RISKS-LIST: Risks-Forum Digest Weds 28 December 2011 Volume 26 : Issue 68 ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as <http://catless.ncl.ac.uk/Risks/26.68.html> The current issue can be found at <http://www.csl.sri.com/users/risko/risks.txt> Contents: Botched elevator maintenance? (James Barron via PGN) Single point of failure in the Berlin Train System (Debora Weber-Wulff) Report on Queen Mary 2 Dead in the Water (Earl Boebert) "Why Ford Just Became A Software Company" (Chris Murphy via Gabe Goldberg) The False Promise of Biometrics (Aman Sethi via Gene Spafford) EFF reverse engineers Carrier IQ (Sebastian Anthony via Monty Solomon) In tests, LightSquared disrupts 75% of GPS receivers (Lauren Weinstein) Internet of things (David Magda) Risks of focusing on risks (Bob Frankston) Hollywood's pirate cure is worse than the disease (Jack Shafer via LW) ACMA: Facebook photos are not private, even with "privacy" enabled (Peter Houppermans) When Facebook really became a liability (Peter Houppermans) Facebook agrees to a dozen recommendations by Irish data protection authority (Jeremy Kirk via Gene Wirchenko) Hacked! (James Fallows via Monty Solomon) Stratfor security breach (Huffington Post via Lauren Weinstein) Stratfor hacking victims targeted after comments (Eileen Aj Connelly) Microsoft will push IE auto-updates (Gregg Keizer) Re: Internet Hysteria ... (Henry Baker) Re: Robot prison wardens - with guns? (Paul Robinson) Re: Qantas Terror Blamed on computer (Peter Bernard Ladkin, Robert Meineke) REMINDER - iFM 2012 CfP - DEADLINE APPROACHING (Diego Latella) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- Date: Wed, 28 Dec 2011 9:51:56 PST From: "Peter G. Neumann" <neumann_at_private> Subject: Botched elevator maintenance? Suzanne Hart was crushed to death in an elevator in the Young and Rubicam building in Manhattan. As she stepped into the elevator on the ground floor, it shot to the second floor with the door open, and she was trapped between floors. The elevator had just undergone electrical maintenance a few hours before. [Source: James Barron, Tracing the ARc of a Life Cut Short by an Elevator Malfunction, *The New York Times*, 20 Dec, A26 (National Edition); PGN-ed. James Barron's article is a lovely homage to her life.] ------------------------------ Date: Fri, 16 Dec 2011 00:21:23 +0100 From: weberwu <weberwu_at_htw-berlin.de> Subject: Single point of failure in the Berlin Train System The Berlin light rail train system, plagued by problems for years, demonstrated today that it can, indeed get worse. Many cars have been taken out of service for all sorts of ailments, and having pruned the maintenance shops and the drivers to a bare minimum, there is no room for dealing with problems. And there have been problems galore. Berliners joked that it could not possibly get worse, but today (15 Dec 2011) the S-Bahn proved that it could, indeed, because it has a single point of failure. All switches, all electronic signals, all information is centralized in one station in Halensee. And the electricity went out during a routine test of the emergency electrical system today, according to RBB [1], a local news station. The emergency system did not kick in - and then nothing worked. Only two train lines that still have analogue signals and switches were in operation, the rest was out - and the central operations was also affected. They had no information on where the trains were. Many people were trapped in trains stranded between stations. Angry passengers opened the doors, got out and walked the tracks to the nearest station, continuing by bus, subway, or taxi. It took about 3 hours after electricity was restored to have some sort of traffic running. The Internet information page by the S-Bahn was down, the server was not able to cope with the traffic. Customers used Twitter to announce trains in motion, helping people to find some way to get to work or school. [1] http://www.rbb-online.de/nachrichten/vermischtes/2011_12/komplett_ausfall_bei.html Prof. Dr. Debora Weber-Wulff, HTW Berlin, Treskowallee 8, 10313 Berlin Tel: +49-30-5019-2440 http://www.f4.htw-berlin.de/people/weberwu/ ------------------------------ Date: Tue, 27 Dec 2011 11:27:02 -0700 From: Earl Boebert <boebert_at_private> Subject: Report on Queen Mary 2 Dead in the Water This seems to be a good time of the year for those of us who study failure modes. On the night of 23 September 2010 the cruise ship Queen Mary 2 lost propulsion for an hour outside Barcelona. As the official report puts it, "Losing control of a large cruise liner due to an electrical blackout, with 3,823 people on board, is a serious concern." The report is here: