|
Risks Digest 10.11
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
/** comp.risks: 1.0 **/
** Topic: RISKS DIGEST 10.11 **
** Written 5:19 pm Jun 25, 1990 by risks in cdp:comp.risks **
RISKS-LIST: RISKS-FORUM Digest Monday 25 June 1990 Volume 10 : Issue 11
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Petitting papers by e-mail!
(Jonathan Bowen)
Re: The Hubble Telescope (Tony Ozrelic)
Re: DEC RA90 disk failures: correction/update (David Keppel)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome.
CONTRIBUTIONS to [email protected], with relevant, substantive "Subject:" line
(otherwise they may be ignored). REQUESTS to [email protected]. TO FTP
VOL i ISSUE j: ftp CRVAX.sri.com<CR>login anonymous<CR>AnyNonNullPW<CR> cd
sys$user2:[risks]<CR>GET RISKS-i.j <CR>; j is TWO digits. Vol summaries in
risks-i.00 (j=0); "dir risks-*.*<CR>" gives directory listing of back issues. ALL
CONTRIBUTIONS ARE CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
----------------------------------------------------------------------
Date: Wed, 20 Jun 90 09:41:07 BST
From: [email protected]
Subject: The Risks of Reading RISKS (Re: Travis, RISKS-10.10)
If RISKS editorial policy is to publish hoaxes, jokes and elaborate fictitious
accounts of non-events, at any time of the year *without* explicit warning, then
its purpose will have been undermined.
The article by Gregory Travis of Indiana "University" about the A320 may have
been jolly good humourous nonsence, but it was presented as a genuine RISK. There
are other news groups and mailing lists for jokes. RISKS is for RISKS!
Which introduces another abuse of information technology: when is an article in
RISKS a real RISK? How many other published articles have been mere hoaxes? How
are we to know?
I think an explanation is required.
Keith Dancey, Rutherford Appleton Laboratory, Chilton, Didcot, UK
------------------------------
Date: Wed, 20 Jun 1990 7:52:02 PDT
From: RISKS Forum <[email protected]>
Subject: Re: The Risks of Reading RISKS
I am very sorry for any confusion. I inadvertently deleted the line that said
that the message was from rec.humor. (I'm glad only a few of you took it
seriously, although I am also sorry to besmirch my own efforts to provide
incisive and consistent moderation.) Too bad that the tale was not sufficiently
outrageous that it could not have been true!
I was editing remotely under tight time pressures. I also omitted from the
Contents of the issue Steve Bellovin's item on computer security problems in
Malaysia, also attributable to the same editing difficulties. Editing through
an imperfect terminal emulator can be quite risky.
------------------------------
Date: Thu, 21 Jun 90 08:34:25 -0400 (EDT)
From: Nathaniel Borenstein <[email protected].com>
Subject: "Artificial Life" out of control
The latest issue of the Whole Earth Review has an article ("Perpetual Novelty")
about the growing "artificial life" movement, which works to create computer
simulations of artificial beings, with rather far-fetched and grandiose long-term
goals. I was particularly struck by the discussion of the idea that some of
these people have to release lots of relatively dumb robots and simply let them
evolve. Talking about one researcher's goals, the article says:
He wants to flood the world (and beyond) with inexpensive, small, ubiquitous
thinking things. He's been making robots that weigh less than 10 pounds. The
six-legged walker weighs only 3.6 pounds. It's constructed of model-car parts.
In three years, he'd like to have a 1mm (pencil tip-size) robot. He has plans
to invade the moon with a fleet of shoe-box-size robots that can be launched from
throw-away rockets. It's the ant strategy: send an army of dispensable, limited
agents coordinated on a task, and set them loose. Some will die, most will work,
something will get done. In the time it takes to argue about one big sucker, he
can have his invasion built and delivered. The motto: "Fast, Cheap, and Out of
Control."
I think that about says it all. The risks should be obvious, at least to the
people who read RISKS.
