University of Bielefeld -  Faculty of technology
Networks and distributed Systems
Research group of Prof. Peter B. Ladkin, Ph.D.
Back to Abstracts of References and Incidents Back to Root
This page was copied from:

Previous Issue Index Next Issue Info Searching Submit Article

The Risks Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 16, Issue 31

Tuesday 9 August 1994

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator


o Unda(u)nted exploration: DANTE II
o Denver "solves" hi-tech baggage handling problems
Lauren Weinstein
o Re: Squirrels again bring down Nasdaq
Joe Morris
Bob Frankston
o More than squirrels: Newbridge Networks
Bob Frankston
o Re: RISKs of electrical wiring
Lauren Weinstein
o Re: The Cult of Information
Steven Tepper
o Rapid Application Development (RAD)
Rebecca Mercuri
o Intel plant in Albuquerque
Phil Agre
o Madcap world of modern banking
Ross Anderson
o A330 Crash investigation report: Pilot error blamed for crash
Erik Hollnagel
o Workshop Announcements PDCS2 and SCSC
Barry Hodgson
o CSR Software Reliability & Metrics Club - Meeting Announcement
Pete Mellor
o Washington DC ACM Seminar
John Sheckler
o Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc.

Unda(u)nted exploration: DANTE II

"Peter G. Neumann" <>
Tue, 9 Aug 94 7:41:18 PDT
     The Dante II robot (successor to Dante I, whose fiber cable snapped only 21
     feet down into Mt Erebus in 1993) has been exporing the volcanic crater of Mt
     Spurr in Alaska, apparently with great success in gathering information in a
     human-risky environment after the 1992 eruption.  En route to the bottom,
     Dante II survived being hit by rocks and slopping through mud and snow; prior
     to its descent its satellite dish antenna was chewed on by a bear.  However,
     the last few days have provided grist for the RISKS mill as to what can go
     wrong going wrong.  Last Wednesday (3 Aug 1994) the robot lost power, and then
     its transmitter went dead.  On Thursday, a short-circuit (due to condensation)
     was fixed in a connector to the 1000-volt power and communications cable.  The
     robot then was able to begin its ascent (at three feet per minute).  On Friday
     night, the 1700-pound Dante II lost its footing when one of its eight legs
     malfunctioned, and it toppled over.  Plans are now afoot (no pun intended) to
     hoist it out by helicopter, or if that fails for a geologist (John Laskeivitch
     of the Alaska Volcano Observatory) to climb down and attach a tether -- using
     the knowledge obtained from Dante II that there are lots of rocks but that the
     expected hot gases are no longer present.  The robotic software seems to have
     functioned well throughout.  [SOURCES: PGN News Service from articles by
     Charles Petit in the San Francisco Chronicle, 4-5 Aug 1994, and AP items, 7
     and 9 Aug 1994.]

Denver "solves" hi-tech baggage handling problems

Lauren Weinstein < >
Thu, 4 Aug 94 23:40:23 PDT
     It looks as if the folks in Denver have figured out what they need to do to
     finally get their new airport open.  As you may recall, it has failed to open
     for quite sometime because the amazing, computer-controlled, $200 million
     baggage handling system simply doesn't work.  Nor does it appear that there is
     much hope of making it work quickly.  The more deeply the system is inspected,
     the more problems are found.
     Videos of the failing system under test are great fun to watch.  Bags being
     flung at carts that aren't where they're supposed to be, carts flying off
     tracks, bags flying through the air smashing into the ground, and so on.
     Quite a show.
     So how to open the airport?  Simple!  They've apparently decided to spend more
     bucks and build *another* baggage handling system--the conventional kind with
     conveyer belts.  After they build this new, old-style system, they'll finally
     be able to open the airport, which is currently losing something like $1
     million/day just sitting there.
     The plan is to shift back to the computerized system when (if?) they get all
     the bugs out of it.

