RISKS@CSL.SRI.COM.UUCP (03/03/87)
RISKS-LIST: RISKS-FORUM Digest Monday, 2 March 1987 Volume 4 : Issue 54
FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Rockford Illinois Destroyed by Computer! (Chuck Weinstock)
Ma Bell's Daughter Does Dallas (PGN)
FAA Does Houston (PGN)
Tempest Puget, or The Sound and the Ferries (PGN)
Re: proper use of suid (Jef Poskanzer)
Process Control (Chuck Weinstock)
Risks in switching to computerized `people meters' (Bill Janssen)
A lovely algorithm (Lindsay)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious. Diversity is welcome.
(Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM)
(Back issues Vol i Issue j available in CSL.SRI.COM:<RISKS>RISKS-i.j. MAXj:
Summary Contents Vol 1: RISKS-1.46; Vol 2: RISKS-2.57; Vol 3: RISKS-3.92.)
----------------------------------------------------------------------
Date: 2 Mar 1987 19:27-EST
From: Chuck.Weinstock@sei.cmu.edu
To: risks@csl
Subject: Rockford Illinois Destroyed by Computer!
According to the CBS Evening News, the National Weather Service issued a
report that Rockford Illinois was destroyed by a killer tornado this morning.
The report was picked up by the media and reported as fact. Rockford is
still there, the NWS was just testing a new reporting mechanism. The report
should not have been issued. The NWS blames faulty computer software.
------------------------------
Date: Mon 2 Mar 87 14:32:52-PST
From: Peter G. Neumann <Neumann@CSL.SRI.COM>
Subject: Ma Bell's Daughter Does Dallas
To: RISKS@CSL.SRI.COM
The Number 4 ESS system in Dallas went down for much of the day on
Wednesday, 25 February 1987, blocking most long-distance calls in and out of
area code 214. Both the main system and the backup system failed. One
smart company was Fidelity Investor Information, which was able to reroute
incoming calls (presumably through an 800 number?) to phone centers in
Boston and Salt Lake City. Multilevel layers of redundancy seem like a
good practice. [Source: Austin American Statesman, 26 Feb 87, p. D11,
courtesy of Steve Smaha, by SnailMail.]
[Although presumably not computer related, a highly toxic fire broke
out at 3 a.m. on 18 Feb 87 in a Brooklyn NY Tel central office, downing
5 exchanges and 41,000 customers. Because of the toxicity levels,
repair personnel were not allowed in the building until after 5 p.m.
During the same week, a Chesapeake & Potomac switching center also
experienced a toxic fire, forcing evacuation on two consecutive days. See
Management Information Systems Week, 23 Feb 87, p. 31 and 54 for details.]
------------------------------
Date: Mon 2 Mar 87 14:39:18-PST
From: Peter G. Neumann <Neumann@CSL.SRI.COM>
Subject: FAA Does Houston
To: RISKS@CSL.SRI.COM
The computer complex at the FAA's en-route traffic control center in Houston
went down at 7:13 a.m. on Tuesday, 24 February 1987. Primary radar was
restored at 7:45; the manual backup system was in effect throughout the
outage. The computer system came back up at 10:40 a.m. Delays of 90
minutes for commercial flights were reported, affecting airports in the
surrounding multistate area. [Source: UPI, from SF Chron, 25 Feb 87, p. 3.]
------------------------------
Date: Mon 2 Mar 87 15:08:44-PST
From: Peter G. Neumann <Neumann@CSL.SRI.COM>
Subject: Tempest Puget, or The Sound and the Ferries
To: RISKS@CSL.SRI.COM
In this decade there have been at least a dozen dock crashes in the Puget
Sound ferry system (the largest such system in the USA) that were
attributable to onboard computer failures. The damages for one crash alone
(12 September 1986) cost an estimated $750,000 in repairs to the Whidbey
Island dock. The $17 million mid-sized Issaquah ferries [100 cars, 1200
passengers] came on board in 1980 with the slogan, "Computerized propeller
systems make the ferries more fuel efficient." The state sued the ferry
builder (the now bankrupt Marine Power & Equipment of Seattle), which agreed
to pay $7 million over 10 years. The state's recommendation now is to spend
an extra $3 million cutting 6 ferries over to MANUAL CONTROLS.
[Source: An article by Deeann Glamser in USA Today, somewhen in the middle
of the week of 23 Feb 87. Clipping sent to me with no date.]
