Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
(quoted without permission from the July 4, 1988 issue of Aviation Week) "The investigation into the June 26 crash of an Air France Airbus Industrie A320 is focusing on the pilots' judgment in performing a slow-speed air show flyby with a fully loaded transport that they allowed to descend well below their filed minimum altitude." [background information on the crash deleted for brevity] "Video images of the accident showed that the A320 was stabilized in a nose- high attitude throughout the flyby, and that the mid/aft section of the aircraft struck the outermost row of trees at the perimeter of the airport. The aircraft then settled into the wooded area and burned. The pilots said they thought the aircraft was at an altitude of 100 ft. based on the flight instruments, and stated that the A320's two CFM International CFM56 turbofan engines did not respond correctly when they moved the throttles forward for full power." [The article goes on to quote the French Transport Minister Louis Mermaz and later the Director of the Direction Generale de l'Aviation Civile (DGAC) as saying that the aircraft's 30-ft. flyby altitude and its reduced airspeed "were confirmed by both the cockpit voice recorder and the cockpit data recorder."] "'When the pilot advanced the throttles, the thrust was increase was normal, but it [the power increase] apparently was made too late,' Tenenbaum said. 'This is important because the pilot reported after the accident that the engines did not respond. ... According to the data, the thrust increase to the full available power should have occured within 8 sec., and we saw it in approximately 5 sec.,', he said." [The article then describes the renewal of a long debate in France over the minimum crew requirements for the A320.] "'Based on the cockpit conversations we heard [on the cockpit voice recorder], the crew was perfectly aware of what was going on,' Tenenbaum said. 'They were perfectly lucid, they knew what altitued they were at because there were [computer-generated] voice callouts from the radar altimiter during the low pass, including an audible callout of 30 ft.'" [The article proceeds to describe the orientation of the aircraft during its low pass and as it struck the trees (nose-high level flight), the history of Air France's operations of the aircraft, that Air France has decided to suspend all further demonstration flights and that British Airways and Air France substituted other aircraft for their scheduled A320 flights for two days after the accident.] "Officials at British Airways said the airline had experienced no significant mechanical or electronic problems with the aircraft since they entered service earlier this year. Several European test and company pilots questioned the crew's reasoning in attempting to perform an air show-type low, slow flyby without apparent advanced training and with a passenger payload."
Though the A320 Airbus has redundant computer systems, they all use the
same air conditioning system. Does anyone know what the expected
failure rate of that system is, or how critical a failure would be?
Lee Naish
I can't match Mr Miller's polemic, but I can point out that he got just
about every fact wrong about flight 655. All of the information below
is from the Pittsburgh Post Gazette, Monday July 4. Their text comes
from an article by Stephen Engelberg of the New York Times News Service.
> So from now on it's hair-trigger 24 hours a day, and since I can't
> be sure my BOZO QZ999 Battlesys can knock down a missile once it's fired
> my only recourse is to knock the launchers down before they fire. They're
> bigger & slower & better targets anyway.
Do you have a problem with that? You criticize "the system" for
overreliance on technology and then fault the captain for his
caution?
> Shoot first and ask questions later.
3 warnings were radioed on civilian distress frequencies
4 warnings were radioed on military frequencies
A nearby Italian vessel reported hearing at least 4 of these warnings
All of the discussion I've heard said that he should have fired
2 minutes earlier, and would have been justified in doing so,
given the information available. Captain Rogers was very
forgiving to have waited as long as he did.
> The hell if I'm gonna be the next one to lose his Florida retirement condo to
> keep Marconi's rep clean." I can't find it in my heart to blame the man,
> either. Who wants to be the fall guy for a gigabuck defense contractor and a
> desperate, freebooting White House in an election year?
How about a more likely line of reasoning:
"Gee whiz, just after we sank two of those gunboats this plane
takes off from a nearby civilian/military air base and is
closing directly on my ship. It has no transponder and won't
answer my radio challenge. Maybe I should shoot it down to save
my ship and the men in my command."
> So along comes a jumbo jet, 25,000 feet, 430 mph
An A300 is much smaller than a jumbo jet.
It was flying at 9,000 feet and descending. It was shot down
at an altitude of 7,500 according to Iranian press releases.
It was traveling 450 knots (518 mph) and gaining speed.
> radar cross-section size of a football field.
