Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
On Wednesday, 04-MAR-92 Channel 4 TV in the UK broadcast a program concerning
the difficulty of testing complex software systems - specifically the reactor
shutdown system for the Sizewell B Pressurized Water Reactor that is currently
under construction.
Nothing very new was said; it was the usual mix of nuclear industry suspicion
of people's intentions when requesting information and people's concern with
living in the same country as a nuclear power plant whose safety system cannot
be properly tested. The angle that the program's producers had choosen
to highlight was that it is software based and we have not figured out how
to test (reliably) 100,000 lines of code.
The best bit was an implication that Nuclear Electric (the builders) had an
inkling of the scale of the effort required to test the system properly and
their attitude was that it would take so long and cost so much that it was
obviously not practical :-)
In the course of the program we saw many screens purporting to show "computer
programs"; a selection:
o A .newsrc scrolling by (comp.risks makes a guest appearance!)
o A UNIX directory listing
o What looked like an abbreviated PostScript program
It seems that the risks associated with the untestability of complex software
systems are beginning to be recognised by the layman. The message that the TV
program gave me was of the concern of people outside the (software) industry
that we do not know how to guarantee the reliability of our products.
The licensing of Software Engineers was not mentioned once.
UNIX Mail: dpclarke@uk.oracle.com (Soon to be: perry@unify.com)
The city of Los Angeles was recently graced with the world premiere of the new
opera "Kullervo" by Aulis Sallinen, a talented Finnish composer. At the open
dress rehearsal, I noted that the score seemed to include some synthesized
sounds, which I later confirmed by an inspection of the orchestra pit. The
synthesizer used was a Yamaha DX-7 II, which aficionados will recognize as an
already-obsolete instrument which is no longer manufactured. I suspect that
Mr. Sallinen (who appears to be in his 60's) is completely unaware that in
twenty years it is going to be nearly impossible to acquire a working DX-7 to
duplicate the sounds he intended. Perhaps synthesizer manufacturers will
recognize this problem and include a backwards-compatibility mode, but more
probably works written for live synthesizer performance (I seem to remember
that "The Phantom of the Opera" uses a couple of synthesizers) are going to
have to compromise on timbral quality.
It's already well-nigh impossible to duplicate the sounds of the old analog
synthesizers with modern digital ones, but so far this problem hasn't affected
mainstream classical music (rock and jazz have a double advantage, both because
recordings dominate in listening to older works, and because flexibility in
performance is not only accepted but expected).
This all gives a whole new meaning to the "original instruments" school of
classical performance. I wonder if I could interest Christopher Hogwood in
building a collection of DX-7's? :-)
Geoff Kuenning geoff@ITcorp.com uunet!desint!geoff
On our Internet gateways, we run a variety of security monitors. Among other
things, these detect attempts to connect to services that are generally of no
legitimate interest to outsiders. But the alarm that went off the other day
was a bit different; the services contacted weren't the usual targets.
The answer turned out to be fairly interesting. It seems that a university 5
timezones away was installing a new network management system. This program
was, it seems, self-configuring — it went out and tried to discover the
topology of the network. The *WHOLE* network, as best I can tell.
I wonder how many sites were probed — and didn't notice — before I alerted
the administrators.
There are all sorts of other implications, of course. For one thing, I don't
know if I was being told the truth, though I have little reason to doubt it.
And such a comprehensive network map can be used to commit all sorts of
mischief. But as far as I know, that didn't happen this time.
Steve Bellovin
Quoting from: ALPHA ARCHITECTURE TECHNICAL SUMMARY (Dick Sites, Rich Witek) in comp.arch: "Alpha is also unconventional in the approach to arithmetic traps. In contrast to conventional RISC architectures, Alpha arithmetic traps (overflow, underflow, etc.) are imprecise — they can be delivered an arbitrary number of instructions after the instruction that triggered the trap, and traps from many different instructions can be reported at once. This makes implementations that use pipelining and multiple issue substantially easier to build." ... and to use safely? However, the next paragraph does provide what I would classify as a sop to DEC's technical conscience by stating: "If precise arithmetic exceptions are desired, trap barrier instructions can be explicitly inserted in the program to force traps to be delivered at specific points." Brian Randell, Computing Laboratory, The University, Newcastle upon Tyne, NE1 7RU, UK EMAIL = Brian.Randell@newcastle.ac.uk PHONE = +44 91 222 7923
> "Information brokers" will pay Social Security employees $25 for a
> person's earnings history and then sell the data for as much as $300.
