The RISKS Digest
Volume 7 Issue 67

Tuesday, 25th October 1988

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…


o Unplugged Cable Plugs Orlando Traffic
Scot E Wilcoxon
o Airbus A320 in service
Henry Spencer
o Computer Literacy
Ronni Rosenberg
o Belgian PM's email tapped
Rodney Hoffman
o Police find hacker...and release him
Henry Cox
o Aegis user interface changes planned
Jon Jacky
o Programmable Hotel Locks
Allen J. Baum via John Rushby
o Nausea-inducing frequencies
David Chase
o Risks in Foundations of Numerical Analysis
John Cherniavsky
o Takeoff warning systems to be tested
Henry Cox
o Info on RISKS (comp.risks)

Unplugged Cable Plugs Orlando Traffic

Scot E Wilcoxon <sewilco@datapg.MN.ORG>
Mon, 24 Oct 88 15:05:47 CDT
In the story below, it is interesting to note the mayoral aide emphasizes that
the computer "system" did not fail.  Apparently the operating procedures
failed, and for only six minutes.

October 11th: "Computer snafu creates traffic jam"

ORLANDO, Fla. (UPI) _ An engineer's mistake paralyzed downtown traffic for six
minutes when signals remained red during lunch hour and forced the city to
call out police on horseback to unclog intersections.

Traffic engineers replacing a piece of Orlando's sophisticated traffic light
synchronizing system Tuesday forgot to plug in a cable, freezing the signals
at 34 intersections, mostly along Orlando's busy north-south thoroughfares
just after 12:30 p.m.

"It wasn't a glitch in the system. It was during an installation, someone
forgot to plug in a couple of machines," said mayoral aide Joe Mittiga.

Orlando's $3 million synchronizing computer started working this summer, but
Mittiga said workers adding equipment forgot to connect two parts and a backup
system failed to initiate when the main computer system failed.

"They were left unplugged inadvertently for six minutes," he said.

Thousand of drivers were stuck in traffic as the lights remained on
red, green or yellow, Mittiga said.
Scot E. Wilcoxon  sewilco@DataPg.MN.ORG    {amdahl|hpda}!bungia!datapg!sewilco
Data Progress    UNIX masts & rigging  +1 612-825-2607

Airbus A320 in service

Tue, 25 Oct 88 00:55:22 EDT
The 3 Sept issue of Flight International has a feature article about early
operational experience with the A320.  Apparently everyone has been rather
surprised that many of its teething problems have little to do with the
electronics.  Spare parts, in particular, have been somewhat of a problem.

One thing the airlines are quite happy with is the Centralized Fault
Display System, which keeps a running log of all in-flight problems for
scrutiny by the maintenance crews.  Both British Airways and Air France
plan to link the CFDS to a communications system, so that faults can be
reported from the air and spare parts can be waiting when the aircraft
lands.  At present, the written engineering log is still the official
and legal record of in-flight problems, but after some more experience
with CFDS this may be reconsidered.  There are still occasional bugs in
the CFDS software, but things are getting fixed.  The airlines say that
CFDS has been a major factor in keeping a new airliner running unusually

The fly-by-wire flight controls have behaved perfectly.

The engine-control computers likewise have a flawless record, although
at one point Air France replaced a number of them due to what seems to
have been a misunderstanding about the location of some problems.

Power spikes caused by the cutover from ground to onboard power have
been a headache, as they tend to trigger bad-power-supply detectors in
the computers.  These problems invariably happen on the ground, not in
flight.  Work is underway on fixing them.  Many of the computers
affected are in very minor control roles; a particular trouble spot has
been the microcomputer-controlled vacuum toilets chosen by Air France.

The biggest problem for both airlines is a set of design and manufacturing
flaws in the air-conditioning units, combined with shortage of spares.
Computers are not involved in this one.

Both airlines have a low opinion of the software in the Cabin Intercommu-
nication Data System, which controls cabin lights, signs, speakers, and
entertainment.  Both agree that the idea of the system is good and want
to see it operational, but the suppliers simply did not have production-
quality software ready in time.  "A kid could have written the software
for the CIDS", says BA, but in fact the current [3 Sept] software simply
does not work and BA has been bypassing it almost entirely.  The main
problem is frequent intermittent manlfunctions.

