[comp.risks] RISKS DIGEST 8.82

RISKS@KL.SRI.COM (RISKS FORUM, Peter G. Neumann -- Coordinator) (06/20/89)

RISKS-LIST: RISKS-FORUM Digest  Monday 19 June 1989   Volume 8 : Issue 82

        FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS 
   ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents:
  Re: Microcomputers in the operating theatre (Ken Howard)
  Risks of missiles (Steve Den Beste)
  Trojan Horse in Comp.Risks? (John C Williams)
  Power glitches scrambling computers --- can it be avoided? (Will Dickson)
  Re: 'Blip' Blows Computers Back to Paper Age (William M. Bumgarner)
  No back-ups:  Ninth Circuit's "computer error" (Clifford Johnson)
  Hillsborough Football -- Another Computer Connection (Charles Lindsey)
  Radio Control Interference (Marco C. Barbarisi)
  New Yorker Article (book serialization?) on radiation risks (Martin Minow)

The RISKS Forum is moderated.  Contributions should be relevant, sound, in good
taste, objective, coherent, concise, and nonrepetitious.  Diversity is welcome.
* RISKS MOVES SOON TO csl.sri.com.  FTPable ARCHIVES WILL REMAIN ON KL.sri.com.
CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line
(otherwise they may be ignored).  REQUESTS to RISKS-Request@CSL.SRI.COM.
FOR VOL i ISSUE j / ftp KL.sri.com / login anonymous (ANY NONNULL PASSWORD) /
  get stripe:<risks>risks-i.j ... (OR TRY cd stripe:<risks> / get risks-i.j ...
  Volume summaries in (i.j)=(1.46),(2.57),(3.92),(4.97),(5.85),(6.95),(7.99).

----------------------------------------------------------------------

Date: 19 Jun 89 05:05:38 GMT
From: khoward@chook.ua.oz.au (Ken Howard)
Subject: Re: Microcomputers in the operating theatre (RISKS-8.79)

In RISKS-8.79, Martyn Thomas says:-
 
> Anaesthesia is a precise art and at University Hospital, Nottingham [UK]
> there are moves to sharpen that precision by taking a BBC micro into the
> operating theatre.
> .... consultant anaesthetist [name given] plans to connect the machine to
> syringe drivers and so improve control over drugs given to patients during
> operations.   ...

Martyn addresses the obvious risk from the hardware/software reliability
point of view here. The other not so obvious risk is that a BBC micro
is not certified for use in an environment containing explosive gasses
such as are used in anesthesia .... 

You could switch the machine on/off and .... [consequences left to the
reader's imagination!]
				---Ken---

Ken Howard, University of Adelaide, Dept. of Computer Science, 
G.P.O. Box 498, Adelaide 5001	    AUSTRALIA.                   

------------------------------

Date: Mon, 19 Jun 89 10:47:28 -0400
From: denbeste@BBN.COM
Subject: Risks of missiles

With regard to the Minuteman system, the system is guided only in the sense
that you may preprogram it for any destination. It is NOT self-correcting on
its course. The main missile is solid fuel, which means that once you light it
off, it will burn until it's gone (like the SRB's on the shuttle). They can
control the direction of the thrust but not its intensity.

At this point it is gliding until it releases its warheads. The missile has no
mechanism for sensing where it is and aiming the warheads accordingly - it is
just told, BEFORE LAUNCH, "point here, release a warhead, point there, release
a warhead, etc." The point is that all errors in the launch are cumulative and
no mechanisms exist to correct them.

Which makes the following very important: All tests of the Minuteman, and there
haven't been very many, have been from Vandenberg AF base in CA, aimed at an
atoll in the south Pacific. The missiles rise out of the atmosphere, but never
enter the Van Allen belt.

The Van Allen belt, like any magnetic field, is a toroid, and if a Minuteman
was really fired it would be over the pole - and it would pass through the Van
Allen belt twice. It is also the case that the local gravitation field
characteristics over the pole are different than they are over the Pacific.

