From the Honolulu Star-Bulletin's "Streetwise" column, 27 April 1992: Time change leaves stoplights out of sync (By David Oshiro) Here's a story on how the clever machines that run our lives are sometimes too clever. Three weeks ago, most of the mainland switched to daylight savings time. Unbeknown to city transportation officials here, a microchip controlling traffic signals on Kalanianaole Highway contained a program written on the mainland that contained an automatic conversion to daylight-saving [sic] time. So, *voila*! On Monday, April 6, the timing for peak traffic hours kicked in an hour earlier, throwing signals off. Signals that were changing in 200-second cycles began to change in 185-second cycles. It was only a 15-second difference, and it only lasted an hour, but that was enough to mess up morning rush-hour traffic [which is pretty bad on this highway]. City workers, however, were able to figure out the problem and fix it that day. A city transportation official said that there was no easy way to test that chip in advance, to see it [sic] would have worked properly when the switch to daylight-saving time occurred. Mike Morton <Mike_Morton@Proponent.com>
This past week I was at a Microsoft Technical Seminar (read "boasting session") and saw an interesting promotional piece. Although longer than a normal ad, I suspect it is planned to use the "playlet" for some kind of media presentation. The "plot" is that Microsoft's Excel spreadsheet is so easy to use, and has so many "labour saving" features that two dolts who have forgotten to put together their presentation are able to do so in a one minute elevator ride to "executive territory". Other than stylistic aids, the primary function promoted is an "extension" function which will "forecast trends". With so much spreadsheet use being devoted to business plans and cash flow projections, the attraction of such a function is obvious. However, the ad immediately triggered an alarm. The feature is introduced, in the ad, by the fact that the executive "wants to see ten percent growth". The original figure is $1000, so the user fills in the next column as $1100. No problem. Then the extension feature is brought into play, and I mentally follow along with the arithmetic. The next column should say $1210. But the spreadsheet fills in $1200. The fourth column should be $1331, but instead is filled in as $1300. Ah, to the numerate person, the reason is obvious: the function is not a geometric "ten percent growth" but an arithmetic adding of an additional hundred dollars each time. To the numerate person, obvious. To the general public? How many of the "average" business computer users would even notice? The RISK of this particular choice of "extension" algorithm might not be all that important. However, it points out the increasing addition of "aids" in computerized systems, and the need to note carefully the use that the using audience is likely to put those aids to. Business computer users, in my experience, tend to want to think in "percentage" figures (eg. annual growth). A simple "adding" function for forecasting will not give them the "correct" answer appropriate to their mental model. Small though this RISK might be in this instance, we have seen this same principal at work in situations with much higher stakes.
This workshop is discussed at length in the April issue of COMPUTER, pp. 76-78. I don't recall seeing it on RISKS, although the general topic has certainly had its share of discussion and flame in the past. Jim H.