Re: Squirrels again bring down Nasdaq (Neumann, RISKS 16.30 )

Joe Morris <>
Tue, 02 Aug 94 12:15:04 -0400
     >Nasdaq once again was shut down by an energetic squirrel ...
     To many people interested in commercial power (including computer center
     managers such as yours truly was at one time) the word "squirrel" is often
     defined as "a self-propelled short circuit".
     Joe Morris / MITRE

Re: Squirrels again bring down Nasdaq

Sat, 6 Aug 1994 14:54 -0400
     There was a followup article (which I don't have handy) in the times noting
     that this the outage caused trade reconciliation algorithms to fail.
     A general problem is cascading failures when interacting timeouts start going

More than squirrels: Newbridge Networks

Mon, 8 Aug 1994 14:20 -0400
     Squirrels aren't Nasdaq's only problem. According to an article in New York
     Times, there are also some race conditions in their procedures.
     The article describes attempts to stop trading in Newbridge Networks stock.
     Apparently the attempt to stop trading was entered at 9:32 instead of 9:30 due
     to an error entering a command. Many options (more highly leveraged than
     shares) got through and were confirmed. They were retroactively cancelled.
     There are two basic problems. One, as the article noted, is that a 
     confirmation is not a confirmation. The other is the contrast between human 
     speeds and computer speeds. Two minutes is a very very long time.

Re: RISKs of electrical wiring

Lauren Weinstein < >
Tue, 2 Aug 94 11:01 PDT
     Regarding the electrician who blew out some equipment by dropping the neutral
     from a circuit, causing a power leg to go to around 220V (about double the
     North American standard of ~117V).  One might suggest that (even though it can
     be inconvenient) turning *off* the power to areas that could be directly
     affected by ongoing electrical work would be a simple and mandated procedure.
     No fancy protective gear is needed in this case.  Just turn off the breakers
     until the work is done.

The Cult of Information (RISKS-16.30)

Steven Tepper < >
Tue, 2 Aug 94 14:41:50 PDT
     > Roszak, in this book, is not attacking the idea of computerization
     He already did that in a novel called "Bugs".

Rapid Application Development (RAD)

Rebecca Mercuri < >
Fri, 5 Aug 1994 17:49:27 +0500
     I am writing an article on Rapid Application Development (RAD) and would like
     to include a risky horror story or two, if anyone has one they want to share.
     If you can BRIEFLY describe a project where RAD techniques were used to
     develop a system or software which resulted in quantifiable losses (in terms
     of time, money, etc.) to an individual or organization, I will consider
     quoting you (with proper citation of course). The anecdote must be traceable
     to an organization or individual involved (there can be some anonymity, but
     some person or group must be identifiable so the story can be verified).
     Please send replies DIRECTLY to
     Sorry, I don't have time to address other matters (like "what is RAD?" -- if
     you don't know then you probably weren't using it).
     BTW, I'm especially interested in projects where an outside consulting team
     came in, used RAD, developed something and left it either unfinished,
     undocumented, untested, and/or unsupportable. Hope someone wants to go on
     the record with their experience(s).
     Thanks in advance, Rebecca Mercuri

Intel plant in Albuquerque

Phil Agre <>
Fri, 5 Aug 1994 16:27:24 -0700
     The SouthWest Organizing Project is engaged in a campaign against the Intel
     chip fabrication plant in Albuquerque, New Mexico.  They allege excessive
     water use, chemical hazards to workers, and large expenditures of public funds
     for small numbers of jobs for local people.  Their report is available from
     them (US$10 plus $1.50 p/h) at SWOP, 211 10th St SW, Albuquerque NM 87102,
     Phil Agre, UCSD

Madcap world of modern banking

Sun, 7 Aug 1994 16:36:01 +0100
     The Sunday Times reports on 7th August that one of its readers in
     Hertfordshire, England, paid a cheque for a thousand pounds into her account
     with Barclays Bank in June. The cheque bounced, and Barclays did not credit it
     to her account; but for no reason they also removed a further thousand,
     causing her to go overdrawn.
     After writing letters and waiting for weeks, she got a letter from Barclays
     explaining that the loss was ``a quirk in our accounts processing system which
     is effectively debiting twice the amount of a customer's unpaid in cheque''.
     It goes on: ``Your helpful comments are valuable to us in prioritising the
     resolution of difficulties such as those experienced by you''.
     I suspect that many firms only fix software bugs when enough 
     customers have complained about them. But how many make a virtue 
     out of it?
     Ross Anderson  Cambridge University Computer Laboratory

