Forum on Risks to the Public in Computers and Related Systems
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Volume 13: Issue 19
Thursday 27 February 1992
Contents
The long arm of the law fingers old fingerprint- PGN
- $300,000 budget error at The Whig Standard
- Jim Carroll
- Patriot missiles misled by `accidental' decoys
- Lord John
- More on the Airbus A320
- Andrew Marchant-Shapiro
- Re: Italian crooks let others pay phone bill
- Ralph Moonen
- Two Cornell Students Arrested for Spreading Virus
- PGN
- Re: Calculator Use During Exams
- Bob Frankston
Brinton Cooper
Li Gong
Jeffrey Siegal
mathew - Re: Carpal Tunnel Syndrome etc.
- Steve Bellovin
Brinton Cooper
Ralph Moonen
Jeremy Barth
Simona Nass
Brinton Cooper
Torsten Lif
Claire Jones - Info on RISKS (comp.risks)
The long arm of the law fingers old fingerprint
"Peter G. Neumann" <neumann@csl.sri.com>
Thu, 27 Feb 92 14:51:23 PST
A fingerprint found in an unsolved 1984 murder of an 84-year-old woman was kept in the San Francisco police database all these years. Recently the SF print database was linked with the Alameda County database. The old print matched a new one taken in connection with a petty theft case, and so eight years later the police were able to solve the old case (burglary, arson, homicide). The two girls implicated were 12 and 15 at the time. [Source: Article by Stephen Schwartz, Chronicle Staff Writer, San Francisco Chronicle, 22 Feb 1992, p.A16]
$300,000 budget error at The Whig Standard
"Jim Carroll" <jcarroll@jacc.uucp>
Thu, 27 Feb 1992 09:00:16 -0500
From the Feb. 21 Toronto Globe and Mail... "A misplaced computer byte has forced a daily newspaper in Kingston to chew a sizeable hunk out of its budget for 1992. The $300,000 glitch, discovered last month, means the Whig Standard will be hiring only two students to work as reporters or editors this summer instead of five, and also has forced it to reduce its spending for freelance stories, editor Neil Reynolds says. The computer in the newspapers accounting department somehow managed to understate editorial cost by $300,000 when it spewed out editorial budget planning numbers last fall..... The newspaper is thoght to have a total editorial budget of about $3 million a year." What is interesting about this particular error is the size of the error compared to the budget : 10%. Surely some cursory review should have identified an error of this magnitude. Jim Carroll, J.A. Carroll Consulting, Mississauga, Canada jcarroll@jacc.uucp Voice/Fax +1.416.274.5605 MCI, Bix JCarroll
Patriot missiles misled by `accidental' decoys
"UKAV03::W0400" <W0400%UKAV03.decnet@usav01.glaxo.com>
27 Feb 92 13:01:00 EST
Quotes from an article in the New Scientist 15 Feb 1992:
The US Army's Patriot missiles missed many of the Iraqi missiles that the US
thought they had shot down during the Gulf War, according to a new analysis.
Iraqi's modified Scud missile, called the Al-Husayn, was difficult to hit
because it was so unstable that it broke into pieces when it reentered the
atmosphere, creating a confusing barrage of debris.
Ted Postol, a professor at MIT, re-examined the Patriot's war record at the
request of a Congressional committee. He found that deploying Patriot missiles
defences did not reduce damage during Iraq's missile attacks on Israel and
Saudi Arabia.
Postol then examined videotapes recored by TV journalists that seemed to show
the Patriot missiles successfully intercepting Al-Husayn missiles. Paytheon,
the Patriot's manufacturer, has used this footage to promote its missile.
Incoming Iraqi missiles are visible on the videotapes because of their
velocity, about two metres per second, {that must be a mistype in the article,
I expect it should be two kilometers per second W.} makes them glow
incandescently as they re-enter the athmosphere. The videotape also captures
the explosions of the Patriot interceptors.
