University of Bielefeld - Faculty of technology | |
---|---|
Networks and distributed Systems
Research group of Prof. Peter B. Ladkin, Ph.D. |
|
Back to Abstracts of References and Incidents | Back to Root |
This page was copied from: http://catless.ncl.ac.uk/Risks/18.19.html |
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Attorney General Janet Reno has told the FBI, CIA, and Commerce, Defense, Energy, Transportation and Treasury Departments that she wants to create a federal computer security emergency response unit to counter physical or network attacks against the federal computer infrastructure (*Computer Industry Daily*, 6 Jun 1996). And some U.S. senators want to allow the FBI to combine forces with the CIA and other intelligence agencies to deal with international criminal and terrorist activity conducted on the Net. Senator Sam Nunn (D-Ga.) says that "if we're going to live in this kind of world, we're going to have to link the intelligence world with law enforcement." Vanderbilt business professor Donna L. Hoffman, whose work is focused on the Internet, says: ''There are not dead bodies in the street. It just doesn't make sense to rush into legislation.'' (San Jose Mercury News*, Center, 6 Jun 1996)
Flight International (5-11 June 1996, p8) reports that the crew of a Martinair B767-300 registration PH-MCH `faced blank flight-instrument displays' near the US coastline on a flight from Amsterdam to Orlando, FL on 28 May 1996. Apparently it had suffered an EFIS failure (EFIS is the industry acronym for the system which displays the flight data on screens in front of the pilots -- a feature of most modern transport aircraft. The EFIS failure itself was not such a big issue. The plane continued on the electro-mechanical standby instruments and diverted to Boston, where it landed safely -- but very fast, with no flaps, spoilers, autobrake or anti-skid. It burst 8 mainwheel tires and the brakes caught fire (neither event unusual in a fast landing and heavy stop) and the fire was quickly extinguished. Martinair said the crew employed `flaps one', which extends leading-edge spoilers only, and that they had no reverse thrust. Martinair said the aircraft had a partial DC-power failure, but an unnamed 767 captain apparently said that such an event would not cause an EFIS failure. Boeing said reports of a complete power failure are `not confirmed'. Peter Ladkin
I recently installed Netscape 3.0b4, a beta version, to try out the new (compared to 1.1N) features and see how well FreeBSD runs foreign binaries. One of the new features, a security feature strangely categorized as a 'network' feature, queries the user before allowing "cookies" to be set. Out of curiousity I set it so as to find out how often this feature was invoked. Cookies (discussed in earlier RISKS volumes, I seem to recall) [YES: RISKS-14.36, 17.89. PGN] are documented at http://www.netscape.com/newsref/std/cookie_spec.html . I was surprised to find that every night for the last two weeks after enabling this I've been handed a "cookie" by a site I never knowingly visited, at http://ad.doubleclick.net . Upon visiting this site I discovered they engage in attempts to collect various data about web users including their o/s. Why they feel it necessary to 'ping' me each night to set a cookie I do not know, but it seems they are also collecting data about browser usage. Such a statistic regarding times online while in a browser would seem valuable from a marketing standpoint. While cookies may be useful when voluntary and insofar as they may be helpful to the user (as I feel the cookie I'm handed that avoids an access validator for a particular newspaper's site). Cookies from marketing companies benefit me not. Categorize this as a risk to users of older netscapes lacking the conditional-cookie setting? Or to advertisers who will find their targets are hidden behind "mini" HTTP firewalls that hide the users from cookies along with advertisement filter such as the one being tested by a North Carolina startup? Howard Goldstein <hg@n2wx.ampr.org> [And you'd probably be surprised to know how many people are affected. But you *know* there has to be a gotcha with free web sites and free browsers, and lots of folks are selling lists. Always look a gift Trojan horse in the mouth (and everywhere else too). PGN