A330 Crash investigation report: Pilot error blamed for crash

Erik Hollnagel HRA <>
Fri, 05 Aug 1994 10:45 +0200
        [Erik provided an article from the U.K. *Times*, 3 Aug 1994, p.7, which
        is omitted here.  The article noted confusion on the flight deck and 
        three seconds of hesitation by a tired chief pilot as being responsible 
        for seven deaths on the test-flight takeoff of an Airbus A330.  PGN]
     My comment is that in the absence of an obvious single fault in the hardware
     (which in this case mostly is software) the default explanation is "human
     error". It looks rather as if the combination of automation, ill-defined
     tasks, and an unsupportive organisation were the real causes. But I would not
     expect Airbus to ever acknowledge that.
     Erik Hollnagel, Technical Director, Human Reliability Associates Ltd.,
     School House, Higher Lane, Dalton, Lancs. WN8 7RP, UK   +44.257.463.121

Workshop Announcement

Barry Hodgson <>
Wed, 3 Aug 1994 16:16:28 +0000
     PDCS2 2nd Open Workshop         Safety-Critical Systems Club
     (Predictably Dependable
     Computing Systems 2)    &       14th Meeting and Seminar on
                                     New Technologies
     Newcastle upon Tyne             Leeds
     19-21 September 1994            22-23 September 1994
     The issues addressed by the PDCS2 research project and SCSC members are
     closely related.  It is because of this, and the geographic proximity of
     the locations, that we hope to facilitate attendance, by interested
     parties, to both events.
     PDCS2 2nd Open Workshop
     The 2nd Predictably Dependable Computing Systems (PDCS2) Open Workshop will
     be held on 19-21 September, at the University of Newcastle upon Tyne,
     starting at 2.00 p.m. (with registration and lunch from 12.30 p.m.).
     The PDCS2 Workshop will comprise technical presentations of the year's
     work.  There will also be demonstrations of prototype software and systems
     developed by the project. Further details are provided in the preliminary
     programme shown below.
     PDCS2 builds on, and takes significantly further, the work of ESPRIT Basic
     Research Action PDCS on the problems of making the process of designing and
     constructing adequately dependable computing systems much more predictable
     and cost-effective than at present.  In particular, it addresses the
     problems of producing dependable distributed real-time systems and
     especially those where the dependability requirements centre on issues of
     safety and/or security.  The research programme is concentrated on a number
     of carefully selected topics in fault prevention, fault tolerance, fault
     removal and fault forecasting.  It ranges in nature from theoretical to
     experimental and in a number of cases the acquisition or implementation, in
     prototype form, of software tools, and their experimental interconnection.
     SCSC 14th Meeting and Seminar on New Technologies
     The 14th meeting of the Safety-critical Systems Club will be held on 22-23
     September at The Marriott Hotel in Leeds, starting at 10.00 a.m. with
     registration and coffee from 9.30 a.m.  On Thursday 22 September the theme
     will be "New Technologies for Safety-critical Systems" and the programme
     will address the application of technologies such as formal methods, neural
     networks, knowledge based systems, and robotics to the safety critical
     domain, enquiring into their readiness for this role, and examining actual
