Slashdot Mirror

This same system has been working since at least 1995 with zero reports of fraud or failure (except normal "computer is broken" style failures).

You mean that this did not happen?

• Cosmic ray hits Brussels election -- really?
• Le Ministre DEWAEL reconnait la faillibilite du vote electronique grace à un rayon cosmique complice !

Do you really think the cosmic ray is a believable explanation?

well, I found this: http://catless.ncl.ac.uk/Risks/11.10.html#subj1

you can't be treated because access to your online health records are down

Well THAT problem has existed for some time.

I'm waiting for the day when specifying Microsoft is an automatic termination. It's coming.

you can't be treated because access to your online health records are down

Well THAT problem has existed for some time.

I'm waiting for the day when specifying Microsoft is an automatic termination. It's coming.

Reducing single points of failure is what is needed

The cost of doing this is enormous, which is why it will never happen 100%. The scale of this outage is no where near what we had in the Chicago area when the Oak Brook central office caught on fire http://catless.ncl.ac.uk/Risks/6.82.html#subj2, and that was 20 years ago. I don't think any one system is any more fault tolerant now than it was 20 years ago, but there are now multiple providers which can mitigate it significantly as long as they don't all route through the same cables as was the case here to a large degree.

In the end any telecom system is vulnerable in localized areas... the trick is to make sure it cannot all be disabled (although software has managed to do so to great effect in the past http://www.soft.com/AppNotes/attcrash.html

...

Life critical monitoring equipment is never plugged into the Internet.

"Should never be" and "never is" are two different things.

And what constitutes "life critical" is fuzzy. Is Google Maps "life critical"? Do you remember the family that got lost and the father froze to death? (It's not clear that the map in this case came from Google Maps, but it show the possibility.)

Is your word processor "life criticial"? Michael Richard was executed after his lawyers were unable to file paperwork by a deadline due to computer problems, under circumstances that would likely have at least postponed his murder by the state.

Is your local park service's database "life critical"? It becomes so when a dead tree that was supposed to be removed falls and kills somebody.

(By the way, if you're a computer professional and you're not reading the RISKS digest, you oughta be.)

Life critical monitoring equipment is never plugged into the Internet.

"Should never be" and "never is" are two different things.

And what constitutes "life critical" is fuzzy. Is Google Maps "life critical"? Do you remember the family that got lost and the father froze to death? (It's not clear that the map in this case came from Google Maps, but it show the possibility.)

Is your word processor "life criticial"? Michael Richard was executed after his lawyers were unable to file paperwork by a deadline due to computer problems, under circumstances that would likely have at least postponed his murder by the state.

Is your local park service's database "life critical"? It becomes so when a dead tree that was supposed to be removed falls and kills somebody.

(By the way, if you're a computer professional and you're not reading the RISKS digest, you oughta be.)

Per this story from the '80s:

The problem has cropped up with adjustable office chairs fitted with
nitrogen gas cylinders in place of the conventional springs in their height
control mechanism. Preliminary findings suggest that metal fatigue cracks
can develop in the cylinders, possibly caused by the poor chairs being asked
to cope with more than they can bear.

In short, if your chair uses a spring (most likely), then you are in no danger. You can sit easily now.

Funny this should come up, considering what I just read last night in the RISKS Digest:

Software glitch causes incorrect medication dosages
Jeremy Epstein jeremy.j.epstein@gmail.nospamnospamnospam.com
Fri, 16 Jan 2009 11:51:46 -0500

``Patients at VA health centers were given incorrect doses of drugs, had needed treatments delayed and may have been exposed to other medical errors due to the glitches that showed faulty displays of their electronic health records, according to internal documents obtained by The Associated Press under the Freedom of Information Act. The VA's recent glitches involved medical data -- vital signs, lab results, active meds -- that sometimes popped up under another patient's name on the computer screen. Records also failed to clearly display a doctor's stop order for a treatment, leading to reported cases of unnecessary doses of intravenous drugs such as blood-thinning heparin. According to interviews and the VA's internal memos, the glitches began after the VA distributed its annual software upgrade last August [2008].''