In that case we had better on the watch for the enterprising congressperson who
can do arithmetic and who notices that the SSA could go into the retail market
itself, sell 200,000,000 records for $60B, and close next year's budget gap.
The number seems high; one wonders whether $300 is the market price for an SSA
record selected at random, or for selected records in the Iacocca-and-above
class.
Jerry Saltzer
The ending of my last message should have read "it's *not* as much of a coincidence as you might think" — here it is in it's corrected form: I don't doubt that there were human errors as this particular piece of mail tried to make its way from the bank to my house. However, I think you are wrong about the seven characters being "one piece of odd coincidence." A significant fraction of Ithaca's population is made up of students (probably more than 1/4, but less than 1/2), and students move frequently. If you have a common last name it is pretty likely there's someone else with a similar last name who's also a student and lives in the neighborhood. And there are lots of street numbers in the 100 to 300 range in the areas where students live! I looked at the student phone book and picked two common last names, Chen and Smith, and found 2 Chens that live at a house numbered 109 and two Smiths that live at a house numbered 210 in the Collegetown area. They all live on different streets and have different first names. I don't know if these particular examples would involve the same mail carrier, but I'm sure there are examples that do. So it's not as much of a coincidence as you might think! That's why I think one or two more characters for the hash code would help. Christine Piatko (piatko@cs.cornell.edu)
As the other person Christine mentioned who's had similar problems with mail forwarding in Ithaca, I have a hard time attributing the problem to "odd coincidence." I received occasional misforwarded mail (including, at one point, a COD delivery notice) over a period of about six months. As was the case with Richard Chang, the person's 7-letter key matched mine, but the names and addresses were clearly different. I would write "incorrectly forwarded" on the front of each and put them back in my mailbox. I sincerely hope they all eventually reached her; I never saw them again. I had moved from Ithaca to Schenectady and back — some of the mail forwarded made the round trip. Ever wondered whether "Return address requested" is attended to? The answer's yes — I got a credit card bill with her name and my address on it! The last straw was an envelope from a local community college with my name and address handwritten on the outside and a loan form with her name and address on the inside. So not only did the postal employee not check that the names/addresses matched, but neither did the recipient of the forwarding information. The addition to the key of one letter from either the first name or the street name would have avoided the problem in my case and, by quick perusal of the phone book, several others. Ithaca is a university town so naturally there are certain times when a large number of people move at once. This would seem to imply that it is especially important that we have a reasonable forwarding process. This one doesn't behave quite reasonably enough for me. Jennifer (not Shelley) Turney (not ... well, you can guess)
Now I know why the post office for greater metropolitan Selinsgrove,
Pa. (all fits quite comfortably in one zip code) included one stray letter in
my mother-in-law's forwarded mail when she stayed with us for a while last
year. It may also explain why my income tax refund was returned to the IRS
about five years ago. Still, considering how much mail is handled, and the
large number of customers the post office serves, this seems to be a rare
error. Much more common, in my experience, is getting mail intended for the
family at the same street number, one street away, and I believe that is mostly
'operator error', because the letter carriers sort that themselves, by hand.
Irv
Perhaps it's worth noting that this is one of those situations where adding redundancy to quality control -decreases- quality in what I like to call the "Kitty Genovese" effect. I first noticed this in one of W. Edwards Deming's books. For each inspector one adds in series to a process, the greater the likelihood that a defect will go unnoticed. It works something like this: With a single inspector, she knows that the next person to check the item she's inspecting is the customer. If something goes wrong, she is the one to take the blame. With two inspectors, each relies on the other to inspect, so his inspection is somewhat less thorough. Also, if a defective unit gets through, the inspectors share the blame equally. With 100 inspectors, almost no inspection at all is done; each thinks, "Surely with 99 other inspectors a defective unit will be caught!" As a result, all but the most glaring defects get through. I counted three "inspections" in the mail handling process described; sorting by the mail carrier, typing in of the seven-digit code, and checking of the name by the person whose job it is to affix the yellow change-of-address stickers. Dan Hankins
By coincidence, the New York Times has just run a pair of articles on the
subject of repetitive stress injuries. I've enclosed substantial extracts from
the two articles. Speaking personally, I find that I have more trouble with my
wrist when I'm very tired to start with. (I'm very tired right now, and I
almost didn't prepare this message because my tendonitis is acting up again.)
