[RISKS] Risks Digest 27.55

RISKS List Owner risko at csl.sri.com
Thu Oct 17 15:14:31 PDT 2013


RISKS-LIST: Risks-Forum Digest  Thursday 17 October 2013  Volume 27 : Issue 55

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks)
Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
  <http://catless.ncl.ac.uk/Risks/27.55.html>
The current issue can be found at
  <http://www.csl.sri.com/users/risko/risks.txt>

  Contents:
GPS map leads to border crossing and shooting (Scott Nicol)
"The shutdown gets real for science and high tech"  (Robert X. Cringely
  via Gene Wirchenko)
"How federal cronies built -- and botched -- Healthcare.gov"
  (Serdar Yegulalp via Gene Wirchenko)
Health care exchange still plagued by problems (Kelly Kennedy via
  Monty Solomon)
How applying to college just got a lot harder (David Strom via
  Gabe Goldberg)
Food Stamp Debit Cards Failing To Work In 17 States (Monty Solomon)
Majority of Brits fail to back up their important data (Monty Solomon)
"Web sites tracking users using fonts, Belgian researchers find"
  (Candice So via Gene Wirchenko)
Smart meter deployments to double market revenue of wireless modules
  (Bob Frankston)
"Apple's claim of unbreakable iMessage encryption 'basically lies'"
  (Jeremy Kirk via Gene Wirchenko)
Re: "We can't let the Internet become Balkanized" (Sam Steingold)
Re: Founding Fathers (Richard A. O'Keefe)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Thu, 17 Oct 2013 15:18:58 -0400
From: Scott Nicol <scott.nicol at gmail.com>
Subject: GPS map leads to border crossing and shooting

A 16-year old boy from a small town in eastern Ontario stole a car, picked
up his girlfriend and headed east. A few police chases and stolen cars
later they ended up in Sherbrooke Quebec, where they stole another car. Not
far from Sherbrooke is the US border, which they promptly crashed through
and were shot at.

http://www.ottawasun.com/2013/10/15/ontario-runaways-nabbed-in-maine
http://www.ottawasun.com/2013/10/16/wrong-turn-at-border-maine-cops-probe-ottawa-valley-teens-crime-spree

Speculation as to why the kids entered the US points towards a GPS map
routing. Apparently they were headed for the Maritimes, which are the
eastern-most provinces of Canada. If you go to google maps and ask for a
routing from Sherbrooke, QC to St John, NB, all of the options go through
the US. There is a small yellow banner at the top of the directions that
reads "This route crosses through the United States".

http://goo.gl/maps/n5b0I

On an android phone the warning is in small print with a yellow triangle to
the left of it. This is the same yellow triangle you see when maps warns
about tolls on a route. Once you enter navigation there appears to be no
warning at all.

If you're on the run you probably won't notice the warning regardless. But
even if you aren't on the run, it's easy enough to just click "navigate"
and then any warning disappears.

------------------------------

Date: Tue, 15 Oct 2013 13:33:48 -0700
From: Gene Wirchenko <genew at telus.net>
Subject: "The shutdown gets real for science and high tech"
  (Robert X. Cringely)

Robert X. Cringely | InfoWorld, 14 Oct 2013
Think the shutdown only hits panda cams and national parks? Hardly --
scientific research will feel impact for years to come
http://www.infoworld.com/t/cringely/the-shutdown-gets-real-science-and-high-tech-228739

------------------------------

Date: Tue, 15 Oct 2013 13:31:23 -0700
From: Gene Wirchenko <genew at telus.net>
Subject: "How federal cronies built -- and botched -- Healthcare.gov"
  (Serdar Yegulalp)

Serdar Yegulalp | InfoWorld, 14 Oct 2013
Many contractors for Healthcare.gov site seem to have been picked
based on past government work rather than IT expertise
http://www.infoworld.com/t/e-government/how-federal-cronies-built-and-botched-healthcaregov-228724

