Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
From front page of "Computer News", 22 October: ``The Metorological Office will look at the performance of its Control Data Cyber 205 supercomputer as part of its investigation following last week's hurricane-force winds. The office has been criticised for failing to predict the speed and path of the storm. A spokesman for the Metorological Office said that the equipment, including computers, was always under consideration. He added: "The Cyber is not an easy machine to work with but all computers are fallible." Control Data did not comment. The Reading-based [southern England] European Centre for Medium Range Weather Forecasting, which supplies longer range data directly to the Bracknell centre [Met Office, close by], is happy with its Cray X-MP 48 machine. "We originally had a Cray-1 before upgrading to an MP 22 and MP 48 and we are exceedingly happy with our machine. "It gets better and better," said a spokesman.'' My understanding is the main reasons for lack of success in predicting the winds were a) lack of data (the storm came from over the sea -- fairly normal in Britain! — where there are few weather stations) and b) lack of computing power (and lack of good algorithms?). It has been reported in Britain that (mainland) Europeans were warned not to come to Britain up to 36 hours before the storm (presumably by forecasts from the European Centre mentioned above). It was not made clear as to whether storms were predicted in the English Channel or actually in England. The storm unexpectedly changed direction and increased in ferocity when it struck England. The BBC TV weather forecast (which uses the Met Office) the night before mentioned than someone had rung up to say they had heard a hurricane was heading in our direction, but the weather forecaster assured us it was not. The storm WAS predicted by the Met Office a few hours before it struck, but most people were in bed by this time. England being rather parochial, most radio and TV stations shut up shop at night. Had it occurred during the day, then storm warnings would have been broadcasted. Jonathan Bowen, Programming Research Group, Oxford University
The following letter was published in The Independent on Wednesday 21 October.
It comes from Norman Lynagh who is the managing director of Noble Denton
Weather Services. I have no idea whether he is offically associated with
the Meteorological Office but his letter seems to be a clear and accurate
statement of what went wrong with the forecasting of last weeks gales.
It also contains some interesting insights into the state-of-the-art
in weather forecasting. The bottom-line seems to be the familiar GIGO.
Robert Stroud, Computing Laboratory, University of Newcastle upon Tyne
ARPA robert%cheviot.newcastle@cs.ucl.ac.uk UUCP ..!ukc!cheviot!robert
* * * * * * * * * * * * * * *
Reproduced without permission from The Independent, Wednesday 21 Oct 87, p. 19
Copyright (c) Newspaper Publishing PLC 1987
Dear Sir,
The Met Office has come under a great deal of criticism as a result of its
failure to predict the severe storm in SE England last Friday morning. Some
of what has been said is accurate but a great deal has been unfair criticism.
Despite what has been said by many people, it was not until about 8pm that
it was really apparent that something out of the ordinary was developing.
Even at that stage it was not at all certain that exceptionally strong winds
would hit SE England. It was only an increasing threat. By about 11pm it was
certain that a storm of unusual severity would hit the SE.
There have been reports from various sources that warning had been given
by other meteorological services several days before the event. This is only
half true and, in any case, the Met Office was one organisation which did
give such a warning.
Several of the most powerful meteorological computers, including those at the
Met Office in Bracknell and the European Centre for Medium Range Weather
Forecasting at Reading, predicted five days in advance that there would be
a major storm somewhere in the region of southern England or northern France
towards the weekend. In broadscale terms, this prediction continued each day
after that, but the state-of-the-art in weather forecasting is such that it
was impossible to predict in any detail either the severity of the storm
or precisely when it would strike.
The depression which caused the storm had existed for several days before
it struck in SE England. Indeed, it was giving force 11 winds NE of the Azores
two to three days earlier. However, during last Thursday, as it moved quickly
NE into the Bay of Biscay, the structure of the depression was far from clear.
As Murphy's Law always seems to dictate in such situations, there were very
few observations available in the vicinity of the depression and it was very
uncertain as to what was exactly happening in Biscay.
As mentioned earlier, it was not until Thursday evening that the situation
became clear and it became obvious that the SE was going to have a night
to remember.
Meteorology now uses the most powerful non-military computers in existence
but the advances in the quality and quantity of input data have not kept up
with the computer technology. No matter how good the computer and the software,
it will not do a very good job if it is given inaccurate input data.