[found at http://www.educom.edu/] The UNGAME Irvine, California-based DVD Software has a new product that automatically deletes games from networked computers, freeing up limited computing resources for students and business folks. Oregon State University's business school manager says, "I had a problem with games," noting that some students spent hours playing games while others were waiting their turn at the keyboard to complete assignments. UnGame scans the hard drive for any of 4,600 games every time the computer is turned on or logged on to the network. The list of games is updated every month. More than 20 colleges and universities are using the software now. (*Chronicle of Higher Education*, 7 Jun 1996, A24) --bks [So, be careful how you name your programs. Here are 4,600 UnNames not to use! PGN]
The RISKs of relying on dumb string searches are not confined to the mangling of respectable British town names ("AOL censors British town names!", RISKS-18.07). Today I accessed the FAQ archives at Imperial College, London (sunsite.doc.ic.ac.uk) to check the date of the alt.usage.english FAQ. Looking at the directory listing I was astonished to see that the 250K+ file had shrunk to 1K. I downloaded the alleged FAQ and found that it contained an article posted to alt.usage.english. The author suggested that, because of its size, the FAQ should no longer be posted to the newsgroup, since "it is available on the WEB, by e-mail, and by ftp". The message subject line was, not surprisingly, "alt.usage.english FAQ": apparently it was enough to fool the archiving program into assuming that the article *was* the FAQ. This would seem to open up interesting possibilities for anyone objecting to the contents of a FAQ and wishing to have it removed from the archive. Gianfranco Boggio-Togna Milano, Italy gbt@acm.org
The German newspaper *Tageszeitung* reports in its issue from 6 June 1996 (6/6/6!) that the software for the engine-controlling in Ariane 5 was made by the French company Matra Corp. This is the same company that made the software for the Taipei subway system that crashed on 3 June 1996 (RISKS-18.17). First statements from DASA, ESA and ArianeSpace say, that there were 37 seconds after the start an movement of all engines in one direction, causing the Ariane 5 into an extreme flight position. This disrupted the main structure of the vehicle and triggered an automated destruction mechanism. Some seconds later the manual destruction from ground control was triggered by the flight security officer for redundancy. According to German press agency Deutsche Presse Agentur, one manager of the French space agency CNES stated that the computer has tried to compensate a nonexistent problem in flight control by making this massive move. So, for me there are two possible reasons for the crash: * there was an sensor failure, transmitting false data about the external conditions (wind, flight position) to the control system, or * there was an real Software "glitch" causing the critical failure. On the base of the information available now, I ask myself, why was there no mechanism to avoid the control computers' attempt to go into this extreme flight position? Frank Rieger Added note, Date: Fri, 7 Jun 1996 17:39:19 +0100 As I have read now, the leading European TV-Satellite corporation ASTRA has chosen Matra Corp. as hardware/software supplier for their next generation of digital broadcast satellites... (Source: Deutsche Presse Agentur). I think we will have a lot of fun watching TV in the next years... Frank [They seem to be developing a real Matra-archy! Next they might do a Matra Metro. PGN]
David Wood suggested some form of parachute ejection and recovery system for payloads. The usual problems with this scheme are weight, cost, and complexity. Mercury and Apollo had launch escape systems to pull the capsule off the top of the launch vehicle either on the pad or during early flight. These systems were jettisoned on the way up to improve flight performance (get rid of the weight penalty.) The Challenger disaster reminded us all of how useful such systems are for saving crew. Launch escape mechanisms to get the shuttle away from the external tanks and solid boosters on the pad and in flight were scrapped early due to the weight and complexity penalties, not to mention some valid safety concerns. (The Space Shuttle can actually abort during launch under specific conditions and return to the landing strip at Kennedy, or go on to a down-range site, or ditch in the ocean. Had sensors been available to tell the crew or ground controllers of the burn-through problem, one of these abort modes might have been employed with the chance of saving the crew if not the vehicle.) To my knowledge, no launch vehicle intended to orbit an unmanned payload has carried a launch-phase recovery system. Ariane 5 is a heavy lift