     experience.  On Friday 23 September the event will focus on "Introducing
     Formal Techniques" and will provide an overview presentation on how to
     manage the introduction of formality, together with talks describing real
     case histories.
     The Safety-critical Systems Club was formed in 1991 with support from the
     DTI and SERC.  It provides a regular forum for presentations and
     interaction on a wide range of topics concerning the use of computing
     systems in safety-critical applications.  The majority of participants are
     practitioners and users of such systems, but developers and research
     workers are also represented in the membership of almost 2,000.  Each year
     the club holds a series of meetings and seminars, circulates a regular
     newsletter and organises a three day conference on the theme of
     safety-critical systems.
     PDCS2 - ESPRIT Basic Research Project 6362
     Predictably Dependable Computing Systems
     19-21 September 1994
     University of Newcastle upon Tyne
     12.30-14.00     Registration and Lunch
     14.00-14.15     INTRODUCTION
                     Brian Randell (Univ. Newcastle)
     14.15-15.45     FAULT PREVENTION &
                     A Systematic Approach for the Analysis of Safety
                     Requirements for Process Control Systems
                             -  Tom Anderson
     (Univ. Newcastle)
                     A TTP Solution to an Automotive Control System
                             - Hermann Kopetz (TU Wien)
     15.45-16.10     COFFEE
     16.10-18.00     DEMONSTRATIONS
     - - -
     10.30-11.00     COFFEE
                     Implementing Fault-tolerant Applications: an
                     approach based on reflective object-oriented
                             - Jean-Charles Fabre (LAAS-CNRS, Toulouse)
                     Object-Oriented Environmental Fault Tolerance
                             - Cecilia Calsavara (Univ. Newcastle)
     12.30-14.00     LUNCH
                     Engineering Judgement about Dependability: pitfalls
                     and defences
                             - Lorenzo Strigini (CNR, Pisa)
                     Availability Bounds for Large Markovian Models of
                     Fault Tolerant Systems
                             - Pierre-Jacques Courtois (UC Louvain)
     15.30-16.00     COFFEE
     16.00-18.00     DEMONSTRATIONS
     20.00           WORKSHOP BANQUET
     - - -
                     Software Reliability Analysis of Three Successive
                     Generations of a Switching System
                             - Karama Kanoun (LAAS-CNRS, Toulouse)
                     Relativistic Reliability Modelling for Highly
                     Reliable Systems
                             - Bernard de Neumann (City Univ., London)
     10.30-11.00     COFFEE
                     Comparison of Two Fault Injection Techniques
                     Supported by the MEFISTO Tool
                             - Marcus Rimen (Chalmers UT, Goeteborg)
                     Comparison and Integration of Three Diverse
                     Physical Fault Injection Techniques
                             - Johan Karlsson (Chalmers UT, Goeteborg)
     12.30-14.00     LUNCH
                     Including closing address
                     by Jean-Claude Laprie (LAAS-CNRS, Toulouse)
     Dept. of Computing Science, Claremont Tower, University of Newcastle,
     Newcastle upon Tyne, NE1 7RU, UK
     EMAIL =   PHONE = +44 91 222 7948
     FAX = +44 91 222 8232

