RISKS-LIST: Risks-Forum Digest Thursday 19 July 2007 Volume 24 : Issue 74
ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy
***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/24.74.html>
The current issue can be found at
<http://www.csl.sri.com/users/risko/risks.txt>
Contents:
"Microsoft Copy Protection Cracked Again" and who's surprised? (Fred Reinke)
Re: Microsoft protects me against ... Microsoft (Peter Mellor)
Re: Space Shuttle uses 2-version programming (A. Marc Passy)
N-version programming & low-probability events (Henry Baker)
Re: Hurricane forecasting uncertainty (Jonathan Kamens)
Re: Gripen: Risks of safety measures in military jet (Name withheld)
Re: Search Engine Dispute Notification (Lauren Weinstein, Nick Brown,
Paul Schreiber)
Abridged info on RISKS (comp.risks)
----------------------------------------------------------------------
Date: Tue, 17 Jul 2007 14:32:42 -0400
From: Fred Reinke <reinkefj@private>
Subject: "Microsoft Copy Protection Cracked Again" and who's surprised?
Jessica Mintz, AP, 17 Jul 2007
Microsoft Copy Protection Cracked Again
http://www.breitbart.com/article.php?id=2007-07-17_D8QEFI3O1
<http://www.breitbart.com/article.php?id=2007-07-17_D8QEFI3O1&show_article=1&cat=breaking> &show_article=1&cat=breaking
Microsoft Corp. is once again on the defensive against hackers after the
launch of a new program that gives average PC users tools to unlock
copy-protected digital music and movies.
The latest version of the FairUse4M program, which can crack Microsoft's
digital rights management system for Windows Media audio and video files,
was published online late Friday. In the past year, Microsoft plugged
holes exploited by two earlier versions of the program and filed a federal
lawsuit against its anonymous authors. Microsoft dropped the lawsuit after
failing to identify them.
The third version of FairUse4M has a simple drag-and-drop interface. PC
users can turn the protected music files they bought online-either a la
carte or as part of a subscription service like Napster-and turn them into
DRM-free tunes that can be copied and shared at will, or turned into MP3
files that can play on any type of digital music player.
Like an arms race, the DRM folks are spending a lot of cycles on a failing
paradigm.
Like putting lipstick on the proverbial pig, it annoys their paying
customers and is pretty ugly! Some of my biggest irritations, in my
computing career, have been at the hands of "copy protection". Couple that
with bad, or non-existent, support and you have the seeds of a revolt.
I now don't buy content online -- music or other kinds -- if it has copy
protection. I have a lot of expensive 8 tracks, cassettes, and cds of
"content" that are unusable. Add to that "software", which has stopped
working, stopped being supported, or otherwise orphaned.
My most recent experience was with MusicMatch JukeBox being acquired by
Yahoo and forced to "upgrade". This was one of my last purchases, excuse me
"licensing" -- what "barbara streisand"!! -- before my new policy of "no
more".
"No more" locked content. "No more" buying software, excuse me licensing it,
from vendors who are one step below used car salesmen. "No more" operating
systems that require "activation" and have "self-help" provisions.
I look to the open source software makers and happily "donate" to their
projects.
I'm calling out the content makers, "software" licensors, and the entire
Microsoft empire as the hucksters they are. At least the snake oil sales men
of yesteryear didn't try and make you "license" the bottle! A plague on all
their houses.
Imagine how I'll be when I get old and crotchety!
Ferdinand J. Reinke, Kendall Park, NJ 08824 http://www.reinke.cc/
blog http://www.reinkefaceslife.com/ http://www.reinkefaceslife.com/
------------------------------
Date: Tue, 17 Jul 2007 21:40:07 EDT
From: MellorPeter@private
Subject: Re: Microsoft protects me against ... Microsoft (RISKS-24.73)
On 17 Jan 2007 I suffered a very similar incident. I had accepted
Microsoft's regular automatic updates to Windows XP without problem for some
time. On this occasion, it did a massive update taking over an hour, and I
saw that my system had been upgraded from Service Pack 1 (SP1) to SP2. When
I rebooted as instructed so that the upgrade could take effect, the reboot
failed.
