Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
From the Boston Globe, Wednesday, Aug 10, 1988
BERKELEY, Calif. - Regular work in front of a VDT screen may cause a
premature loss in the eye's ability to focus, according to preliminary
research by a University of California optometrist. A deterioration in eye
focusing among people in their 20s and 30s was the No. 1 problem found in
153 patients treated at the university's Video Display Terminal Eye Clinic,
said researcher James Sheedy. The study, prepared for a symposium in Ohio,
was the first clinical report of eye-focusing problems in VDT users.
They may be right. I've been working with display screens for about the last
five years, and lately (last three years) usually most of a working day. Until
recently I had no need of glasses but on my last exam the doctor recommended
some; they aren't very strong, but I have noticed a difference. My eyes are
much less tired after a full day at a terminal now.
Denis W. Haskin, Technical Analyst, Digital Review, Boston, MA
Denny's article is a rehash of old points and old concerns but updated with a
few contemporary examples. He fails to raise and comment on a central point.
He asks (to paraphrase the point) what right a manufacturer has to ask all
manner of personal questions on the warranty form. He should note (but did
not) that he nor anyone else is under no obligation to answer all manner of
questions in such a situation. The warranty in no way will be affected if he
declines to answer.
My best bottom line on personal privacy is this:
1. Information intrusion and its consequences is just another one
of those risks of living in this world.
2. Each of us better be well informed of when we are legally
obligated to answer questions and give personal information, and when we
are not.
3. Each of us will have to understand that like other risks of
living in our world, privacy will require us to take care of ourselves,
using whatever mechanisms society and/or governments have provided and
whatever innovations we can indvidually create.
4. To the extent that people behave like information-sheep and
mindlessly answer every question put before them by any inquiring agent,
then privacy will be eroded more and more and self-protection will become
all the more difficult.
Trying saying NO when asked for personal information; you'll be surprised
at how often it won't make any difference.
Willis H. Ware
> (a) Whoever knowingly --
> (1) inserts into a program for a computer information or commands,...
> (2) provides such program to others in circumstances in which ...
Wonderfully put. As I read that language, installing Sun NFS 3.0 in your
favorite operating system and then running it at your site would be a felony.
Perhaps this bill is not such a bad idea as it seems at first.
(Not to pick on Sun . . . there are dozens of other good examples. Installing
your vendor's newest system release without alerting all your users would
probably become a felony, too.)
Jerry
It has been long known among law enforcement experts that severity of punishment is less of a deterrent than certainty of punishment. If a given crime has the death penalty, but only one change in a thousand of being caught, convicted and punished, then there is no deterrence. If the penalty is light but the chance of punishment is high, there is deterrence. (Which is why no-one throws rocks through the windows of the Police station or paints graffitti on its wall.) So it is with this bill. The penalty is as stiff as the constitution allows, but the chance of being caught is vanishingly small. The only virus-authors I have heard have been identified were boasting about it. If they'd kept their mouths shut, they wouldn't have been found. But just finding them, hard as it is, is the easy part. How do you prove that they are the author? JURY-prove, I mean. Even without this bill, there were potential penalties. A large corporation who was hurt by a virus could have sued the virus author, if they knew who it was and could prove it. But the search usually would have cost more than the damages. What this bill DOES do is give the FBI grounds for a serious search for virus authors. But what if the author is overseas? The current most common virus for the Amiga was written in Switzerland. Steven C. Den Beste, Bolt Beranek & Newman, Cambridge MA denbeste@bbn.com(ARPA/CSNET/UUCP) harvard!bbn.com!denbeste(UUCP)
While I doubt the entire anti-virus bill was published in Risks Digest
7.33, the following excerpt seems to have problems:
> (a) Whoever knowingly --
> (1) inserts into a program for a computer information or commands,
> knowing or having reason to believe that such information or commands will
> cause loss to users of a computer on which such program is run or to those who
> rely on information processed on such computer; and
This sounds like it makes the DELETE ( or rm ) commands illegal! Even
more, what would it mean for operations people who have (and supply)
command files to clean up disk areas? (e.g. PURGE on VMS or deleting
*.tmp) UNIX(r) systems should have NOCLOBBER always set, and remove
the >! construct. Gear up disk drive production if this takes effect.
