Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
It is often difficult to decide whether an action carried out really is a fault of omission or commission. As is so often said, many program failures are due to not considering a possible set of circumstances, which when it occurs causes the program to act improperly. In such cases, the damage is certainly an act of commission, but the real failure is the omission to predict the failure. I think that any attempt to distinguish formally between om/comm-ission is likely to lead to sophistic arguments distracting attention from the real cause of the problem. Another unproductive approach seems to be suggested by something PGN said in RISKS-2.27: > A fine example of the risks having to include people, not just > computers, and of a more pervasive role of the computer than meets > the eye — indeed a more human-oriented computer system might have > helped! Thus, even though it appears NOT to be a computer problem, > we discover that the computer could have done better! There are very few cases where a system which has failed could NOT have done better, so saying it doesn't advance our understanding. It seems that because RISKS is about computer risks, then we will do our best to find a computer cause for every failure. (Remember the immediate speculation after the Shuttle disaster about how a computer could be shown to be responsible). Surely RISKS should concentrate on failures that occur because of computer involvement but which would not have occurred with a human-only system, because systems are always going to fail. As Murray.pa@xerox pointed out in RISKS-2.21, there are risks involved in not using computers, where such use can lead to saving lives: if a system is doing superb work 99% of the time, it is fruitless to pick on the 1% failure, and jump on the bandwagon saying "Ohhhhhh, the computer's run amok, isn't it terrible". We must keep risks and benefits in perspective. As PGN finished off: > But, of course, don't blame the computer system. > Blame the people who specified, designed, and > implemented it — not JUST the train operator(s). This is the heart of the matter - we are looking at the risks (presumably) so that we humans, the makers of systems, can avoid the same mistakes, not just for the malicious pleasure of beating the drum about somebody else's shortcoming. (So maybe I don't disagree with PGN after all).
One thing keeps nagging at me after reading your explanation of RSOs and IIPs. I suspect it's more from my lack of knowledge about trajectories and launching things and such than anything else. Anyway, here goes... You said several times that if the IIP ever crosses the "safety lines" then the missile should be destroyed. What I'm confused about is this: does this mean that under "normal" circumstances the IIP never crosses these lines, or do you mean the missile should be destroyed only if something is "wrong"? It seems to me (again I know very little about launching things and such) that if the IIP can never go "that way" then you are limited in the directions you can send a rocket (come to think of it I guess I've never heard of a launch going "back" over the U.S. to get somewhere...). Also, where does the consideration of the IIP stop? Something sticks in the back of my mind that the shuttle flies over land masses (isn't there someplace in Rota, Spain where they can abort?). If it does, does this mean the IIP itself never touches the land masses, or does the IIP become less important after the missile reaches a certain speed/altitude/trajectory? Thanks, --Dave Curry
In pursuit of new directions for the RISKS forum, and in response to
a recent article in the New Yorker Magazine, I bring up the subject of the
risks inherent in the complex systems in which we live. We've probably all
heard talk about how few hours New York City could survive without power/
water/subway/ etc, but perhaps it is worth discussing in this forum.
The article in the NYM is written from the perspective of a resident
of a self-sufficient rent controlled apartment in the Village, who feeling
quite smug about his castle, suddenly notices all the holes in the wall.
There is the hole letting in electricity, the one for natural gas; there are
lines for taking out the sewage, and lines bringing in fresh water.
This writer wonders where these lines lead. He then takes us along
in his search to James Bay in Canada, where New York gets some of its
electricity from hydroelectric plants. He takes us to Arizona, where some
of the uranium for the Indian Point reactors is mined. He takes us to
Brazil, where Con Ed gets the low quality diesel oil to burn to make
electricity.
Similarily, he takes us upstate to the many reservoirs which supply
New York with its world famous water. He follows the gas mains to Louisiana.
And so on.
I offer to the risk readers the question, How intelligently are we
managing the risks assumed by the creation of our complex cities? We build
systems so that millions of people can live in areas that are really
deserts. What risks exists because of the creation of a L. A. that relies
on 500 mile aqueducts to supply life-critical water? Who is in charge of
insuring adequate safe guards? Budget conscious, 2 year term politicians,
or life time members of water boards? The ramifications of any single
failure of a utility system can probably be maintained via such a board that
takes the long view and has the capitol to implement long term strategies.
But what about the interdependencies of utilities? What would a
water shortage do to a nuclear power plant, that perhaps required cooling
water that simply wasn't available? What would a collapse of the telephone
system do to a natural gas distribution system that used remote pressure
regulators that were controlled via telephone links?
