The RISKS Digest
Volume 31 Issue 23

Thursday, 9th May 2019

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

80,000 Deaths. 2 Million Injuries. It's Time for a Reckoning on Medical Devices
NYTimes
`Deep fake' videos that can make anyone say anything worry U.S. intelligence agencies
Fox5NY
Mystery Frequency Disrupted Car Fobs in an Ohio City, and Now Residents Know Why
PGN-ed
*Really* active defense ...
The Hacker News via Rob Slade
How a Google Street View image of your house predicts your risk of a car accident
MIT Technology Review
Another one bites the dust: Why consumer robotics companies keep folding
Robotics
Risks of FAX
Hackaday
Cosmos, Quantum and Consciousness: Is Science Doomed to Leave Some Questions Unanswered?
Scientific American
The Fight for the Right to Drive
Suzanne Johnson
Richard Stein
Massachusetts judge granted warrant to unlock suspects iPhone with Touch ID
Apple Insider
Forgers forcing $12.3 trillion trade financing sector to go digital: Experts
The Straits Times
Malvertiser behind 100+ million bad ads arrested and extradited to the U.S.
Catalin Cimpanu
A doorbell company owned by Amazon wants to start producing `crime news', and it'll definitely end well
Nieman Lab
How the UK Won't Keep Porn Away From Teens
NYTimes
"Unhackable" CPU?
Rob Slade
Too proud of my house number
Dan Jacobson
How to Quickly Disable Fingerprint and Facial Recognition on Your Phone
LifeHacker
Re: Post Office Horizon
Attila the Hun
Re: A 'Blockchain Bandit' Is Guessing Private Keys and Scoring
Peter Houppermans
Re: A video showed a parked Tesla Model S exploding in Shanghai
Wol
Re: Electronic Health Records...
Craig Burton
Re: Is curing patients, a sustainable business model?
Sparse Matrix
Re: Gregory Travis's article on the 737 MAX
Ladkin
Travis
Info on RISKS (comp.risks)

80,000 Deaths. 2 Million Injuries. It's Time for a Reckoning on Medical Devices (NYTimes)

Monty Solomon <monty@roscom.com>
Sun, 5 May 2019 10:47:50 -0400
Patients suffer as the FDA fails to adequately screen or monitor products.
https://www.nytimes.com/2019/05/04/opinion/sunday/medical-devices.html


`Deep fake' videos that can make anyone say anything worry U.S. intelligence agencies (Fox5NY)

the keyboard of geoff goodfellow <geoff@iconia.com>
Wed, 8 May 2019 09:19:32 -0700
A video of a seemingly real news anchor, reading a patently false script
saying things like the "subways always run on time" and "New York City pizza
is definitely not as good as Chicago" gives a whole new meaning to the term
fake news.

But that fake news anchor is a real example of a fascinating new technology
with frightening potential uses.

I was stunned watching the Frankenstein mix of Steve Lacy's voice coming
out of what looks like my mouth.

"That's how well the algorithm knows your face," Professor Siwei Lyu told
me.

The video is what is known as a deep fake: a computer-generated clip using
an algorithm that learned my face so well that is can recreate it with
remarkable accuracy.

My generated face can be swapped onto someone else's head (like that
original video with Steve) or it can be used to make me look like I'm saying
things I've never said.

For this piece, I worked with Lyu and his team at the College of Engineering
and Applied Sciences at the University at Albany.

For many people, seeing is believing.

"I would say it's not 100% true anymore.  What we're doing here is providing
a kind of detection method to authenticate these videos," Lyu said.

Their deep fake research is funded by the Defense Advanced Research Projects
Agency, or DARPA, which acts as the research and development wing of the
U.S. Defense Department. They're working to develop a set of tools the
government and public can use to detect and combat the rise of deep fakes.

What's more, deep fakes technically aren't that hard to make. All it takes
is a few seconds of video of someone, a powerful computer, and some code,
which Lyu and his team don't release publicly...

https://www.fox5ny.com/news/deep-fake-videos-intelligence-agencies


Mystery Frequency Disrupted Car Fobs in an Ohio City, and Now Residents Know Why (PGN-ed)

Gabe Goldberg <gabe@gabegold.com>
Tue, 7 May 2019 00:48:02 -0400
It sounded like something from an episode of The X-Files: Starting a few
weeks ago, in a suburban neighborhood a few miles from a NASA research
center in Ohio, garage-door openers and car key fobs mysteriously stopped
working.

