| University of Bielefeld - Faculty of technology | |
|---|---|
|
Networks and distributed Systems
Research group of Prof. Peter B. Ladkin, Ph.D. |
|
| Back to Abstracts of References and Incidents | Back to Root |
| This page was copied from: http://catless.ncl.ac.uk/Risks/16.31.html | |
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Unda(u)nted exploration: DANTE II
Denver "solves" hi-tech baggage handling problems
Re: Squirrels again bring down Nasdaq
More than squirrels: Newbridge Networks
Re: RISKs of electrical wiring
Re: The Cult of Information
Rapid Application Development (RAD)
Intel plant in Albuquerque
Madcap world of modern banking
A330 Crash investigation report: Pilot error blamed for crash
Workshop Announcements PDCS2 and SCSC
CSR Software Reliability & Metrics Club - Meeting Announcement
Washington DC ACM Seminar
Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.
The Dante II robot (successor to Dante I, whose fiber cable snapped only 21
feet down into Mt Erebus in 1993) has been exporing the volcanic crater of Mt
Spurr in Alaska, apparently with great success in gathering information in a
human-risky environment after the 1992 eruption. En route to the bottom,
Dante II survived being hit by rocks and slopping through mud and snow; prior
to its descent its satellite dish antenna was chewed on by a bear. However,
the last few days have provided grist for the RISKS mill as to what can go
wrong going wrong. Last Wednesday (3 Aug 1994) the robot lost power, and then
its transmitter went dead. On Thursday, a short-circuit (due to condensation)
was fixed in a connector to the 1000-volt power and communications cable. The
robot then was able to begin its ascent (at three feet per minute). On Friday
night, the 1700-pound Dante II lost its footing when one of its eight legs
malfunctioned, and it toppled over. Plans are now afoot (no pun intended) to
hoist it out by helicopter, or if that fails for a geologist (John Laskeivitch
of the Alaska Volcano Observatory) to climb down and attach a tether -- using
the knowledge obtained from Dante II that there are lots of rocks but that the
expected hot gases are no longer present. The robotic software seems to have
functioned well throughout. [SOURCES: PGN News Service from articles by
Charles Petit in the San Francisco Chronicle, 4-5 Aug 1994, and AP items, 7
and 9 Aug 1994.]
It looks as if the folks in Denver have figured out what they need to do to
finally get their new airport open. As you may recall, it has failed to open
for quite sometime because the amazing, computer-controlled, $200 million
baggage handling system simply doesn't work. Nor does it appear that there is
much hope of making it work quickly. The more deeply the system is inspected,
the more problems are found.
Videos of the failing system under test are great fun to watch. Bags being
flung at carts that aren't where they're supposed to be, carts flying off
tracks, bags flying through the air smashing into the ground, and so on.
Quite a show.
So how to open the airport? Simple! They've apparently decided to spend more
bucks and build *another* baggage handling system--the conventional kind with
conveyer belts. After they build this new, old-style system, they'll finally
be able to open the airport, which is currently losing something like $1
million/day just sitting there.
The plan is to shift back to the computerized system when (if?) they get all
the bugs out of it.
--Lauren--
>Nasdaq once again was shut down by an energetic squirrel ...
To many people interested in commercial power (including computer center
managers such as yours truly was at one time) the word "squirrel" is often
defined as "a self-propelled short circuit".
Joe Morris / MITRE
There was a followup article (which I don't have handy) in the times noting
that this the outage caused trade reconciliation algorithms to fail.
A general problem is cascading failures when interacting timeouts start going
off.
Squirrels aren't Nasdaq's only problem. According to an article in New York
Times, there are also some race conditions in their procedures.
The article describes attempts to stop trading in Newbridge Networks stock.
Apparently the attempt to stop trading was entered at 9:32 instead of 9:30 due
to an error entering a command. Many options (more highly leveraged than
shares) got through and were confirmed. They were retroactively cancelled.
There are two basic problems. One, as the article noted, is that a
confirmation is not a confirmation. The other is the contrast between human
speeds and computer speeds. Two minutes is a very very long time.
Regarding the electrician who blew out some equipment by dropping the neutral
from a circuit, causing a power leg to go to around 220V (about double the
North American standard of ~117V). One might suggest that (even though it can
be inconvenient) turning *off* the power to areas that could be directly
affected by ongoing electrical work would be a simple and mandated procedure.
No fancy protective gear is needed in this case. Just turn off the breakers
until the work is done.
--Lauren--
> Roszak, in this book, is not attacking the idea of computerization
He already did that in a novel called "Bugs".
