Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…
This article appeared quite a while ago in ELECTRONICS ENGINEERING TIMES (June 13, 1988, p. 19): BRITAIN SCRUTINIZES SOFTWARE QUALITY by Roger Woolnough ...(Two) studies were commissioned last year from Price Waterhouse and Logica plc by the Department of Trade and Industry (DTI), the government department concerned with virtually the whole of British industry. The Price Waterhouse study sought to establish the costs and benefits of applying quality-management standards to software. The parallel study by Logica exmained the possibility of harmonizing the civil and military quality management standards. The failure costs are expensive. For British industry, the report estimates them conservatively at $900 million a year, and that includes only software produced domestically and sold on the open market. If imported and in-house software were included, the failure costs would be much higher. And on top of that there are substantial indirect costs, which Price-Waterhouse could not quantify. Price Waterhouse estimated that implementing a quality system would mean additional costs for a typical supplier with 50 to 100 employees of between $360,000 and $450,000 a year. Initial setup costs could be between $180,000 and $270,000, with no difference between large and small companies. The study was unable to estimate the reduction in failure costs that would result from wider use of quality systems but did work out the savings required to justify them - a 10 to 15 percent reduction in total failure costs over the life of a system. "If we consider costs and benefits to suppliers only," says the report, "a reduction in failure costs of 35 to 40 percent would be required to sustain the investment in a quality system. ... An improvement of this size is possible, but far from certain. Therefore it is possible that software suppliers could incur net costs as a result of introduction of a quality system. The evidence suggests that most users are not prepared to pay higher prices for software simply because a quality system was used by the supplier." (The Logica study compared various standards for software quality assurance, namely NATO's AQAP documents, used by the British Ministry of Defence, and international ISO9001. Logica found little difference in substance and recommended standardizing on ISO9001). - Jonathan Jacky, University of Washington
On 31 July 1988 lightning struck the drawbridge between Vineyard Haven and Oak Bluffs on Martha's Vineyard MA, paralyzing the three-phase controls and then ricocheting into the elevated transformer. As a result the Lagoon Pond access for 40 sailboats and tall powerboats was sealed off for almost three days. (This was the same weekend that the ferry Islander ripped a hole in its belly when it ran aground, backlogging 500 cars. And your moderator was there, finally getting a little vacation so that you all could get a little vacation from RISKS.) The previous lightning strike, only three weeks before, had closed the bridge for 24 hours. [Source: Martha's Vineyard Times, 4 August 1988, p. 1.]
On 5 August 1988, air traffic was delayed because a new software tape designed to relay departure information to air traffic controllers sent data to the wrong controllers. It took an hour to replace the software. The delays at Logan lasted for about 6 hours, tapering off slowly from one-hour delays. Delays also propagated to nearby airports. [Source: Boston Globe, 6 August 1988]
This is from an article in the "Australian" 2-Aug-88 retyped and
abbreviated without permission:
Two pilots blamed for air crash
Following an official report to the French transport minister
last week, responsibility for the crash of an Airbus A320 into trees
at an airshow in eastern France has been blamed on pilot Michel
Asseline & co-pilot Pierre Mazieres. The A320 gets a clean bill of
health.
Cockpit talk recordings from the black box revealed startling
over-confidence on the part of both men. Mr Asseline told Mr Mazieres on
the ground he would not use the aircraft's sophisticated alpha-floor
computer system, which automatically boosts the fuel supply to the
engines when its speed, altitude and incline indicate a danger of stalling.
He also disconnected a secondary system to boost power so he
would have maximum manual control, boasting that he would fly the
aircraft at 30m at low speed, with just enough power to keep the plane
at maximum incline without losing height.
Mr Asseline would then put on full throttle to climb away at a
steep angle, he said.
"You want to show off, huh?", the co-pilot said.
Several times before the critical manoeuvre the crew
contemptuously dismissed visual and aural wornings emitted by the
onboard computers.
