Subject: RISKS DIGEST 13.30
REPLY-TO: [email protected]

RISKS-LIST: RISKS-FORUM Digest  Monday 23 March 1992  Volume 13 : Issue 30

       FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
  ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

 Contents:
Globex fails critical test (PGN)
Error in math chips away at ice storm aid (Marty Leisner)
Two Risk Phenomena: Atari blanks, Turbo Pascal clocks (Stefan Burr)
Virus breaks security of Italian Judicial System's computers (Miranda Mowbray)
Re: Why Microsoft wants you to turn off virus checkers (Martin Minow)
New RISK at Railroad Crossing Gates (Bill Gripp, David Flanagan)
Re: Magellan Turnoff (David Fetrow)
Human Rights Groups Armed (With Technology) (Sanford Sherizen)
Saab fly-by-airbags and roaring mice (Andrew Klossner)
UA 747 Lost Door; Broadcasting mice (Bob Frankston)
A comment on naivete (Bob Frankston)

The RISKS Forum is moderated.  Contributions should be relevant, sound, in
good taste, objective, coherent, concise, and nonrepetitious.  Diversity is
welcome.  CONTRIBUTIONS to [email protected], with relevant, substantive
"Subject:" line.  Others may be ignored!  Contributions will not be ACKed.
The load is too great.  **PLEASE** INCLUDE YOUR NAME & INTERNET FROM: ADDRESS,
especially .UUCP folks.  REQUESTS please to [email protected].
Vol i issue j, type "FTP CRVAX.SRI.COM<CR>login anonymous<CR>AnyNonNullPW<CR>
CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 13, j always TWO digits).  Vol i
summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye<CR>" logs out.
The COLON in "CD RISKS:" is essential.  "CRVAX.SRI.COM" = "128.18.10.1".
<CR>=CarriageReturn; FTPs may differ; UNIX prompts for username, password.
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.

----------------------------------------------------------------------

Date: Fri, 20 Mar 92 10:47:36 PST
From: "Peter G. Neumann" <[email protected]>
Subject: Globex fails critical test

Globex is an electronic trading system being developed by Chicago's futures
exchanges and Reuters PLC, using a 30-MIPS DEC 9420 computer at Reuters' U.S.
headquarters on Long Island.  The development is behind schedule, having
experienced repeated delays in the past two years.  A previous test in January
handled 30,000 mock trades successfully.  The latest field test on 3 Mar 1992
(with key stations in NY, Chicago, Paris and London) aborted after only ten
minutes:

 The system detected a condition in which the data ... in one of the 250 key
 stations was different from what the host computer thought it should be, and
 when that occurs, the system is designed to shut down.

[Source: Chicago Tribute, 5 Mar 1992, Section 3, article by William B. Crawford
Jr., contributed by Robert V. Binder, starkly abstracted by PGN]

The article includes the hopes for the system, the doubts expressed by others,
and the impact the failed test had -- deferring a vote on a master agreement
governing the partnership, and postponing the intended unveiling, previously
scheduled for April.

------------------------------

Date: Sat, 21 Mar 1992 21:47:18 GMT
From: leisner%[email protected] (Marty Leisner x76704 siena)
Subject: Error in math chips away at ice storm aid (Rochester paper)

In today's Democrat and Chronicle, they had a headline "Error in math chips
away at ice storm aid" (in Rochester, New York they had an ice storm last
year).  This was for the Town of Irondequoit (a neighbor of Rochester).

They got some Federal Disaster Relief for this.
The  Federal government earlier promised 2.7 million dollars.
They really got  1.38 million.

The conclusion was "what nobody realized at the time, officials say now, is
that the total reflects a computer keypunch error."

When I first read the headline, I thought they had a bogus math chip ;-)

marty  [email protected]  Member of the League for Programming Freedom
                              (You get what you pay for -- except in software)

------------------------------

Date: Wed, 18 Mar 92 22:15 EST
From: [email protected]
Subject: Two Risk Phenomena: Atari blanks, Turbo Pascal clocks

I know of two interesting phenomena that relate to two of your CACM Inside
Risks columns.  A full discussion of either would take quite a bit of time to
write down in full, or (probably easier) a phone call.  Therefore, I'm just
going to give you a brief description of each [...].

    The first is an example of a somewhat annoying computer pun, relating to
your 9/90 column.  This concerns Atari 8-bit computers, which were way ahead of
their time, and still are to some extent.  (I still use one for some tasks,
although I have a much fancier computer now.)  In Atari Basic, the prompt is
READY.  For a long time, I noticed occasional peculiar behavior, and I could do
some experiments to recall exactly the form it took.  Anyway, I finally noticed
that when I moved the cursor to such a prompt and hit the return key, no error
message occurred.  (The Atari has a full-screen editor.)  I thought about this,
and finally realized that the interpreter was reading this as READ Y.  Just as
in Fortran (except Fortran 90), blanks are irrelevant, so the prompt was
treated as an immediate command.  I don't think this usually caused real
trouble, but it could do so if my program had a variable named Y.

