[risks] Risks Digest 23.03

From: RISKS List Owner (risko@private)
Date: Fri Nov 14 2003 - 11:35:58 PST

  • Next message: RISKS List Owner: "[risks] Risks Digest 23.04"

    RISKS-LIST: Risks-Forum Digest  Friday 14 November 2003  Volume 23 : Issue 03
    
       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
       ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
    
    ***** See last item for further information, disclaimers, caveats, etc. *****
    This issue is archived at http://www.risks.org as
      http://catless.ncl.ac.uk/Risks/23.03.html
    The current issue can be found at
      http://www.csl.sri.com/users/risko/risks.txt
    
      Contents:
    Whirled-Wide Web (Bertrand Meyer)
    TAB operator error in punter's favour (David Shaw)
    Astonishing electronic voting "glitch" (Steve Summit)
    The computer is ALWAYS right (Charles Lamb)
    Re: California halts e-vote certification (David E. Ross)
    More on Diebold installing uncertified software in California (PGN)
    Re: A new risk for electronic voting (Steven M. Bellovin)
    Report raises more questions about voting machines (EPIC)
    Belkin: Another protocol-violation-to-sell-products risk (Tim Bradshaw)
    New definition of "Fish 'N Chips" (Jim Schindler)
    Minnesota CriMNet shutdown (Steven Hauser)
    FBI's reach into records is set to grow (Monty Solomon)
    High-tech microscopes expose Americans' private lives (Monty Solomon)
    A heavily used RISKY website: France Telecom (Peter Kaiser)
    Holes found in online job search privacy (Brian Berstein via Monty Solomon)
    Security patching: a story from the trenches (Rex Black)
    Bank scam with spaces in trick URL (Mark Brader)
    Computers in cars: "When you add complexity you add risks" (Richard I Cook)
    Abridged info on RISKS (comp.risks)
    
    ----------------------------------------------------------------------
    
    Date: Sun, 09 Nov 2003 11:50:46 +0100
    From: Bertrand Meyer <Bertrand.Meyer@private>
    Subject: Whirled-Wide Web
    
    Source: Le Monde, 30 October 2003,
    http://www.lemonde.fr/txt/article/0,1-0@2-3228,36-340095,0.html
    
    Spiders are not new to the RISKS bestiary (see 18.46 and 18.58) but I don't
    recall seeing this particular issue.  On 28 Oct 2003, the local listeners of
    two national radio stations were surprised to hear that it was snowing in
    Dinard.  That's a town in Brittany, which has a mild oceanic climate; snow
    in October would be exceptional.  The error, corrected after half an hour,
    was due to early-morning frost on the web woven by a spider on one of the
    weather station's sensors.  "The computer" interpreted frost as snow,
    enabling the regional management of Meteo France to claim that the sensor
    functioned correctly.  (It did detect the frost!)  They added that that the
    system has been working "perfectly" since its installation, to the great
    satisfaction of its users.
    
    Before that system was put in place, the airport employed three people to
    gather weather data.  They have now been replaced by sensors.  The resulting
    information, collected 24x7, is updated every 30 minutes and made publicly
    available, in particular for pilots.
    
    Daytime weather reports are checked by a human, but not those issued at night.
    
    Bertrand Meyer, ETH, Zurich http://se.inf.ethz.ch
    Eiffel Software, Santa Barbara http://www.eiffel.com
    
      [Subject line PGN-spun]
    
    ------------------------------
    
    Date: Fri, 14 Nov 2003 16:42:09 +1100
    From: David Shaw <dshaw@private>
    Subject: TAB operator error in punter's favour
    
    A punter [US: gambler] collected AUD$2.6 million after a TAB operator
    incorrectly entered his trifecta bet on the 2003 Melbourne Cup, Australia's
    most prestigious horse-race.  It seems this system offers the punter the
    choice as to whether their bets are read back to them.  He phoned in a $6
    trifecta 20 times for the winning combination of the Melbourne Cup.
    However, the TAB operator mistakenly entered the bet 203 times, resulting in
    the huge windfall.  He had elected not to have the bets read back and was
    unaware of the error at the time.  On discovering the windfall in his bank
    account, he called the TAB, expecting this to have been a mistake.  The TAB
    rules state that if you do not have your bets read back to you, you are
    forced to honor the bet, win or lose.  So, he was forced to accept the
    winnings!  Quite a remarkable tale!  [PGN-ed]
    