Garage door repair people, local ham radio enthusiasts and other volunteer
investigators descended on the neighborhood with various meters. Everyone
agreed that something powerful was interfering with the radio frequency that
many fobs rely on, but no one could identify the source.

Officials of North Olmsted, a city just outside Cleveland, began receiving
calls about the problems in late April, Donald Glauner, the safety and
service director for North Olmsted, said on Saturday.

In the weeks that followed, more than a dozen residents reported
intermittent issues getting their car fobs and garage door openers to work.
Most lived within a few blocks of one another in North Olmsted, though some
were from the nearby city of Fairview Park.

https://www.nytimes.com/2019/05/04/us/key-fobs-north-olmsted-ohio.html?smid=nytcore-ios-share

  [`Fobbing off' the blame (behind the NYTimes paywall)?  Well, here's the
  rest of the story that is more accessible (PGN-ed):]

North Olmsted councilman Chris Glassburn and Bill Hertzel, a retired
communication employee, found a homemade device that was causing the
interference, after a resident agreed to allow them inside his home.

Glassburn: “The device, which ran on a battery backup, was identified and
disabled, There will be no further interference and the resident has agreed
to not make such devices in the future. There are no implications for the
future or other communities in this matter.''

https://www.cleveland.com/news/2019/05/the-mystery-in-north-olmsted-is-solved-key-fobs-garage-openers-work-again.html

  [Shades of Sputnik opening and closing garage-door openers as it transited
  [reprised in RISKS-23.19,20], and Reagan's Air Force One jamming
  garage-door openers in the Los Angeles area, as well as a case in Florida
  noted in RISKS-23.20.  PGN]


*Really* active defense ... (The Hacker News)

Rob Slade <rmslade@shaw.ca>
Mon, 6 May 2019 12:16:11 -0700
So Hamas had a cyber-unit of hackers trying to attack Israeli cyberspace.

So Israel had fighter drones attack the building from which the Hamas
hackers were working.

https://thehackernews.com/2019/05/israel-hamas-hacker-airstrikes.html


How a Google Street View image of your house predicts your risk of a car accident (MIT Technology Review)

Richard Stein <rmstein@ieee.org>
Tue, 7 May 2019 11:48:33 +0800
https://www.technologyreview.com/s/613432/how-a-google-street-view-image-of-your-house-predicts-your-risk-of-a-car-accident/

“Insurance companies, banks, and health-care organizations can dramatically
improve their risk models by analyzing images of policyholders' houses, say
researchers.''

“The result raises important questions about the way personal information
can leak from seemingly innocent data sets and whether organizations should
be able to use it for commercial purposes.''

Risk: Invasive digital profiles by business without consumer consent.


Another one bites the dust: Why consumer robotics companies keep folding (Robotics)

Gene Wirchenko <gene@shaw.ca>
Mon, 06 May 2019 15:18:52 -0700
Greg Nichols for Robotics | 1 May 2019
Another one bites the dust: Why consumer robotics companies keep folding
After raising more than $200M, Anki, the delightful dozer-bot, is no more.
https://www.zdnet.com/article/another-one-bites-the-dust-why-consumer-robotics-companies-keep-folding/

selected text:

Fact is, despite massive funding in the space, no one has been able to
successfully bring a social robot into the consumer market.  In fact, no one
except iRobot has successfully brought a robotics product of any kind to
market that anyone on your block is likely to have.

So what gives? Is the technology crappy? After years of sci-fi
acculturation, are people still not ready for robot friends?

The answer has more to do with a massive failure on the part of automation
entrepreneurs (and, absolutely, the tech press) to recognize a bedrock rule
of market capitalism: No matter how impressive a piece of automation
technology is, if it doesn't solve a clear problem or increase efficiency in
a major way, it's not a very good product.


Risks of FAX

"Peter G. Neumann" <neumann@csl.sri.com>
Sun, 5 May 2019 16:06:36 PDT
  [via Phil Porras]

https://hackaday.com/2019/05/04/faxsploit-exploiting-a-fax-with-a-picture/

  “Security researchers have found a way to remotely execute code on a fax
  machine by sending a specially crafted document to it.''

