Human-Nets-Request%rutgers@brl-bmd.UUCP (Human-Nets-Request@rutgers) (11/18/83)
HUMAN-NETS Digest Thursday, 17 Nov 1983 Volume 6 : Issue 75
Today's Topics:
Responses to Queries - USENET net.general &
Digestion,
Computers and the Law - Use of the Company Computer &
Am I protected from my employer? &
Sensitive data &
Re: Why break into Computers? &
File Privacy and Crime,
Informations - More Cameras on street corners &
Human computer interface
----------------------------------------------------------------------
Date: Thu 17 Nov 83 06:29:06-CST
From: Werner Uhrig <CMP.WERNER@UTEXAS-20.ARPA>
Subject: Re: USENET net.general
(first a quick answer to the question - then some explanations)
Q: Can someone tell us what the USENET net.general group
discussions are like? How do they differ from Human-Nets? Is
it technically feasable to allow cross communication? Would
it be worth while?
A: the purpose of "net.general" is to contain ONLY information,
which is of ESSENTIAL interest to EVERYONE on the net and
reading it should be OBLIGATORY for nearly every user type.
So, no discussions, nothing like HUMAN-NETS at all, as a
matter of fact there is nothing like it on ARPANET. RE:
cross-communications. many/most (but not all) ARPANET bboards
are distributed on USENET and contributions reach us back here
on ARPA via certain Gateway-machines which are connected to
both nets. As a matter of fact, groups like CPM and TELECOM
seem to get the majority of their contributions from USENET.
In general, the technology and purpose of USENET differs significantly
from ARPANET in that
- mail and news are "philosophically" different on USENET. mail
(user-to-user) is handled by UUCP, whereas news is "broadcast" via
USENET (system-to-system)
- most communication-links between USENET machines are "offline", i.e.
not available on user-demand for information exchange. systems
exchange mail and news via dial-up lines during hours of little
demand only, usually.
- the name of a news-group often includes both an indication of its
purpose and contents, as well as its "distribution-area". For
example, the group 'general' comes in such (site-specific)
variations as 'ut.general', 'austin.general', 'tx.general',
'net.general', 'att.general', 'nj.general', etc.
(I had more, but decided to reduce the volume. Maybe, 'The Editor'
can add pointers to earlier postings, which describe more about
USENET and UUCP, if such exist. On request, I may try to go into
more details, but I'd rather hope some "real" expert on the matter
might be motivated to do that)
------------------------------
Date: 16 Nov 1983 18:02 EST
From: Dan Hoey <hoey@NRL-AIC>
Subject: Digesting and ending
There have recently been discussions in Human-Nets (V6 #71) about
standards for separating the messages in a digest. This recalls a
discussion begun by Bill Wells in MsgGroup this past May (among
messages 2017-2054) about the need for ending markers in messages.
Mabry Tyson notes that you can't use ``separators the way it is
currently done.'' The problem is that any fixed sequence that marks
the end of messages may be included in the body of a message, leading
to false recognition of the end of the message. Many message systems
use some quoting scheme to prevent the ending string from occurring in
the message. These schemes have led to such abominations as
extraneous angle brackets on lines beginning with the word ``From''
and duplication or removal of periods at the beginning of lines.
Mabry suggests using a character count at the beginning of each
message, and notes several problems involving CR LF versus LF, NULs,
and the previously-mentioned abominations. These problems are easily
overcome by using a line count instead of a character count, but I
still find the scheme distasteful: remember how hard it is to read
Fortran's 9HHollerith specifications for strings?
Fortunately, there is a solution to the problem. Given any message,
it is fairly easy to find a string that does not occur in the message.
Such a string may be used to mark the end of the message. The string
itself can be mentioned in the message header, so that a reader seeing
the beginning of the message will know where the end is. Thus:
Date: 16 Nov 1983 18:02 EST
From: Luser@Random-Site
End-marker: XYZ
Message not containing that string.
End-of-message: XYZ
An added frill is to reverse the string in the message header, in our
example ``End-marker: ZYX''. This prevents the end marker from
occurring anywhere in the message, even in the header, and yields the
amusing bonus of allowing a context-free syntax for messages.
I dearly hope that there will be some work done to make message
endings more recognizable by humans and machines.
Dan Hoey
hoey@NRL-AIC
------------------------------
Date: 16 Nov 83 1140 PST
From: Robert Maas <REM@SU-AI>
Subject: Use of company computer or other facilities
In regard to the proposed "computer crime" law, we discussed the use
of company computer for personal things such as bowling league records
or personal messages via electronic mail, and compared it to use of
other company facilities such as telephone or pencils. Now an actual
case has turned up where somebody (chief of police of Emoryville, CA,
I think; unfortunately it hasn't reached the AP or NYT, only local TV
news, so I can't get any more details) was fired for misconduct,
including personal use of government facilities. I have no idea
whether it was something trivial such as using desk space and on-work
time for keeping a personal phone list (analagous to using disk space
and computer time), or something major like renting out government
buildings or vehicles and keeping the money personally. It would be
interesting to compare this case with the misuse of computers that
would be covered in proposed computer crime laws, if I could only get
details as to the exact kind of personal use involved. Does anybody
have more info on this case?
------------------------------
Date: 16 Nov 83 09:05:10 PST (Wed)
From: Katz.uci-750a@Rand-Relay
Subject: Re: File Privacy (Am I protected from my employer?)
