Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
In the last issue PGN asked if someone had shown previous issues of RISKS to a couple of senators drafting legislation. This treads on the boundary of inappropriate and risky in itself use of this medium. It is generally understood, I thought, that this kind of forum is private to its readers, although the larger the subscriber list the harder it is to maintain that fiction. Although I don't contribute much here, had I known there was a likelihood that what I wrote might end up in the Congressional Record I'm not sure I would have contributed it — how do others think, or can our moderator state what he thinks the policy is? Ted [Interesting question. We agreed way back in Volume 1 or 2 that material in RISKS was open for noncommercial redistribution, as long as that did not violate any explicitly stated caveats or copyright limitations. It is important to keep RISKS informal and unencumbered by red tape. Besides, IDEAS HAVE NO BOUNDARIES (except in closed minds). One of the main purposes of RISKS is to disseminate ideas and awareness. My question to Herb (who is on leave from MIT, deeply embroiled in the legislative process) was sort of a bemused wonderment as to whether the proposed legislation had in any way been influenced by the existence of the RISKS Forum, since some of the goals are quite similar... PGN]
Peter, I am sorely troubled by the prospect of our Congress providing 'oversight' or whatever it is they do down there to our industry. Even in areas where they have a clear mission and even one might expect some expertise, the attention span of the Congress is measured in Microseconds between headlines. You will recall that last year, the Congress created and then jumped on the bandwagon of war on drugs. To my local knowledge, there has been no *action* in that war since. [I do recall the House passing a bill calling for some $400 Million to be spent on that war, but was saved from any notion of accountability by the Gramm-Rudman act or some such.] I really do worry about the grandstanding that such a commission would engender, and the sycophantic interaction between the congresspeople and an uniformed, shoot-from-the-hip press. Really a bad idea. Cheers, Jim [I noted in my comments that there are many pitfalls in the proposed legislation. But, an implication of what you say is very depressing: the difficulties of government are so great that meaningful oversight is almost impossible anyway. The fox shouldn't watch the chickens; the chickens can't watch the chickens; even the computers can't be trusted to watch the chickens. So what do we do — throw out the chickens with the egg water? PGN]
Last year two radar-equipped planes that had been promised to Customs were given to the Coast Guard instead as a result of late-night Senate actions on the federal budget. Customs Commissioner William von Raab then promised Coast Guard Commandant Paul A Yost Jr. that Customs would provide $8M in reparations to help the CG's airborne drug interdiction problem. But Senator Dennis DeConcini (D-AZ) told von Raab not to transfer the money, and to wait for the appropriations process instead. The Coast Guard decided to act on its own. Somehow acquiring Customs' computer account numbers, they simply caused $8M to be transferred from the Customs account to the CG account. To make a long story short, there were protests from Customs, and just as mysteriously as the money disappeared, it reappeared (although in two increments). [I adapted this from the Washington Post National Weekly, 18 May 87, p.34, thanks to Michael Melliar-Smith. Perhaps the HACKER was really a Coast Guard CUTTER (or was he a CONS CAR'd CDR (LISPing to starboard?) Just think what could be done in reprogramming government funds! PGN]
At Project Athena for some time we've been trying to convince our vendors that if they hope to sell personal workstations worth $2K or more to students they are going to have to include in the physical design a top-to-bottom hole that penetrates the major box covers and the mother board, suitable for dropping a bicycle lock through, so that the machine can be chained to a dorm-room or apartment radiator, or a desk in an office. The reaction so far has been uproarious laughter (and several reports of newly-designed compact workstations stolen from one of the vendors). Jerry
Some years ago, the Ariande column in New Scientist proposed a novel and, as usual (?), unworkable (??) bomb 'detector'. You zap your 'bomb' with radiation of a flavour selectively absorbed by Mercury (but not otherwise strong enough to hurt.) The Mercury gets a little agitated by this and, if it happens to be part of Fulminate of Mercury, an explosion occurs. So, you just march your passengers and their luggage, one at a time, down a bomb-proof tunnel and if they DON't go boom, let them on board. Even if they do have explosives/bullets they can't set them off without a detonator. Unless they use Lead Azide. Or carry little bottles of nitro-glycerine, or... Michael Newbery, Comp Sci, Victoria Univ, Wellington, New Zealand ACSnet: newbery@vuwcomp.nz UUCP: {ubc-vision,alberta}!calgary!vuwcomp!newbery [All kidding azide, this is another of our classical unsolvabled problems. Technology cannot provide 100% guarantees. It also transforms the technology it is trying to protect against. Heisenberg strikes again, with a longer time constant. PGN]
