Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
On 22 Jul 1996, the Johannesburg Stock Exchange's automated trading system, JET, failed for the second time this month (*) (Source: *Johannesburg's Business Day* newspaper of 23 July). Fully automated trading only started on 10 June. After only forty minutes trading, the system failed as did the backup system, and did not come up again that day. Only R56m worth of trade was done, versus the average daily trade of R400m (R4.4 = US$1). Brokers complained of three negative consequences of this: - the loss of margins on trade (although that would be partially offset by greater trades the next day) - leaving many positions open for extended periods at a time of great stock market volatility both nationally and internationally - loss of foreign investment confidence in the JSE (**) *Business Day* of 24 Jul 1996 quoted the president of the JSE as saying that problems had been fixed and that there were no problems in trade on the 23rd. He described the error as an "an obscure network bug in the special coding written for the decentralised SA network".(***) Comment: * The first failure, on 1 July, was attributed to "human error". ** The article said that the system was supplied by the Chicago Stock Exchange, and that it had been fixed by "technicians from the Chicago Stock Exchange". I would have thought that this would cause investors to worry more about the Chicago Stock Exchange. *** I wonder what a non-obscure bug would be, if an obscure one stops trading on a large stock exchange (13th by market capitalisation, I believe) for almost a full day. Hopefully all of this will help our Dependable Computing group raise funds from industry. Scott Hazelhurst, Dept. of Computer Science, University of the Witwatersrand, Johannesburg, 2050 Wits, South Africa +27 11 716-3806 email@example.com
Devoted and casual RISKS readers will both want to dig up the 24 Jul 1996 edition of the *Wall Street Journal*, which has two very important stories on the front page. The first is a followup to the digital cash heist where about one half a billion dollars disappeared through counterfeit cards used in Japanese Pachinko parlors. The story notes that the idea to use cards could be traced to a CIA briefing that suggested that the North Korean government was building nuclear weapons with money laundered through pachinko parlors controlled by Koreans living in Japan. The cards were supposed to bring accountability and traceability. Instead billions of yen disappeared. The article leaves the impression that the money ended up in Korea, although no one can really be sure of anything except that it is gone from the balance sheets of the corporations that developed the cards. The second article describes how static electricity is beginning to be a real problem. The opening image comes from a room where the votes on a new tax levy were being tallied by computer. The first run of the computer showed the new tax being rejected by the voters. OOOPS. A bit of anti-static magic fluid was spread around the computer and the second run showed the new tax passing much to the relief of the people in power. The article goes on to say other interesting things about static, leaving RISKS readers hanging: How do they *know*a which is the correct count? I bet I can guess which choice ended up being official.
An article in the Swedish newspaper, *Svenska Dagbladet* (23 Jul 1996, http://www.svd.se/svd/ettan/X0006_Grnsvrden.html) by Annika Carlsson notes that Sweden will not establish limits for electrical and magnetic fields. Instead, the government has agreed on a "policy of watchfulness" (foersiktighetspolicy). The article notes that, when a choice is possible, one should choose technical solutions that yield the lowest electrical and magnetic fields. Lars-Eric Paulson, researcher at SSI (The National Radiation Protection Institute) stated: "We lack necessary research. When we started working two years ago, we thought that research would yield limiting values, but this couldn't be accomplished." Research did determine, however that, among the approximately 70 Swedish children that get leukemia every year [out of a population of about 9 million], one case is due to large electric power transmission lines. [Note: I'm unsure of the proper translation here. A literal translation would use "depends on" where I wrote "is due to." This would seem to be a rather strong statement.] Furthermore, about ten people per year get cancer because of "wandering currents." I.e., electric currents that choose a path different than what is intended, thus causing a doubled electric field: partially from the wandering current and partially from the electric wiring. The lack of a national policy has led to different approaches. For example, Solna, a suburb of Stokholm, choose to run a major electric transmission underground even though, as Lars-Eric Paulsson notes. this wasn't recommended on electric field suppression grounds. However, Solna chose the more expensive alternative because of social and psychological concern for the residents in the transmission line's path. According to SSI, no other country has set limits for electric and magnetic fields. The value of 0.2 micro-Tesla has been used at times, but there is no evidence that more intense fields are dangerous. [Please excuse my clumsy translation.] Martin Minow, firstname.lastname@example.org (former resident of Solna)
