Human-Nets-Request%rutgers@brl-bmd.UUCP (Human-Nets-Request@rutgers) (01/12/84)
HUMAN-NETS Digest Wednesday, 11 Jan 1984 Volume 7 : Issue 9
Today's Topics:
Computer Security - Account Security,
Computers and the Law - Big Computer is Watching You,
Computer Networks - More Networks,
Input Devices - Keypads (2 msgs) &
Keyboards (2 msgs)
----------------------------------------------------------------------
Date: 8 January 1984 23:46 EST
From: Robert Elton Maas <REM @ MIT-MC>
Subject: HOUSE WARE testamony on c.security
I think it's a fine introduction to the myried problems involved. I
have one complaint, the proposed algorithm for preventing
password-guessing.
If the algorithm is to deactivate the account, requiring personal
presence befor reactivation, anybody with the dialup number and a
listing of account names (without password), easily obtainable from
FINGER or from a survey of electronic mail eminating from that site,
can sabotage the system by deliberately faking a failed-login for
first one account then another etc. so instead of getting work done
everybody is making trips in to reactivate their accounts and try to
explain why penetration of their account was attempted. In fact the
legitimate user is in somewhat of a "guilty until proven innocent"
situation, since there's no real evidence that person mistyped hs
password wrong or gave his acount name (without password) to some
random, yet he is punished (being forced to get dressed and commute
and be subject to harassment by his boss) until he convinces them he
knows nothing about it. -- The followup algorithm of deactivating it
again on second saboteur fake-failed-breakin and forcing the
supervisor to file a report with a higher security official, means the
victimized legitimate user will really be harassed next time!
I propose simply hanging up and updating a failed-login account file
after each 3 incorrect passwords. For direct connection terminals,
hanging up is meaningless. I suggest freezing that particular acount
for all hardwired ports after 3 consecutive incorrect passwords and
freezing that particular hardwired port completely after 3 consecutive
account-freezings, both actions to be permanent until such time as a
security person can investigate that port to verify the dumb terminal
(not a "Ralph" computer that has been brought in) is still connected
to that port. After the situation has been investigated an the port
has been reactivated, a decision can be made whether to have increased
surveilance at that port. Alternatively, a security camera can take an
image and FTP it to the security office whenever any wrong password is
entered, and the office can keep any process all such images after
several such attempts, while discarding any random isolated instances
after a few hours.
------------------------------
Date: Tue, 10 Jan 84 11:33:16 EST
From: Stephen Wolff <steve@brl-bmd>
Subject: [Robert Elton Ma: Thoughtcrime]
To: rem@mit-mc
If a database includes only information that is based on solid
evidence, and continually/recurrently rechecks information,
cleans up typographical errors that creep in and deletes any
data that turn out not to be correct or which are based solely
on opinion rather than fact, then I don't think we have much
to worry about.
I.e.,
"Well, if you're not doing anything wrong, why do you care if
somebody watches everything you do and writes it all down?"
Hmmmmm.......
------------------------------
Date: 10 January 1984 22:40 EST
From: Robert Elton Maas <REM @ MIT-MC>
Subject: [Robert Elton Ma: Thoughtcrime]
To: steve @ BRL-BMD
Date: Tue, 10 Jan 84 11:33:16 EST
From: Stephen Wolff <steve@brl-bmd>
"Well, if you're not doing anything wrong, why do you care if
somebody watches everything you do and writes it all down?"
If I commit a crime and am convicted of it, I would expect that fact
to be in the FBI database. I wouldn't expect to be able to claim that
such inclusion is an invasion of my privacy. If I haven't been
convicted of any crime, I should be able to challange any database
entry that claims I have been so convicted. That's what I was getting
at, this legal info is proper business of the FBI, providing it
contains only true&authenticated claims.
