issues. It receives much of its funding from private
foundations.  Verdi said the Miami incident "... also demonstrates that this
technology, and the way it's being implemented by TSA, is ripe for abuse."

The TSA screener scuffle is not the only recent case of workplace tension
involving the technology. A security worker at London's Heathrow Airport
allegedly made lewd comments about a female colleague who mistakenly entered
a scanner, according to the UK's Press Association. The accused worker was
given a police warning for harassment.

TSA officials stressed that the incident in Miami was internal and did not
involve any member of the traveling public. When the technology is used in
airports, one screener views the scan in a remote location and does not come
into contact with passengers being screened. The images are permanently
deleted and never stored, according to the TSA.  EPIC has filed a lawsuit
against the Department of Homeland Security under the Freedom of Information
Act seeking details about the government's use of advanced imaging

In April 2010, DHS revealed in a letter to EPIC that it has 2,000 full-body
scanning test images, "using TSA models, not members of the public," stored
at its test facility. The agency is withholding the images, citing
exemptions to the Freedom of Information Act for information pertaining only
to internal personnel rules and practices and records that might "benefit
those attempting to violate the law."  Verdi finds the idea that the images
might be used to evade security "highly problematic."  "Because if merely
publishing examples of the images that the TSA has generated during testing
would harm security, that really calls into question the effectiveness of
the machines," he said.

Examples the TSA says are consistent with what screening officers see in
airports are available on the agency's website.  Aviation security expert
Douglas Laird said it is "perfectly logical" for the TSA to withhold the
2,000 test images.  "If they were available to the public, then if you were
trying to defeat the machine you would study the images to find the weak
link, so to speak. I would think they would be crazy to release them," said
Laird, who is president of aviation security consulting firm Laird &

There are shortcomings for any technology, Laird said.  Still, Laird said he
believes body-scanning technology would have given officials at Amsterdam's
Schipol Airport a much better chance of catching a Nigerian man who boarded
a Detroit, Michigan-bound flight on Christmas Day with explosives concealed
in his groin area.  The alternative pat-down, which U.S. passengers may opt
for instead of body scanning, has to be very intrusive to be effective, and
studies show people are less tolerant of physical intrusion than of
intrusive technology, Laird said.

While advanced imaging technology doesn't involve direct physical contact,
the screener training incident in Miami highlights some travelers'
reservations about full-body scans.  "I really think it would give a lot of
folks pause if they thought that TSA employees were mocking naked body scans
of American air travelers," Verdi said.

Lauren Weinstein <>
Fri, 7 May 2010 22:02:30 -0700

Facebook has gone rogue, drunk on founder Mark Zuckerberg's dreams of world
domination.  It's time the rest of the Web ecosystem recognizes this and
works to replace it with something open and distributed.  [Source: Ryan
Singel, Facebook's Gone Rogue; It's Time for an Open Alternative, WiReD,com,
7 May 2010]

Lauren Weinstein, +1 818 225-2800
NNSquad: Network Neutrality Squad -
Lauren's Blog:

Facebook Security Gaffe Reveals /Unauthorized/ Live Chat Contents

Lauren Weinstein <>
Wed, 5 May 2010 11:17:02 -0700  (TechCrunch)

And the Facebook screw-ups just keep on comin'!

 - - -

"Hey Moe .. uh, Mark!  What should I do with this wacky privacy code?"

  "I don't know, numbskull, don't bother me with that privacy garbage,
  especially when I'm counting my money.  Just stuff anything in there, the
  suckers will never know the difference!"

"Nyuk! Nyuk! Nyuk!"

Lauren Weinstein +1 818 225-2800
People For Internet Responsibility -

Fingerprinting Paper with Laser (Re: Evron, RISKS-26.05)

Fred Cohen <>
Tue, 4 May 2010 17:26:11 -0700

Actually, this is not exactly an old technology. It is nano-scale imaging -
fingerprinting is only used to make it simpler to explain.  And I should
note that you need to do the "fingerprint" before EVENT SEQUENCE OF INTEREST
to be able to detect that it is the same thing after EVENT SEQUENCE OF
INTEREST. While it may be useful in some cases, it does not relate one part
of an item to another part of the same item (i.e., you can't take a shard
and compare it to the rest of the sheet to tell that one came from the
other) unless the whole has been previously analyzed. You might be able to
identify systematic patterns in some things, like chemical compounds run as
part of one batch compared to another batch (thus tagents may be
emulated). The technique is really useful predominantly for high valued
items. For example, you might want to fingerprint pieces of paper containing
trade secrets so that the original sheet can be traced back to the original
holder (but not copies made on a copier).