I am writing an article on Rapid Application Development (RAD) and would like
to include a risky horror story or two, if anyone has one they want to share.
If you can BRIEFLY describe a project where RAD techniques were used to
develop a system or software which resulted in quantifiable losses (in terms
of time, money, etc.) to an individual or organization, I will consider
quoting you (with proper citation of course). The anecdote must be traceable
to an organization or individual involved (there can be some anonymity, but
some person or group must be identifiable so the story can be verified).
Please send replies DIRECTLY to mercuri@gradient.cis.upenn.edu
Sorry, I don't have time to address other matters (like "what is RAD?" -- if
you don't know then you probably weren't using it).
BTW, I'm especially interested in projects where an outside consulting team
came in, used RAD, developed something and left it either unfinished,
undocumented, untested, and/or unsupportable. Hope someone wants to go on
the record with their experience(s).
Thanks in advance, Rebecca Mercuri
The SouthWest Organizing Project is engaged in a campaign against the Intel
chip fabrication plant in Albuquerque, New Mexico. They allege excessive
water use, chemical hazards to workers, and large expenditures of public funds
for small numbers of jobs for local people. Their report is available from
them (US$10 plus $1.50 p/h) at SWOP, 211 10th St SW, Albuquerque NM 87102,
USA.
Phil Agre, UCSD
The Sunday Times reports on 7th August that one of its readers in
Hertfordshire, England, paid a cheque for a thousand pounds into her account
with Barclays Bank in June. The cheque bounced, and Barclays did not credit it
to her account; but for no reason they also removed a further thousand,
causing her to go overdrawn.
After writing letters and waiting for weeks, she got a letter from Barclays
explaining that the loss was ``a quirk in our accounts processing system which
is effectively debiting twice the amount of a customer's unpaid in cheque''.
It goes on: ``Your helpful comments are valuable to us in prioritising the
resolution of difficulties such as those experienced by you''.
I suspect that many firms only fix software bugs when enough
customers have complained about them. But how many make a virtue
out of it?
Ross Anderson Cambridge University Computer Laboratory rja14@cl.cam.ac.uk
[Erik provided an article from the U.K. *Times*, 3 Aug 1994, p.7, which
is omitted here. The article noted confusion on the flight deck and
three seconds of hesitation by a tired chief pilot as being responsible
for seven deaths on the test-flight takeoff of an Airbus A330. PGN]
My comment is that in the absence of an obvious single fault in the hardware
(which in this case mostly is software) the default explanation is "human
error". It looks rather as if the combination of automation, ill-defined
tasks, and an unsupportive organisation were the real causes. But I would not
expect Airbus to ever acknowledge that.
erik.hollnagel.hra@eurokom.ie
Erik Hollnagel, Technical Director, Human Reliability Associates Ltd.,
School House, Higher Lane, Dalton, Lancs. WN8 7RP, UK +44.257.463.121
PDCS2 2nd Open Workshop Safety-Critical Systems Club
(Predictably Dependable
Computing Systems 2) & 14th Meeting and Seminar on
New Technologies
Newcastle upon Tyne Leeds
19-21 September 1994 22-23 September 1994
Introduction
The issues addressed by the PDCS2 research project and SCSC members are
closely related. It is because of this, and the geographic proximity of
the locations, that we hope to facilitate attendance, by interested
parties, to both events.
PDCS2 2nd Open Workshop
The 2nd Predictably Dependable Computing Systems (PDCS2) Open Workshop will
be held on 19-21 September, at the University of Newcastle upon Tyne,
starting at 2.00 p.m. (with registration and lunch from 12.30 p.m.).
The PDCS2 Workshop will comprise technical presentations of the year's
work. There will also be demonstrations of prototype software and systems
developed by the project. Further details are provided in the preliminary
programme shown below.
PDCS2 builds on, and takes significantly further, the work of ESPRIT Basic
Research Action PDCS on the problems of making the process of designing and
constructing adequately dependable computing systems much more predictable
and cost-effective than at present. In particular, it addresses the
problems of producing dependable distributed real-time systems and
especially those where the dependability requirements centre on issues of
safety and/or security. The research programme is concentrated on a number
of carefully selected topics in fault prevention, fault tolerance, fault
removal and fault forecasting. It ranges in nature from theoretical to
experimental and in a number of cases the acquisition or implementation, in
prototype form, of software tools, and their experimental interconnection.
