Human-Nets-Request%rutgers@brl-bmd.UUCP (Human-Nets-Request@rutgers) (11/19/83)
HUMAN-NETS Digest Friday, 18 Nov 1983 Volume 6 : Issue 76
Today's Topics:
Computers and People - Hackers &
Junk Mail (2 msgs),
Computers on TV- Computers in the Media &
The Whiz Kids tapping into police dispatching network,
Computer Mailers - MCI Mail : Small step upward, or bust? (3 msgs)
----------------------------------------------------------------------
Date: Thu 17 Nov 83 15:41:30-MST
From: Walt <Haas@UTAH-20.ARPA>
Subject: Hackers
The following is quoted from /The Chronicle of Higher Education/,
Volume XXVII, Number 12, November 16, 1983, page 16:
PROGRAMMING STYLE CAN IDENTIFY STUDENT
COMPUTER 'HACKERS', EXPERT SAYS
By Judith Axler Turner
NEW YORK
A student's computer-programming style can often help identify whether
he is likely to become a "hacker" - someone who breaks into a computer
system electronically and manipulates the information it contains. So
says Seymour Papert, professor of mathematics and education at the
Massachusetts Institute of Technology.
Once identified, the potential hacker can be turned to more acceptable
pursuits, Mr. Papert told a national conference on computer security
last week in New York.
Coping with such individuals was a major preoccupation of the
conference, which drew 1,000 representatives from business and
industry, as well as from colleges.
3 TYPES OF PROGRAMMER
Mr. Papert said he had identified three principal types of programmer,
whose styles are common to both adults and young people:
> The extremely structured programmer, who thinks everything through
and organizes his program before writing it.
> The "artistic" programmer, who doesn't know in advance exactly what
she wants. (More girls and women fall into this group than into
the other two, Mr. Papert said.)
> The programmer who is "living dangerously," testing the limits of
the computer and associating more with the machine than with people.
Some evidence of his reluctance to be involved is in his program:
only the writer can read and understand it.
It is this third type of programmer who is likely to become a hacker,
Mr. Papert said. He recommended that teachers recognize the
tremendous programming talents of such a student and use them to the
class's advantage, making the student a resource for other students.
Trying to force such a student into another programming style might
push him toward hacking, Mr. Papert said.
"Being solicited as a computer expert gives this kind of programmer
more contact with other people than ever before," Mr. Papert said.
HACKERS CALLED AN ASSET
Gill Pratt, an M.I.T. graduate student in computer science, told the
conferees, most of whom were from business and industry, that hackers
could be an asset to them.
Mr. Pratt suggested that industrial computer systems be made easy to
break into electronically, and be fitted with "cameras" - tracking
devices that record what the hackers do when they are playing around
with the system. This, Mr. Pratt said, would help computer-system
managers identify bugs.
Hiring those who have been able to invade the computer system, a
practice once widely accepted in industry, is a bad idea, Mr. Pratt
said. Not only does it encourage hacking, but it pits hackers and
former hackers against one another. "You don't want to turn the
computer system into a battlefield," he said.
ETHICS OF COMPUTERS
Colleges and schools have a responsibility to instill in their
students the ethics of computers, said Donn B. Parker, senior
management-systems consultant for S.R.I. International (formerly
Stanford Research Institute), a computer research-and-development
company in Menlo Park, Cal.
"We do it in driver training," he said. "There is no reason why it
should not be done for young people coming into our technology. We
need a coordinated effort to turn valuable kids around and give them a
better direction to follow.
"We have to change the values of these kids so they know it is not
nice, not acceptable to hack."
But at least one person at the conference argued that colleges should
encourage hacking, at least in a controlled form.
"If colleges want to produce good programmers, they need to provide a
'hacking' environment," the editor of /TAP/, a newsletter for hackers,
said in an interview.
The editor, who called himself "Cheshire Catalyst," said the best
programmers were all hackers or former hackers.
"Lots of my hacker friends are getting jobs in the real world now," he
said. "They are putting their hacking in the closet with the other
skeletons. But without their hacking background they wouldn't be good
enough programmers to get a job. In order to be good, you have to be
a hacker in the programming world."
He said he thought it would be good if beginning computer students
were taught how to "crash" the system - i.e., cause the computer to
stop.
"After that," he said, "crashing the system is no fun any more. At
this point, finding the bugs and patching them is more clever. Peer
pressure doesn't push toward crashing the system any more."