Spare flight computers are still being carried on each flight, but this
is routine for major no-go items on new airliners.  Airbus says that
there is now enough experience to justify dispatching an A320 with one
of its seven flight-control computers dead; the original rule required
all to be functioning.  Airbus is still working on "tidying up" the
flight-control software's responses to situations where the aircraft
has gone outside the normal flight envelope involuntarily, e.g. from
collision damage or sudden severe turbulence.  Assorted "nice to have"
features are also being implemented now that the schedule pressure has

The only change in Air France operating procedures since the airshow
crash has been a firm policy that airshow appearances will not carry
passengers henceforth.  The wreckage is being studied for lessons to
be learned; the Flight article observes that a crash into a mature
forest killed only three out of 136 people.  Of note are signs that
the floor-level emergency lighting system may not have turned on
properly, and the failure of the hand-held megaphone's mounting bracket
at rather less than its rated 9G.

The 24 Sept issue reports that the pilot of the airshow crash has been
fired, with the copilot's status yet to be decided.  A recent report by
the French civil aviation authorities contains the first independent
confirmation that the accident was caused by pilot error.  (The pilots'
union, of course, contests this.)  The report recommends an eight-year
suspension of the pilot's licence, and a two-month licence suspension
for the copilot.

"Officials familiar with the flight recorder evidence say that despite
the pilots' assertion that the aircraft was slow in responding to the
controls, the flight control computers probably prevented a worse
disaster by keeping the aeroplane unstalled when the pilots realized
too late that they were about to crash."

                                     Henry Spencer at U of Toronto Zoology

Computer Literacy

Ronni Rosenberg <ronni@VX.LCS.MIT.EDU>
Tue, 25 Oct 88 10:36:36 edt
I am writing a Ph.D. thesis on computer-literacy education.  One way in which
this work differs from previous work is that it incorporates the perspectives
of not only educators, but also computer professionals, the most computer-
literate group in society.  (To the extent that "computer literacy" means
anything, it must apply to computer professionals.)  To get more feedback from
the computer community, I am starting a RISKS dialogue on computer literacy.

I will be sending several messages about computer literacy, asking for your
opinions and reactions.  This is not a right-or-wrong issue.  Since I am
interested in what people think about computer literacy, all responses are
valid!  Reply to me directly if you don't think your message is appropriate
for RISKS.  (For instance, for my purposes, it is fine for lots of people to
send messages just saying they agree with what someone else said, but such
messages are best sent directly to me.)  As usual, PGN will publish in RISKS
the most relevant submissions.  In this case, he will also forward to me the
other submissions on this topic.

All submissions are confidential.  Anything that I quote or paraphrase will
be presented anonomously, unless I get explicit permission from an individual
to use his or her name.  Usually I don't attribute a comment more specifically
than to say, for instance, it is from "a Computer Science professor."  You can
indicate in your message the sort of work you do with computers, if you like.

          *               *               *               *

In a 1985 school survey, 96% of the respondents — classroom teachers,
computer coordinators, and administrators — said that their schools offered
instruction in computer literacy.  What do you know about course content and
materials, school hardware and software, teacher training, and so on?  Are
your children learning about computers in schools?  Have you been involved in
any sort of school advisory committee for computer education?  If computer-
literacy education has not crossed your path, what do you guess is taught in
a typical class?

Belgian PM's email tapped

Rodney Hoffman <>
23 Oct 88 18:13:40 PDT (Sunday)
From the 'Los Angeles Times', Saturday, October 22, 1988:


   BRUSSELS (AP) — Belgian Prime Minister Wilfried Martens on 
   Friday ordered an investigation into reports that a computer
   hacker rummaged through his electronic files and those of other 
   Cabinet members.

   The newspaper De Standaard reported that a man, using a personal
   computer, for three months viewed Martens' electronic mail and
   other items, including classified information about the killing
   of a British soldier by the Irish Republican Army in Ostend in

   The newspaper said the man showed one of its reporters this week
   how he broke into the computer, using Martens' password code of
   nine letters, ciphers and punctuation marks.  "What is more,
   during the demonstration, he ran into another 'burglar' ... with
   whom he briefly conversed" via computer, the newspaper said.