SCSC 14th Meeting and Seminar on New Technologies
The 14th meeting of the Safety-critical Systems Club will be held on 22-23
September at The Marriott Hotel in Leeds, starting at 10.00 a.m. with
registration and coffee from 9.30 a.m. On Thursday 22 September the theme
will be "New Technologies for Safety-critical Systems" and the programme
will address the application of technologies such as formal methods, neural
networks, knowledge based systems, and robotics to the safety critical
domain, enquiring into their readiness for this role, and examining actual
experience. On Friday 23 September the event will focus on "Introducing
Formal Techniques" and will provide an overview presentation on how to
manage the introduction of formality, together with talks describing real
case histories.
The Safety-critical Systems Club was formed in 1991 with support from the
DTI and SERC. It provides a regular forum for presentations and
interaction on a wide range of topics concerning the use of computing
systems in safety-critical applications. The majority of participants are
practitioners and users of such systems, but developers and research
workers are also represented in the membership of almost 2,000. Each year
the club holds a series of meetings and seminars, circulates a regular
newsletter and organises a three day conference on the theme of
safety-critical systems.
PDCS2 - ESPRIT Basic Research Project 6362
Predictably Dependable Computing Systems
2ND PDCS2 OPEN WORKSHOP
WORKSHOP PROGRAMME
19-21 September 1994
University of Newcastle upon Tyne
MONDAY 19 SEPTEMBER
12.30-14.00 Registration and Lunch
14.00-14.15 INTRODUCTION
Brian Randell (Univ. Newcastle)
14.15-15.45 FAULT PREVENTION &
FAULT TOLERANCE:ARCHITECTURAL ISSUES
A Systematic Approach for the Analysis of Safety
Requirements for Process Control Systems
- Tom Anderson
(Univ. Newcastle)
A TTP Solution to an Automotive Control System
Benchmark
- Hermann Kopetz (TU Wien)
15.45-16.10 COFFEE
16.10-18.00 DEMONSTRATIONS
- - -
TUESDAY 20 SEPTEMBER
09.00-10.30 INVITED SPEAKERS FROM INDUSTRY
10.30-11.00 COFFEE
11.00-12.30 FAULT TOLERANCE: LANGUAGE ISSUES
Implementing Fault-tolerant Applications: an
approach based on reflective object-oriented
programming
- Jean-Charles Fabre (LAAS-CNRS, Toulouse)
Object-Oriented Environmental Fault Tolerance
- Cecilia Calsavara (Univ. Newcastle)
12.30-14.00 LUNCH
14.00-15.30 FAULT FORECASTING: METHODOLOGY ISSUES AND MARKOV
MODELS
Engineering Judgement about Dependability: pitfalls
and defences
- Lorenzo Strigini (CNR, Pisa)
Availability Bounds for Large Markovian Models of
Fault Tolerant Systems
- Pierre-Jacques Courtois (UC Louvain)
15.30-16.00 COFFEE
16.00-18.00 DEMONSTRATIONS
20.00 WORKSHOP BANQUET
- - -
WEDNESDAY 21 SEPTEMBER
09.00-10.30 FAULT FORECASTING: RELIABILITY AND AVAILABILITY MODELLING
Software Reliability Analysis of Three Successive
Generations of a Switching System
- Karama Kanoun (LAAS-CNRS, Toulouse)
Relativistic Reliability Modelling for Highly
Reliable Systems
- Bernard de Neumann (City Univ., London)
10.30-11.00 COFFEE
11.00-12.30 FAULT FORECASTING: FAULT INJECTION
Comparison of Two Fault Injection Techniques
Supported by the MEFISTO Tool
- Marcus Rimen (Chalmers UT, Goeteborg)
Comparison and Integration of Three Diverse
Physical Fault Injection Techniques
- Johan Karlsson (Chalmers UT, Goeteborg)
12.30-14.00 LUNCH
14.00-15.30 INVITED SPEAKERS FROM INDUSTRY AND CONCLUSION
Including closing address
by Jean-Claude Laprie (LAAS-CNRS, Toulouse)
[PLEASE CONTACT BARRY DIRECTLY FOR THE FULL ANNOUNCEMENT.
IT IS TOO LONG FOR RISKS. PGN]
Dept. of Computing Science, Claremont Tower, University of Newcastle,
Newcastle upon Tyne, NE1 7RU, UK
EMAIL = j.b.hodgson@newcastle.ac.uk PHONE = +44 91 222 7948
FAX = +44 91 222 8232
CSR
Software Reliability & Metrics Club
announces its forty-second meeting,
to be held at Brighton on 12th October 1994,
a seminar on
=========================
|| Process Improvement ||
=========================
Learn from the practitioners
The morning session will be devoted to talks by leading experts in the
increasingly important field of software process improvement, dealing
with significant practical issues:
* How to measure software process improvement
* Identifying opportunities for process improvement
* Defining and describing processes
* Reasoning about process effectiveness
* Achieving and quantitatively demonstrating improvement
Explore the key issues
After meeting with their peers over lunch, groups of delegates will work
together, sharing their collective experience, and discussing some of
the topical issues in the field of process improvement:
* Bottom-up or top-down?