Summarising all the above, I do not think the Met office can be blamed for
failing to give a day or two's warning of a once-in-a-lifetime event.
The state-of-the-art of weather forecasting is such that the way this storm
developed and the precise detail of its effects could not be forecast more
than a few hours in advance.
What is more open to close scrutiny is why warnings to the public were not
issued until after midnight. I think they could well have been issued three
or four hours earlier but that is with the benefit of hindsight and it is
really a question which only the Met Office can answer.
Yours sincerely,
Norman Lynagh, Managing director, Noble Denton Weather Services, London EC1
As reported in RISKS 5.46, on October 17th the sale of World Series tickets
in Minneapolis, Minnesota, severely affected telephone service throughout the
upper midwest. NW Bell estimates about 200,000 calls were attempted to the
sale number in the first hour, and a similar load continued for hours.
Most telephones in the Twin Cities area had delays (with clicking noises) until
a dial tone eventually appeared (20-40 seconds on one of my phones and I
stopped measuring at 2 minutes on the other). Phone service was slowed
throughout the state and in parts of Iowa, Wisconsin, North and South Dakota.
Some incoming long-distance callers to other numbers report no problems.
At the customer's request, before the sale Northwestern Bell had set up a
temporary choke-type network to restrict the number of calls to the prefix and
number from central offices in the area. Despite the restrictions, the sheer
volume of calls overwhelmed the network. A NW Bell spokesman says the problem
was probably exasperated by customers with automatic redial. Fortunately the
sale was not scheduled for a business day.
There were interesting differences between this situation and those caused by
broadcast prize giveaways. The first was the large quantity of tickets that
stretched the demand over several hours, even after the sellout at 11:30 AM.
The Minneapolis-St. Paul toll-free calling area is one of the world's largest,
but since every successful caller would get rewarded by being able to buy
these prized tickets there were many incoming long-distance call attempts.
Iowa might have had an interesting situation if St. Louis had attempted the
same thing at the same time from the south — a possibility due to the limited
time to sell the tickets.
Phone calls for UUCP sites generally failed, since most modems and systems can
not detect dial tone. UUCP logs showed 80-85% failure rates during that time.
Fortunately, most USENET news transfers in the state are scheduled for times
other than the period affected so there was not a large backlog of data trying
to flow through most sites.
I will be suggesting to the Minnesota Public Utilities Commission that they
try to have 911 protected from this kind of problem. I think the way to reduce
giving a delayed dial tone to everyone is to try to give greater delays to
people trying to dial a number causing an overload. Preferably also give
even greater delays to repeat callers or autodialers. Presently the local
carrier is required to give equal service to everyone, even if that means
giving equally bad service.
Scot E. Wilcoxon sewilco@DataPg.MN.ORG {ems,meccts}!datapg!sewilco
Data Progress Minneapolis, MN, USA +1 612-825-2607
>From: Graeme Hirst <gh%ai.toronto.edu@RELAY.CS.NET> (RISKS-5.47)
>
>In RISKS-5.44, Scott Dorsey (kludge@pyr.gatech.edu) writes: ...
<>Have there been any cases of terrorist or political attacks on comp centers?
Along about 1970 (around the time of Kent State) there was a bombing at the
comp center (and a megabuck fire at the student union) at the University of
Kansas. I was on my way to the comp center from my office when the bomb went
off, and had it not been for some fortuitous circumstances that delayed me
that evening, would have been at a terminal about 15 feet from the explosion
when it happened. The computer operators suffered some minor injuries and some
permanent hearing losses. Our terminal server was a Datanet 30. The explosion
blew the doors off it, but it was still running until the machine was shut
down. I could probably tell some war stories about the incident, but this
digest is not the proper place for that. If anybody is interested, I'll provide
more details on the haziness of my recollections privately.
