risks@CSL.SRI.COM (RISKS Forum) (03/01/91)
RISKS-LIST: RISKS-FORUM Digest Thursday 28 February 1991 Volume 11 : Issue 18
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
A weird error message -- old Cyber clock tale (Andrew Clayton)
Tennis anyone? (name confusion) (anonymous)
Burden of Proof: name confusion in driver's license bureau (Steve Sears)
But the computer person said it was OK! (Dick Wexelblat)
Dave Rotheroe's "Retail Sales Oversight -- No backup" note (Alan Wexelblat)
Re: LINAC deaths at Zaragoza (Trevor Cradduck)
Multiple engine failures (Mary Shafer responding to David Lesher)
Re: MD-12; Automatic download of patches (Martin Minow)
Re: Risks of EMI? (Bob Ayers)
The RISKS Forum is moderated. Contributions should be relevant, sound, in
good taste, objective, coherent, concise, and nonrepetitious. Diversity is
welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive
"Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM.
FTP VOL i ISSUE j: ftp CRVAX.sri.com<CR>login anonymous<CR>AnyNonNullPW<CR>
CD RISKS:<CR>GET RISKS-i.j<CR> (where i=1 to 11, j is always TWO digits. Vol i
summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye" logs out.
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
----------------------------------------------------------------------
Date: 25 Feb 91 11:43:46 GMT
From: dac@prolix.pub.uu.oz.au (Andrew Clayton)
Subject: A weird error message -- old Cyber clock tale
Newsgroups: alt.folklore.computers,rec.humor (courtesy of spaf@cs.purdue.edu)
When NOS/BE finally got to a stable configuration (about two years after they
decided it was a dead O/S), three places in the world noticed a problem - if
the machine stayed up for 24 DAYS, the system time-of-day clock would go
haywire, and crash the system. :-)
The bug had never previously been found, because nobody had a Cyber running
NOS/BE that had stayed _up_ for 24 days continuously!
------------------------------
Date: 26 Feb 91
From: [anonymous]
Subject: Tennis anyone?
Svensson moves up after error spotted
PARIS, Feb 26 (AFP) - Jonas Svensson of Sweden was the victim of the sort of
unintentional error he thought he had put behind him when this week's ATP
rankings were calculated. Svensson, the beaten finalist in the Stuttgart
Classic at the weekend, originally appeared to have dropped from 13th to 17th.
But the error was due to the confusion over his tennis-playing namesake, and
the revised rankings reveal that he has actually moved up one place to 12th.
Svensson dropped the initial B. from his original playing name Jonas B.
Svensson once the other Jonas Svensson on the circuit retired from the game and
the possibility of confusion seemed to have disappeared. But when it came to
compiling the new rankings, someone apparently keyed in the points Svensson
earned in Stuttgart under the other Jonas Svensson's name. That had the
additional effect of catapulting the now-retired Svensson into 140th place in
the rankings, which was even more surprising as during his entire career he
never rose higher than the 445th place he occupied in January 1984. [...]
------------------------------
Date: Wed, 27 Feb 1991 12:02:14 MST
From: sjs@iconsys.icon.com (Steve Sears)
Subject: Burden of Proof: name confusion in driver's license bureau
The recent article by Robyn Grunberg reminded me of an experience I had in
1984.
I received notice from my insurance company that my automobile insurance was
being raised drastically (4X as I recall). After deciphering the code that
gives the reason for a rate increase, I found that I had been booked for a DWI
(Driving While Intoxicated). At first I found this amusing, as I don't drink
at all.
I called the insurance company to clear up what was an obvious mistake, and
found that not only did they disbelieve me, but was given a lecture on driving
and drinking! In order for them to change, I had to supply them with proof
that I did not have a DWI, in triplicate, as well as a character witness. They
made the mistake, yet I was given the burden of proof; not only of my not
having committed the alleged offense, but of my personal integrity as well.
