Suzanne Hart was crushed to death in an elevator in the Young and Rubicam building in Manhattan. As she stepped into the elevator on the ground floor, it shot to the second floor with the door open, and she was trapped between floors. The elevator had just undergone electrical maintenance a few hours before. [Source: James Barron, Tracing the ARc of a Life Cut Short by an Elevator Malfunction, *The New York Times*, 20 Dec, A26 (National Edition); PGN-ed. James Barron's article is a lovely homage to her life.]
The Berlin light rail train system, plagued by problems for years, demonstrated today that it can, indeed get worse. Many cars have been taken out of service for all sorts of ailments, and having pruned the maintenance shops and the drivers to a bare minimum, there is no room for dealing with problems. And there have been problems galore. Berliners joked that it could not possibly get worse, but today (15 Dec 2011) the S-Bahn proved that it could, indeed, because it has a single point of failure. All switches, all electronic signals, all information is centralized in one station in Halensee. And the electricity went out during a routine test of the emergency electrical system today, according to RBB , a local news station. The emergency system did not kick in - and then nothing worked. Only two train lines that still have analogue signals and switches were in operation, the rest was out - and the central operations was also affected. They had no information on where the trains were. Many people were trapped in trains stranded between stations. Angry passengers opened the doors, got out and walked the tracks to the nearest station, continuing by bus, subway, or taxi. It took about 3 hours after electricity was restored to have some sort of traffic running. The Internet information page by the S-Bahn was down, the server was not able to cope with the traffic. Customers used Twitter to announce trains in motion, helping people to find some way to get to work or school.  http://www.rbb-online.de/nachrichten/vermischtes/2011_12/komplett_ausfall_bei.html Prof. Dr. Debora Weber-Wulff, HTW Berlin, Treskowallee 8, 10313 Berlin Tel: +49-30-5019-2440 http://www.f4.htw-berlin.de/people/weberwu/
This seems to be a good time of the year for those of us who study failure modes. On the night of 23 September 2010 the cruise ship Queen Mary 2 lost propulsion for an hour outside Barcelona. As the official report puts it, "Losing control of a large cruise liner due to an electrical blackout, with 3,823 people on board, is a serious concern." The report is here: http://www.maib.gov.uk/cms_resources.cfm?file=/QM2Webreport.pdf Details of interest to the volts and amps types (a capacitor exploded) are here: http://www.maib.gov.uk/cms_resources.cfm?file=/QM2_CombinedAnnexes.pdf Rule, Britannia :-) [The URLs fixed, removing the superfluous 3D. I occasionally miss ONE (or in this case TWO!). PGN]
Ford is upgrading its in-vehicle software on a huge scale, embracing all the customer expectations and headaches that come with the development lifecycle [Source: Chris Murphy <Mcjmurphy@techweb.com>, InformationWeek, 14 Nov 2011] <http://www.informationweek.com/authors/1115> Sometime early next year, Ford will mail USB sticks to about 250,000 owners of vehicles with its advanced touchscreen control panel. The stick will contain a major upgrade to the software for that screen. With it, Ford is breaking from a history as old as the auto industry, one in which the technology in a car essentially stayed unchanged from assembly line to junk yard. Ford is significantly changing what a driver or passenger experiences in its cars years after they're built. And with it, Ford becomes a software company -- with all the associated high customer expectations and headaches. http://www.informationweek.com/news/global-cio/interviews/231902920? Gabriel Goldberg, Computers and Publishing, Inc. email@example.com 3401 Silver Maple Place, Falls Church, VA 22042 (703) 204-0433 ["Just became"? I remember in the early 1980s when the Ford Aerospace computer security folks in Palo Alto were working with Ford headquarters in Detroit to help them understand the implications of computer technology —and security. It takes a long time for technology to emerge, and then —unfortunately—often with inadequate security. PGN]
Although this is about India, the bits about biometric failures and what is happening to people missing in the database should resonate with some of our own efforts. Aman Sethi, The False Promise of Biometrics, *The New York Times* blogs, Latitude, 22 Dec 2011 India's ambitions to help the poor secure government benefits by creating the world's largest personal database could do them much harm. http://latitude.blogs.nytimes.com/2011/12/22/the-false-promise-of-biometrics-in-india/?emc=eta1