A wrist rest helps me immensely. Conversely, too much mouse activity is
problematic, since I don't have effective support for my wrist then. Typing on
too high a surface — such as a regular desk, as opposed to a typing table --
is a sure-fire recipe for trouble (again, for me). It's even worse if the desk
has a sharp edge I have to avoid. Most important — I've learned to listen to
my hands. If I'm starting to feel pains, it's probably a good day to catch up
on journal articles, rather than to start writing a paper.
--Steve Bellovin
[I don't think I ever mentioned to you all that I got one of our tech
wizards to rig up foot pedals for the CONTROL and META keys, so that I
could practice my organ-pedal action and keep my left wrist/pinky from
spasming in EMACS. It made a big difference.
The following is starkly excerpted by Steve, and is reproduced here
despite its length, because of its importance to RISKS. PGN]
EPIDEMIC AT THE COMPUTER: HAND AND ARM INJURIES, by JANE E. BRODY
c.1992 N.Y. Times News Service
Work-related injuries, long the plague of those who do heavy manual labor,
have become a scourge among white-collar workers, too.
Experts say hundreds of thousands of office workers are being disabled each
year in an epidemic of motion-related damage to the hands and arms that is
costing the nation many billions of dollars annually.
The problem is expected to worsen in the current recession as businesses
demand greater output from fewer employees and workers ignore symptoms for fear
of losing their jobs.
Over the last decade disorders caused by movements repeated many thousands
of times a day, long a plague on assembly lines and in processing plants, have
invaded the once low-risk environment of the office worker along with the
computer.
Computer operators spend many hours in the same position doing the same task
without breaks or variation, giving no time for stressed tissues to recover.
Over time, this behavior can induce crippling changes in the sensitive
tissues of the wrist and hand.
High rates of injury have been reported among data entry workers, telephone
operators and newspaper reporters and editors who work for many hours a day
typing on a computer keyboard. ...
People with the disorders, which can sometimes be permanent, can find
themselves unemployable or forced to change careers. Favorite sports
activities, housework, carrying groceries, or even holding a coffee cup may
become difficult or impossibly painful.
The disorders have many names — repetitive stress or repetitive motion
injuries, cumulative trauma disorders, of which carpal tunnel syndrome is one,
and most recently, work-related musculoskeletal disorders, the designation of
the World Health Organization.
But it all boils down to damage caused principally to tissues within the
hand and arm by seemingly innocent actions that are repeated perhaps thousands
of times each work day, like typing on a computer, cutting meat or poultry or
etching glass. ...
The American Academy of Orthopedic Surgeons estimated in 1984 that the
problem cost the nation more than $27 billion a year in lost wages and medical
care, an amount that could well have doubled by now since there has been more
than a doubling in reported cases.
Dr. Marvin J. Dainoff, a psychologist who is the director of the Center for
Ergonomic Research at Miami University in Oxford, Ohio, has called repetitive
stress injury the ``occupational disease of the 90s'' similar to the asbestos
crisis of the 1980s. ...
``Those with problems that are caught early can expect to recover in a few
months,'' said Dr. Emil Pascarelli, director of ambulatory care at [St.
Luke's-Roosevelt Medical Center]. ``But workers with severe injuries can take a
year or more to get better.''
In some parts of the country, workers diagnosed with carpal tunnel syndrome
are often treated with surgery to reduce pressure on the nerve that is
compressed by swollen or enlarged tissue passing through the wrist.
While some surgeons say the procedure is remarkably helpful to 60 to 80
percent of patients, other experts say it is abused by doctors who do not try
more conservative remedies first. Carpal tunnel surgery is now the second most
common operation performed in this country. ...
But repetitive motion disorders received only a flicker of expert attention
until they began striking white-collar workers and especially newspaper
reporters, who had been all but immune to the job-related injuries that other
laborers have endured for centuries.
Some of the rise in cases is widely attributed to increased
recognition of the problem and a new willingness to report it.
Dr. Laura Punnett, an ergonomist and epidemiologist at the University of
Massachusetts at Lowell, said ``historically there's been lots of
underreporting'' of these disorders. As she explained, ``Many workers did not
recognize the problem as being job-related; others who did worried about losing
their jobs if they reported their injuries.'' ...
