The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 13 Issue 30

Monday 23 March 1992


o Globex fails critical test
o Error in math chips away at ice storm aid
Marty Leisner
o Two Risk Phenomena: Atari blanks, Turbo Pascal clocks
Stefan Burr
o Virus breaks security of Italian Judicial System's computers
Miranda Mowbray
o Re: Why Microsoft wants you to turn off virus checkers
Martin Minow
o New RISK at Railroad Crossing Gates
Bill Gripp
David Flanagan
o Re: Magellan Turnoff
David Fetrow
o Human Rights Groups Armed (With Technology)
Sanford Sherizen
o Saab fly-by-airbags and roaring mice
Andrew Klossner
o UA 747 Lost Door; Broadcasting mice
Bob Frankston
o A comment on naivete
Bob Frankston
o Info on RISKS (comp.risks)

Globex fails critical test

"Peter G. Neumann" <>
Fri, 20 Mar 92 10:47:36 PST
Globex is an electronic trading system being developed by Chicago's futures
exchanges and Reuters PLC, using a 30-MIPS DEC 9420 computer at Reuters' U.S.
headquarters on Long Island.  The development is behind schedule, having
experienced repeated delays in the past two years.  A previous test in January
handled 30,000 mock trades successfully.  The latest field test on 3 Mar 1992
(with key stations in NY, Chicago, Paris and London) aborted after only ten

  The system detected a condition in which the data ... in one of the 250 key
  stations was different from what the host computer thought it should be, and
  when that occurs, the system is designed to shut down.

[Source: Chicago Tribute, 5 Mar 1992, Section 3, article by William B. Crawford
Jr., contributed by Robert V. Binder, starkly abstracted by PGN]

The article includes the hopes for the system, the doubts expressed by others,
and the impact the failed test had — deferring a vote on a master agreement
governing the partnership, and postponing the intended unveiling, previously
scheduled for April.

Error in math chips away at ice storm aid (Rochester paper)

Marty Leisner x76704 siena <>
Sat, 21 Mar 1992 21:47:18 GMT
In today's Democrat and Chronicle, they had a headline "Error in math chips
away at ice storm aid" (in Rochester, New York they had an ice storm last
year).  This was for the Town of Irondequoit (a neighbor of Rochester).

They got some Federal Disaster Relief for this.
The  Federal government earlier promised 2.7 million dollars.
They really got  1.38 million.

The conclusion was "what nobody realized at the time, officials say now, is
that the total reflects a computer keypunch error."

When I first read the headline, I thought they had a bogus math chip ;-)

marty  Member of the League for Programming Freedom
                               (You get what you pay for — except in software)

Two Risk Phenomena: Atari blanks, Turbo Pascal clocks

Wed, 18 Mar 92 22:15 EST
I know of two interesting phenomena that relate to two of your CACM Inside
Risks columns.  A full discussion of either would take quite a bit of time to
write down in full, or (probably easier) a phone call.  Therefore, I'm just
going to give you a brief description of each [...].

     The first is an example of a somewhat annoying computer pun, relating to
your 9/90 column.  This concerns Atari 8-bit computers, which were way ahead of
their time, and still are to some extent.  (I still use one for some tasks,
although I have a much fancier computer now.)  In Atari Basic, the prompt is
READY.  For a long time, I noticed occasional peculiar behavior, and I could do
some experiments to recall exactly the form it took.  Anyway, I finally noticed
that when I moved the cursor to such a prompt and hit the return key, no error
message occurred.  (The Atari has a full-screen editor.)  I thought about this,
and finally realized that the interpreter was reading this as READ Y.  Just as
in Fortran (except Fortran 90), blanks are irrelevant, so the prompt was
treated as an immediate command.  I don't think this usually caused real
trouble, but it could do so if my program had a variable named Y.