    ------------------------------
    
    Date: Wed, 12 Nov 2003 12:42:51 -0500
    From: Steve Summit <scs@private>
    Subject: Astonishing electronic voting "glitch"
    
    The *Indianapolis Star* 
        http://www.indystar.com/articles/6/091021-1006-009.htm
    reported on the latest case of anomalous e-voting results.  Last Tuesday's
    Boone County election, using MicroVote software returned about 144,000
    votes, with only 19,000 registered voters.  After further review, the 5,352
    votes were claimed to have been recorded.  With yet another mistake, does
    anyone still trust closed-source electronic voting?  [PGN-ed]
      [http://yro.slashdot.org/article.pl?sid=03/11/12/1320208
    
    It's interesting to wonder what might have happened if the initial
    inaccurate result had not been so glaringly obvious ...
    
    ------------------------------
    
    Date: Thu, 13 Nov 2003 01:06:52 -0500
    From: "Charles Lamb" <clamb@private>
    Subject: The computer is ALWAYS right
    
    According to an article in the Newark NJ *Star-Ledger*, the town of
    Southington, CT was testing the Avante International Vote-Trakker machine in
    an actual election.  It had a special feature which displays a printout of
    the cast vote for voter confirmation.  This feature was nullified by the
    registrar who refused to do anything about a voter's claim her confirmation
    printout didn't match her vote.
      http://www.nj.com/search/index.ssf
      ?/base/news-11/1068444794272720.xml?starledger?ntop
    
    ------------------------------
    
    Date: Sat, 08 Nov 2003 17:03:56 -0800
    From: "David E. Ross" <david@private>
    Subject: Re: California halts e-vote certification
    
    While the reported problem in Alameda County was that uncertified software
    was loaded into the voting terminals, this is really far more serious.  The
    security of Diebold's touch-screen voting system is so weak that someone
    outside of Alameda County's election office (someone working for Diebold)
    had access to make unauthorized changes to the vote-counting software.
    
    David E. Ross <http://www.rossde.com/>
    
    ------------------------------
    
    Date: Thu, 13 Nov 2003 12:13:54 PST
    From: "Peter G. Neumann" <neumann@private>
    Subject: More on Diebold installing uncertified software in California
    
    The *Los Angeles Times* today has an article relating to Diebold's Accuvote
    touchscreen voting machines, by Allison Hoffman and Tim Reiterman, entitled
    "Secretary of State Orders Audit of All Counties' Voting Systems: Review of
    upgraded touchscreen software leads to discovery that two registrars
    installed it without state's OK."  Los Angeles Registrar Conny McCormack is
    quoted as saying, "All of us have made changes to our software -- even major
    changes -- and none of us have gone back to the secretary of state.  But it
    was no secret we've been doing this all along.  [Secretary of State Kevin
    Shelley] knew we were making changes."
    
      http://www.latimes.com/news/local/la-me-voting13nov13,1,531224.story
      ?coll=la-headlines-california
    
    Shelley's news release announcing the investigation is online at
      http://www.ss.ca.gov/executive/press_releases/2003/03_100.pdf
    
    It must be noted (by PGN) that the Federal Election Commission standards
    against which these systems have been certified are so weak that all sorts
    of serious problems can remain despite certification.  But patching is
    apparently commonplace AFTER certification.  In some cases, the software
    actually has to be CHANGED to accommodate each different ballot face, and
    think of what Trojan horses might be able to sneak in as a result of that!
    
    ------------------------------
    
    Date: Sat, 08 Nov 2003 15:32:10 -0500
    From: "Steven M. Bellovin" <smb@private>
    Subject: Re: A new risk for electronic voting
    
    It's worth remembering that mechanical voting machines have their own risks.
    The "programming" of the traditional lever machines still used in New York
    is an arcane art, and in some ways less susceptible to auditing than
    electronic machines -- each machine is set up individually, so every machine
    is in some sense configured independently.  The write-in mechanisms are, to
    say the least, arcane, and it's very hard for election officials to read
    votes scrawled in a too-small space, with a blunt pencil, written at an
    improbable angle.  (In my town a few years ago, there was a massive (and
    successful) write-in campaign a few years ago, when it was discovered that
    only three candidates were running for the three vacant seats on the school
    board and one of the three was from a seriously fringe party.)
    