http://www.maib.gov.uk/cms_resources.cfm?file=3D/QM2Webreport.pdf Details of interest to the volts and amps types (a capacitor exploded) are here: http://www.maib.gov.uk/cms_resources.cfm?file=3D/QM2_CombinedAnnexes.pdf Rule, Britannia :-) ------------------------------ Date: Tue, 27 Dec 2011 14:28:45 -0500 From: Gabe Goldberg <gabe_at_private> Subject: "Why Ford Just Became A Software Company" Ford is upgrading its in-vehicle software on a huge scale, embracing all the customer expectations and headaches that come with the development lifecycle [Source: Chris Murphy <Mcjmurphy_at_private>, InformationWeek, 14 Nov 2011] <http://www.informationweek.com/authors/1115> Sometime early next year, Ford will mail USB sticks to about 250,000 owners of vehicles with its advanced touchscreen control panel. The stick will contain a major upgrade to the software for that screen. With it, Ford is breaking from a history as old as the auto industry, one in which the technology in a car essentially stayed unchanged from assembly line to junk yard. Ford is significantly changing what a driver or passenger experiences in its cars years after they're built. And with it, Ford becomes a software company -- with all the associated high customer expectations and headaches. http://www.informationweek.com/news/global-cio/interviews/231902920? Gabriel Goldberg, Computers and Publishing, Inc. gabe_at_private 3401 Silver Maple Place, Falls Church, VA 22042 (703) 204-0433 ["Just became"? I remember in the early 1980s when the Ford Aerospace computer security folks in Palo Alto were working with Ford headquarters in Detroit to help them understand the implications of computer technology -- and security. It takes a long time for technology to emerge, and then -- unfortunately -- often with inadequate security. PGN] ------------------------------ Date: Thu, 22 Dec 2011 21:05:42 -0500 From: Gene Spafford <spaf_at_private> Subject: The False Promise of Biometrics (Aman Sethi) Although this is about India, the bits about biometric failures and what is happening to people missing in the database should resonate with some of our own efforts. Aman Sethi, The False Promise of Biometrics, *The New York Times* blogs, Latitude, 22 Dec 2011 India's ambitions to help the poor secure government benefits by creating the world's largest personal database could do them much harm. http://latitude.blogs.nytimes.com/2011/12/22/the-false-promise-of-biometrics-in-india/?emc=eta1 ------------------------------ Date: Fri, 23 Dec 2011 11:01:03 -0500 From: Monty Solomon <monty_at_private> Subject: EFF reverse engineers Carrier IQ (Sebastian Anthony) Sebastian Anthony, 22 Dec 2011: At this point we have a fairly good idea of what Carrier IQ is, and which manufacturers and carriers see fit to install it on their phones, but the Electronic Frontier Foundation (EFF) - the preeminent protector of your digital rights - has taken it one step further and reverse engineered some of the program's code to work out what's actually going on. http://www.extremetech.com/computing/110061-eff-reverse-engineers-carrier-iq Analyzing Carrier IQ Profiles https://www.eff.org/deeplinks/2011/12/analyzing-carrier-iq-profiles Some Facts About Carrier IQ https://www.eff.org/deeplinks/2011/12/carrier-iq-architecture ------------------------------ Date: Sat, 10 Dec 2011 21:09:33 -0800 From: Lauren Weinstein <lauren_at_private> Subject: In tests, LightSquared disrupts 75% of GPS receivers "Philip Falcone's proposed LightSquared Inc. wireless service caused interference to 75 percent of global-positioning system receivers examined in a U.S. government test, according to a draft summary of results." http://j.mp/vcHiAA (Business Week) [NNSquad] ------------------------------ Date: Wed, 21 Dec 2011 17:19:32 -0500 From: David Magda <dmagda_at_private> Subject: Internet of things The more things are connected, the more they need protecting: > In one instance, a thermostat at a town house the Chamber [of Commerce] > owns on Capitol Hill was communicating with an Internet address in China. http://online.wsj.com/article/SB10001424052970204058404577110541568535300.html http://www.thestar.com/news/world/article/1105272 http://it.slashdot.org/story/11/12/21/1321238/ (via) There are some quite sophisticated thermostat designs being designed nowadays: http://www.sparkfun.com/tutorials/334 http://www.nest.com/ With quite capable processors: http://www.ti.com/product/am3703 No mention of the specific product used in the attack though. ------------------------------ Date: Sun, 25 Dec 2011 11:11:38 -0500 From: "Bob Frankston" <Bob19-0501_at_private> Subject: Risks of focusing on risks There are all sorts of