Subject: RISKS DIGEST 10.12 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Wednesday 27 June 1990 Volume 10 : Issue 12 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: 747-400 computer problems cause excess departure delays (Jon Jacky) Two 747-400 computers fail during landing approach; recall denied (Jon Jacky) Re: The A320's attacks of nerves (Robert L. Smith) Riskier Risks of Reading Risks (Michael Barnett) Re: "Unbreakable Math Code Finally Broken" (Y. Radai) Risks involved in DEC RA90 firmware upgrade procedure (Geoffrey Brunkhorst) Info on carpal tunnel syndrome (Andrea Frankel via Jim Meyering and Werner Uhrig) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line (otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM. TO FTP VOL i ISSUE j: ftp CRVAX.sri.comlogin anonymousAnyNonNullPW cd sys$user2:[risks]GET RISKS-i.j ; j is TWO digits. Vol summaries in risks-i.00 (j=0); "dir risks-*.*" gives directory listing of back issues. ALL CONTRIBUTIONS ARE CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. ---------------------------------------------------------------------- Date: Mon, 25 Jun 1990 17:33:41 PDT From: JON@GAFFER.RAD.WASHINGTON.EDU (Jon Jacky, University of Washington) Subject: 747-400 computer problems cause excess departure delays Here are excerpts from THE SEATTLE POST INTELLIGENCER, March 22, 1990, p. B7: BOEING TASK FORCE TACKLES PROBLEMS WITH THE 747-400 by Bill Richards After a year on the job, Boeing's newest jumbo jet, the 747-400, has piled up more mechanical delays at the departure gate than any of the company's jetliners since the first 747 went into service 20 years ago. Boeing officials said yesterday they knew about problems with two especially troublesome pieces of equipment --- a computerized power unit used to start the plane's engines and a computer that spots maintenance problems --- but decided to sell the jumbos anyway. ... (Boeing official Robert A.) Davis said the problem with the 400's engine power unit was caused by unusual sensitivity in the unit's digital monitoring system. If the plane switches from ground power to auxilliary power to engine power in the wrong sequence, the engines shut down and must be restarted, which results in a delay at the gate, he said. Boeing engineers were aware of the problem during the plane's flight tests, said Davis, but decided to maintain the plane's sales schedule and troubleshoot later. Boeing also discovered a problem with the plane's central maintenance computer during flight tests. The computer, which keeps track of equipment malfunctions in 75 separate systems when the plane is on the ground, was not "fully debugged" when Boeing began delivering its first 400's last year, Davis said. The 400's performance record lagged so badly behind previous jetliner models that the company formed a special task force last month to whip the plane into shape. Davis, who heads the task force, said the unit has started improving the 400's "dispatch reliability rate," the measure of how frequently the planes are delayed more than 15 minutes at the boarding gate because of mechanical malfunctions. Davis said none of the problems encountered in the 400 could cause the plane to be unsafe to operate. But Boeing has received complaints "across the board" from airlines that own the jetliner, Davis said. Boeing said it expects to cure the glitches in the 400 by making changes on its production line next month. ... So far, about 20 of the (57) 400's already in operation have been retrofitted since October. After the modifications, Boeing said, delays of the 400's due to mechanical problems dropped to almost zero. The 400's reliability rate is currently running at 94.5 percent. That compares with a reliability rate of about 97 percent for Boeing's 767, whch Davis said has "roughly the same technical elements" as the larger 400. Boeing, said Davis, had expected the 747-400 to parallel the 767's reliability rate. ... ------------------------------ Date: Mon, 25 Jun 1990 17:59:07 PDT From: JON@GAFFER.RAD.WASHINGTON.EDU (Jon Jacky, University of Washington) Subject: Two 747-400 computers fail during landing approach; recall denied Here are excerpts from THE SEATTLE TIMES, June 23, 1990, p. A11: BOEING DENIES RECALL OF JET SOFTWARE --- Associated Press Seattle --- A Boeing Co. spokeswoman yesterday denied a report by a Japanese news service that the aircraft manufacturer was recalling some cockpit computer software for its new 747-400 jumbo jets. ... Kyodo News Service reported that on April 3, a pair of flight management computers on a