     The second phenomenon relates (at least partially) to your column on
clocks (1/91).  This one you very likely were aware of already.  I was having
my students do timing tests on programs on IBMs and clones.  This is painful
enough, just because of the absurd rate of ticks (18/sec.), but further
problems are caused by the fact that the data (hours, minutes, seconds and
hundredths of seconds) is in unsigned integer, 1-byte form.  We were using
Turbo Pascal, which is generally a useful implementation.  However, this
language has five (or six if the coprocessor is present or being simulated)
integer types, of which three are signed and two are unsigned, and all may be
freely mixed.  This causes many typing problems, worse than any built into
Fortran.  The basic problems come from the fact that when you subtract unsigned
integers, if the result is negative, the computed value becomes a positive
integer, usually a large one.  We found several different ways to get crazy
output, including some ways that the error would not be a power of two.

       — Stefan Burr   (201)-267-0137 (home) and (212)-650-6172 (work)

Virus breaks security of Italian Judicial System's computers

Miranda Mowbray <>
Mon, 23 Mar 92 10:39:23 +0100
Traces of the `Gp 1' virus have been discovered in the computers of the Court
of Cassation, the Courts of Appeal, and the High Tribunal for Public Waters, in
Italy.  The virus was discovered by the central security office, which reports
to the Presidency.  Rather than destroying data, Gp 1 awards maximum security
clearance to all minimum security level users.  The other judicial offices are
being checked for the virus.
                                   Source: La Nazione, 22 March 1992

re: Why Microsoft wants you to turn off virus checkers

Martin Minow <>
Thu, 19 Mar 92 08:58:47 PST
In RISKS-13.29, W.M. Buckley notes that the installation instructions for
Microsoft Word 5.0 instructs customers to remove virus protection before

While I don't know the particulars of Microsoft's situation, I suspect
there are two reasons:

-- Virus protection programs trap certain operations that the installation
   procedure must perform in order to install the software. For example,
   Microsoft records the customer name, organization, and serial number
   "somewhere" in the application image. Depending on how they do this,
   this may look to the virus checker as if an intruder were modifying
   the image.

-- Installing an application is a rather complex task (I am speaking here
   of the Macintosh, but I suppose this applies to other systems as well.)
   I am currently working on a Macintosh application and am budgeting
   about one week to write write a simple installation script for a much
   simpler product. Since virus protection software works by modifying
   the system image in some "secret" manner, debugging, documentation and
   customer support become expensive nightmares. The vendor is far better off
   putting more effort into manufacturing control and development.

In my own product, I'm faced with a similar problem: one of its functions is to
create, under user control, small applications. Here, too, the documentation
must warn the customer to add my application to the virus protection
program's list of "trusted" programs.

Martin Minow

New RISK at Railroad Crossing Gates (Marcum, RISKS-13.29)

Bill Gripp <>
Thu, 19 Mar 92 13:06:31 -0500
This is not necessarily a failure mode.  Among the possibilities...

1) Railroad personnel were testing the crossing gate.  This can be accomplished
in one of many ways.  The personel don't necessarily have to be immediately at
the crossing.

2) Pranksters were having fun.  Again they don't have to be immediately at the

3) A local freight train doing some switching moves entered the electrical
block controlling the crossing activating the crossing gate.  The train then
stopped and reversed direction exiting the block, allowing the crossing gates
to open.

I just love it when people say that something failed/broke when they really
don't have any idea about what is going on.  =8^)

The REAL risk, is that these people sometimes get a lot of attention and as a
result negatively effect the reputation of reliable equipment, companies,
people, [fill in the blank]!

Re: New RISK at Railroad Crossing Gates (Marcum, RISKS-13.29)

David Flanagan <>
Thu, 19 Mar 92 10:20:43 EST
Railroad crossing gates coming down when no train is coming just a "benign
failure mode"?  Not necessarily: I have a friend who admits that in his (much)
younger days he would head down to the tracks near his house and close the
gates just for fun.  He reports that the drivers at the front of the lined up
traffic were very reluctant to cross the tracks when the gates went up (much to
the chagrin of the drivers just arriving at the end of the line).  They assumed
that the "failure" was that the gates went up too soon, rather than that they
went down without cause.

