RISKS-LIST: Risks-Forum Digest Monday 29 April 2019 Volume 31 : Issue 21

ACM FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <http://www.risks.org> as
<http://catless.ncl.ac.uk/Risks/31.21>
The current issue can also be found at
<http://www.csl.sri.com/users/risko/risks.txt>

Contents:
Russian hackers were in position to alter Florida voter rolls (Rubio))
National Security Council cyberchief: Criminals are closing the gap with
nation-state hackers (Cyberscoop)
Cryptocurrencies shed $10 billion in an hour on worries over 'stablecoin'
tether (CNBC)
City of Chicago Almost Lost More Than $1 Million In Phishing Scam (CBS) Invisible Malware Is Here and Your Security Software Can't Catch It (PCMag) Using side-channel attacks to detect malware? (Science Daily)
Man guilty for using "USB Killer" against college computers (DoJ)
A 'Blockchain Bandit' Is Guessing Private Keys and Scoring Millions (WiReD) Japan Has a New Emperor. Now It Needs a Software Update. (NYTimes)
Japan develops app that yells 'stop' to scare off molesters
(The Straits Times)
NSA wants to stop drinking from the fire hose (Naked Security)
Don't get phished (The Straits Times)
"Why I've learned to hate my Apple Watch" (Evan Schuman)
Virtual dress-up website settles with the FTC following data breach
(The Verge)
Docker Hub Breached, Impacting 190,000 Accounts (E-Week)
Apple Cracks Down on Apps That Fight iPhone Addiction (NYTimes)
Marathon training risk over fitness trackers that 'can't be trusted' to
measure distance (Telegraph.co.uk)
In Australia, hacked Lime scooters spew racism and profanity (WashPost)
The invisibility pic ... (Rob Slade)
Travis in IEEE Spectrum on Boeing 737 MAX MCAS software (Peter B Ladkin)
Re: How the Boeing 737 Max Disaster Looks to a Software Developer
(Dan Jacobson, Thomas Koenig)
Re: Is curing patients, a sustainable business model? (Martin Ward,
Martin Ward)
Re: Should AI be used to catch shoplifters? (Antonomasia)
Re: How *not* to kill a news cycle ... (Dan Pritts)
Re: Battle for .amazon Domain Pits Retailer Against South American
(Dan Jacobson)
Re: A video showed a parked Tesla Model S exploding in Shanghai
Re: Huawei's code is a steaming pile... (Richard Stein, Martin Ward)
Re: EU Tells Internet Archive That Much Of Its Site Is 'Terrorist Content'
(TechDirt)
Re: An Interesting Juxtaposition (Wol)
Abridged info on RISKS (comp.risks)

----------------------------------------------------------------------

Date: Sun, 28 Apr 2019 11:43:35 PDT
From: "Peter G. Neumann" <neumann@csl.sri.com>
Subject: Russian hackers were in position to alter Florida voter rolls (Rubio)

https://www.nytimes.com/2019/04/26/us/florida-russia-hacking-election.html

------------------------------

Date: Fri, 26 Apr 2019 14:53:27 -1000
From: the keyboard of geoff goodfellow <geoff@iconia.com>
Subject: National Security Council cyberchief: Criminals are closing the
gap with nation-state hackers (Cyberscoop)

EXCERPT:

Cybercriminals are catching up to nation-states' hacking capabilities, and
it's making attribution more difficult, the National Security Council's
senior director for cybersecurity policy said Thursday.

``They're not five years behind nation-states anymore, because the tools
have become more ubiquitous,'' said Grant Schneider, who also holds the
title of federal CISO, at the Security Through Innovation Summit presented
by McAfee and produced by CyberScoop and FedScoop.

Schneider told CyberScoop that he thinks the implants cybercriminals are
using in their cyberattacks have been improving. ``The actual sophistication
of the tool is better with criminals than we saw in the past.''

Steve Grobman, the chief technology officer for McAfee, told CyberScoop
that advanced crooks are behaving more corporately, which means they are
able to proliferate higher-quality hacking tools.