None of this matters much when you are shooting at something like a city which
is miles across. It matters a great deal when you are shooting at a hardened
target like a silo or a bunker. There an error of 100 yards is the difference
between success and failure in knocking out the enemy target.

If the last war does happen (let's hope not) there is no question that our
Minuteman force can destroy all the cities in the USSR. To use them in a
first-strike against silos, on the other hand, is a crapshoot. (If anything,
the situation from a Trident is even worse because your starting position may
not be known completely accurately.)

I suspect that those in charge of our nuclear forces know this, and it is one
of the reasons we haven't had the war (though hopefully not the only one).

This reminds me of another story, equally interesting: Shortly after coming to
office, the Reagan administration asked the Soviets to destroy a certain class
of medium range missiles in Europe in exchange for a promise from us not to
develop an equivalent one. The Soviets laughed.

So we developed the Pershing II. It was only tested twice, and it blew up
during launch both times.

...at which point, the powers that be said "That's good enough. Deploy it." So
we built over a hundred of them and put them in Germany and the Netherlands
(political disturbances and picketing notwithstanding).

Ultimately they were traded for the Soviet equivalent class in the INF treaty.
It makes you wonder whether the Pershing II ever had any other purpose, doesn't
it?
       Steven Den Beste,      BBN Communication Corporation, Cambridge MA

------------------------------

Date: Mon, 19 Jun 89 12:52:55 PDT
From: jcw@wdl1.fac.ford.com (John C Williams)
Subject: Trojan Horse in Comp.Risks?

A contributor to Comp.Risks 8.80 (Disarmament by defect) suggests
"... that the advance of computer technology into the field of the military,
has made it well neigh impossible to fight any war worth its SALT."
                 ^^^^^
(Emphasis added.)

Is this an example of a Trojan Horse?

John C. Williams, Ford Aerospace

                     [The "neighs" have it.  A "Nigh" for a "nigh".  Note that 
                     NYACK (NY) must be NEARLY an ACKnowledgement.  PGN] 

------------------------------

Date: Mon, 19 Jun 89 11:43:50 BST
From: Will Dickson <will@robots.oxford.ac.uk>
Subject: Power glitches scrambling computers --- can it be avoided?

	Several recent articles in RISKS have mentioned computer failures due
to various glitches on the power supply lines.  At the same time, many
companies are advertising Uninterruptible Power Supplies (UPS's) claiming that
they safeguard against these problems, or at least that they provide enough
time for a graceful shutdown in the event of a power failure.

	What is the actual situation?  Are these UPS's capable of doing what
they claim?  If so are they not used because of the cost, or because people do
not feel that they are needed?  Or are there other issues?
                                                               Will Dickson.

Robotics Research Group, Department of Engineering Science, Oxford University,
Oxford OX1 3PJ, England.                         JANET:	will@uk.ac.ox.robots

------------------------------

Date: Sun, 18 Jun 89 19:19:30 -0400 (EDT)
From: "William M. Bumgarner" <wb1j+@andrew.cmu.edu>
Subject: Re: 'Blip' Blows Computers Back to Paper Age

A momentary electrical 'blip' is a dangerous thing; I lost my computer to one
this morning.

Last night, there was an electrical storm in the area-- no close strikes or
power problems.  But this morning (clear skies), i heard a crack/
explosion like a transformer blowing out.  Immediately following this was a
momentary (less than one second) loss of power.  Later, when I went to use the
computer (Mac Plus w/a flaky video board anyway), the video had been reduced
to a 3 millimeter wide strip up the middle of the screen (Horizontal scan gone?)
Whether or not the storm had any connection with the 'blip' is questionable,
but the blip definitely nailed my computer.

BTW: the logic board is fine... only the video was lost.