vehicle, making a structure to hold the payload through a separation event, thrusting away from the vehicle, chute deployment, and splashdown in the Caribbean/Atlantic would be a marvel of a vehicle itself. I am not convinced parachutes could even be made to handle the weight of an Ariane 5 payload. And individual recovery systems for the "n" individual satellite payloads just multiplies the complexity by "n." Adding launch-phase recovery systems to expendable launch vehicles would further increase launch costs not only for the mechanisms but for the down-range recovery personell and facilities that would be required for each flight, just in case. Launch costs are already so high as to stifle commercial development of space. Re-usable, robust launch vehicles like the DC-X, X-33, etc. promise to reduce launch costs and offer some advantages in these areas.... Witness the successful landing of the DC-X after an engine explosion (my memory fails me as to when in the flight test program this was). Launch vehicle failures will occur, as do failures in any complex system. Until someone finds a way to get into space other than by riding atop a controlled explosion, there is only so much risk avoidance you can do. And from then on it's risk management. Taking a "free" ride on a new launch vehicle is a higher risk than buying a ride on a "proven" launch vehicle. But if you can't afford the ticket, you must decide if the risk of failure is worth the scientific/commercial/political rewards of success. On the other extreme, I remember NASA taking heat in the Apollo days for the fact that the first Saturn launch carried a few tons of sand into orbit rather than risk any useful payload on an unproven vehicle. Jim Brady Raytheon E-Systems
I'm not sure if they had a parachute did or not, but there was planning and engineering work done to try to rescue the crew under certain failure modes, although this did not help the Apollo 1 astronauts. Apollo carried more valuable cargo than any commercial rocket. Remember, it was the apollo astronauts who forced NASA to design a window into the capsule, at a very high cost. The political and psychological costs of losing anyone, especially highly, expensively trained astronaut-heroes, are very high, and can therefore support safety features which would not make it into an unmanned craft. >> What a risk - millions of (pounds, dollars, whatever - big in anyone's >> currency) and all that work. Designing a "separate and chute" mechanism into the Ariane 5 would be a neat engineering feat, but is it cost-effective? All rocket cargo is insured (and I'm sure the insurance is not cheap). If there was an advantage to this system, I expect either the insurance companies would fund it so they would have to pay off less often, or the aerospace companies would fund it to lower their premiums. It all comes down to economics in situations like this. It is, as they say, only money, even if its quite a lot of it. Marc
I'm not saying that they won't be able to perfect the system, but at the moment, from the demo I saw on a news report about this system, it's _really lame_. The idea is fairly impressive -- presumably they're doing 3D rotations and scaling of their advertizement in real time to then be shown on the ad area. The basic "how to get it on the screen" technology is simply regular old green screen chroma key that has been around for a long time. The impressive part is, repeating myself, making sure the ad "looks right" depending on the angle the camera is seeing it from. Yet even with this, the ad placed in the green area was jittering all over the place. I was laughing at how cheezy it looked. It just looked horribly fake. Technically, it was actually that the ad _wasn't_ jittering exactly with the camera, so for example the logo wouldn't be completely centered (or offset appropriately depending upon the angle) perfectly. "Jittery" really is the best word to describe it when you see the demo. I could also see the tell tale lines on the boundary showing it was chroma key. (They also showed the wall without the ad.. definitely regular old green screen color.) By the way, the idea that subliminal advertising actually works is a pernicious urban legend. Check out http://www.urbanlegends.com/products/ subliminal.advertising/subliminal_messages_sources.html for several references to books that fail to find any evidence that subliminal advertizing works. You may want to peruse http://www.urbanlegends.com itself for info on lots of other things you probably believed to be true but aren't. (alt.folklore.urban's another good place.)