I hope there is something in the bill which excludes commands
necessary to the normal functioning of the system, and those which
allow the user to lose things himself. This should be written to cover
only those "information of commands" which are surreptitiously
inserted, or exist in programs which are not expected to erase data.
Steve Kovner, Digital Equipment Corporation
(The opinions expressed above do not necessarily represent the
opinions of my employer.)
I went to a local medical clinic yesterday for the first time. After a few minutes I wondered if I had come to the right place. The first clue that something was wrong was the complaint of the couple in front of me in line at the front desk. They had received a bill in the mail for over 1,000 which was surprising to them since they had prepaid provider insurance. (Prepaid provider insurance allows the doctors office to bill the insurance company without the patient having to submit insurance claims). Furthermore their account number for insurance was also scrambled and didn't match the credit card that is usually provided with prepaid insurance. The receptionist explained that the computer had been broken and that they should ignore the bill since they should not have gotten it in the first place. When I went up to the desk upstairs someone was having to pay cash because "the computer is messed up and cannot bill your insurance directly". Of course I was depending on *my* prepaid provider plan to pay and had maybe 5 dollars to my name so I was a little concerned. I had also noticed that there were several assistants stashed in corners hand sorting what appeared to be bills. After the doctor found out I worked with computers he told me what had happened. The clinic had recently replaced their computer system with a new one and disposed of the old one. The new computer took the current balance * number of patients in family and produced bills for all the patients that had been in the clinic including people with prepaid provider type of insurance. A nurse who had worked at the clinic received a bill for over 4,000 dollars. Apparently it had taken her bill of approximately 80 dollars and multiplied it by both her immediate family, and her grandchildren. I hope they keep their medical information on a separate computer! Take 3000 aspirins and call me in the morning :-) It seems to me that using the new system that the clinic or the installer should have performed some kind of check before they converted over to the new system or at least run the two systems in parallel until they verified the operation of the new system. At least I would attempt to verify the new system before I mailed out bills to hundreds of angry customers. I guess I will have to wait till the end of the month and see how my bill comes back but since there is only one of me at least they should be able to calculate it correctly. At least my back is feeling better. It does make me a little angry that "the computer is always to blame" when it appears that the real fault lies with the humans that install, program, and feed the computer. I think I understand now why we test software and look at the results. I have seen more than one instance where the end user of a computer product trusted the computer so much that they stopped checking the results even when the were obviously wrong. Maybe we need to educate end users to not put blind faith in the computer and as software producers to test our software and make it as idiot proof as possible. Even a simple spot check of some of the bills at the clinic could have prevented an expensive and embarrassing mistake. Brian Ellis, Boeing Aerospace,Seattle, WA 98124-2499 (206) 773-2599 My boss has both opinions and humor but the views expressed here are mine.
The following letter appears in Flight International, 6 August 1988. Copied without consent. "When I was a kid I was intrigued by an advertisement for a pair of binoculars with which I would be able to see 'the craters of the moon' and 'France as if it was only a mile away'. I saved up and bought them, and when they arrived they were, in fact, a rather nice pair of wide-angle 10*50s. I never saw France, but I certainly saw the craters on the moon. The other day, from a vantage point on the South Downs, I thought I'd put the old 10*50s to the test again. Visibility was okay, but there was a lot of wind and fairly low cloud around. I looked in the general direction of Gatwick Airport and after only a minute I saw the unmistakable profile of a One-Eleven climbing out, smoking visibly. Then a slightly larger aircraft - almost certainly a 737, a -200 I'd say, the engines were not big enough to be a -300. These are some binoculars, I thought: even if France doesn't look a mile away, at least Reigate Hill does. Only a few minutes passed before a relatively huge shape climbed into the air - an ex-BCal DC-10, the overall design of the livery clearly to be seen. Not only was this a DC-10, and not a TriStar, but it was an ex-BCal '10. It turned north soon after take-off, and flew away from home a while, and even from this aspect it was definitely a '10. I watched it climb and turn, disappearing into cloud and then reappearing again. Good sport this, I thought, give me a clear day and I could follow a widebody all the way from, er ... well ... Bandar Abbas? Just a moment! What's going on? Am I really distiguishing between near-identical wide-body aircraft from all aspects at almost *three times* the slant range at which the captain of the USS Vincennes launched two Standard missiles and destroyed an A300? In disbelief I double-checked the scale of the map in the AA Book of the Road. No doubt about it, these aircraft are well over 20 miles away, and that '10 must have been 30 miles out when I lost sight of him. The Airbus was only nine miles out, at 7500 feet on a clear day when the missiles were fired. Okay, the A300 was motoring, but tell me which direction he was coming from and with my 10*50s I reckon I'd have narrowed the field to a 757, 767 or an A300 before you could say 'F-14' - and certainly before he got within nine miles. I've never seen an RCA Aegis system advertised in Exchange and Mart but, even if I do, I don't think I'll buy one. [signed] ANDY COUPLAND, 20 Holmcroft, Crawley, Surrey, RH10, 6TW "
Old news is no news but reflective journalism improves with age.