Questions: What is the best way to protect against a blip (UPS? isolation
transformer?)?
What measures have been taken to protect against such blips in critical systems?
How much of a threat are 'blips' to hardware?

b.bum
wb1j+@andrew.cmu.edu

------------------------------

Date:      Sun, 18 Jun 89 11:14:21 PDT
From: "Clifford Johnson" <GA.CJJ@Forsythe.Stanford.EDU>
Subject: No back-ups:  Ninth Circuit's "computer error"

After an oral hearing in the appeal of my old lawsuit (re launch
on warning and the question as to whether that capability
delegates a decision to declare war to the military and its
computers), I asked for a transcript of the hearing.  I was told
over the phone that it had been located and would be transcribed,
but then received a form stating, without apology or explanation,
that it was "unavailable."  I asked why this was the case, on the
phone to the clerk, and was transferred to someone who told me
that the transcript was not available due to "computer error."

She explained that only in the past few months (*"this year"*)
had the taping of hearings become the procedure, that my tape had
mysteriously disappeared ("probably someone with access didn't
want it published", she supposed), and that this loss had caused
the court (Ninth Circuit court of appeal, San Francisco) to
realise for the first time the need for back-up tapes.
Accordingly, procedures had been changed so that originals would
be kept securely henceforth, she stated, pleading that it was
ignorance of the new computer (tape-recorder = computer in
her books) technology that caused the problem.

However, there was no problem finding the tape of a hearing I had
in the same court some *three years* earlier.

------------------------------


Date: Mon, 19 Jun 89 15:27:43 +0100
From: Charles Lindsey <charles@unix.computer-science.manchester.ac.uk>
Subject: Hillsborough Football -- Another Computer Connection

In the UK, we recently had a major disaster at the Hillsborough football
ground in Sheffield, in which 95 people died after being crushed against the
steel barrier which is supposed to prevent the spectators from invading the
pitch. It is estimated that the pressure per person on the fence, due to the
weight of the people behind surging forward, was in excess of one ton.

           [The computerized turnstile problem was noted in RISKS-8.60. PGN]

Now the official enquiry into the disaster is sitting, and the papers are full
of reports. At some point, it seems the Police decided they needed cutting
gear to use on the fence, and telephoned the Fire Brigade for it to be sent.
Clearly, its need was EXTREMELY URGENT.

Note that Hillsborough is the major football ground in Sheffield. It must
occupy something the size of a city block, and it can be approached from
several roads. The following is quoted from the Daily Mail for June 14.

Two vital minutes were wasted in helping victims of the Hillsborough tragedy.

The fire brigade refused to send vital cutting gear until they knew what street
the football stadium was in. Four times telephone operator Susan Davies
demanded the address. Then she asked five times what the equipment was needed
for.

Yesterday Miss Davies told the enquiry ... that the fire service computer
would not recognise the Hillsborough ground as a place.
'It needs a specific address and district in order to determine what pumps are
required to attend', she explained.
'My training is not to assume what an address is. It's up to me to ascertain
that from the person calling'.  As far as she was concerned, she added, there
could have been several football grounds at Hillsborough. ... The conversation
... went like this:

Police: Can we have cutting gear for Hillsborough please straight away?

Fire: Just a minute. Right, what's the address?

Police: Cutting equipment for Hillsborough football ground straight away.

Fire: Hillsborough football ground?

Police: Yes, Hillsborough football ground.

Fire: What road is that on, do you know?

Police: There has been a major accident, all the ambulances are there.

Fire: What road is it on?

Police: I have no idea. Hillsborough football ground.

Fire: What road is it on, do you know?

Police: Hillsborough football ground, what road is it on? (this to someone in
police control). Penistone Road.

Fire: Penistone Road?

Police: Penistone Road, OK.

Fire: Penistone Road, just a minute. What's exactly involved?

Police: It's football, a big match, Liverpool v Nottingham Forest.

Fire: Yes, but why do you want us? You said it was an RTA (Road Traffic
Accident).

Police: No, major incident inside the ground.

Fire: Major incident inside. Do you know exactly what it is?

Police: No I don't. They want all the cutting gear.

Fire: For what, do you know?

Police: Hang on a sec.

Police: (another voice) Hello.

Fire: Hello, now you want some cutting gear. What exactly is it for?

Police: ... full explanation ...

Fire: Right. OK. Leave it with us.

