Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
I have also heard the stories about pilots following the procedures in the manual not being able to save the aircraft. In the case of the American Airlines DC-10 accident, the pilot executed the correct maneuver for loss of engine power, but the effects of the missing engine caused it to go into a stall. However, the correction for the stall is 180 degrees different from the correction for the loss of engine power, and thus the plane was lost. The pilot possibly could have saved the aircraft had he known what was going on. The reason the pilot didn't correct for the stall is that he didn't know about it (or knew too late) — because the missing engine supplied power to the stall warning device. Interestingly, at the time stories were circulating that some airlines (e.g., United) had ordered their DC-10's with dual-redundant stall-warning devices, powered off of multiple engines. (I'm afraid I don't have a reference. Probably Aviation Week and Space Technology.) Chuck
From the AP, Tuesday, 5 August 1986, Los Angeles: Three of five earthquakes that state agencies said rattled California on Sunday never happened, officials acknowledged yesterday. The false reports by California's Office of Emergency Services and Department of Water Resources were blamed on static in the microwave system that transmits data from monitoring devices around the state to Sacramento. Don Irwin, deputy director of Emergency Services, said his agency was trying to decide whether to change procedures and stop publicizing what he termed ``preliminary, unofficial information''. U.S. Geological Survey seismologists said yesterday that three small quakes shook the state on Sunday, two near San Jose and a third in the eastern Sierra Nevada. No damage or injuries were reported. The state agencies never reported one of the San Jose-area quakes, and reported three others that did not happen.
From the San Francisco Chronicle, Wednesday, 6 August 1986:
WASHINGTON - The space shuttle Columbia (the launch preceding the
Challenger disaster) came within 31 seconds of being launched without
enough fuel to reach its planned orbit on January 6 after weary Kennedy
Space Center workers mistakenly drained 18,000 gallons of liquid oxygen
from the craft, according to documents released yesterday by the White
House panel that probed the shuttle program. Although [NASA] said at
the time that computer problems were responsible for the scrubbed
launch, Representative Bill Nelson, D-Fla., who flew on the mission, said
yesterday that he was informed of the fuel loss while aboard the
spacecraft that day...
According to the appendix [to the panel report], Columbia's brush with
disaster ... occurred when Lockheed Space Operations Co. workers
"inadvertently" drained super-cold oxygen from the shuttle's external tank
5 minutes before the scheduled launch. The workers misread computer
evidence of a failed valve and allowed a fuel line to remain open. The
leak was detected when the cold oxygen caused a temperature gauge to drop
below approved levels, but not until 31 seconds before the launch was the
liftoff scrubbed.
NASA said then that the liftoff was scrubbed [until January 12] because
computer problems delayed the closing of a valve. Space agency
spokeswoman Shirley Green said yesterday that the fuel loss did not become
apparent until much later.
The NY Times (same day) noted that the potentially catastrophic launch of the
Columbia without adequate fuel to reach its intended orbit could be blamed
on human error caused by fatigue. "Investigators also concluded that many
key people working for NASA and its contractors work an excessive amount of
overtime that has the potential for causing catastrophic errors in judgment."
The Chronicle article goes on to state, quoting the panel report, that
fatigue may also have contributed "significantly" to the disputed decision
by NASA and Thiokol officials to launch the Challenger in cold weather --
despite strong evidence that the O-ring booster seals were ineffective. The
panel said "certain key managers obtained only minimal sleep the night
before the teleconference" in which the fatal decision was made.
Furthermore, a study of 2900 workers' timecards in the weeks before that
showed an "unusally high amount of overtime", during which time there were
five aborted launches and two actual launches.
I am astounded to look back over my list of computer-related disasters (an
update will appear in RISKS at the beginning of Volume 4 — it is now up to
5 pages) and find only one other space/missile/defense/aviation case that
could easily have been linked to fatigue. That case was the KAL 007, whose
real cause is still a matter of much speculation. (See ACM Software
Engineering Notes 9 1 and 10 3.) One would expect that to be a more common
cause...
Yesterday, Austin experienced a sudden thunderstorm and some small power
failures. One of the things knocked out by the power loss was the central
computer that coordinates the traffic lights in the downtown area.
The central controller is backed up by isolated controllers at each
intersection. By my guesstimate, there are about 125 of these
intersections. Two of the site controllers failed to operate, causing the
light at those two intersections to go out.
Is this a success or a failure for the system as a whole? Of course we'd
like it if the backup was 100%, but is 2% an acceptable failure rate?
(Side note: the only adverse effect of the two failures was that humans
-- policemen - were required to stand in the downpour and direct traffic.)
Alan Wexelblat
UUCP: {ihnp4, seismo, harvard, gatech, pyramid}!ut-sally!im4u!milano!wex
[Success — like failure — is relative. Even the greatest successes
can be disasters if we become overconfident. Even the worst disasters
can have some benefits if we learn from them. In this case, the
result was clearly a qualified success, but would have been quite
different if someone had been killed when the lights went out at one
intersection. PGN]
> Increasingly, large and "official" organisations [...] are using laser > printers to print the bills and other requests for money [...] I cannot believe this will be a serious problem. In fact, most organizations are still using pre-printed stock, even if they use the laser printer to do smarter things on it. For example, my Ontario motor vehicle registration is laser-printed on banknote-style paper. My credit card bills and bank statements are laser-printed on pre-printed paper that is virtually identical in design to the paper used when they were impact-printed. (This also has programming advantages.) Similarly, a new ATM at my bank prints its receipts on a role of paper like that of a cash register, instead of the pre-printed cards used by older models. But the paper used has the bank's logo printed on the back to prevent easy forgery. The one exception I can think of is my city tax and water bills, which have (on plain colored paper) the most ornate laser-printing imaginable — which required some amazing hacking on the Xerox 9700. Duplicating this would be of the same level of complexity as forging pre-printed stock — which was always possible even in the days of hand-writing and typewriters. \\\\ Graeme Hirst University of Toronto Computer Science Department //// utcsri!utai!gh / gh@ai.toronto.edu / 416-978-8747
Please report problems with the web pages to the maintainer