When we get into stuff that's my own personal business in the first
place, I agree with your point, the FBI has no business having *any*
of it, regardless of its correctness, except temporarily during
investigation of me for some crime where I'm a suspect. (Like what
time I usually leave home to go to folk dance may be useful in
planning a stakeout.) But after the case is closed, the info should be
flushed from the FBI database.
<Opinion of REM>
------------------------------
Date: 9-Jan-84 19:59 PST
From: Kirk Kelley <KIRK.TYM@OFFICE-2>
Subject: Re: the proliferation of networks
Here's an interesting one. The AUGMENT Mail Network consists of about
fifteen large hosts (last count) supporting tens of users each. About
half the hosts are on the Arpanet and all but a few are on Tymnet.
The primary gateway host is called "Office" on the ARPANET. Addresses
are of the form user.org, where user is one of your identifiers and
org is usually a short name for your employer. The org database keeps
track of where users want their mail delivered, among other things.
Addresses with at-signs are assumed to go out to the Arpanet.
Addresses on other mail systems (e.g. OnTyme) are enclosed in curly
braces with the mail system name appended. AUGMENT is publicly
available from the Office Automation Division of Tymshare.
-- kirk
------------------------------
Date: Fri, 6 Jan 84 7:05:17 EST
From: Chuck Kennedy <kermit@brl-vgr>
Subject: IBM 0
To: andyb%dartvax@brl-bmd
Yes, I just checked the IBM model 026 next door and it does indeed
have the 0 above the other digits. Cards, yuck!!!
-Chuck Kennedy
<kermit @ brl>
------------------------------
From: dciem!ntt%utzoo@BRL-BMD.ARPA
Date: Tue, 10 Jan 84 09:43:44 est
Subject: Telephone keypad
A point which has not been mentioned is that the telephone keypad is
not only a numeric pad, but also has letters, which are in
alphabetical order. If the rows were permuted, so would be the
alphabet.
Incidentally, the assignment of letters to numbers is not the same
wherever letters are used; I have seen British telephones with O and Q
assigned to 0, whereas in North America M, N, and O are assigned to 6.
Mark Brader
------------------------------
Date: Tue, 10 Jan 84 13:42:58 CDT
From: Doug Monk <bro.rice@RAND-RELAY>
Subject: Re: The Keyboard as an OUTPUT device
With 'soft' keyboards ( i.e., programmable keyboards that can
be made to send any given character or sequence of characters when any
given key is hit ) a rapidly approaching possibility, I may be able to
solve a long-standing problem of my own : on a QWERTY keyboard it
*always* takes me at least two tries to type 'change' instead of
'chnage', and 'the' comes out 'teh' a lot. With programmable
keyboards, we might all come up with our own designs, customized for
our own personal idiosyncracies, muscular and tendon faults, and
vocabularies.
Make the keyboards read and store the key design from little
magnetic strips... Hmm, but how to get the imprint on top of the key
to reflect what the key will transmit when hit ? Little LED arrays
that read the key design as well ? Suddenly the keyboard is an OUTPUT
device.
As far as the problem of per-key displays : ANY sort of
intelligent key-cap display is EXPENSIVE, no matter what type of
technology you use. So perhaps the answer is as simple as individual
plastic key-cap overlays. You just keep a set with you and customize
the keyboard after you have programmed it. Of course, this will have
far greater usefulness if every individual is guaranteed his own
keyboard, as just sticking 57 - 80 key caps on is terribly
time-consuming, not to mention hard to remember. Another possible
answer is to have the overlays be joined together so that you just put
it in place over the whole keyboard at once. Of course, this is
predicated on all keyboards being designed exactly alike : the same
number of keys, each key in exactly the same spatial relationship to
every other key, etc. This is one of the things I dislike in typing on
a new machine ; the only key sequences guaranteed are 1234567890,
qwertyuiop, asdfghjkl, and zxcvbnm. The capital letters are of course
the same, but the shifted characters on the numbers are not. To have
to unlearn my speed typing habits of <shift-2> for <"> and <shift-7>
for <'> just because a newly encountered keyboard has a dedicated
<"/'> key is repulsive, especially if I am forced to switch between
the keyboards frequently.
