14-Jan-87 20:44:11-PST,16400;000000000000 Mail-From: NEUMANN created at 14-Jan-87 20:42:52 Date: Wed 14 Jan 87 20:42:52-PST From: RISKS FORUM (Peter G. Neumann -- Coordinator) Subject: RISKS DIGEST 4.40 Sender: NEUMANN@CSL.SRI.COM To: RISKS-LIST@CSL.SRI.COM RISKS-LIST: RISKS-FORUM Digest Wednesday, 14 January 1987 Volume 4 : Issue 40 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Phone Cards (Brian Randell) It's No Joke!! (Microwave oven bakes 3 yrs of PC data) (Lindsay Marshall) Automation bottoms out (PGN) Amtrak train crash with Conrail freight locomotive -- more (PGN) Re: Cellular risks (Robert Frankston) Re: Ask not for whom the chimes tinkle (Tom Perrine via Kurt Sauer) Re: Engineering ethics (PGN) Repetitive Strain Injury and VDTs (Mark Jackson) Safety Officers and "Oversight" (Henry Spencer) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM) (Back issues Vol i Issue j available in CSL.SRI.COM:RISKS-i.j. MAXj: Summary Contents Vol 1: RISKS-1.46; Vol 2: RISKS-2.57; Vol 3: RISKS-3.92.) ---------------------------------------------------------------------- From: Brian Randell Date: Wed, 14 Jan 87 16:12:23 gmt To: RISKS@csl.sri.com Subject: Phone Cards PHONE CARDS - THE PLOT THICKENS At PGN's implied request, I have tracked down, and talked to the Sunday Post reporter who wrote the original story on the phone card fraud. These notes of my telephone conversation with him are being sent to RISKS with his explicit permission, though he asked that his name not be included. The Sunday Post was indeed asked by BT to publish a retraction, but have refused to do, though they have published a letter from BT expressing (BT's) full confidence in the phone card system. Based on previous experiences - "we often get complaints at our stories" - the reporter regards the fact that BT did not push for a retraction, but instead merely settled for publication of their letter, as tantamount to an acceptance of the truth of the original story. He claims to be still sure that the fraud is possible, and to have seen it being worked, at several different phones, by the soldiers, in the presence of several other witnesses. He does admit that he was himself later unable to demonstrate the fraud successfully to some BT engineers who travelled to Glasgow to meet him. He however has since talked to one of the soldiers, who assures him that the fraud is still working, but will not reveal to the reporter, leave alone BT, where he (the reporter) went wrong in trying to duplicate the method of fraud. (The other soldier - who did not want the original story published, because it would interfere with "free" international calls - is now refusing to talk to the reporter.) Moreover the reporter claims to have received a phone call from a BT engineer at Watford, confirming the practicability of the fraud. Brian Randell - Computing Laboratory, University of Newcastle upon Tyne ARPA : brian%cheviot.newcastle.ac.uk@cs.ucl.ac.uk UUCP : !ukc!cheviot!brian JANET : brian@uk.ac.newcastle.cheviot ------------------------------ From: "Lindsay F. Marshall" Date: Tue, 13 Jan 87 09:58:03 gmt To: risks@csl.sri.com Subject: It's No Joke!! (Microwave oven bakes 3 yrs of PC data) There was a report on the wireless this morning that a well-known comedian lost 3 years worth of material stored on his home computer when his wife turned on the microwave oven!! Sadly, I have no more information than this as the papers have not arrived in Newcastle because of the weather...... [Continued: Wed, 14 Jan 87 09:09:14 gmt] The most detailed information about the incident I can find says that the comedian's son was playing with the machine in the kitchen when his mother turned on the microwave oven. The computer's "memory" was instantly wiped. The suggested reason is (of course) leakage from the microwave oven. The wife's comment? "I told him he shouldn't use the computer in the kitchen..." ------------------------------ Date: Wed 14 Jan 87 10:27:58-PST From: Peter G. Neumann Subject: Automation bottoms out To: RISKS@CSL.SRI.COM ``As for the `partially shielded street urinals' of Paris ... they have been superseded by sexually neutral, fully enclosed, fully automated, coin-access two-stall elliptical masonry structures.... A few years ago, a child was killed in one of them by the automated toilet seat.'' (Letter to the editor of the New York Times from Louis Marck, excerpted [exactly as shown] in the SF Chron, 13 Jan 87, p. 10) ------------------------------ Date: Wed 14 Jan 87 10:34:53-PST From: Peter G. Neumann Subject: Amtrak train crash with Conrail freight locomotive -- more To: RISKS@CSL.SRI.COM Tests conducted (three times) indicated that the freight locomotive should have been able to stop in time, and that equipment was all in working order. Thus human error was the most likely cause of the accident that killed 15 (13 Jan 87, SF Chron, p. 8, from the Washington Post). (Earlier reports suggested that three separate safety mechanisms would have had to fail at the same time [for it to have been other than human