A 'HACKING ENVIRONMENT'
A college could set up a "hacking environment" in a program similar to
the California Institute of Technology's "Senior Day", when seniors in
engineering are called upon to defend their dormitory rooms against
assault from underclassmen, he said. Clever engineering skills are
often used to keep the rooms from being breached.
According to the editor, /TAP/ is a four-page newsletter published 10
times a year. It was started in 1971 as the newsletter of the Youth
International Party, or the Yippies, the left-wing counter-culture
group. The number of subscribers, many of whom are college students,
is "in four figures," he said, but that is only an estimate because
/TAP/'s office was broken into this summer and its subscriber
information was stolen.
------------------------------
Date: 16 November 1983 05:30 EST
From: Jerry E. Pournelle <POURNE @ MIT-MC>
Subject: Junk Mail
There's and even worse trick: onj the envelope it says "Bureau
of Verification" or some such. It resembles the audit dept.
stuff from stock brokers and credit card people.
It has got to the point where we have an associate --not
an assistant but an associate--to open ALL mail, junk or not,
because you cannot tell the one from the other without
looking...
TRhis has to stop but I dunno how.
Excuse typos, I fell in pool tonight and bruised hand
something wonderful
------------------------------
Date: Thu, 17 Nov 83 02:40 EST
From: "Robert W. Kerns" <RWK%SCRC-YUKON@MIT-MC.ARPA>
Subject: Jumk Mail
Date: Friday, 11 November 1983, 12:05-PST
From: cwr at SCRC-Tenex
Actually, it is to our advantage that junk mail comes with
ridiculous claims on the outside ("You may have wone the trip
of your dreams"). Such envelope decoration immediately marks
the item as junk mail and can be trashed immediately.
Yes, but there is a new trick which is real annoying. I get lots
of junk mail these days (often requests for contirbutions to this
or that lobbying group) with nothing on the outside of the
envelope besides my address.
Well, I always check to see if they paid for first-class postage.
Some, particularly political advertisements in the recent Boston
elections, will pay first-class, but it does eliminate most of them.
------------------------------
Date: 17 November 1983 04:03 est
From: SSteinberg.SoftArts at MIT-MULTICS
Subject: Computers in the Media
Since everyone bitches about how much reporters misunderstand
computers I figured I'd dump in a positive note. This is from
the 11/9/83 Variety (national) in a review of the TV special
Princess Daisy:
... What difference does it make that Claudia Cardinale
talks like Maria Ouspenskaya? What difference does it
make that the plot and dialog sound like they were created
on a computer with an 8K memory?
Being a Judith Krants fan and having seen the show I'll second
that 8K figure. 4K and it would have become incoherent. 16K
and it might have been vaguely intriguing. Kudos to the folks
at Variety who seem to have some idea of what a computer is!
------------------------------
Date: 17 November 1983 00:24 EST
From: Robert Elton Maas <REM @ MIT-MC>
Subject: Whiz Kids - tapping into police dispatching network
Tonite's episode of Whiz Kids is rather scary and believable. Some of
what I say below is my best guess based on the symptoms, and some is
factual data from what is said or portrayed.
The LA Police Department installs a computerized dispatching system,
with no voice backup. Apparently it uses a non-public-key cryptosystem
such as DES, where a "CMOS decoder chip" plus the secret key plus some
radiotelecommunication and computing equipment is all that one needs
to both eavesdrop and forge police-dispatcher messages.
Criminals get all the equipment and encryption key, commit armed
robberies, wait for a police car to be dispatched, then wait a few
seconds and send a "cancel 211, crank call" message. The police go
back to regular duty and never arrive at the scene, while the central
dispatcher still shows them on the 211 call. Later they use a slightly
different technique, they jam the police computer with vehicle license
requests, hundreds per minute, to prevent any response at all to a
theft of 30 million dollars worth of synthetic interferon at the
airport.
I'm worried that such a vulnerable system, where keys need to be
communicated around and they can be intercepted by criminals, might
actually be used. I'd prefer a public-key cryptosystem, where each
police car and the central dispatcher computer pick random new codes
every so often, and only the public part of the key is communicated.