* How to get started
* Which comes first - the process or measurement?
Delegates are encouraged to suggest other topics for discussion in this
part of the meeting; to do so, fill in the relevant part of the tear-off
slip on the next page. The working session will be followed by reports
back to the main meeting, and an open discussion of the issues raised.
Discover the future
Following informal discussion over tea, the final session of the day
will be led by one of the key players in determining the future
development of this important field. This perspective will be important
for all who are planning to be, or are already, involved in the software
process improvement area.
Who should attend
This meeting is aimed at anyone with a professional interest in
improving software development processes, including:
* software engineers, project managers and quality personnel wishing
to learn about the practice of process improvement
* experienced process improvers who wish to broaden their knowledge
and keep in touch with the latest developments
* researchers wishing to learn from the practical application of
process improvement ideas.
Why you should attend
The benefits of attendance at this meeting include:
* exposure to the practical experience of other professionals who
have successfully applied software process improvement within
their companies and for the benefit of their clients
* opportunities to share your experiences and problems with other
professionals, both during the formal sessions and informally
during the breaks
* updating on the practice of the leaders in the process improvement
field, and on likely short term future developments which will
have implications for the whole industry.
Where, when and how to attend
The meeting will be held in Brighton, at the Bedford Hotel, on 12
October 1994, starting at 10.30 am, with registration from 10.00 am
onwards. The cost of this one day meeting will be L.165.50 which covers
lunch and refreshments during the day and includes L.60 Club membership
fee with L.10.50 VAT; if you are already a Club member the charge is only
L.90. If you would like to attend, please complete the tear-off slip
below and return with your remittance; early registration would be much
appreciated and may help to avoid disappointment. Maps and suggested
train times will be sent to registered delegates, who are responsible
for arranging their own accommodation (if required).
FOR FURTHER INFORMATION, CONTACT
Joan Atkinson, Centre for Software Reliability, Bedson Building,
University, Newcastle upon Tyne, NE1 7RU
Tel: 091 221 2222; Fax: 091 222 7995;
e-mail: csr@newcastle.ac.uk
The next Washington DC ACM Professional Development Seminar
series is scheduled for November 14 through November 18, 1994.
The following topics and presenters have been scheduled.
Monday, November 14
Mr. Allen S. Perper - Business Process Engineering/Reengineering
Mr. Will Tracz - Domain-Specific Software Architectures
-- Process, Products, and Infrastructure
Tuesday, November 15
Dr. Cy Svoboda - Information Engineering
Mr. Mike Gorman - Managing the Development
of Client/Server Applications
Wednesday, November 16
Mr. Ed Krol - The Whole Internet -- Archie, Veronica and
the Gopher Explore the World Wide Web
Mr. William Durell - Data Administration and Management
Thursday, November 17
Dr. Robert N.Charette - Profiting from Risk Management
Mr. Watts S. Humphrey - Personal Process Improvement
Friday, November 18
Dr. Robert S. Arnold - Legacy System Migration
Mr. Edward V. Berard - Testing Object-Oriented Software
In addition to the regular twice yearly seminar series, the WDC-ACM also hosts
a distinguished international lecturer. This year, Mr. Philip Zimmerman,
developer of the well known Pretty Good Privacy encryption algorithm, will
discuss Public Key Cryptography on Thursday November 10, 1994.
The seminar series and international known lecturer presentation are held at
the University of Maryland Adult Education Center on the campus near the
intersection of Adelphi Road and University Boulevard (Route 193).
REGISTRATION
Advance Walk-in Purchase
Category Cash, Cash, Orders
Check, Check, Training
Credit Card Credit Card Requests
ACM Chapter Member $170 $205 $230
Non-Member $175 $205 $230
Full-Time Student $ 80 $110 $230
Sr. Citizen $ 80 $110 $230
(age 60 or over)
Attendance at each course will be limited to the capacity of the
room being used (check with the ACM/PDC answering machine, (202)
462-1215, for availability). We are planning on using the
largest rooms available for Mr. Krol, Zimmerman and Humphrey.
Detailed registration information and assistance can be obtained
by calling Mrs. Nora Taylor at (301)229-2588.
| This page was copied from: | http://catless.ncl.ac.uk/Risks/16.31.html |
| COPY! | |
| COPY! | |
|
by Michael Blume |