Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Motorcycle maker Ducati rolled out a new `smart key' that lets riders leave the key in their pocket. When they sit down on the bike, a sensor detects the key, allows the engine to be started, and unlocks the steering. At least that's how it's supposed to work. *The Wall Street Journal* reported: Ducati says that while testing the new bikes it found that—under very specific conditions—the electronic steering lock could fail to disengage: a rider could potentially start the bike and begin riding while the steering is still locked—a situation that could result in a tip-over or collision. Maybe they should call it a stupid key? Source: <http://blogs.wsj.com/drivers-seat/2011/04/30/smart-keys-not-so-smart-for-motorcycles/> Steven Klein * http://yourmacexpert.com/
http://www.itbusiness.ca/it/client/en/cdn/News.asp?id=63479 Sharon Gaudin: Internet as hard to give up as cigarettes, liquor, study says; Losing 'Net access even for a day described as 'nightmare', *ITBusiness*, 27 Jul 2011 How would you handle giving up your Internet connection—your Facebook friends, Twitter, online news and shopping—for just a single day? If you think being disconnected for even a day might drive you nuts, you're not alone. A survey of 1,000 people between the ages of 18 and 65 in the U.K. showed that many Britons are as emotionally connected to the Internet and all of their devices as smokers are to their cigarettes. However, not everyone reported being so tied to their digital lives. The survey showed that 23 per cent of respondents said they would feel "free" if they were disconnected from online activities.
"Researchers at U.C. Berkeley have discovered that some of the net's most popular sites are using a tracking service that can't be evaded - even when users block cookies, turn off storage in Flash, or use browsers' "incognito" functions. The service, called KISSmetrics, is used by sites to track the number of visitors, what the visitors do on the site, and where they come to the site from - and the company says it does a more comprehensive job than its competitors such as Google Analytics. But the researchers say the site is using sneaky techniques to prevent users from opting out of being tracked on popular sites, including the TV streaming site Hulu.com." http://j.mp/ndoBts (Wired)
[From Network Neutrality Squad. PGN] Rep. John Conyers of Michigan believes the bill is mislabeled. "This is not protecting children from Internet pornography. It's creating a database for everybody in this country for a lot of other purposes," he says. Rep. Lofgren of California, a leading Democrat in opposition to the bill said was a "stalking horse for a massive expansion of federal power." http://j.mp/plNgUu (Digital Trends) In the usual Congressional demonstration of hypocrisy, the bill is entitled "Protecting Children from Internet Pornographers Act of 2011" but actually allows the collected data to be used for any purpose, including government tracking down of whistleblowers, file sharers, peace activists, or anyone else for virtually any reason. [PGN adds: Lauren later noted on 2 Aug 2011 an item from CNET: How The New 'Protecting Children' Bill Puts You At Risk: Last Thursday the U.S. House of Representatives passed a bill that makes the online activity of every American available to police and attorneys upon request under the guise of protecting children from pornography. http://j.mp/o2eVhO (CNET)]
Robert X. Cringely: When Google bots go wrong—one user's story; Dylan Marcheschi felt the full brunt of a faulty Google algorithm; now he's urging the company to offer real customer support http://www.infoworld.com/t/cringely/when-google-bots-go-wrong-one-users-story-168212 Dylan Marcheschi found out the hard way what happens when you get on Google's bad side. Worse, he didn't do anything to deserve it, and he was victimized not by a human but by a bot. About two weeks ago, the artist from Brooklyn was having an e-mail conversation with a friend in Thailand when he received a message telling him his Google account had been disabled. Everything he'd built up over the past seven years had just gone poof. Worse, there was no one to talk to about it. There is no customer support line for Google—no e-mail support, no live chat. All you can do is post a message on a forum and hope that somebody—anybody—weighs in with an answer. But for Dylan, nobody did. So Marcheschi went public. [and all hell broke loose. PGN]
> [Can we learn anything from this relating to computer systems being > trustworthy and effective? PGN] As one of the writers commissioned by this Institute of Medicine (IOM) panel and a regular attendee of related workshops and Senate/House hearings over the last few years, I would say yes. But it's complicated at so many levels. The IOM released multiple publications on this topic. The earlier publication includes my commissioned report on "Trustworthy Medical Device Software" along with several other fascinating topics that relate to medical device safety and effectiveness (think epidemiology). Download the chapter via the no-paywall and watch the webcast respectively on: http://www.nap.edu/catalog.php?record_id=13020 http://www.tvworldwide.com/events/iom/100728/default.cfm Caveat lector: the intended audience is primarily that of physicians and healthcare professionals. There was only one computer scientist on the IOM panel. If you consider yourself a computer scientist, put on your HCP cap before reading. You can download the panel's 246-page final recommendations (cited in last week's NYT) from http://www.nap.edu/catalog.php?record_id=13150 Safety and effectiveness share many themes with trustworthiness, but it's not a bijection. Security is a part of trustworthiness. I believe that Nancy Leveson briefly compares and contrasts safety with security in her 1995 book, "Safeware: System Safety and Computers." Both safety and security are negative goals, for instance. Kevin Fu, Assoc. Professor, Computer Science Department http://spqr.cs.umass.edu/ University of Massachusetts Amherst Ph: 616-594-0385 Fax: 413-545-1249
