RISKS-LIST: RISKS-FORUM Digest Thursday 1 September 1988 Volume 7 : Issue 42 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: "Pizzamation" traces phone calls, matches addresses (Jon Jacky) Skylab and Sunspot Activity (PGN) Denial of Service in Wembley-on-the-Motown (Behrooz Parhami) Re: Calculations with wrapped numbers (Mike Linnig) Meter reading follies (Chris Jones) Re: abnormal bills (Ted Lee) Risks of CAD programs (Mike A. Gigante) Re: Risks of CAD programs (Sam Crowley) Can current CAD/simulation methods handle long-term fatigue analysis? (Henry Spencer) Re: Vincennes and Non-Computer Verification (Henry Spencer) Re: Computers and Gambling (Jim Frost) Automatic Bank Procedures (David A. Honig) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. FOR VOL i ISSUE j / ftp kl.sri.com / login anonymous (ANY NONNULL PASSWORD) / get stripe:risks-i.j ... (OR TRY cd stripe: / get risks-i.j ... Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85),(6,95). ---------------------------------------------------------------------- Date: Thu, 01 Sep 88 09:10:40 PDT From: jon@june.cs.washington.edu (Jon Jacky) Subject: "Pizzamation" traces phone calls, matches addresses Excerpted from a story in THE SEATTLE POST-INTELLIGENCER, 18 August 1988, pps. B5 and B8: CHAINS ARE PUTTING THE BYTE ON PIZZA DELIVERIES by Jim Erickson Tim Turnpaugh was caught off guard recently when he telephoned for a pizza to be delivered to his home. When he got the pizza company on the line, the person taking orders greeted him by name like an old friend -- before Turnpaugh could identify himself -- and cheerily asked if he'd like the same toppings he asked for on a previous order. "I didn't have to give them directions to my house, nothing," he said. Everything the company needed to know was gathered during a previous purchase and stored in the memory of a computer, ready for instant regurgitation. This is the brave new world of pizzamation. Godfather's pizza in Washington [state] is one such firm on the cutting edge of pizza technology. Inside a gray-walled, nondescript building in a Renton [Seattle suburb] business park, 80 desktop computers are lined up in rows at Godfather's state communications center. Not a single pizza oven is in sight. On a hectic Friday night, as many as 50 part-time employees sit in front of the tricolor screens, taking orders. ... If you've called before, the computer instantly identifies and recognizes your telephone number, and retrieves information from previous orders. "Customers don't even know a lot of the time they've reached a centralized system," said Donna Brown, manager of the center. "They still think they're calling a local restaurant." ... After the order is placed, the computer decides which of 51 restaurants or outlets in Western Washington, or 10 in Eastern Washington, is closest to the customer. The computer totals the price and relays the order and delivery instructions to the kitchen of a restaurant or outlet, where it comes out on a network printer. ... Brown said the system allows the company to keep track of sales data, and since it records addresses -- more than 500,000 are stored in Godfather's memory banks -- it can be used for direct-mail marketing. ... Cathy Nichols, owner of four franchised Domino's Pizza stores in Renton and Maple Valley, installed computers early this year ... Since the computer matches phone numbers with addresses, it also helps smoke out young pranksters who habitually order unwanted pizzas for the unsuspecting. ... [Not if they are smart enough to read a phone book. PGN] Some customers may worry that their local pizza retailer may be keeping records on their eating habits as well as detailed directions to their house. It can be unsettling to think that the Big Cheese is watching you. Nichols acknowledged that large, centralized systems are "kind of scary." "There's one number in the state that you call, and they know everything about you." Bill Brown of Godfather's said she could recall only three people who asked that their records be purged, and only because they didn't want to wind up on mailing lists. Their records were immediately removed, she said, adding that Godfather's does not sell its mailing list to other companies. [This is the first confirmed report I have seen of marketing outfits tracing calls, although I have heard rumors of other systems in which calling an 800- number in response to some promotion would put your phone number on a list that would later be matched in order to derive your name and address. It is my observation that most people believe that "tracing a call" is still a difficult, time consuming process that cannot be done routinely. This story shows that it is a service phone companies offer to commercial customers, although I have not seen any reports of it also being offered to residential customers (who would then be able to ignore calls from marketers, cranks, etc.) Jonathan Jacky, University of Washington] [In an unrelated development, some of the pizza outfitters are selling leather pizza outfits -- that