    Me -- I avoided my county's touch screen machines by voting absentee -- I
    was out of down last Tuesday, which let me qualify for a mark sense ballot.
    Of course, I have no idea if it was actually readable, since there was no
    check machine in the county clerk's office...
    
    ------------------------------
    
    Date: Thu, 13 Nov 2003 17:20:30 -0500
    From: EPIC Info <info@private>
    Subject: Report raises more questions about voting machines 
    
      (From EPIC Alert 10.23:)
    
    The Congressional Research Service (CRS) of the Library of Congress has
    presented to Congress a report entitled, "Election Reform and Electronic
    Voting Systems: Analysis of Security Issues."  The report was written in
    response to rising concern and questions regarding new electronic voting
    systems after recent allegations that these systems use software that is
    subject to alarming security vulnerabilities. The report analyzes the
    controversy surrounding direct recording electronic (DRE) voting machines -
    the first fully computerized voting system - while putting it in the larger
    context of election practices and voting machine development.  It details
    the types of threats and vulnerabilities that could jeopardize the voting
    process, as well as the specific complaints broached by security experts.
    
    While the CRS took pains not to take a position in the debate, it does
    recognize that recent analysis demonstrates the existence of security flaws
    in DREs, which are cause for concern.  As the report states, "at least some
    current DREs clearly exhibit security vulnerabilities.  Those
    vulnerabilities pose potential ... risks to the integrity of elections."  It
    goes on to list a number of different proposals being advocated to address
    these vulnerabilities, including ensuring that security protocols are
    followed, improving the standards and certification process for voting
    machines, use of open source computer code, and improvements in
    verifiability and transparency.  The last point is one that computer
    scientists and voting activists have been pushing for, specifically by
    requiring voter-verifiable paper print-outs of vote selection for voters to
    review.  The CRS stops short of issuing any recommendations, but does
    indicate that further investigation and action should be taken regarding
    this matter.
    
    The CRS Report on electronic voting is available at:
          http://www.epic.org/privacy/voting/crsreport.pdf
    For background information, see EPIC's Voting page at:
          http://www.epic.org/privacy/voting
    
    ------------------------------
    
    Date: Wed, 12 Nov 2003 13:33:42 +0000
    From: Tim Bradshaw <tfb@private>
    Subject: Belkin: Another protocol-violation-to-sell-products risk
    
    The Register (http://www.theregister.co.uk/content/69/33858.html) has been
    reporting a Belkin wireless router which, once every 8 hours, picks an HTTP
    request and redirects it to a web page advertising Belkin's parental-control
    system.  Belkin seem to have now
    (http://www.theregister.co.uk/content/6/33918.html) promised a firmware
    upgrade which disables this feature.  How many people will install it is
    another question.
    
    Other than the obvious offensiveness of this kind of thing, there are
    horrible dangers involved.  I could be half way through some transaction
    over the web, and have my *router* unilaterally, decide to redirect my
    requests somewhere else.  Worse, a *program* could be doing it, and it might
    not even spot that something odd had happened.  Any cache this side of the
    router will get randomly poisoned, and so on. This is just a stupid,
    dangerous thing to do.
    
    Together with the recent Verisign `Site Finder' service reported in
    RISKS-22.91, this seems to be the beginning of something new and, I think,
    worrying: important protocols (such as routing or DNS) are being usurped to
    sell advertising.  Both of the cases mentioned here are sufficiently clumsy
    that they're likely to have hurt the usurper more than the users of these
    protocols, but I suspect things will be more subtle and insidious in due
    course.  There's nothing wrong with advertising as such, but if it results
    in an infrastructure where no one can trust anything to actually work the
    way it is meant to, I think there's a significant problem.
    