The 20 April 1992 issue of DM News, a direct marketing trade publication, reports that within the past two weeks, Metromail and Donnelly Marketing (two of the very largest mailing list companies) were approached by the FBI which is seeking mailing lists for use in investigations. Other mailing list firms also received feelers according to the story. "Neither of the identified firms would discuss details, but one source familiar with the effort said the FBI apparently is seeking access to a compiled consumer database for investigatory uses." "The FBI agents showed 'detailed awareness' of the products they were seeking, and claimed to have already worked with several mailing list companies, according to the source." Metromail, according to the article, has been supplying the FBI with its MetroNet address lookup service for two years. The FBI said that the database is used to confirm addresses of people the FBI needs to locate for an interview. This marks the first time since the IRS tried to buy mailing lists in 1984 that a government agency has attempted to use mailing lists for enforcement purposes. In a separate but related story in the April 24 issue of the Friday Report, a direct marketing newsletter, the RBOC's are teaming up with other firms to develop white page directories on CD-ROM. For example, US West has a joint venture with PhoneDisc USA of Marblehead, Ma. The article states that the company offers lists failing mailing list enhancements to law enforcement agencies. [NOTE: an enhanced list means the names and addresses were matched with a marketing database and additional demographic information was added to the list from the marketing database]. Mary Culnan, School of Business Administration, Georgetown University MCULNAN@GUVAX.GEORGETOWN.EDU
>Are call loggers a problem when you give your password to a mail retreival >system form a hotel or an office. Is there a hacker market for this info? >Finally how prevelant is this problem in various parts of the world? Many hotels detail your phone bill and include the phone numbers you called during your stay. How often does the hotel phone system capture your MCI/Sprint/AT&T calling-card number (which you touch-toned into the MCI, Sprint, or AT&T computer), too? I can easily change the PIN on my voice-mail system; changing the PIN on my calling card requires a call to the long-distance carrier, and possibly a new card - something the long-distance carrier isn't going to want to do too often. -Dan Wing, DWING@UH01.Colorado.EDU, WING_D@UCOLMCC.BITNET Systems Programmer, University Hospital, Denver
I had the same experience myself recently. But, in addition to instructions, it was also a telemarketing call by the local carrier! Since I use my cellular phone as a contact line for technical support and am always expecting calls (I subscribe to a nationwide switching service), I was rather angry that they used my time on the line like that. Especially since it was during a driving rainstorm while I was on the Interstate in the hills of northern Kentucky! I called *611 and told the person on the line to get me off whatever list I was on to get this unnecessary greeting and unwanted telemarketing. I haven't been bothered since, but I don't know if my call got me off any "list". John S. Karabaic, Systems Engineer, jkarab@NeXT.com, 513 792 5904 NeXT Computer, Inc.; 4434 Carver Woods Dr.; Cincinnati, OH 45242
Not only *could* the cellular phone company track one's movement "all over the country" (although with great difficulty and expense using today's switches), it is an active industry goal for the next generation of technology. "Call Delivery" -- making your phone ring when someone dials your number, regardless of your geographic location and serving carrier of the moment -- is an integral part of the standard being developed for interswitch communication (EIA/TIA IS-41). It is also seen as a key to making Personal Communication Networks (PCN) work. What happened to you in Georgia is the result of a feature known as "autonomous registration", by which the serving switch instructs a mobile unit to register (i.e. transmit its identity information including mobile phone number and serial number) as soon as radio contact is established (as indicated on the mobile's handset display by the "service light" or "service bars"). When the system detected you were a roamer, it placed a call to your phone and played the recorded greeting for your edification (although I don't know BellSouth's policy, it is quite unlikely you were charged for this call). Furthermore, Automatic Vehicle Location (AVL) services are also seen as highly desirable by a significant subgroup of wireless communication users (truckers and victims of car thieves come immediately to mind). There are companies that claim to be able to determine the position of a mobile unit in a cell site to within 100 feet using only the received 800 MHz radio signal, but the technology is unreliable and expensive. The more popular solution is to marry a Global Positioning System (GPS) receiver to a cellular phone or other wireless terminal, but this is both proprietary and also expensive. As long as the user retains the ability to "disappear" by turning the phone off, I see the benefit as outweighing the risk in this form of network tracking. I squirm a lot more when I read about "beacons" placed in every car for automatic toll collection and vehicle monitoring, because these specialized systems exist solely for the purpose of tracking and accounting (NOTE: does anyone really expect there to be an "off" switch on such a device?). It's one thing to choose to be tracked, and quite another to have an "Eye in the Sky" checking up on you... Phil Brown, Project Engineer, GTE Mobile Communications Internet address: firstname.lastname@example.org
First Announcement COMPASS '92: SEVENTH ANNUAL CONFERENCE ON COMPUTER ASSURANCE Systems Integrity, Software Safety, and Process Security June 15-18, 1992 Gaithersburg, Md. National Institute of Standards and Technology Technology Administration U.S. Department of Commerce Department of Defense Approval: "In reviewing the Institute for Electrical and Electronics Engineer's Plans for COMPASS '92, the Assistant Secretary of Defense (Public Affairs) finds this event meets the standards for participation by DoD personnel under instruction 5410.20 and DoD Standards of Conduct Directive 5500.7. This finding does not constitute endorsement of attendance which must be determined by each DoD component." Compass IEEE Aerospace and Electronic Systems Society Sponsors IEEE National Capital Area Council In cooperation with The British Computer Society Conference Sponsors: ARINC Research Corporation, Computer Sciences Corporation Control Systems Analysis, Department of Defense, George Mason University Logicon, Inc., National Institute of Standards and Technology, Naval Research Laboratory, Naval Surface Warfare Center Research Triangle Institute, Systems Safety Society, TRW Systems Division Program Committee: Paul Ammann, George Mason University Greg Chisholm, Argonne National Laboratory John Dobson, University of Newcastle Upon Tyne Frank Houston, Food and Drug Administration William S. Junk, University of Idaho John Knight, University of Virginia D. Richard Kuhn, NIST John McDermid, University of York John McHugh, University of North Carolina Gerry Masson, Johns Hopkins University Reginald Meeson, Institute for Defense Analyses Andrew Moore, Naval Research Laboratory Matthew Morgenstern, Xerox Advanced Information Technology Jim Purtilo, University of Maryland Edgar H. Sibley, George Mason University Tony Zawilski, The Mitre Corporation NATIONAL INSTITUTE OF STANDARDS AND TECHNOLOGY (NIST) A principal agency of the Department of Commerce's Technology Administration, NIST has as its mission to strengthen U.S. industry's competitiveness, advance science, and improve public health, safety, and the environment. NIST conducts basic and applied research in the physical sciences and engineering, developing measurement techniques, test methods, standards, and related services. The Institute does generic and precompetitive research and development work on new advanced technologies. NIST researchers work at the frontiers of science and technology in such areas as chemical science and technology, physics, materials science and engineering, electronics and electrical engineering, manufacturing engineering, computer systems, building technology and fire safety, and computing and applied mathematics. INSTITUTE OF ELECTRICAL AND ELECTRONICS ENGINEERS (IEEE) The Institute of Electrical and Electronics Engineers is the world's largest technical professional society. Founded in 1884 by a handful of practitioners of the new electrical engineering discipline, today's Institute is comprised of more than 320,000 members who conduct and participate in its activities in 147 countries. The men and women