To overcome this I had to re-install Windows XP at SP1 level from the issue
disk, and then recover various other facilities such as my broadband
wireless connection. It took me until the end of January before I had a
satisfactorily working system again (at SP1).
I have disabled automatic updating.
I kept detailed notes of the problem and how I overcame it, in case anyone
is interested in a blow-by-blow account.
Peter Mellor; Mobile: 07914 045072; email: MellorPeter@private
Telephone and Fax: +44 (0)20 8459 7669
------------------------------
Date: Wed, 18 Jul 2007 09:32:59 -0500
From: "A. Marc Passy" <marc.public@private>
Subject: Re: Space Shuttle uses 2-version programming (PGN, RISKS-24.73)
> PGN: As I understand it, the following is true: the FIFTH computer is not
> fully functional -- it is intended to have just enough programming to land
> the shuttle in the event that the four main computers all fail. Testing
> it safely under live conditions where the first four computers are
> inoperable is essentially undesirable, if not practically impossible. The
> fifth system has never been invoked.
Mostly true, but it has been tested extensively in simulation. (It actually
has both Ascent & entry functions - just no orbital functions. It can get
you to orbit, just not do anything there but bring you home.)
> PGN: "Worse yet, it has most likely not been maintained for compatibility
> with the other four. "
This is Flat Wrong. EVERY change to Shuttle software is evaluated for both
PASS (primary Software) and BFS (Backup) impacts. It is maintained to
EXACTLY the same standards as the PASS. (Though now, by just a different
workgroup, not a whole different company.)
Marc Passy, Former NASA Flight Controller
[Marc, TNX for that. I appreciate your expert view. However, "tested
extensively in simulation" strikes my formal-methods funny-bone rather
oddly, given all the risks of what might be called `proof by simulation'.
But I am glad to hear that PASS/BFS incompatibilities are not a problem.
PGN]
------------------------------
Date: Thu, 19 Jul 2007 09:08:08 -0700
From: Henry Baker <hbaker1@private>
Subject: N-version programming & low-probability events
I've seen too many people dismiss errors that occur only once in 10^9 or
even in 10^12 events. These seem like very small probabilities, which most
people would suggest are acceptable error rates. However, with today's
video files growing to 100 or 1000 gigabytes (hidef 10 MByte/sec for 10,000
secs = 100 GBytes), we now are facing even chances of errors *on every
single video file*. If such an error occurs in the portion of the file
which indicates its structure, one can easily lose substantial fractions of
the entire file.
Another way to think about this problem is the following thought experiment,
which was prompted by the "branch prediction" capability of today's
microprocessors. Program a loop to execute 10^12 times, which is feasible
on today's processors. Since the probability of exiting the loop is 10^-12,
and therefore negligible, we can dispense with the exit test entirely and
replace the loop with an infinite loop. QED
------------------------------
Date: Tuesday, July 10, 2007 9:03 AM
From: Jonathan Kamens <jik@private>
Subject: Re: Hurricane forecasting uncertainty (Gresko, RISKS-24.69)
> The National Oceanic and Atmospheric Administration chief has said written
> that the anticipated failure of QuikScat ("an aging weather satellite
> crucial to accurate predictions on the intensity and path of hurricanes",
> launched in 1999 and designed to last only a few years) could add
> uncertainty to forecasts and broaden the areas over which hurricane
> warnings and watches would have to be invoked.
For the record, Bill Proenza, the "chief" referred to above, has now been
replaced, in no small part because of his public statements about the
QuickScat risk.
Much of the staff at the NOAA's hurricane center disagreed with Proenza
about the risk, and they were concerned that his the-sky-is-falling message
might prompt Congress not to budget more money to replace QuickScat, but
rather to take money from other parts of the NOAA budget which the staff
felt were more important.
They first attempted to air their concerns privately. When that failed to
have any effect, they published a letter, signed by 23 of the center's 50
employees, demanding his ouster. A quote from the letter: "The center needs
a new director, and, with the heart of the hurricane season fast
approaching, urges the Department of Commerce to make this happen as quickly
as possible. The effective functioning of the National Hurricane Center is
at stake."