Fred Cohen & Associates tel/fax: 925-454-0171
572 Leona Drive Livermore, CA 94550

Clouds and Phones and Untrustworthiness (Re: Gunshannon, RISKS-26.05)

Patrick Kobly <>
Thu, 06 May 2010 10:08:48 -0600

>  Certificates.  What possible reason do I have to trust that one of the
>  commercial certificate providers will not sell my private key to an
>  outsider?  Or, one of their employees, for that matter.

Really?  This old chestnut again?

Ummm.  Maybe the fact that they never have your private key...  Surely there
are trust issues with CA's, but the issues don't generally arise from the
trust that their clients put in them.  Rather, the problem is the trust that
relying third parties (their clients' customers / visitors) put in them
(trust that their clients' visitors put in the CA transitively, by trusting
browser manufacturers who in turn trust CA's).

I talked about this a bit at and
maybe it's time to write some more on the subject...

Re: Don't forget to back up the car before reloading the software

"Doug Hosking" <>
Thu, 6 May 2010 05:05:08 -0700

In RISKS-26.05, Roy Smith mentioned the aggravation of his wife's Prius
losing personal data such as contact lists after an anti-lock brake fix was

While that aggravation is understandable, I'm more upset that there is not
more isolation between safety-critical functions and personal data.  As cars
get more and more user-supplied data, whether it's phone contact lists or
entertainment media, the chances for propagation of malware presumably
sharply increase. The claim that the anti-lock brake update erased the phone
contact list makes me highly suspicious that the isolation is less than it
should be.

It's not hard to imagine a lot of really bad results from that, both
accidental and malicious.  While there are techniques that could help reduce
both risks, I'd be a lot more comfortable if the first of those was physical
isolation between the safety-critical pieces and any user-controlled data.

Wikipedia risks to personal reputation: In the Matter of Herb Schildt

"Edward G. Nilges" <>
Sun, 2 May 2010 00:04:31 -0700 (PDT)

Literate people of a certain age will notice my reference to "the matter of
J. Robert Oppenheimer", in which a scientist was driven from his career by a
whispering campaign; but I'm afraid that Herbert Schildt, the unwilling
subject of a wikipedia biography, is no Oppenheimer.

Who is Herbert Schildt? He is merely a hard-working author of doorstopper
and boat anchor practical programming books which aren't great. Some of them
describe the C programming language from a Microsoft perspective.

Now, despite the fact that the C programming language was "standardized" in
1989 and again in 1999, this effort was nothing like the more serious and
grownup efforts at language standardization one saw in the past with Algol
and more recently with Java. Instead, the standard made a sow's ear out of
another sow's ear; a language with notable drawbacks including free aliasing
was subject to further abuse by making its semantics, in many cases,
undefined, in order (as far as I can see) to make as many vendors of
existing C compilers happy...because they would not have to change their
compilers in order to label them standard.

Mr. Schildt fell foul of this confused process because he wrote primarily
for a Microsoft audience, starting at a time when Microsoft C compilers were
quite different from other vendors. For example, John "A Beautiful Mind"
Nash was brought to my office in 1991 at Princeton for he'd validly coded a
limit test in an extra precision package for C as a compile-time constant
expression which was not evaluated correctly by the Microsoft compiler; I
gave him the Borland compiler and his (beautiful) program worked.

In Schildt's case, and in his early work, he used the idiom void main() for
a main procedure in a C executable because then and now this does no harm on
specific platforms. However, in a unix-linux command line environment it MAY
cause unexpected behavior when the command shell procedure branches based on
what it thinks is a return code from the executable, for void main() doesn't
change the stack; int main() does.

Of course, one could well argue that diligent shell programmers would know
that it's their job to find out if in fact an executable returns anything
useful, but instead, this putative error became the basis for a highly
personalized attack on Schildt that's been going on for almost twenty years.

The most egregious harm has been the snarky publication of a Wikipedia
"biography" of Schildt. Although its originator claims in the Discussion
session to have no intention to harm Schildt, the biography was clearly
meant as a container, a framework, for Schildt's enemies to wax prolix about
how "bad" his books are.