    ------------------------------
    
    Date: Wed, 12 Nov 2003 22:56:36 -0800
    From: Jim Schindler <Jimschin@private>
    Subject: New definition of "Fish 'N Chips"
     
    Chips in Fish Help Net Australian Cod Poachers, 6 Nov 2003
      http://story.news.yahoo.com/news
      ?tmpl=story&cid=1516&ncid=1516&e=5&u=
      /afp/20031106/od_afp/australia_fish_offbeat_031106194455 
    
    Australian fisheries investigators have wrapped up [with fish wrap?] an
    illegal poaching operation after inserting microchips into fish then
    tracking them to the culprits' freezer, officials said.  Victoria state
    Fisheries Minister Bob Cameron said the hi-tech sting began when officers in
    his department found an illegal fishing net in a creek in the state's
    northwest.  The officers inserted microchips under the skin of the golden
    perch and murray cod caught in the net then returned them and waited for the
    poachers to turn up.  The fish had disappeared a day later and when officers
    stopped the poachers' vehicle they could find no trace of the
    animals.  However, a subsequent search of their home uncovered fillets in the
    freezer, complete with microchips still emitting signals to the fisheries
    officers' tracking devices.  [...]
    
      [Thus restoring cod peace to its perch in the "inter" net?  PGN]
     
    ------------------------------
    
    Date: Sat, 8 Nov 2003 12:00:24 -0600 (CST)
    From: Steven Hauser <hause011@private>
    Subject: Minnesota CriMNet shutdown
    
    Minnesota has a large database of millions of records of police activity and
    incident data compiled on its citizens. The data is not owned by the
    government but an extra-legal private entitity, the Minnesota Chiefs of
    Police Association. This alone is scary, no recourse for inaccuracy, no way
    to assure data is not leaked or used for political or commercial purposes.
    News articles show it may have been used in political demonstrations to
    target citizens.
    
    Good "death squad" database.
    
    It was also hacked by an unidentified whistleblower who gave State
    Representative Mary Liz Holberg supposedly private data about herself.  The
    cops are pressuring the Representative to turn over the whistleblower for
    prosecution, but the Representative has not yet squealed.  This incident
    caused the system to be shut down.
    
    Google search on CriMNet or MJNO to get more articles.  
    
      [The Internetted system is of course thought to be secure because it is
      password protected!  There's a LONG article by Patrick Howe.  PGN]
      http://www.twincities.com/mld/pioneerpress/news/politics/7154217.htm
    
    ------------------------------
    
    Date: Thu, 13 Nov 2003 01:12:31 -0500
    From: Monty Solomon <monty@private>
    Subject: FBI's reach into records is set to grow
    
    A little-noticed measure approved by both the House and Senate would
    significantly expand the FBI's power to demand financial records, without a
    judge's approval, from securities dealers, currency exchanges, car dealers,
    travel agencies, post offices, casinos, pawnbrokers and any other
    institution doing cash transactions with "a high degree of usefulness in
    criminal, tax or regulatory matters."
      [Source: Eric Lichtblau, *The New York Times*, 12 Nov 2003; PGN-ed]
      http://www.nytimes.com/2003/11/12/politics/12RECO.html
    
    ------------------------------
    
    Date: Thu, 13 Nov 2003 00:51:20 -0500
    From: Monty Solomon <monty@private>
    Subject: High-tech microscopes expose Americans' private lives
    
    Don Campbell, USA Today, 10 Nov 2003
    
    Too many of us [accept] the argument that the concept of personal privacy in
    the Internet era is as outdated as the Model T.
    
    Americans can get pretty upset about the ways in which modern technology
    drives us nuts - such as telemarketers who disrupt our dinner and spam
    e-mailers who make pornographic sales pitches.
    
    But a more insidious invasion of Americans' privacy quietly has taken root
    in Florida. It has received little attention from the media except in
    Florida and a handful of other states being recruited to join the
    enterprise. The project underscores how our fascination with technology
    blinds us to violations of our privacy - and highlights the inadequacy of
    today's mishmash of federal and state privacy laws.
    
    "MATRIX," an acronym for Multistate Anti-Terrorist Information Exchange, is,
    according to its creator, the largest database on the planet, with more than
    20 billion records. Working with the Florida Department of Law Enforcement
    (FDLE) and $12 million in federal funding, a company called Seisint designed
    MATRIX with the objective of compiling an electronic dossier on every
    citizen in the nation.
    