``One of the things we're seeing on the business-model side is
cybercriminals are starting to use innovative processes like franchises -- affiliate groups where a cybercriminal will develop technology [and] make it available to other cybercriminals,'' he said...

https://www.cyberscoop.com/cybercriminals-nation-state-tools-grant-schneider/

------------------------------

Date: Fri, 26 Apr 2019 11:11:48 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Cryptocurrencies shed $10 billion in an hour on worries over
'stablecoin' tether (CNBC)

<https://www.cnbc.com/2019/04/26/cryptocurrency-bitcoin-price-falls-on-ny-ag-bitfinex-probe.html%3F__source%3Diosappshare%257Ccom.apple.UIKit.activity.Mail

What could go wrong?<https://itunes.apple.com/us/app/cnbc/id398018310

------------------------------

Date: Fri, 26 Apr 2019 12:58:58 -0400
From: =?UTF-8?Q?Jos=C3=A9_Mar=C3=ADa_Mateos?= <chema@rinzewind.org>
Subject: City of Chicago Almost Lost More Than $1 Million In Phishing Scam
(CBS)

https://chicago.cbslocal.com/2019/04/18/chicago-department-of-aviation-phishing-scam/

The City of Chicago's Department of Aviation thought it was paying an
approved vendor more than $1 million for services earlier this year.

[...] According to a police report recently obtained by The 2 Investigators, the Department of Aviation received an email Jan. 24 from what appeared to
be a city-approved vendor, Skyline Management.

The company has been paid more than a quarter of a billion dollars —- $284,628,921.17 -– for custodial services at Midway International Airport
and O'Hare International Airport since 2008, city documents show.

The email requested that Skyline's account payable information be changed
from US Bank to Wells Fargo Bank.

The request was referred to the city comptroller's office to make the
change, which is routine procedure, according to the report. The change was made, and less than a month later, the city paid the updated account $1,150,759.82 for services.

But in a call to the Department of Aviation weeks later, Skyline Management stated they had not received a payment for their services. That’s when the discovery was made: Skyline never requested an account change.

------------------------------

Date: Fri, 26 Apr 2019 13:44:54 -0400
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Invisible Malware Is Here and Your Security Software Can't Catch It
(PCMag)

Unfortunately, there's not much you can do to protect existing machines.
"You need to replace critical servers," Knight said, adding that you will
also need to determine what your critical data is and where it's running.
... Knight added that the only way for most companies to avoid the problem
is to move their critical data and processes to the cloud, if only because cloud service providers can better protect against this kind of hardware attack. "It's time to transfer the risk," she said. And Knight warned that,
at the speed things are moving, there's little time to protect your critical data. "This is going to get turned into a worm," she predicted. "It will
become some sort of self-propagating worm." It's the future of cyberwarfare, Knight said. It won't stay the purview of state-sponsored actors forever.

https://www.pcmag.com/article/367947/invisible-malware-is-here-and-your-security-software-cant-c
[sic! if that does note work, browse on the subject line. PGN]

Of course -- replace all servers AND move everything critical to cloud.
Easy solutions...

------------------------------

Date: Sat, 27 Apr 2019 11:59:45 -0700
From: Rob Slade <rmslade@shaw.ca>
Subject: Using side-channel attacks to detect malware? (Science Daily)

If there's an anomaly in power consumption for your device or embedded
system it could be infected with malware. https://www.sciencedaily.com/releases/2019/04/190425115621.htm

It's a variation of the long-standing change detection (or "integrity" monitoring) type of malware detection. I suspect it has a ways to go, but
it is an interesting idea ...

------------------------------

Date: Fri, 26 Apr 2019 12:05:11 -0400
From: danny burstein <dannyb@panix.com>
Subject: Man guilty for using "USB Killer" against college computers (DoJ)

Akuthota admitted that on February 14, 2019, he inserted a "USB Killer"
device into 66 computers, as well as numerous computer monitors and computer-enhanced podiums, owned by the college in Albany. The "USB Killer" device, when inserted into a computer's USB port, sends a command causing
the computer's on-board capacitors to rapidly charge and then discharge repeatedly, thereby overloading and physically destroying the computer's USB port and electrical system. [DOJ press release]

https://www.justice.gov/usao-ndny/pr/former-student-pleads-guilty-destroying-computers-college-st-rose