articles about the risks of talking on a cell phone while driving -- even hands free -- in a car and an effort to ban them. The problem is that these processes seem to focus primarily on risks. Have these studies looked at the benefits of not being isolated while driving? The reports do make an exception for navigation systems even though they can be very distracting. That's a case where the benefits are, perhaps, too obvious to ignore. Yet if we remove all distractions driving becomes very dangerous -- that's why roads are now designed with curves rather than being straight for many miles. How do we get balanced policies rather than policies focused on eliminating risks? And without taking risks how do we advance understanding and technology? There's also another issue -- the policymakers seem to assume that a GPS navigator is a device. But today it's just an app and a cell phone is just a generic communicating platform. So, inevitably, in a software-defined world the efforts to ban devices become commingled with attempts to control behavior. ------------------------------ Date: Sun, 18 Dec 2011 20:57:09 -0800 From: Lauren Weinstein <lauren_at_private> Subject: Hollywood's pirate cure is worse than the disease (Jack Shafer) "So grand is the entertainment complex's umbrage that I half expect its next move will be to petition the Department of Justice for the authority to shut down the electric utilities that provide power to any and all computers it suspects are pinching its intellectual property." Jack Shafer, Reuters blog, 16 Dec 2011 http://j.mp/w1Ja2U NNSquad: http://lists.nnsquad.org/mailman/listinfo/nnsquad ------------------------------ Date: Mon, 19 Dec 2011 15:07:50 +0100 From: Peter Houppermans <peter_at_private> Subject: ACMA: Facebook photos are not private, even with "privacy" enabled OK, the concept of "privacy" and the whole raison d'être for Facebook are diametrically opposed, but you would have hoped that a regulator would put at least *some* effort into protecting the innocent. http://www.itnews.com.au/News/284896,acma-finds-facebook-photos-are-not-private.aspx "Australia's communications regulator has ruled that television networks are not breaking the industry's code of practice when publishing photos lifted from a public Facebook profile." OK, I can sort of follow that one - it's freely accessible. There looms the eternal copyright question, though, but OK - but worse was to come. "Channel Seven did not breach the Commercial Television Industry Code of Practice when it accessed and broadcast photographs -- specifically in the case of a deceased person lifted from a Facebook tribute page, and another which broadcast the name, photograph and comments penned by a 14-year old boy." OK, this was enough to hit the buffers for me. The former is a matter of public decency (I know, I know, I'm old fashioned), but the latter throws up a thoroughly evil question that I will post in a minute as a separate message. Now for the killer: "The ACMA was begrudgingly unable to guarantee that users marking content as `private' on a social network could be safe guarded from broadcasters and publishers making it public, at least under the industry code of practice." The ACMA made it clear that while it considers the use of privacy settings an important consideration when assessing material obtained from social networking sites, the actual settings are not determinative, the regulator noted. Instead, the regulator will determine matters taken before it on a case-by-case basis." Let me see if I get this correctly: even when a user has flagged the explicit WITHHOLDING of consent for public use by marking something private (which suggests an access control mechanism of some sorts which requires breaching either by password hacks, or by asking a "friend" (cough) to get at the data, the use of such material is perfectly OK? Excuse me? Words fail me. And privacy in Australia, apparently. ------------------------------ Date: Sun, 25 Dec 2011 22:06:14 +0100 From: Peter Houppermans <peter_at_private> Subject: When Facebook really became a liability "Facebook will begin adding photos of its users to third-party adverts appearing in users' news feeds come early next year, so if you're the sort who's a bit free with your thumbs-up button, there's no way out of being featured alongside a tin of baked beans or a pair of knickers on the social network." http://www.theregister.co.uk/2011/12/21/facebook_sponsored_stories/ I'm not quite sure what exactly they are smoking at Facebook HQ, but I would advise to avoid it at all costs, zap any image which features your face and start warming up your lawyers. What Facebook is