    Not surprisingly, the cover story is that MATRIX is needed to fight
    terrorism. If that doesn't ping the strings of your patriotic heart, it's
    also being touted as the cat's meow when it comes to catching kidnappers and
    child molesters.  ...
    
    http://www.usatoday.com/news/opinion/editorials/2003-11-10-campbell_x.htm
    
    ------------------------------
    
    Date: Thu, 13 Nov 2003 18:29:40 +0100
    From: Peter Kaiser <la--a@p-k.ch>
    Subject: A heavily used RISKY website: France Telecom
    
    I am not in France at the moment, but I need to order telephone service in
    France, so I went to France Telecom's web site, which advertises itself as
    secure.  One eventually finds a button for the order page: a popup window
    with minimal decoration and no outward indication of security -- that is, no
    "locked/unlocked" symbol.  The page asks for exactly the kind of information
    you don't want to become public, including bank details, etc.
    
    It isn't secured.  The information isn't encrypted before being sent.  I 
    informed France Telecom of this by e-mail, including mentioning that the 
    page appears to violate European law on the protection of personal 
    information.  A customer service representative replied:
    
      "Thousands of orders are placed on francetelecom.com every day, we have
       not been informed of problems encountered as a result of orders made on
       our site."  [P-K's translation.  PGN]
    
    I'm not reassured by this glib response, traditional though it may be.
    
    The customer rep gave a number to call to order service by telephone, but
    that number -- as she knows, just as she knows I am not in France -- is
    unusable outside France, which places added pressure to use the unsecured
    website.  If France Telecom left the security symbol on the order page, at
    least people would have the information to make an informed choice of
    whether to proceed, but it has been deliberately hidden.  And the informed
    choice is irrelevant to the laws protecting personal information; those are
    an obligation on the business, not a choice by the client.
    
    Directing "thousands" of such orders daily, unencrypted, to a well-known 
    Internet destination is a risk for both the customers and France 
    Telecom.  Perhaps France Telecom considers identity theft a uniquely 
    American crime, but I wonder if anyone at a responsible level is aware of 
    the legal issues under European law of protecting exactly this kind of 
    information.  European courts seem to take these issues seriously, I'm glad 
    to say.
    
    ------------------------------
    
    Date: Wed, 12 Nov 2003 08:41:05 -0500
    From: Monty Solomon <monty@private>
    Subject: Holes found in online job search privacy (Brian Berstein)
    
      Brian Bergstein, AP Online, 11 Nov 2003
      http://finance.lycos.com/home/news/story.asp?story=36422485
    
    Some career Web sites, recruitment services and automated job-application
    kiosks offer flimsy privacy protections and might even violate employment
    and credit laws, a report released Tuesday asserts.  Many job sites still
    let too much information from resumes posted online get into the hands of
    third parties through online "cookies" that monitor Web surfing, according
    to the report, led by Pam Dixon, formerly of the University of Denver's
    Privacy Foundation and now head of her own group, the World Privacy Forum.
    The report also faults self-service job application computers commonly used
    by chain stores.  It says they almost always demand social security numbers
    and perform background checks on applicants without clearly stating who will
    see the information.  Dixon is urging job seekers to demand more stringent
    privacy protections.  She also wants the Federal Trade Commission and the
    Equal Employment Opportunity Commission to look more closely at how job
    sites and recruitment services handle information.  ...
    
    ------------------------------
    
    Date: Sat, 08 Nov 2003 13:53:00 -0600
    From: Rex Black <rexblack@private>
    Subject: Security patching: a story from the trenches 
    
    I have a Dell Latitude running Windows 2000 with service pack 2 (I believe).
    It is my back-up laptop.  While on a business trip to Denver, my regular
    laptop suffered a failure due to a poorly-designed and poorly-tested power
    connector on the motherboard (another story).  No problem, thought I, I'll
    use the Dell laptop.  I had about five days between my return from Denver
    and my departure on my next trip to Tel Aviv.
    
    Given all the security nonsense going on, I felt compelled to install the
    latest security patches from Microsoft's Web site.  During the course of the
    first attempt to do so, my system was infected by the Blaster Worm.
    Fortunately, I have Symantec's Ghost utility running on the system, and I
    could revert to the old OS install and start all over.
    