With my mind always trying to find real uses for questionable technology, I find myself wondering if a home version of this technology could be used in reverse to delete those obnoxious logos that have done so much to cut down on how much TV I watch. Or better yet: Carl Sagan's AdNix chip could finally exist. Program it with every major corporate logo and most ads could be blacked. (Turnabout is fair play.) It would make a mess of most sporting events, though. Mike Gardiner
This is merely an extension of a recent trend in digital photography. Articles in Scientific American, and others, have shown that still pictures can no longer be believed, since they are so easily altered. Computer technology now extends this to video (and live video, at that). Now with digital camcorders, who will believe the next "Rodney King" video clip? Not enough cops? Add some more! It will probably boil down to the integrity of the picture-taker. We shall soon see all those paragons of virtue --tabloid TV&print, network television, etc-- swearing that their images have not been digitally altered in any way, except when it brings in more revenue. :-) Harold W. Asmis harold.w.asmis@hydro.on.ca 416.592.7379 fax 416.592.5322
> The risks? If you're going to have a generic template, make it generic. > And if something bad happens once, it's going to happen again so fix it > after the first occurrence. I see the RISKs as more social than technical. Will this kind of thing happen in the future? Of course. Was it appropriate? No. Was the response of an $850K lawsuit appropriate? Absolutely not. It reminds me a lot of the Carl Sagan vs. Apple Computer lawsuit, and we all know how that turned out (or, if you don't, check out <http://www.info.apple.com/pr/press.releases/1996/q1/951115.pr.rel.sagan.html> ). Nevin ":-)" Liber nevin@CS.Arizona.EDU (520) 293-2799
In RISKS-18.18, Andrew Koenig <ark@research.att.com> writes: > Occam's Razor suggests a more general explanation: Images contain much more > information than text, regardless of content. I wouldn't quibble with his point that images contain more _data_. I do have a problem with the proliferation of a popular confusion that I am surprised to find coming from ATT. Claude Shannon long ago gave an excellent definition for "information" that relates it to "surprise" or perhaps "useful news". I submit that the average picture, especially on the Web, has a great deal _less_ information than the accompanying text, in the sense that the picture rarely contains anything a) worth much to the viewer or b) not deducible from the text. In the case mentioned, with 695K (400 pages?) of "text" versus 306K of image data, I find it truly astonishing that the _author_ would state: > In this case, a picture is worth much more than a thousand words. Does anybody really believe that someone would shell out the price of a very nice dinner (assuming without real basis that this is a _technical_ book, and thus priced in the neighborhood of 50 USD :-) for these two pictures? "Worth" must be used in some sense with which I am unfamiliar. Although the two pictures _cost_ as much about 51000 words, or about 25K words apiece, they aren't _worth_ as much. As for RISKs, when the technical community buys into popular misconceptions, such as "data == information" or "No more could be done about the abysmal reliability of commodity software", we are helping bring about the disasters we read about. An informed populace will be vital in the shaping of government response to the changes brought by computing. Repeating the mistakes of the un-informed will not bring this about. Mike Albaugh (albaugh@agames.com) Atari Games (now owned by Williams) 675 Sycamore Dr. Milpitas, CA 95035 voice: (408)434-1709
The Western Institute of Computer Science announces a week-long course on INTERNET SECURITY to be taught at Stanford University 29 Jul to 2 Aug 1996, headed by Arthur M. Keller (Stanford University), with 9 well-known folks. Try URL http://www-wics.stanford.edu/WICS.html or contact ark@DB.Stanford.EDU (Arthur Keller) for details.
