Risks Digest 16.31
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
RISKS-LIST: RISKS-FORUM Digest Tuesday 9 August 1994 Volume 16 : Issue 31
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
***** See last item for information on RISKS (comp.risks) *****
Unda(u)nted exploration: DANTE II (PGN)
Denver "solves" hi-tech baggage handling problems (Lauren Weinstein)
Re: Squirrels again bring down Nasdaq (Joe Morris, Bob Frankston)
More than squirrels: Newbridge Networks (Bob Frankston)
Re: RISKs of electrical wiring (Lauren Weinstein)
Re: The Cult of Information (Steven Tepper)
Rapid Application Development (RAD) (Rebecca Mercuri)
Intel plant in Albuquerque (Phil Agre)
Madcap world of modern banking (Ross Anderson)
A330 Crash investigation report: Pilot error blamed for crash (Erik Hollnagel)
Workshop Announcements PDCS2 and SCSC (Barry Hodgson)
CSR Software Reliability & Metrics Club - Meeting Announcement (Pete Mellor)
Washington DC ACM Seminar (John Sheckler)
Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
Date: Tue, 9 Aug 94 7:41:18 PDT
From: "Peter G. Neumann" <email@example.com>
Subject: Unda(u)nted exploration: DANTE II
The Dante II robot (successor to Dante I, whose fiber cable snapped only 21
feet down into Mt Erebus in 1993) has been exporing the volcanic crater of Mt
Spurr in Alaska, apparently with great success in gathering information in a
human-risky environment after the 1992 eruption. En route to the bottom,
Dante II survived being hit by rocks and slopping through mud and snow; prior
to its descent its satellite dish antenna was chewed on by a bear. However,
the last few days have provided grist for the RISKS mill as to what can go
wrong going wrong. Last Wednesday (3 Aug 1994) the robot lost power, and then
its transmitter went dead. On Thursday, a short-circuit (due to condensation)
was fixed in a connector to the 1000-volt power and communications cable. The
robot then was able to begin its ascent (at three feet per minute). On Friday
night, the 1700-pound Dante II lost its footing when one of its eight legs
malfunctioned, and it toppled over. Plans are now afoot (no pun intended) to
hoist it out by helicopter, or if that fails for a geologist (John Laskeivitch
of the Alaska Volcano Observatory) to climb down and attach a tether -- using
the knowledge obtained from Dante II that there are lots of rocks but that the
expected hot gases are no longer present. The robotic software seems to have
functioned well throughout. [SOURCES: PGN News Service from articles by
Charles Petit in the San Francisco Chronicle, 4-5 Aug 1994, and AP items, 7
and 9 Aug 1994.]
Date: Thu, 4 Aug 94 23:40:23 PDT
From: firstname.lastname@example.org (Lauren Weinstein)
Subject: Denver "solves" hi-tech baggage handling problems
It looks as if the folks in Denver have figured out what they need to do to
finally get their new airport open. As you may recall, it has failed to open
for quite sometime because the amazing, computer-controlled, $200 million
baggage handling system simply doesn't work. Nor does it appear that there is
much hope of making it work quickly. The more deeply the system is inspected,
the more problems are found.
Videos of the failing system under test are great fun to watch. Bags being
flung at carts that aren't where they're supposed to be, carts flying off
tracks, bags flying through the air smashing into the ground, and so on.
Quite a show.
So how to open the airport? Simple! They've apparently decided to spend more
bucks and build *another* baggage handling system--the conventional kind with
conveyer belts. After they build this new, old-style system, they'll finally
be able to open the airport, which is currently losing something like $1
million/day just sitting there.
The plan is to shift back to the computerized system when (if?) they get all
the bugs out of it.
Date: Tue, 02 Aug 94 12:15:04 -0400
From: Joe Morris <email@example.com>
Subject: Re: Squirrels again bring down Nasdaq (Neumann, RISKS 16.30 )
>Nasdaq once again was shut down by an energetic squirrel ...
To many people interested in commercial power (including computer center
managers such as yours truly was at one time) the word "squirrel" is often
defined as "a self-propelled short circuit".
Joe Morris / MITRE
Date: Sat, 6 Aug 1994 14:54 -0400
Subject: Re: Squirrels again bring down Nasdaq
There was a followup article (which I don't have handy) in the times noting
that this the outage caused trade reconciliation algorithms to fail.
