4-Sep-87 13:35:30-PDT,18034;000000000000 Return-Path: <NEUMANN@f4.csl.sri.com> Received: from csl.csl.sri.com (CSL.SRI.COM) by F4.CSL.SRI.COM with TCP; Fri 4 Sep 87 13:33:11-PDT Received: from F4.CSL.SRI.COM by csl.csl.sri.com (3.2/4.16) id AA03061 for RISKS-LIST@f4.csl.sri.com; Fri, 4 Sep 87 13:35:01 PDT Message-Id: <8709042035.AA03061@csl.csl.sri.com> Date: Fri 4 Sep 87 13:31:52-PDT From: RISKS FORUM (Peter G. Neumann -- Coordinator) <RISKS@csl.sri.com> Subject: RISKS DIGEST 5.32 Sender: NEUMANN@csl.sri.com To: RISKS-LIST@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Friday, 4 September 1987 Volume 5 : Issue 32 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Honda eschews computers for new 4-wheel steering system (Roy Smith) Another Trojan Horse? (Brian Tompsett) Transatlantic Flights at Risk from Computer (Daniel Karrenberg) Re: "Computer Failed to Warn Jet Crew" (Mark Ethan Smith) Delta-Continental Near-Miss Decomposing Software (Charles Gard) Why the Phalanx Didn't Fire (IEEE Spectrum Reference) (Eugene Miya) Cheap modems and other delights (Steve Leon via bobmon) Reach out, touch someone (Michael Sclafani) SDI event (Gary Chapman) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM. FTP back issues Vol i Issue j from F4.CSL.SRI.COM:<RISKS>RISKS-i.j. Volume summaries for each i in max j: (i,j) = (1,46),(2,57),(3,92),(4,97). ---------------------------------------------------------------------- From: cmcl2!phri!roy@seismo.CSS.GOV (Roy Smith) Subject: Honda eschews computers for new 4-wheel steering system Date: 24 Aug 87 02:03:54 GMT Organization: Public Health Research Institute, NYC, NY In the September SciAm, there is an ad from Honda announcing that the new Prelude Si4WS has 4-wheel steering. I seem to remember this type of steering being discussed at some length on this list in the past, so I won't go into the details other than to quote the following from the ad: "The rear wheels are linked directly to the front wheels by a steering shaft, gears and rods. There are no computers, wiring or electronic black boxes. The Honda system is mechanical and sure." Have the Honda engineers been reading RISKS, I wonder? Perhaps our discussions steered them away from electo-gadgetry? Has car design turned a corner because of us? Roy Smith, {allegra,cmcl2,philabs}!phri!roy System Administrator, Public Health Research Institute 455 First Avenue, New York, NY 10016 ------------------------------ Date: 24 Aug 87 15:39:48 BST From: Brian Tompsett <mcvax!ecsvax.ed.ac.uk!BCT@seismo.CSS.GOV> Subject: Another Trojan Horse? To: "risks%csl.sri.com@ukc" <csl.sri!risks@ukc.ac.uk> The following is quoted the Engineering Computing Newsletter of the Rutherford Appleton Laboratory, Issue 4:July/Oct 87. The article describes a visual version of the file comparator program diff called vdiff. "Recently, the staff of the Houses of Parliament have become interested in this work, since they need to monitor changes to Bills as they pass through Parliament. As a result, we are planning a new feature whereby vdiff secretly adds extra lines to a file without the user knowing. Our future funding may therefore come from an extra clause in an Act of Parliament, supporting us in perpetuity at a base in Tahiti with ......... . " Brian Tompsett. Department of Computer Science, University of Edinburgh, JCMB, The King's Buildings, Mayfield Road, EDINBURGH, EH9 3JZ, Scotland, U.K. Telephone: +44 31 667 1081 x3332. JANET: bct@uk.ac.ed.ecsvax ARPA: bct%ecsvax.ed.ac.uk@cs.ucl.ac.uk USENET: bct@ecsvax.ed.ac.uk UUCP: ...!seismo!mcvax!ukc!ecsvax.ed.ac.uk!bct BITNET: psuvax1!ecsvax.ed.ac.uk!bct or bct%ecsvax.ed.ac.uk@earn.rl.ac.uk ------------------------------ To: Most Entertaining and Educating Mailinglist <risks@csl.sri.com> Subject: Transatlantic Flights at Risk from Computer Date: Wed, 26 Aug 87 01:40:37 +0100 From: Daniel Karrenberg <mcvax!cwi.nl!dfk@seismo.CSS.GOV> The obvious mistakes being made here are well known to Risks readers: 1) no backup systems or backup copies of vital real-time information, 2) discrediting anonymous reporting schemes. Daniel Karrenberg, Centrum