On the order of 4000 students taking the October 2005 Scholastic Aptitude Tests (SATs) received scores lower than they should have been, due to unexplained "technical problems". Some scores on the reasoning section were as much as 100 points too low (out of 800). This may be unfortunate for those students, considering that the final acceptances and rejections are being decided before the affected universities have been notified. Similar scanning problems were noted in an earlier SAT chemistry test, although on a smaller scale. [Source: Karen W. Arenson, *The New York Times*, 8 Mar 2006, National Edition A16; PGN-ed] http://www.nytimes.com/2006/03/08/education/08sat.html
A day after the College Board notified colleges that it had misreported the scores of 4,000 students who took the SAT exam in October, an official of the testing organization disclosed that some of the errors were far larger than initially suggested. ... Chiara Coletti, the College Board's vice president for public affairs, said that 16 students out of the 495,000 who took the October exam had scores that should have been more than 200 points higher. "There were no changes at all that were more than 400 points." [Source: Karen W. Arenson, *The New York Times*, 9 Mar 2006] http://www.nytimes.com/2006/03/09/education/09sat.html?ex=1299560400&en=ada0b50e98bcfb5f&ei=5090
Pearson Educational Measurement suggests that wet weather may have caused the 4000 affected test results, blaming abnormally high moisture for expanding the paper so that it could not be read properly at a scanning center in Austin TX. The test on 8 Oct 2005 coincided with the beginning of heavy rains in the Northeast, from where most of those tests came. (As much as 10 inches fell on New Jersey.) [Source: AP item on 10 Mar 2006.]
Perhaps relevant to Don Norman's research on human interfaces, Elke den Ouden's thesis at the Technical University of Eindhoven concluded that half of all supposedly malfunctioning products returned to stores were in reality in full working order, but just too complex to be operated successfully. She also noted that the average U.S. consumer will spend a maximum of about 20 minutes trying to get a newly acquired electronics device to work before giving up. http://abcnews.go.com/Technology/wireStory?id=1693288
Drivers in Missouri discovered that the onboard chips that monitored their auto emissions could fail, causing certification failure, and could then then be an unbelievable bother to reset: Alter got a "drive cycle," or a step-by-step recipe to reset the car's computer by driving 10 minutes or more at 50 to 65 mph, then coasting down to 15 mph without hitting the brakes until the car reaches 20 mph. Then he had to stop and let the car idle for 50 seconds or more before taking the car back up to highway speeds, then gradually slowing until the car came to a stop. Nothing. The car still was rejected. Nine times in all. "It was like, well, what do I do now?" he said. "I am driving around, doing this, putting (a couple hundred) miles on it. So is it inconvenient? Yeah. A big inconvenience. The amount of gas I wasted. And my time." Finally, he discovered a shop whose repair technician drove his car while monitoring its readiness codes with a mobile computer. Once the codes reset, the technician took the car for a test. The cost: $120 for two hours of the technician's time. Illinois test officials say they see the problem in about 1 percent to 2 percent of all on-board diagnostic tests. Sources: *St. Louis Dispatch*, 25 Feb 2006 <http://www.stltoday.com/stltoday/news/stories.nsf/stlouiscitycount=y/story/C1B49084DF769D42862571200022E77F?OpenDocument> New Market Machines <http://blogalization.nu/marketmachines/?p=3D1495>(my blog)
[TNX to Fernando Pereira for putting me on to this one.] http://itre.cis.upenn.edu/~myl/languagelog/ http://itre.cis.upenn.edu/~myl/languagelog/archives/002912.html The December 1 DWIM effect [The Cupertino effect, 9 Mar 09, 2006] The damage done by well-intentioned (mis)features of MS Office is not limited to occasional dadafication of EU bureaucratese <http://itre.cis.upenn.edu/%7Emyl/languagelog/archives/002911.html>. According to Barry R Zeeberg, Joseph Riss, David W Kane, Kimberly J Bussey, Edward Uchio, W Marston Linehan, J Carl Barrett and John N Weinstein, "Mistaken Identifiers: Gene name errors can be introduced inadvertently when using Excel in bioinformatics <http://www.biomedcentral.com/1471-2105/5/80>", BMC Bioinformatics 2004, 5:80: When we were beta-testing [two new bioinformatics programs] on microarray data, a