A general problem is cascading failures when interacting timeouts start going
Date: Mon, 8 Aug 1994 14:20 -0400
Subject: More than squirrels: Newbridge Networks
Squirrels aren't Nasdaq's only problem. According to an article in New York
Times, there are also some race conditions in their procedures.
The article describes attempts to stop trading in Newbridge Networks stock.
Apparently the attempt to stop trading was entered at 9:32 instead of 9:30 due
to an error entering a command. Many options (more highly leveraged than
shares) got through and were confirmed. They were retroactively cancelled.
There are two basic problems. One, as the article noted, is that a
confirmation is not a confirmation. The other is the contrast between human
speeds and computer speeds. Two minutes is a very very long time.
Date: Tue, 2 Aug 94 11:01 PDT
From: firstname.lastname@example.org (Lauren Weinstein)
Subject: Re: RISKs of electrical wiring
Regarding the electrician who blew out some equipment by dropping the neutral
from a circuit, causing a power leg to go to around 220V (about double the
North American standard of ~117V). One might suggest that (even though it can
be inconvenient) turning *off* the power to areas that could be directly
affected by ongoing electrical work would be a simple and mandated procedure.
No fancy protective gear is needed in this case. Just turn off the breakers
until the work is done.
Date: Tue, 2 Aug 94 14:41:50 PDT
From: email@example.com (Steven Tepper)
Subject: The Cult of Information (RISKS-16.30)
> Roszak, in this book, is not attacking the idea of computerization
He already did that in a novel called "Bugs".
Date: Fri, 5 Aug 1994 17:49:27 +0500
From: firstname.lastname@example.org (Rebecca Mercuri)
Subject: Rapid Application Development (RAD)
I am writing an article on Rapid Application Development (RAD) and would like
to include a risky horror story or two, if anyone has one they want to share.
If you can BRIEFLY describe a project where RAD techniques were used to
develop a system or software which resulted in quantifiable losses (in terms
of time, money, etc.) to an individual or organization, I will consider
quoting you (with proper citation of course). The anecdote must be traceable
to an organization or individual involved (there can be some anonymity, but
some person or group must be identifiable so the story can be verified).
Please send replies DIRECTLY to email@example.com
Sorry, I don't have time to address other matters (like "what is RAD?" -- if
you don't know then you probably weren't using it).
BTW, I'm especially interested in projects where an outside consulting team
came in, used RAD, developed something and left it either unfinished,
undocumented, untested, and/or unsupportable. Hope someone wants to go on
the record with their experience(s).
Thanks in advance, Rebecca Mercuri
Date: Fri, 5 Aug 1994 16:27:24 -0700
From: Phil Agre <firstname.lastname@example.org>
Subject: Intel plant in Albuquerque
The SouthWest Organizing Project is engaged in a campaign against the Intel
chip fabrication plant in Albuquerque, New Mexico. They allege excessive
water use, chemical hazards to workers, and large expenditures of public funds
for small numbers of jobs for local people. Their report is available from
them (US$10 plus $1.50 p/h) at SWOP, 211 10th St SW, Albuquerque NM 87102,
Phil Agre, UCSD
Date: Sun, 7 Aug 1994 16:36:01 +0100
Subject: Madcap world of modern banking
The Sunday Times reports on 7th August that one of its readers in
Hertfordshire, England, paid a cheque for a thousand pounds into her account
with Barclays Bank in June. The cheque bounced, and Barclays did not credit it
to her account; but for no reason they also removed a further thousand,
causing her to go overdrawn.
After writing letters and waiting for weeks, she got a letter from Barclays
explaining that the loss was ``a quirk in our accounts processing system which
is effectively debiting twice the amount of a customer's unpaid in cheque''.
It goes on: ``Your helpful comments are valuable to us in prioritising the
resolution of difficulties such as those experienced by you''.
I suspect that many firms only fix software bugs when enough
customers have complained about them. But how many make a virtue
out of it?
Ross Anderson Cambridge University Computer Laboratory email@example.com
Date: Fri, 05 Aug 1994 10:45 +0200
From: Erik Hollnagel HRA <M575@eurokom.ie>
Subject: A330 Crash investigation report: Pilot error blamed for crash
[Erik provided an article from the U.K. *Times*, 3 Aug 1994, p.7, which
is omitted here. The article noted confusion on the flight deck and
three seconds of hesitation by a tired chief pilot as being responsible
for seven deaths on the test-flight takeoff of an Airbus A330. PGN]
My comment is that in the absence of an obvious single fault in the hardware
(which in this case mostly is software) the default explanation is "human
error". It looks rather as if the combination of automation, ill-defined
tasks, and an unsupportive organisation were the real causes. But I would not
expect Airbus to ever acknowledge that.