is, protective clothing for the pizzas. If the pizza chains are going into leather, maybe S&M now stands for salami and mushrooms. PGN] ------------------------------ Date: Fri, 26 Aug 1988 14:30:16 PDT From: Peter Neumann Subject: Skylab and Sunspot Activity There is an article by Richard A. Kerr entitled ``Heads Up! Sunspots Are Dragging Down Satellites'', Science, vol 241, 19 August 1988, p. 902. He discusses the ups and downs of sunspot activity, and recalls that the last time a relative maximum was reached in 1979, the 85-ton Skylab satellite was downed as a result of the increased drag from the sun-swollen atmosphere. The predictability of future activity is apparently very poor. Computer relevance? Well, just one more thing to remember next time you put a computer in space to control something, along with cosmic rays, laser beams, meteorites, space junk, and other assorted hazards. ------------------------------ Date: Wed, 31 Aug 1988 18:34:41 PDT From: Peter Neumann Subject: Denial of Service in Wembley-on-the-Motown Stevie Wonder's birthday concert for Nelson Mandela at Wembley was disrupted when someone stole a portable digital audio tape machine and a computer disk drive that links into his Synclavier. After a three-hour delay during which he could not perform the intended program without the equipment, only two songs were sung and the synthesizer pieces were omitted completely. (The equipment was later found.) [From England's COMPUTING, 16 June 1988, p.3, contributed by Behrooz Parhami, Computer Science, Carleton University, Ottawa CANADA K1S 5B6] [Here is another example of the risk of becoming completely dependent on technology -- no longer being able to function without it. On the other hand, the equipment is presumably so reliable that there is little incentive to provide much in the way of backup facilities?] ------------------------------ Date: Mon, 29 Aug 88 16:19:22 CDT From: linnig@skvax1.csc.ti.com Subject: Calculations with wrapped numbers (RISKS-7.40) James Peterson writes: >The problem is how to identify a wrap-around as different from a misreading... We had a similar problem with wrapped data on a missile guidance system. Every few milliseconds we would get a target position update. To smooth out the noise we'd average the new input with the old. Since target positions were in degrees from true north they ranged from -180 to + 180 degrees. The problem occurs when the previous value is -175 or so and the new value is +175. What is the average? Adding and dividing by two doesn't cut it (zero is certainly NOT the answer). I don't remember how we solved this particular problem, but I have thought about it since then. Imagine trying to compute the average position of the second hand on a clock. You sample the position once a second for sixty seconds. Ok, now what is the average? Mike Linnig ------------------------------ Date: Fri, 26 Aug 88 15:42:34 EDT From: Chris Jones Subject: meter reading follies About three years ago I had an extended interaction with our gas company (Boston Gas), because of an error which was allowed to override all other readings. Boston Gas replaced our meters as part of what they say is a program to replace the meters every seven years. (In fact, I notice that they have replaced the meters three times in the thirteen years we've owned the house, but it certainly doesn't bother me to have the gas company look at our service and say it looks non-explosive). The old meters were the boxes with which I was familiar; the new meters were smaller by about 50% in volume, and had digital readouts. As is standard practice, which practice had, until then, been working smoothly, our old reading was sent in along with our new reading. It took many months of ridiculous bills, and numerous (well, four) trips by the gas company to notice that we were being billed amazingly incorrectly. The things that went wrong were: 1. The initial reading was wrong (*THIS* was the uncorrectable mistake). I was *AT LAST* able to convince the gas company that all of our data made sense if they first assumed that the first meter reading had been made from right to left instead of left to right (this is a somewhat obvious mistake since non-digital meters should be read from right to left). 2. Since my wife and I were not at home during the normal working hours of Boston Gas's meter readers, we were sent estimated bills for months (about 14, all told). It occurs to me that the price of the gas fluctuated during this time, and they have no way of knowing when we were using high-priced gas and when we were using low-priced gas. It probably didn't make more of a difference than writng them 10 letters did, which is what we, in fact, did. 3. MOST ANNOYINGLY, eventually our gas meter reading caught up to what BG thought made sense. So, they called us, since now their bills showed that instead of owing them about $1300, they had overcharged us by about $400. It *only now* had become a problem that they wanted to solve. It took me about 10 minutes on the phone to convince the service person that