Jonathan Kamens, IT Manager / Principal Engineer, Tamale Software
320 Congress Street, Boston, MA 02210 1-617-261-0264 ext. 133
------------------------------
Date: Wed, 18 Jul 2007 16:02:44 +0100 (BST)
From: Name withheld by request
Subject: Re: Gripen: Risks of safety measures in military jet (Mellor, R-24.73)
> "Perhaps someone familiar with the Eurofighter could supply some
> authoritative information"
Eurofighter Typhoon has no automatic initiation of the Escape System other
than linking the front and rear cockpits in the two seat variant, but even
in this case the escape system has to be initiated by the aircrew.
Regarding the initiation of the escape system in Gripen allegedly by the
anti-g suit, I find this highly unlikely. The Gripen uses the Martin-Baker
Mk10 ejection seat, you can see some details here:
http://www.martin-baker.com/Products/Ejection-Seats/Mk--10.aspx
The picture clearly shows the firing handle. In order to initiate the
ejection the handle must be pulled to release it from its retaining bracket;
on the Mk10 seat this will require a force of at least 15 pounds and then
the handle must be pulled further (probably around one inch) whilst
maintaining a force of at least 15 pounds.
You can see that the seat firing handle sits very close to what Monty Python
referred to as "the naughty bits". Inflation of the anti-g trousers, if they
contact the firing handle, is likely to impart force on either side of the
handle in a sideways direction but none (or very little) in the upwards
direction that is necessary to fire the system.
The handle itself is flexible and can be deformed; it's like stiff wire, so
if the anti-g suit is responsible then it must impart at least 15 pounds of
force upwards after deforming the handle and move the handle at least one
inch. Something which I really can't see happening.
Typhoon uses the Martin-Baker Mk16A seat which, in terms of how the aircrew
operate the escape system, is very similar to the Mk10 except that at least
30 pounds of force is needed to lift the handle.
To date there have been no un-commanded ejections from Typhoon.
Interestingly enough, looking at the Martin-Baker web-site the F35 Lightning
II (JSF) uses a Mk16E seat which does have an auto initiate capability
though I have no idea what conditions would activate this.
------------------------------
Date: Tue, 17 Jul 2007 13:09:22 -0700 (PDT)
From: Lauren Weinstein <lauren@private>
Subject: Re: Search Engine Dispute Notification (Kirakowski, R-24.73)
Jurik apparently misunderstood a key premise in my public thinking on this
subject, e.g.:
http://lauren.vortex.com/archive/000253.html
http://lauren.vortex.com/archive/000254.html
In particular, I have *not* suggested an "on-demand" system for search
engine results dispute notifications.
Rather:
a) First line application would always be the legal system.
b) A third-party "independent entity" -- whether a formal organization or a
distributed, virtual construct, would evaluate disputes that could not be
directed to the legal system.
c) Only *very serious* attacks -- mainly against individuals (at the level
of defamation, for example) -- would be considered for dispute link
resolution.
d) Displayed dispute links would be ignored for the purposes of search
engine page ranking calculations.
e) Dispute links would simply point to a location for more information about
the particular situation -- they would not themselves provide detailed
information about the dispute.
In other words, this would definitely not be an "on demand" system.
Fundamentally, I want to make sure that there is recourse for people like a
woman featured on CNN recently. She has been mercilessly harassed by a
fellow with vicious false Web pages. She obtained a court judgment against
him, but he fled the country and his sites are now beyond the reach of a
U.S. takedown order.
Naturally, search engines continue to steer traffic to his defaming sites,
without any indication that something could be "wrong" about those pages, or
that a U.S. court has ruled against them. The damage to the targeted woman
continues.
I am unwilling to accept the concept that there must be no mechanism to warn
of very serious disputes, simply because there are many disputes that do not
rise to the level appropriate for such dispute link notifications.
Lauren Weinstein lauren@private or lauren@private +1 (818) 225-2800
http://www.pfir.org/lauren http://www.pfir.org http://lauren.vortex.com
------------------------------
Date: Wed, 18 Jul 2007 14:56:58 +0200
From: "BROWN Nick" <Nick.BROWN@private>
Subject: Re: Search Engine Dispute Notification (Kirakowski, RISKS-24.73)
> I offer this more in the spirit of a 'straw man' since there must be an
> obvious rejoinder which unfortunately this morning I just can't see.
Allow me to try :-)
> This is not a route available to the bogus site owner [B] who does not
> have the same peer network as I do.