Postol played these videotapes in slow motion to an audience of the AAAS. As
the Patriot detonations flashed on the screen, Postol stopped the tape to show
how far these explosions were from the glowing Al-Husayn warheads. In most
cases, the Iraqi Al-Husayn warhead appeared to fly straight on unharmed. In
one case, there was a fireball as the Iraqi warhead exploded on impact with the
ground.
The army claims that the Patriots successfully intercepted 45 of the 47
missiles they tried to shoot down. But Postol says the tapes show that in some
of these cases, the Patriots missed their targets by at least a kilometer.
Postal measures this distance by comparing the relative motions of the Patriot
fireball, which stays in one place, and the Al-Husayn warhead.
The Patriot had a particularly hard time hitting the Al-Husayn because of
problems with the Iraqi missile. Iraqi engineers had extended the range of the
Soviet Scud-B missile by lengthening its fuel tanks and making its warhead much
lighter. The changes made the missile unstable, and caused the Al-Husayn to
flop belly-first as it re-entered the athmosphere, often breaking up in the
process. the Patriot missile had to distinguish between the Al-Husayn's
warhead and other debris such as the empty fuel tank and tail fins which rained
from from the sky. In effect, the Iraqi missile released unintended but
effective "decoys" to distract the Patriot, said Postol. Ther Patriot had its
own problems as well. One software bug could have directed the Patriot to
attempt to intercept an incoming missile at a point below ground. In one case
this bug may have caused a Patriot to turn back and dive into the ground.
Postol argues that the effectiveness of the Al-Husayn's unintended decoys shows
how extremely simple factors can frustrate attempts to shoot down ballistics
missiles. This could teach scepticism when it comes to evaluating the claims
made for missile defence technologies, such as plans for the US Star Wars
system.
Raytheon disputes Postol's conclusions, but has not yet made public a detailed
analysis that would rebut his claims. Defenders of the Patriot believe the
damage on the ground could have come from falling debris rather than from
detonations of the Iraqi missile's warhead.
[It is funny how what starts as a great success, turns out less than so, when
investigated. It also demonstrates that very simple systems can (and do)
prevent the high technology systems working, as well as showing that
designers of such systems get a mindset as assumes the opponents have the
same mindset. This is not always so... Lord John - The Programming Peer]
More on the Airbus A320
"MARCHANT-SHAPIRO, ANDREW" <marchana@gar.union.edu>
25 Feb 92 13:55:00 EDT
On National Public Radio's Morning Edition program this AM, one report concerned the series of crashes that have plagued the Airbus 320. According to this report, MOST 320 aircraft have an alarm that informs the pilot that s/he is flying too low, but France does not require this alarm and so aircraft sold to and/or operated by French companies do not have this alarm installed. I don't even qualify as a dabbler in this area, but if I recall correctly, at least 2 out of 3 crashes, and possibly all 3, involved French aircraft. Since they have also been somewhat similar (an apparently _unnoticed_ loss of altitude), could this help to explain what happened? If so, this points to a particularly interesting human interface problem -- perhaps the A320 tends to drop faster than other aircraft, but, since there is no alarm, [some] pilots do not realize what is happening until they're too low to do anything about it. Any comments from qualified persons? Andrew Marchant-Shapiro, Depts of Sociology and Political Science, Union College, Schenectady NY 12308 518-370-6225 marchana@union.bitnet
Re: Italian crooks let others pay phone bill (Weber, RISKS-13.16)
<rmoonen@hvlpa.att.com>
Tue, 25 Feb 92 11:14 MET
There was a big case in the Netherlands over 5 years ago where they did the same. The scheme involved renting a mobile phone from the Dutch PTT, copying the EPROM, transfering the EPROM to a mobile phone which had been stolen, and then returning the rented phone. This way, as the phone gets re-rented again to various persons, the bill gets spread out, and it will be less obvious. BTW, what inferior kind of ATM's do they have in Italy that let you tamper with the EPROMS inside? Maybe we have some over here in Holland too? :-)
Two Cornell Students Arrested for Spreading Virus
"Peter G. Neumann" <neumann@csl.sri.com>
Tue, 25 Feb 92 13:12:23 PST