( Another, similar gripe I have is with the <bs> ( backspace )
vs. <del> ( delete ) keys. On one computer system I deal with, <del>
deletes backward on the line you are typing, and deletes forward only
if you are on a line already containing characters on both sides,
as in a line editor or full screen editor. Otherwise, <bs> just
produces <ctrl-H> on the screen. On the other computer system,
<bs> operates exactly as <del> on the first system ( except it
doesn't even erase the character, it just ignores it ) and <del>
does absolutely nothing. There needs to be a standard meaning for
<bs> and <del> that terminal drivers for all types of computer
systems to which to adhere. End of parenthetical statement. )
Having given my practical side a chance to suggest
something cheaper, I now will discuss the technological things
that are more fun.
A rear-screen projection system might be made more feasible by
the use of fiber-optics. It could also theoretically be managed by the
use of a complex mirror and prism system projecting upward from below
and behind each key. For technical reasons, it might be more practical
( there I go again ) to project the key legends on the front side of
the key, rather than the top. On most ordinary keyboards, this is
perfectly possible, but I recall seeing some low-profile keyboards
( by Olivetti I think ) where the front of the key would be too small.
I also agree with your reservations about the usefulness of
such a system in areas with a lot of light. I myself am looking
forward with great anticipation to the reflected light video
terminal. Presumably based on high speed LCD technology, it
would replace the light ( and radiation ) producing CRT with
a flat panel which can be read by reflected light. It could be
made to look like printed paper merely by adjusting the color
of the display and the background, and in fact, just about
any contrast of display and background colors could be arranged,
either by adjusting the display unit itself, or by ordering
your preference from the factory.
The technology of such a display could be what we are looking
for for the key legend displays. Embed a small display of this type
under a durable clear protective cover in the key itself, and feed it
the appropriate signals under the keyboard's microcomputer control.
Voila.
Doug Monk
<bro.rice@RAND-RELAY>
------------------------------
From: sdcsvax!davidson@Nosc (Greg Davidson)
Date: 10 January 1984 1113-PST (Tuesday)
Reply-to: Greg Davidson <davidson@nosc>
Subject: Re: The Keyboard as an Output Device
To: Makey.DODCSC@MIT-MULTICS
I'm afraid I don't agree with Jeff Makey that standardization for
keyboard interfaces is likely to happen through current industry
practices, though I hope to be proven wrong here. If standardization
does not come, then nontraditional keyboards won't make it as long as
people don't own all their own equipment.
The problem with how many function keys are assumed to be on the mouse
is solved when you realize that programs don't have any business
knowing how a user wants to emit a given function code. A user might
emit codes from function keys mounted on keyboards or mice, by doing a
pendown on a stylus, by striking a two handed chord, or by typing a
sequence of keys with the control/meta/super/hyper shifts down.
A good keyboard/mouse/etc. has locally and remotely programmable keys
to adapt to a given program's needs. A good keyboard interface would
just be a telephone modular jack for a serial line over which one can
send 8 bit bytes. It simply needs to be standard.
Finding the right level of abstraction for pointing devices is much
harder. Leaving off light pens, which need to be built in anyway, my
thought is just to send movement vectors using arbitrary units. The
unit should be adjustable by twiddling something on the device.
Rather than plugging the pointing device into the computer, it might
be better to plug it into the keyboard. Thus, the computer can't tell
whether the user used vector keys or a mouse to send a movement code.
Many programs read up descriptions of the input devices. For example,
in UNIX part of a terminal description is how many function keys
exist, the codes they emit, and what string describes them to the
user. However, there's no need for a user to be constrained by some
programmer's idea of the user's equipment or usage of it. A
programmable keyboard with a mouse plugged into it should be able to
emulate anything intended to point and generate text and function
codes.
-Greg
------------------------------
End of HUMAN-NETS Digest
************************