"SNAFU ENDS HAPPILY AT UCF AS STUDENTS GET EVERY CLASS THEY WANTED" by Laura Ost, The Orlando Sentinal, Saturday, May 9, 1987, Page D-3 [Reproduced with permission] Thanks to a computer snafu, a nightmare for University of Central Florida students has turned into a dream. UCF's new computer system failed to cut off pre-registration for summer classes as they filled. The happy result for students who often wait years to take required courses: They got everything they wanted. At first, the glitch meant that 56 courses overflowed, and 700 of 8,000 spring students who pre-registered were in danger of being tossed out of classes they planned on. But after discovering the problem April 24, officials decided there was only one answer: Give them what they want. "From the student standpoint, it turned out splendiferous," UCF spokesman Dean McFall said Friday. The solution was to add more than 40 class sections in education, engineering, and arts and sciences, and to extend employment of part- time and nine-month faculty members who want summer work. The worst case was a speech course required for students without community college degrees. More than 300 signed up for three sections with a total capacity of 84. So, eight sections were added. The expanded schedule is a big relief for students; some courses have had long waiting lists, meaning that students often had to delay required freshman courses until their senior year. Solving the registration problems wiped out the backlog. "It showed us the full market for those courses," said Charlie Micarelli, vice president for undergraduate studies. "For the first time we could see the number of courses needed. It was kind of overwhelming... So there's nothing bad that doesn't bring out some good." This was UCF's first use of the new computer system and the software that operates it. The software was developed by the Florida Board of Regents technical staff, which uses UCF as a testing ground for the state university system. The malfunctioning software was repaired in time for regular registration Wednesday, officials said. Classes began Thursday. Provost Richard Astro said the expanded summer schedule won't cost extra because it eliminates the need for some classes next academic year. He said the university usually has enough regular staff members to cover summer classes. "What you don't want to do is put an ad in the paper and say, 'Anybody who can teach, come on in'," Astro said. "Basically what we're saying [to regular staff] is 'Hey, do you want to work this summer?'"
A few days ago on our university UNIX system (4.3BSD), a friend of mine received the message reprinted below. Very briefly, someone seems to have cracked the passwords in the "passwd" file and sent a piece of warning mail to all the users whose password he cracked. Note that my friend's password was a dictionary word, while mine (uncracked) was a proper name beginning with a capital letter. > To: xxxxxx > Subject: A matter of security.. > > Your password: zzzzzzz [correctly stated] > > As an experiment, and something of an unofficial public service, I > have been experimenting with a password breaking program that was > recently released into the public domain. Since anyone can use this > program now, I thought I'd run it on violet's password file to see > which passwords could be broken. Yours was one of them. If you're > security conscious, or just don't like the idea of your password > being so easily broken, then I would advise that you change it to > a word not found in the english dictionary, or use a combination of > upper and lower case letters. Either of these methods will render > your password fairly invulnerable to attack.. > > Yyyyyyyyy Yyyyyyyy [I thought using the SALT offset was standard by now! Ho hum, another lesson ignored. So, we run it ONE MORE TIME here. PGN]
According to one of my colleagues who has just returned from a visit to Italy, the Marconi deaths are in all the papers, and many of his friends were worried about him returning to the UK as his life must be at risk because he works in Computer Science research... ______________________________ Date: Mon, 11 May 87 11:37:09 PDT From: Dave Benson <benson%cs1.wsu.edu@RELAY.CS.NET> To: risks%csl.sri.com@RELAY.CS.NET Subject: Software Reliability book Software Reliability: Measurement, Prediction, Application, by J. Musa, A. Iannino and K. Okumoto (McGraw-Hill Book Co., NY, 1987), is now available. I cannot contain my enthusiasm for this well-organized, thoughtful, thought-provoking, well-written, [accolades]* book. A sample from 7.4.3 Measuring Ultrahigh Reliability, Case Study 7.1 on Nuclear Power computer-based monitoring system: ...we are 95 percent certain that at least ... 3 more (failures) will occur at some time. The ... failure intensity in 0.895/1000 yr (of computer operation) using the logarithmic Poisson model. Yes, that's less than one software failure per millenium of operation. The point is that these three AT&T Bell researchers have an excellent collection of methods for measuring and predicting software reliability, and have made these techniques easily accessable in this supurb book.
Stanford's on-line library catalog made short work of finding this: AUTHOR: Hale, John. TITLE: The whistle blower / John Hale. IMPRINT: 1st American ed. New York : Atheneum, 1985, c1984. 239 pp.; 23 cm. LOCATION: PR6058.A438W5 1985: Green Stacks NOTES: Item CSUG85-B26608 (Books) Language: eng Year: 1985
Please report problems with the web pages to the maintainer