of the IEEE are the technical and scientific professionals making the revolutionary engineering advances which are reshaping our world today. The technical objectives of the IEEE focus on advancing the theory and practice of electrical, electronics and computer engineering and computer science. To realize these objectives, the IEEE sponsors technical conferences, symposia and local meetings worldwide; publishes nearly 25% of the world's technical papers in electrical, electronics and computer engineering; and provides educational programs to keep its members' knowledge and expertise state-of-the-art. The purpose of all these activities is two fold: To enhance the quality of life for all peoples through improved public awareness of the influences and applications of its technologies; and, to advance the standing of the engineering profession and its members. The IEEE, through its members, provides leadership in areas ranging from aerospace, computers and communications to biomedical technology, electric power and consumer electronics. For the latest research and innovations in the many diverse fields of electrical and electronics engineering, industry and individuals look to the IEEE. COMPASS '92 June 15-18, 1992 About the Conference COMPASS is an acronym formed from COMPuter ASSurance, the subject of this conference, the seventh of a series that began with COMPASS '86. According to its charter, "The purpose of COMPASS is to advance the theory and practice of critical systems through the medium of scientific and engineering meetings and publications. The organization, under the IEEE, is dedicated to the study of critical systems, especially those using digital computers or other new technologies." Critical systems are defined as systems whose failure could cause injury, loss of life, or significant property loss or damage. Such failures may be failures of commission, doing what should not be done, or of omission, not doing what should be done. Critical systems have failed in the past. Radiation therapy machines have killed cancer patients; industrial robots have killed workers; spacecraft have been destroyed; and, hackers have vandalized and/or stolen from information systems. The goal of COMPASS is to find and publicize ways to prevent unacceptable failures of critical systems. COMPASS expresses the idea of "Pointing the Way" and of "encompassing" many technologies and technical disciplines. The logo, a variation of yin-yang overlaying a compass rose, symbolizes both of these ideas. COMPASS '92 has adopted the slogan "Building The Right System, Right." This expresses the need for the developers of critical systems to rigorously define the right requirements and ensure that they are satisfied, resulting in systems that function as intended. The sponsors and organizers of COMPASS encourage you to participate in future COMPASS activities. Contact any member of the conference committee or the conference board for more information. Conference Committee Board of Directors Chair: Dolores R. Wallace, NIST General Chair: Robert Ayers, ARINC Research Corporation Program Chair: Edgar H. Sibley, George Mason University Local Arrangements: Laura M. Ippolito, NIST Publications: Julie Langston, Computer Sciences Corporation Publicity: Paul Anderson, Space & Naval Warfare Systems Command Division Registration: Judy Bramlage, General Accounting Office Treasurer: Bonnie Danner, TRW Systems Division Tutorials: Michael Brown, Naval Surface Warfare Center COMPASS '92, Monday, 15 June 1992 9:00 a.m. Tutorial 1: "Approaches to Developing Safety-Critical Software" Stephen S. Cha, Charles H. Lavine, and Jeffery C. Thomas, Aerospace Corporation, El Segundo, Ca. This tutorial surveys various software safety techniques proposed in literature or currently in practice. Following an introduction to software safety concepts, several industrial software development examples will be examined. The tutorial concludes with a discussion on formal methods and future research directions. 