Subject: RISKS DIGEST 13.30 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Monday 23 March 1992 Volume 13 : Issue 30 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Globex fails critical test (PGN) Error in math chips away at ice storm aid (Marty Leisner) Two Risk Phenomena: Atari blanks, Turbo Pascal clocks (Stefan Burr) Virus breaks security of Italian Judicial System's computers (Miranda Mowbray) Re: Why Microsoft wants you to turn off virus checkers (Martin Minow) New RISK at Railroad Crossing Gates (Bill Gripp, David Flanagan) Re: Magellan Turnoff (David Fetrow) Human Rights Groups Armed (With Technology) (Sanford Sherizen) Saab fly-by-airbags and roaring mice (Andrew Klossner) UA 747 Lost Door; Broadcasting mice (Bob Frankston) A comment on naivete (Bob Frankston) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others may be ignored! Contributions will not be ACKed. The load is too great. **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS, especially .UUCP folks. REQUESTS please to RISKS-Request@CSL.SRI.COM. Vol i issue j, type "FTP CRVAX.SRI.COMlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j" (where i=1 to 13, j always TWO digits). Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. The COLON in "CD RISKS:" is essential. "CRVAX.SRI.COM" = "128.18.10.1". =CarriageReturn; FTPs may differ; UNIX prompts for username, password. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Fri, 20 Mar 92 10:47:36 PST From: "Peter G. Neumann" Subject: Globex fails critical test Globex is an electronic trading system being developed by Chicago's futures exchanges and Reuters PLC, using a 30-MIPS DEC 9420 computer at Reuters' U.S. headquarters on Long Island. The development is behind schedule, having experienced repeated delays in the past two years. A previous test in January handled 30,000 mock trades successfully. The latest field test on 3 Mar 1992 (with key stations in NY, Chicago, Paris and London) aborted after only ten minutes: The system detected a condition in which the data ... in one of the 250 key stations was different from what the host computer thought it should be, and when that occurs, the system is designed to shut down. [Source: Chicago Tribute, 5 Mar 1992, Section 3, article by William B. Crawford Jr., contributed by Robert V. Binder, starkly abstracted by PGN] The article includes the hopes for the system, the doubts expressed by others, and the impact the failed test had -- deferring a vote on a master agreement governing the partnership, and postponing the intended unveiling, previously scheduled for April. ------------------------------ Date: Sat, 21 Mar 1992 21:47:18 GMT From: leisner%johnker.henr801@xerox.com (Marty Leisner x76704 siena) Subject: Error in math chips away at ice storm aid (Rochester paper) In today's Democrat and Chronicle, they had a headline "Error in math chips away at ice storm aid" (in Rochester, New York they had an ice storm last year). This was for the Town of Irondequoit (a neighbor of Rochester). They got some Federal Disaster Relief for this. The Federal government earlier promised 2.7 million dollars. They really got 1.38 million. The conclusion was "what nobody realized at the time, officials say now, is that the total reflects a computer keypunch error." When I first read the headline, I thought they had a bogus math chip ;-) marty leisner.henr801c@xerox.com Member of the League for Programming Freedom (You get what you pay for -- except in software) ------------------------------ Date: Wed, 18 Mar 92 22:15 EST From: CSCSAB@ccnyvme.bitnet Subject: Two Risk Phenomena: Atari blanks, Turbo Pascal clocks I know of two interesting phenomena that relate to two of your CACM Inside Risks columns. A full discussion of either would take quite a bit of time to write down in full, or (probably easier) a phone call. Therefore, I'm just going to give you a brief description of each [...]. The first is an example of a somewhat annoying computer pun, relating to your 9/90 column. This concerns Atari 8-bit computers, which were way ahead of their time, and still are to some extent. (I still use one for some tasks, although I have a much fancier computer now.) In Atari Basic, the prompt is READY. For a long time, I noticed occasional peculiar behavior, and I could do some experiments to recall exactly the form it took. Anyway, I finally noticed that when I moved the cursor to such a prompt and hit the return key, no error message occurred. (The Atari has a full-screen editor.) I thought about this, and finally realized that the interpreter was reading this as READ Y. Just as in Fortran (except Fortran 90), blanks are irrelevant, so the prompt was treated as an immediate command. I don't think this usually caused real trouble, but it could do so if my program had a variable named Y. The second phenomenon relates (at least partially) to