Erik Hollnagel, Technical Director, Human Reliability Associates Ltd.,
School House, Higher Lane, Dalton, Lancs. WN8 7RP, UK +44.257.463.121
Date: Wed, 3 Aug 1994 16:16:28 +0000
From: Barry Hodgson <firstname.lastname@example.org>
Subject: Workshop Announcement
PDCS2 2nd Open Workshop Safety-Critical Systems Club
Computing Systems 2) & 14th Meeting and Seminar on
Newcastle upon Tyne Leeds
19-21 September 1994 22-23 September 1994
The issues addressed by the PDCS2 research project and SCSC members are
closely related. It is because of this, and the geographic proximity of
the locations, that we hope to facilitate attendance, by interested
parties, to both events.
PDCS2 2nd Open Workshop
The 2nd Predictably Dependable Computing Systems (PDCS2) Open Workshop will
be held on 19-21 September, at the University of Newcastle upon Tyne,
starting at 2.00 p.m. (with registration and lunch from 12.30 p.m.).
The PDCS2 Workshop will comprise technical presentations of the year's
work. There will also be demonstrations of prototype software and systems
developed by the project. Further details are provided in the preliminary
programme shown below.
PDCS2 builds on, and takes significantly further, the work of ESPRIT Basic
Research Action PDCS on the problems of making the process of designing and
constructing adequately dependable computing systems much more predictable
and cost-effective than at present. In particular, it addresses the
problems of producing dependable distributed real-time systems and
especially those where the dependability requirements centre on issues of
safety and/or security. The research programme is concentrated on a number
of carefully selected topics in fault prevention, fault tolerance, fault
removal and fault forecasting. It ranges in nature from theoretical to
experimental and in a number of cases the acquisition or implementation, in
prototype form, of software tools, and their experimental interconnection.
SCSC 14th Meeting and Seminar on New Technologies
The 14th meeting of the Safety-critical Systems Club will be held on 22-23
September at The Marriott Hotel in Leeds, starting at 10.00 a.m. with
registration and coffee from 9.30 a.m. On Thursday 22 September the theme
will be "New Technologies for Safety-critical Systems" and the programme
will address the application of technologies such as formal methods, neural
networks, knowledge based systems, and robotics to the safety critical
domain, enquiring into their readiness for this role, and examining actual
experience. On Friday 23 September the event will focus on "Introducing
Formal Techniques" and will provide an overview presentation on how to
manage the introduction of formality, together with talks describing real
The Safety-critical Systems Club was formed in 1991 with support from the
DTI and SERC. It provides a regular forum for presentations and
interaction on a wide range of topics concerning the use of computing
systems in safety-critical applications. The majority of participants are
practitioners and users of such systems, but developers and research
workers are also represented in the membership of almost 2,000. Each year
the club holds a series of meetings and seminars, circulates a regular
newsletter and organises a three day conference on the theme of
PDCS2 - ESPRIT Basic Research Project 6362
Predictably Dependable Computing Systems
2ND PDCS2 OPEN WORKSHOP
19-21 September 1994
University of Newcastle upon Tyne
MONDAY 19 SEPTEMBER
12.30-14.00 Registration and Lunch
Brian Randell (Univ. Newcastle)
14.15-15.45 FAULT PREVENTION &
FAULT TOLERANCE:ARCHITECTURAL ISSUES
A Systematic Approach for the Analysis of Safety
Requirements for Process Control Systems
- Tom Anderson
A TTP Solution to an Automotive Control System
- Hermann Kopetz (TU Wien)
- - -
TUESDAY 20 SEPTEMBER
09.00-10.30 INVITED SPEAKERS FROM INDUSTRY
11.00-12.30 FAULT TOLERANCE: LANGUAGE ISSUES
Implementing Fault-tolerant Applications: an
approach based on reflective object-oriented
- Jean-Charles Fabre (LAAS-CNRS, Toulouse)
Object-Oriented Environmental Fault Tolerance
- Cecilia Calsavara (Univ. Newcastle)
14.00-15.30 FAULT FORECASTING: METHODOLOGY ISSUES AND MARKOV
Engineering Judgement about Dependability: pitfalls
- Lorenzo Strigini (CNR, Pisa)
Availability Bounds for Large Markovian Models of
Fault Tolerant Systems
- Pierre-Jacques Courtois (UC Louvain)
20.00 WORKSHOP BANQUET
- - -
WEDNESDAY 21 SEPTEMBER
09.00-10.30 FAULT FORECASTING: RELIABILITY AND AVAILABILITY MODELLING
Software Reliability Analysis of Three Successive
Generations of a Switching System
- Karama Kanoun (LAAS-CNRS, Toulouse)
Relativistic Reliability Modelling for Highly
- Bernard de Neumann (City Univ., London)
11.00-12.30 FAULT FORECASTING: FAULT INJECTION
Comparison of Two Fault Injection Techniques
Supported by the MEFISTO Tool
- Marcus Rimen (Chalmers UT, Goeteborg)
Comparison and Integration of Three Diverse
Physical Fault Injection Techniques
- Johan Karlsson (Chalmers UT, Goeteborg)
14.00-15.30 INVITED SPEAKERS FROM INDUSTRY AND CONCLUSION
Including closing address
by Jean-Claude Laprie (LAAS-CNRS, Toulouse)
[PLEASE CONTACT BARRY DIRECTLY FOR THE FULL ANNOUNCEMENT.