2 Cornell Students Arrested for Spreading Computer Virus LEE A. DANIELS, N.Y. Times News Service Two Cornell University undergraduates were arrested Monday night and charged with developing and spreading a computer virus that disrupted computers as far away as California and Japan, Cornell officials said. M. Stewart Lynn, vice president for information technologies at the university in Ithaca, N.Y., identified the students as David Blumenthal and Mark Pilgrim. Lynn said that both Blumenthal, who is in the engineering program, and Pilgrim, in the college of arts and sciences, were 19-year-old sophomores. They were arrested Monday night by Cornell and Ithaca police officers. Lynn said the students were arraigned in Ithaca City Court on charges of second-degree computer tampering, a misdemeanor, and taken to the county jail. Lynn said authorities believed that the two were responsible for a computer virus planted in three Macintosh games on Feb. 14. [...] He identified the games as Obnoxious Tetris, Tetricycle and Ten Tile Puzzle. The virus may have first appeared in a Stanford University public computer archive and spread from there through computer users who loaded the games into their own computers. Lynn said officials at Cornell and elsewhere became aware of the virus last week and quickly developed what he described as ``disinfectant'' software to eradicate it. He said officials traced the virus to Cornell last week, but he would not specify how that was done or what led officials to the two students. Lynn said he did not yet know how much damage the virus had caused. ``At Cornell we absolutely deplore this kind of behavior,'' he said. [reference to RTM deleted.] AP item notes both are being held in the Tompkins County Jail on $10,000 bail.
Re: Proposal for policy on calculator use during exams (Bezenek 13.16)
<Bob_Frankston@frankston.std.com>
Tue 25 Feb 1992 20:14 -0500
The long term issues are challenging. In a very few years, the subtablet-size portable computer will have replaced the calculator as the issue for exams. These systems will have a few megabytes (32, 64, 1GB?) of space (between the paging devices and the primary memory) and a full GUI interface. They will be preferable to notepaper (especially the pen or its successors complementing the keyboard). Even more so than the current personal computers, these systems will be an integral part of how people solve problems. Since they are also the reference devices, it is unclear what the distinction will be between and open book exam and a closed book (def: a device for presenting information) exam. Of course, one can ban them from closed book exams, but that would reduce closed book exams to an abstract exercise unrelated to actual practice. The problems become worse when we have the WAN infrastructure so that the systems have builtin packet radio connections that are an integral part of their operation. While we can still have Faraday Cage exams, they too would be useful for testing the ability to survive without intellectual assists, but would not test the more important ability to take full advantage of the technologic infrastructure. While I sometimes go off the technical deepend in predicting what is going to happen, I'm already working with the early forms of these technologies so the issue is one of timing rather than possibility. Considering that computers have still had little impact on the educational system, once these systems drop below crucial price points they will rapidly overwhelm the schools. I'm presuming the appropriate UI's will be available and that the impediments are mainly economic.
Re: Proposal for policy on calculator use during exams (Bezenek 13.16)
Brinton Cooper <abc@BRL.MIL>
Tue, 25 Feb 92 9:12:19 EST
Todd M. Bezenek KO0N <plains!bezenek@uunet.uu.net> communicates his proposed
policy regarding the use of calculators on closed note university exams. In
brief, he would take possession of a device which he (the proctor) believes to
have been used to violate the intent of closed-note examinations. He would
have a faculty member judge whether the calculating machine and its memory
content provided an illegal aid to the test-taking student.
I guess he never heard of "due process." If you try that in universities
supported by public funds, you run the risk of being sued by the student. His
procedure sets up a couple of faculty as a "kangaroo court" (what does that
mean, anyhow?) to judge whether a student cheated.
High-tech times may call for low-tech solutions. I simply do not permit the
use of calculating devices on Computer Science examinations and quizzes. The
reasoning is simple:
Programmers should be proficient, personally, in computation.
a. Having to work out a few numerical examples by hand can help budding
programmers hone their ability to see more than one way to do a
computation.
b. Using this ability can provide "sanity checks" on their software.
c. Programmers should be able to get the answer even when their batteries
have run down.
