/** comp.risks: 1.0 **/ ** Topic: RISKS DIGEST 10.11 ** ** Written 5:19 pm Jun 25, 1990 by risks in cdp:comp.risks ** RISKS-LIST: RISKS-FORUM Digest Monday 25 June 1990 Volume 10 : Issue 11 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Petitting papers by e-mail! (Jonathan Bowen) Re: The Hubble Telescope (Tony Ozrelic) Re: DEC RA90 disk failures: correction/update (David Keppel) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. TO FTP VOL i ISSUE j: ftp CRVAX.sri.comlogin anonymousAnyNonNullPW cd sys$user2:[risks]GET RISKS-i.j ; j is TWO digits. Vol summaries in risks-i.00 (j=0); "dir risks-*.*" gives directory listing of back issues. ALL CONTRIBUTIONS ARE CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. ---------------------------------------------------------------------- Date: Wed, 20 Jun 90 09:41:07 BST From: kgd@informatics.rutherford.ac.uk Subject: The Risks of Reading RISKS (Re: Travis, RISKS-10.10) If RISKS editorial policy is to publish hoaxes, jokes and elaborate fictitious accounts of non-events, at any time of the year *without* explicit warning, then its purpose will have been undermined. The article by Gregory Travis of Indiana "University" about the A320 may have been jolly good humourous nonsence, but it was presented as a genuine RISK. There are other news groups and mailing lists for jokes. RISKS is for RISKS! Which introduces another abuse of information technology: when is an article in RISKS a real RISK? How many other published articles have been mere hoaxes? How are we to know? I think an explanation is required. Keith Dancey, Rutherford Appleton Laboratory, Chilton, Didcot, UK ------------------------------ Date: Wed, 20 Jun 1990 7:52:02 PDT From: RISKS Forum Subject: Re: The Risks of Reading RISKS I am very sorry for any confusion. I inadvertently deleted the line that said that the message was from rec.humor. (I'm glad only a few of you took it seriously, although I am also sorry to besmirch my own efforts to provide incisive and consistent moderation.) Too bad that the tale was not sufficiently outrageous that it could not have been true! I was editing remotely under tight time pressures. I also omitted from the Contents of the issue Steve Bellovin's item on computer security problems in Malaysia, also attributable to the same editing difficulties. Editing through an imperfect terminal emulator can be quite risky. ------------------------------ Date: Thu, 21 Jun 90 08:34:25 -0400 (EDT) From: Nathaniel Borenstein Subject: "Artificial Life" out of control The latest issue of the Whole Earth Review has an article ("Perpetual Novelty") about the growing "artificial life" movement, which works to create computer simulations of artificial beings, with rather far-fetched and grandiose long-term goals. I was particularly struck by the discussion of the idea that some of these people have to release lots of relatively dumb robots and simply let them evolve. Talking about one researcher's goals, the article says: He wants to flood the world (and beyond) with inexpensive, small, ubiquitous thinking things. He's been making robots that weigh less than 10 pounds. The six-legged walker weighs only 3.6 pounds. It's constructed of model-car parts. In three years, he'd like to have a 1mm (pencil tip-size) robot. He has plans to invade the moon with a fleet of shoe-box-size robots that can be launched from throw-away rockets. It's the ant strategy: send an army of dispensable, limited agents coordinated on a task, and set them loose. Some will die, most will work, something will get done. In the time it takes to argue about one big sucker, he can have his invasion built and delivered. The motto: "Fast, Cheap, and Out of Control." I think that about says it all. The risks should be obvious, at least to the people who read RISKS. Nathaniel S. Borenstein, Member of Technical Staff, Bellcore, Morristown, NJ ------------------------------ Date: Thu, 21-Jun-90 01:40:38 PDT From: hkhenson@cup.portal.com Subject: Update on Alcor/email case (at last) Update on the progress in the Alcor/email case as of June, 1990 (originally reported in comp.risks) by H. Keith Henson A suit under section 2707 of U.S.C. title 18 (the Electronic Communications Privacy Act) against a number of individuals in the Riverside, California Coroner's office, the