💾 Archived View for gemini.spam.works › mirrors › textfiles › magazines › CUD › cud1035.txt captured on 2022-06-12 at 11:08:27.
-=-=-=-=-=-=-
Computer underground Digest Wed Jun 24, 1998 Volume 10 : Issue 35
ISSN 1004-042X
Editor: Jim Thomas (cudigest@sun.soci.niu.edu)
News Editor: Gordon Meyer (gmeyer@sun.soci.niu.edu)
Archivist: Brendan Kehoe
Shadow Master: Stanton McCandlish
Shadow-Archivists: Dan Carosone / Paul Southworth
Ralph Sims / Jyrki Kuoppala
Ian Dickinson
Field Agent Extraordinaire: David Smith
Cu Digest Homepage: http://www.soci.niu.edu/~cudigest
CONTENTS, #10.35 (Wed, Jun 24, 1998)
File 1--Special Issues of Book Reviews
File 2--Fan-wrttien Star Trek Book Sued for $22 Million
File 3--REVIEW: "Practical Computer Network Security", Mike Hendry
File 4--REVIEW: "Network and Netplay", Fay Sudweeks/Margaret McLaughlin/
File 5--REVIEW: "Digital Literacy", Paul Gilster
File 6--REVIEW: "Cookies", Simon St. Laurent
File 7--REVIEW: "Cyber Crime", Laura E. Quarantiello
File 8--REVIEW: "Affective Computing", Rosalind Picard
File 9--AOL in a Nutshell
File 10--REVIEW: "The Year 2000 Software Problem", Capers Jones
File 11--Cu Digest Header Info (unchanged since 25 Apr, 1998)
CuD ADMINISTRATIVE, EDITORIAL, AND SUBSCRIPTION INFORMATION ApPEARS IN
THE CONCLUDING FILE AT THE END OF EACH ISSUE.
---------------------------------------------------------------------
Date: Thu, 25 Jun 98 23:26 CDT
From: Cu Digest <TK0JUT2@MVS.CSO.NIU.EDU>
Subject: File 1--Special Issues of Book Reviews
CuD encourages book reviews of books related to computer culture,
law, and related topics. One of the best (and most prolific)
reviewers we've come across is Rob Slade. In this issue, we
showcase some of his latest reviews along with some others.
We encourage readers to send over their comments on books that
they find especially useful (or hopelessly clueless).
------------------------------
Date: Tue, 02 Jun 1998 15:17:51 +0200
From: Luca Sambucci <luca@SAMBUCCI.COM>
Subject: File 2--Fan-wrttien Star Trek Book Sued for $22 Million
Online Freedom Federation
http://www.off-hq.org
June 02, 1998
For immediate release
Set Phasers on Sue -- Fan-written Star Trek Book is the Target of
$22 Million Lawsuit
Reversing a 30 year practice, Paramount Pictures has sued Star
Trek fan Samuel Ramer and his publishing company in federal court
in New York for writing an unauthorized book about the world of
Star Trek fandom.
Ramer is the author of The Joy of Trek: How to Enhance Your
Relationship with a Star Trek Fan. Thirty-four year old Ramer, a
self-proclaimed loyal "Trekster" since the age of 6, dedicated the
book to his wife and intended it as a humorous guide to help
"non-fans" like her understand the fierce devotion fans hold for
Star Trek in all its incarnations.
Paramount, represented by the Manhattan law firm of Richards &
O'Neil, argues that the book violates the copyrights of 220 Star
Trek episodes, and is seeking civil damages in the amount of $22
million, as well as an order banning sales of the book.
At the outset, lawyers for Ramer and his publishing company have
raised a number of compelling arguments in defense of the book.
Most notably, they illustrate how for 30 years Paramount tolerated
and even encouraged fans to engage in technically unauthorized
activities in order to maintain interest and enthusiasm for the
then-struggling franchise. They point to over 100 unauthorized
books, including the famous Star Trek Concordance by Bjo Trimble.
Trimble, who was instrumental in the letter-writing campaigns to
save the original series from extinction, wrote the beloved
Concordance as a comprehensive encyclopedia and episode guide.
Had Paramount adopted the same stance with Trimble as it has done
with Ramer, Star Trek would have been an obscure footnote in
entertainment history, rather than the unparalleled success that
it has become today.