The wingspan of an A300 is 147 feet, less than half the size of a
football field. That's a little more than twice the 64 foot wingspan
of an F-14. In any event the bottom line is that you can't reliably
identify planes from a head-on cross section. No one has ever said
they could.
> Software library in the EW battle computers says it's an F-14, kind that
> dinged the Stark.
The plane was tentatively identified as an F-14 not from radar
but from five other facts:
1. There were reports of 10 F-14's operating out of Bandar Abbas.
2. The flight took off from Bandar Abbas immediately after the
Vincennes fired on the three gunboats.
3. It had no transponder (a requirement for all civil aviation).
4. It was 4 miles outside of the commercial air corridor and
14,000 feet lower than a commercial plane should have been.
5. The plane was broadcasting on a military "mode 2" (I'm not
sure whether that's a radar or a radio). These were the
"electronic indications" the Admiral Crowe spoke of in his
press conference. (This comes from CNN news Tuesday, July 5).
Also, Flight 655 took off about an hour after it's scheduled
departure time; the captain had requested information about
scheduled commercial flights, but this search was not completed
before the decision to fire was made. Even if they'd had the
time, all they would have found was that it was the wrong time
to be a commercial flight. (Also from CNN News).
It may well be true that the Iranian pilot thought our technology
was so good that we could identify him properly despite the fact that he
was in the wrong place at the wrong altitude at the wrong time ignoring
(or unable to hear) frequencies he was required to monitor. To that
extent there may well have been an over-reliance on our technology.
The "target is destroyed" note in RISKS 7.15 of 5 Jul 88 was not pleasing to MY tastes; whether it was in good taste or not is a question that I won't raise; tastes are far too personal for rational debate. I know our moderator personally, and I trust his judgment. But I also know CAPT Will Chapel Rogers III; we had two years together at Baylor a long time ago. The traits that made Will a friend and a good student are ones that the Navy seeks in recruits, and develops in officers; I cannot believe that the goodness has been trained out him. I also know a thing or two about Aegis radar systems, F-14's, C3 systems used in Navy combatants. I know for instance that the "radar signature" of a "loaded fighter-bomber" [or other medium aircraft, carrying missiles] can look as large as a jet liner, for much the same reasons that a sequined bikini will reflect as much footlight as a white satin gown. And I learned Tues 5 Jul p.m. that the Iranian airliner was identifying itself as an F-14. The Vincennes fired for much the same reasons that the police in many cities fire at apparently armed assailants almost every day: self defense. When it sometimes happens that afterwards the attacker turns out to be relatively innocent [e.g., kid with a water gun], that's a "tragedy." One of the RISKS of using computers is that we sit in our cubicles and deal with machines - that feel no pain, leave no widows nor orphans; we come to think of human loss as statistics, which we compute so easily. The loss of one life is tragic; 290 at a stroke only serves to awaken our dulled senses! Tragedy is one thing; justification is another. I happen to believe in self- defense, an adequate army [and navy], and capital punishment. But I repeat, the loss of human life is tragic. Let's not rush to judgment just because the statistics get our attention. Instead, let us resolve [in Lincoln's words] that these 290 will not have died in vain: Let us rethink both our [computerized] weapons systems designs, AND their use. Bob p.s. The opinions herein, as always, are personal; NO conclusions can be drawn about my employer's concurrence or lack thereof.
Idle speculation: sometimes it's more interesting to listen to what wasn't said. In the recent attack on the Iranian airliner, why do I get the feeling that nobody on the Vincennes was monitoring tower-plane radio communications. (And the vague suspicion that there wasn't anyone on the ship fluent in Farsi.) Martin Minow
[Referring to the Mode 2 / Mode 3
confusion, and belief in the transponder:]
Seems it might be a good idea in a war to equip all the fighters with
transponders saying that they are say 767s?
An article in this morning's San Francisco Chronicle (p. A-12) is titled
"Electronic Errors
-----------------
Star Wars Planners' Lesson in the Gulf", by David Perlman
[...] The cruiser's Aegis system linking its radar with a battery of advanced
comptuers and missile launchers, had been hailed as "Star Wars at Sea" by the
Navy. But David L. Parnas [...] held a different view. "It is obvious," he
said in an interview, "that if you can't discriminate at close range between
an Airbus and an F-14 fighter, it would surely be even more difficult if not
impossible to discriminate between a Soviet warhead and a decoy baloon flying
on the same ballistic trajectory in outer space." ... "The Aegis system was
always presented to me in briefings as a defensive system only against
high-speed, low-flying missiles," Parnas said. "But, while I have no reason
to believe that it was the Aegis computer system that failed on Sunday, the
fact is that discriminating targets is vital for any defense."