IT IS TOO LONG FOR RISKS. PGN]
Dept. of Computing Science, Claremont Tower, University of Newcastle,
Newcastle upon Tyne, NE1 7RU, UK
EMAIL = email@example.com PHONE = +44 91 222 7948
FAX = +44 91 222 8232
Date: Tue, 9 Aug 94 13:40:05 BST
From: Pete Mellor <firstname.lastname@example.org>
Subject: CSR Software Reliability & Metrics Club - Meeting Announcement
Software Reliability & Metrics Club
announces its forty-second meeting,
to be held at Brighton on 12th October 1994,
a seminar on
|| Process Improvement ||
Learn from the practitioners
The morning session will be devoted to talks by leading experts in the
increasingly important field of software process improvement, dealing
with significant practical issues:
* How to measure software process improvement
* Identifying opportunities for process improvement
* Defining and describing processes
* Reasoning about process effectiveness
* Achieving and quantitatively demonstrating improvement
Explore the key issues
After meeting with their peers over lunch, groups of delegates will work
together, sharing their collective experience, and discussing some of
the topical issues in the field of process improvement:
* Bottom-up or top-down?
* How to get started
* Which comes first - the process or measurement?
Delegates are encouraged to suggest other topics for discussion in this
part of the meeting; to do so, fill in the relevant part of the tear-off
slip on the next page. The working session will be followed by reports
back to the main meeting, and an open discussion of the issues raised.
Discover the future
Following informal discussion over tea, the final session of the day
will be led by one of the key players in determining the future
development of this important field. This perspective will be important
for all who are planning to be, or are already, involved in the software
process improvement area.
Who should attend
This meeting is aimed at anyone with a professional interest in
improving software development processes, including:
* software engineers, project managers and quality personnel wishing
to learn about the practice of process improvement
* experienced process improvers who wish to broaden their knowledge
and keep in touch with the latest developments
* researchers wishing to learn from the practical application of
process improvement ideas.
Why you should attend
The benefits of attendance at this meeting include:
* exposure to the practical experience of other professionals who
have successfully applied software process improvement within
their companies and for the benefit of their clients
* opportunities to share your experiences and problems with other
professionals, both during the formal sessions and informally
during the breaks
* updating on the practice of the leaders in the process improvement
field, and on likely short term future developments which will
have implications for the whole industry.
Where, when and how to attend
The meeting will be held in Brighton, at the Bedford Hotel, on 12
October 1994, starting at 10.30 am, with registration from 10.00 am
onwards. The cost of this one day meeting will be L.165.50 which covers
lunch and refreshments during the day and includes L.60 Club membership
fee with L.10.50 VAT; if you are already a Club member the charge is only
L.90. If you would like to attend, please complete the tear-off slip
below and return with your remittance; early registration would be much
appreciated and may help to avoid disappointment. Maps and suggested
train times will be sent to registered delegates, who are responsible
for arranging their own accommodation (if required).
FOR FURTHER INFORMATION, CONTACT
Joan Atkinson, Centre for Software Reliability, Bedson Building,
University, Newcastle upon Tyne, NE1 7RU
Tel: 091 221 2222; Fax: 091 222 7995;
Date: 4 Aug 1994 12:20 EST
From: email@example.com (John Sheckler, ATSC, 301/805-3258)
Subject: Washington DC ACM Seminar
The next Washington DC ACM Professional Development Seminar
series is scheduled for November 14 through November 18, 1994.