I don't know if this is true, but it sounds plausible. [Similar cases have been reported previously in the RISKS archives.] <>From: Archie Russell <archier@gulag.CS.Berkeley.EDU> <> <>"For several months, our nurses have been baffled to find a dead patient in <>the same bed every Friday morning" a spokeswoman for the Pelonomi Hospital <>(Free State, South Africa) told reporters. "There was no apparent cause for <>any of the deaths, and extensive checks on the air conditioning system, and <>a search for possible bacterial infection, failed to reveal any clues." <> <>"However, further inquiries have now revealed the cause of these deaths. It <>seems that every Friday morning a cleaner would enter the ward, remove the <>plug that powered the patient's life support system, plug her floor polisher <>into the vacant socket, then go about her business. When she had finished <>her chores, she would plug the life support machine back in and leave, <>unaware that the patient was now dead. She could not, after all, hear the <>screams and eventual death rattle over the whirring of her polisher. <> <>"We are sorry, and have sent a strong letter to the cleaner in question. <>Further, the Free State Health and Welfare Department is arranging for an <>electrician to fit an extra socket, so there should be no repetition of this <>incident. The enquiry is now closed." <> <>from (Cape Times, 6/13/96) <>BTW, the headline of the newspaper story was, "Cleaner Polishes Off <>Patients." Mike Crawford email@example.com http://www.scruznet.com/~crawford/
A security employee at the Hospital of St. Raphael in New Haven apparently disclosed a security access code (password?) for telephone access to DMV records, supposedly to be used only to check records following accidents or car breakins on the hospital campus, but of course providing access to all DMV records. The access code should not have been disclosed, and the employee's code and all other hospital codes have been cancelled, pending review. [Source: *Hartford Courant*, 25 July 1996, PGN Abstracting] Edward Fischer, Director, Information Systems, Post-Newsweek Stations, Inc. 3 Constitution Plaza, Hartford CT 06103 (860) 493-2522 firstname.lastname@example.org
The following article was included in "The Globe and Mail", a Toronto, Canada newspaper on Monday, July 22 (p.1, Section C): >From Neil A. Campbell of the Globe's Olympic staff: "In an effort to be on the cutting edge of the Games, one of my $20 bills was exchanged last week for a $20 VISA cash card. The Olympics are being used to hype this new product, which is basically an Interac card without the PIN number. Just about everybody in Atlanta is supposed to be accepting VISA cash cards but the $20 card is unblemished because the only merchant who knew anything about it had a machine that wasn't working. Colleague Jan Wong was able to buy two coffees with her $5 card. But VISA cash can't be combined with real cash, so she is currently wandering Atlanta searching for something that costs $1.44, including tax, so she can kiss off VISA cash forever." from Heather Hinton, email@example.com
Among all problems that are embarrassing the ACOG, some are really funny, as the *Toronto Globe and Mail* reports today: Results were flowing faster yesterday, but the Info '96 database, which is supposed to provide biographical information to journalists and others, was still shaky. Biographies of many famous athletes, including U.S. long jumper Carl Lewis, were unavailable, and information on others was so poor as to call the whole system into question. Lisa Neuberger, a sailor who carried the flag for the Virgin Islands at the opening ceremonies, is listed as being 95 years old. Sule Olaleye of Nigeria is the 125th-ranked table-tennis player in the world. It is no wonder he is so unaccomplished--the computer insists he is only 17 centimetres tall. The risks of depending on computers is that they tend to make you older, shorter and probably fat and bald, too. Dr. Jose Reynaldo Setti, Universidade de Sao Paulo, Dept. of Transport Engineering 13560-250 Av. Carlos Botelho, 1465, Sao Carlos, SP Brazil
While I'm not an expert in encryption, I have been following the on-going discussions on increasing standards. It seems to me that there's a broader risk that we're ignoring. It really hit home the other night... A friend and I were having dinner, and since he knows that I work with computers for a living, he asked what I thought about taking customer orders through his web site. He had heard something about credit cards not being secure and wanted to know what I thought. I made the mistake of asking him how he put handles computer security in general. He says that he uses the internet to send new product designs and costs to and from his manufacturers. If he feels they are *really sensitive* he uses a disk compression program with password protection. Then, for large files, he has his *computer person* copy the files to a directory on his web site - and he e-mails the location and password to the intended recipient. He *makes sure there's no link pointing to the file, so nobody can find it* and then deletes it after the recipient has acknowledged receipt. The risk here is obvious - the discussion of 100+ bit encryption is lost on this guy - he uses little or no encryption for data protection. Although maybe we can find a lesson here, that anonymity is still the best policy.
