The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 7 Issue 61

Tuesday 4 October 1988


o Program Verification: The very idea
Brian Randell
Daniel Klein
o Poor user interface -- police system
o Cash registers and tax
J Eric Townsend
o Re: Cash registers
o Fly-by-wire, absence thereof [MiG-29]
Henry Spencer
o Re: A New Portal For The Offensive -- FAX ATTACKS
o Re: Is Uncle Sam selling your name to mailing lists?
Matthew Huntbach
o More on monitoring Cellular Phones
Mike Linnig
o Info on RISKS (comp.risks)

Program Verification: The very idea

Brian Randell <>
Wed, 5 Oct 88 9:56:39 WET DST
I have just finished reading, with great interest and enjoyment, an article by 
J.H. Fetzer with  the above title, which appeared in Comm ACM 31,9 (Sept. 88) 
pp. 1048-1063. 

In my opinion it is a very careful and lucid analysis of the dispute between,
e.g., DeMillo, Lipton and Perlis on the one hand, and Hoare on the other,
regarding the nature of programming and the significance of program
verification. Its abstract is as follows:

  The notion of program verification appears to trade on an equivocation. 
  Algorithms, as logical structures, are appropriate structures for deductive
  verification. Programs, as causal models of these structures, are not. The
  success of program verification as a generally applicable and completely 
  reliable method of guaranteeing program performance is not even a theoretical

The final chapter, entitled "Complexity and Reliability", is the one which most
explicitly relates to the interests of the RISKS readership but its
understanding requires a careful reading of much of the earlier part of the
paper. The final chapter, incidentally ends as follows:

  In maintaining that program verification cannot succeed as a generally
  applicable and completely reliable method for guaranteeing the performance of
  a program, DeMillo, Lipton and Perlis thus arrived at the right general 
  conclusion for the wrong specific reasons. Still, we are indebted to them for
  their efforts to clarify a conclusion whose potential consequences - not only
  for the community of computer science, but for the human race - cannot be
  overstated and had best be understood.

Brian Randell


Daniel Klein - 412/268-7791 <dvk@SEI.CMU.EDU>
Fri, 30 Sep 88 13:00:55 EDT
The UV eraseable EPROMS that are found in many smaller computers are also
subject to failure when their picture is taken.  Yep, you read that correctly.
Once when I worked for the Computer Engineering Center, we were taking
publicity photos of one of our process control systems.  The system was
working just fine, but as soon as we took the photo, it crashed.
Surprisingly, the system right next to it did not.  We rebooted, the
processor, took another photo, and "blam", it crashed again.  What was
happening was as follows: the system that was crashing had the lid off, while
the one running had the lid on.  When we swapped the lid, the system that
crashed changed also.  We discovered that it was the flash that was causing
the problems, and the either there ws enough UV being emitted from the flash,
or simply that the light intensity was high enough to confuse the EPROMS for a
few machine cycles, and cause bogus information to reach the CPU, crashing it.

Poor user interface -- police system

Mon, 3 Oct 88 21:07:09 EDT
Reprinted without permission from the Providence New Paper:

    Providence Police Chief Walter Clark was grilled on his department's
  position on police/minority relationships, the effects of drugs on the
  community, and the speed and attitude of officers responding to calls.
  Answers and solutions were prompt.

    Chief Clark explained that all calls to the police department are
  entered into a computer and prioritized, but only the 20 or so reports
  visible on the CRT can be acted on.  Which is why it can take two hours for
  the police to respond to a burglary after the fact, as opposed to more
  immediate response to a burglary in progress.

It astounds me that the writers of such a piece of software wouldn't have
provided for the display to scroll, especially considering that there are
problems of starvation like this.  And what happens if there is a disaster,
like the New York blackout and widespread crime, such that there are more
than 20 urgent calls to be managed?

Cash registers and tax

j eric townsend <erict%flatline@sri-unix.UUCP>
26 Sep 88 20:23:26 CDT (Mon)
During a break between classes the other day, I decided to restart my tradition
of the "perfect student lunch": beer and grease.  I got my usual:  pizza,
$1.50, and a domestic beer, $1.50. (Ouch, time to put the cooler back in the
car... :-).  I went to the register, and the button-pusher told me I owed
$3.18.  Normally, tax isn't charged on food at UH.  What you see is how much it
costs, EOL.  I asked the clerk about this, as I'd gotten the same thing the day
before, and it had only cost $3.

 The clerk replied: "Oh, you probably got it at the other register.  This
 is the only register that charges tax."

 Me:  "Well, give me back my $.18, then, since you don't normally charge tax."

 Clerk: "Sorry, I can't do that, because the cash register says you owe $3.18."

There was a manager standing nearby who couldn't tell me if I owed tax or not...

