Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
In the last issue PGN asked if someone had shown previous issues of RISKS to
a couple of senators drafting legislation. This treads on the boundary of
inappropriate and risky in itself use of this medium. It is generally
understood, I thought, that this kind of forum is private to its readers,
although the larger the subscriber list the harder it is to maintain that
fiction. Although I don't contribute much here, had I known there was a
likelihood that what I wrote might end up in the Congressional Record I'm
not sure I would have contributed it — how do others think, or can our
moderator state what he thinks the policy is?
Ted
[Interesting question. We agreed way back in Volume 1 or 2 that
material in RISKS was open for noncommercial redistribution, as long
as that did not violate any explicitly stated caveats or copyright
limitations. It is important to keep RISKS informal and unencumbered
by red tape. Besides, IDEAS HAVE NO BOUNDARIES (except in closed minds).
One of the main purposes of RISKS is to disseminate ideas and awareness.
My question to Herb (who is on leave from MIT, deeply embroiled in the
legislative process) was sort of a bemused wonderment as to whether the
proposed legislation had in any way been influenced by the existence of
the RISKS Forum, since some of the goals are quite similar... PGN]
Peter, I am sorely troubled by the prospect of our Congress providing
'oversight' or whatever it is they do down there to our industry. Even
in areas where they have a clear mission and even one might expect
some expertise, the attention span of the Congress is measured in
Microseconds between headlines. You will recall that last year, the
Congress created and then jumped on the bandwagon of war on drugs. To
my local knowledge, there has been no *action* in that war since. [I
do recall the House passing a bill calling for some $400 Million to be
spent on that war, but was saved from any notion of accountability by
the Gramm-Rudman act or some such.] I really do worry about the
grandstanding that such a commission would engender, and the
sycophantic interaction between the congresspeople and an uniformed,
shoot-from-the-hip press. Really a bad idea.
Cheers, Jim
[I noted in my comments that there are many pitfalls in the proposed
legislation. But, an implication of what you say is very depressing:
the difficulties of government are so great that meaningful oversight
is almost impossible anyway. The fox shouldn't watch the chickens;
the chickens can't watch the chickens; even the computers can't
be trusted to watch the chickens. So what do we do — throw out
the chickens with the egg water? PGN]
Last year two radar-equipped planes that had been promised to Customs were
given to the Coast Guard instead as a result of late-night Senate actions
on the federal budget. Customs Commissioner William von Raab then promised
Coast Guard Commandant Paul A Yost Jr. that Customs would provide $8M in
reparations to help the CG's airborne drug interdiction problem. But Senator
Dennis DeConcini (D-AZ) told von Raab not to transfer the money, and to wait
for the appropriations process instead. The Coast Guard decided to act on its
own. Somehow acquiring Customs' computer account numbers, they simply caused
$8M to be transferred from the Customs account to the CG account. To make a
long story short, there were protests from Customs, and just as mysteriously
as the money disappeared, it reappeared (although in two increments).
[I adapted this from the Washington Post National Weekly, 18 May 87,
p.34, thanks to Michael Melliar-Smith. Perhaps the HACKER was really
a Coast Guard CUTTER (or was he a CONS CAR'd CDR (LISPing to starboard?)
Just think what could be done in reprogramming government funds! PGN]
At Project Athena for some time we've been trying to convince our
vendors that if they hope to sell personal workstations worth $2K or
more to students they are going to have to include in the physical
design a top-to-bottom hole that penetrates the major box covers and
the mother board, suitable for dropping a bicycle lock through, so
that the machine can be chained to a dorm-room or apartment radiator,
or a desk in an office. The reaction so far has been uproarious
laughter (and several reports of newly-designed compact workstations
stolen from one of the vendors).
Jerry
Some years ago, the Ariande column in New Scientist proposed a novel and,
as usual (?), unworkable (??) bomb 'detector'. You zap your 'bomb' with
radiation of a flavour selectively absorbed by Mercury (but not otherwise
strong enough to hurt.) The Mercury gets a little agitated by this and, if
it happens to be part of Fulminate of Mercury, an explosion occurs.
So, you just march your passengers and their luggage, one at a time, down
a bomb-proof tunnel and if they DON't go boom, let them on board. Even if
they do have explosives/bullets they can't set them off without a detonator.
Unless they use Lead Azide.
Or carry little bottles of nitro-glycerine, or...
Michael Newbery, Comp Sci, Victoria Univ, Wellington, New Zealand
ACSnet: newbery@vuwcomp.nz UUCP: {ubc-vision,alberta}!calgary!vuwcomp!newbery
[All kidding azide, this is another of our classical unsolvabled
problems. Technology cannot provide 100% guarantees. It also
transforms the technology it is trying to protect against. Heisenberg
strikes again, with a longer time constant. PGN]
"SNAFU ENDS HAPPILY AT UCF AS STUDENTS GET EVERY CLASS THEY WANTED"
by Laura Ost, The Orlando Sentinal, Saturday, May 9, 1987, Page D-3
[Reproduced with permission]
Thanks to a computer snafu, a nightmare for University of Central
Florida students has turned into a dream.