Japan Airlines 747-400 failed to function when the plane was preparing to land in Seoul. JAL officials would not confirm the reported Boeing recall, but said both flight management computers on the JAL plane briefly failed to function properly as the plane was approaching the South Korean airport. ... Kyodo, quoting unidentified industry sources, said yesterday that there was a programming problem in software for the 747-400's flight management computer, which controls such functions as navigation and flight planning. The sources said Boeing would replace the software with an improved version after receiving permission from the Federal Aviation Administration, Kyodo reported. ... "There has been no recall of FMC software," said Liz Reese, Boeing Commericial Airplane Group spokeswoman. Boeing is, however, in the process of issuing an updated version of the software, something it does about every six months as part of a regular plan for all 747-400 operators, she said. The scheduled upgrade is separate from another Boeing program to fix bugs that appeared in software for other 747-400 computer systems, Reese said. ... In addition to the FMC, other computers monitor such things as the aircraft's environment, engines and maintenance needs. ... (When) the new jumbo jet went into service last year, operators reported "really nagging, minor problems," with bugs in some computer software, Reese said. In some cases, the software was sending out "nuisance messages," or reporting problems that didn't exist, she said. Boeing formed the "747-400 Task Force" with the operators to correct the problems and has been sending out improved software to fix the bugs, she said. .... The 747-400, the world's largest passenger aircraft, is distinctive ... for its use of highly sophisticated computer systems that permit a flight crew of two, with no flight engineer. ... Introduction of the 747-400's was delayed from 1988 to early 1989. Boeing said it fell behind (...for various reasons, including) the plane's new electronic cockpit took longer than expected... ------------------------------ Date: Tue, 26 Jun 90 22:19:59 EDT From: Robert L. Smith Subject: Re: The A320's attacks of nerves I'm afraid Robert Dorsett is mistaken when he states "And nobody's crashed a 757/767 yet. . ." On July 23, 1983, a 767 operating as Air Canada Flight 143 crashed at Gimli, Manitoba. That crash may well have been a proper "risk" subject. It seems the plane ran out of fuel while at 41,000 feet because someone inputted the wrong fuel load quantity to one of the flight computers. This crash was well dramatized in "Freefall", by William and Marilyn Hoffer, St. Martin's Press, New York, 1983. rLs ------------------------------ Date: Tue, 26 Jun 90 11:42:11 CDT From: mbarnett@cs.utexas.edu (Michael Barnett) Subject: Riskier Risks of Reading Risks (Re: Dancy, RISKS-10.11) I understand Keith Dancey's complaint about the "labelling" of articles, and I appreciate that some of the articles are often outlandish enough to provoke disbelief in their veracity. But it seems as if one of the greatest risks facing us today is the loss of a sense of humor (as well as a sense of proportion). Without intending anything personal, I cannot conceive of anyone reading the original article without realizing it to be a joke. Save us from a world where everything is labelled in advance so we can decide in advance how to react! Mike Barnett, The University of Texas at Austin ------------------------------ Date: Wed, 27 Jun 90 15:54:14 +0300 From: Y. Radai Subject: Re: "Unbreakable Math Code Finally Broken" In RISKS 10.11 there appeared a Washington Post article beginning as follows: >Two mathematicians, working with hundreds of colleagues, announced yesterday >that they had broken a code viewed by many cryptographers and security experts >as virtually impenetrable. The feat, in which the mathematicians factored one >of the world's ``most wanted'' numbers, means that many security-minded >organizations will need to change their cryptographic systems to prevent >security breaches. I don't know if this is another case of deliberate distortion in order to make things sound sensational or a misunderstanding by a reporter who doesn't understand the subject. In any case, it's grossly inaccurate. According to experts in the field, what Lenstra and Manasse (the two mathematicians who organized the factoring project) actually did was to factor a 155-digit number HAVING A VERY SPECIAL PROPERTY, namely one that equals a^b + c where a and c are small (in this case a=2, b=512, c=1). The method