I suspect that, since she is prepared to spoof your site, she is probably
also prepared to contact C and D - or rather, the interns or minimum-wager
McJobbers who maintain C and D's links pages - probably even before you
notice that B is spoofing you.
(By getting her retaliation in first, she will have established a useful bit
of psychological legitimacy too. A few years ago, some friends of mine had
problems with noisy, antisocial neighbours. The first thing the neighbours
did when they moved into their house - before turning up the volume on the
hi-fi, banging on the walls, etc - was to call the police and complain that
their neighbours (my friends) were harassing them from day one. As a
result, it took months and several independent depositions (fortunately,
there were other neighbours) before it was realised who were the real
troublemakers.)
> It will be in the best interests of [C], [D]... to assist me in this as
> they themselves may one day come under attack in this way.
In addition to the "intern" consideration above, this also assumes that the
people who make policy at C and D have the time and the inclination to make
the world a better place by signing up to a social movement which promises
them some potential future benefit, without any guarantees. I suspect that
this will not find much space in their timetable between the modern Holy
Trinity (budget, deadline, and quality plan).
Nick Brown, Strasbourg, France.
------------------------------
Date: Thu, 5 Jul 2007 10:05:19 -0700
From: Paul Schreiber <shrub@private>
Subject: Re: Search Engine Dispute Notifications (Cowan, RISKS-24.71)
> ... individuals who feel defamed by slanderous web sites just need to
> copyright or otherwise classify that information about themselves as
> intellectual property, and then issue a DMCA take-down order. :-)
I know this was intended as a joke, but Crispin get the details wrong, make it
slightly less funny and muddying an already confusing issue.
* You can't copyright "information about themselves" Facts are not
copyrightable. You can only copyright something fixed in material form. If
you had written something and they had copied it verbatim, that *might* be
infringing.
* "or otherwise classify...as intellectual property" The DMCA only applies
to copyrighted works, not to trademarked or patented items.
As for the real world, well, you could probably get away with it, because
experience shows DMCA take-down notices are rarely verified.
------------------------------
Date: 2 Oct 2005 (LAST-MODIFIED)
From: RISKS-request@private
Subject: Abridged info on RISKS (comp.risks)
The ACM RISKS Forum is a MODERATED digest, with Usenet equivalent comp.risks.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
if possible and convenient for you. The mailman web interface can
be used directly to subscribe and unsubscribe:
http://lists.csl.sri.com/mailman/listinfo/risks
Alternatively, to subscribe or unsubscribe via e-mail to mailman your
FROM: address, send a message to
risks-request@private
containing only the one-word text subscribe or unsubscribe. You may
also specify a different receiving address: subscribe address= ... .
You may short-circuit that process by sending directly to either
risks-subscribe@private or risks-unsubscribe@private
depending on which action is to be taken.
Subscription and unsubscription requests require that you reply to a
confirmation message sent to the subscribing mail address. Instructions
are included in the confirmation message. Each issue of RISKS that you
receive contains information on how to post, unsubscribe, etc.
=> The complete INFO file (submissions, default disclaimers, archive sites,
copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
The full info file may appear now and then in RISKS issues.
*** Contributors are assumed to have read the full info file for guidelines.
=> .UK users should contact <Lindsay.Marshall@private>.
=> SPAM challenge-responses will not be honored. Instead, use an alternative
address from which you NEVER send mail!
=> SUBMISSIONS: to risks@private with meaningful SUBJECT: line.
*** NOTE: Including the string "notsp" at the beginning or end of the subject
*** line will be very helpful in separating real contributions from spam.
*** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
or ftp://ftp.sri.com/VL/risks for previous VoLume
<http://www.risks.org> redirects you to Lindsay Marshall's Newcastle archive
http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
Lindsay has also added to the Newcastle catless site a palmtop version
of the most recent RISKS issue and a WAP version that works for many but
not all telephones: http://catless.ncl.ac.uk/w/r
<http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
<http://www.csl.sri.com/illustrative.html> for browsing,
<http://www.csl.sri.com/illustrative.pdf> or .ps for printing
------------------------------
End of RISKS-FORUM Digest 24.74
************************
This archive was generated by hypermail 2.1.3 : Thu Jul 19 2007 - 15:49:18 PDT