Subject: RISKS DIGEST 11.18 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Thursday 28 February 1991 Volume 11 : Issue 18 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: A weird error message -- old Cyber clock tale (Andrew Clayton) Tennis anyone? (name confusion) (anonymous) Burden of Proof: name confusion in driver's license bureau (Steve Sears) But the computer person said it was OK! (Dick Wexelblat) Dave Rotheroe's "Retail Sales Oversight -- No backup" note (Alan Wexelblat) Re: LINAC deaths at Zaragoza (Trevor Cradduck) Multiple engine failures (Mary Shafer responding to David Lesher) Re: MD-12; Automatic download of patches (Martin Minow) Re: Risks of EMI? (Bob Ayers) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. FTP VOL i ISSUE j: ftp CRVAX.sri.comlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j (where i=1 to 11, j is always TWO digits. Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: 25 Feb 91 11:43:46 GMT From: dac@prolix.pub.uu.oz.au (Andrew Clayton) Subject: A weird error message -- old Cyber clock tale Newsgroups: alt.folklore.computers,rec.humor (courtesy of spaf@cs.purdue.edu) When NOS/BE finally got to a stable configuration (about two years after they decided it was a dead O/S), three places in the world noticed a problem - if the machine stayed up for 24 DAYS, the system time-of-day clock would go haywire, and crash the system. :-) The bug had never previously been found, because nobody had a Cyber running NOS/BE that had stayed _up_ for 24 days continuously! ------------------------------ Date: 26 Feb 91 From: [anonymous] Subject: Tennis anyone? Svensson moves up after error spotted PARIS, Feb 26 (AFP) - Jonas Svensson of Sweden was the victim of the sort of unintentional error he thought he had put behind him when this week's ATP rankings were calculated. Svensson, the beaten finalist in the Stuttgart Classic at the weekend, originally appeared to have dropped from 13th to 17th. But the error was due to the confusion over his tennis-playing namesake, and the revised rankings reveal that he has actually moved up one place to 12th. Svensson dropped the initial B. from his original playing name Jonas B. Svensson once the other Jonas Svensson on the circuit retired from the game and the possibility of confusion seemed to have disappeared. But when it came to compiling the new rankings, someone apparently keyed in the points Svensson earned in Stuttgart under the other Jonas Svensson's name. That had the additional effect of catapulting the now-retired Svensson into 140th place in the rankings, which was even more surprising as during his entire career he never rose higher than the 445th place he occupied in January 1984. [...] ------------------------------ Date: Wed, 27 Feb 1991 12:02:14 MST From: sjs@iconsys.icon.com (Steve Sears) Subject: Burden of Proof: name confusion in driver's license bureau The recent article by Robyn Grunberg reminded me of an experience I had in 1984. I received notice from my insurance company that my automobile insurance was being raised drastically (4X as I recall). After deciphering the code that gives the reason for a rate increase, I found that I had been booked for a DWI (Driving While Intoxicated). At first I found this amusing, as I don't drink at all. I called the insurance company to clear up what was an obvious mistake, and found that not only did they disbelieve me, but was given a lecture on driving and drinking! In order for them to change, I had to supply them with proof that I did not have a DWI, in triplicate, as well as a character witness. They made the mistake, yet I was given the burden of proof; not only of my not having committed the alleged offense, but of my personal integrity as well. And no, they had the facts and did not see any reason to verify them. At the drivers license bureau, my record was as clean as I thought it to be. I got the printout (for a fee) and then had it notarized (for another fee). It was a slow day, and the clerk was amused by my little story, so he started playing with my drivers license number to see if a juxtaposition mistake had been made. We finally found the offender, who has the same last name and hence (in Utah), the same drivers license number but with an ADDITIONAL postfix character. After sending this information, along with a letter from a couple of people who know me stating they had never seen me ingest alcohol, I was out $21 cash and had missed a few hours of work. I then received a call from the insurance company who, instead of apologizing for the mistake, cross examined me on every point. I finally broke off with this person by threatening to sue unless they corrected their mistake. Needless to say, I changed insurance companies. I also finally received notification that I had been reinstated to my previous status. No apology. The risk here comes down to a burden of proof sort of thing. I can see myself going broke in the event a large percentage of the companies I deal with all made mistakes and put the burden of proof on me. Rather than just switch insurance companies in the first place, it seemed to me that if the record was not corrected, this disinformation would propagate and leave me in a worse position than meeting them head on. Steven J. Sears, Sanyo/Icon sjs@iconsys.icon.com (801) 226-8057 ------------------------------ Date: Thu, 28 Feb 91 12:46:55 E Subject: But the computer