A key weakness was that HP rolled their own jpeg handling library rather than
re-using a tried and tested option such as libjpeg.


Cosmos, Quantum and Consciousness: Is Science Doomed to Leave Some Questions Unanswered? (Scientific American)

the keyboard of geoff goodfellow <geoff@iconia.com>
Sun, 5 May 2019 04:32:34 -1000
EXCERPT:

As a science journalist, I've been to countless science conferences over
the years where I'd hear about the latest discoveries or a plug for a new
telescope or particle accelerator destined to yield fresh insights into the
workings of nature. But last week I found myself in a small but elegant
auditorium at Dartmouth College for a different kind of meeting. Scientists
and philosophers had gathered not to celebrate research accomplishments but
to argue that science itself is inadequate. As successful as it has
undeniably been, they say it cannot provide all the answers we seek.

Now, make no mistake—they admit there is a certain kind of science that
works incredibly well, when a little portion of the universe is cordoned off
for study, with the scientist positioned outside of the carefully defined
region under investigation. Galileo is usually credited with this
extraordinary intellectual breakthrough, one that is often said to have
paved the way for modern science. His observations of a swinging pendulum,
and of balls rolling down inclined planes, are classic examples.

But what happens when we* cannot* draw a clear line between the observer and
the observed? This, according to Dartmouth physicist Marcelo Gleiser and
some of his colleagues, is a serious problem. And because these cases
concern some of the most important unanswered questions in physics, they
potentially undermine the idea that science can explain `everything'.

Gleiser laid out this argument earlier this year in a provocative essay
https://aeon.co/essays/the-blind-spot-of-science-is-the-neglect-of-lived-experience
in *Aeon*, co-authored with astrophysicist Adam Frank of the University of
Rochester and philosopher Evan Thompson of the University of British
Columbia; and it was the focus of the two-day workshop
https://ice.dartmouth.edu/public-dialogues-workshops/ organized, titled *The
Blind Spot: Experience, Science, and the Search for `Truth'*.  held at
Dartmouth in Hanover, New Hampshire, on April 22 and 23.  “Everything we do
in science is conditioned by the way we look at the world.
And the way we look at the world is necessarily limited.''

Gleiser, Frank, and Thompson highlight three particular stumbling blocks:
cosmology (we cannot view the universe from the `outside'); consciousness (a
phenomenon we experience only from within); and what they call *the nature
of matter*—roughly, the idea that quantum mechanics appears to involve
the act of observation in a way that is not clearly understood.

Consequently, they say, we must admit that there are some mysteries science
may never be able to solve. For instance, we may never find a *Theory of
Everything* to explain the entire universe. This view contrasts sharply with
the ideal that Nobel laureate physicist Sheldon Glashow expressed in the
1990s: “We believe that the world is knowable: that there are simple rules
governing the behavior of matter and the evolution of the universe.  We
affirm that there are eternal, objective, extra-historical,
socially-neutral, external and universal truths. The assemblage of these
truths is what we call science, and the proof of our assertion lies in the
pudding of its success.''

What Gleiser and his colleagues are critiquing, he says, is “this notion of
scientific triumphalism—the idea that,1Just give us enough time, and
there are no problems that science cannot solve.' We point out that that is
in fact not true. Because there are many problems that we cannot solve.'' ...

https://www.scientificamerican.com/article/cosmos-quantum-and-consciousness-is-science-doomed-to-leave-some-questions-unanswered/


The Fight for the Right to Drive

Suzanne Johnson <fuhn@pobox.com>
May 6, 2019 at 7:53:54 AM GMT+9
  [via David J. Farber]

“It's easier to imagine that technology can solve a problem that education
or regulation could also fix,'' he said. In place of the driverless utopia
that technologists often picture, he asked me to consider another
possibility: a congested urban hellscape in which autonomous vehicles are
subsidized by companies that pump them full of advertising; in exchange for
free rides, companies might require you to pass by particular stores or
watch commercial messages displayed on the vehicles' windows. (A future very
much like this was recently imagined by T. Coraghessan Boyle, in his short
story, Asleep at the Wheel.)

https://www.newyorker.com/culture/annals-of-inquiry/the-fight-for-the-right-to-drive


The Fight for the Right to Drive (The New Yorker)

Richard Stein <rmstein@ieee.org>
Mon, 6 May 2019 17:49:46 +0800
https://www.newyorker.com/culture/annals-of-inquiry/the-fight-for-the-right-to-drive

The New Yorker essay discusses the clash between organizations favoring
carbon-based drivers as an undeniable human right versus industrial
organizations and interests that want to banish carbon-based drivers from US
roads and highways.