The developments in the airbus crash mirror the situation of the late 19th C
when warning devices began to be installed in Railway Engine cabs & signal
boxes. Getting highly trained "elites" to accept a machine warning is hard.
If they can switch it off, many of them will, until they crash themselves into
extinction. Does history ALWAYS repeats itself?
For me, the key point is NOT to let this stand as a reason to take a human
out of the system. The system worked, the pilot failed, but PLEASE leave
them in there.
Aegis, is almost but not quite an opposite situation. Both the System AND
its users failed. Some [me?] would argue aegis 'failed by design' since
attempting to 'predict' with <100% accuracy something you cannot really 'see'
is not the same thing as 'identifying' with <high-enough> accuracy something
you might need to destroy. The failure was inevitable.
Congressman Smith seems to show that the process of procurement for the DoD
is sufficiently flawed as to make ANY complex system inherently doubtful.
George Michaelson, CSIRO Division of Information Technology
ACSnet: G.Michaelson@ditmela.oz Phone: +61 3 347 8644
Postal: CSIRO, 55 Barry St, Carlton, Vic 3053 Oz Fax: +61 3 347 8987
There's an article in the August Issue of Reader's Digest by Tom
Clancy (author of The Hunt for Red October), entitled "Common Sense
About Strategic Defense." Given RD's editorial stance, I was
surprised to see this title until reading the article revealed that
"Common Sense" entails that SDI is an appropriate, nay, desirable
response to Mutual Assured Destruction (MAD). Most of the article is
fairly predictable, relying on things like blind acceptance of the SDI
"research" "results" reported so far, but the paragraph on software
really made me laugh (or cry):
Some opponents have questioned whether we could program
computers with the millions of calculations necessary to
fight a battle against ICBMs. I don't doubt we can.
In the 12 years since supercomputers were introduced,
these devices have moved from doing millions of
calculations per second to billions, and are now about
to exceed ten billion calculations per second. Those
who believe our computing capabilities are not up to the
challenge ignore the fact that a computer that once
filled a building would now fit on their wrists. These
people just haven't been paying attention.
Steve Summit, scs@adam.pika.mit.edu
We have had discussions of cases in which computer data bases wrongly identified innocent people as criminals. I just read an interesting counter- case, in a Bob Greene column in an Esquire magazine from a few months ago. Briefly, a man killed his live-in fiance, disposed of her body, and then reported her as missing and mounted an effort to find her so as to establish an alibi for himself. A police officer on the case suspected the man, for some reason, and tried to look him up in a computer database, presumably NCIC. He got nothing, so he tried variant spellings of the man's name and turned up the identity of a fugitive from justice with almost the same social security number and birth date as his suspect. Confronted with this, the man confessed to being the fugitive and waived extradition to be tried for the earlier crime. With further grilling he confessed to the murder. Greene also noted that while the Chicago police were looking for the missing woman, her unidentifiable body was found in Indiana where the murderer had taken it. But there was no communication between the two police agencies in this matter instance.
Please report problems with the web pages to the maintainer