A common experience of workers in America who report hand and wrist injuries
to their employers is to find themselves suspected of malingering.
Employers' doubts are bolstered by the fact that victims of repetitive
stress injury take longer to recover and are less likely to return to work if
they have filed worker's compensation claims, according to a study of 28,000
workers conducted by Dr. Gary Franklin, a neurologist who serves as medical
director for Washington State's Department of Labor and Industries.
Franklin also noted that the disabilities suffered by many workers were
``out of proportion'' to measurable abnormalities in their wrists, a widely
acknowledged finding that has prompted Nortin M. Hadler, a rheumatologist at
the University of North Carolina, to dispute whether the problem is real.
Hadler maintains that musculoskeletal activity that is ``reasonable,
comfortable and customary and which can be repeated without undue distress,''
such as typing on a computer, is unlikely to result in tissue damage.
Others, like Silverstein, report that although dissatisfied workers are
prone to exaggerate their injuries or discomforts, she found in studying
workers with problems at Newsday that the most devoted and talented reporters
typically suffered the most.
``These are high-production people who don't listen to their bodies,''
Silverstein said. ``They don't stop working when they start hurting. The same
with musicians. It is the high-performance people who are at highest risk of
musculoskeletal disorders. And one could hardly accuse musicians of seeking to
get paid without working, since they don't.''
In a seven-industry study of factory workers, she also found no differences
in overall job satisfaction and in views about work in general among employees
afflicted with hand-wrist disorders and those who were not.
Still, she and Franklin agreed that psychological and social factors can
make work-related muscular stress worse by increasing muscular tension. ...
Among the physical factors Dainoff lists as raising a worker's risk of
hand-wrist disorders are these:
High rates of repetition of the same action. A computer operator who types
60 words a minute can make 18,000 keystrokes in an hour.
Awkward or unnatural posture while working. The ideal position of the wrist
is flat and straight, which positions the hand level with the arm and extended
in a straight line from it. Those who work with hands bent up, down or to the
side risk damage to the tissues in the wrist.
Use of excessive force while working. In Silverstein's factory study,
workers who had to use high force and a high rate of repetition had 29 times
the rate of hand-wrist disorders as workers using low force and a low rate of
repetition.
Lack of adequate rest periods or recovery time. Experts estimate that hands
should be relieved of repetitive motion for at least 15 minutes every 2 hours
to reduce the risk of injury.
``Try telling that to a reporter writing against a deadline,'' Silverstein
remarked.
People who work on computers, which do not require much force to
operate, may nonetheless fall victim to repetitive stress injuries.
Dainoff explained that in many computer-reliant offices like newsrooms,
almost every activity is done with the keyboard, including writing, editing,
taking notes, searching for information and sending messages. ...
Some computer-based jobs are ``the sweatshops of the 90s,'' said Dr. John
Kella, a musician and biomechanic who directs a rehabilitation and retraining
program for injured workers at the Miller Institute in New York.
He pointed out that computer keyboards are unforgiving and many operators
press the keys too hard, causing an almost imperceptible kickback as the
fingertips hit the keyboard's rock-hard bottom. [In my own personal opinion,
keyboard feel has gone vastly downhill since the days of the IBM Selectric
typewriter. --smb]
His colleague, Pascarelli, likened it to dancers performing day after day on
a concrete floor. ``Eventually, they are going to get injured,'' he said.
The injuries that he treats are often not ``classical'' syndromes with
readily identifiable pathological changes in structures of the hands and
wrists.
Some, perhaps a quarter of those complaining of symptoms, have clear cases
of carpal tunnel syndrome.
Some have tendinitis, an inflammation of the tendon that passes through the
wrist, and others have tenosynovitis, an inflammation of the sheath around the
tendon. But many fit no recognized classification.
Dr. Lawrence Fine, an occupational medicine specialist for the National
Institute of Occupational Safety and Health in Cincinnati, said: ``Yet these
people are in a lot of pain and are forced to take time off from work. It's
hard for me as a physician to say it's all in people's heads, especially when
the frequency and severity of the disorders abates when the risk factors are
reduced.''
Even when a rational remedy is applied, the workplace setting can sometimes
cause it to backfire.
