911 service was disrupted for seven hours for some 25,000 customers in parts of Westchester County NY. Reportedly, police were sent to a telco building in White Plains to investigate, but as they arrived two men were seen wheeling a luggage cart out of the building. It turns out that the men had stolen $1 million worth of computer parts -- whose removal had effectively shut down 911 service. The computer chip boards were valued from $5,000 to $70,000 each. The men were arrested. Apparently, no ambulance delays or other serious consequences were reported. [Source: AP item, 26 Nov 2004: PGN-ed]
On 1 Jan 2005 Germany will switch over from two systems for compensating people who do not work (Arbeitslosenhilfe and Sozialhilfe, money for people who have worked but their unemployment insurance has run out and social services payment for the poor) to a new one, Arbeitslosengeld II, called ALG II or Hartz IV (after the guy who chaired the commission that thought this mess up). In order to make sure that no one hides any assets there is a 16-page application form that needs to be filled out and all sorts of documentation supplied. It takes an official at the public offices about an hour to put all of this information into the central system just for one person. Germany's jobless rate is at about 10% of the population.or 4.2 million people officially registered, I could not find the number of people on Sozialhilfe. The system, however, was not finished on time. The time for starting the data entry kept being slipped. When the data entry began, not all of the workers could enter data at the same time, because the system overloaded. The system has to be rebooted every day at lunch time, because otherwise it would be too slow in the afternoon. (Anyone hear hanging processes screaming?). The data connections are very slow, and sometimes die, taking all of the data entered up until now with them. It can take up to an hour for the data entry station to permit a new logon. If data entered is incomplete (and it often is, as someone missed one of the many questions) the system automatically deletes the record after about three or four weeks. Last week, a software update was put on the central system in Nürnberg, crashing the system so completely, that the backup had to be restored a day later. (At least they had one!). In desperation some office managers pleaded with their workers to do overtime and come in on the weekend to enter data. But there was a fire in the central computing system and no data could be entered at all. Amazingly, they have managed to calculate some of the payouts and send the information to the people receiving them. But since they do not yet have all of the forms and cannot put in all of the data in time, many offices are being forced to just pay people some money in January and figure out later if it was too much or too little. So we pretty much have a great example of everything going wrong that possibly can - one wonders perhaps why Germany has so many of these projects at the moment: this, the TollCollect scheme, the health card proposed for 2006, etc. There's a nice article in c't (in German) on why large software projects don't work in Germany: (c't 23/2004, IT-Großprojekte: Warum so viele Vorhaben scheitern, S. 218) It ranges from people without knowledge of systems deciding what to implement to the politics of procurement. And, of course, a good bit of wishful thinking - hoping that computers can cure problems that have deeper causes. Prof. Dr. Debora Weber-Wulff, FHTW Berlin, Treskowallee 8, 10313 Berlin Tel: +49-30-5019-2320 http://www.f4.fhtw-berlin.de/people/weberwu/
After two accidents involving police cars of Berlin, Germany, at first the drivers were blamed and appointed to a security training. But taking into consideration the driver's nearly identical reports, which claimed that the cars on-board drive dynamic control systems had failed, BMW took on and inspected the case. The result was: Yes, after an emergency brake exceeding a certain preset pressure on the pedal, all stability systems are disabled and can only be re-enabled by switching off the ignition for five seconds... Originating report (German only): http://www.daserste.de/plusminus/beitrag.asp?iid=254 Follow-Ups (German ditto): http://www.autobild.de/aktuell/neuheiten/artikel.php?artikel_id=7348 http://www.autoservicepraxis.de/sixcms4/sixcms/detail.php?id=81192&_topnavi=32454&_zielcb= Stefan Lesser, Muenchen, Burda Digital Systems GmbH, Am Kestendamm 2, 77652 Offenburg, Germany +49 89 9250-3433 http://www.burdadigital.de
Another data point from the *International Herald Tribune* http://www.iht.com/articles/2004/11/11/business/siemens.html The large German engineering conglomerate Siemens AG held a news conference Thursday 11 November 2004 in Munich, in which it said inter alia that its mobile phone division lost €141m in the fourth quarter 2003 (July-September) compared with a profit of €14m in the same quarter 2002. Siemens is reported as saying that the main reason for the loss was a delay in selling the S65 phones to correct a software defect. University of Bielefeld, Germany http://www.rvs.uni-bielefeld.de