------------------------------

Date: Wed, 24 Apr 2019 14:31:39 +0000 (UTC)
From: Bill Meacham <bmeacham98@yahoo.com>
Subject: A 'Blockchain Bandit' Is Guessing Private Keys and Scoring Millions
(WiReD)

Your bitcoin wallet may not be as secure as you think it is ... A
'Blockchain Bandit' Is Guessing Private Keys and Scoring Millions https://www.wired.com/story/blockchain-bandit-ethereum-weak-private-keys/
... researchers not only found that cryptocurrency users have in the last
few years stored their crypto treasure with hundreds of easily guessable private keys, but also uncovered what they call a "blockchain bandit." A
single Ethereum account seems to have siphoned off a fortune of 45,000 ether
-- worth at one point more than $50 million -- using ... key-guessing
tricks.

... the odds of guessing a randomly generated Ethereum private key is 1 in
115 quattuorvigintillion. (Or, as a fraction: 1/2256.) That denominator is
very roughly around the number of atoms in the universe. ... But as he
looked at the Ethereum blockchain, Bednarek could see evidence that some
people had stored ether at vastly simpler, more easily guessable keys. The mistake was probably the result, he says, of Ethereum wallets that cut off
keys at just a fraction of their intended length due to coding errors, or
let inexperienced users choose their own keys, or even that included
malicious code, corrupting the randomization process to make keys easy to
guess for the wallet's developer.

------------------------------

Date: Wed, 24 Apr 2019 09:55:29 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Japan Has a New Emperor. Now It Needs a Software Update. (NYTimes)

It isn't exactly Y2K, but the country is scrambling to reconcile its systems with the ancient demands of an imperial calendar.

https://www.nytimes.com/2019/04/23/business/japan-reiwa-calendar.html

------------------------------

Date: Mon, 29 Apr 2019 10:08:16 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Japan develops app that yells 'stop' to scare off molesters
(The Straits Times)

https://www.straitstimes.com/asia/japan-develops-app-that-yells-stop-to-scare-off-molesters

"The Metropolitan Police Department in Tokyo has developed a free smartphone app that can help scare off would-be molesters as well as activate a
security alarm. Dubbed the Digi Police, the app has been downloaded more
than 220,000 times so far. A smartphone voice would shout `stop!' when a
Digi Police user activates one of the app's functions to stymie molesters."

Risks: Accidental/unintentional invocation, malicious activation to dilute/distract police resources. No backup if you have a sore throat and a flat battery.

------------------------------

Date: Fri, 26 Apr 2019 12:07:00 -0700
From: Rob Slade <rmslade@shaw.ca>
Subject: NSA wants to stop drinking from the fire hose (Naked Security)

In the beginning was the 9/11. (Well, actually, in the beginning was the
first crypto war, back in the 90s, but ...) And the government said, let
there be the PATRIOT Act (Providing Appropriate Tools Required to Intercept
and Obstruct Terrorism). And there was all kinds of warrantless activity.
And the government said, let there be warrantless collection of data about international (and some local) emails and phone calls. And there was bulk metadata collection, and metadata became a new "thing."

And ever since, the NSA has been collecting huge amounts of data, most of
which doesn't indicate much of anything. Remember cost/benefit analysis?
Well, now the NSA wants to stop doing it. Or, at least, stop doing most of
it. Because it's just not worth it. https://nakedsecurity.sophos.com/2019/04/26/nsa-asks-to-end-mass-phone-surveillance or
https://is.gd/y8oyyj

Lots of things in security sound like maybe a good idea--until you try them.
I well remember the trouble Fred Cohen got into when he started teaching his security students how to write viruses, as an exercise in trying to improve security. He doesn't do that any more. His students just didn't learn that much from it. It's not worth it.

(Oh, and remember: if you're not doing anything wrong, you have nothing to
fear from the gigantic surveillance apparatus that the government is hiding from you ...)

------------------------------

Date: Wed, 24 Apr 2019 10:48:49 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Don't get phished (The Straits Times)

https://www.straitstimes.com/tech/dont-get-phished

Singapore's government estimates business phishing losses (via e-mail impersonation, business email compromise) @ ~S$ 43M in 2017; that's ~US$ 32M
(@ 1.35 SGD/USD).