12:45 p.m. Lunch 2:00 p.m. Tutorial 2: "Interlocks-A Safety Engineering Tool" Phil Sedgwick, Control Systems Analysis, Newport, RI This tutorial introduces INTERLOCKS, a methodology and PC-based tool, that graphically describes and simulates the operation of computer system controls. INTERLOCKS, in use by the DoD, employs a graphic language familiar to hardware and software engineers-simple AND and OR logic. The result for safety engineers is an INTERLOCKS network that models and simulates the hardware, software, and operator events that are prerequisite to critical function initiation. COMPASS '92, Tuesday, 16 June 1992 9:00 a.m. Opening Remarks, Conference General Chair: Robert Ayers, ARINC Research Corporation, Annapolis, MD. 9:15 a.m. The Technical Program, Program Committee Chair: Edgar H. Sibley, GMU, Fairfax, VA. 9:30 a.m. Keynote Speaker, John Rushby, SRI International, Menlo Park, CA. "What Really Goes Wrong, And What Might Fix It?" 11:00 a.m. Session 1 Verification Chair: Andrew Moore, Naval Research Laboratory, Washington, D.C. "Using Z Specifications in Category Partition Testing", Nina Amla and Paul Ammann, George Mason University, Fairfax, VA. "Verification of Numerical Programs Using Penelope/Ariel", Sanjiva Prasad, ORA Corporation, Ithaca, N.Y. "Modular Verification of Ada Library Units", Carla Marceau and Wolfgang Polak, ORA Corporation, Ithaca, N.Y. 12:45 p.m. Lunch 2:00 p.m. Session 2 Security, Chair: Paul Ammann, George Mason University "A Probabilistic Approach to Assurance of Database Design", Lucian Russell, Argonne National Laboratory, Argonne, Ill. "Formal Security Specifications for Open Distributed Systems", Sead Muftik, DSV Dept., Stockholm University, Sweden and Univ. of Sarajevo, Yugoslavia "A Formal Approach for Security Evaluation", John A. McDermid and Qi Shi, University of York, UK 4:00 p.m. Debate: Resolved: "Certain Safety-Critical Systems Should Not Be Computerized". Moderated by John Knight, University of VA 5:30 p.m. Close of Daytime Activities 7:00 p.m. Birds of a Feather Session, Marriott COMPASS '92, Wednesday, 17 June 1992 9:00 a.m. Keynote Speaker, Ted Ralston, Ralston Research Associates, Tacoma, WA, "Preliminary Report on the International Study on Industrial Experience with Formal Methods" 10:30 a.m. Panel 1 Formal Methods in Industry .., Naval Research Laboratory, Washington, D.C. Leo Beltracchi, United States Regulatory Commission, Washington, D.C. 12:45 p.m. Lunch 2:00 p.m. Session 3 Safety, Chair: M. Frank Houston, Food and Drug Admin., Rockville, Md. "Efficient Response Time Bound Analysis of Real-Time Rule-Based Systems", Albert Mo Kim Cheng and Chia-Hung Chen, University of Houston, Houston, TX "The Use of Ada PDL as the Basis for Validating a System Specified by Control Flow Logic", Richard B. Mead, ARINC Research Corporation, Annapolis, MD. One further paper to be selected 4:00 p.m. Panel 2 Software Safety and Economics, Chair: J. Bret Michael, George Mason University, Fairfax, VA. Stephen Fortier, Intermetrics, McLean, VA. William S. Junk, University of Idaho Edward A. Addy, Logicon, Inc., Dahlgren, VA. John McHugh, University of North Carolina, Chapel Hill, N.C. 5:30 p.m. Close of Daytime Activities 6:30 p.m. Banquet with Dinner Speaker, Marriott COMPASS '92, Thursday, 18 June 1992 9:00 a.m. Session 4 Processes, Chair: Reginald Meeson, IDA "A Review of Computer Controlled Systems Safety and Quality Assurance Concerns for Acquisition Managers", John R. Friend, U.S. Navy, Polaris Missile Facility, Charleston, S.C. "An Analysis of Selected Software Safety Standards", Dolores Wallace, D. Richard Kuhn, and Laura Ippolito, NIST, Gaithersburg, Md. "A Process Representation Experiment Using MVP-L", Carol Diane Klinger, Melissa Neviaser, and Ann Marmor-Squires, TRW, Fairfax, Va.; Christopher M. Lott and H. Dieter Rombach, University of Maryland, College Park, Md. 11:00 a.m. Panel 3 Software in Trial - Liability and Other Legal Issues (A Dramatization) Moderator: Michael S. Nash, Esq., IDA, Alexandria, VA Jay T. Westermeier, Fenwick and West, Washington, D.C., For the Plaintiff To be selected, For the Defendant Richard L. Wexelblat, IDA, Alexandria, Va., As Expert Witness To be selected, Insurer To be selected, Harried Software Developer/Programmer 12:45 p.m. Lunch 2:00 p.m. Session 5 Software Safety Standards "IEEE P-1228: Latest Status", Cindy Wright, DISA, Tysons Corner, Va. "IEC65A, WG9 and WG10 -- System and Software Safety Standards for Programmable Electronic Systems", Victor Maggioli, DuPont, Newark, Del. 3:30 p.m. Awards and Closing Ceremony 4:00 p.m. Conference Closing NIST is located in Gaithersburg, Md., approximately 25 miles northwest of Washington, D.C. The meeting will be held in the Green Auditorium of the Administration Building. Social Functions: A banquet with a cash bar and banquet speaker will be held at the Gaithersburg Marriott on Wednesday, June 17. Transportation: BWI Limo, 