The proposition that EHR are a good idea remains as unproven as the idea that touchscreen voting machines with no paper trail are a good idea. Sometimes electronic documents and records introduce brave new failure methods that outweigh any benefit.

Software errors are only one aspect which can fail in such a device anyway.

True but unlike most failure modes software errors are not statistical (e.g. failures follow a normal curve). No amount of blackbox testing is going to be able to tell you that the software won't give the wrong result next Tuesday. See my previous post.

Unfortunately a fairly common misunderstanding of software even amongst programmers, to treat it like a physical process with similar statistical properties, which leads to a lot of bad software and bad software testing. But this is simply wrong in general. See comp.risks for many examples of software failure modes where obscure conditions cause consistent failure.

---

Commercial software bigots - a dying breed.

For example, WHDH-DT is off in UHF neverland, but once the analog WHDH 7 goes away, WHDH-DT gets the 7 slot not just on the logical dial, but also the physical frequency space.

http://catless.ncl.ac.uk/Risks/25.50.html
Some *digital* reception will go black in February!
<"Daniel P. B. Smith" <usenet2006@dpbsmith.com>>
Wed, 31 Dec 2008 23:03:41 -0500

I'm pretty sure I'm right about this, but I haven't succeeded in getting a
clear answer from anyone. It isn't discussed in any FAQ I've seen.

On 17Feb 2009, some of the people most surprised by the transition will be
those who carefully prepared in advance and are happily watching digital TV
over the air with an "HDTV antenna." Because, on February 17th, some of the
stations they are watching in _digital_ now will effectively go black.

The reason is that the antennas that have been sold for years as "HDTV
antennas" or "digital antennas" are UHF-only antennas. This made sense,
because VHF antennas are large, bulky, expensive, and difficult to install,
and because _currently_ all digital television frequency assignments are in
the UHF band.

The problem is that on 17 Feb 2009, when the transition occurs, some
stations will be moving their signals from the UHF band to the VHF band, to
take advantage of VHF spectrum that has been freed up by the cessation of
analog broadcasting.

For example, according to antennaweb.org, WHDH-DT in Boston, which is
currently broadcasting on UHF channel 42, will move to VHF channel 7.

However, you will not find any discussion of this on WHDH's website, which
contains the stock DTV advice and says nothing about any special
considerations in receiving WHDH-DT. Like other FAQs, it refers vaguely to
antennas and does not emphasize any need to be sure that your antenna
includes VHF capability if you want to receive all stations after February
17th.

Not very many people will be affected by this problem. Only those who
actually prepared!

Another issue is that digital television receivers and converter boxes
generally set themselves up automatically when first powered on, scanning
through the channels and identifying and marking those where digital signals
were found. It is a one-time process and people can forget that it ever took
place. I wonder how many DTV receivers will handle the channel reassignments
automatically and gracefully? I suspect many people, even if their antennas
receive VHF, will simply lose the reassigned channels, perhaps for
weeks... until they figure out that they need to initiate a manual rescan
and can remember how to do it.

Funnily enough, there's a rumour going around that USB sticks were used to hack into the Pentagon:

http://catless.ncl.ac.uk/Risks/25.47.html#subj5

From the link:
If true, it was a simple but brilliantly effective method. Someone infected thumb drives with the WORM then dropped them around the Pentagon parking lot. The employees, picked them up, took them into their offices and plugged them into their office computers to determine the owner of the drive.

I went abroad for a semester to Newcastle University in the UK. I placed out of my first year in CS, so that made it much easier for me, though I couldn't afford to do the whole year. I took core classes (I go to a liberal arts school) and had an absolute blast.