your column on clocks (1/91). This one you very likely were aware of already. I was having my students do timing tests on programs on IBMs and clones. This is painful enough, just because of the absurd rate of ticks (18/sec.), but further problems are caused by the fact that the data (hours, minutes, seconds and hundredths of seconds) is in unsigned integer, 1-byte form. We were using Turbo Pascal, which is generally a useful implementation. However, this language has five (or six if the coprocessor is present or being simulated) integer types, of which three are signed and two are unsigned, and all may be freely mixed. This causes many typing problems, worse than any built into Fortran. The basic problems come from the fact that when you subtract unsigned integers, if the result is negative, the computed value becomes a positive integer, usually a large one. We found several different ways to get crazy output, including some ways that the error would not be a power of two. -- Stefan Burr (201)-267-0137 (home) and (212)-650-6172 (work) ------------------------------ Date: Mon, 23 Mar 92 10:39:23 +0100 From: Miranda Mowbray Subject: Virus breaks security of Italian Judicial System's computers Traces of the `Gp 1' virus have been discovered in the computers of the Court of Cassation, the Courts of Appeal, and the High Tribunal for Public Waters, in Italy. The virus was discovered by the central security office, which reports to the Presidency. Rather than destroying data, Gp 1 awards maximum security clearance to all minimum security level users. The other judicial offices are being checked for the virus. Source: La Nazione, 22 March 1992 ------------------------------ Date: Thu, 19 Mar 92 08:58:47 PST From: Martin Minow Subject: re: Why Microsoft wants you to turn off virus checkers In RISKS-13.29, W.M. Buckley notes that the installation instructions for Microsoft Word 5.0 instructs customers to remove virus protection before installation. While I don't know the particulars of Microsoft's situation, I suspect there are two reasons: -- Virus protection programs trap certain operations that the installation procedure must perform in order to install the software. For example, Microsoft records the customer name, organization, and serial number "somewhere" in the application image. Depending on how they do this, this may look to the virus checker as if an intruder were modifying the image. -- Installing an application is a rather complex task (I am speaking here of the Macintosh, but I suppose this applies to other systems as well.) I am currently working on a Macintosh application and am budgeting about one week to write write a simple installation script for a much simpler product. Since virus protection software works by modifying the system image in some "secret" manner, debugging, documentation and customer support become expensive nightmares. The vendor is far better off putting more effort into manufacturing control and development. In my own product, I'm faced with a similar problem: one of its functions is to create, under user control, small applications. Here, too, the documentation must warn the customer to add my application to the virus protection program's list of "trusted" programs. Martin Minow minow@ranger.enet.dec.com ------------------------------ Date: Thu, 19 Mar 92 13:06:31 -0500 From: billg@bony1.bony.com (Bill Gripp) Subject: New RISK at Railroad Crossing Gates (Marcum, RISKS-13.29) This is not necessarily a failure mode. Among the possibilities... 1) Railroad personnel were testing the crossing gate. This can be accomplished in one of many ways. The personel don't necessarily have to be immediately at the crossing. 2) Pranksters were having fun. Again they don't have to be immediately at the crossing. 3) A local freight train doing some switching moves entered the electrical block controlling the crossing activating the crossing gate. The train then stopped and reversed direction exiting the block, allowing the crossing gates to open. I just love it when people say that something failed/broke when they really don't have any idea about what is going on. =8^) The REAL risk, is that these people sometimes get a lot of attention and as a result negatively effect the reputation of reliable equipment, companies, people, [fill in the blank]! ------------------------------ Date: Thu, 19 Mar 92 10:20:43 EST From: david@artemis.ora.com (David Flanagan) Subject: Re: New RISK at Railroad Crossing Gates (Marcum, RISKS-13.29) Railroad crossing gates coming down when no train is coming just a "benign failure mode"? Not necessarily: I have a friend who admits that in his (much) younger days he would head down to the tracks near his house and close the gates just for fun. He reports that the drivers at the front of the lined up traffic were very reluctant to cross the tracks when