The pilot responded to one by saying: "Knock that one off,
it's getting on my nerves."
Just before the fly past the co-pilot said:" `Right, you're
coming down to 100 feet, do it, do it."
"Right, I'm going for it, disconnect the fuel boost system."
"Watch out for the pylons ahead, eh? You've seen them, yeah?"
"Yeah, yeah, don't worry."
The co-pilot then told the pilot to put on full throttle. As
the aircraft failed to gain height the pilot was heard to curse.
Neither pilot has been formally accused of causing the crash,
although the transport ministry said a judicial investigation could
still bring charges.
Soon after the crash I saw an american TV report on the crash
which featured a so called "COMPUTER EXPERT" (the caption on the
screen, no mention of his field or qualification was made) stating
that "if it's pilot error it must be systems failure", without knowing
anything of the architecture of the software. Obviously there is a
risk in trusting experts in a field you know nothing of, because you
(in this case the NEWS service) are inclined to believe them.
Eric Roskos (Risks 7.30) asks, is vibration a common problem in A300's. I have
often experienced the throbbing you refer to, and have noticed that the wings
virtually beat on take off. I think this intended or at least seen as an
acceptable side effect of the wing geometry during take off. In general, I
suspect aircraft maintenance in the US is taken far less seriously than here
and this may be partly to blame.
Michael Pilling (bigm@banana.cs.uq.oz)
Years ago when cash-registers could only add, it was safe. Nowadays they can subtract as well, and so cash-register operators can't, and so you lose your change. It's been happening to me more and more often over the past couple of years. I explain: Formerly, the cash-register would add up all the prices of the things you bought, and at the end the operator would hit the `Total' button, and the till would pop open. You would proffer your money, and your change would be made up by counting out coins, then notes, adding to the total price and working up to the tendered value. Then you got the docket. But now, at the end of the sale, the operator punches in your tendered amount, and the cash register calculates the change, which is then counted out into your hand in the reverse order — big notes first, then little ones, then the coins get balanced delicately on top. Then you get the docket shoved at you. The coins slide off the notes in you hand, fall and roll under the checkout counter. Gone forever. Can't give you any more change, till won't balance. Your own mistake. Get out of the way, your holding up the other customers. Australia has recently been inflicted with a $2 coin, and the old $2 note has benn withdrawn. The Treasury, in its infinite wisdom, made the coin smaller than most of the other coins and out of an exceptionally light aluminium alloy, which made the problem even worse. I once asked a checkout girl why they had reversed the order of counting out the change. She said they were told to do it that way, since they "made less mistakes" and it was "easier". Actually, I expect the reason was so that the supermarket could sweep under the counters and collect all the dropped change. Robin Kirkham CSIRO/DMT rjk@mimir.dmt.oz (My opinions, only)
The following short article recently appeared in Cutis, a journal
of dermatology (I don't know the exact issue.) A note indicates
that the authors are with the Department of Dermatology, University
of Maryland School of Medicine. Reprints are available from:
Dr. Burnett
Division of Dermatology
University of Maryland Hospital
22 South Greene Street
Baltimore Maryland 21201
This article is reprinted without permission.
Figure 1 (omitted) is merely a picture of a user and an IBM PC.
---
``Dermatologic Manifestations in Users of Video Display Terminals''
Marline L. Cormier-Parry, MD
Gary V. Karakashian, MD
Joseph W. Burnett, MD
It is not surprising that with new technological advances, new dermatologic
entities also appear. Rosacea is a cutaneous reaction pattern thought to be
provoked by many factors including foods, alcohol, heat, and cold. Recent
reports have implicated exposure to video display terminals (VDT) as another
causative factor (Figure 1). Since the first reports from northern Europe
in 1982, when VDT exposure was related to the excerbation of rosacea, acne,
seborrheic dermatitis, and poikiloderma of Civatte, more recent reports
have appeared (references 1-3).