Sadly, with Gene Roddenberry gone and Paramount swallowed up by
monolithic Viacom Corporation, appreciation and respect for fans
has given way to litigation and disdain, as Viacom continues its
misguided campaign to eliminate interactive fan participation in
the Star Trek universe.
OFF expresses its full support for Samuel Ramer and his publisher,
and will continue to post updates on the case.
Meanwhile, OFF supporters are encouraged to write to Viacom with
their concerns. As always, be polite and articulate in order to
be taken seriously.
---
The Online Freedom Federation is a non-profit organization
dedicated to the preservation of freedom of speech on the
Internet. Its executive council can be reached at
<executives@off-hq.org>. Representatives of the various presses
can contact OFF's Public Relations council at to more quickly
arrange to speak with OFF representatives. Local presses will be
deferred to their local representative for official comment.
------------------------------
Date: Wed, 10 Jun 1998 08:42:24 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" <rslade@sprint.ca>
Subject: File 3--REVIEW: "Practical Computer Network Security", Mike Hendry
BKPCNSEC.RVW 980426
"Practical Computer Network Security", Mike Hendry, 1995,
0-89006-801-1, U$55.00
%A Mike Hendry
%C 685 Canton St., Norwood, MA 02062
%D 1995
%G 0-89006-801-1
%I Artech House/Horizon
%O U$55.00 800-225-9977 fax: 617-769-6334 artech@world.std.com
%P 203 p.
%T "Practical Computer Network Security"
This book asks the questions of what is security, and can security be
achieved, for every level of audience. The text does, in fact, answer
the questions, but the answers turn out to be profoundly
uninteresting.
Part one explains some of the conceptual framework for data security
on networks. Chapter one is an introduction to the book overall. It
is not terribly clear about the scope of the book, but does state that
the material will look at failures caused by humans (both deliberate
and accidental) as well as short and long term machine failures. The
terms defined seem to indicate an emphasis on problems in the actual
transmission of data. Six types of failures are outlined quickly in
chapter two, although there is no explanation of the difference
between "inaccuracy" and "alteration" of data, both seeming to relate
to the more general realm of reliability. Tables relating these types
of failures to those outlined in the preceding section are confusing.
The overview of systems aspects of security in chapter three is terse
and seemingly random. A simple idea of risk assessment is given in
chapter four. Chapter five looks at a number of specific points of
failure in hardware and software: confidence is not increased by a
network diagram that demonstrates no knowledge of the OSI (Open
Systems Interconnect) reference model. Specific perils for particular
applications are mentioned in chapter six, but only for a small set of
industries.
Part two reviews security technologies. There is a brief introduction
to encryption (and an even briefer look at identity) in chapter seven.
Chapter eight is quite odd, showing a number of partial algorithms for
key use, but almost nothing on key management. Various hardware
security devices are discussed in chapter nine, but, again, the
overview seems to be fairly random. Chapter ten is a vague and
generic look at different aspects of software related to security.
The section of viruses is appalling, containing almost no accurate
information at all. The material on access control in chapter eleven
is also nebulous, and not likely to be of help to either the user or
manager. Chapter twelve, on types of networks, has no relation to
security at all, even though network type may very well have a bearing
on risks.
Part three looks at security by application type. Chapter thirteen is
a very general overview of commercial applications, ranging from a
simplistic look at database security to a section that gets very
detailed about the motives that drive sales people to defraud the
company but doesn't present very helpful advice on what to do about
it. Banking gets a fair amount of space in chapter fourteen, but then
it does cover a considerable amount of territory. Subscription
services, from confidential databases to email, are discussed in
chapter fifteen. The rest of the world is covered in the five pages
of chapter sixteen. Chapter seventeen is a review of the chapters.