And no, they had the facts and did not see any reason to verify them.
At the drivers license bureau, my record was as clean as I thought it to be. I
got the printout (for a fee) and then had it notarized (for another fee). It
was a slow day, and the clerk was amused by my little story, so he started
playing with my drivers license number to see if a juxtaposition mistake had
been made. We finally found the offender, who has the same last name and hence
(in Utah), the same drivers license number but with an ADDITIONAL postfix
character.
After sending this information, along with a letter from a couple of people who
know me stating they had never seen me ingest alcohol, I was out $21 cash and
had missed a few hours of work.
I then received a call from the insurance company who, instead of apologizing
for the mistake, cross examined me on every point. I finally broke off with
this person by threatening to sue unless they corrected their mistake.
Needless to say, I changed insurance companies. I also finally received
notification that I had been reinstated to my previous status. No apology.
The risk here comes down to a burden of proof sort of thing. I can see myself
going broke in the event a large percentage of the companies I deal with all
made mistakes and put the burden of proof on me.
Rather than just switch insurance companies in the first place, it seemed to me
that if the record was not corrected, this disinformation would propagate and
leave me in a worse position than meeting them head on.
Steven J. Sears, Sanyo/Icon sjs@iconsys.icon.com (801) 226-8057
------------------------------
Date: Thu, 28 Feb 91 12:46:55 E
Subject: But the computer person said it was OK!
From: rlw@ida.org
Yesterday I went to the pharmacy to pick up a prescription that had been phoned
in. When you pick up there, they make you sign across a computer-printed label
that is origianlly clipped to your prescription but which they peel off and
stick to a clip board for you to sign. After signing, I noticed that I had
signed two identical labels that were sort of overlapping. Seems bogus so I
asked the clerk, "Why two?" Answer: "Sometimes the computer prints two
labels."
Abbreviating a longer interchange:
Me: I only got one prescription, tear one up.
Clerk: I can't
Me: Let me talk to pharmacist
Pharmacist: Don't worry about it.
Me: I am worried.
Pharmacist to clerk: Tear it up
(Clerk goes on to serve next customer)
Me: ?
Clerk: I'll do it later.
Me (to manager): ...labels...
Manager: I'm too busy to worry about that now.
Next morning, I recount the story over the hone to the insurance company
who pays for my prescriptions. Thanks. They'll get back to me.
Several rounds of telephone tag. Then a completely satisfactory
explanation: "The computer person said they can't charge you twice for
the same prescription." "But suppose they are charging for two
prescriptions." "Don't worry, we have a numbering scheme that prevents
our being charged twice."
Repeat for frustration_level:= 1 to 4
Me: but...
Ins. Co.: the computer person said that can't happen
Taeper
Nuts. Maybe the computer DOES accidently print two labels sometimes.
After all, I'm smarter than their computer and I make misteaks sometimes.
--Dick Wexelblat (rlw@ida.org) 703 845 6601
------------------------------
Date: Thu, 28 Feb 91 15:40:44 est
From: wex@PWS.BULL.COM
Subject: Dave Rotheroe's "Retail Sales Oversight -- No backup" note
While Dave notes the technological problems and customer-relations problems
inherent in the situation he described, he only hints at what, to me, is the
biggest RISK of all.
The problem is that the automation of these positions has led to the
de-skilling of the workforce involved in them. It takes much less initiative
and much less smarts that it used to: running something over a laser scanner,
pressing a few buttons, and getting the customer to sign a receipt is not
nearly as mentally or physically complex as the task used to be.
This is true not only for sales/retail positions, but for almost every job
which has been automated. Where people have not been outright replaced by
machines, they've been replaced by people with lower skill levels and often
less experience and less education.
The result is a (you should pardon the phrase) dumbing down of the workforce.
This leads to more and more situations where the workers are unable to
understand/deal with/repair the machines with which they interact and are
unable to perform the machine's functions when it fails.