Sebastian Anthony, 22 Dec 2011: At this point we have a fairly good idea of what Carrier IQ is, and which manufacturers and carriers see fit to install it on their phones, but the Electronic Frontier Foundation (EFF) - the preeminent protector of your digital rights - has taken it one step further and reverse engineered some of the program's code to work out what's actually going on. http://www.extremetech.com/computing/110061-eff-reverse-engineers-carrier-iq Analyzing Carrier IQ Profiles https://www.eff.org/deeplinks/2011/12/analyzing-carrier-iq-profiles Some Facts About Carrier IQ https://www.eff.org/deeplinks/2011/12/carrier-iq-architecture
"Philip Falcone's proposed LightSquared Inc. wireless service caused interference to 75 percent of global-positioning system receivers examined in a U.S. government test, according to a draft summary of results." http://j.mp/vcHiAA (Business Week) [NNSquad]
The more things are connected, the more they need protecting: > In one instance, a thermostat at a town house the Chamber [of Commerce] > owns on Capitol Hill was communicating with an Internet address in China. http://online.wsj.com/article/SB10001424052970204058404577110541568535300.html http://www.thestar.com/news/world/article/1105272 http://it.slashdot.org/story/11/12/21/1321238/ (via) There are some quite sophisticated thermostat designs being designed nowadays: http://www.sparkfun.com/tutorials/334 http://www.nest.com/ With quite capable processors: http://www.ti.com/product/am3703 No mention of the specific product used in the attack though.
There are all sorts of articles about the risks of talking on a cell phone while driving—even hands free—in a car and an effort to ban them. The problem is that these processes seem to focus primarily on risks. Have these studies looked at the benefits of not being isolated while driving? The reports do make an exception for navigation systems even though they can be very distracting. That's a case where the benefits are, perhaps, too obvious to ignore. Yet if we remove all distractions driving becomes very dangerous—that's why roads are now designed with curves rather than being straight for many miles. How do we get balanced policies rather than policies focused on eliminating risks? And without taking risks how do we advance understanding and technology? There's also another issue—the policymakers seem to assume that a GPS navigator is a device. But today it's just an app and a cell phone is just a generic communicating platform. So, inevitably, in a software-defined world the efforts to ban devices become commingled with attempts to control behavior.
"So grand is the entertainment complex's umbrage that I half expect its next move will be to petition the Department of Justice for the authority to shut down the electric utilities that provide power to any and all computers it suspects are pinching its intellectual property." Jack Shafer, Reuters blog, 16 Dec 2011 http://j.mp/w1Ja2U NNSquad: http://lists.nnsquad.org/mailman/listinfo/nnsquad
OK, the concept of "privacy" and the whole raison d'Ítre for Facebook are diametrically opposed, but you would have hoped that a regulator would put at least *some* effort into protecting the innocent. http://www.itnews.com.au/News/284896,acma-finds-facebook-photos-are-not-private.aspx "Australia's communications regulator has ruled that television networks are not breaking the industry's code of practice when publishing photos lifted from a public Facebook profile." OK, I can sort of follow that one - it's freely accessible. There looms the eternal copyright question, though, but OK - but worse was to come. "Channel Seven did not breach the Commercial Television Industry Code of Practice when it accessed and broadcast photographs—specifically in the case of a deceased person lifted from a Facebook tribute page, and another which broadcast the name, photograph and comments penned by a 14-year old boy." OK, this was enough to hit the buffers for me. The former is a matter of public decency (I know, I know, I'm old fashioned), but the latter throws up a thoroughly evil question that I will post in a minute as a separate message. Now for the killer: "The ACMA was begrudgingly unable to guarantee that users marking content as `private' on a social network could be safe guarded from broadcasters and publishers making it public, at least under the industry code of practice." The ACMA made it clear that while it considers the use of privacy settings an important consideration when assessing material obtained from social networking sites, the actual settings are not determinative, the regulator noted. Instead, the regulator will determine matters taken before it on a case-by-case basis." Let me see if I get this correctly: even when a user has flagged the explicit WITHHOLDING of consent for public use by marking something private (which suggests an access control mechanism of some sorts which requires breaching either by password hacks, or by asking a "friend" (cough) to get at the data, the use of such material is perfectly OK? Excuse me? Words fail me. And privacy in Australia, apparently.