person said it was OK! From: rlw@ida.org Yesterday I went to the pharmacy to pick up a prescription that had been phoned in. When you pick up there, they make you sign across a computer-printed label that is origianlly clipped to your prescription but which they peel off and stick to a clip board for you to sign. After signing, I noticed that I had signed two identical labels that were sort of overlapping. Seems bogus so I asked the clerk, "Why two?" Answer: "Sometimes the computer prints two labels." Abbreviating a longer interchange: Me: I only got one prescription, tear one up. Clerk: I can't Me: Let me talk to pharmacist Pharmacist: Don't worry about it. Me: I am worried. Pharmacist to clerk: Tear it up (Clerk goes on to serve next customer) Me: ? Clerk: I'll do it later. Me (to manager): ...labels... Manager: I'm too busy to worry about that now. Next morning, I recount the story over the hone to the insurance company who pays for my prescriptions. Thanks. They'll get back to me. Several rounds of telephone tag. Then a completely satisfactory explanation: "The computer person said they can't charge you twice for the same prescription." "But suppose they are charging for two prescriptions." "Don't worry, we have a numbering scheme that prevents our being charged twice." Repeat for frustration_level:= 1 to 4 Me: but... Ins. Co.: the computer person said that can't happen Taeper Nuts. Maybe the computer DOES accidently print two labels sometimes. After all, I'm smarter than their computer and I make misteaks sometimes. --Dick Wexelblat (rlw@ida.org) 703 845 6601 ------------------------------ Date: Thu, 28 Feb 91 15:40:44 est From: wex@PWS.BULL.COM Subject: Dave Rotheroe's "Retail Sales Oversight -- No backup" note While Dave notes the technological problems and customer-relations problems inherent in the situation he described, he only hints at what, to me, is the biggest RISK of all. The problem is that the automation of these positions has led to the de-skilling of the workforce involved in them. It takes much less initiative and much less smarts that it used to: running something over a laser scanner, pressing a few buttons, and getting the customer to sign a receipt is not nearly as mentally or physically complex as the task used to be. This is true not only for sales/retail positions, but for almost every job which has been automated. Where people have not been outright replaced by machines, they've been replaced by people with lower skill levels and often less experience and less education. The result is a (you should pardon the phrase) dumbing down of the workforce. This leads to more and more situations where the workers are unable to understand/deal with/repair the machines with which they interact and are unable to perform the machine's functions when it fails. As I see it, this has two negative consequences (call them risks if you like). There are situational problems such as customers being unable to get the product or service they want (and possibly businesses failing as a result), and there are societal problems such as loss of control, loss of motivation, loss of our country's position in the world. I recommend interested RISKS readers pick up a copy of Barbara Garson's THE ELECTRONIC SWEATSHOP (Simon & Schuster 1988 ISBN 0-671-53049-6). She takes a step-by-step look at a number of jobs which are being automated. Even in places like financial planning where we'd like the planners to be smart, she shows how automated systems have led to dumber users. --Alan Wexelblat phone: (508)294-7485 Bull Worldwide Information Systems internet: wex@pws.bull.com ------------------------------ Date: Thu, 28 Feb 91 12:25:33 EST From: Trevor Cradduck Subject: LINAC deaths at Zaragoza Organization: Nuclear Medicine, U. Western Ontario, Canada I am given to understand that the linear accelerator in Zaragoza that has given rise to the recent deaths from radiation treatment is a Sagitar 35 manufactured by CGR and marketed and serviced by GE. Unlike the earlier tragedies involving Theratrons from AECL, this machine does NOT have any computer control. So far as one can tell, this "accident" came about due to the machine having been left in an improper condition for treatment following service for a fault, and the improper condition was not detected before a number of patients had been treated. The case is due to go before the courts so that the parties involved are (understandably) reluctant to release detailed information. Trevor Cradduck, Dept. of Nuclear Medicine, Victoria Hospital, U. Western Ontario, LONDON, Ontario, Canada, N6A 4G5 (519) 667-6574 TREVORC@UWOVAX.BITNET ------------------------------ Date: Wed, 27 Feb 91 17:05:18 EST From: David Lesher Subject: Multiple failures Date: 27 Feb 91 17:48:49 GMT Path: mthvax!news.miami.edu!ncar!ames!skipper!shafer From: shafer@skipper.dfrf.nasa.gov (Mary Shafer) Newsgroups: rec.aviation Subject: Re: ref. to 3 holer/o -rings incident Organization: NASA Dryden, Edwards, Cal. (David Lesher) writes: I'm looking for a reference to tell me the date/carrier on that 727 that took off from MIA without vital o-rings on the burners, and barely limped back in time, roaching the 3 fans in the process. 1. Report No. NTSB/AAR-84/04 4. Title and Subtitle: Aircraft Accident Report--Eastern Air Lines, Inc., Lockheed L-1011, N334EA, Miami International Airport, Miami, Florida, May 5, 1983. 