Silverstein gave on-the-job exercises to workers in a dental floss
manufacturing plant.
A year into the program she found no improvement in the rate of repetitive
stress injuries because the workers, forced to meet production quotas, had
worked harder to make up for the time lost during their exercise sessions.
====
COMPUTER USERS' INJURIES ARE OFTEN PREVENTABLE
By JANE E. BRODY
c.1992 N.Y. Times News Service
...
Researchers who have analyzed the conditions that seem to lead up to
hand-wrist problems and clinicians who treat them have identified factors both
within and outside the workplace that when properly adjusted can help prevent
hand-wrist injuries.
Dr. Marvin J. Dainoff, director of the Center for Ergonomic Research and a
professor of psychology at Miami University in Oxford, Ohio, insists that
physiologically sensible use of the computer starts with the user's chair.
A well-designed chair not only helps protect your back but also reduces
strain on your shoulders, neck and arms and ultimately your hands.
Most experts recommend a chair that allows you to adjust the height of the
seat and the tilt of the back and possibly also of the seat. An adjustable
table may also be necessary for people who are very tall or very short.
You should be able to sit with your feet flat on the floor (or on a
footrest), your thighs at right angles to your torso, your arms and hands
parallel to the floor or perhaps slightly elevated, your head erect and your
eyes looking slightly down (about 15 degrees below the horizontal) to see the
screen.
To minimize stress, the chair should support your lower back and should
swivel and roll on casters. To allow for relaxation of muscles and shifts in
working postures, the seat back should be able to tilt backward to an angle of
15 degrees or more from the vertical.
The desirability of arm rests is a matter of debate. Some experts suggest
they can aggravate wrist problems and encourage poor posture if the arms are
rested on them while typing. Others laud their usefulness as a resting place
when not typing.
Next comes the surface on which the computer keyboard rests. When sitting
properly in your chair, you should be able to type with a flat wrist. Avoid
bending your wrist up or down or twisting it sideways when you type.
If the keyboard is very wide or deep, learn to lift your hand to reach
outlying keys instead of trying to stretch your fingers to them, which distorts
your wrist position.
While typing, avoid resting your wrists on the edge of the work surface; to
reduce pressure on the wrists, consider using a padded wrist and palm rest in
front of the keyboard. Keep fingernails trimmed; long nails force you to extend
your fingers to hit the keys.
Try to avoid other potentially wrist-damaging activities when you are not
typing. Dainoff cautions against moves that bend the wrist, especially if force
is involved, like pushing a heavy door, opening jars, holding a telephone
handset at an angle or resting your head in your hand.
Also think about home and recreational activities that might aggravate a
sore wrist, including excessive use of a kitchen knife, playing a musical
instrument with a distorted wrist, skating with the hand bent up at the wrist
or pushing a power mower.
Use your whole hand (not just thumb and forefinger) and minimal force when
gripping, grasping or lifting an object.
Take frequent brief rests while typing. Switch to another activity that uses
the hands differently. Do not use more force than necessary to hit the keys.
When taking notes or writing an original work, avoid holding your hands in a
tensed ``ready'' position when waiting to type.
Do exercises that strengthen hand and arm muscles and improve circulation in
the upper extremities, like squeezing a handgripper and swimming. When typing,
try to rely more on the larger, stronger muscles of the arms and shoulders to
reduce strain on the wrists and hands.
When detected and intercepted in their early stages, hand and wrist problems
are relatively easy to reverse. Experts caution against trying to work through
pain, since that will only make the injury worse and could result in
irreversible damage to the nerve that passes through the wrist into the hand.
Therapy may involve analysis of your typing technique and retraining,
adjustments in your office furniture and keyboard, physical conditioning and
the use of wrist splints at night to prevent abnormal wrist positions during
sleep.
Dr. Emil Pascarelli, director of ambulatory care at St. Luke's-Roosevelt
Medical Center in New York, who established a hand clinic to treat injured
keyboard users, said that anti-inflammatory drugs, like ibuprofen, do not seem
to work well in treating work-related injuries to the wrists and hands.
He also maintains that surgery, which has become a very popular remedy
nationwide, should be considered a treatment of last resort, when more
conservative measures seem unable to relieve the problem or when the nerve is
becoming scarred or is degenerating.
Please report problems with the web pages to the maintainer