used (a specialized version of the Number Field Sieve algorithm) does NOT apply to other numbers (which would be necessary in order to break a cipher such as RSA), and if another method, the Quadratic Sieve algorithm, were used, it is estimated that it would require 6.7 x 10^19 operations to factor a number of such length, which would take over 20 years if you had a machine which could perform 100 billion operations per second. So the statements that an impenetrable code has been broken and that organizations need to change their cryptographic systems because of this achievement seem a wee bit exaggerated. Y. Radai Hebrew Univ. of Jerusalem, Israel RADAI1@HBUNOS.BITNET ------------------------------ Date: Tue, 26 Jun 90 16:49:06 CDT From: gbb@woz.mayo.edu (Geoffrey Brunkhorst) Subject: Risks involved in the new DEC RA90 firmware upgrade procedure A reprize on the 'burning your bridges' method of software/hardware upgrades... Recently, a DEC software distribution required that all RA90 drives connected to an HSC (Hierarchical Storage Controller) were required to be at least at MicroCode Version MV10. Mine was at MV7 so I requested an DEC Field Service Service Call to replace the microcode. I was surprised to see that the this was really just software load off a special Zero Insertion Force slot on the RA90's console board. Just plug it in, hit the down-load command and the firmware is loaded (btw, the module was very sexy in its special plastic mount ;-). The FS person proceeded to do the download. It failed on the verify pass. Repeating the procedure generated the same result. The DEC FS person asked nicely if he could try the other R0A90 drive to see it would work there. I just as nicely said no, thank you. Since the procedure apparently erased the EEPROM containing the old microcode, the drive was essentially broke. DEC has neglected to provide a 'backup'. Old firmware revisions left you with the old chips, or a floppy (ala 11/780 WCS upgrades) that contained the original downloaded binary. This new procedure apparently was not thought to be 'risky'. Since it was 5pm, and the disk was a scratch disk, we went home for the evening, or so I thought. My FS person actually drove 2 hours to get the local DEC disk expert out of bed and down to the office to shake out the problem. He got home at 1am (confirmed. I happen to live next door to my FS person... sometimes handy, but our wives don't care for it that much ;-). DEC's drive people confirmed that the data path from the load module to the EEPROM does not have a non-destructive self-test, and probably in our case had a broken part somewhere along the path. The only quick fix was to send down a new board, with good firmware on it, and replace the other parts (console module, and data cable), and hope everything was fixed. The next morning we tried two boards. One 'old model' (fits only the RA90) did not fit (??). The new RA90/92 board, worked fine. Since there were at least 2 other parts that could cause the firmware load to fail, and the only way to test it was to risk destroying the working firmware with possibly no recovery (DEC couldn't be sure on that), I vetoed any further testing, in lieu of a more formal shakedown at some later date. I got to the required rev, albeit over 17 hours after the upgrade started. Given the amount of data on a RA90 (1.2 GB, 1.5+GB on a 92, which uses the same procedure/hardware), the amount of downtime it causes when a firmware load fails, it strikes me a a great risk to a) erase the eeprom first (given its nature, putting an equal amount of dram and downloading to that, and if successful, then loading to EEPROM would be a better solutions) and b) to not have a 'backup' to roll out the eeprom data (again, a dram, or at least a write command, which would essentially test the data transfer path in a nondestructive manner). Geoff Brunkhorst ------------------------------ Date: Wed, 27 Jun 90 09:40:34 CDT From: meyering@cs.utexas.edu (Jim Meyering) Subject: info on carpal tunnel syndrome (CTS) [Submitted via werner@cs.utexas.edu (Werner Uhrig)] A friend suggested I read the following message (once posted to the sci.med newsgroup). I think it should interest anyone who types a lot. One point the author does not mention is that the "force-depression curve" of your keyboard may also play a role. It is better to have a linear relationship between force and depression. But the keys on some keyboards require greater force to depress the first few millimeters than the last few. This gives what is sometimes hyped as "positive-touch" or