16. Abstract: At 0856, on May 5, 1983, Eastern Air Lines, Inc., Flight 855, a Lockheed L-1011, N334EA, with 10 crewmembers and 162 passengers on board, departed Miami International Airport en route to Nassau, Bahamas. About 0915:15, while descending through 15,000 feet, the low oil pressure light on the No. 2 engine illuminated. The No. 2 engine was shut down, and the captain decided to return to Miami to land. The airplane was cleared to Miami and began a climb to FL 200. While enroute to Miami, the low oil pressure lights for engines Nos. 1 and 3 illuminated. At 0928:20, while at 16,000 feet, the No. 3 engine flamed out. At 0933:20, the No. 1 engine flamed out while the flightcrew was attempting to restart the No. 2 engine. The airplane descended without power from about 13,000 feet to about 4,000 feet, at which time the No. 2 engine was restarted. The airplane made a one-engine landing at Miami International Airport at 0946. There were no injuries to the occupants. The National Transportation Safety Board determines that the probable cause of te accident was the omission of all the O-ring seals on te master chip detector assemblies leading to the loss of lubrication and damage to the airplane's three engines as a result of the failure of mechanics to follow the established and proper procedures for the installation of master chip detectors in the engine lubrication system, the repeated failure of supervisory personnel to require mechanic to comply with strictly withe prescribed installation procedures, and the failure of Eastern Air Lines management to assess adequately the significance of similar previous occurrences and to act effectively to institute corrective action. Contributing to the cause of the accident was the failure of Federal Aviation Administration maintenance inspectors to assess the significance of the incidents involving master chip detectors and to take effective surveillance and enforcement measures to prevent the recurrence of the incidents. [...] Mary Shafer shafer@skipper.dfrf.nasa.gov ames!skipper.dfrf.nasa.gov!shafer NASA Ames Dryden Flight Research Facility, Edwards, CA ------------------------------ Date: Wed, 27 Feb 91 15:04:19 PST From: "Martin Minow, ML3-5/U26 26-Feb-1991 2248" Subject: Re: MD-12; Automatic download of patches (Biesty, RISKS-11.17) Henry Spencer writes that, irrespective of the MD-11 computer problems, the MD-12 will be fly by wire. This reminds me of the old joke: How many programmers does it take to change a light bulb? One, but you can never change it back again. Bill Biestly writes about automatic download of patches in disk drives. I've seen a lot of new hardware designed -- roughly -- as follows: -- core functions in ROM or EPROM. -- everything else loaded at boot time. For example, a large part of the Macintosh system software is in ROM, but much of it is patched by the operating system bootstrap. I've also seen disk drives where the ROM code is just smart enough to load the real disk code from a manufacturer's "private" area on the disk. These disks had two ways to modify the firmware: -- a "secret" sequence of SCSI commands could be used to read/write the private area. -- there was an asychronous terminal line interface that could be connected to a debugging terminal. This could be used to patch the firmware and/or dump internal tables and error logs. I also know of a modem that can have its firmware updated over the phone (I begged the manufacturer to put a jumper/switch on the board to prevent this without direct user intervention. I also recommended some sort of signature mechanism that would allow users to verify that they have correct firmware. This was not a Dec product, by the way.) While I'm quite aware of the risks involved, one should also understand that there benefits to the user. Finding the tradeoff between trust, mistrust, and convenience is a difficult problem, of course. My real worry is that these changes are being made without customers who may have good reason not to use a re-configurable modem understanding the issues involved. Martin Minow minow@bolt.enet.dec.com ------------------------------ Date: Tue, 26 Feb 91 17:17:57 -0800 From: ayers@src.dec.com (Bob Ayers) Subject: Re: Risks of EMI? (Finkel, RISKS-11.17) In RISKS 11.17, mister "enough statistics, chemistry, and analysis software experience to almost, sort-of, maybe know what I am talking about" writes that 1) POWER LINES CAUSE CANCER -- They most certainly do, but not because of EMR. To keep the access roads clear and to keep vines and other plants from growing around the power towers, the companies sprayed 2-4D, commonly known as dioxin or Agent Orange. ... The possible carcinogenic effects of this chemical are well known. Unfortunately, as they say, "that turns out not to be the case." I have enough chemistry background, and have done enough recent reading, to know that dioxin, 2-4-D, and Agent Orange are three separate things: 2-4-D: a chemical herbicide Agent Orange: a mixture of 2-4-D and 2-4-5-T, a second chemical herbicide Dioxin: a minor chemical contaminant (production byproduct) in 2-4-D. And "the possible carcinogenic effects" of those chemicals (he means the dioxin) is *not* well known. The only bad effect of doixin on humans that has been reasonable established is chloracne. Zero for two. Bob ------------------------------ End of RISKS-FORUM Digest 11.18 ************************