RISKS-LIST: RISKS-FORUM Digest Tuesday 25 October 1988 Volume 7 : Issue 67 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Unplugged Cable Plugs Orlando Traffic (Scot E Wilcoxon) Airbus A320 in service (Henry Spencer) Computer Literacy (Ronni Rosenberg) Belgian PM's email tapped (Rodney Hoffman) Police find hacker...and release him (Henry Cox) Aegis user interface changes planned (Jon Jacky) Programmable Hotel Locks (Allen J. Baum via John Rushby) Nausea-inducing frequencies (David Chase) Risks in Foundations of Numerical Analysis (John Cherniavsky) Takeoff warning systems to be tested (Henry Cox) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. FOR VOL i ISSUE j / ftp kl.sri.com / login anonymous (ANY NONNULL PASSWORD) / get stripe:risks-i.j ... (OR TRY cd stripe: / get risks-i.j ... Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85),(6,95). ---------------------------------------------------------------------- Date: Mon, 24 Oct 88 15:05:47 CDT From: sewilco@datapg.MN.ORG (Scot E Wilcoxon) Subject: Unplugged Cable Plugs Orlando Traffic In the story below, it is interesting to note the mayoral aide emphasizes that the computer "system" did not fail. Apparently the operating procedures failed, and for only six minutes. October 11th: "Computer snafu creates traffic jam" ORLANDO, Fla. (UPI) _ An engineer's mistake paralyzed downtown traffic for six minutes when signals remained red during lunch hour and forced the city to call out police on horseback to unclog intersections. Traffic engineers replacing a piece of Orlando's sophisticated traffic light synchronizing system Tuesday forgot to plug in a cable, freezing the signals at 34 intersections, mostly along Orlando's busy north-south thoroughfares just after 12:30 p.m. "It wasn't a glitch in the system. It was during an installation, someone forgot to plug in a couple of machines," said mayoral aide Joe Mittiga. Orlando's $3 million synchronizing computer started working this summer, but Mittiga said workers adding equipment forgot to connect two parts and a backup system failed to initiate when the main computer system failed. "They were left unplugged inadvertently for six minutes," he said. Thousand of drivers were stuck in traffic as the lights remained on red, green or yellow, Mittiga said. -- Scot E. Wilcoxon sewilco@DataPg.MN.ORG {amdahl|hpda}!bungia!datapg!sewilco Data Progress UNIX masts & rigging +1 612-825-2607 ------------------------------ Date: Tue, 25 Oct 88 00:55:22 EDT From: attcan!utzoo!henry@uunet.UU.NET Subject: Airbus A320 in service The 3 Sept issue of Flight International has a feature article about early operational experience with the A320. Apparently everyone has been rather surprised that many of its teething problems have little to do with the electronics. Spare parts, in particular, have been somewhat of a problem. One thing the airlines are quite happy with is the Centralized Fault Display System, which keeps a running log of all in-flight problems for scrutiny by the maintenance crews. Both British Airways and Air France plan to link the CFDS to a communications system, so that faults can be reported from the air and spare parts can be waiting when the aircraft lands. At present, the written engineering log is still the official and legal record of in-flight problems, but after some more experience with CFDS this may be reconsidered. There are still occasional bugs in the CFDS software, but things are getting fixed. The airlines say that CFDS has been a major factor in keeping a new airliner running unusually well. The fly-by-wire flight controls have behaved perfectly. The engine-control computers likewise have a flawless record, although at one point Air France replaced a number of them due to what seems to have been a misunderstanding about the location of some problems. Power spikes caused by the cutover from ground to onboard power have been a headache, as they tend to trigger bad-power-supply detectors in the computers. These problems invariably happen on the ground, not in flight. Work is underway on fixing them. Many of the computers affected are in very minor control roles; a particular trouble spot has been the microcomputer-controlled vacuum toilets chosen by Air France. The biggest problem for both airlines is a set of design and manufacturing flaws in the air-conditioning units, combined with shortage of spares. Computers are not involved in this one. Both airlines have a low opinion of the software in the Cabin Intercommu- nication Data System, which controls cabin lights, signs, speakers, and entertainment. Both agree that the idea of the system is good and want to see it operational, but the suppliers simply did not have production- quality software ready in time. "A kid could have written the software for the CIDS", says BA, but in fact the current [3 Sept] software simply does not work and BA has