As I see it, this has two negative consequences (call them risks if you like).
There are situational problems such as customers being unable to get the
product or service they want (and possibly businesses failing as a result), and
there are societal problems such as loss of control, loss of motivation, loss
of our country's position in the world.
I recommend interested RISKS readers pick up a copy of Barbara Garson's THE
ELECTRONIC SWEATSHOP (Simon & Schuster 1988 ISBN 0-671-53049-6). She takes a
step-by-step look at a number of jobs which are being automated. Even in
places like financial planning where we'd like the planners to be smart, she
shows how automated systems have led to dumber users.
--Alan Wexelblat phone: (508)294-7485
Bull Worldwide Information Systems internet: wex@pws.bull.com
------------------------------
Date: Thu, 28 Feb 91 12:25:33 EST
From: Trevor Cradduck <trevorc@uwovax.uwo.ca>
Subject: LINAC deaths at Zaragoza
Organization: Nuclear Medicine, U. Western Ontario, Canada
I am given to understand that the linear accelerator in Zaragoza that has given
rise to the recent deaths from radiation treatment is a Sagitar 35 manufactured
by CGR and marketed and serviced by GE. Unlike the earlier tragedies involving
Theratrons from AECL, this machine does NOT have any computer control. So far
as one can tell, this "accident" came about due to the machine having been left
in an improper condition for treatment following service for a fault, and the
improper condition was not detected before a number of patients had been
treated. The case is due to go before the courts so that the parties involved
are (understandably) reluctant to release detailed information.
Trevor Cradduck, Dept. of Nuclear Medicine, Victoria Hospital, U. Western
Ontario, LONDON, Ontario, Canada, N6A 4G5 (519) 667-6574 TREVORC@UWOVAX.BITNET
------------------------------
Date: Wed, 27 Feb 91 17:05:18 EST
From: David Lesher <wb8foz@mthvax.cs.miami.edu>
Subject: Multiple failures
Date: 27 Feb 91 17:48:49 GMT
Path: mthvax!news.miami.edu!ncar!ames!skipper!shafer
From: shafer@skipper.dfrf.nasa.gov (Mary Shafer)
Newsgroups: rec.aviation
Subject: Re: ref. to 3 holer/o -rings incident
Organization: NASA Dryden, Edwards, Cal.
(David Lesher) writes:
I'm looking for a reference to tell me the date/carrier on that 727
that took off from MIA without vital o-rings on the burners, and barely
limped back in time, roaching the 3 fans in the process.
1. Report No. NTSB/AAR-84/04
4. Title and Subtitle: Aircraft Accident Report--Eastern Air Lines, Inc.,
Lockheed L-1011, N334EA, Miami International Airport, Miami, Florida, May 5,
1983.
16. Abstract: At 0856, on May 5, 1983, Eastern Air Lines, Inc., Flight 855, a
Lockheed L-1011, N334EA, with 10 crewmembers and 162 passengers on board,
departed Miami International Airport en route to Nassau, Bahamas. About
0915:15, while descending through 15,000 feet, the low oil pressure light on
the No. 2 engine illuminated. The No. 2 engine was shut down, and the captain
decided to return to Miami to land.
The airplane was cleared to Miami and began a climb to FL 200. While enroute
to Miami, the low oil pressure lights for engines Nos. 1 and 3 illuminated. At
0928:20, while at 16,000 feet, the No. 3 engine flamed out. At 0933:20, the
No. 1 engine flamed out while the flightcrew was attempting to restart the No.
2 engine.
The airplane descended without power from about 13,000 feet to about 4,000
feet, at which time the No. 2 engine was restarted. The airplane made a
one-engine landing at Miami International Airport at 0946. There were no
injuries to the occupants.