error].) ------------------------------ Date: Tue, 13 Jan 87 00:01 EST From: Frankston@MIT-MULTICS.ARPA Subject: Re: Cellular risks To: RISKS@CSL.SRI.COM I picked up a book entitled "Introducing cellular communications: The New Mobile Telephone System" from TAB Books. The copyright is 1984. From the look of it, it seemed to be a lightweight book. Skimming it, it seems instead to go into details of message formats, setting up head ends and other detailed stuff. I presume it makes it much easier to figure out how to hack the system. [This is an old hack. As noted here before, the idea(l) is to make the system design strong enough that all the documentation (except maybe the vulnerability analyses) can be freely handed out. Of course, the reality is far from that ideal. PGN] ------------------------------ Date: Sat, 10 Jan 87 09:01:37 PST From: ihnp4!nears!ks@ucbvax.Berkeley.EDU To: risks@CSL.SRI.COM Subject: Re: Ask not for whom the chimes tinkle Summary: DCN1 gave the wrong time Sender: Kurt F. Sauer Organization: AT&T Network Systems, Software Systems, Oklahoma City OK USA In article <8701082340.AA17468@ucbvax.Berkeley.EDU> Perrine@LOGICON.ARPA (Tom Perrine) wrote: WARNING! TIME WARPS AHEAD! Well the chimes sure tinkled for us! On Thursday 8 Jan (1987 A.D.) at about 1400 PST we queried DCN1 as we booted our PWB UNIX system and received a 1986 date stamp! (Gee Mr. Peabody, set the Wayback machine for 1987!) Further investigation shows that DCN6 and GW.UMICH.EDU are also stuck in a time warp. UMD1 seems to be the only un-nostalgic clock. (FORD1 was not reachable.) For now, everyone better keep one eye on the Timex, and another on the packets, and another on the Seiko! Tom Perrine, Logicon - OSD ------------------------------ Date: Wed 14 Jan 87 19:22:11-PST From: Peter G. Neumann Subject: Re: Engineering ethics To: RISKS@CSL.SRI.COM Sorry. It is time to blow the whistle on this rather narrowly focussed discussion. Sorry to those who thought they had more to say on the subject. (I tacked a comment on the Ford Pinto case onto Andy Freeman's note in RISKS-3.65 -- some of you will remember -- on how short-sighted dollar-values on lives can be.) PGN ------------------------------ Date: 14 Jan 87 10:49:09 EST (Wednesday) From: MJackson.Wbst@Xerox.COM Subject: Repetitive Strain Injury and VDTs To: RISKS@CSL.SRI.COM The January/February issue of the /Columbia Journalism Review/ contains an article entitled "A Newsroom Hazard Called RSI" about repetitive strain injury associated with workstation use. It is much too lengthy to reproduce, but attached below are some excerpts. Mark "[San Diego /Tribune/ reporter John] Furey is a victim of repetitive strain injury (RSI), a term that embraces a number of painful and often disabling afflictions linked to continuous bending, twisting, and flexing of the hands, arms, or shoulders. Thousands of these injuries, which include tendonitis, are found among meat-cutters, garment workers, and other workers whose jobs require constant, repeated hand movements. But repetitive strain injuries are also showing up among office workers, who may strike a computer keyboard up to 45,000 times an hour. And automated newspaper offices are no exception: to the dismay of all involved, disabling cases of RSI have recently cropped up in newspapers across the country." . . . . "Her doctor, John Adams, a Los Angeles orthopedist, compared her case of tendonitis to 'four tennis elbows,' [/Los Angeles Times/ reporter Penelope] McMillan recalls. 'He said he'd never seen anything like it.' Returning to work after a two-and-a-half-month leave, McMillan found that anti-inflammatory drugs had no effect on the recurrent 'wild' pain in her arms." . . . . "Steven Sauter, a job-stress specialist with the National Institute for Occupational Safety and Health, believes that VDT-related injuries are relatively uncommon. But, he warns, 'when these problems do occur, they can be serious and require medical attention.' "One problem, Sauter notes, is that many VDT jobs 'have little built-in variety.' In a job-health manual he wrote while teaching at the University of Wisconsin, Sauter explained that VDT operators often make thousands of keystrokes an hour, 'repeating nearly identical motions at a high rate of speed.' While typing, each stroke requires muscles to contract and tendons to move, and the tendons can become irritated as they slide around bones and against tissues. In such cases, he warns, the wear and tear can cause painful inflammation of the tendons, which will not heal without rest." . . . . "Indeed, a question that puzzles many editors is why some employees who had no problems when they used typewriters are developing hand and arm injuries now that they are using VDTs. One answer, say occupational health specialists, is that, although some typists do develop such injuries, VDT users may be at greater risk because they can make many more hand movements per hour. In addition, using a typewriter calls for more varied hand movements and breaks in routine, such as inserting paper. "Another factor that may contribute to injuries is that some reporters are simply using their VDTs /more/ than they used typewriters. 