Subject: RISKS DIGEST 15.78 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Friday 22 April 1994 Volume 15 : Issue 78 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for information on RISKS (comp.risks) ***** Contents: Computerized Traffic-Light Problems (Debora Weber-Wulff) Risks of winning (Stanley Chow) Computer Generates False Tsunami Warning in Japan (George Pajari) NYC subway fare cards double-deduct; UI at fault (Andrew Marc Greene) A consumer risk from Thomson Consumer Electronics Re: we trust calculators over ourselves (John Powell) Re: Risks ... to the quality of science (A. Padgett Peterson) Re: Risks of Data Compression (John Kennedy) Re: Math and money laundering (Erann Gat, Peter Wayner) Re: Information resource (Edward Reid) Re: Green Card Posting (Caveh Jalali, Ned Kittlitz, Mark Brader) Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. ---------------------------------------------------------------------- Date: 20 Apr 1994 15:51:25 GMT From: weberwu@tfh-berlin.de (Prof_Weber-Wulff) Subject: Computerized Traffic-Light Problems The Tagespiegel reports today (20 April 1994) on the new, computerized traffic light management system that the city installed at the large traffic circle Ernst-Reuter-Platz. The 1.8 million mark (1.1 million $) system went on line on Monday, and mastered the first wave of traffic well. After that, the traffic jams swelled to beyond normal proportions. Irate drivers complained by telephone and mail, but officials insisted that since it was now computer-controlled, it was okay. Apparently someone threatened legal action, and the city traffic board dispatched people with stopwatches to test the system. Sure enough, it was stuck in the early morning pattern, which was fine for handling inbound traffic, but disastrous in the afternoon rush hour. They have to go back to hand-switching the timing until they figure out what went wrong. Debora Weber-Wulff, Professorin fuer Softwaretechnik und Programmiersprachen Technische Fachhochschule Berlin, Luxemburgerstr. 10, 13353 Berlin, Germany ------------------------------ Date: Wed, 20 Apr 1994 10:57:00 -0400 From: "stanley (s.t.h.) chow" Subject: Risks of winning I just caught this on TV news last night: A person won two consecutive keno games in the Montreal Casino. Since this is considered extremely unlikely, the police have been called in to investigate. The two games should have paid $400K, but the winner has not yet been paid. He is instead doing the talk show circuit with how he analysed the numbers. Supposedly, in the history of Nevada, the Keno jackpot has only been won once, which made his winning back to back somewhat unlikely. This happened on the electronic keno and has been shut down. The mechanic game is carrying on. A one line comment by the reporter claimed that "a bug" in the computer repeated the sequence of number exactly every 4,000 games. This may be a case of someone picking a poor random number generator; but may well be the basis for police action. I understood that electronic slot machines are free running, merrily generating random numbers all day long, and pulling the lever merely selects the current number. This seems quite robust. Stanley Chow InterNet: schow@BNR.CA (613) 763-2831 Bell Northern Research Ltd., PO Box 3511 Station C, Ottawa, Ontario Me? Represent other people? Don't make them laugh so hard. ------------------------------ Date: Wed, 20 Apr 94 10:55:17 PDT From: George Pajari Subject: Computer Generates False Tsunami Warning in Japan RISKS readers will find this all too familiar... >From the April 19th, 1994 edition of NHK's "Today's Japan", broadcast on KCTS (Seattle's PBS affiliate) 0100h PDT April 20th (as remembered): Japan's weather bureau installed a new computer system for automatically generating tsunami warnings after earthquakes. The story implied that the machine was connected to various sensors around Japan and was configured to generate and communicate these warnings automatically. During installation testing simulated data was input to verify the operation of the system. Unfortunately the machine had already been connected to the system that communicates tsunami warnings to the government and media and no one disconnected this communications link when the tests were run. The predictable happened. The machine "detected" a potential tsunami, sent out the appropriate warning and at least two broadcast stations interrupted their normal programming to announce the impending tsunami. Obviously this caused some concern among the populace. The problem was detected five minutes after the warning was first communicated but this was still sufficient time for the the warning to be broadcast. pajari@Faximum.COM George Pajari / Faximum Software / Tel: +1 (604) 925-3600 / Fax: ... 