    This time, I resolved to install--and update--Norton Internet Security and
    Norton Antivirus prior to loading the security patches.  During the course
    of updating the security and virus definitions, my system was again infected
    by the Blaster Worm.  However, this time around, with the help of
    information and a free utility on Symantec's Web site, I was able to remove
    the worm.
    
    I then went to apply the security patches again.  This time, one of the
    patches did something untoward to my system and it started crashing.  Since
    three days had passed at this point and I was due to leave for Tel Aviv
    soon, I didn't have time to isolate the bug.  My guess is that the patch was
    not compatible with my particular system configuration.
    
    So, I reinstalled Windows 2000 from the Ghost image yet again, reloaded all
    my applications yet again (including Norton Internet Security and Norton
    Antivirus), updated the security and virus definitions yet again (escaping
    infection this time), and skipped the security patches.  I'm going to trust
    Norton Internet Security, Norton Antivirus, and daily updates to those
    programs to protect me, because I can't trust the Microsoft security patches
    to be adequately tested.
    
    Salient points:
    
    1. One major quality risk for patches of any kind is regression (the failure
    of what heretofore worked).  For any emergency patch, there is simply no
    time to repeat all the tests run against the regular release.  Since
    security patches might well involve code deep within the operating system,
    it's no surprise to me that this failure to adequately regression test the
    patches resulted in a major incompatibility bug escaping to the field.
    
    2. Regression bugs, particularly those where new code breaks existing
    functionality, can easily result in a maintenance release or patch resulting
    in a lower (rather than higher) level of system quality.  Regression bugs
    might be relatively rare, but, as this case points out, they can be very
    dangerous.
    
    3. It was already frustrating to have to spend about a day moving all my
    data and applications from my primary laptop to my backup laptop.  Almost
    all of that time was spent installing applications on the backup system.
    
    4. Add to that frustration the fact that I had to go through the "install
    OS-reinstall apps-update apps" process three times--twice more than had the
    problem not occurred in the first place.
    
    All told, rack up three lost days of productivity to security bugs and
    general clunkiness in the Microsoft OS.  At my usual consulting rates,
    that's thousands of dollars of lost time.  Will Microsoft reimburse me for
    that?  No way.  Does that experience make me receptive to the idea of
    switching to some other desktop platform (Linux, Mac, whatever)?  You bet.
    Am I more-than-ever convinced of the importance of thorough testing,
    including regression testing, of any software release?  Absolutely.
    
    Rex Black Consulting Services, Inc., 31520 Beck Road, Bulverde, TX 78163 USA
    +1 (830) 438-4830  www.rexblackconsulting.com
    
    ------------------------------
    
    Date: Thu, 13 Nov 2003 17:23:45 -0500 (EST)
    From: msb@private (Mark Brader)
    Subject: Bank scam with spaces in trick URL
    
    We have previously seen examples of scams involving a trick URL, where the
    part immediately after "http://" is not the real domain name.  But here now
    is a variant that I haven't heard of before -- making cleverly deceptive use
    of spaces.
    
    A former co-worker, Donald Teed, reports receiving what at first looked like
    one more normal message from an Internet-aware company.  He describes it as
    follows: "The e-mail will appear to come from the bank, using the correct
    domain, and the link in the e-mail will appear to be a link to the bank,
    using the correct URL."  The bank in this case was Capital City Trust
    <http://www.capcity.ab.ca/>.  But the actual URL was like this:
    
      <a href="http://www.capcity.ab.ca 
    
    
     
      :UserSession=00000000000000000000000000000
      &userrstste=SecurityUpdate&StateLevel=CameFrom@private">
      http://www.capcity.ab.ca/>
    
    Where you see a row of 0's, I have replaced the characters that were
    originally there, to prevent anyone from following this link by accident.
    Where you see blank lines, there were originally a large number of spaces.
    
    So the link claims to go to www.capcity.ab.ca, and if your browser shows you
    the URL before you select the link, it'll be truncated to a reasonable
    length and you'll see the part before the row of spaces and *still* think
    it's going to www.capcity.ab.ca.
    