------------------------------

Date: Wed, 16 Oct 2013 23:35:41 -0400
From: Monty Solomon <monty at roscom.com>
Subject: Health care exchange still plagued by problems (Kelly Kennedy)

Kelly Kennedy, *USA Today*, 16 Oct 2013
http://www.usatoday.com/story/news/nation/2013/10/16/exchanges-two-weeks-in/2989723/

Cloud devs: We could have saved buggy HealthCare.gov
Christina Farr, VentureBeat
Oct 14 2013
http://venturebeat.com/2013/10/14/cloud-devs-we-could-have-saved-buggy-healthcare-gov/

Why healthcare.gov has so many problems
Steven Bellovin, Special to CNN, 15 Oct 2013
http://www.cnn.com/2013/10/14/opinion/bellovin-obamacare-glitches/

------------------------------

Date: Tue, 15 Oct 2013 16:31:09 -0400
From: Gabe Goldberg <gabe at gabegold.com>
Subject: How applying to college just got a lot harder (David Strom)

New software version flawed. Imagine!

- - ------ Original Message --------
Date: Tue, 15 Oct 2013 07:43:45 -0500
From: David Strom <david at strom.com>
Subject: David Strom's Web Informant: How applying to college just got a lot harder
To: webinformant at list.webinformant.tv

Web Informant, 15 Oct 2013

We've all heard the stories about a broken website that was overwhelmed with
visitors and was inadequately tested. But unless you have a high school
senior in your home, you may not have heard about another website besides
the much-flogged HealthCare.gov (that I and many others wrote about). I am
talking about the common application website for college admissions.

About 500 out of the nation's several thousand colleges and universities
support this site, which allows them to eliminate paper student admissions
applications. The idea dates back to when I was applying for college, when a
common paper-based application was put in use. Later it went
digital. Trouble is, the latest version of the common app is seriously
broken and has prevented many kids from applying to the colleges of their
choice. Given the high stakes involved, it is a serious problem.

The best press coverage about the breakdown has been from Nancy Griesemer in
examiner.com <http://examiner.com> where she lists work-arounds for the
students and chronicles the troubles of CommonApp, as it is known, has gone
through since they did a major overhaul this past summer. "The
implementation has been terrible," one college admissions IT director told
me. "Applicants have had difficulties in creating and completing their
application, school officials have had problems in submitting transcripts
and recommendations, and major changes in how the information is delivered
to colleges have happened without sufficient time for schools to adapt and
test their systems. We needed more lead time."

This director isn't alone: many college admissions officers vented their
frustrations at their annual meeting last month in Toronto, where some said
they couldn't get satisfactory answers from the CommonApp staff.  There were
lots of things that should have been caught before being implemented. For
example, a payment processor routine that takes two days to send a
confirmation receipt, so many kids are paying multiple times. Or a signature
page that is so well hidden that students didn't find it to sign their
apps. As a result, their apps are never delivered to the college. Or those
all-important student essays turn into gibberish under some circumstances,
due to a faulty text import routine.  Supposedly, these issues are being
fixed literally right now. It makes the HealthCare.gov site look like a
well-run place.

The CommonApp processes more than a million applications a year, and is the
only application method for about 300 schools. If you are applying early
decision to one of these, you are in a tough situation as the decision
deadlines are approaching.

Some 50 others are using another online process called the Universal College
App, including most recently Princeton. This process hasn't been plagued
with problems.

It is hard enough for high school seniors to figure out the college game
without having to become unwitting software UI and QC testers. CommonApp
needs to fix its code fast, and be more transparent about its problems in
the future.