planning to do appears to me principally deceptive marketing. If your face is somehow associated with a product it will appear as an endorsement - and endorsement you didn't intend, most likely would not consent to if you were aware of it (which you won't), and may associate you with any problems the product may have. In other words, Facebook is about to use your credibility and reputation for free, leaving you with the liability and representational loss if the product isn't up to scratch. Absolutely *great* for double-glazing selling.. Well, that's the end of profile pictures, I think. Even more fun will be the abuse of publicity images as used by fake profiles - as far as I can see, the only people winning here are lawyers. Am I missing something or have they really come off the rails now? ------------------------------ Date: Thu, 22 Dec 2011 11:32:22 -0800 From: Gene Wirchenko <genew_at_private> Subject: "Facebook agrees to a dozen recommendations by Irish data protection authority" (Jeremy Kirk) Deal comes just a month after the U.S. Federal Trade Commission ruled Facebook made deceptive claims about data sharing. Jeremy Kirk, *ITBusiness* http://www.itbusiness.ca/it/client/en/home/News.asp?id=65451 12/22/2011 ------------------------------ Date: Sun, 25 Dec 2011 2:33 PM From: Monty Solomon <monty_at_private> Subject: Hacked! (James Fallows) As e-mail, documents, and almost every aspect of our professional and personal lives moves onto the "cloud"-remote servers we rely on to store, guard, and make available all of our data whenever and from wherever we want them, all the time and into eternity-a brush with disaster reminds the author and his wife just how vulnerable those data can be. A trip to the inner fortress of Gmail, where Google developers recovered six years' worth of hacked and deleted e-mail, provides specific advice on protecting and backing up data now-and gives a picture both consoling and unsettling of the vulnerabilities we can all expect to face in the future. James Fallows, *The Atlantic*, Nov 2011 http://www.theatlantic.com/magazine/archive/2011/11/hacked/8673/?single_page ------------------------------ Date: Sun, 25 Dec 2011 10:27:04 -0800 From: Lauren Weinstein <lauren_at_private> Subject: Stratfor security breach (Huffington Post via NNSquad) "LONDON - Hackers on Sunday claimed to have stolen a raft of e-mails and credit card data from U.S.-based security think tank Stratfor, promising it was just the start of a weeklong Christmas-inspired assault on a long list of targets. One alleged hacker said the goal was to use the credit data to steal a million dollars and give it away as Christmas donations." http://j.mp/sZ21Qj (Huffington) - - - This is the text of the message Stratfor has been sending out, though it has been received by various parties without a known relationship to Stratfor, at least directly: Dear Stratfor Member, We have learned that Stratfor's web site was hacked by an unauthorized party. As a result of this incident the operation of Stratfor's servers and e-mail have been suspended. We have reason to believe that the names of our corporate subscribers have been posted on other web sites. We are diligently investigating the extent to which subscriber information may have been obtained. Stratfor and I take this incident very seriously. Stratfor's relationship with its members and, in particular, the confidentiality of their subscriber information, are very important to Stratfor and me. We are working closely with law enforcement in their investigation and will assist them with the identification of the individual(s) who are responsible. Although we are still learning more and the law enforcement investigation is active and ongoing, we wanted to provide you with notice of this incident as quickly as possible. We will keep you updated regarding these matters. George Friedman ------------------------------ Date: Mon, 26 Dec 2011 22:57:40 -0500 From: Monty Solomon <monty_at_private> Subject: Stratfor hacking victims targeted after comments (Eileen Aj Connelly) NEW YORK Victims of a data breach at the security analysis firm Stratfor apparently are being targeted a second time after speaking out about the hacking. Stratfor said on its Facebook page that some individuals who offered public support for the company after it revealed it was hacked "may be being targeted for doing so." The loose-knit hacking movement "Anonymous" claimed Sunday through Twitter that it had stolen thousands of credit card numbers and other personal information belonging to the company's clients. Anonymous members posted links to some of the information Sunday and more on Monday. Stratfor, based in