"Facebook will begin adding photos of its users to third-party adverts appearing in users' news feeds come early next year, so if you're the sort who's a bit free with your thumbs-up button, there's no way out of being featured alongside a tin of baked beans or a pair of knickers on the social network." http://www.theregister.co.uk/2011/12/21/facebook_sponsored_stories/ I'm not quite sure what exactly they are smoking at Facebook HQ, but I would advise to avoid it at all costs, zap any image which features your face and start warming up your lawyers. What Facebook is planning to do appears to me principally deceptive marketing. If your face is somehow associated with a product it will appear as an endorsement - and endorsement you didn't intend, most likely would not consent to if you were aware of it (which you won't), and may associate you with any problems the product may have. In other words, Facebook is about to use your credibility and reputation for free, leaving you with the liability and representational loss if the product isn't up to scratch. Absolutely *great* for double-glazing selling.. Well, that's the end of profile pictures, I think. Even more fun will be the abuse of publicity images as used by fake profiles - as far as I can see, the only people winning here are lawyers. Am I missing something or have they really come off the rails now?
Deal comes just a month after the U.S. Federal Trade Commission ruled Facebook made deceptive claims about data sharing. Jeremy Kirk, *ITBusiness* http://www.itbusiness.ca/it/client/en/home/News.asp?id=65451 12/22/2011
As e-mail, documents, and almost every aspect of our professional and personal lives moves onto the "cloud"-remote servers we rely on to store, guard, and make available all of our data whenever and from wherever we want them, all the time and into eternity-a brush with disaster reminds the author and his wife just how vulnerable those data can be. A trip to the inner fortress of Gmail, where Google developers recovered six years' worth of hacked and deleted e-mail, provides specific advice on protecting and backing up data now-and gives a picture both consoling and unsettling of the vulnerabilities we can all expect to face in the future. James Fallows, *The Atlantic*, Nov 2011 http://www.theatlantic.com/magazine/archive/2011/11/hacked/8673/?single_page
"LONDON - Hackers on Sunday claimed to have stolen a raft of e-mails and credit card data from U.S.-based security think tank Stratfor, promising it was just the start of a weeklong Christmas-inspired assault on a long list of targets. One alleged hacker said the goal was to use the credit data to steal a million dollars and give it away as Christmas donations." http://j.mp/sZ21Qj (Huffington) - - - This is the text of the message Stratfor has been sending out, though it has been received by various parties without a known relationship to Stratfor, at least directly: Dear Stratfor Member, We have learned that Stratfor's web site was hacked by an unauthorized party. As a result of this incident the operation of Stratfor's servers and e-mail have been suspended. We have reason to believe that the names of our corporate subscribers have been posted on other web sites. We are diligently investigating the extent to which subscriber information may have been obtained. Stratfor and I take this incident very seriously. Stratfor's relationship with its members and, in particular, the confidentiality of their subscriber information, are very important to Stratfor and me. We are working closely with law enforcement in their investigation and will assist them with the identification of the individual(s) who are responsible. Although we are still learning more and the law enforcement investigation is active and ongoing, we wanted to provide you with notice of this incident as quickly as possible. We will keep you updated regarding these matters. George Friedman
NEW YORK Victims of a data breach at the security analysis firm Stratfor apparently are being targeted a second time after speaking out about the hacking. Stratfor said on its Facebook page that some individuals who offered public support for the company after it revealed it was hacked "may be being targeted for doing so." The loose-knit hacking movement "Anonymous" claimed Sunday through Twitter that it had stolen thousands of credit card numbers and other personal information belonging to the company's clients. Anonymous members posted links to some of the information Sunday and more on Monday. Stratfor, based in Austin, Texas, said its affected clients and its supporters "are at risk of having sensitive information repeatedly published on other websites." The company has resorted to communicating through Facebook while its website remains down and its e-mail suspended. ... Eileen Aj Connelly, AP Business Writer, *The Boston Globe*, 26 Dec 2011, http://www.boston.com/business/technology/articles/2011/12/26/think_tank_hacking_victims_targeted_after_comments/