926-8182 1497 Marine Drive, Suite 300 / West Vancouver, BC / Canada V7T 1B8 ------------------------------ Date: Fri, 22 Apr 1994 09:10 -0400 From: Andrew_Marc_Greene@frankston.com Subject: NYC subway fare cards double-deduct; UI at fault [Source: The New York Times, 22 Apr 1994, p. B2] The NYC subway has been introducing swipe cards which can be bought in five-ride increments. According to today's _Times_, citing an article in Thursday's _Newsday_, many riders are swiping improperly, causing a fare to be deducted from their card but not opening the turnstile. There's a display which instructs the rider to swipe again, but these are New Yorkers and have already decided to try another turnstile. Apparently, the designers anticipated this problem and put in a solution -- if you swipe again at the same stile it doesn't deduct a second fare -- but didn't anticipate that harried/hurried Nyawkas wouldn't stop to read the display. - Andrew Greene ------------------------------ Date: Thu, 21 Apr 94 17:05:33 XXT From: [a source within TCE] Subject: A consumer risk from TCE Thomson Consumer Electronics (TCE) is about to release a home entertainment product called the Digital Satellite Service (DSS) under the RCA brand. In short, this product is a small satellite dish (18" in diameter) that will allow customers to order video/audio programs from service providers. At this time the service providers are DirecTV (Hughes) and Hubbard (USSB). The system works as follows. Upon purchase of a DSS system, the customer will receive a "smart-card" and then subscribe to one or more service providers. The customer can then view programs and order pay-per-view programs. The smart-card controls and tracks all purchases made with the DSS system. Information stored includes programs purchased, whether or not the programs were viewed, and the time the programs were viewed. This information is then transmitted (via telephone) to the service provider for billing purposes. The RISK? The service providers have the ability to build large databases of information on household viewing habits (e.g., John Smith views adult movies every Wednesday night between 10:00pm and 11:00pm). This information could then be sold to direct marketing firms, etc. There are laws that prevent cable companies from selling or releasing an individual's subscription information, but, to the best of my knowledge, the service providers for DSS are under no such obligation. ------------------------------ Date: Fri, 22 Apr 94 09:54:55 PDT From: "John Powell" Subject: Re: we trust calculators over ourselves (Crawford, RISKS-15.76) I had a similar situation last year when leaving a super expensive garage in downtown Chicago. The rates were 22.00 for 7-9 hours, and 40.00 for 9-24 hours. I had been there 8 hours and 50 minutes (I obviously was watching the clock closely with these stakes). When the attendant ran my timecard through the computer, it came up with $40.00 as the rate. The next 10 minutes I caused a significant backup as I refused to pay $40 when the sign clearly stated the rate as 22. I got him to agree that the sign was right, and that I was there for less than 9 hours, but he still insisted that I owed him 40 ('cause the computer said so). I asked him to call a manager, he responded "I am the manager!!!!!". I spent the next several minutes describing to him the concept of rounding, and that the software obviously stunk and was written by thieves (or idiots or both). With these rates, the "thief" part was a given! After a while he got the message that I was not going to pay more than 22, and decided to let his office figure it out later. After I paid him the $22, I asked for a receipt. "I am sorry sir, but that is printed by the computer!!!". Another 2 minutes were spent figuring out how to write a manual receipt (which he had, but had never used!!). John Powell ------------------------------ Date: Wed, 20 Apr 94 08:14:59 -0400 From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson, Information Security) Subject: Re: Risks ... to the quality of science (Tobis, RISKS-15.77) >This issue was addressed in a remarkable essay by the eccentric and >curmudgeonly fluid dynamicist Clifford Truesdell. The essay is called "The >Computer: Ruin of Science and Threat to Mankind" Something I have been noticing for some time is the loss of capabilities along certain lines of thought due to the dominance of others. Actually the first evidence to me was when the hordes of Radio Shacks came out and all of the small shops disappeared. Suddenly it was difficult to find the "low volume" pieces amid the cheap plastic sound reproduction devices. Later I became involved in a study of magnetic amplifiers and discovered that research in this country had essentially died out around 1957. I suspect that the rise of the transistor and integrated circuit which made no provision for the "L" in a "RLC" circuit. Young electronic engineers look at me strangely when I ask if they have heard of "Eli the ice man." Think I'll hold onto my collection of steam engineering books 8*). > 5. Mathematics is the Science of Infinities. Computation is Essentially > Finite. I suspect this is the real threat. In all of the cases mentioned above, dominance of the field has resulted in a reduction of the field as