    The second phenomenon relates (at least partially) to your column on
clocks (1/91).  This one you very likely were aware of already.  I was having
my students do timing tests on programs on IBMs and clones.  This is painful
enough, just because of the absurd rate of ticks (18/sec.), but further
problems are caused by the fact that the data (hours, minutes, seconds and
hundredths of seconds) is in unsigned integer, 1-byte form.  We were using
Turbo Pascal, which is generally a useful implementation.  However, this
language has five (or six if the coprocessor is present or being simulated)
integer types, of which three are signed and two are unsigned, and all may be
freely mixed.  This causes many typing problems, worse than any built into
Fortran.  The basic problems come from the fact that when you subtract unsigned
integers, if the result is negative, the computed value becomes a positive
integer, usually a large one.  We found several different ways to get crazy
output, including some ways that the error would not be a power of two.

      -- Stefan Burr   (201)-267-0137 (home) and (212)-650-6172 (work)

------------------------------

Date: Mon, 23 Mar 92 10:39:23 +0100
From: Miranda Mowbray <[email protected]>
Subject: Virus breaks security of Italian Judicial System's computers

Traces of the `Gp 1' virus have been discovered in the computers of the Court
of Cassation, the Courts of Appeal, and the High Tribunal for Public Waters, in
Italy.  The virus was discovered by the central security office, which reports
to the Presidency.  Rather than destroying data, Gp 1 awards maximum security
clearance to all minimum security level users.  The other judicial offices are
being checked for the virus.
                                  Source: La Nazione, 22 March 1992

------------------------------

Date: Thu, 19 Mar 92 08:58:47 PST
From: Martin Minow <[email protected]>
Subject: re: Why Microsoft wants you to turn off virus checkers

In RISKS-13.29, W.M. Buckley notes that the installation instructions for
Microsoft Word 5.0 instructs customers to remove virus protection before
installation.

While I don't know the particulars of Microsoft's situation, I suspect
there are two reasons:

-- Virus protection programs trap certain operations that the installation
  procedure must perform in order to install the software. For example,
  Microsoft records the customer name, organization, and serial number
  "somewhere" in the application image. Depending on how they do this,
  this may look to the virus checker as if an intruder were modifying
  the image.

-- Installing an application is a rather complex task (I am speaking here
  of the Macintosh, but I suppose this applies to other systems as well.)
  I am currently working on a Macintosh application and am budgeting
  about one week to write write a simple installation script for a much
  simpler product. Since virus protection software works by modifying
  the system image in some "secret" manner, debugging, documentation and
  customer support become expensive nightmares. The vendor is far better off
  putting more effort into manufacturing control and development.

In my own product, I'm faced with a similar problem: one of its functions is to
create, under user control, small applications. Here, too, the documentation
must warn the customer to add my application to the virus protection
program's list of "trusted" programs.

Martin Minow            [email protected]

------------------------------

Date: Thu, 19 Mar 92 13:06:31 -0500
From: [email protected] (Bill Gripp)
Subject: New RISK at Railroad Crossing Gates (Marcum, RISKS-13.29)

This is not necessarily a failure mode.  Among the possibilities...

1) Railroad personnel were testing the crossing gate.  This can be accomplished
in one of many ways.  The personel don't necessarily have to be immediately at
the crossing.

2) Pranksters were having fun.  Again they don't have to be immediately at the
crossing.

3) A local freight train doing some switching moves entered the electrical
block controlling the crossing activating the crossing gate.  The train then
stopped and reversed direction exiting the block, allowing the crossing gates
to open.

I just love it when people say that something failed/broke when they really
don't have any idea about what is going on.  =8^)

The REAL risk, is that these people sometimes get a lot of attention and as a
result negatively effect the reputation of reliable equipment, companies,
people, [fill in the blank]!

------------------------------

Date: Thu, 19 Mar 92 10:20:43 EST
From: [email protected] (David Flanagan)
Subject: Re: New RISK at Railroad Crossing Gates (Marcum, RISKS-13.29)

Railroad crossing gates coming down when no train is coming just a "benign
failure mode"?  Not necessarily: I have a friend who admits that in his (much)
younger days he would head down to the tracks near his house and close the
gates just for fun.  He reports that the drivers at the front of the lined up
traffic were very reluctant to cross the tracks when the gates went up (much to
the chagrin of the drivers just arriving at the end of the line).  They assumed
that the "failure" was that the gates went up too soon, rather than that they
went down without cause.