The symptoms and dermatitis associated with VDT use are usually paresthesia or
pruritus of the upper cheeks or perioral area with either solitary papules or
a fine erythematous papular eruption. The typical features of most cases of
VDT-associated dermatitis were onset of the eruptions two to three hours after
daily use of the VDT, improvement of the dermatitis on days the unit was not
used, and, low ambient relativie humidity at the time of the exposure.
VDTs produce several types of electromagnetic radiation. The cathode ray tube
emits low-energy x-rays. The phosphor material of the screen emits
ultraviolet, visible, and infrared radiation. The electronic circuits
produce radiofrequency and very-low-frequency radiation. Most electrical
and electronic equipment can generate ``electrical noise,'' a low-level,
broad-spectrum electromagnetic radiation. To date, no adverse biological
effects in humans have been documented from these electromagnetic fields
and the level of radiation emitted is far below the occupational standards
set by federal authorities (references 2-4).
The electrostatic fields, however, are more likely to be the causitive
agent of VDT dermatitis. Electronic fields are noted around most VDTs at low
humidity and tend to disappear at higher humidity (reference 5). Most cases
of VDT dermatitis have occured in northern Europe and during the winter
months, when the relative humidity is less than 40 percent. Further
evidence for this hypothesis comes from obserrvations that when the
electrostatic fields were reduced, operators' dermatitis and other symptoms
were also reduced. Whether this is a direct effect of the field itself or
an irritant dermatitis from airborne particles is unknown. Several female
operators have reported the deposition of their makeup on the VDT screens at
the end of a working day. However, the deposition of volatile and
particulate air pollution on the skin can be induced by electrostatic field
charge (reference 2). Furthermore, there have been several reports of
patients who were able to prevent the dermatitis by the use of physical
blocking agents, such as titanium dioxide or Duoderm.
Recently, computer manufacturers have introduced VDTs that have no static
electric fields as a means of preventing dermatitis. Electrostatic shields
are also available and widely used in northern Europe. The shield, which is
placed in front of the VDT screen, becomes conductive at relatively low
humidity and thus eliminates the static field. Improvement with these
shields, however, is usually temporary since their conductivity diminishes
with time. In the United States, the use of a skin-colored ``sun-block''
cream containing 2 percent titanium dioxide with iron oxides was recommended.
It showed some success in preventing VDT symptoms and the associated
dermatitis (reference 4). Improvement in some Norwegian cases was noted
after the substitution of antistatic floor carpeting in the work area
(reference 3).
References
1. Liden C, Wahlberg JE: Work iwth video display terminals among office
employees. _Scand J Work Environ Health_ 11: 489-493, 1985.
2. Berg M, Liden S: Skin problems in video display terminal users. _J Am
Acad Dermatol_ 17: 682-684, 1987.
3. Nilsen A: Facial rash in visual display unit operators. _Contact
Dermatitis_ 8: 25-28, 1982.
4. Fisher A: ``Terminal'' dermatitis due to computers (video display units).
Cutis 38: 153-154, 1986.
5. Berg M, Langlet I: Defective video displays, shields, and skin problems.
_Lancet_ 1(4): 800, 1987.
--
richard welty 518-387-6346 GE R&D, K1-5C39, Niskayuna, New York
welty@ge-crd.ARPA {uunet,philabs,rochester}!steinmetz!welty
RISKS Moderator Peter Neumann has an op-ed piece in the August 2 Los Angeles
Times with the headline
A GLITCH IN OUR COMPUTER THINKING
We Create Powerful Systems With Pervasive Vulnerabilities.
Although they are overly-familiar topics to RISKS readers, I trust the moderator
will permit a few quotes:
Our civilization seems to have developed an inherent craving for easy
answers, especially regarding technology. In particular, we tend to
anthropomorphize computers and endow them with human intelligence —
while at the same time we deify them and endow them with infalli-
bility....
One of the most serious problems in computer-related systems is the
inadequate protection of such valuable resources against unintended
or malevolent misbehavior by authorized as well as unauthorized
computer users — and against malfunctions of the computer systems....