Instead of the idyllic holiday family road trip, consider this alternative:

"a congested urban hellscape in which autonomous vehicles are subsidized by
companies that pump them full of advertising; in exchange for free rides,
companies might require you to pass by particular stores or watch commercial
messages displayed on the vehicles windows."

The Self Drive Act (HR 3388) promotes autonomous vehicle deployment.
Passed by the House during the 2017-2018 Congress; the Senate killed it.

The House legislation can be found here:
https://www.congress.gov/bill/115th-congress/house-bill/3388/text. The first
two sentences succinctly summarize the Bill's objectives:

"This bill establishes the federal role in ensuring the safety of highly
automated vehicles by encouraging the testing and deployment of such
vehicles. A 'highly automated vehicle' is a motor vehicle, other than a
commercial motor vehicle, that is equipped with an automated driving system
capable of performing the entire dynamic driving task on a sustained basis.

"The bill preempts states from enacting laws regarding the design,
construction, or performance of highly automated vehicles or automated
driving systems unless such laws enact standards identical to federal
standards."

The legislation promises 'boxcar' AV industry profits: Self-driving vehicle
fleets, being scheduled/dispatched like trains/buses/airplanes, can generate
revenue as they ferry carbon and other goods from points A-to-B.

The legislation promises safer highways: There are too many deaths (~35,000
annually) attributed to carbon-based driver errors.  Self-driving vehicles,
once carbon-based drivers are proscribed from motoring (save for off-road or
military purposes), will usher in an new era of reduce fatalities. No more
distracted or drunk drivers.

Section 4 establishes a requirement for a standard safety certification.
"Nothing in this subsection may be construed to limit or affect the
Secretary's authority under any other provision of law. The Secretary may
not condition deployment or testing of highly automated vehicles on review
of safety assessment certifications."

Self-certification is in scope. Just like commercial aircraft, and medical
devices...

Section 5 establishes a requirement that AV manufacturers develop a
cybersecurity plan. There's no requirement for the manufacturer to publicly
disclose the plan's test results, nor other indicators of software life
cycle maturity.

Risk: NHTSA regulatory capture adjusts AV performance standards to suit
industry interests at the expense of public health/safety. Production defect
escape concealment/non-disclosure compromises AV safety benefits as the
deployment transition from carbon-based vehicle drivers to AV-supremacy
initiates.


Massachusetts judge granted warrant to unlock suspects iPhone with Touch ID (Apple Insider)

Gabe Goldberg <gabe@gabegold.com>
Mon, 6 May 2019 12:41:08 -0400
Law enforcement can compel a suspect to unlock their iPhone using Touch ID
under a warrant, a Massachusetts federal judge ruled in April, muddying the
waters in the ongoing battle in courts over whether the contents of a mobile
device secured with biometrics are protected by the Fifth Amendment, or not.

https://appleinsider.com/articles/19/05/03/massachusetts-judge-granted-warrant-to-unlock-suspects-iphone-with-touch-id/


Forgers forcing $12.3 trillion trade financing sector to go digital: Experts (The Straits Times)

Richard Stein <rmstein@ieee.org>
Tue, 7 May 2019 11:22:52 +0800
https://www.straitstimes.com/business/banking/forgers-forcing-123-trillion-trade-financing-sector-to-go-digital-experts

"The increasing dangers from forgery mean the US$9 trillion (S$12.3
trillion) business of financing global trade has to go digital, said an OCBC
Bank executive."

This is an old news to Risks readers. See
https://catless.ncl.ac.uk/Risks/3/28#subj1
— that's from 1986, for example.

Paper authentication of transactions, like humans, are no longer considered
a trustworthy provenance proxy. Documents are cumbersome to manage in a
digital global economy. Documents, and attempted authentication, add
friction and lengthen the duration of a financial transaction life cycle.