Your comments are always welcome:
http://strom.wordpress.com/2013/10/15/college/

  [See also
http://www.nytimes.com/2013/10/13/education/online-application-woes-make-students-anxious-and-put-colleges-behind-schedule.html
  Noted by Monty Solomon.  PGN]

------------------------------

Date: Wed, 16 Oct 2013 23:32:13 -0400
From: Monty Solomon <monty at roscom.com>
Subject: Food Stamp Debit Cards Failing To Work In 17 States

Walmart, Xerox Point Fingers, The Associated Press, 12 Oct 2013

People in Ohio, Michigan and 15 other states found themselves temporarily
unable to use their food stamp debit-style cards on Saturday, after a
routine test of backup systems by vendor Xerox Corp. resulted in a system
failure. Xerox announced late in the evening that access has been restored
for users in the 17 states affected by the outage, hours after the first
problems were reported. ...

http://www.huffingtonpost.com/2013/10/12/food-stamp-debit-cards_n_4090647.html

Walmart, Xerox Point Fingers After Food Stamp Card Glitch Leads To
Wild Shopping Spree, Reuters, 14 Oct 2013 updated 16 Oct 2013
http://www.huffingtonpost.com/2013/10/15/walmart-xerox_n_4099207.html

  [See also
    "Food stamp recipients flood Louisiana Wal-Marts after EBT glitch"
  Jessica Chasmar, *The Washington Times*, 14 Oct 2013
http://www.washingtontimes.com/news/2013/oct/14/food-stamp-recipients-flood-wal-marts-ebt-glitch/
  Noted by Gene Wirchenko.  PGN]

------------------------------

Date: Wed, 16 Oct 2013 23:26:27 -0400
From: Monty Solomon <monty at roscom.com>
Subject: Majority of Brits fail to back up their important data

Computer Business Review, 4 Oct 2013

Tons of individuals admitted to not storing an additional copy of digital
files.  The majority of individuals in the UK do not back up their data,
leaving themselves vulnerable to loss of important files and digital
photographs.  A new research commissioned by digital storage firm WD
revealed that many of Brits admitted to not storing an additional copy of
digital files, with most of them saying they simply are not concerned or
were unaware of how it could be done. ...

http://www.cbronline.com/news/tech/hardware/storage/majority-of-brits-fail-to-back-up-their-important-data-041013

------------------------------

Date: Tue, 15 Oct 2013 13:44:04 -0700
From: Gene Wirchenko <genew at telus.net>
Subject: "Web sites tracking users using fonts, Belgian researchers find"
  (Candice So)

Candice So, *IT Business*, 11 Oct 2013
Web sites tracking users using fonts, Belgian researchers find
http://www.itbusiness.ca/news/44120/44120

------------------------------

Date: October 16, 2013 at 6:02:53 PM PDT
From: "Bob Frankston" <Bob19-0501 at bobf.frankston.com>
Subject: Smart meter deployments to double market revenue of wireless modules

  [from Dewayne Hendricks via Dave Farber's IP]

I can't help but worry when I read a quote like ``The preference for
wireless [cellular] communication modules over wired technology is also
owed to their incredibly secured network.''

Trusting the cellular network to be secure (whatever that means) is a
problem in itself -- not only are there issues with the cellular protocols
but what happens once the bits get past the towers? Depending on perimeter
security is risky in that there is no protection once there is a breach.

Of course the motivation is clear as the article states -- the cellular
carriers stand to make a lot of money by charging for using their network.
Even if one doesn't depend on cellular there is the cost and complexity of
maintaining a parallel network.

All that protects content are protocols and encryption. There is nothing
magic about RF bits -- any approach that can be used for wireless bits can
be used for bits over IP. Not only would using existing connectivity be far
simpler and provide us with immediate benefits, the protocols would also
offer the potential for users to have access to the data for their own use
such as managing the power usage within their homes.

Bob Frankston

Smart meter deployments to double market revenue of wireless modules
By Esme Vos
Oct 16 2013
<
http://www.muniwireless.com/2013/10/16/smart-meter-deployments-double-market-revenue/
>

An increase in smart meter deployments will see the global market for
wireless communication modules approximately double in value over the
coming years, jumping from $532m in 2012 to $1.3 billion in 2020, at a
compound annual growth rate (CAGR) of 12 percent, according to a new report
from research and consulting firm GlobalData.