something similar. The net result is that you have to press (relatively) hard to get over the "hump," then with the low resistance beyond it, your fingers bang into the base with more force than with "linear" keyboards. People have suggested that this sort of dynamic may aggravate or even induce CTS. Many of our HPs have this "nonlinear" keyboards. The keys on some Sun3 keyboards have become so sticky that they give the same effect. Jim Meyering meyering@cs.utexas.edu uunet!cs.utexas.edu!meyering ========= From: Andrea Frankel Carpal Tunnel Syndrome: This is a slightly edited reposting; apologies if you've seen it before, but many people who read this on an internal HP notes group have found it useful and asked for it to be more widely distributed. Disclaimer: I am not a doctor (but I sometimes play one on the Net ;@). This is from my own personal experience with the malady, supplemented by a little research and lots of talking to doctors and such. Carpal Tunnel Syndrome is being seen more and more frequently among the computer set (my neurologist jokingly refers to it as "hacker's hand"); when caught early, conservative treatment can completely cure it. However, if you let it go on long enough you can cause irreversible damage. If you have any question at all, PLEASE SEE A DOCTOR! Better safe than sorry. 1. The setup The bones in your wrist form a 3-sided tunnel, with the fourth side closed off by a very tough piece of cartilage. In this carpal tunnel run the tendons of the muscles which flex your fingers, as well as the very important median nerve which ennervates the thumb and the first two fingers. If something happens to cause the contents of the tunnel to swell, or to cause the tunnel itself to get smaller, the pressure exerted on the median nerve results in carpal tunnel syndrome. Pregnancy, sudden weight gain, drugs which cause water retention, and repetitive overuse (or abuse) which causes tendinitis in those flexor tendons, can all cause carpal tunnel syndrome. (I recently learned that hypothyroid condition can also cause CTS.) Positions where the wrist is bent back while being used really exacerbate the problem (e.g. bicycling with drop handlebars, if you are not careful about hand positioning). Other things can contribute as well - if you are doing carpentry in your spare time and twisting many screws by hand, for example. When you become aware of the problem, start becoming aware of both the wrist position and the stresses on it in various activities. The median nerve runs up the heel of the hand onto the palm, along the "life line". Direct repeated blows to this area can mimic or add to the carpal tunnel syndrome, and are often lumped in with it. Our HP keyboards are awful in this respect. Kayaking, bicycling, gardening without heavy gloves, all sorts of things can bang on this exposed nerve. 2. The symptoms and diagnosis Any or all of the following: pain, numbness, tingling, or sensations of fullness in the fingers, hands, or shooting up or down the arms. Quick test #1: make an "O" with thumb and forefinger, insert the thumb and forefinger of the other hand, and resist while trying to force the "O" apart with the other hand. The "O" should not come apart! Quick test #2 (Tinnel sign): place the backs of your hands together, bend each hand 90 degrees towards the inner wrist, fingers pointing down (forearms parallel to the floor, held out in front of you). =======oo========= key: === forearms || o wrists .. | metacarpals .. . fingers Press the backs of the hands together and hold for 30-60 seconds. If you start getting some numbness or tingling or pain, this is suspicious. Loss of grip strength is a sign that you may have a more advanced case. (I finally sought help when I was unable to open a can of tuna fish with a standard Swingline manual can opener.) I believe the best specialist for diagnosis is a neurologist. A neurologist will do nerve conduction studies, comparing rates of conduction above and below the wrist, and between hands. A good one will also do electromyography, to see if the muscles enervated by the nerve are firing properly or not. (As a techie, I was fascinated to watch the 'scopes while he poked me!) 3. The treatment Standard treatment is to start with the most conservative, least invasive approaches, and move up only if they don't help. The old RICE formula - rest, ice, compression, and elevation - is the place to start, but omit the compression as this is not a muscle strain. A wrist splint (basically a velcro-and-ace-bandage type of thing with a bent metal strip in it to