Human-Nets-Request%rutgers@brl-bmd.UUCP (Human-Nets-Request@rutgers) (01/12/84)
HUMAN-NETS Digest Wednesday, 11 Jan 1984 Volume 7 : Issue 9 Today's Topics: Computer Security - Account Security, Computers and the Law - Big Computer is Watching You, Computer Networks - More Networks, Input Devices - Keypads (2 msgs) & Keyboards (2 msgs) ---------------------------------------------------------------------- Date: 8 January 1984 23:46 EST From: Robert Elton Maas <REM @ MIT-MC> Subject: HOUSE WARE testamony on c.security I think it's a fine introduction to the myried problems involved. I have one complaint, the proposed algorithm for preventing password-guessing. If the algorithm is to deactivate the account, requiring personal presence befor reactivation, anybody with the dialup number and a listing of account names (without password), easily obtainable from FINGER or from a survey of electronic mail eminating from that site, can sabotage the system by deliberately faking a failed-login for first one account then another etc. so instead of getting work done everybody is making trips in to reactivate their accounts and try to explain why penetration of their account was attempted. In fact the legitimate user is in somewhat of a "guilty until proven innocent" situation, since there's no real evidence that person mistyped hs password wrong or gave his acount name (without password) to some random, yet he is punished (being forced to get dressed and commute and be subject to harassment by his boss) until he convinces them he knows nothing about it. -- The followup algorithm of deactivating it again on second saboteur fake-failed-breakin and forcing the supervisor to file a report with a higher security official, means the victimized legitimate user will really be harassed next time! I propose simply hanging up and updating a failed-login account file after each 3 incorrect passwords. For direct connection terminals, hanging up is meaningless. I suggest freezing that particular acount for all hardwired ports after 3 consecutive incorrect passwords and freezing that particular hardwired port completely after 3 consecutive account-freezings, both actions to be permanent until such time as a security person can investigate that port to verify the dumb terminal (not a "Ralph" computer that has been brought in) is still connected to that port. After the situation has been investigated an the port has been reactivated, a decision can be made whether to have increased surveilance at that port. Alternatively, a security camera can take an image and FTP it to the security office whenever any wrong password is entered, and the office can keep any process all such images after several such attempts, while discarding any random isolated instances after a few hours. ------------------------------ Date: Tue, 10 Jan 84 11:33:16 EST From: Stephen Wolff <steve@brl-bmd> Subject: [Robert Elton Ma: Thoughtcrime] To: rem@mit-mc If a database includes only information that is based on solid evidence, and continually/recurrently rechecks information, cleans up typographical errors that creep in and deletes any data that turn out not to be correct or which are based solely on opinion rather than fact, then I don't think we have much to worry about. I.e., "Well, if you're not doing anything wrong, why do you care if somebody watches everything you do and writes it all down?" Hmmmmm....... ------------------------------ Date: 10 January 1984 22:40 EST From: Robert Elton Maas <REM @ MIT-MC> Subject: [Robert Elton Ma: Thoughtcrime] To: steve @ BRL-BMD Date: Tue, 10 Jan 84 11:33:16 EST From: Stephen Wolff <steve@brl-bmd> "Well, if you're not doing anything wrong, why do you care if somebody watches everything you do and writes it all down?" If I commit a crime and am convicted of it, I would expect that fact to be in the FBI database. I wouldn't expect to be able to claim that such inclusion is an invasion of my privacy. If I haven't been convicted of any crime, I should be able to challange any database entry that claims I have been so convicted. That's what I was getting at, this legal info is proper business of the FBI, providing it contains only true&authenticated claims. When we get into stuff that's my own personal business in the first place, I agree with your point, the FBI has no business having *any* of it, regardless of its correctness, except temporarily during investigation of me for some crime where I'm a suspect. (Like what time I usually leave home to go to folk dance may be useful in planning a stakeout.) But after the case is closed, the info should be flushed from the FBI database. <Opinion of REM> ------------------------------ Date: 9-Jan-84 19:59 PST From: Kirk Kelley <KIRK.TYM@OFFICE-2> Subject: Re: the proliferation of networks Here's an interesting one. The AUGMENT Mail Network consists of about fifteen large hosts (last count) supporting tens of users each. About half the hosts are on the Arpanet and all but a few are on Tymnet. The primary gateway host is called "Office" on the ARPANET. Addresses are of the form user.org, where user is one of your identifiers and org is usually a short name for your employer. The org database keeps track of where users want their mail delivered, among other things. Addresses with at-signs are assumed to go out to the Arpanet. Addresses on other mail systems (e.g. OnTyme) are enclosed in curly braces with the mail system name appended. AUGMENT is publicly available from the Office Automation Division of Tymshare. -- kirk ------------------------------ Date: Fri, 6 Jan 84 7:05:17 EST From: Chuck Kennedy <kermit@brl-vgr> Subject: IBM 0 To: andyb%dartvax@brl-bmd Yes, I just checked the IBM model 026 next door and it does indeed have the 0 above the other digits. Cards, yuck!!! -Chuck Kennedy <kermit @ brl> ------------------------------ From: dciem!ntt%utzoo@BRL-BMD.ARPA Date: Tue, 10 Jan 84 09:43:44 est Subject: Telephone keypad A point which has not been mentioned is that the telephone keypad is not only a numeric pad, but also has letters, which are in alphabetical order. If the rows were permuted, so would be the alphabet. Incidentally, the assignment of letters to numbers is not the same wherever letters are used; I have seen British telephones with O and Q assigned to 0, whereas in North America M, N, and O are assigned to 6. Mark Brader ------------------------------ Date: Tue, 10 Jan 84 13:42:58 CDT From: Doug Monk <bro.rice@RAND-RELAY> Subject: Re: The Keyboard as an OUTPUT device With 'soft' keyboards ( i.e., programmable keyboards that can be made to send any given