I basically have a comment to make about the supposed response about the Vincennes defending itself against an attack from an inbound F-14. Were the F-14's that were sold to Iran during the 1970's stock F-14's or were they supplied with upgraded avionics and attack systems. The reason I'm questioning this, is because Grumman designed the F-14 to support the Navy's requirement for a powerful Air Defense Fighter. This explains the F-14's exceptional ""capabilities"" in this area... (such as the supposed ability to maintain lock on 24 inbound targets and to attack 6 of those targets using a mix of Phoenix Sparrow/AMRAAM, and Sidewinder missiles.) However, and I recall this from reading material published during the late seventies when Canada was looking to purchase a new all purpose fighter for the Canadian Airforce, the F-14 has very limited Air to Ground capabilities... its radar and attack systems aren't really designed to do it. (thats why Canada purchased F-18s instead, because it had multipurpose radars to deal with both modes of combat.) (The Canadian Air Force required a single type of aircraft that would be capable of dealing both with the close ground support environment of NATO commitments, as well as the long ranging Air Defence requirements over North America) Presumably the crew of the Vincennes would know about this wouldn't they??? (from news reports, Iran, is still using F-14's as Air to Air units, and not as ground attack birds.) If I were the Commander of the Vincennes, I would be worried if the Aegis was saying that the inbound aircraft was a Mirage or a Super Etenard (a Mirage is the aircraft that launched the two Exocet missiles that holed the Stark). So perhaps the big question is, why are they saying that they were worried about the possibility of an attack from an F-14? Jonathan P. Crone
The Captain of the Vincennes did the correct thing. If he can be faulted for anything, it is that he waited so long before acting. All the breast-beating in world and appeals to castigate the military notwithstanding, the correct action was taken. If a human failure took place, it was in the Iranian decision to fly a commercial aircraft over an area where a fire-fight was in progress, and in not responding to the reported 7 (repeat seven) attempts to raise the aircraft and have it identify itself. The loss of life was indeed tragic. The attempt to picture the U.S. Navy or U.S. policy as irresponsible is even more tragic. Mr. Miller seems genuinely confused over what is 'national interest'. I would submit 'national interest' is Canada selling its wheat to anyone it chooses regardless of what other nations; ostensible allies and maybe even friends, think. It is also an assertion that a tin-horn dictator, operating under the guise of religious leader cannot prevent free ship movement in the Gulf area. It is possibly also a belief that the rest of the world, maybe even Canada might suffer if oil does not move freely from the Middle East. [I guess the view of 'national interest' is crystal clear from the lofty towers of academe.] Let's get the forum back to technical risks and off of the political beat. Jim
I never imagined that picking locks could be so easy. A couple months
ago, I went to the Phoenix Public Library (!) and checked out a few books on
locksmithing. Surprise! The books all had chapters on how to pick locks for
fun and profit. One book explained how to make homemade lockpicks by
grinding down hacksaw blades. Using $0.99 hacksaw blades and a Dremel Tool
grinder, I made an assortment of lockpicks. K-Mart supplied me with an
assortment of locks to practice on and disassemble.
After a few days of practice, I found that I could pick open any disk
tumbler lock that I could find - these are the cheap locks found on desk
drawers, cabinet locks, window locks, and a few cheap padlocks and old door
locks. Most disk tumber locks take me less than 10 seconds to get open.
I've also picked open every pin tumber lock that I've tried, but they're
harder; most of them take about two minutes to get open. These are the locks
found on most doorlocks. The most difficult lock I've tried is the expensive
Master brand pin-tumbler padlock, which required about twenty minutes of
delicate work to pick open. (I disassembled it to see why it was so hard.
Master uses smaller pins than usual, made to very tight tolerances, without
the bevelled ends found on most pins.) There are such things as pick
resistant locks, but they are pretty rare. It seems that 99 per cent of the
locks in my life are pickable disk tumbler or pin tumbler locks. (I haven't
yet begun practicing on automobile locks; from the diagrams in the books,
they seem to have extra features that may make them harder to pick.)