frustrating problem occurred repeatedly: Some gene names kept bouncing back as "unknown." A little detective work revealed the reason: ... A default date conversion feature in Excel ... was altering gene names that it considered to look like dates. For example, the tumor suppressor DEC1 [Deleted in Esophageal Cancer 1] was being converted to '1-DEC.' Figure 1 lists 30 gene names that suffer an analogous fate. A worse problem apparently afflicts information from microarray experiments: There is another default conversion problem for RIKEN clone identifiers identifiers of the form nnnnnnnEnn, where n denotes a digit. These identifiers are comprised of the serial number of the plate that contains the library, information on plate status, and the address of the clone. A search ... identified more than 2,000 such identifiers out of a total set of 60,770. For example, the RIKEN identifier "2310009E13" was converted irreversibly to the floating-point number "2.31E+13." A non-expert user might well fail to notice that approximately 3% of the identifiers on a microarray with tens of thousands of genes had been converted to an incorrect form, yet the potential for 2,000 identifiers to be transmogrified without notice is a considerable concern. Most important, these conversions to an internal date representation or floating-point number format are irreversible; the original gene name cannot be recovered. RIKEN <http://www.jarvislab.net/Genomics.html> microarrays are systematically affected, but other microarray results are apparently often garbled as well: The floating-point conversion is not restricted to RIKEN clone identifiers but will affect any clone designation derived from plate coordinates. ... [If plate library references are omitted or numerical], all clones from row E of any plate are converted to floating point numbers by Excel. ... Since 96-well plates contain 8 rows and 12 columns, row E represents 12/96 or 12.5% of the clones on the plate; similarly, 6.25% of clones from 384-well plates would be affected. Most libraries contain hundreds of plates, each of which would be subject to this problem. If some computer virus or trojan did this sort of damage to the results of thousands of high-cost biomedical experiments, I imagine that we'd see a serious effort to put some people in jail. I'm not suggesting that any similar sort of retribution is appropriate here, but perhaps some rehabilitation would be in order, along the lines suggested below. There's an acronym from the old days of classic AI, DWIM, standing for "Do What I Mean". The Jargon File explains <http://www.catb.org/%7Eesr/jargon/html/D/DWIM.html>: Warren Teitelman originally wrote DWIM to fix his typos and spelling errors, so it was somewhat idiosyncratic to his style, and would often make hash of anyone else's typos if they were stylistically different. Some victims of DWIM thus claimed that the acronym stood for "Damn Warren's Infernal Machine!". In one notorious incident, Warren added a DWIM feature to the command interpreter used at Xerox PARC. One day another hacker there typed delete *$ to free up some disk space. (The editor there named backup files by appending $ to the original file name, so he was trying to delete any backup files left over from old editing sessions.) It happened that there weren't any editor backup files, so DWIM helpfully reported *$ not found, assuming you meant 'delete *'. It then started to delete all the files on the disk! The hacker managed to stop it with a Vulcan nerve pinch after only a half dozen or so files were lost. The disgruntled victim later said he had been sorely tempted to go to Warren's office, tie Warren down in his chair in front of his workstation, and then type delete *$ twice. DWIM is often suggested in jest as a desired feature for a complex program; it is also occasionally described as the single instruction the ideal computer would have. Back when proofs of program correctness were in vogue, there were also jokes about DWIMC (Do What I Mean, Correctly). It seems to me that all interactive programs should have a prominently displayed switch labeled something like DEWITYD, "Do Exactly What I Tell You, Damnit!" (pronounced as "de-witted"). No doubt the results will be wrong (or even disastrous) at least as often as the results of DWIM will be; but at least you'll know exactly who to blame. Posted by Mark Liberman at March 9, 2006 05:51 PM <http://www.sitemeter.com/stats.asp?site=sm7languagelog> [I always enjoyed seeing Warren's license plate (DWIM) now and then while driving. However, based on experience with InterLisp, many wags suggested that the correct acronym should have been DWWTYM -- Do What Warren Thinks You Mean. PGN]