Using a simple population ratio (SG: 5.5M; US: 330M), equivalent US business phishing loss estimates rise to 330M/5.5M * US$32M =~ US$ 1.9B.

A similar computation, based on GDP (SG: US$ 0.33T; US: US$ 19.5T),
estimates phishing losses US$ 19.5T/US$ 0.33T * US$ 32M = 59 * US$ 32M =~
US$ 19B. See 2017 GDP estimates:
https://countryeconomy.com/countries/%5Bsingapore%2Cusa

Forbes concludes US business losses @ ~US$ 500M per year. https://www.forbes.com/sites/leemathews/2017/05/05/phishing-scams-cost-american-businesses-half-a-billion-dollars-a-year/

The FBI investigated ~22,000 business email compromise (BEC) scams between OCT2013-DEC2016. So, the population scaling method appears to be more
realistic than the GDP scaling approach.

Out of curiosity, I looked up the US Justice Department budget for 2017: US$ 28.7B (https://www.justice.gov/jmd/file/821916/download).

With email scams exploding, and human frailties being what they are, it
appears that ~10% of the Justice Department's budget (at 2017 funding
levels) will be consumed by BEC investigations in the near future. Whew!

------------------------------

Date: Thu, 25 Apr 2019 10:29:20 -0700
From: Gene Wirchenko <gene@shaw.ca>
Subject: "Why I've learned to hate my Apple Watch" (Evan Schuman)

The risk here is that if you brag about your marvelous UX, some mean people
may make fun of you when you fail badly. ("Gene" rhymes with "mean" in case you were wondering.) This article is sadly hilarious or hilariously sad or something. Enjoy.

Evan Schuman, Computerworld https://www.computerworld.com/article/3390149/why-ive-learned-to-hate-my-apple-watch.html

In a perfect world, the Apple Watch Series 4 could be great. With a few easy settings, a glance at the watch would deliver time, temperature, the dial-in details for your next appointment or many other things that would be
helpful. But we don't live in a perfect world.

------------------------------

Date: Mon, 29 Apr 2019 10:09:56 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Virtual dress-up website settles with the FTC following data breach
(The Verge)

``I cannot open i-dressup. Its showing SQL ERROR...why?? I am scared''

https://www.theverge.com/2019/4/27/18518619/i-dress-up-virtual-website-ftc-data-breach

------------------------------

Date: Mon, 29 Apr 2019 10:16:06 -0400
From: Monty Solomon <monty@roscom.com>
Subject: Docker Hub Breached, Impacting 190,000 Accounts (E-Week)

https://www.eweek.com/security/docker-hub-breached-impacting-190-000-accounts

------------------------------

Date: Sun, 28 Apr 2019 17:09:26 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Apple Cracks Down on Apps That Fight iPhone Addiction (NYTimes)

https://www.nytimes.com/2019/04/27/technology/apple-screen-time-trackers.html

Over the past year, Apple has removed or restricted at least 11 of the 17
most downloaded screen-time and parental-control apps, according to an
analysis by *The New York Times* and Sensor Tower, an app-data firm.
Apple has also clamped down on a number of lesser-known apps.

In some cases, Apple forced companies to remove features that allowed
parents to control their children's devices or that blocked children's
access to certain apps and adult content. In other cases, it simply pulled
the apps from its App Store.

Some app makers with thousands of paying customers have shut down. Most
others say their futures are in jeopardy.

Chronic iDisorder (see http://catless.ncl.ac.uk/Risks/30/89%23subj18.1)
depends on eyeballs hooked by a content-enabled, continuous dopamine flow.

Periodic reminders from an app to "put the device down for 15 minutes" can disrupt the dopamine flow. Dam the dopamine flow, and content-driven revenue capture is dammed along with it.

Apple's AppStore dams disruptive apps with impunity.

------------------------------

Date: Sun, 28 Apr 2019 10:17:20 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Marathon training risk over fitness trackers that 'can't be
trusted' to measure distance (Telegraph.co.uk)

https://www.telegraph.co.uk/news/2019/04/27/marathon-runners-warned-fitness-trackers-inaccurately-measuring

"Our tests have found a number of models from big-name brands that can't be trusted when it comes to measuring distance, so before you buy, make sure
you do your research to find a model that you can rely on."