I called some city and state offices, and one local locksmith, to see
if there are any laws regulating the possession and use of lockpicks in
Arizona. No one I talked to seemed to know anything about any regulations!
If it's so easy to pick open locks, why do burglars resort to harder and
messier ways of entering buildings, desks, cabinets, etc.? Are most burglars
incapable of learning such a skill, or does it just not occur to them?
Should I spend a fortune replacing the locks on my house, or are the risks
low that a burglar will pick the locks?
Randy D. Miller (602) 870-1696
GTX Corp., 8836 N. 23rd Ave., Phoenix, AZ 85021
{cbosgd,decvax,hplabs,amdahl,nsc}!sun!sunburn!gtx!randy
[One of the imperative themes in the RISKS Forum is that protection
measures are inherently compromisable. The myth of technology as a
panacea continues to haunt us. Most car-door locks are TRIVIAL to
break. Skeleton keys for house locks are simple to fabricate. Cyclic
redundancy checks and crypto seals are simple to break if the underlying
system is not adequately secure. Thus using a complicated mechanism
on top of a flawed mechanism invites compromise. The more sophisticated
the lock mechanism, the more challenges for the sophisticated attacker.
But the belief in technology as a magic wand is perhaps the most
dangerous of all — whether it is locks or automated defense systems. PGN]
I had to laugh at "The Eyes Have It". The last five digits of my NJ
driver's license number are 61664. This is supposed to represent my
date of birth and eye color. I was born on 11-22-66, and the last time
I checked my calendar, we didn't even have 61 months!
This made me think about PGN's comment about three extra "eye color"
values not being enough to prevent data collisions. Since it is
obviously possible to have the first "DOB" digit not match the actual
DOB, why not use 2-9 in that field? That, combined with the extra eye
color values, would leave room for almost eight times as many "identical"
people ("almost" because Jan-Nov and Feb-Dec birth dates would have to
share the extra numbers). They could still retain the DOB information
if 2-5 in the first digit = 0 and 6-9 = 1.
It also makes me wonder about the NJ DMV. I know they've had many
problems with their computer system (and their offices, and their
personnel, and ... :-), but this is ridiculous - not only do the two DOB
fields not match (they did get it right in the DOB space on the license),
but one of them isn't even a valid date!
(If the NJ DMV already uses different DOB #'s for data collisions, I apologize
for this entire article. I've *never* heard of anyone else with something
other than the DOB in those 4 digits. In fact, everything I have heard
makes my nuber look like a unique case. If there were a reliable way to
get information from the DMV I'd ask them, but they can't even tell me
what forms I need to register my car, so I'm afraid there's not much hope
of getting a correct answer to a question like this.)
Tracey Baker {att, rutgers!moss}!mhuxu!tab or tab@mhuxu.att.com (201)582-5357
Rm. 2F-211, AT&T Bell Laboratories, 600 Mountain Ave., Murray Hill NJ 07974
After noting charges on my last phone bill for calls made from places I've
never been, I called Pacific Northwest Bell (PNB) and changed the PIN on my
calling card. (I decided to pay the $3 in long distance charges since I had
given my PIN to an old girlfriend about a year ago.)
I was mildly surprised to find that the procedure for changing my PIN was to
tell the PNB representative on the phone what I wanted my new PIN to be. I
already (have to) trust the phone company, so this risk was acceptable to
me.
I was REALLY surprised by what I found out when I received a new calling
card in the mail today. (Probably sent automatically because I changed my
PIN.) Here are some of the "features" of my new calling card as explained in
the letter sent along with it:
"Exclusive extra security
When you look at your Card, you'll notice that your four-digit security
number is not shown. That means _extra security for you_, because only
you know the Security Code.
Maximum convenience
Turn your card over. The magnetic stripe on the back lets you use many
of the new Card Reader phones. _You don't need to enter your card
number or your security code_. Just slide your Card through the
special slot and dial! ... "
Identifying the problem with this is left as an exercise for the reader.
I think I'll just hit my card with a bulk tape eraser, and forget about
using card reader phones until PNB straightens this out.
Scott Peterson, OMSO Software Engineering, Intel, Hillsboro OR
sdp@sdp.hf.intel.com uunet!littlei!foobar!sdp!sdp
Please report problems with the web pages to the maintainer