[Brief mentions of computer-related problems at Pacific Bell, NASA,
banks, the Vincennes, false arrests....]
Computers and their communications are frequently vulnerable, but they
are also limited by the intelligence and wisdom of their developers,
administrators and users.
It is a common myth that the complexity of such systems deters mal-
feasants. In fact, the attackers may understand the system better
than many of the defenders. Digital technology is inherently finite
— there are only certain possible cases. The number may be large,
but often there are shortcuts that eliminate the need to search
exhaustively for a needed clue — password, design flaw or code bug....
There are no guaranteed complete solutions that can prevent computer-
system malfunctions, intrusions and both accidental and malevolent
misuse. But there are prudent measures that can be taken to reduce
the risks. [Better design and implementation, better laws, ...]
Above all, we must have a computer-literate populace — better
educated, better motivated and more socially conscious.
Computer security vulnerabilities are pervasive, but they are not
usually evident to the general public. Depending on flawed computer
systems will lead only to bigger disasters. Overall, we must work
much harder to understand and openly consider the true risks of
using computers.
Hi Riskees!
Last month's Computer Assurance conference — COMPASS '88 was a gas --
really good talks on electronic voting systems, computer assisted automotive
problems, fly-by-wire risks, and averting computer domino effects. Our
illustrious hero, Peter Neumann, gave a couple outstanding talks. For those
of you who haven't met him, he's just as quick with puns behind the podium
as when moderating our forum.
COMPASS dealt with averting disasters. On the flip side is the
1988 International Disaster Congress, Nov 9-11, in Chicago.
Sounds weird to me:
"How was your meeting?" "Complete disaster."
It sounds neat, but I can't afford $675 admission,
so if any of you Riskee's are going, could you post your notes to Risks?
Keynote Speaker:
Edward Teller (inventor of the H Bomb, promoter of Star Wars)
"Gaining a Global Perspective of Disaster Control"
Some session titles:
Prior Planning for "Acts of God"
Foreseeing Deliberate Acts of Violence
Anticipation of Technology's Catastrophes
Identifying Beforehand the Impact of Epidemics
Success Stories of Disaster Preparedness
Implemented Programs for Minimizing Natural Disaster Impact
Preventive Approaches to Controlling Deliberate Violence
Ventures for Mitigating Technological Accidents
Restraining Threats of Mass Disease
Sustaining Corporate Morale in Midst of Nature's Attack
Allocating Resources while under Siege
Damage Control at Accident Scenes
Minimizing the Spread of Current Epidemics
Cleanup Following Natural Disaster
Recovery from Violence Induced Calamity
Post Exposure Measures for Restoring Health
Timely Action following International Incidents
Eliminating All Effects of Sustained Disaster
Replacing Resources Destroyed by Natural Catastrophe
Restoring Order from Chaos of Deliberate Violence
Total Recuperation from Epidemic
Recovery Through Repossession and Reparations
Speakers are from:
Bay Area Earthquake Preparedness Project,
Univ. Rome, Univ. Delaware
Emergency Preparedness Council of Canada
Int'l Assoc of Fire Chiefs
Cincinnati Hazardous Materials Task Force
Maryland Institute for Emergency Medical Services
Disaster Services for American Red Cross
National Governor's Association
California National Guard
Association of American Railroads
Armed Forces Institute of Pathology
Israeli National Police
Association of Contingency Planners, American Savings/Loan
Federal Insurance Administration
Also, there'll be a Disaster Exposition, "A showing of products for
anticipating, coping with, and recovering from disaster."
Yikes — what do you think they sell to recover from
one of Teller's thermonuclear bombs?
Registration/Details:
Kotch & Poliak, 708 3rd Ave, NYC, 10017 212 557 6950
Cheers, Cliff Stoll Cliff@lbl.gov
Please report problems with the web pages to the maintainer