promising technologies are shunted aside for reasons other than technological. In the mid 1800s Samuel Colt might not have achieved prominence if it were not for the Czar's purchase of the entire output of Smith & Wesson for several years. What if Motorola had not been inundated by orders for CPUs by General Motors in 1980 and the IBM-PC had been 68000 based with a 32 bit flat memory model ? What if CPM/86 had been available (PC-DOS was actually choice four of three)? Should we "Think of it as Evolution in action" or "blind chance" ? Padgett ------------------------------ Date: Thu, 21 Apr 1994 23:26:29 -0700 From: John Kennedy Subject: Re: Risks of Data Compression (Decker, RISKS-15.77) In a previous incarnation, I designed the graphical output of a weather radar system. As you can imagine, it was filled with concessions for the viewer's pleasure (mostly researchers, but some airports too). At best, the output was lossy. Take a float, run it through an algorithm, convert it to a signed byte (+/- 127), and scrunch that down until you had about 16 possible different colors, many of which were set to the same value (usually about 8 different colors total). Why? Storms were easy to spot, useful data crunching really couldn't be done with the eye because it was a slice through a cloud formation (particular in real-time PPI displays), etc. The expectations of researchers hadn't caught up with the physical & economic reality involved with the displays. The end result was easy to use picture that could tell you where the wind was moving, usually involving about 8 different colors, often with lots of empty space (clear days were very boring). This data would compress quite well without data loss. I wouldn't have expected anyone to match high (towards) and low (away) velocity colors since they could mean a great deal to a pilot, especially in a small plane, but you certainly wouldn't like being in either situation. The algorithms and noise present in the uncompressed data should warn anyone away from using the data too literally. You'd be surprised at the number of sites that planted a radar-blinding pole right by the dish, resulting in a large pie-shaped wedge taken out of every piece of data they ever generated. John Kennedy ; Communications Services; USENET admin ------------------------------ Date: Thu, 14 Apr 94 11:26:21 PDT From: gat@aig.jpl.nasa.gov (Erann Gat) Subject: Math and money laundering (Wayner, RISKS-15.75) The following two articles appeared immediately following one another in RISKS 15.75: >From: pcw@access.digex.net (Peter Wayner) >Subject: God Grants Granite Gift to RISKS Punsters >Subject: The Soft Pork Underbelly of Efficient Markets The first article was about the inability of mathematical models to deal with the hairy edges of reality in the financial markets. The second article was about a way to use the futures markets to launder money in a way that was (the author claimed) essentially untraceable. The irony of this juxtaposition is striking (so striking, in fact, that I am wondering if this is a coincidence or a masterful display of editorial subtlety) because the money-laundering scheme proposed by Peter Wayner won't work, despite the seemingly rock-solid mathematics that underlies it. Wayner proposes to use the zero-sum property of the futures market to transfer money from A to B through the use of balanced trades. A and B respectively buy and sell an identical futures contract and then wait until market volatility has caused A to lose (and B to gain) the amount of money to be transferred, at which point A and B simultaneously get out of the market. Some subtle clues leading to a reductio ad absurdum proof that this scheme is flawed can be found in the original text. For example, Wayner suggests that A and B use different brokers so that the coincidental trades will not be on the same set of books. So the scenario he proposes goes something like this: A and B agree to a symmetric trade to be liquidated when the market reaches some predetermined price point, at which point money will have effectively transferred from A to B. After the initial agreement, there is no further communication between A and B. In fact, neither has any way of knowing whether or not the other party has in fact executed their side of the bargain, and it doesn't really matter. B's financial position depends only on the state of the market, which is not affected by whether or not A is playing (assuming the amounts of money involved are not extremely large). In fact, B doesn't have to talk to A at all. There doesn't even have to be an A. B can just *pretend* that there is an A out there somewhere who has agreed to transfer money to B using Wayner's scheme, play the market, and make money. Or can he? The critical flaw in this scheme is in the following paragraph where Wayner describes (fleetingly) what happens when the market doesn't do what A and B expected it to: >Person B sells the contract so that if the market goes down, i.e., the wrong >way, then A and B together have lost no