Police find hacker...and release him

Henry Cox <>
Mon, 24 Oct 88 09:19:44 edt
[ From the Montreal Gazette, 24 October, 1988 ]


London (New York Times) - Police said yesterday that they had found
and questioned a 23-year-old man who used computer networks to break  
into more than 200 military, corporate, and university systems in
Europe and the United States during the past five years.

The man was asked about an alleged attempt to blackmail a computer
manufacturer, but an official for Scotland Yard said that there was
not enough evidence to pursue the matter.  He was released.

The man, Edward Austin Singh, who is unemployed, reportedly told the
police he had been in contact with other computer ``hackers'' in the
United States and West Germany who use communications networks to
penetrate the security protecting computers at military

Singh's motive was simply to prove that it was possible to break into
the military systems, police said, and apparently he did not attempt

London police began an investigation after the man approached a
computer manufacturer.  He allegedly asked the company for $5250 in
exchange for telling it how he had entered its computer network.

The company paid nothing, and London police tracked the suspect by
monitoring his phone calls after the firm had told Scotland Yard
about the incident.
                    Henry Cox (

Aegis user interface changes planned

Mon, 24 Oct 88 09:43:56 PDT
Here are excerpts from, "Fixes to Aegis system recommended by Navy," 
by John A. Adam, THE INSTITUTE (News supplement to IEEE SPECTRUM) vol 12
no 11, Nov. 1988, pps. 1,2:

"The Chief of Naval Operations is to assess a redesign of the Aegis
large-screen display that would allow the option of showing an aircraft's 
altitude directly.  Admiral William J. Crowe said "it was never adequately
reconciled" why the operator misinterpreted the digital readout of the 
airliner's altitude as descending while the replayed data showed constant
ascent.  The descending profile added to the perception of the approaching
aircraft as hostile (in the July 3 1988 shootdown of an Iranian commercial
airliner, which was mistaken for a hostile F-14).

Four screens, which make up the principal visual information source for the
ship's top combat officers, at present show two-dimensional tracks of 
targets each tagged with a 24 character alphanumeric label indicating such
data as velocity and identification ... Defense secretary Frank Carlucci
said that to find range and altitude information of a target on the screen,
one must examine a computer readout, which is distracting.  "We think it's a
good idea to display altitude and range on a large screen," Carlucci said.
"I think you could probably even put an arrow on whether it's ascending or 
descending." ...

The investigation also found that Iranian Flight 655 was emitting the
civilian identification-friend-or-foe (IFF) mode 3 squawk - not a military
code as had been supposed by the Vincennes crew. .. Misidentification of 
the airliner's signal for a mode 2 military squawk happened because the
radar operator left his range gate at the airport for 90 seconds instead
of moving it, said Carlucci.  The signal from another aircraft was picked
up, which led the Vincennes Combat Information Center to declare the contact
an F-14 fighter. ...

At the press conference, Carlucci said of the Aegis: "I'm not indicating 
it wasn't designed correctly," he said, but "as you go through experience
with any weapon system you improve the design," particularly in combat.

- Jonathan Jacky, University of Washington

Programmable Hotel Locks

John Rushby <>
Mon 17 Oct 88 17:09:58-PDT
>From cslb!joyce!ames!mailrus!!bloom-beacon!apple!baum Mon Oct 17 16:54:22 PDT 1988
Article 4803 of
Path: cslb!joyce!ames!mailrus!!bloom-beacon!apple!baum
>From: baum@Apple.COM (Allen J. Baum)
Subject: Re: Programable Hotel Locks
Message-ID: <18933@apple.Apple.COM>
Date: 17 Oct 88 20:16:04 GMT
Reply-To: baum@apple.UUCP (Allen Baum)
Organization: Apple Computer, Inc.