Today (24 Jul 1996) here in Berlin, the local newspaper *Der Tagesspiegel* published some facts from the final inquiry report about the Ariane-5 disaster on 4 Jun. This report was officially released on Tuesday, 23 Jul. In accordance to the report the Ariane-5 crash was caused by a faulty software. 37 secs after lift-off no information about present position and course was available. The data was to be delivered by a redundant set of Inertial Reference Systems (IRS). But two of these platforms (subsystems) failed. This failure was not(!) considered by the test software which ran before the lift-off. The official inquiry commission found out that the IRS was designed for the preceding model, Ariane-4. That's why on 4 June 1996 a function was called that was supposed to align the missing Inertial platforms. But: This function was not necessary for Ariane-5! However, this alignment function overloaded the computer, and as a result, the necessary data was not delivered. "This [design, JPM] fault could have been discovered", Mr. Wolfgang Kubbat (Darmstadt U of Technology) as a member of the inquiry commission was cited. The vice chairman of the commission, Mr. Lennart Luebeck, emphasized the demand for better and more realistic tests. The president of the European Space Agency (ESA), Mr. Luton, said that there won't be a discussion on the system architecture [of Ariane-5, JPM]. He estimates a total cost rise for the program of about 2 to 4 percent (current state: 37 billion FF/ 11 billion DEM). The next launch of a Ariane-5 is considered for spring 1997. Jan-Peter Munk (student), Daimler-Benz AG, Research and Technology Alt-Moabit 96a, D-10559 Berlin munk@DBresearch-berlin.de JPMunk@t-online.de [BTW, The brief quote cited in RISKS-18.27 by Pat Lincoln was followed in the full text by this: > The extensive reviews and tests carried out during the Ariane > 5 development programme did not include adequate analysis and > testing of the inertial reference system or of the complete flight > control system, which could have detected the potential failure. > Despite the series of tests and reviews carried out under the > programme, in the course of which thousands of corrections were > made, shortcomings in the system approach concerning the > software resulted in failure to detect the fault. It is stressed that > alignment function of the inertial reference system, which served > a purpose only before lift-off (but remained operative afterwards), > was not taken into account in the simulations and that the > equipment and system tests were not sufficiently representative. http://www.esrin.esa.it/htdocs/tidc/Press/Press96/press33.html PGN]
Tracy Pettit wrote an interesting piece in RISKS-18.27 on the US power grid and it vulnerabilities. I want to take issue with one point however, namely that setting electricity rates in a market will lower reliability. [...] I think a market based approach might let us discover a better balance between cost and reliability. The bond market is a good analogy, the cost of US treasuries for a given rate is higher than corporate bonds since people are willing to pay more for the reliability of government bonds (please, no laughing). Similarly, many consumers of electricity (municipal distributors) will probably be willing to pay a bit more for power from a utility that has a good reliability record. Others might go after the cheapest power possible, even with outages, to perform tasks that are not time critical like pumping water into a reservoir or charging electric cars. You might get an increase in reliability if redundant networks of different grades of power start to appear. The overall impact on reliability is difficult to say, but it might actually improve. Mark Stalzer, firstname.lastname@example.org
The Massachusetts Department of Public Utilities is currently undergoing a comment period regarding their proposed rulemaking on unbundling electric producers from transmission companies. If you act quickly you can get your comments submitted in a timely fashion. The brochure they had inserted in my electric bill says "The CPU will work to ensure that the new system will be as safe and reliable as the current structure." Where I live (fairly rural town), I estimate that the electric service is about 99% reliable; i.e., about 8 hours downtime/year. Not so good. While most outages are fairly short (~1 hour), each year we seem to get a major outage (~6 hours). Thus, I own a rather large generator, and I do use it. It is my understanding that most of our outages are transmission-related and are due to weather or motor vehicle accidents. The proposed rules are online at "http://www.magnet.state.ma.us/dpu/". The public comment period ends on August 2, 1996. The E-mail address for comments is: "email@example.com". The postal address for comments is: Mary Cottrell, Secretary RE: DPU 96-100 Department of Public Utilities 100 Cambridge St Boston, MA 02202 USA Paul Green, Sr. Technical Consultant, Stratus Computer, Marlboro, MA.
>The main emphasis is on the unintended side effects of human introduction >of items alien to the culture or environment Keep this in perspective. The complexity of everyday life in developed countries is much simpler than the complexity of everyday life for Man in the wild. Without our technology, we would spend a lot of time fending off our natural environment (including germs, lice, and predators) and feeding ourselves (hope for global temps to rise to normal so there's more food and more large animals to hunt). Scot E. Wilcoxon firstname.lastname@example.org
RISKS of books about RISKS? In RISKS-18.27, Don Norman recommends Edward Tenner's "Why Things Bite Back" as a fine book on the unintended consequences of technology. While I am inclined to agree that it makes a diverting light read, I would not commend it for serious perusal. As Caitlin Burke's review of this book (which may be found at http://www.thenetnet.com/) makes clear, Tenner is somewhat confused by his subject matter, and is prone to undermining his own points through the lightweight treatment he devotes to them. [Caitlin Burke <email@example.com>] The most notable instance of this she cites is Tenner's coverage of Post-Traumatic Stress Disorder (PTSD). Tenner suggests that the improved ability of the military to treat wounded soldiers and return them to service was a major factor the high incidence of PTSD, making no mention of much more important issues such as the nature of the training soldiers received, their youth, or disapproval of the war "back home". While Tenner's proclivity towards undermining the ironies he seeks to expose through the introduction of unintended ironies of his own is unfortunate, his book is an enjoyable, and largely (even studiously) uncontroversial, romp. One final caution is, however, in order: "Why Things Bite Back" focuses much more on biological issues than on those relating to computers, and as such may not provide substantial grist for the mills of RISKS readers.
Please report problems with the web pages to the maintainer