What organizations exist to worry about such things, so I rest assured
that there is no problem, and get some sleep at night?
What inter-system crashes are the readers aware of, that they might
share with this list?
Date: Wed 19 Mar 86 17:54:33-PST
From: RISKS FORUM (Peter G. Neumann, Coordinator) <RISKS@SRI-CSL.ARPA>
Date: Wed 19 Mar 86 16:34:28-EST
From: "Sidney Markowitz" <SIDNEY%OZ.AI.MIT.EDU@XX.LCS.MIT.EDU>
Subject: Two more mailer problems
To: risks@SRI-CSL.ARPA
1) I did not personally see this, but I was told that Symbolics briefly
introduced a new feature in their mail program with the current release of
the operating system. It was a new header line that a sender could use to
include graphics as part of the mail message. This was implemented by
having the header line include a lisp expression that would be evaluated
(executed) when the receiving mailer loaded the message for display.
Somebody pointed out the other possible ways in which an arbitrary piece of
executed code in a mail message could be used, and that feature was dropped
very quickly.
This is utterly and wholly false. No one here would be so naive.
Bernard S. Greenberg, Symbolics, Inc., Cambridge, Mass.
The Netherlands uses a similar system of raised impressions. High
denominations are distinguished by different symbols (e.g. the H.Fl 50 note
has a raised triangle, while lower notes such as the 10 and 25 have dots).
I'm afraid I don't know what the new H.Fl 1000 notes have --- I don't see
them very often :-). Britain, on the other hand simply uses different sizes
of paper for different denominations, as does West Germany.
Nigel Roberts, Reading, England
[Different sizes of paper don't help the visually handicapped
discriminate copy-machine products from originals.... PGN]
With all the talk about fooling the visually impaired by altering
raised marks on bills or the magnetic ink, has anyone considered how small a
population they are dealing with? My uncorected vision went beyond legally
blind twenty years ago and has continued to go down hill since then.
Without my glasses I can not see the eyechart much less any letters on it
(with my glasses I can just scrape by a driver's eye exam). So I conducted a
test here with my glasses off I was able to distinguish between a five and a
one dollar bill at 6 feet (much further than arm's length).
So the population that could be fooled by such means I would say is
relativlysmall, too small to it be worth anyones time and effort to steal
from them. It would also be risky. Most people remember where it is that
they get money from and where they have bought things. Anything larger than
a $20 I definitely know where I got it. The error would be picked up by any
sighted person dealing with the blind person not just an expert in
conterfeit detection thus the altered bill would be rapidly discovered. So
a person using this scheme would have to be constantly on the move and not
collecting very much for his efforts. For most large puchases people use
creditcards or cashiers check. Purse snatching or mugging would yield a
better risk and effort vs profit ratio.
The point I hope I made is that thinking of methods to get around
marking intended to help the blind is an interesting mental excercise but
none of the methods thought up is a reason for not putting aids to the blind
on currency. (really a blind customs agent? How many are there and how
would you guarentee you got him? With my luck he would call in sick that
morning and then I would really be in trouble.) A better reason for not
using such aids is the small number of people who would benefit by it, but
then you should consider the number of would be conterfeiters it might
frustrate into trying other means of getting rich quick. That would be a
good systems trade off problem.
[Come on, now. You think the example of the blind customs agent was
serious? I was trying to give you an example where reducing the value
consituted a risk. The problem is one of vulnerabilities. Pacemakers
and automobile microprocessors are fine. But there are some very
serious risks that must not remain unconsidered. Of course there are
advantages to currency interpreters. But are they designed so poorly
that they accept blank pieces of paper with funny symbols embossed on
them? Do they introduce new risks that never existed before? PGN]
We are preparing a study about the psychological and sociological consequences
if young people have intensive contacts with (home-) computers. So, we are
looking for empirical studies (in wide spread) dealing with that subject.
Especially we are searching for articles about
- different methodological approaches (e.g. analytical, ethnological,
qualitative and quantitative aspects ...)
- empirical designs and ideas
- results.
If you have any information (or know anyone who has) please help us.
Contact HARALD BAERENREITER, Fernuniversitaet, Arbeitsbereich Allgemeine
Soziologie, Postfach 940, D-5800 Hagen, F.R.G., or NETMAIL to FROM: field.
Thank you for being so helpful. Harald.
Please report problems with the web pages to the maintainer