Blockchain (or the digital equivalent) mechanisms are vulnerable to endpoint
theft, and various software stack hacks. They apparently embody less
friction given that there's no paper shuffling.

Is there benefit in the substitution of one risk with another to merely
accelerate business activity? Is there a reasonable mitigation alternative
other than full digitization of a business process? Theft statistics will
eventually reveal the wisdom of this choice.


Malvertiser behind 100+ million bad ads arrested and extradited to the U.S. (Catalin Cimpanu)

Gene Wirchenko <gene@shaw.ca>
Mon, 06 May 2019 15:14:26 -0700
Catalin Cimpanu, ZDNet, 6 May 2019
Ukrainian man behind slew of fake companies that delivered malicious
ads on legitimate sites.
https://www.zdnet.com/article/malvertiser-behind-100-million-bad-ads-arrested-and-extradited-to-the-us/


A doorbell company owned by Amazon wants to start producing `crime news', and it'll definitely end well

Monty Solomon <monty@roscom.com>
Sat, 4 May 2019 18:32:27 -0400
https://www.niemanlab.org/2019/04/a-doorbell-company-owned-by-amazon-wants-to-start-producing-crime-news-and-itll-definitely-end-well/


How the UK Won't Keep Porn Away From Teens

Monty Solomon <monty@roscom.com>
Sun, 5 May 2019 02:00:24 -0400
Complying with a new law, the largest online porn company has set itself up
to be the youth gatekeeper of British smut.  What could go wrong?

https://www.nytimes.com/2019/05/03/style/britain-age-porn-law.html


"Unhackable" CPU?

Rob Slade <rmslade@shaw.ca>
Tue, 7 May 2019 09:50:25 -0700
Researchers at the University of Michigan claim they have a processor that
can't be hacked.
https://securityboulevard.com/2019/05/scientists-claim-to-have-invented-the-unhackable-processor/

The description is a bit thin, but it seems a variation on memory shuffling
to avoid direct attacks on specific locations.

I very much doubt that it is hack proof.  (I'd go for "denial of service" first off ...)


Too proud of my house number

Dan Jacobson <jidanni@jidanni.org>
Sun, 05 May 2019 23:43:41 +0800
You know I was real proud of my house number.

I put in on my name cards and on my website and on my
https://www.jidanni.org/location/directions/

I even remember when one could type "1-6 Qingfu St." into Google Maps
and it would find it.

But not lately. 1-3, 1-6, etc. now all translate to "1". At least "1" is in
Google's system. For numbers that are not in its system Google just sends
the user to the halfway point of a highway's length... Long story short: my
guests were getting out of the cab on the other site of the valley and had
to figure out how walk back three kilometers uphill etc.

Simple: just push the feedback button, type in your problem, and Google will
fix it.

Well even if I had a relative working at Google it would still be hard to
get a word in edgewise. Alas that is the reality when companies get too big.

So then it dawned on me: the problem was that I was too proud of my house
number.  Now I removed it from all my directions, going back to only
mentioning latitude and longitude... problem solved!


How to Quickly Disable Fingerprint and Facial Recognition on Your Phone

Gabe Goldberg <gabe@gabegold.com>
Mon, 6 May 2019 13:07:38 -0400
https://lifehacker.com/how-to-quickly-disable-fingerprint-and-facial-recogniti-1827454157

  [This is in response to Gabe's posting of Massachusetts judge granted
  warrant to unlock suspects iPhone with Touch ID in RISKS-31.22.  PGN]


Re: Post Office Horizon (RISKS-31.22)

Attila the Hun <attilathehun1900@tiscali.co.uk>
Mon, 6 May 2019 15:25:41 +0100
The UK's Post Office 'Horizon' issue is complex, but basically the company
pursued sub-postmasters and mistresses for monies the PO claimed had been
stolen ... a claim hotly denied by those accused.

An independent investigation commissioned by the PO was arbitrarily canceled
the day before the report—believed to be highly critical of the system
and the PO's actions—was due to be published, and the investigator
(Second Sight) was ordered to destroy all the paperwork not yet handed over.
The PO also scrapped the independent committee set up to oversee the
investigation, and the mediation scheme for sub-postmasters; then published
a report in which they cleared themselves.

