Path: utzoo!telecom-request Date: Sun, 28 Apr 91 9:53:21 CDT From: "J. Philip Miller" Newsgroups: comp.dcom.telecom Subject: Re: Prodigy or Fraudigy ??? Message-ID: Organization: TELECOM Digest Sender: Telecom@eecs.nwu.edu Approved: Telecom@eecs.nwu.edu X-Submissions-To: telecom@eecs.nwu.edu X-Administrivia-To: telecom-request@eecs.nwu.edu X-Telecom-Digest: Volume 11, Issue 314, Message 5 of 8 Lines: 85 "Mark A. Emanuele" writes: > I just downloaded this from a local bbs and thought it might be > interesting. > Prodigy: More of a Prodigy Than We Think? > By: Linda Houser Rohbough > Those of you who read my December article know that I was tipped > off at COMDEX to look at a Prodigy file, created when Prodigy is > loaded STAGE.DAT. I was told I would find in that file personal > information form my hard disk unrelated to Prodigy. As you know, I > did find copies of the source code to our product FastTrack, in > STAGE.DAT. The fact that they were there at all gave me the same > feeling of violation as the last time my home was broken into by > burglars. The orginal author then speculates: > So the theory goes, in allocating that disk space, Prodigy > accidently includes data left after an erasure (As you know, DOS does > not wipe clean the space that deleted files took on the hard disk, but > merely marked the space as vacant in the File Allocation Table.) > There are a couple of problems with this theory. One is that it > assumes that the space was all allocated at once, meaning all 950,272 > bytes were absorbed at one time. That simply isn't true. My > STAGE.DAT was 250,000+ bytes after the first time I used Prodigy. The > second assumption is that Prodigy didn't want the personal > information; it was getting it accidently in uploading and downloading > to and from STAGE.DAT. I don't think that this explanation has been adequately refuted. When I examined my STAGE.DAT, I found lots of "private" information on the leftover ends of sectors - a sure sign that no erasure of prior information was being done by the Prodigy software. Since this is standard practice in DOS programming we all need to be more careful about this type of problem. I am never able to understand folks who reach in drawer, "erase files from the floppy retrieved", then copy a file over to the disk to give to me certain that I cannot read what was on the disk before! But I digress. Even the experiments reported later in the posting really don't discount this explanation. In that experiment, the user ran from a floppy based disk, but on a system with a hard disk. If I were a Prodigy programmer, I would consider it good programming to look for scratch space on every device available to me. If I could find hard disk scratch space, I would use it. Then when terminating the program I might copy it from the hard disk to the floppy so it would be available to me the next time I ran the program. Whether the space is allocated all at one point in time, is allowed to grow, or is allocated and deallocated dynamically matters not at all. The big problem is that there is always the problem of data from a previous file being included as parts of a new file. If you are concerned about this, you need to get one of the many programs which really do "erase" the file when it is deleted or encrypt all such files - be careful, however, about whether your word processor or compiler doesn't use scratch files that you will need to erase or encrypt as well. If you use Windows that uses a disk scratch file for the support of virtual memory you need to be concerned that something that was core resident isn't out there on your disk now. I don't want to maintain that the Prodigy folks are clean here, only that before we start making chargers that they are actually intentionally uploading information we need more proof. Anyone who is actually interested in this can monitor what is going out to the modem and then make their charges. Just because it is in a scratch data set proves nothing. Also that their customer reps can't answer any technical question about their software reveals nothing other than they are like the telephone company operators we all deal with :-* I also want to attempt to deal with the rapidly developing urban legend about the Prodigy censoring. As far as I am aware of, the censoring of the "Roosevelt Dimes" message etc were in posting to one of their "moderated groups" similiar to what Pat does all the time here :-). It was not in private e-mail. J. Philip Miller, Professor, Division of Biostatistics, Box 8067 Washington University Medical School, St. Louis MO 63110 phil@wubios.WUstl.edu - Internet (314) 362-3617 uunet!wuarchive!wubios!phil - UUCP (314)362-2693(FAX) C90562JM@WUVMD - bitnet