voor Wiskunde en Informatica, Amsterdam Phone +31 20 5924112 Future Net: <dfk@cwi.nl> [But the following is worth including anyway. Who do you know who never makes obvious mistakes? PGN] From "The Independent" of August 24th: Transatlantic flights at risk from computer, By David Black The computer which controls airliners flying between Europe and North America failed yesterday morning, causing delays of up to three hours on all transatlantic flights. It is the ninth serious breakdown of the system, which has had, on average, minor failures every other day since it became operational earlier this year. It crashed just after 11.30am. By mid-afternoon Heathrow airport began to run out of parking space for delayed aircraft, many with passengers on board. Similar delays were experienced at Paris, Schipol (Amsterdam), Frankfurt, Zurich and other major European airports and complaints from airlines began flooding in last night. The failure on the busiest day of the year is bound to embarrass the Civil Aviation Authority internationally. Although the computer was restored by tea time, controllers were unable to bring it back on line without stopping all transatlantic traffic. Last night, the intention was to wait until traffic eased prior to the surge of eastbound traffic from North America before restoring the computer. The computer, known as the Flight Data Processing System (FDPS), is based at the National Air Traffic Service's Oceanic centre at Prestwick in Scotland. Yesterday's failure is the second in which all information available to controllers was wiped from the system. Controllers there monitor weather systems over the Atlantic and every day draw up a network of airways, known as the Organized Track Routing system, offering the quickest transit times. So busy was demand yesterday, that instead of six parallel tracks, nine were planned. The computer takes data from domestic air traffic control centres and works out the times at which aircraft will enter Oceanic airspace. Safety for aircraft crossing the Atlantic depends entirely on separation, not by radar, but by releasing the planes into the track system at regular intervals. All movements are displayed on large screens which yesterday had to be isolated from the computer, with flight details entered manually. Strict flow control limiting the number of airliners allowed to enter the tracks was then imposed to prevent collisions. The new system is all electronic, and when the screens go blank, there are no printed cardboard progress strips to fall back on. It is the subject of highly critical reports in the latest CHIRP (Confidential Human Factors Incident Reports) bulletin, which is published by the RAF's Institute for Aviation Medicine. CHIRP allows pilots and controllers to report incidents in confidence, without jeopardising their or their colleagues' careers while alerting others in the aviation industry to possible safety problems. It is based on a similar scheme in the US, run by NASA. However, last week, in advance of publication of the latest CHIRP bulletin, the CAA said that because references which could identify staff were removed, the reports lacked sufficient detail to be investigated, and were undermining flight safety. One controller used that CHIRP bulletin to describe what happens during a system crash: "On one occasion when the system crashed all information available electronically to staff was wiped out. For two and a half hours the staff had no idea what traffic was in their area." The oceanic controllers were reduced to telephoning adjacent air traffic control centres to find out which airliners had been handed over to the recently, and to examining old strips to get some kind of picture what airliners were flying, supposedly under their control. Adjoining control centres, meanwhile, had to hold airliners on the boundary between their area and Oceanic's while the mess was resolved. During one crash, a westbound and an eastbound airliner were accidently placed on a collision course 35,000 feet over the Atlantic. The controller concerned wrote: "The