My friend has reformed himself now, but I've learned some interesting things
about railroad crossing gates.  The (pedestrian) gates near my house (and
presumably this is how most work) will go down when the tracks are shorted
together.  I have yet to take a voltmeter to them, however.
                                                            — David Flanagan

Re: Magellan Turnoff

David Fetrow <>
Wed, 18 Mar 92 22:07:16 -0800
 In Volume 13 : Issue 29 "Peter G. Neumann" <> notes an
article over the purported plan to turn off Magellan before it fails due to a
lack of funds.

 I suspect something like the old Viking Fund will be set up by someone. At
this funding level, simple charity might supply enough money to keep things
going. It's a rather silly way to fund a probe, but not as silly as shutting

 You may recall the Viking funds striking logo: Viking with a tin cup in it's
                              -dave fetrow

Human Rights Groups Armed (With Technology)

Sanford Sherizen <>
Fri, 20 Mar 92 15:14 GMT
Today's New York Times reports that the Lawyers Committee for Human Rights will
start a campaign called Witness to provide human-rights groups around the world
with hand-held video cameras, computers and fax machines.  The Reebok
Foundation and musician/composer Peter Gabriel contributed to the project.  Mr.
Gabriel said: "It's much easier for those in power to get away with murder,
torture, repression and the destruction of our environment if their actions are
not witnessed by the media and public."

While we have heard how technology contributed to the overthrow of the Shah and
kepts the world's eyes on repression by the China's leaders, I wonder if this
effort is a legacy of the Rodney King beating by police officers in Los
Angeles.  The beating was videotaped and played over and over on tv, resulting
in indictments and a current trail of police officers.  Better that legacy than
America's Favorite Videos or some other "let's video our kids hitting dad in
the crotch" or "we'll act crazy and hope that we can get on tv with the tape",
which is so popular on television today in the U.S.

Sanford Sherizen, Data Security Systems, Natick, MA

Saab fly-by-airbags and roaring mice

Andrew Klossner <>
Fri, 20 Mar 92 13:12:24 PST
>From the Saab drive-by-wire report:

  "The idea is that driving without a steering wheel is    physically safer,
  because you can fit an airbag where the steering wheel would be and
  avoid the crushing injuries often sustained by drivers in accidents."

Curious.  Chrysler puts air bags on the driver side but not the passenger side.
They defend this by claiming that it's much harder to mount a bag on the
passenger side — without a steering column, there's no suitable place for it.

>From the roaring mouse discussion:

    "I would prefer to see the regulation require that the mouse
    have FCC class B ..."

PC mice are unlike those in the Macintosh, Sun, or X terminal world in that
they are usually sold as separate products.  None of the three PC laptops that
I've purchased have been offered with a mouse option (perhaps EMI problems were
a consideration.)  There is no opportunity to perform FCC testing of a PC
laptop and mouse as a single system.

  -=- Andrew Klossner  (

UA 747 Lost Door; Broadcasting mice

Sat 21 Mar 1992 09:43 -0500
There was small item in the New York Times earlier this week reporting on the
United Airlines 747 that lost a door near Hawaii a few years ago.  The report
has been revised to say that the door was lost due to a problem with the
control circuitry for the door and was not due to a mechanical problem.  Hmm.

A final note on the broadcasting mice.  I do realize that any external wire
can broadcast and can interfere with some forms of communications.

A comment on naivete

Sat 21 Mar 1992 10:01 -0500
I meant to mention that my naivete itself was an example of taking technology
advancement for granted.  This similar to using an old tape deck and going
directly from forward to reverse. Those used to mechanical systems would stop
in the middle and give the tape a chance to stop. Those brought up on VCRs
would assume that the machine would be smart enough to deal the mechanical
problems "intelligently".

Similarly, my expectations of airline communications are affected by what I
know is possible, even if it is naive knowledge.

Please report problems with the web pages to the maintainer