Citibank said has blocked the use of some of its PIN-based debit cards after detecting fraudulent cash withdrawals in Britain, Canada and Russia. PINs were apparently obtained from "a third-party business' information breach" in the U.S. last year. [Source: Eileen Alt Powell, AP Online, 8 Mar 2006; PGN-ed] http://finance.lycos.com/home/news/story.asp?story=56481434 [Apparently the PINs are archived, perhaps even unencrypted? PGN] http://www.msnbc.msn.com/id/11731365/
Health and immigration records sold at B.C. auction (news item from the Canadian Broadcasting Corp) Several investigations have begun after computer tapes containing health and immigration records for thousands of people in British Columbia were sold at a public auction for $101. http://www.cbc.ca/story/canada/national/2006/03/06/bc-government-tapes060306.html The records contained information on sexual abuse, HIV status, and mental health, as well as other information that was obviously quite confidential in nature. The fact that old backup tapes were sold off is probably not too surprising to RISKS readers. What is interesting is that this is not the first time, and, according to the article, "the government brought in rules that should have ensured that all information was removed from surplus computer equipment before it was sold."
A step backwards for customers of Australian National Credit Union (www.friendlybanking.com.au) where from 21 Mar 2006 all users of the credit union's Internet banking will be limited to choosing passwords of six characters, consisting only of the numbers 0-9. They have previously had the ability to choose alpha-numeric passwords of varying length. The credit union's website claims that the changes are for enhanced security (http://www.friendlybanking.com.au/Pages/view_news.asp?news_id=1999): Important Internet Banking Password Changes As of 21st March 2006, passwords for Internet Banking will be changing. This will apply to all passwords and second passwords (where applicable). Your Internet Banking password will now be known as your Web Access Code (WAC). Web Access Codes (WAC) must now be six (6) digits long and only contain numbers (0 - 9), but no spaces. Make sure it is difficult for others to guess and does not contain your date of birth, member number and repeated digits. Please do not change your WAC until you are prompted to on or after the 21st March 2006. This will save you having to re enter a new WAC. These changes are being made in preparation for an improved site later in the year with added functionality such as Bpay view, Secure mail, Setting up regular payments, Submit a request for a new Term Deposit, Added security features. After I enquired about this apparent backward step, the credit union's response claimed this was required for the implementation of two-factor authentication, amongst other security enhancements. Two-factor authentication might be great for those who use it, but those that don't will be left with the limited password options. I thought the RISKS were obvious, but perhaps not to the credit union's security team.
High-tech-howlers are nothing new for New Jersey legislators. See http://catless.ncl.ac.uk/Risks/12.09.html#subj5 back in 1991. That was about a bill that would require all "software engineers" to be licenced, for a *VERY WIDE* definition of "software engineer". The initial draft would've required every secretary who created a Word or Excel macro to be licenced as an engineer. Walter Dnes <email@example.com> In linux /sbin/init is Job #1
Too much important opinion, including that leading to the founding of the country, was published anonymously to permit the government to ban anonymous opinion. Even unto this day, anonymous pamphleteering is an honorable activity at the core of the First Amendment. The main difference between Mrs. McIntyre's pamphlets and the fora to be regulated is that a reader could use the pamphlet to create litter. The Internet provides no similar opportunity because one is not handed an physical object. I would expect that such a statute, were it to be enacted, would be quickly challenged and almost as quickly overturned. See _McIntyre v. Ohio Elections Comm'n_, 514 U.S. 334 (1995). Nor is the question of littering dispositive. See _Schneider v. NJ_, 308 U.S. 147 (1939) [@156, Milwaukee; @157, Worcester]. Obviously I am not a lawyer and you would talk to one before challenging or violating any statute.