    And then when you get to the actual site, which is at 10-cheapdesign.com,
    you'll find, as Donald says, "a complete clone copy of the bank's actual Web
    site" -- only, of course, what it does is capture your account and password
    information so the bad guys can impersonate you.
    
    There are days when I'm really glad I don't read e-mail in a Web browser.
    
    Mark Brader, Toronto  msb@private         
    
      [The site has now been shut down.  PGN]
    
    ------------------------------
    
    Date: Thu, 13 Nov 2003 07:36:58 -0600
    From: Richard I Cook <ri-cook@private>
    Subject: Computers in cars: "When you add complexity you add risks" (R-23.02)
    
    The reporter noted a consumer asking, "Why does it have a computer that
    reads the problems if they can't fix them?"
    
    Although it makes me a bit of an old geezer to admit it, Bill Karcher framed
    this idea in the early 1970's. One of the systems software heavies from
    Control Data Corporation (the original 'supercomputer' maker), Karcher's Law
    was "Don't check for error conditions you are not prepared to handle." This
    was particularly important when memory and processor cycles were at a
    premium.
    
    The problem described by this reporter is a common one, namely, "punt to the
    user" style systems. The idea that the user will be able to manage all the
    fault conditions that the computer can detect leads, inexorably, to
    unusuable systems. Of course, even if the history of such a system is that
    it produces lots of false or misleading information or behaves strangely or
    unintelligibly, whenever an over failure does occur, the user will be blamed
    for having ignored the warning.
    
    ------------------------------
    
    Date: 7 Oct 2003 (LAST-MODIFIED)
    From: RISKS-request@private
    Subject: Abridged info on RISKS (comp.risks)
    
     The RISKS Forum is a MODERATED digest.  Its Usenet equivalent is comp.risks.
    => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
     if possible and convenient for you.  Alternatively, via majordomo,
     send e-mail requests to <risks-request@private> with one-line body
       subscribe [OR unsubscribe]
     which requires your ANSWERing confirmation to majordomo@private .
     If Majordomo balks when you send your accept, please forward to risks.
     [If E-mail address differs from FROM:  subscribe "other-address <x@y>" ;
     this requires PGN's intervention -- but hinders spamming subscriptions, etc.]
     Lower-case only in address may get around a confirmation match glitch.
       INFO     [for unabridged version of RISKS information]
     There seems to be an occasional glitch in the confirmation process, in which
     case send mail to RISKS with a suitable SUBJECT and we'll do it manually.
       .UK users should contact <Lindsay.Marshall@private>.
    => SPAM challenge-responses will not be honored.  Instead, use an alternative 
     address from which you NEVER send mail!
    => The INFO file (submissions, default disclaimers, archive sites,
     copyright policy, PRIVACY digests, etc.) is also obtainable from
     http://www.CSL.sri.com/risksinfo.html  ftp://www.CSL.sri.com/pub/risks.info
     The full info file will appear now and then in future issues.  *** All
     contributors are assumed to have read the full info file for guidelines. ***
    => SUBMISSIONS: to risks@private with meaningful SUBJECT: line.
     *** NEW: Including the string "notsp" at the beginning or end of the subject
     *** line will be very helpful in separating real contributions from spam.
     *** This attention-string may change, so watch this space now and then.
    => ARCHIVES: http://www.sri.com/risks
     http://www.risks.org redirects you to the Lindsay Marshall's Newcastle archive
     http://catless.ncl.ac.uk/Risks/VL.IS.html      [i.e., VoLume, ISsue]
       Lindsay has also added to the Newcastle catless site a palmtop version 
       of the most recent RISKS issue and a WAP version that works for many but 
       not all telephones: http://catless.ncl.ac.uk/w/r
     http://the.wiretapped.net/security/info/textfiles/risks-digest/ .
     http://www.planetmirror.com/pub/risks/ ftp://ftp.planetmirror.com/pub/risks/
    ==> PGN's comprehensive historical Illustrative Risks summary of one liners:
        http://www.csl.sri.com/illustrative.html for browsing,
        http://www.csl.sri.com/illustrative.pdf or .ps for printing
    
    ------------------------------
    
    End of RISKS-FORUM Digest 23.03
    ************************
    



    This archive was generated by hypermail 2b30 : Fri Nov 14 2003 - 12:11:50 PST