------------------------------

Date: Mon, 19 Jun 89 14:53:17 CDT
From: marco@ncsc.navy.mil (Barbarisi)
Subject: Radio Control Interference (Re: RISKS 8.75 and 8.80)

Micheal Berkley recently (RISKS 8.75) described a now infamous accident
in which a radio controlled mining machine killed a man after receiving
an interfering signal.  In RISKS 8.80, Robert Horvitz suggested a possible
fix in which the transmitter command is headed by a coded signal 
recognizable only by the receiver.  Radio sets are readily available which
feature pulse code modulation (PCM) and employ a header code ("password", if
you prefer).  They are commonly used to control model aircraft.

If a spurious signal interferes with a PCM receiver, it goes into a 
preprogrammed "failsafe" mode until contact with the matching transmitter
is restored.  The user usually has at least some control over what happens
during failsafe mode.  The default for most airplane systems is to 
neutralize (i.e., return to a center position) all control servos.
Hopefully, this results in neutralized control surfaces and a 1/2 throttle
setting on the engine.  Of course, if the airplane is pointed at the
ground when it goes into failsafe mode, it usually will end up back in 
kit form.  In the case of radio controlled heavy machinery, the failsafe
settings must be more carfully chosen and programmed.  Is power cut
off?  Are brakes applied?  What are the position control presets?  Does
the failsafe mode depend on the most recent mode of the machine?

I'm assuming that the users of such equipment will have enough sense to
employ PCM.  They've shown no such sense so far.  A construction company in
Texas has petitioned the FCC to employ 75 MHz frequencies to operate heavy
machinery.  These frequencies are attractive because they are license-free
and the only currently authorized users are radio control car and boat
operators.  In the spirit of commericial exploitation of the airwaves, the
construction company wants to SHARE those frequencies!  That's right -
your kid's toy Baja racer may be on the same frequency as a 10 ton bulldozer.

On a related topic, the proposed "person-finder" transmitters, used to
locate missing persons, will operate on the same frequencies (72 MHz) as model
aircraft.  Again, the obvious advantages for those selling such devices are
that the frequencies are license-free and the current users are not employing
them to make money and so lack political clout.  As mentioned by Mr. Horvitz,
current FCC policy is to encourage any and all commercial use of the airwaves,
without regard to safety or the interests of current users.

Currently, frequency control for model aircraft occurs at club fields and
is strictly enforced in accordance with AMA (Academy of Model Aeronautics)
regulations.  Such control will be moot if the frequencies are shared 
by "person-finder" transmitters.  This is in addition to the previously 
mentioned (RISKS ?.?) potential for abuse of such devices by employers and the
government.   The AMA is petitioning the FCC to block frequency sharing.

Caveat:  this note was written by a radio control flyer who is a member of
the AMA.

Marco C. Barbarisi (AMA # 204356), Naval Coastal Systems Center, Panama City,
Florida 32407

Disclaimer:  The opinions expressed above are my own and do not necesarily
reflect those of the Government, my employer, or the AMA.

------------------------------

Date: 18 Jun 89 10:03
From: minow@thundr.enet.dec.com
Subject: New Yorker Article (book serialization?) on radiation risks 

Risks Digest readers might find an article series in the current New Yorker
interesting.  Written by Paul Brodeur, the three-part series is titled
"The Hazards of Electromagnetic Fields."  The first part, published in the
June 12 issue, dealt with power-line magnetic fields and fields generated
by high-voltage transmission lines.  These are low-level effects that
manifest themselves in long-term changes in cancer (primarily childhood)
rates.

The current (June 19) issue is concerned primarily with pulsed-microwave
fields, especially those from the PAVE PAWS distant early warning radar
installations.

The last installment isn't out yet.

One frightening aspect of the problem is the way "scientists" cook their
research to suit the "needs" of their funding agencies.  For example,
Air Force researchers measured the *average* emission of PAVE PAWS, which
is a multi-megawatt *pulsed* beam, rather than its instantaneous intensity.

Martin Minow                               minow%thundr.dec@decwrl.dec.com
The above does not represent the position of Digital Equipment Corporation.

------------------------------

End of RISKS-FORUM Digest 8.82
************************
-------