The company's latest report states that North America, currently the
dominant player in the market for global wireless communication modules for
smart meters, will be a key driver behind the leap, with its own market
revenue expected to climb steadily from $379m in 2012 to $433.7m in 2020.

Europe will also continue to account for a considerable share of the global
market, thanks to a significant number of pilot-scale projects getting
underway across the region. The uptake of wireless communication modules in
the UK, Denmark and Ireland in particular looks promising, according to
GlobalData, and these countries are predicted to occupy an even larger
share of Europe's wireless smart meter communication market by the end of
2020.

Cellular and Radio Frequency (RF) communication modules are the two key
technologies used in smart meters for two-way data transmission. RF modules
account for an 85 percent share of the North American market, thanks to
their low cost, high bandwidth and efficient performance in industrial
areas.

Ginni Hima Bindu, GlobalData's Analyst covering Smart Grid, says: ``The
preference for wireless communication modules over wired technology is also
owed to their incredibly secured network, and as a result, we expect to see
an increased take-up of wireless technology for smart meter deployments
across North America, the UK and Japan, which will continue to drive the
market over the forecast period.''

However, while the outlook for the wireless communication modules market is
largely positive, a number of challenges remain that may prevent any
further growth in global revenue.

``The problem of coverage is one of the major restraints of the market for
cellular communication modules,'' says Bindu. ``For an indoor electric meter,
GPRS technology provides just 80--85 percent coverage, if the electric
meter, or other grid device, is not moved accordingly.'' ...

Dewayne-Net RSS Feed: <http://dewaynenet.wordpress.com/feed/>

------------------------------

Date: Thu, 17 Oct 2013 14:04:51 -0700
From: Gene Wirchenko <genew at telus.net>
Subject: "Apple's claim of unbreakable iMessage encryption 'basically lies'"
  (Jeremy Kirk)

Jeremy Kirk, InfoWorld, 17 Oct 2013
A famed iPhone jailbreak software developer says Apple could easily
decrypt iMessages, despite the company's claims
http://www.infoworld.com/d/security/apples-claim-of-unbreakable-imessage-encryption-basically-lies-228948

------------------------------

Date: Thu, 17 Oct 2013 14:13:44 -0400
From: Sam Steingold <sds at gnu.org>
Subject: Re: "We can't let the Internet become Balkanized" (Sascha Meinrath)

I keep wondering what is wrong with what NSA is doing.  They are a spy
agency.  They have been created to spy on everyone in the world, whether a
declared enemy or a professed "ally" (alliances do shift, so not spying on
an ally is a liability no nation can afford).

They "subverted the secure Internet protocols by inserting backdoors"?  You
mean the Internet servers run on closed-source software?  Or pre-compiled
binaries from open-source vendors which NSA compromised?  Well, as a
"netizen", I am delighted that those insecure practices will now cease.  If
an inept government bureaucracy could do that, I am sure it is being
routinely done by the criminals and terrorists all over the world. So, now
we at least have a chance to see this fixed.

They spied on US citizens, thus violating their "foreign intelligence"
charter?  Yeah, this is no good.  I would have felt much better if the same
surveillance were conducted by the FBI, not the NSA.

I actually welcome this scandal because it should bring home to people the
fact that we have lost "the expectation of privacy" battle.  Yes, we can
legislate away the US government's ability to do surveillance - but how do
you make sure that China/Russia/Iran will not do it?

Sam Steingold (http://sds.podval.org/)

------------------------------

Date: Thu, 17 Oct 2013 18:33:20 +1300
From: "Richard A. O'Keefe" <ok at cs.otago.ac.nz>
Subject: Re: Founding Fathers (Robinson, RISKS-27.51)

In Risks 27.51 (http://catless.ncl.ac.uk/Risks/27.51.html#subj2),
Paul Robinson stated or implied that
 1. The US is exceptional in having a right to bear arms.
 2. (The US founding fathers having been no dummies.)
 3. Women habitually went armed in Wyoming.
 4. Wyoming was the first state to give women the vote.
 5. 2 caused 1, which enabled 3 which caused 4.