Austin, Texas, said its affected clients and its supporters "are at risk of having sensitive information repeatedly published on other websites." The company has resorted to communicating through Facebook while its website remains down and its e-mail suspended. ... Eileen Aj Connelly, AP Business Writer, *The Boston Globe*, 26 Dec 2011, http://www.boston.com/business/technology/articles/2011/12/26/think_tank_hacking_victims_targeted_after_comments/ ------------------------------ Date: Sun, 18 Dec 2011 18:06:04 -0500 From: Monty Solomon <monty_at_private> Subject: Microsoft will push IE auto-updates (Gregg Keizer) Microsoft gets silent upgrade religion, will push IE auto-updates Copies Chrome and follows Firefox to get users onto the newest browser without asking permission Microsoft today said it will silently upgrade Internet Explorer (IE) starting next month, arguing that taking the responsibility out of the hands of users will keep the Web safer. The move is an acknowledgment by Microsoft that Google's model -- its Chrome browser has updated in the background without user involvement since it debuted more than three years ago -- is the right one. ... [Source: Gregg Keizer, *Computerworld*, Dec 15 2011] http://www.computerworld.com/s/article/9222690/Microsoft_gets_silent_upgrade_religion_will_push_IE_auto_updates ------------------------------ Date: Wed, 21 Dec 2011 07:56:31 -0800 From: Henry Baker <hbaker1_at_private> Subject: Re: Internet Hysteria ... (Brett Glass, R-26.67) The inability to control volume is merely the tip of the iceberg when it comes to the media consumer's lack of control. However, thanks to the wonders of modern computers & digital signal processing, those persons consuming their media via a _computer_, rather than a consumer electronic device, finally have significantly more control. "MP3Gain" and its competitors allows the user to pre-process the audio gain of mp3 files so that even when played back on "dumb" mp3 devices, the sound volume will be within the range selected by the user. I have used these types of programs for years to enable me to be able to hear mp3's on airplanes where the ambient noise is simply too high. If you are utilizing the outstanding "VLC" media player on your laptop computer, you have even greater control. For example, the VLC player can play back at speeds significantly greater than normal, but _without changing the pitch_, so that you can zoom through boring podcasts & videos at 1.5x or greater speeds. The VLC player also has a "Volume Normalizer", which provides "dynamic volume compression" for noisy environments. See below. It is essential that digital media consumers be allowed to digitally remaster their content to tailor it for their own consumption. In some cases, this can be an advantage for the content creators: e.g., when I set VLC playback to 1.5x, I can consume 50% more content! http://www.ab9il.net/digital-audio/vlc-audio-dynamics.html "Effective Audio compression for Loud or Sensitive Environments. "The VLC media player, short for VideoLan, is a very versatile player for nearly any audio or video format. It is an excellent application for home theater computers, laptops, netbooks, tablet computers, or any Mac, Linux, or Windows device used for multimedia playback. It can even stream media over a local or global network. VLC is the media player of choice due in part to its ease of use on the popular operating systems and its many useful plugins. "One aspect of its flexibility that is not well utilized by many VLC users is its ability to manipulate the audio dynamics of the media it is playing. In other words, the Volume Normalizer can be configured to compensate for loud and quiet variations of a movie, podcast, or segment of music. Such a feature is very useful when using VLC in a loud environment: on an airplane, in a busy cafe, in an office area, or on a street. Some VLC users in schools, watching pre-recorded lectures, may need the audio dynamics set to provide clarity in a sound sensitive environment. The audio compression then automatically controls loudness to prevent distraction to others who may be nearby." ------------------------------ Date: Sat, 24 Dec 2011 11:18:13 -0800 (PST) From: Paul Robinson <paul_at_paul-robinson.us> Subject: Re: Robot prison wardens - with guns? (Houppermans, RISKS-26.64) > Oh yeah, you want those turrets on that robot in a prison. New, untried > OS, vendor under competitive pressure, gun with real bullets and a high > likelihood of this thing having some form of remote management. What > could possible go wrong? Or as they said in the movie "Westworld", "Nothing can possibly go worng, go worng, go worng..." I