[It is disappointing that the fix is to bypass the computer systems,
rather than to make them work. Nevertheless, accepting reality is
clearly a good idea. Although they did not have a gift horse in whose
mouth to look, perhaps Seattle still believes in the truth ferry.]
------------------------------
Date: Mon, 2 Mar 87 09:45:06 PST
From: unisoft!charming!jef@ucbvax.Berkeley.EDU (Jef Poskanzer)
To: ucbvax!CSL.SRI.COM!RISKS-REQUEST
Subject: Re: proper use of suid
Proper use of suid is easy to characterize: don't use it, use sgid instead!
If you need complete security, set up a separate group for each separate
application, make the files it needs access to writable by that group,
and you're set. [with sgid]
Jef Poskanzer unisoft!jef@ucbvax.Berkeley.Edu ...ucbvax!unisoft!jef
------------------------------
Date: 2 Mar 1987 19:30-EST
From: Chuck.Weinstock@sei.cmu.edu
To: risks@csl
Subject: Process Control
I had the good fortune to tour General Electric's Grove City, PA diesel
engine manufacturing plant on Friday. The plant manager, who was conducting
the tour, was especially proud of the highly automated machine tools and the
computerized engine testing cells. They are so confident of the process-
control computers' ability to detect problems that the employees in charge
of watching the process are allowed to take a break while things keep
running. I found this appalling. The fact that the test cells were made of
reinforced concrete to shield the rest of the facility from an engine
explosion did not make me feel any better.
The plant is currently running at less than one third of capacity. I
wonder what surprises they are in for if and when it starts running at or
near capacity?
------------------------------
Date: Mon, 2 Mar 87 15:50:10 CST
From: Bill Janssen <janssen@MCC.COM>
To: RISKS@CSL.SRI.COM
Subject: Risks in switching to computerized `people meters'
The March 2, 1987, issue of the `New Yorker', has a discussion of `people
meters' in its editorial column. The two major television audience-rating
companies, Nielsen and AGB, are each going to switch from a paper-and-pencil
diary system of recording viewing samples, to an automatic electronic system
that is connected to the viewing family's television sets and VCRs.
There will be some measurement effects: ` ``Here's something that
causes us concern, '' Mr. Dominus (a vice-president of CBS) stated. ``To
install this system, a man has to wire your house. Let's say you've got
two sets and a VCR. He has to literally solder stuff to your equipment.
When you walk into the room and turn on the set, you have to punch in, and
when you go out of the room you punch out. I would say there's a personality
bias toward people with a high-tech style. Now, some people are technology-
adverse -- I'm one of them, so I ought to know. They say, `I don't want to
do this.' How do you adjust for that mind-set?'' '
Apparently the advertising agencies will want `a money-back guarantee that
a given commercial would reach a givena number -- and type -- of viewer.'
The networks, because of the unknown nature of the measurement effects,
want to avoid giving such guarantees, particularly on $3.7G worth of business,
the amount of up-front advertising that was sold last year. They would
like to forego guarantees this next year to `save the networks a fortune
in unfairly assumed risk.'
Toward the end of the article it is revealed that the actual system under
discussion is a `real-time electronic diary', instead of a true `people
meter', which would function in a totally passive way, leaving no room for
human error (such as forgetting to punch in). `Computerized voice
identification' and `miniature radio transmitters built into the family
jewelry' are mentioned as research directions...
Bill
------------------------------
Date: Sun 1 Mar 87 22:19:25-EST
From: LINDSAY@TL-20B.ARPA
Subject: A lovely algorithm
To: risks@CSL.SRI.COM
Occasionally, one encounters a truly lovely algorithm. Often they can be
recognized by their simplicity.
A friend of mine discovered such an algorithm on the Burroughs 6700, lo these
many years ago. It all came about because he was debugging a database manager.
One day, it attempted to use a somewhat random number as in index into a
data file.
Now, my friend had a budget, and received bills monthly from the computer
centre. The next bill was shocking, and in fact, wasn't even believable.
He had been charged for more disk space than the centre owned.
It was obvious that the billing software didn't really know how large the files
were. Instead, the biller trusted each user program to end at the end of its
file. In the true spirit of experimental science, my friend changed his
program so that it would always finish by accessing at index zero.
And indeed, on the next bill, he was charged precisely zero for disk space.
------------------------------
End of RISKS-FORUM Digest
************************
-------