301/441-2345, offers commercial van service from Baltimore-Washington Airport to the Gaithersburg area. Call for reservations. Airport Transfer Van Service, 301/948-4515, is available from Dulles International and Washington National Airports to Gaithersburg. The Washington Metro has subway service to Gaithersburg. Metro can be boarded at Washington National Airport. Take a Yellow Line train marked "Mount Vernon Square" to Gallery Place and transfer to a Red Line train marked "Shady Grove" to Shady Grove. Service is every 6 to 15 minutes depending on the time of day. The time from National to Shady Grove is about 50 minutes. The Shady Grove station is approximately four miles from the Marriott Hotel. Driving Instructions: From northbound I-270 take Exit 10, Rt. 117 West, Clopper Road. At the first light on Clopper Road, turn left on to the NIST grounds. From Southbound I-270 take Exit 11B, Route 124 West, Quince Orchard Road. At the second light turn left on to Clopper Road. At the first light on Clopper Road, turn right on to the NIST grounds. To reach the Administration Building, turn left after passing the guard office. Signs will direct you to visitor parking. Transportation will be provided to and from the Gaithersburg Marriott and NIST on Monday through Thursday. Accommodations: Conference registration does not include your hotel reservation. A block of rooms has been reserved at the Gaithersburg Marriott Hotel, 620 Perry Parkway, Gaithersburg, Md. 20877. The hotel phone number is 301/977-8900. The special room rate is $65 single or double. To register for a room, please use the enclosed hotel reservation form and send it directly to the hotel no later than June 1, 1992. After that date the rooms will be released for general sale at the prevailing rates of the hotel. Registration Information Contact: Judy Bramlage, COMPASS '92 Registration 609 Orrin St., SE, Vienna, Va. 22180-4837, 202/512-6210, Fax: 202/512-6451 Technical Information Contact: Robert Ayers, ARINC Research Corporation, 2551 Riva Rd., Annapolis, Md. 21401, Phone: 410/266-4741 Fax: 410/266-4040 COMPASS '92 June 15-18, 1992 Conference Registration Card Advance Registration (before June 1, 1992) ___ Conference Registration (includes 1 copy of proceedings) ___ Proceedings Only ___ Extra Proceedings _____ copies ___ Tutorial #1 ___ Tutorial #2 Name Company Street Address Rm. No./Mail Code City, State, Zip Country Business Telephone IEEE Membership No. Co-Sponsor Name Total Amount US $ Form of ___ Check enclosed made payable to COMPASS '92. Payment (Checks from outside USA should be written on a USA bank.) ___ MasterCard No.________________________Exp.____ ___ Visa No.______________________________Exp.____ ___ Diners Club No._______________________Exp.____ ___ American Express No.__________________Exp.____ Authorized Signature Request for refunds after 1 Jun 1992 will be subject to a $15 admin fee. Registration: Advance Registration (before June 1, 1992) Members Non-Members Students ------- ----------- -------- Conference 250 315 100 Tutorial 50 70 50 Proceedings Only 20 30 20 ************************************************ On-Site Members Non-Members Students ------- ----------- -------- Conference 300 375 100 Tutorial 70 90 50 Proceedings Only 20 30 20 Conference fee includes coffee breaks, lunches and social functions. Please place in an envelope and mail to: Judy Bramlage, COMPASS '92 Registration, 609 Orrin Street, SE, Vienna, Va. 22180-4837 COMPASS '92 June 15-18, 1992 Hotel Registration Card Marriott Hotel, 301/977-8900 Name Company Street Address Rm. No./Mail Code City, State, Zip Country Business Telephone Arrival Date Departure Date Number of Persons Rate: $65 single or double (apply 12% tax to rate). All reservations must be received by June 1, 1992. All room reservations must be guaranteed by a one-night deposit. Deposit will guarantee first night availability, and will be credited to last night of reservation. Deposit refunded if request received 48 hours prior to arrival. Form of ___ Check enclosed made payable to The Payment Gaithersburg Marriott ___ One night deposit enclosed $__________________ Guaranteed by______________________________Exp.____ Card #_____________________________________________ Authorized Signature_______________________________ Please place in an envelope and mail to: The Gaithersburg Marriott, 620 Perry Parkway, Gaithersburg, Md. 20877
Please report problems with the web pages to the maintainer