been bypassing it almost entirely. The main problem is frequent intermittent manlfunctions. Spare flight computers are still being carried on each flight, but this is routine for major no-go items on new airliners. Airbus says that there is now enough experience to justify dispatching an A320 with one of its seven flight-control computers dead; the original rule required all to be functioning. Airbus is still working on "tidying up" the flight-control software's responses to situations where the aircraft has gone outside the normal flight envelope involuntarily, e.g. from collision damage or sudden severe turbulence. Assorted "nice to have" features are also being implemented now that the schedule pressure has relaxed. The only change in Air France operating procedures since the airshow crash has been a firm policy that airshow appearances will not carry passengers henceforth. The wreckage is being studied for lessons to be learned; the Flight article observes that a crash into a mature forest killed only three out of 136 people. Of note are signs that the floor-level emergency lighting system may not have turned on properly, and the failure of the hand-held megaphone's mounting bracket at rather less than its rated 9G. The 24 Sept issue reports that the pilot of the airshow crash has been fired, with the copilot's status yet to be decided. A recent report by the French civil aviation authorities contains the first independent confirmation that the accident was caused by pilot error. (The pilots' union, of course, contests this.) The report recommends an eight-year suspension of the pilot's licence, and a two-month licence suspension for the copilot. "Officials familiar with the flight recorder evidence say that despite the pilots' assertion that the aircraft was slow in responding to the controls, the flight control computers probably prevented a worse disaster by keeping the aeroplane unstalled when the pilots realized too late that they were about to crash." Henry Spencer at U of Toronto Zoology uunet!attcan!utzoo!henry henry@zoo.toronto.edu ------------------------------ Date: Tue, 25 Oct 88 10:36:36 edt From: Ronni Rosenberg Subject: Computer Literacy I am writing a Ph.D. thesis on computer-literacy education. One way in which this work differs from previous work is that it incorporates the perspectives of not only educators, but also computer professionals, the most computer- literate group in society. (To the extent that "computer literacy" means anything, it must apply to computer professionals.) To get more feedback from the computer community, I am starting a RISKS dialogue on computer literacy. I will be sending several messages about computer literacy, asking for your opinions and reactions. This is not a right-or-wrong issue. Since I am interested in what people think about computer literacy, all responses are valid! Reply to me directly if you don't think your message is appropriate for RISKS. (For instance, for my purposes, it is fine for lots of people to send messages just saying they agree with what someone else said, but such messages are best sent directly to me.) As usual, PGN will publish in RISKS the most relevant submissions. In this case, he will also forward to me the other submissions on this topic. All submissions are confidential. Anything that I quote or paraphrase will be presented anonomously, unless I get explicit permission from an individual to use his or her name. Usually I don't attribute a comment more specifically than to say, for instance, it is from "a Computer Science professor." You can indicate in your message the sort of work you do with computers, if you like. * * * * In a 1985 school survey, 96% of the respondents -- classroom teachers, computer coordinators, and administrators -- said that their schools offered instruction in computer literacy. What do you know about course content and materials, school hardware and software, teacher training, and so on? Are your children learning about computers in schools? Have you been involved in any sort of school advisory committee for computer education? If computer- literacy education has not crossed your path, what do you guess is taught in a typical class? ------------------------------ Date: 23 Oct 88 18:13:40 PDT (Sunday) From: Rodney Hoffman Subject: Belgian PM's email tapped From the 'Los Angeles Times', Saturday, October 22, 1988: BELGIAN LEADER'S MAIL REPORTEDLY READ BY HACKER BRUSSELS (AP) -- Belgian Prime Minister Wilfried Martens on Friday ordered an investigation into reports that a computer hacker rummaged through his electronic files and those of other Cabinet members. The newspaper De Standaard reported that a man, using a personal computer, for three months viewed Martens' electronic mail and other items, including classified information about the killing of a British soldier by the Irish Republican Army in