Chris D. raises the issues of the NHS still using faxes to communicate. I can reassure him that my local GP has a special defence against spoof faxes: namely they lose them and deny they were ever received. Unfortunately, this security system can be bypassed by turning up with a printout of an e-mail from the hospital saying "we faxed it" and a phone number which they will then dial to get the prescription repeated, rather than dialing the hospital's exchange: http://www.1060.org/blogxter/entry?publicid=2AF115A1F11CA5CAC3791BBF7673E80B To get a fake prescription all you have to do bring a fake e-mail printout and have an accomplice at the end of the line who appears to not know who you are, be uninterested in the problem but eventually able to find your paperwork and read out what the prescription is. And yes, certificate based signed/encrypted e-mail with a requirement that all e-mails are in the domain nhs.gov.uk and mail servers dropping out of network e-mails from that domain would work better. In fact, they'd be better of fixing the e-mail infrastructure than trying to do a national patient record system, as at least moving the health service to e-mail may actually be possible -and if it isn't, there's no point trying anything more ambitious.
I've been aware of the potential for facial recognition code to be applied to public pictures for a while. Facebook and Google are working along the same path, although FB would at least link tagging to existing accounts (allowing you to undo the tagging), whereas Google's Picasa did not. Although images are not always taken to the exacting standards that a passport biometric requires, it seems to me quite possible that someone will develop a way to create a usable average from a collection of pictures. Some experimenting with software called Portrait Professional yielded an interesting discovery: it also subtly adjusts facial geometry, which gave me an idea. I wonder if it would not be possible to craft an application that creates a sufficiently subtle deviation in facial characteristics to throw off facial recognition code. We humans tend to have a far greater tolerance level for variation than most facial recognition code so it would not create *human* recognition issues. It would only throw a spanner into the works of unauthorised automated online identity data collection. Having said that, if you're going as far as digitally adjusting images of yourself you could consider a simpler approach: not posting them at all :-).
Seems like there are two risks here, and one not being Jet Blue's fault. As Paul pointed out, SMS is wide-spread, and that Jet Blue's notification system does not have an SMS option seems to be a bit of a poor design, what with just about every notification system of the ilk I've used has SMS capabilities. The real risk is trying to force a feature/system to work in a manner that it was not designed for (and the vast majority of "Average Joes/Janes" do not know or care about) and expect success.
I am bit surprised that no-one has mentioned that the frequency is the main factor in the control of an electricity grid. If the load increases, the frequency will drop and more electricity must be generated until the frequency is back to normal again. If the load decreases, the frequency will go up, and less electricity must be generated. It is thus the amount of electricity generated and consumed in real time that will result in small variations in frequency. And a very small variation indeed.
Ted Lee asks "how much is 'just over'" when a clock gains 14 seconds a day? 86400 seconds in a day. To see 86414 in a day, the reference frequency must be 86414/86400 too high. E.g., 60*86414/86400 = 60.009722 Hz. Not very far over at all. [Also noted by Anthony DeRobertis. PGN]
A year ago I went on sabbatical and rented out my house. I asked my tenants to take over my phone number so that I would be able to recover it when I returned, and I called Verizon and authorized that action. However, the tenants misunderstood and got an entirely new number, so from Verizon's point of view I had canceled my account and my number went back into the pool. When I returned a few weeks ago, I set up new phone service with a different company. Thinking that my tenants had only recently closed their Verizon account, I asked that my number be ported to the new company. You can guess what's coming: it worked. No sooner had my phone been connected than it rang; it was the old number's new owner, trying to reach his house. Once I figured out what had happened, I arranged to give the number back to the innocent stranger. But that took over a week. What saddens me is that if you call up Verizon and try to do something simple to your account, such as enable voicemail, they will take you through a painful ID verification process. So why did they let a third party grab a phone number without any attempt to ensure that the request was valid? Geoff Kuenning geoff@cs.hmc.edu http://www.cs.hmc.edu/~geoff/
Please report problems with the web pages to the maintainer