I don't know whether I am protected from all snooping by my employer,
but I remember that it is illegal to tap your telephone without
notification. This would probably also protect the data being
transferred over public lines, but I don't think that federal law
protects non-personnel data within a system. Maybe this is an area
where new legislation is needed?
------------------------------
Date: 16 November 1983 23:30 cst
From: RSaunders.TCSC at HI-MULTICS
Subject: Re: Crackers and sensative data (H-N V6#74)
I would like to reply to Katz.uci-750a and others that have suggested
that computers on public networks are not good places for sensative
data. I am typing this from a TI-700 (antique) in my hotel room.
>From this same terminal I have been able to keep up with business
activities going on in my home office 1500 miles away. I am able to
exchange messages with people who are 3-5 hours off in time from my
current time zone. This is not an unusual use of this system, many
members of my company's legal department use the system to get
opinions from office to office. Is this information sensative? YES.
Is this information protected from abuse by others? OF COURSE. You
talk about keeping intruders from gaining the amount of access the
average user has. I have no complaint about this, however, I don't
have access to the legal briefs being sent to my home office. The
question is not keeping everybody off your system, but keeping
everybody on your system from getting at sensative information they do
not need. I don't care how it is that somebody manages to get onto
HI-Multics, they still don't to read the pricing and proposal material
I am working on. The burden or responsibility is on the people
storing the sensative data not to give it out to anybody, just because
they are logged in. If some random person asks you to give them
access to a sensative file and you do it then there is no reason to
bitch at them about violating your security. I realize that I am
using Multics, and many others out there are not equiped with
equivalent systems, but I can make the same kind of arguments hold in
most Operating Systems I know of. We must be careful not to
over-react to the stupid things that some people have done (not
deleting people when they no longer have right to access the system,
letting people pick any old password they want, puting sensative data
in files with RW access for the whole world, ......) and put the blame
on the computers or the networks. The blame is purely on us! We put
the data there, We set the access, and We forgot to dump Fred's
account after he died. If we jump and screem that computers are no
good for secure information then how can we expect the uneducated of
the world (the press, the TV writers, our bosses, ...) to understand
what is going on.
I would like to put out a call for each of us to look at our
local systems and point out to those in charge of them that security
is a well understood problem that has been solved. We should motivate
them to put in the effort, thats all it takes, to make our system
secure. Even if you are not aware of any problems at your site you
can help the powers-that-be rest easier at night by knowing they are
not going to be the next LA Times headline. They will thank you for
it and hopefully this whole issue can return to the obscurity it
deserves. If you feel this cannot be done on your present system,
send me mail and I will put you in touch with your nearest Multics
salesman.
Randy Saunders
RSaunders @ HI-Multics
------------------------------
Date: 16 November 1983 05:26 EST
From: Jerry E. Pournelle <POURNE @ MIT-MC>
Subject: Why are hackers spending all this time breaking into
This was really an excellent essay, more than worth the time
required to read and ponder it.
I can offer one suggestion as to what bright people can
do with their time.
Join the L-5 Society (or equivalent) and put that talent
to work for the real future...
------------------------------
Date: 17 November 1983 05:25 EST
From: Jerry E. Pournelle <POURNE @ MIT-MC>
Subject: [Larry Layten (D: File Privacy]
Leaving the LAW aside, we have here (the case of the FBI
becoming upset when a baby sitter phone number was found in a
gov employee's computer files) a case of imbecilic management.
That is: suppose the government furnishes me with a
Roladex. Would they not suppose I would keep my home number,
and the baby sitter number, and other matters for my convenience
and continued effectiveness in it? If I couldn't, t hen I
would, I suppose, have to buy my own; or is it contended that I
have no right to HAVE a baby sitter's phone number anywhere in
my place of work? In which case the remedy is obvious; one
cannot need a job THAT badly.
Ditto for the recipe: if I kept it in a government file
cabinet assigned to me, is that a crime?
I don't know whether legally the government had the
right to do the full dump searches, although I suspect they did
and should; but it was an act of monumental stupidity to
EXERCISE that right.
Incidentally, how about prosecuting the CID officer, and
the FBI Regional Director for wasting government resources in
conducting futile searches?
------------------------------
Date: 15 Nov 83 23:31:21 PST (Tuesday)
Subject: Re: Cameras on street corners
From: Bruce Hamilton <Hamilton.ES@PARC-MAXC.ARPA>
I think the Santa Monica Freeway in Los Angeles has radar guns + TV
cameras mounted on signposts, for remote-control speeding tickets.
--Bruce
------------------------------
Date: Tue, 15 Nov 83 04:33:22 CST
From: Stan O. Barber <sob.rice@Rand-Relay>
Subject: Human computer interface
Hi there. This is a note of introduction to those of you
who are interested in the area of human-computer interfacing.
Until now, most research in this area has been done
by people in the Computer Science area as well as some
more general research (mostly display formatting work) by
engineering psychologists.
I am in the latter group, but I am a bit unusual in that I
am also a computer programmer (mostly contract work) and have
some understanding of the what is happening in computer science
(at least the flavors served at Rice and in the Houston area).
What I would like to encourage in dialogue in this area among
computer science and psychology folks. Being on the fence, I
see how both groups could benefit from such a dialogue.
If you'd like to debate that point, or just have some thought
to share in this direction, please pass them along.
Who knows, maybe this would be popular enough to have it's
own SIG!
Stan Barber, Department of Psychology
Rice University
sob@rice
------------------------------
End of HUMAN-NETS Digest
************************