Ostend in August. The newspaper said the man showed one of its reporters this week how he broke into the computer, using Martens' password code of nine letters, ciphers and punctuation marks. "What is more, during the demonstration, he ran into another 'burglar' ... with whom he briefly conversed" via computer, the newspaper said. ------------------------------ Date: Mon, 24 Oct 88 09:19:44 edt From: Henry Cox Subject: Police find hacker...and release him [ From the Montreal Gazette, 24 October, 1988 ] POLICE FIND HACKER WHO BROKE INTO 200 COMPUTERS London (New York Times) - Police said yesterday that they had found and questioned a 23-year-old man who used computer networks to break into more than 200 military, corporate, and university systems in Europe and the United States during the past five years. The man was asked about an alleged attempt to blackmail a computer manufacturer, but an official for Scotland Yard said that there was not enough evidence to pursue the matter. He was released. The man, Edward Austin Singh, who is unemployed, reportedly told the police he had been in contact with other computer ``hackers'' in the United States and West Germany who use communications networks to penetrate the security protecting computers at military installations. Singh's motive was simply to prove that it was possible to break into the military systems, police said, and apparently he did not attempt espionage. London police began an investigation after the man approached a computer manufacturer. He allegedly asked the company for $5250 in exchange for telling it how he had entered its computer network. The company paid nothing, and London police tracked the suspect by monitoring his phone calls after the firm had told Scotland Yard about the incident. Henry Cox (cox@spock.ee.mcgill.ca) ------------------------------ Date: Mon, 24 Oct 88 09:43:56 PDT From: jon@june.cs.washington.edu Subject: Aegis user interface changes planned Here are excerpts from, "Fixes to Aegis system recommended by Navy," by John A. Adam, THE INSTITUTE (News supplement to IEEE SPECTRUM) vol 12 no 11, Nov. 1988, pps. 1,2: "The Chief of Naval Operations is to assess a redesign of the Aegis large-screen display that would allow the option of showing an aircraft's altitude directly. Admiral William J. Crowe said "it was never adequately reconciled" why the operator misinterpreted the digital readout of the airliner's altitude as descending while the replayed data showed constant ascent. The descending profile added to the perception of the approaching aircraft as hostile (in the July 3 1988 shootdown of an Iranian commercial airliner, which was mistaken for a hostile F-14). Four screens, which make up the principal visual information source for the ship's top combat officers, at present show two-dimensional tracks of targets each tagged with a 24 character alphanumeric label indicating such data as velocity and identification ... Defense secretary Frank Carlucci said that to find range and altitude information of a target on the screen, one must examine a computer readout, which is distracting. "We think it's a good idea to display altitude and range on a large screen," Carlucci said. "I think you could probably even put an arrow on whether it's ascending or descending." ... The investigation also found that Iranian Flight 655 was emitting the civilian identification-friend-or-foe (IFF) mode 3 squawk - not a military code as had been supposed by the Vincennes crew. .. Misidentification of the airliner's signal for a mode 2 military squawk happened because the radar operator left his range gate at the airport for 90 seconds instead of moving it, said Carlucci. The signal from another aircraft was picked up, which led the Vincennes Combat Information Center to declare the contact an F-14 fighter. ... At the press conference, Carlucci said of the Aegis: "I'm not indicating it wasn't designed correctly," he said, but "as you go through experience with any weapon system you improve the design," particularly in combat. - Jonathan Jacky, University of Washington ------------------------------ Date: Mon 17 Oct 88 17:09:58-PDT From: John Rushby Subject: Programmable Hotel Locks >From cslb!joyce!ames!mailrus!tut.cis.ohio-state.edu!bloom-beacon!apple!baum Mon Oct 17 16:54:22 PDT 1988 Article 4803 of rec.travel: Path: cslb!joyce!ames!mailrus!tut.cis.ohio-state.edu!bloom-beacon!apple!baum >From: baum@Apple.COM (Allen J. Baum) Newsgroups: rec.travel Subject: Re: Programable Hotel Locks Message-ID: <18933@apple.Apple.COM> Date: 17 Oct 88 20:16:04 GMT Reply-To: baum@apple.UUCP (Allen Baum) Organization: Apple Computer, Inc. >In article <7366@aw.sei.cmu.edu> weinstoc@sei.cmu.edu (Chuck Weinstock) writes: >I wasn't sure where to post this, but rec.travel seems like a >reasonable possibility. Many hotels these days have programmable >locks. Upon checkin, a card