Nathaniel S. Borenstein, Member of Technical Staff, Bellcore, Morristown, NJ
------------------------------
Date: Thu, 21-Jun-90 01:40:38 PDT
From: [email protected]
Subject: Update on Alcor/email case (at last)
Update on the progress in the Alcor/email case as of June, 1990
(originally reported in comp.risks)
by H. Keith Henson
A suit under section 2707 of U.S.C. title 18 (the Electronic Communications
Privacy Act) against a number of individuals in the Riverside, California
Coroner's office, the District Attorney's office, and the Riverside police
department was filed Jan. 11, 1990, one day short of the statutory limit. There
were 15 plaintiffs out of roughly 50 people who had email on the Alcor system.
For those of you who are not familiar with the case, the coroner removed a number
of computers from Alcor in connection with an investigation into the cryonic
suspension of Dora Kent in December of 1987.
The defendants moved in March for a dismissal of the case, arguing that 1) the
warrant for the computer was enough to take any email found within it, and 2)
that even if the defendants had made "technical" errors in confiscating the
email, they should be protected because they acted in "good faith."
Our lawyer opposed the motion, arguing that the warrant originally used was
itself defective, even for taking the computers. This is something Alcor had
never done, because (I think) people can only object to a warrant after charges
have been filed, and for all the accusations the coroner and DA made in the press
(which included murder, drugs, theft, and building code violations), no charges
have been filed in this case in the last two and a half years.
The federal judge assigned to the case denied the motion after hearing oral
arguments in May. Based on the comments of the judge from the bench, it seems
that he agrees that the plaintiffs have a case, namely that taking email requires
a warrant for the email, or the persons doing so will face at least civil
liability.
So far the legal bill stands at over $10,000. Suggestions as to organizations
or individuals who might be interested in helping foot the bills would be
welcome. (Donations would be returnable if we won the case and the county has
to pay our legal bills as required in section 2707.)
The text of the legal filings (40k, three files) have been posted to CuD. If you
can't get CuD, they are available by email from [email protected]
------------------------------
Date: 21 Jun 1990 7:50 EDT
From: [email protected]
Original-From: j.a.brownlee
Subject: "Unbreakable Math Code Finally Broken"
[The following article appeared in the 06/20 Columbus (Ohio) Post Dispatch,
credited to the Washington Post.]
Two mathematicians, working with hundreds of colleagues, announced yesterday that
they had broken a code viewed by many cryptographers and security experts as
virtually impenetrable. The feat, in which the mathematicians factored one of
the world's ``most wanted'' numbers, means that many security-minded
organizations will need to change their cryptographic systems to prevent security
breaches.
"In the long run, mathematical breakthroughs like this will make everyone more
cautious about how far one must go to keep a message private," said Arjen Lenstra
of Bellcore, the research arm of the major regional telephone companies.
Lenstra, with Mark Manasse of Digitial Machine Corp., successfully factored a
155-digit number, a feat many mathematicians had believed to be prohibitively
difficult.
Cryptographic systems are used to encode messages and data before they are sent
among banks, corporations, governments, the military -- anyone wishing to avoid
having computerized mail perused by outsiders. The sender encodes messages using
a many-digit number that would be difficult or impossible to factor.
[...] Only someone who knows the factors of the large number can decode the
message. Until now, it was thought virtually impossible to factor a number 155
digits long, and many cryptographic systems used numbers that long to encode
their messages.
The work of Lenstra and Manasse, and hundreds of mathematicians who plugged the
Bellcore program into their computers at night to solve additional parts of the
problem, changes the game. Lenstra now says security-minded users must now find
numbers greater than 200 digits to feel safe. Lenstra and Manasse, chewing up
the equivalent of 275 years of computer time, found that the 155-digit number
could be factored by a 7-digit number, a 49-digit number, and a 99-digit number.
[This certainly points up the risks of supercomputers and high-precision
math, not to mention the risks of the press reporting on computer-related
topics. :-) -- jab]
Joe Brownlee, Analysts International Corp. @ AT&T Network Systems
471 E Broad St, Suite 1610, Columbus, Ohio 43215 (614) 860-7461
------------------------------
Date: Mon, 25 Jun 90 17:12:29 bst
From: Clive Feather <[email protected]>
Subject: A (rather old) risk of new technology
>From the Cambridge Weekly News (a free newspaper) 31 May 1990.