The Child Support Agency is a UK Government organisation set up some years ago to trace absent parents and extract maintenance payments to the parents of the children they have abandoned. (In the way of the world, the absentees are usually the fathers, and the abandoned are usually the mothers, but the opposite can occur.) The CSA has never worked well. Under the 'old legislation', the calculation of payments due was complicated and time-consuming, and left little time for staff to trace the absentees and enforce payment. Under the 'new legislation', which went into effect on 3 Mar 2003, the algorithm for calculating payments was simplified to allow more effort to be concentrated on enforcement. To implement the new rules, a computer system was procured from EDS under a contract valued at GBP 456 million over 10 years. On the BBC Radio 4 'Today' news and current affairs programme this morning (Fri 19 Nov 2004), the Work and Pensions Secretary, Alan Johnson, stated that the new computer system is "problematic", but, under pressure from the interviewer, John Humphrys, he admitted that "disastrous" might be a better word. The backlog of cases is growing at 30,000 per month, and has now reached around 250,000 cases. The CSA's debt (money owed to abandoned parents and children) stands at GBP 720 million, and, in addition, GBP 1 billion has been "written off". Of 478,000 absent parents, 417,000 "have not paid a penny". (I presume that these statistics cover the whole life of the CSA under both the 'old' and 'new' systems, and reflect the great difficulty of tracing those who owe the maintenance and enforcing payments, rather than being due solely to recent computer problems.) Applicants are regularly told that their cases cannot be progressed, since certain "incidents cannot be resolved" on the new computer system. So far, only new cases have been entered. 95,000 cases are still stuck on the 'old system'. These applicants should have received interim payments of GBP 10 per week since March 2003, but the 'new system' cannot cope with this, either. Two employees of the CSA were interviewed anonymously. It appears that once an incident has occurred while processing a case, no further work can be done on that case. (For "incident" read "system failure".) One interviewee claimed that the new system "cannot cope with change". For example, if a couple decide to get back together (which happens, and which means that maintenance payments no longer need to be enforced), there is no way of entering this information into the system. The underlying problem seems to be an inadequate requirements specification. Alan Johnson blames EDS. (The CSA has withheld GBP 1 million per month from payments due to EDS under the contract, to a total of GBP 12 million so far.) Tony Collins of Computer Weekly said that, in his opinion, the responsibility lay 50/50 between customer and contractor, and that CSA probably did not know what they wanted, and their requirements were therefore unstable. On Wednesday, Alan Johnson faced tough questions in Parliament. On Thursday, the chief executive of the CSA resigned. According to Johnson, this was just because he had been in post for four years. (Presumably he wanted to spend more time with his family!) Another triumph for UK Government IT procurement! The official CSA website is: http://www.csa.gov.uk/ This includes a description of the method of calculating payment due. To hear the brief report from the Today programme on Wed 17 Nov 2004, visit: http://www.bbc.co.uk/radio4/today/listenagain/zwednesday_20041117.shtml To listen to a summary of the background to the problem, and (in a later item) the Work and Pensions Secretary, Alan Johnson, wriggling on a hook, on Friday 19th November, visit: http://www.bbc.co.uk/radio4/today/listenagain/ and follow the links. Peter Mellor, Centre for Software Reliability, City University, London EC1V 0HB +44 (0)20 7040 8422 Pete Mellor <firstname.lastname@example.org>
I live in River Forest, IL, a Chicago suburb. The November 10th, 2004 edition of our local paper, The Wednesday Journal, contained coverage of a development review board meeting for some new construction. The architect for the construction had done a computerized "Shadow Study" to determine how the new construction would impact the area. The study simulated conditions on Jun 20 and Dec 20. Here is the section relevant to RISKS: When Nimesh said that long shadows were present at 6 p.m. in the 20 Dec simulation, DRB chairman Frank Martin look at him for a second, then said 'It's dark at 6 p.m. in December." "The software's not perfect," replied Nimesh after a moment's hesitation. I would suggest that the user needs a little work too. Checking your answers for reasonableness is always a good practice, even if you aren't using a computer. And old physics teacher of mine enjoyed showing a physics problem to students to see if they'd spot what didn't make sense. The problem, which involved a door, had originally used English units, but was later converted to metric. However, the units were changed without changing the values. The door was 7 meters tall, with a doorknob 3 meters up.