I understood what was going on. As a matter of fact, when they finally read our meter, and believed the reading, it turned out that they owed us $5, which I declined to accept, knowing that, in New England in the middle of winter, I had impending multi-hundred dollar heating bills and could wait several weeks to realize my $5 credit. So, what had happened? One incorrect reading had been accepted as correct, and someone (or someone's algorithm) had summarily rejected all subsequent readings, even though an examination of them would have revealed that they were all consistent ****with the exception of the initial reading****!!!! It works to be first, even if you're wrong. ------------------------------ Date: Fri, 26 Aug 88 01:33 EDT From: TMPLee@DOCKMASTER.ARPA Subject: Re: abnormal bills Yes, some periodic billers do notice abnormal bills. When I first installed a modem on my Apple (must have been about five years ago) our oldest son, then about seventh grade, used it to call the usual local bulletin boards. (By the way, they outgrow the habit -- neither of our two kids has bothered in the last several years.) On some of them there were posted the usual lists of bulletin boards all over the place, national and international. ("for neat stuff call 01144 ...") Somehow either we or the U.S. public education system had neglected to inform grade school students that any phone number over seven digits cost money, and real long numbers cost lots of money. Needless to say, the next month's phone bill was out of sight. (I vaguely remember it was about $300, when usually it was around $20 or so.) We almost immediately got a call from the phone company asking if there was some kind of error and whether the bill should be corrected. I'm afraid I didn't have the presence of mind to ask how they noticed it. (And no, it wasn't a "small town" phenomenon: the Twin Cities metropolitan area is about 2 million people and incidentally has one of the geographically largest toll-free phone systems in the country.) Ted Lee ------------------------------ Date: Sun, 28 Aug 88 09:22:52 EST From: munnari!cidam.rmit.oz.au!mg@uunet.UU.NET (Mike A. Gigante) Subject: Risks of CAD programs (RISKS-7.38) > Do practicing civil engineers reduce their safety margins these days because > they use computer-aided analysis? How much? How small a safety margin ... > Alan Kaminsky, School of Computer Science, Rochester Institute of Technology In my previous life, I was an Aeronautical Structures Engineer specializing in CAD/FEM at an active design organization. FEM isn't new, computers were being used in the 50's to do structural analysis (matrix methods on mainly truss structures), then and now, the programs are not a panacea for an indepth knowledge of both teh behaviour of structures and of how the program works. Any engineer using these methods without that understanding is both incompetent to do the design and dangerous. There are a million different ways to represent your structural model with a wide variation in the quality of the results, you need to know what you are doing and what simplifying assumptions have been made in the element formulation! Luckily, there are a number of checks in the engineering design process. there are regulatory authorities who need to independently varify the design (at least for aeronautical, automotive and civil). These independent checks often include physical tests and 'rule-of-thumb' calculation checks to catch gross errors. On validation of the programs, packages like NASTRAN have been in regular use for ~20 years. For routine use by a competent designer, they are fairly robust. Simply adding a large safety factor is not a solution. for financial and performance reasons, the product should be as close to the bone as possible. A good analysis program and in-depth understanding of structural behaviour can give you a better product (or a product that will actually take off with its full load!). Something you need to realize is that the safety factors generally fall into two catagories 1) Loads 2) structural failure By better understanding the modes of failure etc, the SF on 2) can be reduced (and even more importantly, a surprise falure mode won't catch you out!). The SF on loads (1) is most often regulated and hence cannot be lowered. It is these SFs that 'protect' you. Mike ------------------------------ Date: Tue, 23 Aug 88 16:56:50 CDT From: astroatc!crowley@spool.cs.wisc.edu (Sam Crowley) Subject: Re: Risks of CAD programs (RISKS-7.38) > Alan Kaminsky, School of Computer Science, Rochester Institute of Technology > Now for the RISK. With a detailed picture of the exact stresses and > deflections on a particular structural member, the engineer can justify > designing with a smaller safety margin... The term "smaller safety margin" should be "known safety margin" and the term "large safety factors" should be "large estimated safety factors". When a guess was made at the amount with a generous safety margin tossed in, the exact safety margin is still unknown. An estimate of the safety margin could