One thing I find disturbing about their language is that to intelligent
people, there are few or no bad books that are known to be bad, just as for
your real dog lover, there are "no bad dogs". This is easy to prove, for
books if not for dogs.

If an intelligent person picks up a book, on programming or anything else,
let's say at Border's, and peruses it, she may well find things that don't
make sense or that he thinks are false. What does she do?  She chucks it
aside, or, if considerate, she refiles it so the Border's staff doesn't have

But note that at this point she has no "justified true belief" THAT the book
is "bad". To really know this, one has to do something that only paid book
reviewers, students assigned a book, or OCD (obsessive compulsive disorder)
people do: read the book from cover to cover.

In fine, "you can't tell a book from looking at the cover".

Therefore, intelligent people are wildly enthusiastic about good books that
they have read. The sort of people who like to focus on pernicious bad
books? Hmm, *imams* issuing *fatwas* to their *taliban* in their
*madrassahs* about The Satanic Verses. The old Roman Catholic Church's
hierarchy who as recently as 1948 published their *index librorum
prohibitorum". And, to Godwin-converge to unity and get it over with, Nazis.

"I hate Illinois Nazis" - John Belushi as Jake Blues in the Blues Brothers.

Now, I have been long aware that technology is for many white males (and I
do not introspectively exempt myself) a sort of laager in which we white
males can escape the messiness of relationships, literature, and, in general
what TS Eliot called the pain of living and the drug of dreams. It's fun to
be right for a change instead of subaltern and corrected.

But, the fact is that even computer books and the sample code found in them
cannot be right all the time.

In my very first computer class, I was assigned Sherman's Programming and
Coding for Digital Computers. It described how to program the IBM 7094. But
my university did not have a 7094, a one-address instruction, general
register machine with a 36 bit word. It had the truly strange but very
popular IBM 1401, a smaller machine by far, with a two-address instruction,
no general registers, and a variable length variable, in fact,
that I floored the prof with the exact value of 100 factorial calculated by
a simple multiply.

Since we were on strike because Nixon had invaded Cambodia (in violation of
the will of Congress and the people), I did not attend enough classes to get
this difference explained. Instead, I LEARNED that computers can be
different-and-the-same, because Sherman had a chapter on how to write an
interpreter for a different machine. I learned "Turing Equivalence".

Somehow, the Schildt-bashers missed Hegel's class where one learns that the
truth is partial, and the question is how the active reader (the only reader
who learns from a book) makes progress, even by realizing that if he calls a
C program with a void main procedure, he'd better not examine the return
code, or, he should change void main() to int main().

Another way in which the anti-Schildt campaign repels me instinctively is
its adolescent personalization.

Hero computer scientist Dijkstra was in fact very acerbic. He wounded a lot
of people, which may be why he fled the corporation for academia [Peter? Do
you agree?]. But you search his writings in vain for the proper names of his
"enemies" if indeed he considered John McCarthy or Ken Iverson his enemies.

Dijkstra did say "APL is a mistake, carried through to perfection. It is the
language of the future for the programming techniques of the past: it
creates a new generation of coding bums". He said many things: concerning
*programming languages* and *ideas*, but one searches the EWD archive in
vain for him to call John McCarthy a turkey or say that Ken Iverson's Mom
wears Army boots.

This despite the fact that many nasty things were said about Dijkstra, such
as "ivory tower theorist"; for in fact, "speaking truth to [group/
collective] shibboleth" is a good way to become real unpopular, at warp
speed today on the Internet; this explains the childish regression to
adolescent bullying: if you're filled with anger and afraid for your job,
it's much safer to attack an individual, whereas if you talk about ideas,
you may offend some corporation who's invested in its negation.

But all this would be by the way, ho hum, same stuff, different day.
Where's the RISK?

The Risk is that Herbert Schildt clearly *does not want* a biography in
wikipedia. He *does not want* his name to be morphed into "Bullschildt", an
adolescent stunt calculated to wound even a grownup because it's an attack
on one's family.

The Risk is that many scholars of the American constitution agree that the
"reserved rights" clause of the Ninth Amendment includes a right to personal
privacy as does ordinary libel law. These rights are trumped only in the
case of well-known public figures. No respect has been shown Schildt's Ninth
Amendment rights.