Newcastle is a science school. In fact, one of my friends over there is a CS major. The European CS curricula are far more formal than what we have here in the states, however. They're really teaching Computer Science, while my program is really more Software Engineering. If that's the case for you as well, don't even think about trying to take CS classes in Europe.

And I have a serious dislike for people who can't tell the difference between software engineering and slapping code together and compiling until it works - and worse dislike for people who forgive that behavior.

http://catless.ncl.ac.uk/php/risks/search.php?query=authenticode basically has the fucking author of Authenticode saying that security is so unimportant that even a broken screen saver has a higher priority at Microsoft.

So, forgive me if the security geek in me feels a little fucking pissed off. Nobody is saying all the software has to be perfect. But what I'm fucking pissed off about is that they INTENTIONALLY DESIGNED A FUCKING PIECE OF SHIT AND CALLED IT SECURITY AND CRAMMED IT DOWN OUR COLLECTIVE THROATS and the damned IT media just rolls over while crying BOHICA.

First of all - Firefox was designed with security in mind.

IE was not. That alone is enough to drive me off IE. Go to the Risks digest and read what Bob Atkinson wrote about Authenticode - he basically says that a broken screen saver has higher priority than security issues - and authenticode is the security technology behind ActiveX. And Atkinson is the fucking author of authenticode.

http://catless.ncl.ac.uk/php/risks/search.php?query=authenticode

And what you want - that technology already exists. A company called GreenBorder made it. Guess what - google bought it. Hopefully, the big G will release it soon.

http://catless.ncl.ac.uk/Risks/18.08.html#subj7

Hilfinger's version is more enjoyable. He talks about the "blue-haired ladies" in power believed that "fingering someone" sounded obscene. They forced the computer admins to change the name of "finger", and they did it to Hilfinger's name as well to make a point. Hilfinger agreed with the point and went along with it.

Ah, I found one. The Risks Digest, Volume 16: Issue 55, Weds 9 November 1994. The relevant section is reprinted below for preservation's sake, edited only for spelling ("entirity"), converting asterisk-marked text to strong text, formatting, block quoting, and adding links.

Hardware-borne Trojan Horse programs
Chris Tate <FIXER@FAXCSL.DCRT.NIH.GOV>
Tue, 8 Nov 1994 12:34:36 -0500 (EST)

I had an unpleasant experience this past weekend, and I imagine some other readers of RISKS will find it interesting.

I recently purchased an Apple Macintosh computer at a "computer superstore," as separate components - the Apple CPU, and Apple monitor, and a third-party keyboard billed as coming from a company called Sicon.

This past weekend, while trying to get some text-editing work done, I had to leave the computer alone for a while. Upon returning, I found to my horror that the text "welcome datacomp" had been inserted into the text I was editing. I was certain that I hadn't typed it, and my wife verified that she hadn't, either. A quick survey showed that the "clipboard" (the repository for information being manipulated via cut/paste operations) wasn't the source of the offending text.

As usual, the initial reaction was to suspect a virus. Disinfectant, a leading anti-viral application for Macintoshes, gave the system a clean bill of health; furthermore, its descriptions of the known viruses (as of Disinfectant version 3.5, the latest release) did not mention any symptoms similar to my experiences.

I restarted the system in a fully minimal configuration, launched an editor, and waited. Sure enough, after a (rather long) wait, the text "welcome datacomp" once again appeared, all at once, on its own.

As a next step, I contacted John Norstad, the author of Disinfectant, and one of the international response team for dealing with new Macintosh virus sightings. Very promptly I received a response, which I shall quote here in its entirety (it's brief):

Yes, we have heard of this. It's a practical joke in the ROM code in some third-party keyboards. The only solution is to get your bad keyboard replaced.

I was furious. Apparently there are hardware products on the market which have embedded "Trojan Horses," programs which affect the operation of the system without the user's consent (or knowledge!).

I have returned the keyboard to the store where I purchased it, and I plan to contact Sicon about the problem. The potential for abuses in computer systems here is apparent, especially when the system involves "intelligent" peripherals - such as many popular types of disk drive, Apple Desktop Bus devices (such as the offending keyboard), and so forth.