I fear that at least some of the human-induced software faults discussed so
often in this forum can be traced to the lack of computational skill on the
part of the programmer involved.
_Brinton Cooper abc@brl.mil cooper@udel.edu ab.cooper@compmail.com
Re: Proposal for policy on calculator use during exams (Bezenek 13.16)
Li Gong <li@cambridge.oracorp.com>
Wed, 26 Feb 92 14:47:31 EST
In RISKS-13.16 Todd M. Bezenek proposed a policy for dealing with "the use of calculators on university exams." His posting "demonstrates the risk of introducing computing power into the classroom where it may be misused." Unfortunately, such a policy, short of banning a student from using his/her *own* calculator, could not beat technology. For example, it is easy to imagine a calculator that can be activated only by a (say 10 digit) PIN. Today's photocopiers can operate in this fashion. The new trick is to require periodical input (say every 3 minute) of the PIN. If PIN is not typed in in time, the calculator locks itself, and starts scrambling some parts of the memory (using the PIN as key). then erase the key from memory afterwards. To find any evidence of wrong doings, the memory section in question has to be examined within 3 minutes. The basic point is that if a student has his/her own Trusted Computing Base, no one can beat him/her. If this is not true, nobody would work in the field of computer security today. So ban the calculators, or supply "official" ones during exams. Li Gong, ORA Corp, 675 Mass Ave, Cambridge, MA, USA.
Re: Proposal for policy on calculator use during exams (Bezenek 13.16)
<jbs@congruent.com>
Tue, 25 Feb 92 11:16:44 EST
You might want to consider portable computing devices with wireless communications capabilities (packet, cellular, etc.)! Jeffrey Siegal
Re: Proposal for policy on calculator use during exams (Bezenek 13.16)
From A to B <mathew@mantis.co.uk>
Wed, 26 Feb 92 17:25:43 GMT
At the risk of starting a lengthy and somewhat off-topic debate, I'd like to
remark that I don't think there's actually any technological risk involved
here.
The "problem" is that calculators with memories enable students to store data
and retrieve it during the exam. The only reason this is a "problem" at all is
that almost all exams are based around parrot-style repetition of memorized
"facts".
The solution to the "problem" is to allow all students to take in whatever
reference materials they like. Then the examination will necessarily have to
be a real test of problem-solving ability rather than a test of the candidate's
ability to regurgitate memorized data.
Of course, the problem then is that ability in examinations might in some
way tally with the candidate's ability to work in real-world situations.
> The calculating device shall remain in the possession of the
> proctor until the contents of its memory--both vendor supplied and user
> programmed--can be examined.
What exactly are you going to do about the "vendor-supplied" part of the
memory? Many calculators now have common physical constants stored in their
ROMs; is that unfair to those who aren't allowed to take in a databook?
If so, doesn't that mean that allowing people to take in a calculator which
performs logarithms or statistical functions is unfair to those not allowed to
take in log tables or statistical analysis reference books?
mathew
Re: Carpal Syndrome reports rise sharply (Cooper)
<smb@ulysses.att.com>
Mon, 24 Feb 92 20:32:00 EST
Brint Cooper states that all sufferers from carpal tunnel syndrome that he
knows are cashiers, and that none of the computer folks he knows suffer from
it. He goes on to wonder if stress may play a role. I can't answer that
question, but I can state, from both first-hand and second-hand knowledge, that
computer users do indeed suffer from carpal tunnel syndrome.
In my own case, the carpal tunnel syndrome is fairly mild -- but I have bad
problems with tendonitis. Nor was the orthopedist in any doubt about what
caused my symptoms -- his first question to me was ``do you use a computer
keyboard much?'' He went on to state that most of his patients with tendonitis
of the wrist or elbow, or carpal tunnel syndrome, were heavy computer users.
That aside, I also know of several others who have suffered from both problems,
including at least one who needed surgery. Psychological stress may contribute
-- but don't discount the purely-mechanical.