is either magnetized or punched and >serves as your key. My question is, how is the lock itself >programmed? It's hard to believe that they run wires all around the >hotel and through the hinge of the door, though I suppose that's possible. > >Chuck Weinstock I've been told that the locks contain a feedback-shift-register, or something similar. It, internally, generates the next key. If a key it doesn't recognize is inserted, it checks it against the next key. If it matches, the lock advances to the next combination. At the desk, they know how to generate a new combination from an old one, and they know the last key issued, so they merely generate the new key. Simply inserting the new, valid key into the lock does all the work of updating. Presumably, there are also master-key, and resetting provisions. what th -- {decwrl,hplabs}!nsc!baum@apple.com (408)973-3385 ------------------------------ Date: Thu, 20 Oct 88 16:45:34 -0700 From: chase@orc.olivetti.com (David Chase) Subject: Nausea-inducing frequencies ( Re: RISKS-7.66 ) Ask any competent neurologist and you should get a quick answer. Flashing lights at certain frequencies (I think 15Hz is one very important one) can induce nausea and/or epileptic seizures in some people. A neurologist told me of encountering three people in one day who had been zarked by the same failing flourescent bulb at a meat counter. Flashing lights are also a part of EEGs taken when epilepsy is suspected. As far as the props go, it could have been a visual flicker effect, or it could be that sounds can have a similar effect. May I suggest (to the curious among the audience) that you NOT try this experiment at home; epileptic seizures are not especially good for you, and the known occurrence of one tends to legally hinder your use of heavy equipment (like automobiles) for a period of time. David ------------------------------ Date: Fri, 21 Oct 88 10:28:43 EDT From: John Cherniavsky Subject: Risks in Foundations of Numerical Analysis In the October 1988 Bulletin of the American Mathematical Society there is an article by Peter Linz, "A Critique of Numerical Analysis", that points up the inadequacy of the foundations of numerical analysis. In that article he points out the inadequacies of current error analysis, the lack of information regarding the fit of the numerical model to the real world phenomenon that is being modeled (inappropriate choice of norm is his example), and the lack of a mechanism to validate or test the numerical model against the real world phenomenon being modeled. With the advent of computers that can carry out three dimensional numerical modeling and the use of such computers in the design of safety critical systems (such as airplanes), a lack of adequate mathematical foundations for numerical analysis could lead to serious consequences. ------------------------------ Date: Fri, 21 Oct 88 11:18:41 edt From: Henry Cox Subject: Takeoff warning systems to be tested [ From the Montreal Gazette, 21 October, 1988 JET TAKEOFF WANING SYSTEMS TO BE TESTED Washington (AP) - The government has ordered immediate tests of takeoff alarm systems on nearly 1800 Boeing 727 and Boeing 737 jetliners in the U.S. after finding "a significant number" of the alarms not working properly. The alarms are a critical safety device because they warn pilots if they have improperly set imstruments or control devices during takeoff. The Federal Aviation Authority yesterday told the U.S. airlines they must conduct the tests immediately and continue the checks every 200 flight hours. Last year, the failure of pilots to set their flaps properly led to the crash of a Northwest Airlines jet in Detroit, killing 156 people. Investigators say a similar oversight remains a possibility in the crash of a Delta Air Lines Boeing 727 in Detroit last August in which 14 people were killed. In neither case was there any evidence that the takeoff alarm sounded. The Delta crash led the aviation authority to order airlines in September to check the alarm systems on nearly 1200 Boeing 727 aircraft. The agency said yesterday tose checks resulted in "a significant number of inoperative warning systems discovered" on the Boeing 727 aircraft. It said that in 35 cases, the warning alarm either failed altogether or operated improperly. Although the September tests covered only Boeing 727s, the agency concluded all Boeing 737 aircraft because their alarm systems are "similar...and subject to similar fairlures." [ Of course, even if the alarms do work properly, they must be ON to be effective. In the wake of the crashes in India on 19 October, there have been several stories in the paper about other crashes where the pilot turned off the alarms because they were annoying him, and then neglected to put the landing gear down. ] Henry Cox ------------------------------ End of RISKS-FORUM Digest 7.67 ************************