potentially horrific situation was resolved by pure good luck when another controller noticed that the eastbound was missing from the display, and may have been deleted by mistake." A senior controller at the Oceanic centre said last night: "They wonder why we have so little confidence in our top management when they give us tools like this - aeroplanes have to have duplicated or even triplicated systems as back-up, but the same safety rules clearly do not apply to our equipment. These continual failures are the basic ingredients of a mid-air disaster." Christopher Tugendhat, the chairman of the CAA, was unavailable for comment yesterday. ------------------------------ Return-Path: <sdcsvax!ames!ptsfa!hoptoad!academ!killer!era@ucbvax.Berkeley.EDU> From: sdcsvax!ames!hoptoad!academ!killer!era@ucbvax.Berkeley.EDU Date: Mon, 24 Aug 87 03:19:50 CDT To: academ!CSL.SRI!RISKS@csl.sri.com Subject: Re: "Computer Failed to Warn Jet Crew" (RISKS DIGEST 5.31) With regard to the crash of Northwest Flight 255, if the faulty fasteners that are common throughout military and nuclear installations have also been used in civilian aircraft, it is not entirely impossible that the flaps deployed but broke off the moment stress was applied in takeoff. These bolts do not meet design specifications, and are not ordinarily detected by maintenance workers. --Mark Ethan Smith [Incidentally, Danny Cohen noted that my implicit assumption that the flap warning system might have been working because the stall warning system was working was unjustified -- the two systems are independent. "In the MD-80 there are 2 independent Stall Warning Systems, one of which shares a power supply with the Takeoff Configuration Warning System (TCWS) that is supposed to warn about incorrect flap setting on takeoff." But the common power supply does indeed imply that the circuit breaker did not fail. Furthermore, it now appears that the flaps WERE retracted (not deployed) on takeoff, in spite of the visual testimonies of other pilots, and that would make it very hard to take off. PGN] ------------------------------ Date: Fri 4 Sep 87 13:24:57-PDT From: Peter G. Neumann <Neumann@csl.sri.com> To: RISKS@csl.sri.com Subject: Delta-Continental Near-Miss The 4 Sept 87 papers note that the Delta L-1011 flight on 8 July 1987 that was 60 miles off course actually came within 30 feet of colliding with the Continental 747, and that four of the five safety measures that had been previously recommended had been ignored, including plotting the expected course on a map -- in fact, the appropriate chart was not even on board. The cause of the near-miss is attributed to false data entry of the inertial navigation heading. Both the USA and Canada announced stepped-up use of redundant checks in the navigational procedures... ------------------------------ From: hplabs!intelca!ceg@ucbvax.Berkeley.EDU To: hplabs!CSL.SRI!RISKS@csl.sri.com Subject: Decomposing Software Date: Fri, 21 Aug 87 17:30:31 PDT Organization: Intel, Santa Clara, CA The other day I was called in to repair an old terminal which was spewing random characters across the screen. I tracked the problem down to the keyboard, specifically the i8741 microcontroller. (BTW, the i8741 is an 8 bit intel uController with 1k EPROM & 64 bytes RAM) This uController and the keyboard had manufacture dates of early 1977. I was in school in 1977, and the EPROM cells were touted as being able to store a charge for 10 years (nearly infinite time for systems where time is measured in nanoseconds :-)), so no one ever cared about 10 years in the future. Guess what? It's now 1987 and in comparing the EPROM code with another device, some entire words had floated to back to FF, causing the failure. I was thinking about how many other computer keyboards/systems had older style EPROMs and how the firmware was slowly decomposing. Where might these controllers be? ICBM launch control systems? ATM machines? Pacemakers? Now I have something else to lay awake at night and worry about. :-) Charles Gard ------------------------------ Date: Thu, 3 Sep 87 17:02:30 pdt From: Eugene