The article identifies GPS-unequipped fitness tracker measurement variances
of between ~25-50% over/under a full marathon (~26.2 miles/42.2 km).

------------------------------

Date: Thu, 25 Apr 2019 11:18:45 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: In Australia, hacked Lime scooters spew racism and profanity
(WashPost)

https://www.washingtonpost.com/technology/2019/04/24/australia-hacked-lime-scooters-spew-racism-profanity

"The video is straight out of a goofy, low budget horror movie: A row of bright-green Lime scooters, parked neatly on a sidewalk, have come to life, unleashing a filthy flush of human speech."

"In a statement online, the researchers said a potential hacker -- using a Bluetooth-enabled app from nearly 330 feet away -- could lock a scooter,
deploy malware that could take full control of a device or target an
individual rider, causing their scooter to unexpectedly brake or
accelerate."

A "Red Asphalt" warning label, in addition to a helmet, should be
mandatory. They are not your father's Cyclops scooter.

------------------------------

Date: Sat, 27 Apr 2019 12:35:03 -0700
From: Rob Slade <rmslade@shaw.ca>
Subject: The invisibility pic ...

OK, this seems weird, like the hapless bank robbers who smear lemon juice on the faces because they think CCTV won't be able to see them.

But a new paper, examining artificial intelligence and vision systems, has found a way to generate images (or "patches") that prevent AI vision systems from "seeing" you: or, at least, identifying you as a person. https://arxiv.org/pdf/1904.08653.pdf

And so, a new round of patch image generation, and patch image detection and avoidance, begins ...

------------------------------

Date: Sun, 28 Apr 2019 21:16:32 +0200
From: Peter Bernard Ladkin <ladkin@causalis.com>
Subject: Travis in IEEE Spectrum on Boeing 737 MAX MCAS software

Gregory Travis published an article on the involvement of the MCAS software
on Boeing 737 MAX aircraft in two recent crashed, on 2019-04-18 in IEEE Spectrum. The article is available at https://spectrum.ieee.org/aerospace/aviation/how-the-boeing-737-max-disaster-looks-to-a-software-developer
(site registration is required).

[See Jacobson and my comment on Koenig, the next two items. PGN]

The article has recently been praised by Bruce Schneier in his Crypto-Gram newsletter and blog https://www.schneier.com/blog/archives/2019/04/excellent_analy.html and John Naughton in The Observer newspaper (in "What I'm reading" at https://www.theguardian.com/commentisfree/2019/apr/28/google-street-view-calculate-car-accident-risks-digital-tech).

Travis has written a readable, but unfortunately technically misleading, article on the accidents to Boeing 737 MAX 8 aircraft and the involvement of the MCAS software in those accidents. The purpose of this note is solely to point out some technically misleading parts of Travis's article and correct them.

Travis suggests that MCAS was devised to inhibit a tendency to stall in
certain flight regimes. As far as I know, this is incorrect. Boeing has
said in public that MCAS is not `anti-stall SW'. For example, Flight International's test pilot Mike Gerzanics operates the type for a `major carrier' and says in his very first sentence of an article on the
preliminary report of the Ethiopian crash to ET-302. ``the 737 Max family's Maneuvering Characteristics Augmentation System (MCAS) is not a `stall-prevention' or `safety' feature. https://www.flightglobal.com/news/articles/opinion-et302-interim-report-raises-more-questions-457369/

I understand the situation as follows. MCAS was devised to fulfill an airworthiness certification condition in 14 CFR 25.173 and 14 CFR 25.175. In high angle-of-attack (AoA) flight configuration, it is required that stick force/g (the stick force necessary to produce (hold) an incremental normal acceleration of 1g) and stick movement/g (ditto mutatis mutandis) must
increase (or at least not decrease) with an increase in AoA. I understand
that in flight test, in which `wind-up turns' were conducted (a turn with increasing angle of bank; an increasing angle of bank means ceteris paribus increasing AoA), this condition was not fulfilled. MCAS was devised to
ensure its fulfillment.

The reason this characteristic is different in this flight regime from
previous 737 models apparently concerns the engine nacelles, which produce
lift at high AoA, and apparently the lift they produce as AoA increases
means that the stick force/g decreases.