UCF's new computer system failed to cut off pre-registration for
summer classes as they filled. The happy result for students who often
wait years to take required courses: They got everything they wanted.
At first, the glitch meant that 56 courses overflowed, and 700 of
8,000 spring students who pre-registered were in danger of being tossed
out of classes they planned on.
But after discovering the problem April 24, officials decided there
was only one answer: Give them what they want.
"From the student standpoint, it turned out splendiferous," UCF
spokesman Dean McFall said Friday.
The solution was to add more than 40 class sections in education,
engineering, and arts and sciences, and to extend employment of part-
time and nine-month faculty members who want summer work.
The worst case was a speech course required for students without
community college degrees. More than 300 signed up for three sections
with a total capacity of 84. So, eight sections were added.
The expanded schedule is a big relief for students; some courses
have had long waiting lists, meaning that students often had to delay
required freshman courses until their senior year. Solving the
registration problems wiped out the backlog.
"It showed us the full market for those courses," said Charlie
Micarelli, vice president for undergraduate studies. "For the first
time we could see the number of courses needed. It was kind of
overwhelming... So there's nothing bad that doesn't bring out some
good."
This was UCF's first use of the new computer system and the
software that operates it. The software was developed by the Florida
Board of Regents technical staff, which uses UCF as a testing ground for
the state university system.
The malfunctioning software was repaired in time for regular
registration Wednesday, officials said. Classes began Thursday.
Provost Richard Astro said the expanded summer schedule won't cost
extra because it eliminates the need for some classes next academic
year. He said the university usually has enough regular staff members
to cover summer classes.
"What you don't want to do is put an ad in the paper and say,
'Anybody who can teach, come on in'," Astro said. "Basically what we're
saying [to regular staff] is 'Hey, do you want to work this summer?'"
A few days ago on our university UNIX system (4.3BSD), a friend of mine
received the message reprinted below. Very briefly, someone seems to
have cracked the passwords in the "passwd" file and sent a piece of
warning mail to all the users whose password he cracked. Note that my
friend's password was a dictionary word, while mine (uncracked) was a
proper name beginning with a capital letter.
> To: xxxxxx
> Subject: A matter of security..
>
> Your password: zzzzzzz [correctly stated]
>
> As an experiment, and something of an unofficial public service, I
> have been experimenting with a password breaking program that was
> recently released into the public domain. Since anyone can use this
> program now, I thought I'd run it on violet's password file to see
> which passwords could be broken. Yours was one of them. If you're
> security conscious, or just don't like the idea of your password
> being so easily broken, then I would advise that you change it to
> a word not found in the english dictionary, or use a combination of
> upper and lower case letters. Either of these methods will render
> your password fairly invulnerable to attack..
>
> Yyyyyyyyy Yyyyyyyy
[I thought using the SALT offset was standard by now! Ho hum,
another lesson ignored. So, we run it ONE MORE TIME here. PGN]
According to one of my colleagues who has just returned from a visit
to Italy, the Marconi deaths are in all the papers, and many of his
friends were worried about him returning to the UK as his life must be
at risk because he works in Computer Science research...
______________________________
Date: Mon, 11 May 87 11:37:09 PDT
From: Dave Benson <benson%cs1.wsu.edu@RELAY.CS.NET>
To: risks%csl.sri.com@RELAY.CS.NET
Subject: Software Reliability book
Software Reliability: Measurement, Prediction, Application,
by J. Musa, A. Iannino and K. Okumoto (McGraw-Hill Book Co., NY, 1987),
is now available. I cannot contain my enthusiasm for this well-organized,
thoughtful, thought-provoking, well-written, [accolades]* book. A sample
from 7.4.3 Measuring Ultrahigh Reliability, Case Study 7.1 on Nuclear
Power computer-based monitoring system:
...we are 95 percent certain that at least ... 3 more (failures)
will occur at some time. The ... failure intensity in 0.895/1000 yr
(of computer operation) using the logarithmic Poisson model.
Yes, that's less than one software failure per millenium of operation.
The point is that these three AT&T Bell researchers have an excellent
collection of methods for measuring and predicting software reliability,
and have made these techniques easily accessable in this supurb book.
Stanford's on-line library catalog made short work of finding this: AUTHOR: Hale, John. TITLE: The whistle blower / John Hale. IMPRINT: 1st American ed. New York : Atheneum, 1985, c1984. 239 pp.; 23 cm. LOCATION: PR6058.A438W5 1985: Green Stacks NOTES: Item CSUG85-B26608 (Books) Language: eng Year: 1985
Please report problems with the web pages to the maintainer