be made depending on the accuracy of the guess. Sam Crowley astroatc!crowley ------------------------------ Date: Wed, 31 Aug 88 23:08:24 EDT From: attcan!utzoo!henry@uunet.UU.NET Subject: Can current CAD/simulation methods handle long-term fatigue analysis? Re: RISKS-7.38 and 40 > Metal fatigue can be calculated with a reasonable amount of accuracy. It is possible that my information is out of date. However, Aloha Airlines might dispute the matter! If fatigue calculation for real structures under real conditions is indeed accurate and practical, it is not being used very widely, for some reason. I'd be interested to see references on this. > Most aircraft design use a 10% to 20% safety factor. A safety factor of > two would make an aircraft so heavy it would never leave the ground. For structural weights, yes, 10-20% is normal. But what I was thinking of was fatigue life, which -- at least in the military aircraft that are the ones I know most about -- is treated *very* conservatively. Henry Spencer U.Toronto Zoology uunet!attcan!utzoo!henryhenry@zoo.toronto.edu ------------------------------ Date: Fri, 26 Aug 88 23:04:02 EDT From: attcan!utzoo!henry@uunet.UU.NET Subject: Re: Vincennes and Non-Computer Verification > Indeed, **what happened** in the case of the Vincennes? Was the U.S. > operating naval patrols in a war zone without air support? If so, why? The underlying problem here is simply that today's US Navy is not built for environments like the Gulf War. Their air support is concentrated in a handful of big, expensive, conspicuous, vulnerable carriers that cannot be risked in the Gulf. If the Vincennes had had a Harrier parked on its helipad ready to go, that would have been different, but it didn't. In an area as small as the Gulf, things happen quickly and there is no time to call up distant support forces. It's not practical to maintain airborne patrols on speculation -- too costly, not just in money but in wear and tear on men and machines, and in outright accidental losses. (A significant fraction of the British Harrier losses in the Falklands War were accidents not involving enemy action.) Henry Spencer @ U of Toronto Zoology ------------------------------ Date: Sat, 27 Aug 88 13:58:50 EDT From: madd@bu-it.BU.EDU (Jim Frost) Subject: Re: Computers and Gambling (RISKS-7.39) It's my observation regarding modified electronic games: | [games] "..appear to run legitimate amusement games but with the flick | of a switch they are converted to gambling machines. | | Machines of greater sophistication are now starting to appear | with a second switch that totally erases the computer program | [sic] which runs the illegal games. | | If that happens we are powerless to prosecute." Modified games must have some sort of mechanism (either mechanical or human) to pay off a win. The existence of such a mechanism, especially if it were mechanical, could be used as proof that the machine had been used for gambling. I'm not a lawyer so I can't speculate on how well this might hold up in court though. jim frost [Assuming the machine is in the "gambling" state rather than the normal "non-gambling" state, authorized surreptitiously by some trusted agent, such a payoff "mechanism" could be a screen message that asks you to type in suitable identification and then show up at the cashier's office. If the program then immediately returns the machine to its normal non-gambling state, that could be rather hard to detect unless someone were looking for it explicitly. One can conjure up all sorts of variants on this topic, but the problem is a valid one. PGN] ------------------------------ Date: Thu, 01 Sep 88 13:09:15 -0700 From: "David A. Honig" Subject: Automatic Bank Procedures My bank, Home Federal in Ca., has a policy of locking an account (at least to ATM transactions) after * 3 months * of inactivity. This policy is implemented automatically by their computers. You cannot even check your balance using your ATM card when this is in effect. This happened to me a year ago, also: that time the ATM swallowed my card because my savings account was "inactive" for a year. I had been trying to access my *active* checking account. Several days later I got my card back, after going to the bank. I had to withdraw a dollar from savings, then redeposit, to reactivate it. This time when I asked the bank person I spoke with if he could do this administrative No-Op over the phone. He asked his supervisor, and said yes. I had given only the following information: my name, checking and savings account-numbers, and the ATM-card-number. Furthermore, he had called me back at a number that was not my home phone. The phone mediated account re-activation contrasts with their conservative, automatic security policy; on the other hand, it seems they have struck an interesting balance between security and customer convenience. That tradeoff is important to many computer RISKS. David Honig, Dept of Info & Comp. Sci, Univ. of Ca., Irvine 92717 ------------------------------ End of RISKS-FORUM Digest 7.42 ************************