the gates went up (much to the chagrin of the drivers just arriving at the end of the line). They assumed that the "failure" was that the gates went up too soon, rather than that they went down without cause. My friend has reformed himself now, but I've learned some interesting things about railroad crossing gates. The (pedestrian) gates near my house (and presumably this is how most work) will go down when the tracks are shorted together. I have yet to take a voltmeter to them, however. -- David Flanagan ------------------------------ Date: Wed, 18 Mar 92 22:07:16 -0800 From: David Fetrow Subject: Re: Magellan Turnoff In Volume 13 : Issue 29 "Peter G. Neumann" notes an article over the purported plan to turn off Magellan before it fails due to a lack of funds. I suspect something like the old Viking Fund will be set up by someone. At this funding level, simple charity might supply enough money to keep things going. It's a rather silly way to fund a probe, but not as silly as shutting down. You may recall the Viking funds striking logo: Viking with a tin cup in it's claw. -dave fetrow ------------------------------ Date: Fri, 20 Mar 92 15:14 GMT From: Sanford Sherizen <0003965782@mcimail.com> Subject: Human Rights Groups Armed (With Technology) Today's New York Times reports that the Lawyers Committee for Human Rights will start a campaign called Witness to provide human-rights groups around the world with hand-held video cameras, computers and fax machines. The Reebok Foundation and musician/composer Peter Gabriel contributed to the project. Mr. Gabriel said: "It's much easier for those in power to get away with murder, torture, repression and the destruction of our environment if their actions are not witnessed by the media and public." While we have heard how technology contributed to the overthrow of the Shah and kepts the world's eyes on repression by the China's leaders, I wonder if this effort is a legacy of the Rodney King beating by police officers in Los Angeles. The beating was videotaped and played over and over on tv, resulting in indictments and a current trail of police officers. Better that legacy than America's Favorite Videos or some other "let's video our kids hitting dad in the crotch" or "we'll act crazy and hope that we can get on tv with the tape", which is so popular on television today in the U.S. Sanford Sherizen, Data Security Systems, Natick, MA ------------------------------ Date: Fri, 20 Mar 92 13:12:24 PST From: andrew@frip.wv.tek.com (Andrew Klossner) Subject: Saab fly-by-airbags and roaring mice >From the Saab drive-by-wire report: "The idea is that driving without a steering wheel is physically safer, because you can fit an airbag where the steering wheel would be and avoid the crushing injuries often sustained by drivers in accidents." Curious. Chrysler puts air bags on the driver side but not the passenger side. They defend this by claiming that it's much harder to mount a bag on the passenger side -- without a steering column, there's no suitable place for it. >From the roaring mouse discussion: "I would prefer to see the regulation require that the mouse have FCC class B ..." PC mice are unlike those in the Macintosh, Sun, or X terminal world in that they are usually sold as separate products. None of the three PC laptops that I've purchased have been offered with a mouse option (perhaps EMI problems were a consideration.) There is no opportunity to perform FCC testing of a PC laptop and mouse as a single system. -=- Andrew Klossner (andrew@frip.wv.tek.com) (uunet!tektronix!frip.WV.TEK!andrew) ------------------------------ Date: Sat 21 Mar 1992 09:43 -0500 From: Subject: UA 747 Lost Door; Broadcasting mice There was small item in the New York Times earlier this week reporting on the United Airlines 747 that lost a door near Hawaii a few years ago. The report has been revised to say that the door was lost due to a problem with the control circuitry for the door and was not due to a mechanical problem. Hmm. A final note on the broadcasting mice. I do realize that any external wire can broadcast and can interfere with some forms of communications. ------------------------------ Date: Sat 21 Mar 1992 10:01 -0500 From: Subject: A comment on naivete I meant to mention that my naivete itself was an example of taking technology advancement for granted. This similar to using an old tape deck and going directly from forward to reverse. Those used to mechanical systems would stop in the middle and give the tape a chance to stop. Those brought up on VCRs would assume that the machine would be smart enough to deal the mechanical problems "intelligently". Similarly, my expectations of airline communications are affected by what I know is possible, even if it is naive knowledge. ------------------------------ End of RISKS-FORUM Digest 13.30 ************************