The PO has lost the first case brought against it in Bates & Ors v. Post
Office Ltd and four court rulings, but is still fighting tooth and nail,
recently accusing the Judge in the latest trial of bias ... much to the
surprise of the PO's own legal team who were unaware of the PO's accusation.

Methinks they doth protest too much.

As the PO is publicly-funded, the costs it is running up are underwritten by
the tax-payer, and Kevan Jones MP has formally questioned these.  The
case(s) appears un-winnable, and the money would surely be better spent
recompensing the unfortunate victims than further enriching the legal
eagles.

https://news.sky.com/story/hundreds-of-sub-postmasters-win-landmark-case-against-post-office-over-horizon-it-fiasco-11666249
https://www.theregister.co.uk/2019/04/10/post_office_trial_judge_not_biased/
https://high-court-justice.vlex.co.uk/vid/hq16x01238-696547977
http://www.bestpracticegroup.com/post-office-horizon-system-legal-fees-of-3m-and-2-years-of-legal-action-3-key-lessons-learned/
https://www.computerweekly.com/news/252461728/MP-questions-government-over-Post-Office-Horizon-case


Re: A 'Blockchain Bandit' Is Guessing Private Keys and Scoring (RISKS-31.22)

<not.for.spam@houppermans.net>
Sun, 5 May 2019 12:02:57 +0200
Them errors, sometimes they are subtle..

BM>> 115 quattuorvigintillion. (Or, as a fraction: 1/2256.)

I suspect there's a small character missing.   Try 1/2^256.

(which is hard to type with auto-incorrect aggressively trying to change
it to =C2=BD^256)


Re: A video showed a parked Tesla Model S exploding in Shanghai (Bell-West, RISKS-31.22)

Wols Lists <antlists@youngman.org.uk>
Mon, 6 May 2019 19:34:38 +0100
> But the energy density of petrol (gasoline) is over ten times as much
> (46.7MJ/kg), which is what makes it such a good fuel in the first place;
> and yet, somehow, parked conventional cars rarely catch fire.

Your own words give it away—petrol is a fuel, not an explosive.

Without an EXTERNAL supply of oxygen, petrol will not do anything.


Re: Electronic Health Records... (Risks-31.22)

Craig Burton <craig.alexander.burton@gmail.com>
Sun, 5 May 2019 14:00:44 +1000
I suppose this is too techno-optimistic of me but it seems wise for FDA/WHO
approval to potentially test new drug names for how machines can
differentiate them when they are spoken.

"This is a drug used to treat HIV infection, and its chemical name is
({[(2R)-1-(6-amino-9H-purin-9-yl)propan-2-yl]oxy}methyl)phosphonic acid.
Want to read that over the phone to a pharmacist? Neither does any human
anywhere. So instead, the people who discovered it came up with tenofovir.
Given the right stem, describing structure and function-- the -vir --
researchers can tack on syllables of their choice. ... New generic names
must meet standards set by the World Health Organization's International
Nonproprietary Names (INN) and the United States Adopted Names for
pharmaceuticals, and brand names must pass muster with the FDA"
https://www.popsci.com/science/article/2013-04/fyi-how-does-drug-get-its-name#page-2

But also many of these drug names are very similar, viz "Here are a couple
of recent reports involving look-alike and/or sound-alike drug names
reported to the Institute for Safe Medication Practices Medication Errors
Reporting Program (ISMP MERP)"
https://www.pharmacytimes.com/publications/issue/2010/december2010/medicationsafety-1210

So perhaps the WHO has a central register of drug names and a candidate new
name is said (by TTS, by people with various accents?) and the system can
differentiate the new name from the others, or it can't.  I can now imagine
an adversarial system to pick the new names, less like Xeljanz and more
like FlipRizKitPutz (with lots of fricatives and plosives):

"sonorant, sibilant and burst properties were the most important parameters
influencing phoneme recognition"

https://journals.plos.org/plosone/article?id=10.1371/journal.pone.0079279


Re: Is curing patients, a sustainable business model? Cost of naloxone (RISKS-31.21)

<sparsematrix@wattfamily.ca>
Mon, 06 May 2019 10:40:06 -0400
A quick search on the Web provided ample confirmation of the high cost of
naloxone in the USA.  See, for instance:

https://www.statnews.com/2018/11/08/costs-heroin-naloxone-tragic-snapshot-opioid-crisis/

Piqued by these prices I decided to check the situation in Canada.  In
Canada naloxone is freely available, i.e., without prescription, and it is
available in some provinces at no cost.

https://www.pharmacists.ca/cpha-ca/assets/File/cpha-on-the-issues/Naloxone_Scan.pdf

It is to weep.