Wanted by the Police: A Good Interface, Katie Hafner, *The New York Times*, 11 Nov 2004 http://www.nytimes.com/2004/11/11/technology/circuits/11cops.html?pagewanted=print&position= http://www.nytimes.com/2004/11/11/technology/circuits/11cops.html ?pagewanted=print&position= San Jose has a reputation as one of the safest large cities in the nation, with the fewest police officers per capita. Yet a number of the 1,000 officers in this city of 925,000 in the heart of Silicon Valley have been worrying about their own safety of late. Since June, the police department has been using a new mobile dispatch system that includes a Windows-based touch-screen computer in every patrol car. But officers have said the system is so complex and difficult to use that it is jeopardizing their ability to do their jobs. [...] This article reads like a casebook for your class Risks 201: "How NOT to build a system..." "Do you think if you're hunkered down and someone's shooting at you in your car, you're going to be able to sit there and look for Control or Alt or Function?" said Sgt. Don DeMers. A) Single-tasking. Recall the Star Trek spoof when Data can't shoot back because his console has a rotating hourglass as he raises shields....? B) Non-intuitive. C) Too much data for the audience. D) No consultation with end-users. "We know what's best for you.." Now I'll grant cops can be tough crowd for technology; I recall decades ago explaining to several, in slow detail, how you adjusted the squelch control, and yes, it DOES matter if you put the mike up to your mouth. [Several would leave it on the dash and just yell...] But the vendor should KNOW that. PS: As for Sgt. DeMers, maybe Mr. Clippy will show up and help him out....
This just strikes me as having a risk: http://reuters.excite.com/article/20041117/2004-11-17T134519Z_01_N15284347_RTRIDST_0_ODD-LIFE-HUNTING-DC.html http://reuters.excite.com/article/20041117/ 2004-11-17T134519Z_01_N15284347_RTRIDST_0_ODD-LIFE-HUNTING-DC.html Hunters soon may be able to sit at their computers and blast away at animals on a Texas ranch via the Internet, a prospect that has state wildlife officials up in arms. A controversial Web site, http://www.live-shot.com, already offers target practice with a .22 caliber rifle and could soon let hunters shoot at deer, antelope and wild pigs, site creator John Underwood said on Tuesday. Texas officials are not quite sure what to make of Underwood's Web site, but may tweak existing laws to make sure Internet hunting does not get out of hand. [Excerpted from Jeff Franks, Reuters, 17 Nov 2004] [Guncams instead of webcams as the next rage? AG] [Don't forget the Internet Web-enabled Thai robot that could aim and fire a gun (RISKS-21.02). PGN]
First it was blocking e-mail from countries one never expects to get mail from (even though one unwittingly sends mail to there, expecting replies). Now some websites don't even allow browsers from lesser countries to connect. "Who from there would need to read our website? They're all just spam bots." So next time you go abroad, you might find yourself locked out of familiar websites, and not just during elections, e.g., http://news.bbc.co.uk/1/hi/technology/3958665.stm
No, I don't think the brass hats should read old SF. They'd curl up with Heinlein and the next thing you know, hard service in Iraq would be a prerequisite for citizenship. They'd read the first chapter of Ursula LeGuin's The Left Hand of Darkness and throw up at the very idea of people changing their sex. I'd recommend the Cambridge History of Iraq, instead, because therein one reads of British redcoats, roaring about the desert in the exact same way as us, in 1921, egged on by lunatics including T. E. Lawrence and Gertrude Bell. An analysis of what it means to be "responsible" for a software system is needed, including the ways in which digital systems designers have historically limited their liability. It would show that no bright line can be drawn between "my responsibility" and "someone else's". A simple example from the history of ordinary software illustrates. When I started coding, my boss of course had me do a lot of maintenance in addition to development, and I was shocked to see that the older programmers' code had all sorts of bugs causable by invalid input. I extended my own boundary and that of the legacy code by adding error checks, thereby gaining a reputation in some jobs as an ivory tower theorist, or something, despite the fact that error checking is grubby praxis, and not theory. I believe that the Bush administration wants power without responsibility, and in software this has been the typical administrative/MIS gesture of authorizing the development of crud. In dark moments I wonder if the whole purpose of software is not rhetorical and not logical, to manufacture a post-Enlightenment consent which necessarily contains the memory of Enlightenment. Military standards, of course, are much higher, as shown in the Ada language. But the very precision of the process draws a bright line around responsibilities which have in the past, excluded military responsibility for "legacy code" in the form of land-mines and unexploded ordnance. And as a confirmed civilian, watching Marines fire over Najulla's walls exactly as they were filmed at the Citadel in 1968, I find it hard to believe that they are worried about the existing laws of war, or will pick up after themselves when the battle is over, if it ever is. We may discover that one's responsibility extends so far in fact and in ethics that the only RATIONAL response is an end to war. Gee, how about that.