was thinking about this when I saw the first "Robocop" movie, when the ED-209 defense drone shoots an executive of the company, my thought was, what kind of brain-dead moron actually loads ordnance into a machine undergoing a test in a civilian environment? Of course it would have made the story fail, but Dick Jones, as head of the ED-209 project should have been fired on the spot for incompetence, and whoever ordered actual ammunition put into the thing should have been prosecuted at least for involuntary manslaughter. This was inexcusable negligence beyond mere incompetence or even stupidity, it borders on arrogant willful misconduct. Even if you don't give one damn about human life, killing corporate executives is unacceptable because it's very expensive over some schlub on the shop floor in a factory: you have to pay their death benefits from worker's comp based on their income which is a lot higher, you have to cash out their remaining contract, and possibly other benefits have to be paid, plus a dead-bang winner of a juicy high-dollar suit by their survivors for negligence. Not to mention the bad press in the newspapers might cause the stock price to go down. Killing director-level or corporate officer executives is going to be a lot more expensive than just having some factory worker killed, say in a disaster because your maintenance is sub-par (like BP and the Deepwater Horizon disaster in the Exxon of Mexico, err I mean Gulf of Mexico.) ------------------------------ Date: Wed, 21 Dec 2011 12:10:07 +0100 From: Peter Bernard Ladkin <ladkin_at_private-bielefeld.de> Subject: Re: Qantas Terror Blamed on computer (RISKS-26.67) The title of the note in RISKS-26.67 said the accident was "Blamed on Software". I think this is misleading. The anomaly involved electronic data generation and transmission engineering, nothing with which a software engineer could be expected to have either experience or expertise. Qantas Flight 72, flown by VH-QPA, an Airbus 330-303, suffered pitch anomalies in cruise near Learmonth, Western Australia, in October 2008. It pitched down suddenly, injuring some 106 passengers and 9 cabin crew, some severely. An emergency was declared and the airplane landed at Learmonth, Western Australia, to enable timely medical treatment for the injured. It has been known for some time (and was published in the interim reports) that the pitch-down was caused by data spikes in angle-of-attack data from one air data computer (ADIRU), which were taken as veridical by the primary flight control computers (FCPC or PRIM) because two similar spikes occurred just outside the time window in the filtering algorithm. The reconciliation between these values and those of the other two ADIRUs allowed this anomalous value to prevail, and the aircraft accordingly pitched nose-down. A blog post with more detail, including a link to the final report, as well as discussion of the certification requirements as the ATSB sees them, may be read at http://www.abnormaldistribution.org/2011/12/21/the-accident-to-qantas-flight-72-vh-qpa-in-october-2008/ Peter Bernard Ladkin, University of Bielefeld and Causalis Limited www.rvs.uni-bielefeld.de www.causalis.com [See also http://www.atsb.gov.au/media/3532398/ao2008070.pdf http://it.slashdot.org/story/11/12/20/0127215/software-bug-caused-qantas-airbus-a330-to-nose-dive courtesy of Earl Boebert, who noted this: [There's] an (unverified) assertion that the Airbus flight control system will exercise uncommanded changes to throttle settings *without* moving the throttle handles in the cockpit. If true: bad robot, bad, bad robot. (The Boeing system supposedly has actuators on the handles and moves them when it decides to take over throttle control.)] PGN] ------------------------------ Date: Tue, 20 Dec 2011 23:18:05 -0800 From: Robert Meineke <rmeineke_at_private> Subject: Re: Qantas terror blamed on computer (RISKS-26.67) http://www.stuff.co.nz/travel/australia/6163633/Qantas-terror-blamed-on-computer The article notes that Airbus has since tweaked its algorithms and installed the upgraded software. The line in the article that caught my eye was the following. "As a result of this redesign, passengers, crew and operators can be confident that the same type of accident will not reoccur," investigators have concluded. *Will not* reoccur? That strikes me as awfully absolute. [A common comment in RISKS over the years, but seemingly particularly relevant here! PGN] ------------------------------ Date: Fri, 16 Dec 2011 12:30:12 +0100 From: Diego Latella <diego.latella_at_private> Subject: REMINDER - iFM 2012 CfP - DEADLINE APPROACHING CALL FOR PAPERS - LAST WEEKS BEFORE DEADLINE