hold the wrist in the right position) is worn at night for a month to see if it helps; it can also be worn during the day for stretches. (Do not make it tight - it is for positioning only.) In many cases, that plus correcting one's work habits is sufficient. Some people find that a month is all it takes; others use the splint at night for the rest of their lives, or off and on as needed. I still use mine occasionally when I've been overdoing it. It's also a good idea to wear it in situations where you might be tempted to do something silly (like lugging suitcases or lifting weights), both as protection and as a reminder to be careful. Non-steroidal anti-inflammatories (e.g. Motrin) are used, if it looks like inflammation is a major cause of the problem. Icing the wrist helps alot, both for the pain and the swelling. (Be aware that over-icing has a rebound effect as the body attempts to warm the area by increasing circulation. Best is to ice for 10-20 minutes max each time, leaving at least an hour between icings.) I keep a couple of the soft gel-type blue ice packs in a little fridge near my desk, so that I can ice several times a day if I need to. Bags of frozen peas work great (hit 'em a couple whacks on the counter to loosen them up, then pat the bag around your wrist so it conforms to the curves). For obvious reasons, jacuzzis (especially if you leave your arms in) will tend to make things worse. If water retention is a problem, you might try a mild OTC diuretic. (Women: it isn't uncommon for CTS symptoms to be worse during PMS time.) Also, simply elevating the wrist (for example, resting it on the back of a padded chair or car seat, or sleeping with your splinted wrist wresting next to your head on the pillow) can help relieve some of the discomfort at least temporarily by reducing the swelling. As a long-time fan of vitamins, minerals, and Prevention magazine, I of course asked my doctors about B6 as a treatment for CTS. Unfortunately, the original article reporting success from B6 treatment was not reproducible by other experiments. What's more, excessive doses of B6 (over 50 mg/day supplement to a normal diet) can actually cause peripheral neuropathy, mimicking some of the symptoms of CTS. My doctor said it wouldn't hurt if I wanted to take up to 50 mg/day, but since I had been taking that amount for quite some time for other reasons, he advised against increasing it. Some doctors go for cortisone injections, although mine cautioned that the carrier substance is not well absorbed, and can actually make the problem worse by increasing the fluid pressure in the tunnel. Your doctor will decide based on the type of CTS and how it is responding to other treatment (or not). The final stage is surgery. I had mine a few years ago; if you're facing it, I'd be glad to chat with you about it. The surgery itself was a piece of cake, taking maybe 10 minutes once I was fully prepped - very simply, they slit that piece of cartilage along the "life line" and onto the wrist, and it spreads apart before it heals up, making the tunnel larger. Instant relief, although the recovery and rehab takes a couple months. For those interested in such things, I talked them into skipping general anaesthesia in favor of a Bier Block, which worked splendidly - I was out of there and wolfing down antipasto and garlic bread an hour after surgery. A friend notes that not everybody who has had the surgery finds it a piece of cake. His advice would be to make sure you have absolutely the best doctors when it come to surgery on one's hands, with which I heartily concur! Hands are incredibly complex, considering all the different types of finely coordinated movement they are capable of (and all the muscles and nerves that requires). I would strongly recommend that you look for an orthopedic surgeon who is board certified in Hand Reconstruction Surgery - my scar is almost invisible, compared to some pretty horrific looking ones I've seen. (I asked the neurologist, who was really top-notch, to look through my CCN [preferred provider] booklet and recommend someone to me.) An orthopedic surgeon who handles a little bit of everything - shoulder tears, knee arthroscopy, back problems - probably won't be as good at carpal tunnel surgery as someone who spends their entire professional life specializing in the elbow down. For example, my surgeon stopped the surface cut at the first wrist fold, lifted the skin, and continued the surgery under the skin to minimize the scarring; other surgeons (who don't specialize in hand reconstruction surgery) often don't think to do that. It doesn't affect how effective the surgery is, but it sure makes a difference in how pretty your hand looks afterwards! 