The National Transportation Safety Board determines that the probable cause of
te accident was the omission of all the O-ring seals on te master chip detector
assemblies leading to the loss of lubrication and damage to the airplane's
three engines as a result of the failure of mechanics to follow the established
and proper procedures for the installation of master chip detectors in the
engine lubrication system, the repeated failure of supervisory personnel to
require mechanic to comply with strictly withe prescribed installation
procedures, and the failure of Eastern Air Lines management to assess
adequately the significance of similar previous occurrences and to act
effectively to institute corrective action.
Contributing to the cause of the accident was the failure of Federal Aviation
Administration maintenance inspectors to assess the significance of the
incidents involving master chip detectors and to take effective surveillance
and enforcement measures to prevent the recurrence of the incidents. [...]
Mary Shafer shafer@skipper.dfrf.nasa.gov ames!skipper.dfrf.nasa.gov!shafer
NASA Ames Dryden Flight Research Facility, Edwards, CA
------------------------------
Date: Wed, 27 Feb 91 15:04:19 PST
From: "Martin Minow, ML3-5/U26 26-Feb-1991 2248" <minow@bolt.enet.dec.com>
Subject: Re: MD-12; Automatic download of patches (Biesty, RISKS-11.17)
Henry Spencer writes that, irrespective of the MD-11 computer problems,
the MD-12 will be fly by wire.
This reminds me of the old joke:
How many programmers does it take to change a light bulb?
One, but you can never change it back again.
Bill Biestly writes about automatic download of patches in disk drives.
I've seen a lot of new hardware designed -- roughly -- as follows:
-- core functions in ROM or EPROM.
-- everything else loaded at boot time.
For example, a large part of the Macintosh system software is in ROM, but
much of it is patched by the operating system bootstrap. I've also seen
disk drives where the ROM code is just smart enough to load the real disk
code from a manufacturer's "private" area on the disk. These disks had
two ways to modify the firmware:
-- a "secret" sequence of SCSI commands could be used to read/write the
private area.
-- there was an asychronous terminal line interface that could be connected
to a debugging terminal. This could be used to patch the firmware and/or
dump internal tables and error logs.
I also know of a modem that can have its firmware updated over the phone
(I begged the manufacturer to put a jumper/switch on the board to prevent
this without direct user intervention. I also recommended some sort
of signature mechanism that would allow users to verify that they
have correct firmware. This was not a Dec product, by the way.)
While I'm quite aware of the risks involved, one should also understand
that there benefits to the user. Finding the tradeoff between trust,
mistrust, and convenience is a difficult problem, of course. My real
worry is that these changes are being made without customers who may
have good reason not to use a re-configurable modem understanding the
issues involved.
Martin Minow minow@bolt.enet.dec.com
------------------------------
Date: Tue, 26 Feb 91 17:17:57 -0800
From: ayers@src.dec.com (Bob Ayers)
Subject: Re: Risks of EMI? (Finkel, RISKS-11.17)
In RISKS 11.17, mister "enough statistics, chemistry, and analysis software
experience to almost, sort-of, maybe know what I am talking about" writes that
1) POWER LINES CAUSE CANCER -- They most certainly do, but not because
of EMR. To keep the access roads clear and to keep vines and other
plants from growing around the power towers, the companies sprayed
2-4D, commonly known as dioxin or Agent Orange. ... The possible
carcinogenic effects of this chemical are well known.
Unfortunately, as they say, "that turns out not to be the case." I have
enough chemistry background, and have done enough recent reading, to know
that dioxin, 2-4-D, and Agent Orange are three separate things:
2-4-D: a chemical herbicide
Agent Orange: a mixture of 2-4-D and 2-4-5-T, a second chemical herbicide
Dioxin: a minor chemical contaminant (production byproduct) in 2-4-D.
And "the possible carcinogenic effects" of those chemicals (he means the
dioxin) is *not* well known. The only bad effect of doixin on humans that has
been reasonable established is chloracne.
Zero for two. Bob
------------------------------
End of RISKS-FORUM Digest 11.18
************************