character or sequence of characters when any given key is hit ) a rapidly approaching possibility, I may be able to solve a long-standing problem of my own : on a QWERTY keyboard it *always* takes me at least two tries to type 'change' instead of 'chnage', and 'the' comes out 'teh' a lot. With programmable keyboards, we might all come up with our own designs, customized for our own personal idiosyncracies, muscular and tendon faults, and vocabularies. Make the keyboards read and store the key design from little magnetic strips... Hmm, but how to get the imprint on top of the key to reflect what the key will transmit when hit ? Little LED arrays that read the key design as well ? Suddenly the keyboard is an OUTPUT device. As far as the problem of per-key displays : ANY sort of intelligent key-cap display is EXPENSIVE, no matter what type of technology you use. So perhaps the answer is as simple as individual plastic key-cap overlays. You just keep a set with you and customize the keyboard after you have programmed it. Of course, this will have far greater usefulness if every individual is guaranteed his own keyboard, as just sticking 57 - 80 key caps on is terribly time-consuming, not to mention hard to remember. Another possible answer is to have the overlays be joined together so that you just put it in place over the whole keyboard at once. Of course, this is predicated on all keyboards being designed exactly alike : the same number of keys, each key in exactly the same spatial relationship to every other key, etc. This is one of the things I dislike in typing on a new machine ; the only key sequences guaranteed are 1234567890, qwertyuiop, asdfghjkl, and zxcvbnm. The capital letters are of course the same, but the shifted characters on the numbers are not. To have to unlearn my speed typing habits of <shift-2> for <"> and <shift-7> for <'> just because a newly encountered keyboard has a dedicated <"/'> key is repulsive, especially if I am forced to switch between the keyboards frequently. ( Another, similar gripe I have is with the <bs> ( backspace ) vs. <del> ( delete ) keys. On one computer system I deal with, <del> deletes backward on the line you are typing, and deletes forward only if you are on a line already containing characters on both sides, as in a line editor or full screen editor. Otherwise, <bs> just produces <ctrl-H> on the screen. On the other computer system, <bs> operates exactly as <del> on the first system ( except it doesn't even erase the character, it just ignores it ) and <del> does absolutely nothing. There needs to be a standard meaning for <bs> and <del> that terminal drivers for all types of computer systems to which to adhere. End of parenthetical statement. ) Having given my practical side a chance to suggest something cheaper, I now will discuss the technological things that are more fun. A rear-screen projection system might be made more feasible by the use of fiber-optics. It could also theoretically be managed by the use of a complex mirror and prism system projecting upward from below and behind each key. For technical reasons, it might be more practical ( there I go again ) to project the key legends on the front side of the key, rather than the top. On most ordinary keyboards, this is perfectly possible, but I recall seeing some low-profile keyboards ( by Olivetti I think ) where the front of the key would be too small. I also agree with your reservations about the usefulness of such a system in areas with a lot of light. I myself am looking forward with great anticipation to the reflected light video terminal. Presumably based on high speed LCD technology, it would replace the light ( and radiation ) producing CRT with a flat panel which can be read by reflected light. It could be made to look like printed paper merely by adjusting the color of the display and the background, and in fact, just about any contrast of display and background colors could be arranged, either by adjusting the display unit itself, or by ordering your preference from the factory. The technology of such a display could be what we are looking for for the key legend displays. Embed a small display of this type under a durable clear protective cover in the key itself, and feed it the appropriate signals under the keyboard's microcomputer control. Voila. Doug Monk <bro.rice@RAND-RELAY> ------------------------------ From: sdcsvax!davidson@Nosc (Greg Davidson) Date: 10 January 1984 1113-PST (Tuesday) Reply-to: Greg Davidson <davidson@nosc> Subject: Re: The Keyboard as an Output Device To: Makey.DODCSC@MIT-MULTICS I'm afraid I don't agree with Jeff Makey that standardization for keyboard interfaces is likely to happen through current industry practices, though I hope to be proven wrong here. If standardization does not come, then nontraditional keyboards won't make it as long as people don't own all their own equipment. The problem with how many function keys are assumed to be on the mouse is solved when you realize that programs don't have any business knowing how a user wants to emit a given function code. A user might emit codes from function keys mounted on keyboards or mice, by doing a pendown on a stylus, by striking a two handed chord, or by typing a sequence of keys with the control/meta/super/hyper shifts down. A good keyboard/mouse/etc. has locally and remotely programmable keys to adapt to a given program's needs. A good keyboard interface would just be a telephone modular jack for a serial line over which one can send 8 bit bytes. It simply needs to be standard. Finding the right level of abstraction for pointing devices is much harder. Leaving off light pens, which need to be built in anyway, my thought is just to send movement vectors using arbitrary units. The unit should be adjustable by twiddling something on the device. Rather than plugging the pointing device into the computer, it might be better to plug it into the keyboard. Thus, the computer can't tell whether the user used vector keys or a mouse to send a movement code. Many programs read up descriptions of the input devices. For example, in UNIX part of a terminal description is how many function keys exist, the codes they emit, and what string describes them to the user. However, there's no need for a user to be constrained by some programmer's idea of the user's equipment or usage of it. A programmable keyboard with a mouse plugged into it should be able to emulate anything intended to point and generate text and function codes. -Greg ------------------------------ End of HUMAN-NETS Digest ************************