Subject: RISKS DIGEST 14.82 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 17 August 1993 Volume 14 : Issue 82 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: RISKS-14.83!!! and RISKS-%&#@!! (PGN) Re: Dorney Park Hercules roller coaster injures 14 (Scott Walker) Re: Surprise! contained in tar file (David Wittenberg) Re: Terminal compression (csvcjld) Re: Terminal compromise (Mich Kabay) Re: Clusters and electromagnetic fields (Kenneth R Foster) Re: Gripen crash: pilot's view (Martyn Thomas) The RISKS Forum is a moderated digest discussing risks; comp.risks is its USENET counterpart. Undigestifiers are available throughout the Internet, but not from RISKS. Contributions should be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to risks@csl.sri.com, with appropriate, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. PLEASE SEND REQUESTS FOR SUBSCRIPTIONS, archive problems, and other information to risks-request@csl.sri.com (not automated). BITNET users may subscribe via your favorite LISTSERV: "SUBSCRIBE RISKS". Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 14, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. If you are interested in receiving RISKS via fax, please send E-mail to risks-fax@vortex.com, phone +1 (310) 455-9300, or fax +1 (310) 455-2364 for information regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; instead, as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Tue, 17 Aug 93 10:41:59 PDT From: "Peter G. Neumann" Subject: RISKS-14.83!!! and RISKS-%&#@!! For those of you who wondered where RISKS-14.82 was when you saw RISKS-14.83, this is it. In one of the wonders of modern technology, RISKS-14.82 appears AFTER RISKS-14.83. This was unintentional, but Steve Smoliar pointed out to me that it offsets the fact that there were two different issues of Info-mac yesterday with the same issue number (vol 11, issue 110?), somehow preserving karmic parity. Perhaps it all comes out in the wash, but it seemed appropriate for me to quickly put out RISKS-14.82 to stave off further requests for the supposedly missing issue. (Surprisingly, I have had only one such request thus far this morning, from Jerry Leichter.) Incidentally, the level of BARFmail and other addressing problems has been excruciating lately. The following all seem to be escalating in frequency: * Requests from E-mail addresses for which my answer is rejected by the originating host! * E-mail addresses that worked yesterday but not today, but then might work again tomorrow or some time in the future! * Requests to reinstate subscribers who think they were dropped from the list, where they had in fact been sent mail for weeks or months --- but their hosts had been merrily accepting their mail without actually delivering it or notifying anyone of nondelivery! * BITNET in general. PGN ------------------------------ Date: Tue, 17 Aug 1993 12:33:37 -0400 (EDT) From: walker@eplrx7.es.duPont.com (Scott Walker) Subject: Re: Dorney Park Hercules roller coaster injures 14 > Maryland's Dorney Park ^^^^^^^^^^ This park is actually in Allentown, Pennsylvania. Quite a ride, too! [Steve Walker's original item was a clipping from a very local newspaper that did not identify its city or state. I interpolated a mis-extrapolation. Sorry. Bad idea in general anyway. PGN] ------------------------------ Date: Tue, 17 Aug 1993 12:49:11 -0500 (EDT) From: David Wittenberg Subject: Re: Surprise! contained in tar file (RISKS-14.81) In Risks 14.81 Olaf Titz warns us that tar keeps information which can identify the person who tarred the file. I've seen two other simple failures of anonymous posting, the first a software "feature", the second a human's misunderstanding. Many newsreader programs automatically include a .signature file in all postings. I've seen such files appear in what were supposed to be anonymous postings. Apparently the user didn't realize that he had to rename his .signature file or it would be appended to his message. The other was a system where a few people offered to post messages anonymously if you sent them email. In one case, someone sent a message reading "Please post this anonymously. Thanks, John". The woman who posted it didn't notice that John had signed his note, so when she posted it, there was almost no doubt who it had come from. The point here is that we usually spend a lot of effort insuring that the appropriate person gets credit for something. As a result, we leave "signatures" of various sorts scattered widely. It's very hard to make sure that we've removed all of them. --David Wittenberg dkw@cs.brandeis.edu ------------------------------ Date: 17 Aug 93 06:41:24 -0700 From: Subject: Re: Terminal compression (Robinson, RISKS-14.83) >Also, in the story it notes that voice, fax or data transmissions are >detected and that encrypted ones are 'red flagged'. This is a crock. >Bits are bits; there is no way to tell... If the bytes are uniformly distributed, there is a good chance they are encrypted. [But NOT NECESSARILY. A simple compression code such as a Huffman code encodes into a random string of bits if the source text is chosen independently. But then, there would be no compression if there was not contextual dependence in the first place, so simplifications are tricky. PGN] ------------------------------ Date: 17 Aug 93 13:45:40 EDT From: "Mich Kabay / JINBU Corp." <75300.3232@compuserve.com> Subject: Terminal Compromise (Robinson, RISKS-14.83) The book is entitled TERMINAL COMPROMISE. Michel E. Kabay, Ph.D., Director of Education, National Computer Security Assn ------------------------------ Date: Tue, 17 Aug 93 14:15:34 -0400 From: kfoster@eniac.seas.upenn.edu (Kenneth R Foster) Subject: Re: Clusters and electromagnetic fields I briefly respond to the recent posting by Phil Agre. The posting that he referred to was my article on reproductive risk and use of VDTs, from _Phantom Risk_, MIT Press, June 1993. The clusters I discussed were reported clusters of miscarriage among women users of VDTs, that were reported around 1980. As I argue, the dozen epidemiologic studies that were performed in the decade following (virtually all negative) shows that the clusters were almost surely chance events, with no indication of reproductive risks from VDTs. Mr. Agre brings up a totally different issue -- reports of clusters of childhood among California schoolchildren, as described in a _New Yorker_ article by Paul Brodeur. I had not previously expressed any opinion about this in my posting to this newsgroup and I object to Mr. Agre's inferring that I did. For what it is worth, here are my comments on the issue. Mr. Agre brings up a totally different issue, clusters of cancer cases in California schools supposedly associated with high power lines, as publicized by Paul Brodeur. Without offering any opinion about Brodeur or his motives, I note that the interpretation of these observed clusters is very unclear, far more so than he indicated in Brodeur's _New Yorker_ articles on the subject. The interpretation of "clusters" has been well discussed in the epidemiologic literature; whole issues of epi journals have been devoted to the matter. The question is not whether some kids in school near power lines got cancer (there are lots of kids in California schools, and invariably some of them will get cancer), but whether going to a school that is located near a power line conveys higher risk of childhood cancer. A few isolated cases does not allow one to draw any inferences one way or the other. Ray Neutra, a highly respected epidemiologist with the State of California, has investigated these clusters (of childhood cancer in California schools) and found no indication of any link with power lines. Given the large number of California schoolchildren, one would expect several "clusters" like those Brodeur reported every year, by chance alone. For a good discussion how an epidemiologist would investigate a report of a cluster (and many clusters of various kinds are reported to health officials around the country, alleging all sorts of things) I refer you to a special issue on clusters published in (I recall) the American Journal of Epidemiology about 2 years ago. I note that Brodeur also described the clusters of miscarriage among women VDT users in his _New Yorker_ articles, but gave neither a fair assessment of the difficulties of interpreting them, nor a fair and complete survey of the relevant epidemiological studies. ------------------------------ Date: Tue, 17 Aug 1993 10:34:15 +0100 (BST) From: Martyn Thomas Subject: Gripen crash: pilot's view Flight International today quotes the pilot of the Gripen FBW fighter that crashed at the Stockholm display. "It was like sitting on a big ball feeling like you're sliding off it. When I entered the turn, the computer overcompensated by roughly 10 degrees. When I then straightened out the aircraft, I got an undemanded pitch oscillation and, when I tried to compensate for that one, the aircraft kind of sat down and became impossible to control." He described the feeling of loss of control as being ".. like butter on a hot potato". Martyn Thomas, Praxis plc, 20 Manvers Street, Bath BA1 1PX UK. Tel: +44-225-444700. Email: mct@praxis.co.uk Fax: +44-225-465205 ------------------------------ End of RISKS-FORUM Digest 14.82 ************************