Travis suggests that the geometry of the engines means there is a greater
tendency for the 737 MAX to pitch up on power application than on previous
versions of the 737. I haven't seen a good argument that this is the
case. Indeed, there is reason to think it might well be lower than on
previous 737 models. The `pitch up' is related to the torque generated
about the centre of lift (on the underside of the wing) by the engines. The
centerline of the engines is, I think, closer to the underside of the wing
than it was in previous models (I don't have a figure), so the `lever arm'
(technical term) from the centre of thrust to the centre of lift (on the
wing) may well be reduced. Engines of the previous generation of 737 were
the CFM 56-7 series, which had 89-120kN of thrust, depending on the precise
model. The CFM LEAP-1B engines on the MAX have 130kN of thrust
https://en.wikipedia.org/wiki/Boeing_737 . 120kN to 130kN is not a big
increase - the shorter lever arm may well make the pitch-up torque less
than it was on previous models with 120kN-thrust engines during power
increase (Travis: `propensity to pitch up with power application'). Travis
connects this `propensity' with a `tendency to stall'; this `tendency'
might in fact be reduced on the 737 MAX.

Travis says the `nacelles cause the 737 Max at a high angle of attack to
go to a higher angle of attack'. As far as I know, this is not the case. He
is correct to call such a phenomenon `dynamic instability' but the 737 MAX, like all other passenger transports, is not dynamically unstable. It is dynamically stable.

Travis suggests that MCAS is `a cheap way to prevent a stall when the pilots
punch it'. This is manifestly not the intended purpose of MCAS.

Travis also suggests that in modern transport aircraft there often are ``no actual mechanical connections' between control-command systems available to
the pilots and the control surfaces. In the 737, all such connections are mechanical -- cables and hydraulics -- with the exception of the
spoilers. http://www.b737.org.uk/max-spoilers.htm This argument is here a
red herring.

Travis suggests AoA sensors are unreliable: `..particular angle of attack sensor goes haywire -- which happens all the time'. It does not happen `all
the time', or even very often. Peter Lemme writes `Reliability of the AoA sensor was evaluated over a 4-6 year period, with a mean time between unscheduled removals was 93,000 hours. A typical airframe is modeled at
about 100,000 hours, so the AoA vane typically last nearly the lifetime of
the airplane.'' https://www.satcom.guru/2019/03/aoa-vane-must-have-failed-boeing-fix.html

Travis writes that there are `...several other instruments that can be used
to determine things like angle of attack. such as the pitot tubes, the artificial horizons, etc.'' I don't see how pitot tubes can be used to sense AoA. Pitot tubes measure dynamic air pressure, which, along with static
ports to measure static air pressure, are used to determine airspeed
(usually so-called `indicated airspeed', IAS). When the pitot is not
directly in line with the flow of air around the aircraft, say when the aircraft is at a high AoA, then errors can be induced into IAS; AoA acts
rather as a corrective input to pitot/static sensing, rather than the other
way around. Artificial horizons are display instruments, not sensors; I see
no way they can be used to sense AoA.

One astonishing misleading statement from Travis reads as follows: ``In a pinch, a human pilot could just look out the window to confirm, visually and directly, that, no, the aircraft is not pitched up dangerously. That is the ultimate check.'' No, it is not the `ultimate check'. Travis seems to be confusing AoA with pitch angle/attitude. This is something which pilots from the beginning of their training are expressly taught not to do.

The reason for this early emphasis on not confusing pitch angle with AoA is
as follows. There are still too many general aviation accidents in the
landing pattern, often when pilots are turning on to their final approach, lined up with the runway, from `base leg', which is at right angles to
final. Pilots can misjudge the turn and `overshoot', that is, reach their
line up to the left of the runway centreline (when flying base from the
right of the runway), resp. right of the centreline (when flying base from
the left). Pilots seeing they might overshoot are tempted to turn more
steeply, which increases AoA and can lead to a stall. Recovering from a
stall, especially an unanticipated stall, often takes more altitude than the airplane has when turning base-to-final; and the airplane augurs in. It
still happens.

Travis writes ``It is astounding that no one who wrote the MCAS software for the 737 Max seems even to have raised the possibility of using multiple inputs.'' Quite why he thinks this is any responsibility of the software engineers is unclear. It is not. It is the responsibility of the control engineers who designed the system and the safety engineers who performed the safety analysis.