My friend has reformed himself now, but I've learned some interesting things
about railroad crossing gates.  The (pedestrian) gates near my house (and
presumably this is how most work) will go down when the tracks are shorted
together.  I have yet to take a voltmeter to them, however.
                                                           -- David Flanagan

------------------------------

Date: Wed, 18 Mar 92 22:07:16 -0800
From: David Fetrow <[email protected]>
Subject: Re: Magellan Turnoff

In Volume 13 : Issue 29 "Peter G. Neumann" <[email protected]> notes an
article over the purported plan to turn off Magellan before it fails due to a
lack of funds.

I suspect something like the old Viking Fund will be set up by someone. At
this funding level, simple charity might supply enough money to keep things
going. It's a rather silly way to fund a probe, but not as silly as shutting
down.

You may recall the Viking funds striking logo: Viking with a tin cup in it's
claw.
                             -dave fetrow

------------------------------

Date: Fri, 20 Mar 92 15:14 GMT
From: Sanford Sherizen <[email protected]>
Subject: Human Rights Groups Armed (With Technology)

Today's New York Times reports that the Lawyers Committee for Human Rights will
start a campaign called Witness to provide human-rights groups around the world
with hand-held video cameras, computers and fax machines.  The Reebok
Foundation and musician/composer Peter Gabriel contributed to the project.  Mr.
Gabriel said: "It's much easier for those in power to get away with murder,
torture, repression and the destruction of our environment if their actions are
not witnessed by the media and public."

While we have heard how technology contributed to the overthrow of the Shah and
kepts the world's eyes on repression by the China's leaders, I wonder if this
effort is a legacy of the Rodney King beating by police officers in Los
Angeles.  The beating was videotaped and played over and over on tv, resulting
in indictments and a current trail of police officers.  Better that legacy than
America's Favorite Videos or some other "let's video our kids hitting dad in
the crotch" or "we'll act crazy and hope that we can get on tv with the tape",
which is so popular on television today in the U.S.

Sanford Sherizen, Data Security Systems, Natick, MA

------------------------------

Date: Fri, 20 Mar 92 13:12:24 PST
From: [email protected] (Andrew Klossner)
Subject: Saab fly-by-airbags and roaring mice

>From the Saab drive-by-wire report:

 "The idea is that driving without a steering wheel is physically safer,
 because you can fit an airbag where the steering wheel would be and
 avoid the crushing injuries often sustained by drivers in accidents."

Curious.  Chrysler puts air bags on the driver side but not the passenger side.
They defend this by claiming that it's much harder to mount a bag on the
passenger side -- without a steering column, there's no suitable place for it.

>From the roaring mouse discussion:

       "I would prefer to see the regulation require that the mouse
       have FCC class B ..."

PC mice are unlike those in the Macintosh, Sun, or X terminal world in that
they are usually sold as separate products.  None of the three PC laptops that
I've purchased have been offered with a mouse option (perhaps EMI problems were
a consideration.)  There is no opportunity to perform FCC testing of a PC
laptop and mouse as a single system.

 -=- Andrew Klossner  ([email protected])
                      (uunet!tektronix!frip.WV.TEK!andrew)

------------------------------

Date: Sat 21 Mar 1992 09:43 -0500
From: <[email protected]>
Subject: UA 747 Lost Door; Broadcasting mice

There was small item in the New York Times earlier this week reporting on the
United Airlines 747 that lost a door near Hawaii a few years ago.  The report
has been revised to say that the door was lost due to a problem with the
control circuitry for the door and was not due to a mechanical problem.  Hmm.

A final note on the broadcasting mice.  I do realize that any external wire
can broadcast and can interfere with some forms of communications.

------------------------------

Date: Sat 21 Mar 1992 10:01 -0500
From: <[email protected]>
Subject: A comment on naivete

I meant to mention that my naivete itself was an example of taking technology
advancement for granted.  This similar to using an old tape deck and going
directly from forward to reverse. Those used to mechanical systems would stop
in the middle and give the tape a chance to stop. Those brought up on VCRs
would assume that the machine would be smart enough to deal the mechanical
problems "intelligently".

Similarly, my expectations of airline communications are affected by what I
know is possible, even if it is naive knowledge.

------------------------------

End of RISKS-FORUM Digest 13.30
************************

You are viewing proxied material from gopher.quux.org. The copyright of proxied material belongs to its original authors. Any comments or complaints in relation to proxied material should be directed to the original authors of the content concerned. Please see the disclaimer for more details.