John Norstad informs me that he has little knowledge of the extent of this particular problem, other than the fact that he has received quite a bit of mail from people who have been bitten. What is almost

Why in God's name would put [power grids, nuclear energy sites, military bases, Federal government, etc., on the Interet?

Because people are sometimes very, very dumb.

Read this comp.risks item about a monitoring PC at a nuke plant getting infected by the Slammer worm. Fortunately, the plant was off-line, and had analog backups.

Now consider this case, where excessive network traffic lead to a nuke plant losing its recirculation pumps and being manually scrammed. In this case it doesn't seem that the local net was directly connected to the Internet; however excessive traffic is exactly what can be caused by this TCP attack.

Now, put the two together: create a worm that spreads, lies dormant, then wakes up one day and throws this TCP attack at everything it can...could be a bad day.

Why in God's name would put [power grids, nuclear energy sites, military bases, Federal government, etc., on the Interet?

Because people are sometimes very, very dumb.

Read this comp.risks item about a monitoring PC at a nuke plant getting infected by the Slammer worm. Fortunately, the plant was off-line, and had analog backups.

Now consider this case, where excessive network traffic lead to a nuke plant losing its recirculation pumps and being manually scrammed. In this case it doesn't seem that the local net was directly connected to the Internet; however excessive traffic is exactly what can be caused by this TCP attack.

Now, put the two together: create a worm that spreads, lies dormant, then wakes up one day and throws this TCP attack at everything it can...could be a bad day.

Kids don't need teachers.

Read The Risks Digest -- it ought to be required reading for all software developers because it is fundamentally about how systems fail and if you don't have a good grasp of how the system you are building might fail, then you will probably build it in such a way that it will fail like a house of cards the first time a stiff breeze blows.

It is low volume with pretty high signal-to-noise ratio so it is not a burden to stay current, and when you have some dead time the back issues - going back for more than two decades now - make for great reading too.

Does not seem to be a way to disable currently.

And yes ActiveX *IS* a security problem. There's no sandbox. If it is signed (and any stolen credit card can be used to "sign"/buy a cert - so where's that identity huh?), then any web page you go to can call an installed activex component.

Hence, the activex things that HP/Compaq and so on installed, that later turned out to have buffer overflows - well, guess what, any malicious page can check for, and call those locally installed activex components, and buffer overflow them, and you're owned.

In the past, it used to be that any signed activex will download automatically, unless you're browsing at the highest security level (oh yeah, even IE allows you to NOT let any activex run - why doesn't Chrome do that huh?) but I have no idea what Microsoft has done lately.

www.digicrime.com has some dated, but still useful criticisms of activex and authenticode

http://catless.ncl.ac.uk/php/risks/search.php?query=authenticode has Bob Atkinson saying really stupid things about Authenticode, and being slapped silly by anyone with anything more than a cursory interest in security. Microsoft basically said - we don't care about security - a broken screen saver has a higher priority than any security issues. And this is from the guy who is supposed to be in charged of designing a *SECURE SYSTEM*????????

So, JUST SAY NO to ActiveX

I think this is actually the clue to a good solution to your problem. Don't just say "we have a disconnect between our engineering and software development processes" - show them examples of where this has FAILED in the past.

Ariane 5 is one example. The Therac 25 is another one that comes to mind. You can find many such examples on the Risks forum which has been documenting such issues for YEARS.

Good luck.

One cite: Risks Digest.

Gates: New versions are not offered to cure faults. I have never heard of a less relevant reason to bring a new version on the market.

Focus: There are always bugs in programs.

Gates: No. There are no essential bugs ("keine bedeutenden Fehler") in our software which a significant number of users might wish to be removed.

Thanks William, I'll stick to OS X (and Linux for that matter). Apple and the Linux community do fix bugs continuously.