Moral:  If you eat in the Satellite at UH, don't go to the far left register,
it charges 8 percent tax while the other registers don't.

(Actually, I think that UH adds the tax into the price of the food just
to make it easier to figure out your bill.  Then, the spend $$$'s trying
to reverse-engineer their retail costs... :-)

J. Eric Townsend, 511 Parker #2, Houston, Tx, 77007
Inet:             UUCP:  uunet!nuchat!flatline!erict
Bitnet: COSC3AF@UHVAX1.BITNET            ..!bellcore!tness1!/

Re: Cash registers

Peter G. Neumann <Neumann@KL.SRI.COM>
Thu, 29 Sep 88 14:29:39 PDT
We have previously had several tales such as the following, prompting someone
to note that segmented number generators initially display an "8" in each
position so that someone who is paying attention would notice when a segment is
burned out.  But in this case someone would have to use mirrors.

At lunch the scale for salads etc. has digital displays on two sides.  I was on
one side, the cashier on the other.  She told me the amount -- $1.93.  I noted
that it said $1.83 on my side.  She insisted that MY side had been wrong before
that day and that they were using HER side.  When told that the reason her side
said "8" instead of "9" was that one of the segments was burned out, she
finally acquiesced.  But it occurred to me that a different segment had
probably been out on my side, presumably in the units digit, which is what had
prompted her to believe that HER SIDE was the right side.  Groan.  P.

Fly-by-wire, absence thereof

attcan!utzoo!henry@uunet.UU.NET <Henry Spencer>
Tue, 4 Oct 88 00:53:56 EDT
The hit of the Farnborough Air Show this year was definitely the MiG-29.  The
Soviets sent two of them, basically to show off.  They did everything the F-18s
and the like did, and a couple of things that nobody in the West had thought of
doing with a jet fighter.  The interesting thing is, unlike their Western
competitors, the MiG-29s do not use fly-by-wire! They have plain old hydraulic
controls, no computers involved.  Doesn't seem to hurt flight performance, and
the pilots claim the same "carefree handling" as the computerized fighters.

                                 Henry Spencer at U of Toronto Zoology

re: A New Portal For The Offensive -- FAX ATTACKS

Tue 04 Oct 1988 17:46 CDT
Gee, I always thought that it was illegal to make use of the telephone to
harrass, or say obscene things to people who didn't want to hear it (i.e.
heavy breather sicko-types) -- or at least it is here in Illinois.  And if I
remember correctly, doesn't a receiving FAX print out the transmitting PHONE
NUMBER somewhere on the transmission?  If so, and you keep getting stuff that
you don't appreciate -- just call the cops.  If that doesn't fix the problem,
try sending back what ya got! :->

Re: Is Uncle Sam selling your name to mailing lists?

Matthew Huntbach <>
Tue, 4 Oct 88 20:11:31 BST
In the U.K. the electoral register is obtainable in most places in 
computer readable form. It is fairly easy to use it to target names
in fact mailing companies have produced directories mapping postcodes
onto average prosperity. Also the changing fashions for first names
can enable a good guess at ages.

Clearly the electoral register has to be made available to candidates.  As a
political activist myself, I know the value of computers in fighting elections.
But even if you only gave the register to candidates, what is to stop a mailing
list company putting up a candidate simply to get hold of the register?

More on monitoring Cellular Phones

Tue, 4 Oct 88 18:01:58 CDT
Alan Kaminsky (ark%hoder@CS.RIT.EDU) writes:

> When a phone detects a paging message with
> its own address, it broadcasts a page response message.  This response is
> received by all the cells in the system, and the signal strength is measured.
> The cell receiving the strongest response is assumed to be the cell in which
> the phone is located, an unused frequency in that cell is assigned, and the
> phone call is switched to a transceiver in that cell.

Ah, but could the phone company send out a page without a following
"ring them" message?  If they could, then they could periodically
poll your position, and your faithful cellular phone would report
it without your knowledge.

> As for business competitors monitoring calls you place on your cellular
> telephone, to find out your clients' phone numbers:  This is perfectly
> possible.... One hopes the FCC, police, etc.
> would prevent anyone from offering such a product commercially.

Well, the communication privacy act recently passed prevents you from
intercepting the audio side of the cellular phone conversation, but I doubt
if it prevents you from picking up the dialing info. I think such a device
might be considered in the same class as a "pen register." Pen registers
record the numbers called on a telephone circuit. I believe the Supreme
Court doesn't even require a search warrant to place a pen register on a
phone. It may be quite legal to record the phone numbers dialed by a
cellular phone. Someone with a law background want to comment?

    Mike Linnig,
    Texas Instruments

Please report problems with the web pages to the maintainer