money. It's a zero sum. Now they just >have to play the game a bit longer or for stakes that are twice as high. You ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ >can think of the process as flipping a coin until you have encounter a heads. This little detail reveals this to be just another incarnation of a well known gambling system where bets are successively doubled on an even bet until you win. The problem with the scheme is that even a short run of losses requires a TREMENDOUS amount of capital to finance the exponentially increasing stakes required to stay in the game. In fact, you *can* make money using this scheme for a little while. The problem is that when you make money you don't make very much. When you eventually (and inevitably) encounter a long run of losses or unexpected market moves, you lose really big. Laundering money through electronic markets works only if you can reliably predict the direction of the market. If you can do that, you don't have to launder money. On this particular RISK I think we can all rest easy. Erann Gat gat@robotics.jpl.nasa.gov ------------------------------ Date: Tue, 19 Apr 1994 22:59:28 -0400 From: pcw@access.digex.net (Peter Wayner) Subject: Re: [gat@aig.jpl.nasa.gov (Erann Gat): Math and money laundering] Double or Doublecross? Your choice. First, forget about thinking like a mathematician, a gambler or an upstanding citizen of Wall Street. You are some guy A who wants to move money to some guy B and you want to do it in as untraceable a way as possible. You're willing to pay extra for something that looks respectable and guys on Wall Street look real respectable in their braces and bespoke suits. The old standbys, gold and gems, are fine, but they are hard to move safely. Plus you need an "explanation" for how you got them. Strange business contracts are okay, but they demand some sort of front operation which takes time and money to run effectively. So you turn to the futures market for the first try. Lets say you want to move n dollars. Luckily, both A and B have enough cash and borrowed funds on hand to sustain a loss of up to (2^i)n dollars. Let i=4 for the rest of this example, i.e. 16n dollars of loss reserves. In 15 out 16 times, the progressive doubling system will work. The transaction will be close to untraceable. The only way that anyone would be able to prove that the transaction occurred would be if they could assemble both trading records and then match the trades. This can be shielded very effectively by trading in different countries with different exchanges and relying on arbitrageurs to keep the markets in line, but it tends to cost much more in transaction noise. In 1 out of the 16 tries, things will go wrong. You might say they would go terribly wrong if you're a nervous criminal B who is afraid that A is going to doublecross him. Now A needs to get 16 n dollars fast. This is the big reason why A doesn't want to play the game alone or try and trick B into playing without A. If A mirrored the trades, the 16n dollars aren't in the pockets of a casino or the state lottery. They're just in A's pockets not B's. In reality, A and B are back where they were before futures markets were invented. They just need to move 16 times more money. Your reaction to this depends upon the marginal cost of going back to the old fashioned money laundering tricks. I think at this point you just take a bigger truck to haul the gold. You do some trades with Van Goghs and Rembrandts instead of Cassats or Sisleys. In general, many of the transaction costs for security and other stuff are pretty fixed. Just remember that auction houses like Southeby's try to take 10% commissions, but they can be negotiated to be much lower for expensive works. Exciting record breaking prices attract attention and news. The futures game is not perfect by any means. There _are_ transaction costs and problems in logistics. It works best if A+B can lock in exactly the same price on their trades. But when it is done, you can look at the world and say, "Gosh, I was completely at RISK! Thank God my Martingale scheme worked after all!" All the really smart mathematicians and sober IRS guys who never gamble because they know the odds will just accept it and think you're crazy to be doing this with your money. It comes with a built in insanity plea. So, if your going to do this, choose i to suit your cash/RISKS profile. If you have more cash available, then you have a better chance of success. But hey, that's life. ------------------------------ Date: Wed, 20 Apr 94 11:08:33 EDT(-0400) From: ed@titipu.resun.com (Edward Reid) Subject: Re: Information resource (RISKS-15.76) The message from Michael Enlow announcing an "information resource" is junk mail which apparently has been broadcast widely on the Internet. My wife and I both received copies of this message. Neither of us has expressed any public interest in the topics Enlow mentions. Melynda attempted to reply to the email, asking why it had been sent to her unsolicited; in reply she