On the other hand, having had a few "hit job" reviews posted of my book, *Managing the Testing Process*, posted at Amazon.com by anonymous reviewers, it seems that allowing people to slam other people--who may well be competitor's--in a public forum without disclosing their identities and therefore their interests poses some risks not just to the people who are slammed, but also to the readers who may unquestioning accept the critique while unaware of the motivations and interests behind the critique. Rex Black, CTO, Pure Testing, Pvt Ltd; President, American Software Testing Qualifications Board; President, International Software Testing Qualifications Board; 31520 Beck Road, Bulverde, TX 78163 +1 (830) 438-4830 www.rexblackconsulting.com
When was the last time you saw a safety case where the claimed probabilities of failure had error bounds? When was the last time you saw a sound argument justifying these error bounds? I never have. Has anyone on the list *written* such a safety case?
Up to now the most obvious harm done by pseudo-precision may well be in the 'accidents' of badly designed systems. It could also be that the failure to control the mass of meaningless output from computer programs ('GIGO science') is a consequence of our dogmatic faith in numbers. My education in pseudo-precision began when I realised that students being taught the Systeme Internationale as promoted in England in 1970 were forced to lie. At that time, the S.I. prefixes were rigorously cascaded in thousands; the deci- and centi- were banned. So students doing exercises in 'the metric system' were required to quote measurements of length to the nearest millimetre, even when the object was a rough concrete pillar. Like Hamish Marson I knew some old-fashioned physical scientists who taught their students about the management of uncertainty; but the breed was dying out even then. Reflecting on all this I eventually wrote (with my colleague Silvio Funtowicz) 'Uncertainty and Quality in Science for Policy'. In this we developed the 'NUSAP' notational scheme, whose categories are Numeral, Unit, Spread, Assessment and Pedigree. The principle behind NUSAP has had some success; the Dutch Environment Agency has a 'Guidance' for assessing uncertainty in scientific information which is becoming a standard. But even there I find inadequate attention to the task of matching precision to accuracy. And for the situations when very uncertain quantities are involved (as in much policy-related information) I find hardly any concern at all. Are there RISKS readers interested in developing this? Jerry Ravetz, 111 Victoria Road, Oxford OX2 7QG, +44 1865 512247 Mobile 0790 535 2788 Website: www.jerryravetz.co.uk Visiting Fellow, the James Martin Institute for Science and Civilization, Business School, Oxford University. Files of my recent papers, available for downloading, can be found on the website www.nusap.net; on the Home Page see Tutorials - Post-Normal Science and NUSAP, and Sections - Reports, papers.
The discussion of error tolerances reminded me of a time, many years ago, when I was an undergrad physics student. We were, of course, drilled endlessly by professors and post-grad assistants about the vital need to include error bars in experimental results. One day, my lab partner and I were running some experiment (I think it was to explore a Wheatstone bridge) built out of ancient wires, resistances, and meters. The hopelessly antique equipment inspired my partner to record some result as "4.1487892 +/- .002%" in his lab book. When the experiment was marked, the instructor wrote "I don't see how you could have achieved such precision", to which my partner wittily wrote back: "You should not be critical of extra work, voluntarily done."
Relevant experience? (gotta understand) Hamish Marson asks, How many people who write software actually have relevant experience in the real world for things they're doing? In my view, relevant experience is not near enough to do the job right. Usually when a task is to be done using a computer, the designers and coders must understand the task BETTER than most real world experts do. Otherwise it doesn't work and nobody is happy. Furthermore, there are many other ways to fail, as well. Some of them are profitable anyway.