Miya N. <eugene@ames-pioneer.arpa> To: arms-d@xx.lcs.mit.edu, risks@csl.sri.com Subject: Why the Phalanx Didn't Fire (IEEE Spectrum Reference) %A John A. Adam %T USS Stark: What Really Happened? %J Spectrum %V 24 %N 9 %D September 1987 %X Cover "Why the Phalanx Didn't Fire" ------------------------------ Date: Friday, 14 August 1987 14:21-MDT Sender: ihnp4!inuxc!iuvax!iucs!bobmon@UCBVAX.BERKELEY.EDU From: ihnp4!inuxc!iuvax!iucs!bobmon@UCBVAX.BERKELEY.EDU To: info-modems@SIMTEL20.ARPA Subject: Cheap modems and other delights (Compuscan warning) Resent-To: RISKS@csl.sri.com I recently posted a request for info about a company offering a modem for $122 (at least two other people posted similar queries). I've since seen the following bulletin, which I am passing along... Message #1951 To ALL 08-11-87 >From STEVE LEON (SYSOP) Subject WARNING --------------------------------------------------------------------------- There is an ad appearing in BYTE, INFO WORLD, Compuserve's ONLINE and perhaps other places (it may be scheduled for PC WORLD). It is a full page ad by an outfit in Beverly Hills California called Compuscan. Prices are absurdly low - in fact - they are below wholesale. To make a long story short - the whole thing is a scam. We have the postal authorities on it. INFO WORLD will have a front page story next week on it. In the meantime, don't fall for it. If you already have - RUN to the bank and stop payment on the check. (Get to the bank in person and get it from them in writing that you told them.) If you already sent money and your check was cashed - next time remember the old -but true fact - that if sounds too good to be true - chances are it is not true. Please pass it on through the BBS networks. STEVE LEON ------------------------------ Date: Fri, 28 Aug 87 17:57:57 edt From: sclafani+@andrew.cmu.edu (Michael Sclafani) To: risks@csl.sri.com Subject: Reach out, touch someone From The Miami Herald, August 14, 1987. It's 10 p.m. Do you know where your children are? No? Well, just dial them up on your computer, via satellite link to the tiny implant embedded just behind their left ears. This is not science fiction. Dr. Daniel Man, a Boca Raton plastic surgeon, just won a patent on the basic technology. He says the satellite link won't work until he perfects techniques for making the human body act as an antenna. Be he predicts its use by parents, pet owners, overseas workers in potential hostage situations, Alzheimers's patients and police tracking criminals or parolees. Does Dr. Man see any hint of Big Brother in all of this? "Yes, but I don't want to go into it. I'm more into the technical aspects." [What will it take before inventors of technology consider implications of their work as part of their responsibilities? MS] ------------------------------ Date: Tue, 25 Aug 87 11:52:43 pdt From: Gary Chapman <chapman@russell.stanford.edu> Subject: SDI event (Physicians for Social Responsibility) To: Neumann@csl.sri.com "AN UPDATE ON THE STRATEGIC DEFENSE INITIATIVE" September 15, 1987 7:30 p.m. Stanford University Dinkelspiel Auditorium Admission is free Sponsored by the Stanford/Mid-Peninsula Chapter Physicians for Social Responsibility Panelists: David Redell -- DEC Systems Research Center, Palo Alto, CA Gary Chapman -- Executive Director, Computer Professionals for Social Responsibility, Palo Alto, CA Professor Joseph Goodman -- Department of Electrical Engineering, Stanford University Angelo Codevilla -- Research Associate, Hoover Institute, Stanford, CA The panel will be moderated by Dr. David Bernstein, of the Stanford Center for International Security and Arms Control. This panel discussion is intended to review the current state of the Strategic Defense Initiative in technical, political and research terms. There will be a period for questions and answers after the panelists speak, which is scheduled to take about 80 minutes. Dinkelspiel Auditorium is directly in front of Tressider Student Union of Stanford, on the west side of the campus. ------------------------------ End of RISKS-FORUM Digest ************************ -------