cdash aka cdash@boulder.colorado.edu aka ...hao!boulder!cdash
aka ...nbires!boulder!cdash aka (303) 593-3492
The computer center at U.C. Santa Barbara was taken over by protesters in the spring of '75. Although the computer room was secured behind locked doors it was easy for them to get control - several demonstrators merely lounged in the hall outside until an operator came, then when she unlocked the door to go in one grabbed her and held the door open for the rest. One operator inside shut the machine down immediately. Then the protesters ushered (all?) the operators out, and took over the entire building - taping printouts over all the windows and doors. They threatened to destroy the computer if their demands (more money for radical leftist groups) weren't met. The place was held for several hours (interesting sight: small group of demonstrators just outside the building, group of angry EECS students around *them*) before the police moved in and hauled the demonstrators away. (Another interesting sight: the leaders of the demonstration, very visible throughout the takeover, managed to vanish just before the police reached the building, leaving the rest to be taken away in the paddy-wagons.) The machine was not damaged. Bill Swan sigma!bill
In RISKS-5.45, Brent Chapman (koala!brent@lll-tis.arpa) writes:
>Have there been any cases of terrorist or political attacks on comp centers?
During the student riots at Columbia (April, '68), the computer center
lobby was briefly 'occupied'. The operators prevented access to the
machine room, and the center was then closed and locked for the duration
of the disturbance. The occupiers (who included physics grad students
and others familiar with the computer center and its operation) were
aware that the university's corporate data processing was done on a
separate system; that having the administration shut down the computer
center was as effective and as disruptive to the routines of the
university as shutting it down themselves; and, that due to the pricetags
of the equipment involved (several million $$), the administrators might
act 'irrationally' to protect the equipment.
Elliott Frank ...!{hplabs,ames,sun}!amdahl!esf00 (408) 746-6384
or ....!{bnrmtv,drivax,hoptoad}!amdahl!esf00
[the above opinions are strictly mine, if anyone's.]
from SUN-SPOTS DIGEST Volume 5 : Issue 53
Date: Wed, 14 Oct 87 10:10:38 NOR
From: Jeremy Cook <JMC%NOCMI.bitnet@jade.berkeley.edu>
Subject: Backup procedure
Our systems guy (Tom) came up last Monday evening to backup our Sun. He
was new to the job however and didn't know the root password. He phoned
Ingolf, but Ingolf didn't know it either so Ingolf, who was meeting Kikki
in town, asked Kikki. Kikki phoned in to Tom but the switchboard was
closed so the cleaning lady answered. Kikki told the cleaning lady the
root password, the cleaning lady went down to Tom and told him and Tom
came up to do the backup!
— Jeremy
In RISKS 5.46, there is a discussion by Jonathan Bowen about this Act which states that only a "casual" link is required to be shown between the software product and the injury. I would hope that the correct word is "causal".
In RISKS 5.45, Dave Curry explains the process that is used in UNIX to get from a password to an encrypted password. There are other systems that use similar schemes. For example, Multics also uses the low-order seven bits of each character in the ASCII password as input to a cipher routine. Multics uses these bits as both the key and the data. Dave claims that the truncation of the password to eight characters is not serious. I agree — if the user knows that only the first eight characters are really being used. When a user enters more that eight characters for the password, UNIX should provide a warning that only the first eight are used. Multics provides such a warning. Is the "modified DES" used by UNIX a one-way hash? Russ Housley, Xerox Special Information Systems, Vista Laboratory
The eight-character limit may have been designed in, but direct mapping into DES keys is no feature. The average entropy of English is about one bit per letter over blocks of eight or more letters; so rather than 56 bits of equivocation the routine assuredly provides eight. Hashing long strings together using CBC or CFB message authentication techniques yields eight byte hex strings in which every last trace of equivocation is present in a 'random' looking pattern. Time for a change of password routines.
We know that the new tax law requires a Social Security number for each dependent age 5 or older (if you want to list them as a deduction). Our school district is doing its part to make this easier for parents (and themselves). They are required "to identify students with either a Social Security number or an assigned number." Since many kids may not have an SS number, they have sent home a form to fill out to apply for a number. The school will provide copies of their (the school's) records to SS as part of the application for SS, and the SS cards will be distributed through the school. Of course, the form (that HAS to be returned) includes six options including (1) My child already has a social security number of ___ __ ____ (2) We have already applied; I will notify the school of the number when it arrives, (3) ... There is no option for (7) My child has one and it is not to be used to identify school records.
Please report problems with the web pages to the maintainer