Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
This situation involving computers is severe due to Brazil's laws, with which most of the RISKS readers are undoubtedly not familiar. The "frayed tempers" due to not getting the "essential voting card" in Brazil are not simply because everyone likes to vote. Everyone MUST vote in Brazil. Proof of recent voting is one of the required legal documents for several situations, including simply getting a job. Those missing voting registration cards are the prerequisite to being able to vote and be a law-abiding citizen qualified to live a normal life. (My wife is from Brazil and had to carry those documents.) > Programmers overlooked that twins are born on the same day to the same > parents. Consequently, the voting rights of an estimated 70,000 twins > were cancelled. The Federal Electoral Tribunal in Brasilia is currently > wading through 140,000 appeals, including the case of a certain Jose > Francisco, who says all his 14 brothers were baptised with identical > names. All this is familiar to analysts and programmers. The voting documents were formerly handled by humans who modified the processing procedure as required by common sense and local situations ("Yeah, I know Jose Francisco. All 14 were here last year, I still have to see 6 of them this year.") The written procedures are undoubtedly what guided the programmers. If the implementation schedule was the same for the whole country, it is little wonder that many exceptions were found at the same time. Scot E. Wilcoxon Minn Ed Comp Corp {quest,dayton,meccts}!mecc!sewilco
From: weemba at brahms.berkeley.edu (Matthew P Wiener) Several people have started inserting cute words like "crypt" or "terror" or "CIA" in their signatures in an attempt to over- load NSA's automatic grep for cute words in overseas traffic. Consider- ing the minuteness of the added load, and the likelihood that NSA already filters out obvious traffic like the net... That would be inconsistent with the oft-repeated claims that NSA monitors ALL overseas telephone calls. I have been told (someone pls confirm or deny?) that voice recognition technology is good enough that given Crays on an NSA budget, such a feat is possible when you are looking for certain key words, and that recognition can be done on a very limited vocabulary independent of speaker. Comments?
> Considering ... the likelihood that NSA already > filters out obvious traffic like the net... [MPW] > >That would be inconsistent with the oft-repeated claims that NSA >monitors ALL overseas telephone calls. [HL] Of course they intercept the net, but if you were snooping around through all overseas telephone calls, you too would set some priorities. >[voice recognition rumor] Well if that's how they do it, I *hope* they know enough to filter the net! ucbvax!brahms!weemba Matthew P Wiener/UCB Math Dept/Berkeley CA 94720
Security on an Ethernet is a very tricky business. If you use the Berkeley rhosts scheme, it is easy to spoof someone else's ip address, although there is some code in Berkeley Unix that detects when someone is impersonating you, the message only comes out on the system console. And if the bad guy makes your machine crash while you are away, no one will be the wiser. If you ban rhosts and only allow ftp and telnet, you are vulnerable to people grabbing packets off the Ethernet and getting your password. Which is worse? Would you rather freeze to death or burn to death? I don't know if it matters. I think that if security matters, it would be best not to let machines you don't trust on your Ethernet. Sun proposed an interesting scheme at the last Usenix. Two machines that wanted to communicate would use an encrypted timestamp on each packet as authentication. This assumes, of course, that the two machines have synchronized their clocks and that they have a common key no one else knows. (their scheme included a key distribution method which I will not discuss here) There is also a performance penalty. They did some back of the envelope calculations showing it would be acceptable in many cases. Is it unreasonable to put machines you don't trust on another Ethernet, with a router between your group and them? Phil Ngai
From: Douglas Humphrey
Information replacing knowledge
Daniel G. Rabe <<DAN09697%NUACC.BITNET@WISCVM.WISC.EDU<> Sat, 8 Nov 86 14:20 CSTIn RISKS 4.4, Martin Minow makes the point that computerization makes it easier to substitute quantity for quality in our writing. I would go one step farther and say that the easy access to information made possible by computer systems has also degraded our ability (or at least our desire) to gain and retain knowledge. The following is excerpted from an essay entitled "Look it up! Check it out!" by Jacques Barzun in the Autumn 1986 *American Scholar.* ``... the age of ready reference is one in which knowledge inevitably declines into information. The master of so much packaged stuff needs to grasp context or meaning much less than his forebears: he can always look it up. His live memory is otherwise engaged anyway, full of the arbitrary names, initials, and code numbers essential to carrying on daily life. He can be vague about the rest: he can always check it out. ``... But what we are experiencing is not the knowledge explosion so often boasted of; it is a torrent of information, made possible by first reducing the known to compact form and then bulking it up again — adding water. That is why the product so often tastes like dried soup.'' As computer scientists, I think we find it all too easy to divide and compartmentalize information as we see fit. As I see it, one of the greatest risks of widespread computing is that we'll all stop learning. We've got spelling checkers, so why bother learning to spell? We've got calculators and home computers, so why bother learning any math? We've got electronic mail and conferencing, so why bother to learn or practice the art of public speaking? Are we reaching the point where being an expert simply means having a large computer database, as opposed to years of learning and knowledge? I don't think we're there yet, but I fear that our society's heavy emphasis on "information" and computing might be leading us there. Daniel G. Rabe Northwestern University
Word Processors / The Future of English
Stephen Page <munnari!uqcspe.oz!sdpage@seismo.CSS.GOV> Sunday, 9 Nov 1986 14:07-ESTThe interesting article by Anthony Burgess reproduced in RISKS-4.4 reminded me that when the first lap-top computers were introduced a few years ago, some professional writers noticed that their sentences were becoming shorter and their paragraphs chunkier, as they relied on a 40-column, 8-line display (e.g.) when composing texts. Has this really been cured by newer technology? Or is our familiar 80x25 model just as likely to have an adverse impact on writing style?
Copyrights; passwords; medical information
Matthew P Wiener <weemba@brahms.berkeley.edu> Sat, 8 Nov 86 01:16:22 PST> "How Fred lets the fraudsters in" (c) Newspaper Publishing PLC ^^^ Considering the frequency with which we see this half-circled c used as an ASCII replacement for the genuine circled c, it is obvious that a lot of people have let their primitive keyboards delude them into a non-copyright. ("Copyright", spelled out, takes longer than "(c)", but it has legal standing.) > Passwords are particularly vulnerable when they remain unchanged for a long > time. The chairman of one major company the auditors investigated had kept > the same password for five years. It was "chairman". This reminds me of the WWII story in Feynman's book about the hot-shot military big boss with his fancy-dancy super-safe: the combination was never changed from the factory original. "The more things change, the more they stay the same." >Now, I am being accused of taking confidential information out of the >hospital in the form of patient records and doctors names! All I had on the >computer were my notes. The paranoid medical staff is afraid that having >this information in my "COMPUTER" is dangerous, [...] >Pretty amazing paranoia, huh? Do people really still fear computers this way? In this situation, it strikes me as typical computer ignorance. But in general, the use of a computer as opposed to a legal pad leads to more security problems. Handwritten notes are both unmistakeable as such and are naturally limited in content. (I assume this is old hat to RISKers.) ucbvax!brahms!weemba Matthew P Wiener/UCB Math Dept/Berkeley CA 94720Please report problems with the web pages to the maintainer
xTop