APC (American Power Conversion) http://apc.com/ sells a BioPod http://apc.com/products/family/index.cfm?id=246&ISOCountryCode=ww described "Biometric Security:A Simple and Secure Way to Remember Passwords". Text is "As security concerns continue to grow, so do the number of passwords. The Biometric Password Manager provide users a convenient and secure way to manage and access multiple security phrases and codes. This product biometrically identifies users and gives them convenient access to password protected applications and web sites." When you install the software, it uses your Windows password for securing all your login/password pairs. That's of course bad because you might want more or layered security on your logins. What's worse is that if you have no Windows password the software silently accepts null as password. That is, not only do you not need a password to open the password vault stored on the BioPod, no warning is given that a password might be a good idea to secure the goodies. After getting over my astonishment at that behavior I called APC tech support but couldn't convince them that there was a problem. The dialogue below shows my repeated failed attempts to convince the Web folk that a problem exists. ================================== Me: Biopod has huge security flaw, compromises the device's integrity. I've reported this to your support people but see no action taken. APC: Thank you for contacting APC's email support on 01/31/2006 06:27 PM. I would be happy to assist you. I apologize for the inconvenience. I am unaware of any security flaw with the BioPod. If you would like to describe the details of the suspected please feel free to send them to me. Officially the BioPod is not advertised as a security device, but a password manager, so it is not designed to increase the security of your computer, but provide a safe way to manage and store your passwords. Me: Installing the BioPod software on a Windows PC that is not password protected makes the BioPod password blanks. That is, when the password challenge is issued simply clicking OK without using a fingerprint AND WITHOUT ENTERING A PASSWORD logs in to the BioPod password vault. That's not my idea of a useful password manager. APC: The OmniPass software and BioPod can be setup for use with a Windows password or without a Windows password. If you don't have a Windows password and setup a "Windows" user you will be able to log into the password vault without a password because you don't have a Windows password. If you don't want to setup a Windows password simply setup a non-Windows user in OmniPass by following the directions in the attached document. Me: You're entirely missing my point. NO WARNING IS GIVEN THAT THE BIOPOD HAS BEEN SET UP WITH NO PASSWORD. THIS IS A PROFOUND SECURITY EXPOSURE SINCE IT GIVES THE ILLUSION OF PROTECTION WHERE THERE IS NONE. Do you think the BioPod is performing correctly and that it's documented correctly and fully? If so, we have nothing further to discuss -- but I'm astonished at APC's (lack of) response to this problem. APC: I understand your point, however if you choose to setup a BioPod user using your Windows password as the master password and your Windows Password is blank, the BioPod would clearly not have a secure Master Password. It is for this reason if you do not have a Windows password it is recommended you use choose the option to setup a separate Master Password not based on the Windows password. Or you could opt to add security to your computer system by adding a Windows password. Me: This is your last chance. I reinstalled the software to review the installation dialogue. If no Windows password is set NO WARNING IS GIVEN THAT THE DEVICE IS NOT SECURE. You're correct that the user can set a Windows password for the specific purpose of having it inherited by the BioPod, and then remove the Windows password. But doesn't this seem a bit cumbersome to you? And aren't users unlikely to do it WITHOUT SPECIFIC INSTRUCTIONS? Having the BioPod only take the Windows password, being unable to set a specific unique password for the BioPod, is very bad design. Your unwillingness to acknowledge that users MAY NOT REALIZE THAT THEIR BIOPOD is insecure is baffling. So my next communication will be with your public relations people and some mailing lists that publicize security risks such as this. They'll of course see how many times I tried to convince you that there's a problem here. APC: When the BioPod and OmniPass software are used properly they provide a secure way to manage your passwords. For more information about the operation of the software please contact Softex Inc, the designer of the software at www.softexinc.com firstname.lastname@example.org. Gabriel Goldberg, Computers and Publishing, Inc., 3401 Silver Maple Place, Falls Church, VA 22042 <http://www.cpcug.org/user/gabe> (703) 204-0433
Please report problems with the web pages to the maintainer