Thus only the one computer which randomly picked a key can use it to
encode message "originated" from that computer, and not even the
officers who use that computer know the key, thus it's impossible for
somebody to find out the key and install it in a clandestine computer,
and if a double key system is used (encrypt with private key of sender
and public key of recipient) it's impossible for anyone other than the
recipient to discover the contents of any message and impossible for
anyone other than the sender to create a properly-encoded message. The
only way anyone could then compromise the system would be to hijack a
police car, in which case only messages from that car could be forged,
not messages from the dispatcher, or for a powerful transmitter to
simply block signals, which is possible now but never happens because
such powerful transmitters are easy to locate.
By the way, these "CMOS decoder" chips are purchased at what looks
exactly like a Radio Shack store, although all brand names were
carefully hidden (I'll give the producers of that show a lot of credit
for that!). By coincidence the chief whiz kid happens to go in to buy
the decoder chip, to tap into the computer to find out if it's
possible and to locate the bad guys, just as one of the bad guys is
buying a replacement for one that was zapped by static discharge.
------------------------------
Date: 16 November 1983 04:47 EST
From: Robert Elton Maas <REM @ MIT-MC>
Subject: MCI Mail - Small step upward, or bust?
The question to ask isn't whether MCI mail is better than MM or
RMAIL/BABYL etc. that we on Arpanet have gotten spoiled with, but
whether it's better than the various bulletin boards that are on 8080-
and 6502-based systems. I.e. are the general public getting something
better than what was available before? If so, it's a step towards the
even better stuff we are spoiled on. If not, it's a true bust.
So I put to you, how does it compare to your local microcomputer bbs
in user interface?
------------------------------
Date: Wed 16 Nov 83 09:26:19-EST
From: Janet F. Asteroff <US.JFA@CU20B>
Subject: MCI Mail
Ok, MCI mail isn't the best thing since sliced bread. And the hype has
been big enough to obscure the fact that if you want to keep your
messages, you have to pay for storage. But the other day I knocked off
a 3 page letter to a friend in Florida, who is not online at all.
Saved me the great trouble of looking for stamps, which I don't ever
have, and let me sit at my terminal instead of printing it out.
Still, MCI mail was not designed for people like us. It was designed
for folks who work in corporations, from secretary to CEO, who want to
use email instead of moving paper. Now, this does not mean that we
should allow its crummy features to go unnoticed, just because it
isn't for us.
A direct command structure would have been nice, in addition to the
menus. All that menu stuff is time consuming, and there are lots of
regular people who will learn it well enough to dispense with it.
Aside from a few bugs...it looks like a fine system, particularly when
compared to the mail systems available on The SOURCE, or COMPUSERVE.
Those are somewhat more like MM, but the editors are awful. Actually,
I thought the editor in MCI mail was the best I have seen for a dial
service. Software packages, like PROFS or All-In-1 are a different
story.
By the way, doese anyone know who out there is doing state-of-the-art
research in email--human factors, use, functions, socio-political
aspects?? And can pass that name(s) along to me? I heard MIT
political scientist Ithiel de Sola Pool the other night talking from
his new book Technologies of Freedom. He made the grand sweep from
19th century print and postal service up through bboards and Arpa,
free speech, wiring Egypt. He was great!! He is not, however,
working on email.
/Janet
------------------------------
Date: 16 November 1983 23:46-PST (Wednesday)
From: Tony Li <Tli @ Usc>
Subject: MCI Mail - Small step upward, or bust?
Ok, ok, I'll admit it. I'm spoiled. I'm a Babylonian. So my mailer
is friendly. But MCI isn't.
Now, this is gonna be tough for you to believe, but I haven't ever
played with any of the Rcp/m systems, or the local micro dialups. But
I really think that at the level that we write software on micros,
someone must be able to do better with even an 8080.
But I think that there's a big difference. Realize that this is the
first commercial electronic mail system. It's going to make a big
influence on businessmen regardless of its quality. The businessman
doesn't give a whit whether the processor is a Cray, a Vax or a Z-80.
He expects competent service, and reasonable ease of use.
I contend that MCI does not offer either of these. Clearly, given a
Vax, someone can do better. It's just not that hard. If you don't
believe, sign up. Registration is free, and as long as you don't send
a message, there are no charges. So try it and hate it! Now, go give
an assignment to a bunch of frosh who are just learning Pascal. Sure,
it'll take 'em a while, but I'd bet that the frosh can do a much
better job.
Ok, Rob, yes, it is a small step upward. This type of service has not
been commercially available ever. But it's a bust in that it will
leave customers dissatisfied, and that it will leave a bad impression
on the industry.
Cheers,
Tony ;-)
------------------------------
End of HUMAN-NETS Digest
************************