4. The progression The symptoms may come and go with heavy bouts of typing, bicycling, etc. When it gets really bad, it can hurt all the time or start aching spontaneously. In the early stages, relieving the pressure on the median nerve will quickly reverse the symptoms (in a matter of days to weeks). Untreated, the pressure on the nerve will eventually cause it to die back to the point of constriction. When this happens, the muscles atrophy. (The large adductor which forms the mound at the base of my thumb had shrunk to half its size by the time I was operated on.) If you don't catch it quickly at that point, the nerve sheaths (which the nerve had been inside before it died back) start to fray. This is bad news. If you have surgery while the sheaths are still intact, the nerve will grow back along the sheath (around 2 mm/day - you can actually track it!) and pretty much recover all of its connections and functions. I have a tiny patch less than 1/4" diameter on two finger tips which is numb, and otherwise have full function back. If the nerve sheaths have frayed, however, the nerve can't find its way back to make the right connections, and you're screwed. IF YOU THINK YOU MIGHT HAVE CARPAL TUNNEL SYNDROME, GET IT LOOKED AT *NOW*!!! Don't delay, or you might not make a full recovery. Workman's comp studies looking at prognosis for recovery give very low odds, based on most factory workers (who used to account for most of the CTS claims before computeritis hit) being too macho or too scared of losing their jobs to file a claim before it was too late. 5. Prevention The optimal position for your wrist is with the hand bent back just 20-30 degrees; you want the position where the front of your wrist makes a straight line with the first inch of the heel of the palm. Play with it a bit until you find the place where the wrist seems to be maximally "open", but without bending the hand back so far that you feel strain. Look down at your hands as you type - if you are dropping your wrists, you are at risk. Think about how they used to teach piano technique: an almost straight line along the back of the forearms, through the wrist, onto the back of the hand; fingers dropping down. (My sister's piano teacher used to place pennies on the back of her hands while she played, to teach keeping it level.) Practice typing that way, and instead of resting the heel of your hands on the edge of the keyboard when you're thinking or reading, rest them in your lap instead. I got a very nice padded wrist rest from a local office supply house, that allows me to rest my forearms or wrists while I type in this position; I have one under my 320 keyboard, and one for my Vectra. You can also improvise by taking a length of bubblewrap, rolling it up and securing the ends with rubber bands, then taping the roll to your desk in front of the keyboard. Warning: this padded wrist rest can actually make it worse for some people, if it distorts the normal typing motion or presses too hard against the wrist. I currently have a keyboard draw from Devoke (about $115) that has a full 6" height adjustment, slides in and out and swings to both sides. It mounts with two screws, and I have one in the "L" of my workstation table at work, and on the desk at home where I have my PC. This has made the most difference when my CTS flared up again (along with rest and splinting). Wear padded gloves for anything which might bang on your hands. Bicycling gloves with Spenco pads can be used for many things (I wear mine ice skating!). The Spenco pads are definitely superior to leather or other types when it comes to cushioning that area against shocks. (After the surgery, I was warned that the median nerve would always be a bit more exposed and sensitive, and it definitely made me a connoisseur of bicycling gloves!) Learn to back off when you realize you're about to lift or torque something heavy with your wrist bent. If you can't rethink the movement so you can keep your wrist straight, get help (person or tool)! p.s. Feel free to copy and distribute this to anyone who might be helped. I only request that you not delete anything, especially the disclaimer. Andrea Frankel, Hewlett-Packard (San Diego Division) (619) 592-4664 UUCP : {hplabs|nosc|hpfcla|ucsd}!hp-sdd!andrea USnail : 16399 W. Bernardo Drive, San Diego CA 92127-1899 USA ------------------------------ End of RISKS-FORUM Digest 10.12 ************************