For the complete novice to computer and communications security, the
book does raise a number of issues to think about. The lack of scope
in the book means that a number of additional points would need to be
considered in any workable security plan. The lack of detail included
means that other references will be needed to make any plan workable.
copyright Robert M. Slade, 1998 BKPCNSEC.RVW 980426
------------------------------
Date: Mon, 1 Jun 1998 10:35:52 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" <rslade@sprint.ca>
Subject: File 4--REVIEW: "Network and Netplay", Fay Sudweeks/Margaret McLaughlin/
BKNWKNPL.RVW 980328
"Network and Netplay", Fay Sudweeks/Margaret McLaughlin/Sheizaf
Rafaeli, 1998, 0-262-69206-6, U$35.00
%A Fay Sudweeks
%A Margaret McLaughlin
%A Sheizaf Rafaeli
%C 55 Hayward Street, Cambridge, MA 02142-1399
%D 1998
%G 0-262-69206-6
%I MIT Press
%O U$35.00 800-356-0343 fax: 617-625-6660 www-mitpress.mit.edu
%P 313 p.
%T "Network and Netplay: Virtual Groups on the Internet"
Because of the title, or rather the subtitle, I was somewhat
disappointed by this book. Not that the papers are without interest,
but they do not, or at least only tangentially, deal with groups and
communities and their activities on the net. The collection of papers
is characterized by formal style and the general topic of aspects of
computer mediated communications (CMC), but is otherwise fairly random
in terms of subject, approach, and even background.
The first study is interesting not because of its results (it almost
doesn't have any) but due to the intriguing research possibilities it
suggests. The researchers theorized that there were gender
differences in computer mediated communications, and that 1) women
used more graphical accents (smileys, emoticons, and the like) while
2) men were more challenging and 3) used more flames. Some of the
study protocol is detailed, but the source of sample messages for the
study is not. With the plethora of mailing list archives plus Usenet
news archives such as DejaNews and Rendezvous similar studies could
now be done with enormous, and almost completely randomized, samples,
which would allow multidimensional analyses. Chapter two likewise
news postings examines in terms of tension or conflict. The intent,
however, was to test some established observations of verbal (face to
face) conversations in comparison to electronic discourse. The
results are generally supportive, but the paper reports some problems
with methodology (which are not, unfortunately, spelled out in
detail).
Chapter three is truly occult. It appears to be an attempt to define
the nature of computer mediated communication overall. I say
"appears" because the author seems not only determined to hold fast to
the most arcane jargon of his own field (and I'm not even sure what
that field is), but to coin new terms. "Telelogue" is a proposed
equivalent to CMC (OK, I'll admit that "computer mediated
communications" is pretty cumbersome), polylogue is many-to-one,
dialogue is the usual one-to-one, but I still can't figure out what
monologue is meant to be in the context of the paper. Those parts of
the piece that I have been able to figure out do *not* correspond with
my experience on the net, or are rather trivial and obvious
observations.
A review of the playful aspects of IRC (Internet Relay Chat) is
compared with Caillois's "classic" taxonomy of play in chapter four.
The essay is, however, weakened by a poor exegesis of the typology.
(I am not sure why counting rhymes are spontaneous while lotteries are
difficult.) The use of a single IRC session is acceptable given that
it is being used as an illustration rather than for research.
However, the paper fails to deal with self-selection issues, such as
the fact that the play drive seems to be necessary for discovery
learning and a thorough mastery of a relatively little used
technology. (Comments about IRC addiction also seem to indicate a
relatively naive level of knowledge of the medium.)
Chapter five is an anecdotal review of media use and preferences by
Usenet news participants. Although the methodology appears sound, the
conclusions are uninteresting. Usenet responses to failures of
normative behaviour (or netiquette) is studied in great detail in
chapter six, but the results are, again, disappointing. The primary
result of a survey of Relcom (a Russian Usenet technology system)
participants in chapter seven seems to have been that the participants
approved of the survey. Chapter eight asks a very important and
interesting question: why do some people involve themselves in risky
online communications? Unfortunately, the study is based on a self-
reported, and pretty much self-selected, survey, and only deals with
perceptions of secrecy, at least as far as the paper reports.
A paper on the "Mr. Bungle" multi-user domain "virtual rape" case, in
chapter nine, concentrates on sociological and historical studies of
rape and really has little to say about online communications. (It
also has absolutely none of the poetry of the Dibbell account.)
Chapter ten defines both its terms and methods poorly, and so it is
difficult to say what results, if any, it produces aside from the fact
that people in conversation tend to want to agree. The same data set
appears to be used in chapter eleven for a turgid example of neural
net analysis that does not appear to come to any conclusions. Chapter
twelve appears to try to build a conceptual model of community
building on the Internet, but does so by looking at the World Wide
Web, surely the least "communing" technology on the net. The book
concludes in chapter thirteen with a report on the ongoing development
of an online avatar intended for use in guiding children through
explorations on the net. It is somewhat depressing to see how little
artificial intelligence has progressed in twenty years.