Re: Gregory Travis's article on the 737 MAX (Travis, R-31.22)

Peter Bernard Ladkin <ladkin@causalis.com>
Mon, 6 May 2019 09:20:53 +0200
Gregory Travis has given us some useful further information.

I note that he did not disagree with my technical treatment of his mistakes,
except in one point, namely the frequency of occurrence of AoA-sensor
anomalies. Rather than use the informal terms "all the time", "not very
often", "common", and so on, I suggest we use the defined terms from the
airworthiness regulations, which are "probable", "remote", "extremely
remote" and "extremely improbable".

AoA sensor anomalies do not by themselves entail MCAS failure conditions. An
AoA sensor can fail high, or it can fail low. In both JT-610 and ET-302 the
DFDR readouts show one AoA sensor failing high. The example Travis cites of
ingested water, freezing at altitude, leads most likely to a fail-low
condition (the water freezes when the aircraft is in its climb-out to
altitude, at a reasonable AoA).

A fail-high apparently triggered MCAS anomalously and this, amongst other
things, led to the demise of JT-610 and ET-302. In contrast, a fail-low
(such as through water ingestion and freezing) may or may not lead to an
MCAS failure. It will not lead to MCAS failure if trigger-AoA for MCAS is
not achieved during the flight. We can expect that this will be the case on
most flights. On some flights, it may be that trigger-AoA is attained and
MCAS does not cut in because AoA is sensed low.  This is an MCAS failure. In
this flight regime, the quality of the aircraft's handling does not meet
regulation, but it by no means follows that the flight crew will have
difficulty in controlling the flight.

It seems that, in consideration of MCAS failure criticality, then, one needs
to distinguish between AoA-fail-high and AoA-fail-low. Travis doesn't give
the numbers; neither have I been able to find any on-line source for the
SDRs to see for myself. It turns out that if more than about 1 in 300 of the
AoA SDRs involves fail-high, the frequency of such failures is unlikely to
satisfy the "extremely remote" requirement for a "hazardous" failure
condition in 14 CFR 25.1309, resp. CS-25.1309.

More details, plus references to other helpful on-line articles, in
https://abnormaldistribution.org/index.php/2019/05/06/further-comment-on-the-ieee-spectrum-article-concerning-mcas/


Re: Gregory Travis's article on the 737 MAX (Ladkin, R-31.22)

Gregory Travis <greg@littlebear.com>
Mon, 6 May 2019 07:20:34 -0400
> Rather than use the informal terms "all the time", "not very often",
> "common", and so on, I suggest we use the defined terms from the
> airworthiness regulations, which are "probable", "remote", "extremely
> remote" and "extremely improbable".

I suggest we absolutely do not.  That is an intentional re-framing of a
story away from the dimensions of one of the greatest human and social
tragedies of our time and back to the restrictive world of engineering
lingua franca.  It is an insidious way to suppress the truth, masked as a
way to actually uncover the truth.

This is so far past the engineering world with its lexicon, its arcane
acronyms, and its processes.  That whole world fell apart as the forces of
human greed, fear, hubris and hope tore asunder the thin veil of
civilization that tells us “if we just follow the rules, everything will be
all right.''  For a select few, the rules were inconvenient to their
financial needs.  And so bugger the rules.  340+ people are dead and their
families are grieving.

Because it's not an engineering story, I deliberately took the approach of
using informal terms and a non-engineering approach to describing what looks
like an engineering failure on its surface but is instead a tragedy,
consisting of villains, victims and (hopefully) heroes.  I suspect that
PBL's objections to my article, like others that I have received from the
engineering community, reflect a kind of professional visceral pain that
their profession had such a large and central role in the execution of this
catastrophe.  And because of that pain, they are lashing out as shame turns
to anger.

'Tis better to fail-high, or fail low.  That is not the question.

Please report problems with the web pages to the maintainer

x
Top