The safety engineers will have performed a Failure Mode and Effects
Analysis, FMEA, which consists in listing all the possible failures you can think of, and determining their effects on the flight situation. They will
then have classified those effects according to their severity as none,
minor, major, hazardous and catastrophic (these all have explicit
definitions). According to unverified information I received from a usual ly-reliable source, the effect was classified as `major' in level flight and `hazardous' in turns.

We now know after two accidents in level flight that this classification, if so, is inappropriate. A further issue, to which I do not know the answer, is whether the analysis was performed on the STS system as a whole, or MCAS separately. The manufacturer and regulator classify MCAS as a function of
the STS: ``Pitch stability augmentation is provided by the MCAS function of STS'', FAA Flight Standardisation Board Report Draft 17. https://www.faa.gov/aircraft/draft_docs/media/afx/FSBR_B737_Rev17_draft.pdf

This is all specialist analysis which is generally not performed by software engineers (although the best software engineers are aware of how to perform such analyses). Nothing follows from this that software engineering was
somehow responsible for the outcome.

In this context, Travis repeats his assertion that the Boeing 737 MAX is `dynamically unstable'. It is not. I don't think any dynamically unstable aircraft could be certified according to 14 CFR 25.

As an aside, Travis suggests that "the Lycoming O-360 engine in my Cessna
has pistons the size of dinner plates". The cylinder bore for 0-360 engines
(I flew one for 12 years) is 13cm. My dinner plates (small) have a diameter
of 21cm. My espresso saucers are 12.5 cm. I commend Travis's nourishment discipline at dinner, but suggest it does not easily generalise.

------------------------------

Date: Fri, 26 Apr 2019 05:55:30 +0800
From: Dan Jacobson <jidanni@jidanni.org>
Subject: Re: How the Boeing 737 Max Disaster Looks to a Software Developer
(IEEE Spectrum)

https://spectrum.ieee.org/

Hmmm, requires a (free) account. Maybe I can find another version...
Wait, what's this, https://nicolas-hoizey.com/2019/04/how-the-boeing-737-max-disaster-looks-to-a-software-developer.html

Experienced plane pilot and software developer Gregory Travis explains in
details what led to Boeing 737 Max recent disasters in this long article:
How the Boeing 737 Max Disaster Looks to a Software Developer.

Why do I even care?

My family and I were in one of these Ethiopian Airlines' Boeing 737 Max
just two weeks before the crash of flight 302, on the same flight from
Addis Ababa to Nairobi!

The one that crashed was registered ET-AVJ. The one we took was registered
ET-AVI. Very close. I guess both have had the very same hardware and
software.

It gives me chills every time I think about it...

------------------------------

Date: Wed, 24 Apr 2019 23:52:49 +0200
From: Thomas Koenig <tkoenig@netcologne.de>
Subject: Re: How the Boeing 737 Max Disaster Looks to a Software Developer
(IEEE Spectrum)

The article in question consisted of a single URL. Following the URL,
one is asked to register an account.

The RISK? Paying for content with your data is a bad habit, for reasons
that most people on this list, including its moderator, should know
fully well. Please do not contribute to this by posting such
articles.

[In most cases you can find a mirrored free copy. Having the
title is often sufficient. PGN]

------------------------------

Date: Thu, 25 Apr 2019 13:51:58 +0100
From: Martin Ward <martin@gkc.org.uk>
Subject: Re: Is curing patients, a sustainable business model? (Drewe,
R-31.17)

Coincidentally the following news story appeared on the BBC today: https://www.bbc.co.uk/news/education-48037122

Personally, I think that death by starvation is an excessive punishment for missing an appointment and getting your benefits sanctioned. So I would consider "not allowing people to starve to death" to be a good argument that food should be issued to the populace free of charge.

------------------------------

Date: Sat, 27 Apr 2019 14:03:13 +0100
From: Martin Ward <martin@gkc.org.uk>
Subject: Re: Is curing patients, a sustainable business model? (RISKS-31.20)

For those who still think that competition improves heathcare, consider the drug naloxone hydrochloride. This is sold by five big pharmaceutical

[continued in next message]

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)