The addition of abstracts and biographical notes included with the
papers would have been a great help in getting something out of the
essays. The intent, approach, and background of the authors varies
greatly from item to item, and some introduction would probably help
ease the sense of dislocation when reading through the book.
For those interested in social study of interpersonal communications
conducted via computer, the text does provide a series of examples and
an extensive bibliography. As far as guidance is concerned the work
provides little: many of the papers could best be used as the
proverbial bad examples. However, given limited material available in
this field, at least it does provide examples to critique.
copyright Robert M. Slade, 1998 BKNWKNPL.RVW 980328
------------------------------
Date: Wed, 20 May 1998 08:23:11 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" <rslade@sprint.ca>
Subject: File 5--REVIEW: "Digital Literacy", Paul Gilster
BKDGTLIT.RVW 980322
"Digital Literacy", Paul Gilster, 1997, 0-471-24952-1, U$12.95/C$18.50
%A Paul Gilster gilster@mindspring.com
%C 5353 Dundas Street West, 4th Floor, Etobicoke, ON M9B 6H8
%D 1997
%G 0-471-24952-1
%I Wiley
%O U$12.95/C$18.50 416-236-4433 fax: 416-236-4448
%P 276 p.
%T "Digital Literacy"
Having said many unkind things about the hype surrounding the World
Wide Web, I *do* acknowledge that the Web is useful. It's value,
however, lies not in graphics or a WIMP (Windows, Icon, Mouse,
Pointer) interface, but in the invention of the URL: the Uniform
Resource Locator. Text based dinosaur that I am, I find URLs in mail
messages to be more useful than almost any approach to the Xanadu of
hypertext. Utility lies in informational substance and ease of access
thereto, not in multimedia style.
As a card carrying propellorhead, therefore, I greatly appreciate
Gilster's avowed non-technical approach to the net. "The Internet
Navigator" (cf. BKINTNAV.RVW), despite the efforts of literally
hundreds of authors, is still the most mature general guide to the
Internet. "Finding it on the Internet" (cf. BKFNDINT.RVW) stands
alone after all this time as the only solid answer to the second
question every net novice asks. Now, in this present work, Gilster
once again draws back the unnoticed curtain behind the smoke and noise
to reveal that which we truly need to make the Internet work: critical
analysis. (I should note that it is not quite present: this is a
reissue, for some reason, of a book I somehow missed two years ago.
In responding to the draft of this review, Gilster has said that he
would have made some additions if he had been given the opportunity.)
The first chapter introduces digital literacy as a new skill made
necessary by a new type of information utility: the computer, and more
particularly the computer network. The text briefly looks at the
changes in style and even substance of data in the new medium, and at
those who use, do not use, praise, and decry the net. Yet this is
mere introduction, for all that it covers the total contents of most
"information superhighway" books. Chapter two develops a definition
of this new literacy. Drawing upon the historical changes from speech
to phonetic writing, from scrolls to codex, and from hand copying to
moveable type, Gilster demonstrates that it is the interaction with
content that changes. And, whereas in the immediately previous media
information could not be questioned, on the net, information not only
can be critiqued, but must be. Chapter three seems to be somewhat of
a digression as Gilster describes a day using the Internet. It does,
however, give a quick and realistic picture of what information use on
the net is like in reality right now. In one sense, though, it does a
minor disservice to the book. All of the information Gilster obtains
is deemed to be trustworthy. There is little mention of spam and
other junk, nor of the ubiquitous "404" indicator of abandoned sites
on the Web, nor of the assessment, in terms of a Usenet news posting,
of whether this shrill electronic cry is a vital warning or an ill-
tempered complaint. While some evaluation is done, the critical
analysis promoted in the first two chapters is missing.
Chapter four, however, takes up the slack. Most of the details here;
and the chapter is very detailed; are concerned with determining the
identity, background, and credentials of providers of content on the
net. Even when all the information is available on the Internet,
chapter five notes that perception can be distorted by presentation.