"... [in 1927] by the first traffic lights [in Cambridge] at the bottom
of Castle Hill. These were supposed to replace the policeman usually
stationed there on point duty but, according to some sources, actually
meant that two police were needed - one to explain the system to befuddled
motorists and the other to hold back the crowds of onlookers enchanted by
the pretty changing lights."
[BTW, that's Cambridge, Cambridgeshire, not Cambridge, Massachusetts]
Clive D.W. Feather, IXI Limited , 72-74 Burleigh St., Cambridge CB1 1OJ UK
------------------------------
Date: Wed, 20 Jun 90 16:11:28 BST
From: [email protected]
Subject: Risk submitting papers by e-mail!
An electronic mail system should not tamper with the contents of the messages
which it conveys. However, when sending messages via Unix electronic mail, any
line starting with "From" in the body of the message has a ">" prepended to it
to avoid the line being confused with a "From" line in the header which is used
to delimit messages in a mail box file. However, such lines are not that
uncommon in text. Source text for publication is now more and more routinely
being sent via e-mail, and any changes in the message could easily end up being
printed since it is often assumed that the text has already been proof-read.
As an example of this, see the paper "Some comments on the
assumption-commitment framework for compositional verification of distributed
programs" by Paritosh Pandya, in "Stepwise Refinement of Distributed Systems",
Springer-Verlag, Lecture Notes in Computer Science no 430, pp622-640. On pages
626, 630 and 636 three paragraphs start with a "From" and have an upside-down
"?" just beforehand. (This is what the LaTeX document preparation system
transforms ">" to in the standard font.) [...]
Jonathan Bowen, Programming Research Group, Oxford Univeristy.
------------------------------
Date: Tue, 19 Jun 90 15:58:09 PDT
From: Tony Ozrelic <[email protected]>
Subject: Re: The Hubble Telescope (RISKS-10.10)
...One problem is that some RAM used by the fine guidance system is being
scrambled when the telescope passes through the South Atlantic Anomaly,
a region representing a "dip" in the Van Allen Belts that has been
known to be hazardous to spacecraft electronics for decades...
This Anomaly wouldn't have to do with the Bermuda Triangle, would it? :)
tony o.
------------------------------
Date: 21 Jun 90 16:14:23 GMT
From: [email protected] (David Keppel)
Subject: Re: DEC RA90 disk failures: correction/update
Recently I posted an article about a DEC RA90 disk failure that we had
in February, and said that DEC had not notified customers of the
problem. I have since found out from our lab staff that DEC *did*
notify customers. It looks like I screwed up, not DEC.
Prior to our failures, and several others that occurred at about
the same time, DEC believed that, of the drives with serial numbers
in the ``possibly affected'' range, either they failed when brand new,
or they were ``safe''. Ours were among the first ``midlife failures''.
In response, I understand that DEC replaced all RA90s with serial
numbers in the ``possibly affected'' range, even though only 2% of
these drives ever experienced failures.
So DEC 1, me zero.
Also, my original posting had deserved a followup anyway, but doubly so
in this case: I had included a disclaimer in my original message, but
the RISKS moderator clipped it off when he compiled the digest. When I
saw that, I considered posting a RISKS article about the risk of losing
disclaimers, but decided against the extra traffic. Wrong again....
{rutgers,cornell,ucsd,ubc-cs,tektronix}!uw-beaver!june!pardo
[PLEASE NOTE THAT THE PAST FEW ISSUES HAVE HAD A GENERIC MASTHEAD
DISCLAIMER. I GENERALLY TRIM ALL SORTS OF TRAILING POETRY,
SCATOLOGY, HUMOROUS DISCLAIMERS, LATITUDE AND LONGITUDE, HOME
PHONES, etc. IF YOU HAVE A REALLY IMPORTANT DISCLAIMER THAT
YOU FEEL SHOULD NOT BE SO DELETED, PLEASE LET ME KNOW. PGN]
------------------------------
End of RISKS-FORUM Digest 10.11
************************
** End of text from cdp:comp.risks **
|
|