What's this with systems design and complete idiots at the wheel?

You either end up with some Politically Correct idiot taking decisions that don't make a lot of sense (or are actually deepy insulting - how would you feel if someone starts singling out parts of your name) or with a base design assumption that totally sucks or lacks any flexibility.

Sjeez.

Back when kids chemistry sets contained a few chemicals not found in mom's kitchen and no one was making crank with stuff which was in mom's kitchen, my skillkraft set had something I swear was called "methylethylene blue", but maybe the guy who typed the label stuttered at the keyboard.

I also vaguely remember that one practical use for medical grade methylene blue was as an antidote for carbon monoxide poisoning, since it's one of the few not-so-toxic substances which binds to hemoglobin more strongly than CO molecules.

The RISKS Digest never gets old.

Oops. Wrong link in the above post.

Agreed that this is a non-news and there have been similar range destruct packages on EVERY shuttle launched since 1981 in case she starts heading for Disney World.

For the technical details on how this works, check out an old Risks article here. They put a lot of thought into the system.

Or you could take you part-way down the "Blood from a Stone" route to parenthood.

It's ok, i browse through unsecured wifi, using tor routing on a spoofed MAC. no biggie.
My neighbor across the street and 5 houses down.. not so much...

I'm a bit down on Postini lately. A few months ago, they started marking my personal e-mails to Postini customers as spam. Which is kinda ironic. And pretty damned annoying, since my lawyer, my broker, my apartment manager and my chiropractor are all on Postini servers. But hey, that happens. I went over my server with a fine-tooth comb, I set up SPF, DomainKey, DKIM, no luck. I even switched servers. No matter. My e-mail, now digitally signed in triplicate, was still being scored as 90% probable spam.

So I tried to get in touch with their postmaster group. Only they don't have one. And I tried to check their feedback loop. Only they don't have one. As a shareholder, I even wrote to Investor Relations. No response. In the process, I found out that they have a universally awful reputation among the mail delivery community.

In the end, all they could tell me was that their system decided my mail was spam because - I kid you not - their system had, previously, decided my mail was spam. Which, of course, increases my spamminess score. And so on, and so on, until we're all using the same shampoo.

So, to recap: The guy in charge of keeping Google secure, Scott Petry, is the guy who invented a system that bit-buckets your e-mail, with absolutely no accountability, no sanity checks, no industry best practices... because of guilt by association WITH YOURSELF.

Be afraid. Be very afraid.

http://catless.ncl.ac.uk/risks/18.25.html#subj5

Why fix your own systems when you can blame the customer?

That eye surgeon comment made me think of something I read a couple of years ago: http://catless.ncl.ac.uk/Risks/21.59.html#subj1

Check out 'my life as uucp@aol.com' from the risks digest for details about a similar case from an earlier time.

http://catless.ncl.ac.uk/Risks/16.77.html#subj4

Many years ago I (briefly) owned the e-mail address uucp@aol.com, which received all sorts of interesting messages from platforms that blindly assumed everyone else was running Unix too. After suspending the address and asking AOL to put it on their reserved list (which they did), I wrote it up for the RISKS Digest.

Allied nations have similar programmes.

It has been useful in other problem domains to have an exercise OPFOR and training grounds. See Crocodile03, Red Flag, Fincastle Trophy etc.

Are there plans to both co-operate with allied nations, use "Tiger teams" to assess vulnerabilities in both US and allied infrastructure, train a specialist OPFOR using likely enemy tactics, have an "inactive reserve" of irregular cyber-militia... and is there a (preferably multinational) group studying such "Blue Sky" ideas? How do we go about starting one if not? This Slashdot experiment indicates someone is on the ball, at least...

