Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
Andrew Klossner:
> The alarm did go off, but little attention was paid to it because it
> goes off every day, ...
Something I've always felt strongly about in regard to this is fire
alarms. There are many buildings in which fire alarms are ignored as a
matter of course. I believe that in such a case having the fire alarms
is worse than not having them, for two reasons. One is if you are
trying to tell someone that there is a fire. You will pull the fire
alarm and leave the building. No one will listen. The other is if you
are trying to observe whether or not there is a fire. Someone tells
you that there is, but you tend to doubt them because their information
is probably from the fire alarm. At least, this could cause a delay of
minutes which can be crucial in a large building in a fire.
In an apartment building I lived in recently, one night at about 4am the
fire alarm went off. I blearily woke up, pulled on some clothes, and left
the building. Standing outside, I saw only two other people that felt as I
did. Everyone else was still inside. (I had only been living there for two
months at this time.)
Alan J Rosenthal
[If any of you wonder, "What has this to do with computers and related
systems?", the answer by now should be obvious... Alarms were ignored,
bypassed, misinterpreted, or otherwise mishandled in many cases such as
the Stark, Three Mile Island, Chernobyl, Therac 25... PGN]
AT&T phone credit cards use a credit card number that consists (in most cases) of your phone number followed by four (presumably somewhat random) digits. If the last four digits are random, the probability of guessing a number (assuming you know that a particular phone number has a card associated with it) is .01%, which seems relatively safe. The problem was that if your number was on a centrex where the main number ended in 000 all the users of that centrex had numbers that consisted of the main number followed by 4 digits (a different four digit code for each user to provide accountability), so if the centrex had 500 users with credit card numbers, a random 4 digit number appended to the centrex number had a 5% chance of working. This made the expectation value of the number of tries before finding a valid number 10! This has been corrected, so that now the card number is an individual number followed by the 4 random digits. --David Wittenberg
Three ads from the August issue of Computer Shopper:
CABLE and SUBSCRIPTION TV secret manual. Build your own DESCRAMBLERS,
converters. Instructions, schematics for: Sine Wave, Inband/Outband Gated
Sync Pulse, SSAVI methods (for HBO, Showtime, Cinemax, UHF, etc.) Send
$8.95 + $1 postage to CABLETRONICS Box 30502CS, Bethesda MD 20814.
COMPUTER UNDERGROUND. Hacking, Crashing, Pirating, and Phreaking. Who's
doing it, why they're doing it, and how they're doing it. Sample
programs, phone numbers, and the tools of the trade. Send $14.95 + $1
postage to CABLETRONICS Box 30502CS, Bethesda MD 20814.
HACKER'S HANDBOOK. Tells how to access remote computers, figure out
passwords, access codes, operating systems, modem protocols. Plug into
the electronic subculture; open up a world of new information. Send
$12.95 + $1 postage to CABLETRONICS, Box 30502CS, Bethesda MD 20814.
[This item is included here to illustrate an important point:
Knowledge on how to subvert system security is VERY WIDESPREAD.
Sticking one's head in the sand and assuming that everything is
OK is a certain way to court disaster. IMPORTANT SIDEBAR: RISKS
does not endorse unsavory behavior by crackers; however, RISKS
also does not endorse ostrich behavior by system purveyors. PGN]
Yes, I saw that segment as well. I think the scene derived its effect from the
"blame the computer" syndrome we have developed over the last couple of
decades. The effect is supposed to be based on 1) "we" have this new security
device, 2) to test it, would you hold this gun? [For those not seeing the
scene, this biped robot security device can identify guns held at it.] Stop.
Typical person (Everyman, who was the actor of this scene, there is a name
of this type of person in the Star Trek parlance) would say "No way." This
is what you have test pilots and drivers for. Machines have made us think
about them in less than positive ways. It's perfectly safe.
Now, for the viewer (you the reader of RISKS), do you think you would point
a gun at an armed security device? Now, do ya'? Do ya' feel luck.. punk?
We (computer people) would think this device would be tested to this point.
I'm certain the programmer characters in the film would have thought so too,
otherwise, why would the RISKS group exist?
The problem with computer systems is that we think we should try to put
common sense into them. I think this is wrong. Humans take common sense
for granted. It is a form of prejudice. Common sense is not logic. The
other extreme is "blind logic", which is portrayed as poor programming
(actually inconsiderate "exception handling"). Our problem is that we have
conflicting goals; the best written description was given by Nancy Leveson
in her Computing Survey article on Safety. One purpose of science is to
challenge the assumption of common sense as part of education/learning.
Remember that just over a century ago, it was `common sense' that certain
members of the human population were inferior on the basis of race.
Quantum mechanics arose in a different domain to change other `common sense'
ideas. In the end, it is all your point of view. I do plan to see this film
(as bad as it might be). S&E both gave thumbs up, but I don't trust them.
--eugene miya, NASA Ames
[1. `` `Common sense' is not very common.''
2. I have seen one scathing review and one rave
(qualified with "excessive violence").
The previews go right to the ``would you
trust this robot?'' scene... PGN]
>From: baldwin@cs.rochester.edu >"I think there's something basically funny about a machine ... > blindly following instructions in the face of logic" One of the scariest things I learned while teaching "Computer Appreciation" (actually titled "Computers in Society") to non-technical types in the 70's was how little college students knew about the "nature" of computers. On every final there was a question of the general type, "What are the implications of a machine that only does EXACTLY as it is told". The majority of the answers were always about how bad it WOULD be if there WERE such devices — and remember, this was after they were told the question was coming! It almost makes you want to take up plumbing. FROM: Brian G. Gordon, CAE Systems Division of Tektronix, Inc. UUCP: tektronix!cae780!gordon [or gordon@cae780.CAE.TEK.COM]
Right-on-target discussion (by Eugene Miya) of safety and risks in this hypothetical situation, and the contrasts between what people intuitively expect from "intelligent" machines and what they actually get. (The term "intelligent machine" is a lasting disservice done to our discipline by the press of the 1940's and '50's.) The point I want to make is that there seems to be a large segment of society out there that doesn't think this is a risk at all - it's just funny. That's the same society that somehow has to make collective decisions about computer systems in nuclear power plants, weapons, planes, and all the other things we've been discussing for who-knows-how-long here.
Please report problems with the web pages to the maintainer