Paper submission: 14 Jan 2012 9th International Conference on Integrated Formal Methods (iFM 2012) in conjunction with ABZ 2012, in honor of Egon Boerger's 65th birthday for his contribution to state-based formal methods June 18 - 22, 2012 - CNR - Pisa - ITALY http://ifm.isti.cnr.it Consiglio Nazionale delle Ricerche Istituto di Scienza e Tecnologie dell'Informazione ``A. Faedo'' Formal Methods && Tools Lab. Via Moruzzi 1 - 56124 Pisa OBJECTIVES AND SCOPE Applying formal methods may involve the modeling of different aspects of a system that are expressed through different paradigms. Correspondingly, different analysis techniques will be used to examine differently modeled system views, different kinds of properties, or simply in order to cope with the sheer complexity of the system. The iFM conference series seeks to further research into the combination of (formal and semi-formal) methods for system development, regarding modeling and analysis, and covering all aspects from language design through verification and analysis techniques to tools and their integration into software engineering practice. INVITED SPEAKERS Egon Boerger, University of Pisa, Italy Muffy Calder, University of Glasgow, United Kingdom Ian J. Hayes, University of Queensland, Australia ABZ - iFM 2012 GENERAL CHAIRS John Derrick, University of Sheffield, United Kingdom Stefania Gnesi, CNR-ISTI, Italy iFM PROGRAMME COMMITTEE CHAIRS: Diego Latella, CNR-ISTI, Italy Helen Treharne, University of Surrey, United Kingdom ABZ - iFM 2012 FINANCE CHAIR Alessandro Fantechi, Universita' di Firenze, Italy [Large international organizing and program committees omitted here. PGN] ------------------------------ Date: Mon, 6 Jun 2011 20:01:16 -0900 From: RISKS-request_at_private Subject: Abridged info on RISKS (comp.risks) The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is comp.risks, the feed for which is donated by panix.com as of June 2011. => SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) if possible and convenient for you. The mailman Web interface can be used directly to subscribe and unsubscribe: http://lists.csl.sri.com/mailman/listinfo/risks Alternatively, to subscribe or unsubscribe via e-mail to mailman your FROM: address, send a message to risks-request_at_private containing only the one-word text subscribe or unsubscribe. You may also specify a different receiving address: subscribe address= ... . You may short-circuit that process by sending directly to either risks-subscribe_at_private or risks-unsubscribe_at_private depending on which action is to be taken. Subscription and unsubscription requests require that you reply to a confirmation message sent to the subscribing mail address. Instructions are included in the confirmation message. Each issue of RISKS that you receive contains information on how to post, unsubscribe, etc. => The complete INFO file (submissions, default disclaimers, archive sites, copyright policy, etc.) is online. <http://www.CSL.sri.com/risksinfo.html> The full info file may appear now and then in RISKS issues. *** Contributors are assumed to have read the full info file for guidelines. => .UK users may contact <Lindsay.Marshall_at_private>. => SPAM challenge-responses will not be honored. Instead, use an alternative address from which you NEVER send mail! => SUBMISSIONS: to risks_at_private with meaningful SUBJECT: line. *** NOTE: Including the string "notsp" at the beginning or end of the subject *** line will be very helpful in separating real contributions from spam. *** This attention-string may change, so watch this space now and then. => ARCHIVES: ftp://ftp.sri.com/risks for current volume or ftp://ftp.sri.com/VL/risks for previous VoLume http://www.risks.org takes you to Lindsay Marshall's searchable archive at newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue. Lindsay has also added to the Newcastle catless site a palmtop version of the most recent RISKS issue and a WAP version that works for many but not all telephones: http://catless.ncl.ac.uk/w/r <http://the.wiretapped.net/security/info/textfiles/risks-digest/> . ==> PGN's comprehensive historical Illustrative Risks summary of one liners: <http://www.csl.sri.com/illustrative.html> for browsing, <http://www.csl.sri.com/illustrative.pdf> or .ps for printing is no longer maintained up-to-date except for recent election problems. ==> Special Offer to Join ACM for readers of the ACM RISKS Forum: <http://www.acm.org/joinacm1> ------------------------------ End of RISKS-FORUM Digest 26.68 ************************Received on Wed Dec 28 2011 - 12:31:02 PST
This archive was generated by hypermail 2.2.0 : Wed Dec 28 2011 - 19:33:13 PST