received a listing of information from a mailer daemon. I wrote the "From:" address in the header asking the same question and have received no reply. I suspect that it was sent to RISKS by accident, simply by picking up the submission address in some dragnet for email addresses. Enlow claims to be retired, but the listing sent by the "info" daemon lists two apparently active businesses. The info listing does not contain any advertising or solicitation. I have not retrieved any of the files listed, so I cannot comment on their value or on whether they contain advertising, except for one file which is clearly labeled as a catalog. The other files, from their titles, would appear to promote private investigation in general but not a specific business. Enlow's information resource may valuable, but I object to his use of junk email to publicize that resource. That fact that he did not reply to my individual request makes me suspect his motives. Edward Reid, PO Box 378, Greensboro FL ed@titipu.resun.com (normal) ------------------------------ Date: Tue, 19 Apr 1994 21:31:55 +0800 From: Caveh.Jalali@eng.sun.com (Caveh Jalali) Subject: Re: Green Card Posting [The 19 Apr 1994 New York Times Business Day section has a lengthy story entitled An Ad (Gasp!) in Cyberspace, by Peter H. Lewis, about the Green Card ad as its lead story. Here are some relevant details, via PGNed abstracting... For earlier details, see RISKS-15.76 and 77. PGN] Laurence A. Canter was quoted as saying, "We will definitely advertise on the Internet again. It appears to be a very profitable venture and a very viable vehicle for advertising a variety of things. I'm sure other businesses will be advertising on the network in the very near future." Jeff Wheelhouse, system administrator for Internet Direct, Inc., was quoted as saying. "They will not be back on our system," He also said he would not be deterred by Mr. Canter's threat to sue Internet Direct for $250,000 unless he is reconnected. "They crashed our computer about 15 times -- that's when we stopped counting -- because of the volume of incoming complaints," Mr. Wheelhouse said. "I lost an entire week dealing with this." Wheelhouse said Internet Direct would remain firm, despite Canter's threat to sue Internet Direct for $250,000 and restoration of their electronic mail privileges. That amount was what prompted Canter to say, "Conservatively, that's the amount of business we feel we will get out of this from the ad." "The Internet is changing," Mr. Canter said. "People don't like the invasion of what has been their private world. But as long as it's set up the way it is, where anyone has access to it, it's a public forum, and they have to accept anything that comes into it. "In fact," Mr. Canter added, "I've received a lot of calls from people who want to know how to do it." So pleased is he with the response, in fact, that he said he planned to write a book on how to advertise on the Internet. [However, this suggests a grand strategy. Run an offensive ad, get chopped off, and then sue for the profits you did not make. PGN] ------------------------------ Date: Wed, 20 Apr 1994 12:28:47 -0400 (EDT) From: Ned Kittlitz Subject: immigration posting overload and lawsuit [...] Rather than being wronged parties, it seems that C&S is flirting with a federal rap in the tradition of the Morris internet worm. An estimate of international expenditures of sysadmin time due to the C&S posting might be interesting. E. N. Kittlitz (kittlitz@sw.stratus.com, kittlitz@world.std.com) ------------------------------ Date: Wed, 20 Apr 1994 05:55:32 -0400 From: msb@sq.com Subject: Speaking of green cards The most fun response to the Green Card Flap that I saw was in rec.games.bridge, where someone said "I don't understand why this was posted here; in this newsgroup we're only concerned with red and black cards"! (There were followups, but you'd have to be into duplicate bridge to appreciate them.) ------------------------------ Date: 15 April 1994 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA) with SUBSCRIBE RISKS or UNSUBSCRIBE RISKS as needed. Users on US Military and Government machines should contact (Dennis Rears). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, send requests to (not automated). CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses to them. Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ARCHIVES: "ftp crvax.sri.comlogin anonymousYourName cd risks: Issue j of volume 15 is in that directory: "get risks-15.j". For issues of earlier volumes, "get [.i]risks-i.j" (where i=1 to 14, j always TWO digits) for Vol i Issue j. Vol i summaries in j=00. "dir" (or "dir [.i]") lists (sub)directory; "bye" logs out. CRVAX.SRI.COM = [128.18.30.65]; =CarriageReturn; FTPs may differ; UNIX prompts for username, password. WAIS and bitftp@pucc.Princeton.EDU are alternative repositories. risks-15.75 gives WAIS info. FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ------------------------------ End of RISKS-FORUM Digest 15.78 ************************