--Steve Bellovin
Re: Carpal Syndrome reports rise sharply
Brinton Cooper <abc@BRL.MIL>
Tue, 25 Feb 92 0:24:28 EST
No, I don't discount the physical causes of carpal syndrome, tendonitis, and
other occupational risks of keyboards. But I must tell you of my daughter who
had such a case of tendonitis at age 14 that her hand literally locked up at
the (piano) keyboard during a music lesson. I don't believe I'm violating her
privacy to relate that this was a very stressful time for her for many reasons.
Today, 15 years later, she's got a handle on the stress. Also, she can and
does play piano for 5-6 hours at a time. It's necessary; it's how she makes
her living.
Physicians and others who are looking for the connection between computer
keyboards and orthopaedic disease must consider the stress factors. I'd HATE
to spend 8-9 hours per day keyboarding credit card information for VISA, but
I've often spent that much time and more at keyboards building software, doing
computations, and writing scientific reports. If we're going to build a
low-risk workplace, we must address *all* the risks, not merely those that are
fashionable.
_Brint
Carpal Syndrome (Cooper)
<rmoonen@hvlpa.att.com>
Tue, 25 Feb 92 11:14 MET
I know several sufferers of CTS, and all of them are musicians. My mother was
operated on both wrists, and she never had any problems with it any more.
Likewise with the other musicians I know. (Most notedly string players) Here at
wotk also I know of at least one case, in which the sufferer was a programmer.
So also keyboard action can give it you for sure. I am pretty sure that stress
and other psychological factors are involved, but bad muscular techniques are
the no. 1 cause.
--Ralph Moonen
Carpal Syndrome: Is it just psychosomatic? (Cooper)
Jeremy Barth <pubmail!barth@uu2.psi.com>
Tue, 25 Feb 92 10:34:25 EST
I detect a dangerous elitism in this kind of observation. The author makes a
sociological generalization based upon a tiny, non-random observational sample
with no controls. We all tend to do this, but let's recognize that it's sloppy
thinking.
Just two points (the first about the social categories affected, the second
about cultural anthropology):
1. The syndrome occurs in all kinds of work environments. In my own personal
sphere, which again is non-representative, two of my friends suffer from the
syndrome. They're Associated Press reporters in a fancy, white-collar New York
office who work on outmoded, non-ergonomic keyboards that are holdovers from
AP's early computerization efforts. There's a potentially precedent-setting
class action suit wending its way through the courts involving numerous AP
reporters who report the syndrome. There are people in their early 30's who
can't do simple things without pain, like raising a full cup of coffee to their
lips.
2. If you've studied anthropology, you know how hard it is to "see your own
kind." All social theorizing has built into it lots of preconceptions we're
only minimally aware of. Brinton says he's not aware of reports among his
colleagues of CT syndrome; having worked for 2 years in a fast-paced immunology
research lab, I would suggest that many hard-driven people choose to ignore
substantial pain in pursuit of their goals. (Ever heard about the football
player who had his pinkie cut off, rather than submit to a lengthy course of
surgery, so he wouldn't have to miss 4 weeks of the season?)
Jeremy Barth
Risks of making judgments about job satisfaction (Helegesen)
Simona Nass <simona@panix.com>
Tue, 25 Feb 1992 19:34:31 GMT
Do harp players have low job satisfaction? Are they doing it only for the
money? It's probably inaccurate to say that all cashiers/secretaries/etc. are
unhappy in their jobs. While these exceptions may not entirely refute your
anecdotal evidence, I think a better causal explanation can be found. Even if
most people getting CTS are not satisfied with their jobs, you need something
that explains why those who are satisfied also develop it. Something involving
the type of repetitive movement is probably a more proximate cause of the
injury.
I wonder if the low incidence of CTS among your computer lab friends is
explained by the way they type? Do most programmers touch-type using all ten
fingers? Also, how fast do they really type, anyway? I type between 50 and 90,
depending on the keyboard. Someone can manage to type fairly quickly (tho' not
90 wpm) using a few fingers, but the TYPE of repetitive movement is different.