>In article <> (Chuck Weinstock) writes:
>I wasn't sure where to post this, but seems like a
>reasonable possibility.  Many hotels these days have programmable
>locks.  Upon checkin, a card is either magnetized or punched and
>serves as your key.  My question is, how is the lock itself
>programmed?  It's hard to believe that they run wires all around the
>hotel and through the hinge of the door, though I suppose that's possible.
>Chuck Weinstock

I've been told that the locks contain a feedback-shift-register, or
something similar. It, internally, generates the next key. If a key
it doesn't recognize is inserted, it checks it against the next key.
If it matches, the lock advances to the next combination. At the
desk, they know how to generate a new combination from an old one,
and they know the last key issued, so they merely generate the new key.
Simply inserting the new, valid key into the lock does all the work of
updating. Presumably, there are also master-key, and resetting provisions.

what th

{decwrl,hplabs}!nsc!      (408)973-3385

Nausea-inducing frequencies ( Re: RISKS-7.66 )

David Chase <>
Thu, 20 Oct 88 16:45:34 -0700
Ask any competent neurologist and you should get a quick answer.  Flashing
lights at certain frequencies (I think 15Hz is one very important one) can
induce nausea and/or epileptic seizures in some people.  A neurologist told
me of encountering three people in one day who had been zarked by the same
failing flourescent bulb at a meat counter.  Flashing lights are also a part
of EEGs taken when epilepsy is suspected.

As far as the props go, it could have been a visual flicker effect, or it
could be that sounds can have a similar effect.  May I suggest (to the
curious among the audience) that you NOT try this experiment at home;
epileptic seizures are not especially good for you, and the known occurrence
of one tends to legally hinder your use of heavy equipment (like
automobiles) for a period of time.

Risks in Foundations of Numerical Analysis

John Cherniavsky <>
Fri, 21 Oct 88 10:28:43 EDT
In the October 1988 Bulletin of the American Mathematical Society there is
an article by Peter Linz, "A Critique of Numerical Analysis", that points up
the inadequacy of the foundations of numerical analysis.  In that article
he points out the inadequacies of current error analysis, the lack of
information regarding the fit of the numerical model to the real world
phenomenon that is being modeled (inappropriate choice of norm is his
example), and the lack of a mechanism to validate or test the numerical
model against the real world phenomenon being modeled.

With the advent of computers that can carry out three dimensional numerical
modeling and the use of such computers in the design of safety critical
systems (such as airplanes), a lack of adequate mathematical foundations for
numerical analysis could lead to serious consequences.

Takeoff warning systems to be tested

Henry Cox <>
Fri, 21 Oct 88 11:18:41 edt
[ From the Montreal Gazette, 21 October, 1988


Washington (AP) - The government has ordered immediate tests of takeoff
alarm systems on nearly 1800 Boeing 727 and Boeing 737 jetliners in the
U.S. after finding "a significant number" of the alarms not working

The alarms are a critical safety device because they warn pilots if
they have improperly set imstruments or control devices during takeoff.

The Federal Aviation Authority yesterday told the U.S. airlines they
must conduct the tests immediately and continue the checks every 200
flight hours.

Last year, the failure of pilots to set their flaps properly led to the
crash of a Northwest Airlines jet in Detroit, killing 156 people.

Investigators say a similar oversight remains a possibility in the
crash of a Delta Air Lines Boeing 727 in Detroit last August in which
14 people were killed.

In neither case was there any evidence that the takeoff alarm sounded.

The Delta crash led the aviation authority to order airlines in September
to check the alarm systems on nearly 1200 Boeing 727 aircraft.

The agency said yesterday tose checks resulted in "a significant number
of inoperative warning systems discovered" on the Boeing 727 aircraft.
It said that in 35 cases, the warning alarm either failed altogether or
operated improperly.

Although the September tests covered only Boeing 727s, the agency
concluded all Boeing 737 aircraft because their alarm systems are
"similar...and subject to similar fairlures."

[ Of course, even if the alarms do work properly, they must be ON to be
effective.  In the wake of the crashes in India on 19 October, there
have been several stories in the paper about other crashes where the
pilot turned off the alarms because they were annoying him, and then
neglected to put the landing gear down. ]

                    Henry Cox

Please report problems with the web pages to the maintainer