CSR Software Reliability & Metrics Club - Meeting Announcement

Pete Mellor <>
Tue, 9 Aug 94 13:40:05 BST
                         Software Reliability & Metrics Club
                         announces its forty-second meeting,
                    to be held at Brighton on 12th October 1994,
                                    a seminar on
                             ||  Process Improvement  ||
     Learn from the practitioners
     The morning session will be devoted to talks by leading experts in the
     increasingly important field of software process improvement, dealing
     with significant practical issues:
        *  How to measure software process improvement
        *  Identifying opportunities for process improvement
        *  Defining and describing processes
        *  Reasoning about process effectiveness
        *  Achieving and quantitatively demonstrating improvement
     Explore the key issues
     After meeting with their peers over lunch, groups of delegates will work
     together, sharing their collective experience, and discussing some of
     the topical issues in the field of process improvement:
        *  Bottom-up or top-down?
        *  How to get started
        *  Which comes first - the process or measurement?
     Delegates are encouraged to suggest other topics for discussion in this
     part of the meeting; to do so, fill in the relevant part of the tear-off
     slip on the next page.  The working session will be followed by reports
     back to the main meeting, and an open discussion of the issues raised.
     Discover the future
     Following informal discussion over tea, the final session of the day
     will be led by one of the key players in determining the future
     development of this important field.  This perspective will be important
     for all who are planning to be, or are already, involved in the software
     process improvement area.
     Who should attend
     This meeting is aimed at anyone with a professional interest in
     improving software development processes, including:
        *  software engineers, project managers and quality personnel wishing
           to learn about the practice of process improvement
        *  experienced process improvers who wish to broaden their knowledge
           and keep in touch with the latest developments
        *  researchers wishing to learn from the practical application of
           process improvement ideas.
     Why you should attend
     The benefits of attendance at this meeting include:
        *  exposure to the practical experience of other professionals who
           have successfully applied software process improvement within
           their companies and for the benefit of their clients
        *  opportunities to share your experiences and problems with other
           professionals, both during the formal sessions and informally
           during the breaks
        *  updating on the practice of the leaders in the process improvement
           field, and on likely short term future developments which will
           have implications for the whole industry.
     Where, when and how to attend
     The meeting will be held in Brighton, at the Bedford Hotel, on 12
     October 1994, starting at 10.30 am, with registration from 10.00 am
     onwards.  The cost of this one day meeting will be L.165.50 which covers
     lunch and refreshments during the day and includes L.60 Club membership
     fee with L.10.50 VAT; if you are already a Club member the charge is only
     L.90.  If you would like to attend, please complete the tear-off slip
     below and return with your remittance; early registration would be much
     appreciated and may help to avoid disappointment.  Maps and suggested
     train times will be sent to registered delegates, who are responsible
     for arranging their own accommodation (if required).
           Joan Atkinson, Centre for Software Reliability, Bedson Building,
           University, Newcastle upon Tyne, NE1 7RU
           Tel:  091 221 2222;  Fax:  091 222 7995;

Washington DC ACM Seminar

John Sheckler, ATSC, 301/805-3258 < >
4 Aug 1994 12:20 EST
     The next Washington DC ACM Professional Development Seminar 
     series is scheduled for November 14 through November 18, 1994.  
     The following topics and presenters have been scheduled.
     Monday, November 14
         Mr. Allen S. Perper      -    Business Process Engineering/Reengineering
         Mr. Will Tracz           -    Domain-Specific Software Architectures
                                        -- Process, Products, and Infrastructure
     Tuesday, November 15
         Dr. Cy Svoboda           -    Information Engineering
         Mr. Mike Gorman          -    Managing the Development
                                       of Client/Server Applications
     Wednesday, November 16
         Mr. Ed Krol              -    The Whole Internet -- Archie, Veronica and 
                                       the Gopher Explore the World Wide Web
         Mr. William Durell       -    Data Administration and Management
     Thursday, November 17
         Dr. Robert N.Charette    -    Profiting from Risk Management
         Mr. Watts S. Humphrey    -    Personal Process Improvement
     Friday, November 18
         Dr. Robert S. Arnold     -    Legacy System Migration
         Mr. Edward V. Berard     -    Testing Object-Oriented Software
     In addition to the regular twice yearly seminar series, the WDC-ACM also hosts
     a distinguished international lecturer.  This year, Mr. Philip Zimmerman,
     developer of the well known Pretty Good Privacy encryption algorithm, will
     discuss Public Key Cryptography on Thursday November 10, 1994.
     The seminar series and international known lecturer presentation are held at
     the University of Maryland Adult Education Center on the campus near the
     intersection of Adelphi Road and University Boulevard (Route 193).
                          Advance      Walk-in         Purchase
     Category             Cash,        Cash,           Orders
                          Check,       Check,          Training 
                          Credit Card  Credit Card     Requests
     ACM Chapter Member   $170         $205            $230
     Non-Member           $175         $205            $230
     Full-Time Student    $ 80         $110            $230
     Sr. Citizen          $ 80         $110            $230
     (age 60 or over)
     Attendance at each course will be limited to the capacity of the 
     room being used (check with the ACM/PDC answering machine, (202) 
     462-1215, for availability).  We are planning on using the 
     largest rooms available for Mr. Krol, Zimmerman and Humphrey.  
     Detailed registration information and assistance can be obtained 
     by calling Mrs. Nora Taylor at (301)229-2588.

Previous Issue Index Next Issue Info Searching Submit Article

Report problems with the web pages to
This page was copied from:
Last modification on 1999-06-15
by Michael Blume