The following topics and presenters have been scheduled.
Monday, November 14
Mr. Allen S. Perper - Business Process Engineering/Reengineering
Mr. Will Tracz - Domain-Specific Software Architectures
-- Process, Products, and Infrastructure
Tuesday, November 15
Dr. Cy Svoboda - Information Engineering
Mr. Mike Gorman - Managing the Development
of Client/Server Applications
Wednesday, November 16
Mr. Ed Krol - The Whole Internet -- Archie, Veronica and
the Gopher Explore the World Wide Web
Mr. William Durell - Data Administration and Management
Thursday, November 17
Dr. Robert N.Charette - Profiting from Risk Management
Mr. Watts S. Humphrey - Personal Process Improvement
Friday, November 18
Dr. Robert S. Arnold - Legacy System Migration
Mr. Edward V. Berard - Testing Object-Oriented Software
In addition to the regular twice yearly seminar series, the WDC-ACM also hosts
a distinguished international lecturer. This year, Mr. Philip Zimmerman,
developer of the well known Pretty Good Privacy encryption algorithm, will
discuss Public Key Cryptography on Thursday November 10, 1994.
The seminar series and international known lecturer presentation are held at
the University of Maryland Adult Education Center on the campus near the
intersection of Adelphi Road and University Boulevard (Route 193).
Advance Walk-in Purchase
Category Cash, Cash, Orders
Check, Check, Training
Credit Card Credit Card Requests
ACM Chapter Member $170 $205 $230
Non-Member $175 $205 $230
Full-Time Student $ 80 $110 $230
Sr. Citizen $ 80 $110 $230
(age 60 or over)
Attendance at each course will be limited to the capacity of the
room being used (check with the ACM/PDC answering machine, (202)
462-1215, for availability). We are planning on using the
largest rooms available for Mr. Krol, Zimmerman and Humphrey.
Detailed registration information and assistance can be obtained
by calling Mrs. Nora Taylor at (301)229-2588.
Date: 31 May 1994 (LAST-MODIFIED)
Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks.
Undigestifiers are available throughout the Internet, but not from RISKS.
SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on
your system, if possible and convenient for you. BITNET folks may use a
LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S.
users on .mil or .gov domains should contact <firstname.lastname@example.org>
(Dennis Rears <email@example.com>). UK subscribers please contact
<Lindsay.Marshall@newcastle.ac.uk>. Local redistribution services are
provided at many other sites as well. Check FIRST with your local system or
netnews wizards. If that does not work, THEN please send requests to
<firstname.lastname@example.org> (which is not automated).
CONTRIBUTIONS: to email@example.com, with appropriate, substantive Subject:
line, otherwise they may be ignored. Must be relevant, sound, in good taste,
objective, cogent, coherent, concise, and nonrepetitious. Diversity is
welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS
MESSAGES in responses to them. Contributions will not be ACKed; the load is
too great. **PLEASE** include your name & legitimate Internet FROM: address,
especially from .UUCP and .BITNET folks. Anonymized mail is not accepted.
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
All other reuses of RISKS material should respect stated copyright notices,
and should cite the sources explicitly; as a courtesy, publications using
RISKS material should obtain permission from the contributors.
ARCHIVES: "ftp crvax.sri.com<CR>login anonymous<CR>YourName<CR> cd risks:<CR>
Issue j of volume 16 is in that directory: "get risks-16.j<CR>". For issues
of earlier volumes, "get [.i]risks-i.j<CR>" (where i=1 to 15, j always TWO
digits) for Vol i Issue j. Vol i summaries in j=00, in both main directory
and [.i] subdirectory; "dir" (or "dir [.i]") lists (sub)directory; "bye<CR>"
logs out. CRVAX.SRI.COM = [188.8.131.52]; <CR>=CarriageReturn; FTPs may
differ; UNIX prompts for username, password; bitftp@pucc.Princeton.EDU and
WAIS are alternative repositories. See risks-15.75 for WAIS info.
To search back issues with WAIS, use risks-digest.src.
With Mosaic, use http://www.wais.com/wais-dbs/risks-digest.html.
FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving
it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info
regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL
RISKS COMMUNICATIONS; as a last resort you may try phone PGN at
+1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM .
End of RISKS-FORUM Digest 16.31