About 15 years ago, I was part of an unofficial e-mail-ex that happened immediately after an unfortunate incident involving a QANTAS trans-pacific flight and the USN. We examined just what might happen in case of severe tension between the US and Australia. The problem from the Australian viewpoint was not causing unacceptable damage to the US in order to coerce the country into behaving as they'd wish, it was doing so without causing unacceptable collateral damage to the world economy. This pre-dated Tom Clancy's "Debt of Honor", which contained a few of the ideas. Both sides retired shaken, and resolved to try pretty much anything before going that far in actuality. Hopefully infrastructure has been secured a bit since then. As a regular reader of the RISKS digest http://catless.ncl.ac.uk/Risks , I wouldn't bet on it.

• Centre for Cancer Education
• Webster's
• American Heritage
• Encarta
• Wikipedia

"Seroactive" appears to be a less common synonym for "seropositive".

Because we do our jobs well, you don't hear about the latest scandal on Slashdot.

To get the whole nine yards about the effects computerised ninnies have on the rest of us you have to go to:- http://catless.ncl.ac.uk/risks which is a very interesting and sadly illuminating read.

If that worries you, then I look into Airbus - at least Boeing beleives the pilot should always have the last say, not the computer

Bugs in the computer: Sun Microsystems, Inc. knows why Brazil is known to its native inhabitants as the kingdom of the ants.

Ants in yer... Pants? NOT! (Toshiba notebook/laptop); Ants Invade Apple iBook.

Ants In My Nokia (A Yahoo! account is required) 5210 Mobile Phone.

Ants in Omniview switchboxes: An e-mail story of ants invading a network switchbox.

Argentine ants invade a network hub.

A photograph showing ants nesting in a guy's phone box, affecting his DSL connection and phone system.

This is the kind of story that shows up in Risks Digest all the time - an email digest that ought to be mandatory reading for anyone involved in technological development.

Clearly the goal is to reduce bogus 911 calls that occur when a cell phone's keys get accidentally pushed, like in a purse or someone's pocket. But the first question that should have been asked is just how much of a problem are such calls? Yes, we get the occasional anecdote of cell phones gone wild, but is it really such an overwhelming problem that it needs to be fixed at all?

Second, presuming it is so common that 'something must be done' -- then they should have come up with an escalating alarm - like say more than 5 consecutive calls to 911 or more than 10 minutes air-time connected to 911 and the phone plays a short recorded message through the phone so both parties can hear it saying that it is going to start making noise in a few more minutes unless the user - or the 911 operator on the other end - types in a short number to disarm it. Even if the user doesn't know what to do in response to the message, the 911 people will quickly become familiar with such warnings that they will know what to do. (I'm assuming that 911 operators have actual keypads at their stations, that might not be the case.)

Rather amusing, the last Multics in use was with the Canadian military. See here.

I stand corrected; I was under the impression that their background image was user-drawn, but in fact it wasn't.

However, in that article, there is no mention of a flexible grid; in this one, there is.

A human life. It is more valuable than gold or anything known to man...

Bullshit. A human life, from an engineering perspective, is entirely quantifiable. It has to be, or else nothing would ever get built because the safety requirements to get the risk down to 0% would make the cost infinite. The dollar value used varies per industry, but a cursory search reveals this page that says the following:

The values of a human life that are commonly accepted in different industries seem to fall in the $1M to $8M range, with something around $2M being near the "median".

So, what's the bottom line? Multiply the value of a life (e.g. $2 million) times the risk the person was actually innocent (about 10%, according to this post further down the thread). The result ($200,000 in this particular back-of-the-envelope calculation) is the per-person risk of wrongful execution. Therefore, if the cost of imprisoning someone for life exceeds $200,000, then it's better just to execute them instead.

Sure, it may seem callous, but it's true (assuming my math is correct).

http://catless.ncl.ac.uk/Risks/13.66.html#subj1

How to tell the difference between a programmer and a software engineer?

A programmer can't do much more than code
A software engineer reads and understands comp.risks.

Just be sure that if you test your mailmerge DB, and you fill $DONOR with "Rich Bastard", you don't let that go to production.

--Rob