'At the /Times/, we used to do anything to avoid using our clunky old manual Olympics,' [/Los Angeles Times/ reporter Laurie] Becklund says. 'We'd take notes by hand--anything. When we got VDTs, we were thrilled. They were so convenient that we began using them for everything.'" . . . . "For Becklund, who receives physical therapy for her hands three times a week, the worst is not knowing when her hands will be healed. 'It's hard not to feel depressed, especially because the doctors won't tell you that you're ever going to get over it. They won't promise to fix it. Some articles I've read say that if your hands hurt when you aren't doing an activity, then you've got it for life.' She paused. 'I choose not to believe that.'" ----- In a sidebar, the following tips to reduce the risk of RSI are attributed to a fact-sheet published by the Australian Journalists' Association and a handout distributed by the Australian Council of Trade Unions: - Adjust the work station so you can assume a comfortable keying position. - Try to use a soft touch when keying and avoid over-stretching the fingers. - Avoid resting your wrists on the keyboard or edge of the desk when typing. - Don't bend your hands up at the wrists. - Try to take frequent, short rest breaks, and every half hour or so, do some stretching. - Don't use painkilling drugs in order to keep working. - Immediately report symptoms of RSI (persistent pain, tenderness, tingling, or numbness) and seek medical advice. ------------------------------ Date: Mon, 12 Jan 87 19:38:11 pst From: pyramid!utzoo!henry@hplabs.HP.COM To: RISKS@CSL.SRI.COM Subject: Safety Officers and "Oversight" In the February Analog (one of the science-fiction magazines), there is an interesting and partially relevant non-fiction article by Harry Stine. The relevant part is his discussion of certain shuttle safety issues. He was one of the people saying all along that NASA had problems, and in particular he wrote (under his penname "Lee Correy") the SF novel "Shuttle Down", which exposed how utterly unprepared NASA was for an emergency landing by a Vandenberg-launched shuttle. (The only viable landing spot is Easter Island, where landing would have been difficult and dangerous and recovery of the orbiter would have been a monumental problem, since no thought had been given to the issue.) He notes: "There's talk of a 'safety oversight committee' to review each space shuttle mission before it's launched. But isn't that exactly what NASA had when the Challenger blew up? "Safety committees don't work in the crunch. One person finally has to decide go-no-go and accept the responsibility which cannot and must not be spread among a committee, where no single person is accountable if something goes wrong..." He goes on to cite his credentials, including spending some years as Range Safety Officer at White Sands, and being chairman of the group that wrote the standard DoD range-safety rules for rocket ranges. "There have been some gut-wrenching occurrences. One night I told a well known and politically powerful upper-air scientist [that winds were too high and] the unguided Aerobee would impact off the range. Therefore, I told him he should cancel ... He said he was Project Scientist, he needed the data, the delay would result in a budget over-run, and therefore he was going to launch. I replied that I would push the destruct button the instant the rocket cleared the launch tower. He launched. I pushed the button. The commanding officer called me into his office the next morning and asked me what happened; I told him. Nothing more was said because the Word of the Safety Officer is as the Word of God. There is no tribunal that can over-rule or second-guess a Safety Officer. There can be no retribution against the Safety Officer. He calls the shots. If he calls too many unsafe ones, the range commander ... transfers him to some other position. "That decades-old policy works very well. People can be easily trained to use it and be unafraid of invoking it when the need arises. ... "A safety oversight committee cannot prevent another space shuttle accident. It can either delay the program so badly that it won't make any difference in the long run, or it will mean that nothing gets launched. ... If the automotive industry had a government safety oversight committee riding herd on it, we'd all be walking." The rest of the article discusses other issues, like how to get the space program in general moving again. One other point he does raise is that NASA tends to be asked for its opinion on the viability and reliability of private launch-vehicle schemes, and as you would expect, its assessments of potential competitors tend to be rather negative... Henry Spencer @ U of Toronto Zoology {allegra,ihnp4,decvax,pyramid}!utzoo!henry ------------------------------ End of RISKS-FORUM Digest ************************ -------