That he "asserts" these rights is shown that not once has he spoken out in
his own defense. It is clear to me that this silence means that he considers
himself, not a public figure, not some sort of tinpot Zola like me, but more
a Dreyfus who would very much like to be left alone as a private
professional who happens to write computer books...which, like it or not,
are indemnified against lawsuits based on "errors" because they might
contain errors in code snippets.

As in the more celebrated case of Kathy Sierra, a private person is exposed
to unwarranted shame (and in her case death threats) while working
essentially as an employee of the publisher, who in the case of computer
books maintains employer-level control over content, schedule and quality.

Yes, Wyoming attorney Gerry Spence lost a case in which a (former) Miss
Wyoming sued Hustler for a foul sexual innuendo that caused Miss Wyoming to
lose a job she needed, to become unemployable and to have to join the
Army. But Spence's reasoning is sound: that more celebrated case (Hustler v
Falwell) did create a somewhat unprotected class of truly well-known figures
who could be the target of hyperbolic satire, the SCOTUS did not mean to
remove protection from beauty queens, computer authors without distinction,
scholarship winners, or kids on Youtube playing Chopin etudes.

The criticisms of Schildt were jejune. They are for the most part based on a
document created by someone who has never taken a single computer science
class (Schildt has the BS and MSCS in computer science from the Univ of
Ilinois). The document ("C: the Complete Nonsense") claims that there are
"hundreds" of errors in the targeted Schildt book ("C: the Complete
Reference") but lists, as "currently known", only 20. It has been recently
updated to a document of equal foolishness; in neither case did the author
of these documents read the book; instead, he flipped through it to find
errors, therefore my reasoning above, that he does not KNOW that the book is
"bad", applies.

However, and this is where Wikipedia comes in, this document (and documents
citing it directly or indirectly) were the basis for the Wikipedia article.

No-one seems to note a major RISK in Wikipedia. Ask yourself, where on a
wikipedia article does a sort of Dewey Decimal number appear? The books in a
library, and the articles in some encyclopedias, are arranged by means of a
number which shows the position of the knowledge or content in them in some
sort of coherent scheme of "what's fit to know". Sure, in Dewey Decimal,
numbers starting in zero are for the strange, the mysterious, the bizarre,
including computer science. But everything has its place and a criterion
applies which has to be above discussion.

Nobody has to figure out where in an over-arching scheme of knowledge his
new article fits. But "minor postmodern Grub street author makin' a livin'
writin' computer books for people who don't read but gots jobs" is de

Educators complain that individual Wikipedia articles are inaccurate.  But
the real problem is more global: the whole scheme is a complete
mess. Basically, a random search shows Wikipedia to be a sort of Boomer
Bible or toxic waste dump of the worst sort of popular culture, informed in
fact by American white male and upper-class Asian bias throughout: articles
about cigarettes that were fun to smoke, "virgin killers", "duh-bates" about
issues that should never have arisen including the veracity of the holocaust
and evolution, and hey, maybe the American south should secede again.

In this mess, it's easy to insert an "article" about someone you don't like,
and only if you're a person of some Distinction, like John Seigenthaler (who
got an article associating him with the assassination of JFK taken down),
can you do anything about it. The case of Seigenthaler created the Wikipedia
"biographies of living persons" policy, but the Schildt article violates
this policy; the policy states that "biographies of living persons" must
have solid, "neutral point of view" references, but the Schildt references
are biased tirades based on "C: the Complete Nonsense", a document whose
very title reveals bias. Recently, to be "fair and balanced", some editors
have added McGraw Hill promotional puffery which claim, more or less, that
Schildt is the Greatest Programmer in the World. This is worse, because, of
course, he isn't.

This affair is what Jaron Lanier (in "You Are Not a Gadget", Allen Lane,
2010) calls "digital Maoism". The "gods in the clouds" as he calls them, the
merely lucky sharpies like Jimbo Wales, are entirely too busy, these days,
enjoying their millions to do any "work", and controlling the rest of us
helots is "work" akin it's been said, to herding cats. Therefore they have
instinctively turned to Mao Zedong Thought: let thugs, bullies and lunatics
form mobs in order to out, to persecute, to hound and bully ordinary people
just trying to get by.

The article on Herbert Schildt is a Risk. Wikipedia's lack of organization
is a RISK.

Please report problems with the web pages to the maintainer