Ad 1: The right to bear arms is in the British Bill of Rights, 1689.
      And that did not create the right, but reaffirmed it as an
      ancient right.  It's noteworthy that the Bill of Rights
      affirms this as a right of *individual* self-defence.

Ad 2: They certainly weren't.
      There are two caveats in the Bill of Rights which the framers
      of the second amendment carefully removed.
      However, the second amendment is famously difficult to interpret,
      and a case can be made that the people whose right to bear arms
      was affirmed was those who would have been called on to serve in
      the militia, namely (free, non-Amerind) men.

Ad 3: That's an empirical question I have no evidence on.
      It's not clear that more women were armed in Wyoming than in
      say Arizona, where women didn't get the vote until 1912, or
      Texas, where they didn't get it until 1918.

Ad 4: This is certainly false.  Women in New Jersey had the right
      to vote since 1776.  When Wyoming women got the vote, it was
      not a state.  Women in Pitcairn Island got the vote in 1838,
      31 years before women in Wyoming, and they had neither the
      protection of the US constitution nor the danger of rattlesnakes.

Ad 5: If women having guns got them the vote, it would be difficult to
      understand how women with guns could ever _lose_ the vote.  Yet
      they did.
      New Jersey: women got the right to vote in 1776, did vote from
                  1787, LOST the vote in 1807.
      Utah: women got the vote in 1870, and LOST the vote in 1887.
      Territory of Washington: women got the vote in 1883,
                  and LOST the vote in 1887.
      Ohio: women got the vote in 1917 and LOST it later that year.

      We would also expect that countries that limited the right to
      bear arms would extend the vote to women later.  Now the
      1918 constitution of the USSR says (Article 2, paragraph 19):
        For the purpose of defending the victory of the great
        peasants' and workers' revolution, the Russian Socialist
        Federated Soviet Republic recognizes the duty of all citizens
        of the Republic to come to the defence of their socialist
        fatherland, and it therefore introduces universal military
        training.  The honor of defending the revolution with arms
        is accorded only to the workers, and the non-working
        elements are charged with the performance of other military duties.
      This actually sounds a lot like the 2nd amendment, except for the
      restriction to "the workers".  However, article 23 makes it clear
      that this has nothing to do with defence *from* the state:
        Being guided by the interests of the working class as a
        whole, the Russian Socialist Federated Soviet Republic
        deprives all individuals and groups of rights which could
        be utilized by them to the detriment of the socialist revolution.
      So you could carry a gun in the army, but not shoot a tax collector.
      Yet the USSR gave women the vote before Michigan or Oklahoma or
      South Dakota or Texas!  Did women in Texas have no guns?

My source for these dates is
http://www.nzhistory.net.nz/politics/womens-suffrage/world-suffrage-timeline
which cites C. Daley and M. Nolan (eds), Suffrage and beyond: international
feminist perspectives, Auckland University Press, Auckland, 1994.

The RISK?   The truth is out there, but so is a whole lot of self-serving
wishful thinking.   (For example, the Pill had no detectable effect on
birth rates in English-speaking countries, contra the popular mythology.)

------------------------------

Date: Sun, 7 Oct 2012 20:20:16 -0900
From: RISKS-request at csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  The mailman Web interface can
 be used directly to subscribe and unsubscribe:
   http://lists.csl.sri.com/mailman/listinfo/risks
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request at csl.sri.com
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe at csl.sri.com or risks-unsubscribe at csl.sri.com
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
   <http://www.CSL.sri.com/risksinfo.html>
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users may contact <Lindsay.Marshall at newcastle.ac.uk>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks at CSL.sri.com with meaningful SUBJECT: line.
 *** NOTE: Including the string "notsp" at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 http://www.risks.org takes you to Lindsay Marshall's searchable archive at
 newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
  is no longer maintained up-to-date except for recent election problems.
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:
    <http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 27.55
************************




More information about the cypherpunks mailing list