District Attorney's office, and the Riverside police department was filed Jan. 11, 1990, one day short of the statutory limit. There were 15 plaintiffs out of roughly 50 people who had email on the Alcor system. For those of you who are not familiar with the case, the coroner removed a number of computers from Alcor in connection with an investigation into the cryonic suspension of Dora Kent in December of 1987. The defendants moved in March for a dismissal of the case, arguing that 1) the warrant for the computer was enough to take any email found within it, and 2) that even if the defendants had made "technical" errors in confiscating the email, they should be protected because they acted in "good faith." Our lawyer opposed the motion, arguing that the warrant originally used was itself defective, even for taking the computers. This is something Alcor had never done, because (I think) people can only object to a warrant after charges have been filed, and for all the accusations the coroner and DA made in the press (which included murder, drugs, theft, and building code violations), no charges have been filed in this case in the last two and a half years. The federal judge assigned to the case denied the motion after hearing oral arguments in May. Based on the comments of the judge from the bench, it seems that he agrees that the plaintiffs have a case, namely that taking email requires a warrant for the email, or the persons doing so will face at least civil liability. So far the legal bill stands at over $10,000. Suggestions as to organizations or individuals who might be interested in helping foot the bills would be welcome. (Donations would be returnable if we won the case and the county has to pay our legal bills as required in section 2707.) The text of the legal filings (40k, three files) have been posted to CuD. If you can't get CuD, they are available by email from hkhenson@cup.portal.com ------------------------------ Date: 21 Jun 1990 7:50 EDT From: jbr@cblph.att.com Original-From: j.a.brownlee Subject: "Unbreakable Math Code Finally Broken" [The following article appeared in the 06/20 Columbus (Ohio) Post Dispatch, credited to the Washington Post.] Two mathematicians, working with hundreds of colleagues, announced yesterday that they had broken a code viewed by many cryptographers and security experts as virtually impenetrable. The feat, in which the mathematicians factored one of the world's ``most wanted'' numbers, means that many security-minded organizations will need to change their cryptographic systems to prevent security breaches. "In the long run, mathematical breakthroughs like this will make everyone more cautious about how far one must go to keep a message private," said Arjen Lenstra of Bellcore, the research arm of the major regional telephone companies. Lenstra, with Mark Manasse of Digitial Machine Corp., successfully factored a 155-digit number, a feat many mathematicians had believed to be prohibitively difficult. Cryptographic systems are used to encode messages and data before they are sent among banks, corporations, governments, the military -- anyone wishing to avoid having computerized mail perused by outsiders. The sender encodes messages using a many-digit number that would be difficult or impossible to factor. [...] Only someone who knows the factors of the large number can decode the message. Until now, it was thought virtually impossible to factor a number 155 digits long, and many cryptographic systems used numbers that long to encode their messages. The work of Lenstra and Manasse, and hundreds of mathematicians who plugged the Bellcore program into their computers at night to solve additional parts of the problem, changes the game. Lenstra now says security-minded users must now find numbers greater than 200 digits to feel safe. Lenstra and Manasse, chewing up the equivalent of 275 years of computer time, found that the 155-digit number could be factored by a 7-digit number, a 49-digit number, and a 99-digit number. [This certainly points up the risks of supercomputers and high-precision math, not to mention the risks of the press reporting on computer-related topics. :-) -- jab] Joe Brownlee, Analysts International Corp. @ AT&T Network Systems 471 E Broad St, Suite 1610, Columbus, Ohio 43215 (614) 860-7461 ------------------------------ Date: Mon, 25 Jun 90 17:12:29 bst From: Clive Feather Subject: A (rather old) risk of new technology >From the Cambridge Weekly News (a free newspaper) 31 May 1990. "... [in 1927] by the first traffic lights [in Cambridge] at the bottom of Castle Hill. These were supposed to replace the policeman usually stationed there on point duty but, according to some sources, actually meant that two police were needed - one to explain the system to befuddled motorists and the other to hold back the crowds of onlookers enchanted by the pretty changing lights." [BTW, that's Cambridge, Cambridgeshire, not Cambridge, Massachusetts] Clive D.W. Feather, IXI Limited , 72-74 Burleigh St., Cambridge CB1 1OJ UK ------------------------------ Date: Wed, 20 Jun 90 16:11:28 BST From: Jonathan.Bowen@prg.oxford.ac.uk Subject: Risk submitting papers by e-mail! An electronic mail system should not tamper with the contents of the messages which it conveys. However, when sending messages via Unix electronic mail, any line starting with "From" in the body of the message has a ">" prepended to it to avoid the line being confused with a "From" line in the header which is used to delimit messages in a mail box file. However, such lines are not that uncommon in text. Source text for publication is now more and more routinely being sent via e-mail, and any changes in the message could easily end up being printed since it is often assumed that the text has already been proof-read. As an example of this, see the paper "Some comments on the assumption-commitment framework for compositional verification of distributed programs" by Paritosh Pandya, in "Stepwise Refinement of Distributed Systems", Springer-Verlag, Lecture Notes in Computer Science no 430, pp622-640. On pages 626, 630 and 636 three paragraphs start with a "From" and have an upside-down "?" just beforehand. (This is what the LaTeX document preparation system transforms ">" to in the standard font.) [...] Jonathan Bowen, Programming Research Group, Oxford Univeristy. ------------------------------ Date: Tue, 19 Jun 90 15:58:09 PDT From: Tony Ozrelic Subject: Re: The Hubble Telescope (RISKS-10.10) ...One problem is that some RAM used by the fine guidance system is being scrambled when the telescope passes through the South Atlantic Anomaly, a region representing a "dip" in the Van Allen Belts that has been known to be hazardous to spacecraft electronics for decades... This Anomaly wouldn't have to do with the Bermuda Triangle, would it? :) tony o. ------------------------------ Date: 21 Jun 90 16:14:23 GMT From: pardo@cs.washington.edu (David Keppel) Subject: Re: DEC RA90 disk failures: correction/update Recently I posted an article about a DEC RA90 disk failure that we had in February, and said that DEC had not notified customers of the problem. I have since found out from our lab staff that DEC *did* notify customers. It looks like I screwed up, not DEC. Prior to our failures, and several others that occurred at about the same time, DEC believed that, of the drives with serial numbers in the ``possibly affected'' range, either they failed when brand new, or they were ``safe''. Ours were among the first ``midlife failures''. In response, I understand that DEC replaced all RA90s with serial numbers in the ``possibly affected'' range, even though only 2% of these drives ever experienced failures. So DEC 1, me zero. Also, my original posting had deserved a followup anyway, but doubly so in this case: I had included a disclaimer in my original message, but the RISKS moderator clipped it off when he compiled the digest. When I saw that, I considered posting a RISKS article about the risk of losing disclaimers, but decided against the extra traffic. Wrong again.... {rutgers,cornell,ucsd,ubc-cs,tektronix}!uw-beaver!june!pardo [PLEASE NOTE THAT THE PAST FEW ISSUES HAVE HAD A GENERIC MASTHEAD DISCLAIMER. I GENERALLY TRIM ALL SORTS OF TRAILING POETRY, SCATOLOGY, HUMOROUS DISCLAIMERS, LATITUDE AND LONGITUDE, HOME PHONES, etc. IF YOU HAVE A REALLY IMPORTANT DISCLAIMER THAT YOU FEEL SHOULD NOT BE SO DELETED, PLEASE LET ME KNOW. PGN] ------------------------------ End of RISKS-FORUM Digest 10.11 ************************ ** End of text from cdp:comp.risks ** Downloaded From P-80 International Information Systems 304-744-2253