Scott Sagan has written a fascinating article entitled The Problem of Redundancy Problem: Why More Nuclear Security Forces May Produce Less Nuclear Security, which appears in the current issue of *Risk Analysis*. This article is quite provocative, and also illustrative of the profound difficulties we have in designing trustworthy organizations to manage highly dangerous technologies. After a little browsing, I found this paper noted on his Web site at http://cisac.stanford.edu/people/2223/ Scott has long been studying and writing about risks-related issues that transcend the scope of what normally appears in RISKS. Scott D. Sagan, Professor of Political Science email@example.com Co-Director, Center for International Security and Cooperation (CISAC) Stanford Institute for International Studies, Encina Hall 616 Serra Street, Stanford University, Stanford, CA 94305-6165 (650-725-2715) phone http://cisac.stanford.edu
BKWARDRV.RVW 20040823 "WarDriving: Drive, Detect, Defend", Chris Hurley/Frank Thornton/Michael Puchol, 2004, 1-931836-03-5, U$49.95/C$69.95 %A Chris Hurley %A Frank Thornton %A Michael Puchol %C 800 Hingham Street, Rockland, MA 02370 %D 2004 %G 1-931836-03-5 %I Syngress Media, Inc. %O U$49.95/C$69.95 781-681-5151 fax: 781-681-3585 www.syngress.com %O http://www.amazon.com/exec/obidos/ASIN/1931836035/robsladesinterne http://www.amazon.co.uk/exec/obidos/ASIN/1931836035/robsladesinte-21 %O http://www.amazon.ca/exec/obidos/ASIN/1931836035/robsladesin03-20 %P 495 p. %T "WarDriving: Drive, Detect, Defend" Chapter one is an introduction to the concept, with a discussion of required components, and the relevant characteristics thereof. Installing NetStumbler is described in chapter two, with operating instructions in three (which also repeats some of the earlier advice on component choice). Kismet installation is detailed for Slackware in chapter four, Fedora in five, and the operations are listed in six. Screenshots of using StumbVerter (and Microsoft MapPoint) or DiGLE to produce maps with the data previously obtained are shown in chapter seven. Chapter eight describes, in detail, how to organize your own wardriving contest (including an eight page Perl script for scoring results). Simple means of attacking and connecting to wireless networks are given in chapter nine. Screenshots of dialogue boxes for enabling basic security features on the major wireless routers are listed in chapter ten. Some features providing more advanced security are discussed in chapter eleven. The material provided in the book is clear, and will provide you with enough information to start wardriving and connecting to other networks. The content is fairly rudimentary, though, without the background information of a work like "Wireless Hacks" (cf. BKWLSHCK.RVW), by Rob Flickenger, which would allow the reader to go further in both understanding the technology and defending wireless networks. copyright Robert M. Slade, 2004 BKWARDRV.RVW 20040823 firstname.lastname@example.org email@example.com firstname.lastname@example.org http://victoria.tc.ca/techrev or http://sun.soci.niu.edu/~rslade
COMPUTERS, FREEDOM, AND PRIVACY CONFERENCE: Panopticon 2005 12-15 Apr 2005, Westin Hotel, Seattle, WA http://www.cfp2005.org The 15th annual conference on Computers, Freedom & Privacy takes place from Wednesday 12 Apr to Friday 15 Apr 2005, in Seattle, Washington. The Program Committee is now accepting proposals for conference sessions and speakers for CFP2005. The deadline for submissions is 31 Dec 2004. CFP serves as an internationally recognized forum for the members of the technical, government, hacker, legal, business, education, media, cyber-rights, and non-profit communities to address cutting edge technical, business, legal and cultural issues. Programs, topics, and speakers from prior years' CFP conferences can be found at: www.cfp.org The CFP2005 Program Committee welcomes proposals on all aspects of technology, freedom and privacy. We are particularly interested in receiving proposals that ask the hard questions about privacy and freedom in emerging surveillance societies, and challenging those assumptions. For example, how much surveillance is too much? When does surveillance cease making us more secure and begin to change the fabric of society? The theme of the 15th CFP is "Panopticon 2005." Over time, and particularly recently, surveillance of ordinary citizens has increased to dramatic levels. Not only are governments watching more aspects of their citizens' lives, but those in the private sector are increasing surveillance of people as well. Often lost in the race to "increase intelligence" are discussions about different approaches to address problems like the threat of terrorism that are equally or more effective, but do not involve extensive and constant surveillance. Other areas of interest include: 1. domestic and international travel issues 2. communications surveillance 3. children and young adults growing up in a surveillance society 4. social networking 5. the flourishing of free speech (i.e. blogging) in spite of increased watchfulness 6. RFIDs and other emerging technologies 7. Intellectual property issues All submissions must be received by 31 Dec 2004. Complete submission instructions appear on the CFP2005 Web site: www.cfp2005.org
Please report problems with the web pages to the maintainer