Microsoft gets silent upgrade religion, will push IE auto-updates Copies Chrome and follows Firefox to get users onto the newest browser without asking permission Microsoft today said it will silently upgrade Internet Explorer (IE) starting next month, arguing that taking the responsibility out of the hands of users will keep the Web safer. The move is an acknowledgment by Microsoft that Google's model—its Chrome browser has updated in the background without user involvement since it debuted more than three years ago—is the right one. ... [Source: Gregg Keizer, *Computerworld*, Dec 15 2011] http://www.computerworld.com/s/article/9222690/Microsoft_gets_silent_upgrade_religion_will_push_IE_auto_updates
The inability to control volume is merely the tip of the iceberg when it comes to the media consumer's lack of control. However, thanks to the wonders of modern computers & digital signal processing, those persons consuming their media via a _computer_, rather than a consumer electronic device, finally have significantly more control. "MP3Gain" and its competitors allows the user to pre-process the audio gain of mp3 files so that even when played back on "dumb" mp3 devices, the sound volume will be within the range selected by the user. I have used these types of programs for years to enable me to be able to hear mp3's on airplanes where the ambient noise is simply too high. If you are utilizing the outstanding "VLC" media player on your laptop computer, you have even greater control. For example, the VLC player can play back at speeds significantly greater than normal, but _without changing the pitch_, so that you can zoom through boring podcasts & videos at 1.5x or greater speeds. The VLC player also has a "Volume Normalizer", which provides "dynamic volume compression" for noisy environments. See below. It is essential that digital media consumers be allowed to digitally remaster their content to tailor it for their own consumption. In some cases, this can be an advantage for the content creators: e.g., when I set VLC playback to 1.5x, I can consume 50% more content! http://www.ab9il.net/digital-audio/vlc-audio-dynamics.html "Effective Audio compression for Loud or Sensitive Environments. "The VLC media player, short for VideoLan, is a very versatile player for nearly any audio or video format. It is an excellent application for home theater computers, laptops, netbooks, tablet computers, or any Mac, Linux, or Windows device used for multimedia playback. It can even stream media over a local or global network. VLC is the media player of choice due in part to its ease of use on the popular operating systems and its many useful plugins. "One aspect of its flexibility that is not well utilized by many VLC users is its ability to manipulate the audio dynamics of the media it is playing. In other words, the Volume Normalizer can be configured to compensate for loud and quiet variations of a movie, podcast, or segment of music. Such a feature is very useful when using VLC in a loud environment: on an airplane, in a busy cafe, in an office area, or on a street. Some VLC users in schools, watching pre-recorded lectures, may need the audio dynamics set to provide clarity in a sound sensitive environment. The audio compression then automatically controls loudness to prevent distraction to others who may be nearby."
> Oh yeah, you want those turrets on that robot in a prison. New, untried > OS, vendor under competitive pressure, gun with real bullets and a high > likelihood of this thing having some form of remote management. What > could possible go wrong? Or as they said in the movie "Westworld", "Nothing can possibly go worng, go worng, go worng..." I was thinking about this when I saw the first "Robocop" movie, when the ED-209 defense drone shoots an executive of the company, my thought was, what kind of brain-dead moron actually loads ordnance into a machine undergoing a test in a civilian environment? Of course it would have made the story fail, but Dick Jones, as head of the ED-209 project should have been fired on the spot for incompetence, and whoever ordered actual ammunition put into the thing should have been prosecuted at least for involuntary manslaughter. This was inexcusable negligence beyond mere incompetence or even stupidity, it borders on arrogant willful misconduct. Even if you don't give one damn about human life, killing corporate executives is unacceptable because it's very expensive over some schlub on the shop floor in a factory: you have to pay their death benefits from worker's comp based on their income which is a lot higher, you have to cash out their remaining contract, and possibly other benefits have to be paid, plus a dead-bang winner of a juicy high-dollar suit by their survivors for negligence. Not to mention the bad press in the newspapers might cause the stock price to go down. Killing director-level or corporate officer executives is going to be a lot more expensive than just having some factory worker killed, say in a disaster because your maintenance is sub-par (like BP and the Deepwater Horizon disaster in the Exxon of Mexico, err I mean Gulf of Mexico.)