Web pages linked to supporting materials lend credibility to proposals
that may very well be built on thin air, or at least badly lopsided
foundations.
Chapter six is an examination of the various models of libraries,
traditional, online commercial, and Internet, that are developing in
the current environment. Ultimately Gilster proposes a design that
may not be fully supported by either the installed base of technology
nor social will, but the discussion is a definite wakeup call for many
information providers. But it is chapter seven that demonstrates the
real strength of the net: the multiplicity of voices that can be
accessed in any situation. This strength carries the inevitable
downside and caveat: the reader/user is fully responsible for pursuing
and judging the data. The price of being informed is eternal
searching.
As a singular book on a vital topic, this work is not written to the
excellent standard of "Finding it on the Internet." A number of
resources for analysis and information gathering are either missed, or
mentioned only briefly. Time, of course, is one of the most
important. Contrary to popular impression, the Internet is not
necessarily a source of instant or ready answers. Development of
resources is indispensable. While note was made of the need for
search engines to check material presented on Web pages, the DejaNews
and Rendezvous sites are useful as search engines on another matter:
the determination of the history, interests, expertise, and biases of
individuals. Mailing list archives can be another source of similar
information. The last, best resource any seasoned netizen has is a
circle of acquaintances; personal contacts with a range of experts in
a variety of fields that would astound the literati of any pre-digital
age.
Gilster's look to the future, in chapter eight, is disappointing in
light of the insightful work that preceded it. While fair and
balanced, avoiding both the rose coloured digital crystal ball and the
mechanized cyberpunk dystopia, this final piece in the book does not
travel much beyond a generally informed look at short range futures in
technology. Still, while the tag end does not provide you with any
last minute advice or guidance, the book overall gives much useful
advice on developing the new literacy of the digitally networked age.
copyright Robert M. Slade, 1998 BKDGTLIT.RVW 980322
------------------------------
Date: Tue, 26 May 1998 08:13:29 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" <rslade@sprint.ca>
Subject: File 6--REVIEW: "Cookies", Simon St. Laurent
BKCOOKIE.RVW 980320
"Cookies", Simon St. Laurent, 1998, 0-07-050498-9, U$34.95
%A Simon St. Laurent
%C 300 Water Street, Whitby, Ontario L1N 9B6
%D 1998
%G 0-07-050498-9
%I McGraw-Hill Ryerson/Osborne
%O U$34.95 800-565-5758 fax: 905-430-5020 louisea@McGrawHill.ca
%P 361 p.
%T "Cookies"
I am probably more aware of cookies than most. I do allow cookies,
but I get a warning each time somebody tries to set one on me. (For
those who are aware of cookies, this fact alone will tell you that I
do not spend a lot of time "surfing".) I know that you cannot
download a number of things off the Microsoft Website without they
feed you a cookie and you accept. I know that a large number of
cookies are not being set by the pages I am looking at, but by servers
listing banners on those pages. I know that PCWorld magazine holds
the record as far as I am concerned: thirteen attempts to set a cookie
on a single access to a single page. I know that Clinique gets a
bonus, as far as I am concerned, for personalizing the page for the
user without setting a cookie at all.
So I was most interested to see this book. I approached it with some
trepidation, I admit, since books on "new" and "hot" technologies do
not have a good track record, particularly those with some link to
business. However, what I found was a book with something for
programmers, privacy advocates, and interested Internauts alike.
Chapter one explains what cookies are, and why. It does this with a
series of analogies of different types of activities (mostly, but not
uniquely, commercial) that require some kind of memory through certain
stages of the process. The structures of both the older version 0
Netscape and the newer RFC 2109 cookies are detailed in chapter two,
along with special notes (Lynx deletes *all* cookies on exit) and tips
(if you want to set an expiry date to maintain the cookie into the
future, note that you must set the path). Chapter three provides the
user with detailed, browser-by-browser information on how to manage
cookies, including blocking options and storage methods. It also
discusses proxy servers and add-in cookie blocking tools.
However, St. Laurent's major concern is for the effective programming
of cookies. Client-side programming, with JavaScript and VBScript, is
covered in chapter four. Server-side cookie programming, and the pros
and cons thereof, are discussed in chapter five. Chapter six
demonstrates the use of cookies in combination with CGI (Common
Gateway Interface) programming for more sophisticated activities.