FORMAL METHODS EUROPE FME'97 International Symposium and Tutorials 15--19 September 1997 The Technical University of Graz, Austria Sponsored by the Commission of the European Communities Call for Submissions The Technical University of Graz will host the fourth FME Symposium from 15 to 19 September 1997. It is being organised by Formal Methods Europe which is the advisory panel of the Commission of the European Communities. This will be the successor of six previous VDM and FME symposia which have been notably successful in bringing together users, researchers and developers of precise mathematical methods for software development. The theme of FME'97 is Formal Methods: Their Industrial Application and Strengthened Foundations. Symposium contributions will report advances in the field from developments in applicable theory to experiences in commercial application. The conference will also follow the previous successful pattern of offering tutorials, tools demonstrations, reports of industry usage and research papers. Categories of Papers: three kinds of full-length paper are solicited: 1. reports on industrial usage; 2. research papers on existing methods (for instance: extensions, innovative case studies); 3. articles on stimulating theoretical research with clear potential applicability. Authors are requested to mention the category (1, 2, or 3) of their papers when they submit. TOPICS The scope of the symposium includes, but is not limited to, the following topics: * Practical use, case studies * Comparisons of existing formal methods, extensions, improvement * Theoretical foundations * Tool support * Specification and refinement techniques * Verification against specifications * Development process * Linking formal and informal methods * Concurrency, real-time and reactive systems * Secure or/and safety-critical systems * Object orientation * Education and technology transfer Submissions are encouraged from the full range of application areas including medical systems, aerospace and avionics, telecommunication, traffic modelling and transportation systems, nuclear safety, process and off-shore industries. TUTORIALS There will be eight Tutorials, each lasting a half-day. They will be organised in two parallel tracks during 15 and 16 September. Proposals for tutorials are welcome. TOOL DEMONSTRATIONS Tool demonstrations will take place during the Symposium, with the opportunity for presentations to be made about each tool (video projectors will be available). Proposals for tool demonstrations are welcome and should be made to the Organising Chair, with whom provision of necessary computing facilities should be discussed. CHAIRS Organising Chair: Peter Lucas, IST, Technical University of Graz, A-8010 Graz, Muenzgrabenstrasse 11/II, Fax: +43 316 841 7566, Tel: +43 316 873 5712, Email: lucas@ist.tu-graz.ac.at Programme Co-Chairs: * Cliff Jones, Dept. of Computer Science, The University of Manchester, UK, Email: cbj@cs.man.ac.uk * John Fitzgerald, Centre for Software Reliability, The University of Newcastle, Newcastle upon Tyne NE1 7RU, UK, Fax: +44 191 222 8788, Tel: +44 191 222 7999, Email: John.Fitzgerald@ncl.ac.uk Programme Committee: Manfred Broy Technical University, Munich George Cleland Harlequin John Fitzgerald (co-Chair) CSR, Newcastle University Peter Froome Adelard Chris George United Nations University IIST Shinichi Honiden Toshiba Daniel Jackson Carnegie-Mellon University Cliff Jones (co-Chair) Manchester University Carlos Jose Pereira de Lucena Computer Science Department PUC Rio de Janeiro Doug McIlroy Bell Laboratories Brendan Mahony Defence Science and Technology Organisation Australia Lynn Marshall Northern Telecom (Nortel) Dominique Mery University Henri Poincare & IUF Peter D. Mosses BRICS, University of Aarhus Jose Oliveira University of Minho Nico Plat Cap Volmac Andrzej Tarlecki Warsaw University Martyn Thomas Praxis, Deloitte & Touche Consulting Group Rob Witty GEC Joakim von Wright Abo Akademi University Organising Committee: Andreas Bollin (Tools Exhibition), Brigitte Froelich, Gabriele Leitner, Richard Messnarz, Gerhard Pail (Accounting), Petra Pichler Local Organization: Graz Tourismus Ges.m.b.H SUBMISSIONS All papers and proposals for tutorials should be sent the Programme Co-chair, John Fitzgerald, at the address given above. Proposals for tool demonstrations should be sent to the organising chair. Submissions by electronic mail are not accepted. Format of submissions: * Full, original papers mentioning one of the three above categories (5 copies, 20 pages max; following the LNCS format is mandatory; a description of the format and Latex style files are available by anonymous ftp at ftp.springer.de in directory /pub/tex/latex/llncs or via the world-wide web in http://www.springer.de) * Proposals for tutorials (1/2 day, maximum 50 pp of notes) * Proposals for tool demonstrations (2 pages of presentation plus hardware and software requirements) Important dates: * Deadline for submission: 17 January, 1997 * Notification of acceptance sent to authors: 25 April, 1997 * Camera-ready copy due to publisher: 20 June, 1997 (latest date of arrival in Newcastle)
This page was copied from: | http://catless.ncl.ac.uk/Risks/18.19.html |
COPY! | |
COPY! |
by Michael Blume |