Also, most computer programmers can't type as quickly when they actually have
to compose what they are typing. Some of their time is also spent searching,
scanning the text, compiling, munching M&Ms <tm> ... :) -S. -- Disclaimer: I
am not an attorney, though I do have an opinion on everything.
( simona@panix.com or {apple,cmcl2}!panix!simona )
Carpal Risks
Brinton Cooper <abc@BRL.MIL>
Tue, 25 Feb 92 16:25:58 EST
I didn't expect the reaction that my piece on the relative risks of the
physical act of repetitive keyboarding and of the psychological pressure under
which many keyboard users must work. Clearly, the risks attributable purely to
repetitive keyboarding, improper terminal and chair adjustments, lack of
breaks, poor lighting, etc overwhelmingly dominate the issue.
While I remain committed to being alert to the effects of stress, I
yield to the many thoughtful people who wrote to me and spoke, often sadly, of
colleagues and associates who live with chronic pain directly attributable to
such work. A few have even been ruled permanently disabled. This is worse
than unfortunate, and I fear I misguided myself on the issue.
_Brint
Re: Carpal Syndrome reports rise sharply (Cooper)
<Torsten.Lif@eos.ericsson.se>
Wed, 26 Feb 92 08:52:16 +0100
Let me then point out another major group of CTS sufferers who are (at least) as highly motivated as any hacker: Cyclists. Especially the ones who also do a lot of keyboard work, but even some who do no keyboard/computer work have been afflicted. [...] Having worked in a similar environment without any ill effects, I was more than dismayed when I started showing the classical symptoms of repetitive motion syndromes after I transferred to computer support. A period of very informal empirical studies (I experimented :-), indicated that the culprit was the type of work, not the system hardware. In essence: Using my SUN workstation as a word processor to enter large amounts of text (on subjects I find interesting and stimulating) is very prone to give me various pains and numbness symptoms in neck, shoulders, arms and hands. Using the same workstation to edit and debug programs is much less fatiguing. I can easily do programming work for a full workday without problems. Just a couple of hours of word processing is enough to give me back all the problems. I started looking at how I work in these two situations and came to the conclusion that the difference is quite large. Entering text I type for long unbroken periods, moving my arms very little. Editing source code (even when entering it the first time), I move about much more. I use the mouse and/or cursor keys to go back and correct an indentation; I copy a chunk of code I'm too lazy to write again; I look at the debugger, resting my chin in my hand while I try to figure what's wrong; I click the "Step" button and stare in disbelief as the program takes the wrong branch in a "switch"; I scratch my head and take a sip of tea. In other words, programming work is much less (physically) monotonous. |> What part does psychological or emotional stress play in the |> development of repetitive-motion disorders? It wouldn't surprise me if the presence of stress hormones in the body aggreviates the problems but my belief is that the nature of the work is much more important. And it is possible that I like programming better than documenting (who doesn't? :-) to the extent where this causes part of the difference for me. But I don't think this accounts for all of it. If it did, why would writing articles for UseNet cause similar pains? Torsten Lif, Ericsson Telecom AB, EO/ETX/TX/ZD, S-126 25 STOCKHOLM, SWEDEN Phone: +46 8 719 4881
(More on) Carpal Syndrome (Cooper)
<ccmj@dcs.edinburgh.ac.uk>
Wed, 26 Feb 92 15:00:16 GMT
I disagree with the theory. I spend a lot of time *sitting* at a keyboard and so do many others here. But we don't spend a lot of time bashing keys with our fingers because we frequently stop to think. I'm sure other computing labs are the same. People like us don't come anywhere near the kind of keystrokes an hour achieved by people doing repetitive keyboarding jobs like copy-typists, data entry clerks etc. If a job requires some tedious keyboarding, we typically have the freedom, knowledge and hardware required to automate it. Mostly people here complain about eyestrain and backache, not carpal tunnel syndrome. I would also caution Mr Cooper that his theory is liable to misinterpretation by those who would like to dismiss such injuries as malingering by people who want to get out of boring jobs. -- Claire Jones ccmj@dcs.ed.ac.uk
Report problems with the web pages to the maintainer