Netscape's Server Side JavaScript and Microsoft's Active Server Pages
are covered separately in chapters seven and eight. "Pure" Java does
not allow for cookie generation, but with the extensions to provide
connections between Java and JavaScript an applet can now feed and
check cookies, which chapter nine demonstrates.
Chapter ten looks at Microsoft Site Server, which has perhaps the most
effective, and potentially invasive, tools for collecting information
about Web users through the use of cookies. St. Laurent explains the
various information gathering activities, and also presents effective
handling of both those who accept, and those who reject, cookies.
Chapter eleven examines probable developments in cookies in the near
future, and briefly looks at the question of identity information
gathering by Web site owners.
There is some small irony in the fact that St. Laurent expresses his
own concern for balance in the overall presentation at the end of
chapter ten. I am glad that he was worried about being biased in one
direction or another: it has made for a rational and clear
presentation of a topic which is currently rather overheated. The
book fully appreciates both the needs and the concerns, and provides
not only the facts, but a lucid and clear-sighted analysis of the real
situation.
copyright Robert M. Slade, 1998 BKCOOKIE.RVW 980320
------------------------------
Date: Fri, 12 Jun 1998 08:20:13 -0800
From: "Rob Slade, doting grandpa of Ryan and Trevor" <rslade@sprint.ca>
Subject: File 7--REVIEW: "Cyber Crime", Laura E. Quarantiello
BKCBRCRM.RVW 980425
"Cyber Crime", Laura E. Quarantiello, 1997, 0-936653-74-4, U$16.95
%A Laura E. Quarantiello 73733.1653@compuserve.com
%C P.O. Box 493, Lake Geneva, WI 53147
%D 1997
%G 0-936653-74-4
%I Limelight Books/Tiare Publications
%O U$16.95 +1-414-248-4845
%P 144 p.
%T "Cyber Crime: How to Protect Yourself from Computer Criminals"
Running through the text of "About This Book," the preface, and the
introduction, is a statement that this work is for the protection of
the average computer user. Unfortunately, the "average" computer user
is a fairly ill-defined concept, and it is difficult to know
specifically what type fo user and what type of risks the book is
about. As the author notes, generic computer security books are of
daunting size, but that is because data security is a large field of
study.
Chapter one opens with a general look at computer crime. Most of the
chapter discusses the computer criminal, however. While Quarantiello
at least acknowledges the multiple users of the term "hacker" the
origins of unauthorized computer exploration lie at least two decades
further back than the book states, and the division between ethical
and non-ethical uses of computers is hardly the amicable separation
implied by the text. The more serious error, however, is that
computer crime somehow involves some extra level of skill or
knowledge. Not even system security breakers are the evil genii
suggested by the book, and, in fact, the bulk of computer crime is
committed by insiders with little knowledge of computers beyond menial
use. A very similar review of phone phreaks and system crackers
constitutes chapter two, which also includes a brief and jumbled
collection of the common types of telephone and computer scams and
myths, including the amazingly resilient legend of the "salami scam."
Except for the mention of shoulder surfing and social engineering,
though, little is of help to the common user. The coverage of viruses
in chapter three is abysmal. Although I am well used to
misinformation in general security texts, there is not a paragraph
that does not contain at least one error of fact, and most are not
minimal mistakes. (This is the more disappointing when the book twice
quotes from Fred Cohen.) Chapter four looks at the various dangers of
fraud, harassment, and invasion of privacy online. Unfortunately,
details are few, confusing criminal invasion with legitimate,
commercial databases of information, and weakening the warnings about
stalking by failing to explain the situations realistically.
Part two of the book discusses protective and defensive measures users
can take to safeguard themselves. Chapter five recommends a number of
steps to take. Unfortunately, few of the suggestions are practical.
Make a policy never to discuss company computers with anyone aside
from the sysop? This is a simple rule? It'll last until the first
coffee break. "Take a minute or two to back up your hard disk" each
time you look at a new diskette or CD-ROM? I suppose it'll work if
your backup device is /dev/null. Get a copy of all public records
about you? You probably have no idea what they are, or how to access
them, and even if you have records of them all (updated how often?),
the records will still be public. Use encryption for all email?