The title of the note in RISKS-26.67 said the accident was "Blamed on Software". I think this is misleading. The anomaly involved electronic data generation and transmission engineering, nothing with which a software engineer could be expected to have either experience or expertise. Qantas Flight 72, flown by VH-QPA, an Airbus 330-303, suffered pitch anomalies in cruise near Learmonth, Western Australia, in October 2008. It pitched down suddenly, injuring some 106 passengers and 9 cabin crew, some severely. An emergency was declared and the airplane landed at Learmonth, Western Australia, to enable timely medical treatment for the injured. It has been known for some time (and was published in the interim reports) that the pitch-down was caused by data spikes in angle-of-attack data from one air data computer (ADIRU), which were taken as veridical by the primary flight control computers (FCPC or PRIM) because two similar spikes occurred just outside the time window in the filtering algorithm. The reconciliation between these values and those of the other two ADIRUs allowed this anomalous value to prevail, and the aircraft accordingly pitched nose-down. A blog post with more detail, including a link to the final report, as well as discussion of the certification requirements as the ATSB sees them, may be read at http://www.abnormaldistribution.org/2011/12/21/the-accident-to-qantas-flight-72-vh-qpa-in-october-2008/ Peter Bernard Ladkin, University of Bielefeld and Causalis Limited www.rvs.uni-bielefeld.de www.causalis.com [See also http://www.atsb.gov.au/media/3532398/ao2008070.pdf http://it.slashdot.org/story/11/12/20/0127215/software-bug-caused-qantas-airbus-a330-to-nose-dive courtesy of Earl Boebert, who noted this: [There's] an (unverified) assertion that the Airbus flight control system will exercise uncommanded changes to throttle settings *without* moving the throttle handles in the cockpit. If true: bad robot, bad, bad robot. (The Boeing system supposedly has actuators on the handles and moves them when it decides to take over throttle control.)] PGN]
http://www.stuff.co.nz/travel/australia/6163633/Qantas-terror-blamed-on-computer The article notes that Airbus has since tweaked its algorithms and installed the upgraded software. The line in the article that caught my eye was the following. "As a result of this redesign, passengers, crew and operators can be confident that the same type of accident will not reoccur," investigators have concluded. *Will not* reoccur? That strikes me as awfully absolute. [A common comment in RISKS over the years, but seemingly particularly relevant here! PGN]
CALL FOR PAPERS - LAST WEEKS BEFORE DEADLINE Paper submission: 14 Jan 2012 9th International Conference on Integrated Formal Methods (iFM 2012) in conjunction with ABZ 2012, in honor of Egon Boerger's 65th birthday for his contribution to state-based formal methods June 18 - 22, 2012 - CNR - Pisa - ITALY http://ifm.isti.cnr.it Consiglio Nazionale delle Ricerche Istituto di Scienza e Tecnologie dell'Informazione “A. Faedo'' Formal Methods && Tools Lab. Via Moruzzi 1 - 56124 Pisa OBJECTIVES AND SCOPE Applying formal methods may involve the modeling of different aspects of a system that are expressed through different paradigms. Correspondingly, different analysis techniques will be used to examine differently modeled system views, different kinds of properties, or simply in order to cope with the sheer complexity of the system. The iFM conference series seeks to further research into the combination of (formal and semi-formal) methods for system development, regarding modeling and analysis, and covering all aspects from language design through verification and analysis techniques to tools and their integration into software engineering practice. INVITED SPEAKERS Egon Boerger, University of Pisa, Italy Muffy Calder, University of Glasgow, United Kingdom Ian J. Hayes, University of Queensland, Australia ABZ - iFM 2012 GENERAL CHAIRS John Derrick, University of Sheffield, United Kingdom Stefania Gnesi, CNR-ISTI, Italy iFM PROGRAMME COMMITTEE CHAIRS: Diego Latella, CNR-ISTI, Italy Helen Treharne, University of Surrey, United Kingdom ABZ - iFM 2012 FINANCE CHAIR Alessandro Fantechi, Universita' di Firenze, Italy [Large international organizing and program committees omitted here. PGN]
Please report problems with the web pages to the maintainer