[continued from previous message]

to be vaccinated essentially on demand, for a small fee.

Delivery of Covid vaccinations is being rationed, most commonly by age
group, starting with the oldest and working backwards to the youngest who
will be vaccinated. You will get vaccinated when it's your turn, queue
jumping is unlikely. This creates value in forgeries. Consider a family
with a booked foreign holiday that is non-refundable: one member is
vaccinated before travel, one or more other, younger members are not. There will be a strong incentive to obtain a forged certificate, and they will be available. Under the UK's current vaccination programme, with a 12-week gap between first and second doses of the Oxford-AstraZeneca and Pfizer
vaccines, it might well be the end of October before the last of the 20-year-olds is fully vaccinated ... having missed their summer partying in Ibiza. Given their oft-demonstrated refusal to recognise the dangers to
them and others of maskless massed mixing, a 100-pound (say) forgery might
well be attractive to youngsters wanting to take their pleasures as usual.
If possession of a certificate becomes a condition of travel, either
nationally or internationally, every traveler (possibly excepting the under-20s) will need a certificate. Those who are "vaccine hesitant" or committed anti-vaxxers, but who want to holiday abroad, might be tempted to acquire a forged document.

4. The traveler carries the internationally-recognised paper Yellow Fever
vaccination certificate with them. The key information on the
certificate is sparse: the holder's name, the date and place of
vaccination, and an official rubber-stamp. Essentially there are no
privacy issues. Relatively few of the world's population have a
certificate.

Current discussions for a Covid vaccination certificate are at an early
stage, but at national as well as international level. Israel has already issued its "Green Pass", whether it is widely acceptable outside the country
is untested. The format of an international certificate, whether
paper-based or electronic, and the information contained are open to
decision. If the certificate is electronic there will be serious questions about personal data and processing outside countries with 'adequate' laws;
it will need to be readable at all ports of disembarkation - it will take
time to install the necessary equipment (think "Least developed countries"). Because of the forgery risk, there will be requirements for validation,
raising further questions over data transfer, the location, accessibility, accuracy, completeness, reliability and security of the databases, and what data they contain.

5. Since 2013 the Yellow Fever certificate has been for the life of the
holder.

It seems very likely that "booster" Covid inoculations will be required, possibly on an annual basis, as happens in many countries with influenza vaccinations. The certificate will need to be updated each time.

6. Owing to limited demand, Yellow Fever vaccines are not widely held or
administered and so certificates are issued by relatively few physicians.
The certificate is issued at the time of vaccination.

Covid vaccinations are being given in hospitals, by general practitioners,
by pharmacists, by military medics, and en masse in special centres,
shopping malls and even car parks. Few countries have a centralised patient record system (Israel does) and the completeness and accuracy of records of
who has been vaccinated, with what and how many times, are likely to be variable. With no agreed certificate, most of those immunised have minimal evidence of their vaccination. At a national level, many countries will
have incomplete records of who has been vaccinated (increasing the potential for fraud and graft).

7. One vaccine provides immunity against "Yellow Fever".

There are many variants of Covid-19. There are many Covid vaccines, some requiring two doses. It is currently questionable whether any of the
available vaccines provide the same degree of protection against all known variants, and there is no guarantee that current vaccines will offer
sufficient or even any protection against future variants. A certificate
will likely need to indicate against which variants the holder is protected, especially if they are traveling to a country in which one variant is particularly endemic.

8. A Yellow Fever vaccination certificate holder is not required to
quarantine upon return from an infected country, and the chances of a new
variant outbreak are seen as vanishingly small, given the virus's
stability over a great many years.

An outbreak of a new variant Covid-19 virus somewhere in the traveler's itinerary might very well trigger a requirement for isolation on their
return to their home country or arrival in the next country on their
itinerary. In the UK that might cost over =C2=A31,700 per person if
isolated in a "quarantine hotel", and loss of earnings / school time whether quarantined there or self-isolated (with family) at home. The evidence of recent months indicates that such an outbreak is not at all unlikely.

9. Being very limited in its population, the Yellow Fever vaccination
certificate in no way approaches being an identity document.

A Covid-19 vaccination certificate will likely be required by a majority of
the population, indeed might essentially be forced upon them by government
or commercial pressures. In such an instance it will become a de facto ID
card ... something still strongly resisted in many Western countries.

10. A Yellow Fever vaccination certificate is essentially voluntary, the
requirement to have one is very limited.

A Covid vaccination certificate could become essentially mandatory, with
access to some facilities restricted if one cannot be produced. Some
people, for example among the BAME communities, have deep-seated
reservations about vaccines in general and professed objections to various Covid vaccines (often because of misconceptions, misinformation and disinformation).

"Like a Yellow Fever certificate" is trotted out by politicians and the
media whenever a Covid vaccination certificate is discussed. It is a false comparison that seriously undersells the adverse potential.

------------------------------

Date: Sat, 13 Mar 2021 12:36:08 +0000
From: Clive Page <clivegpage@gmail.com>
Subject: Re: Incorrect train simulator a factor in train crash (Brader,
RISKS-32.53)

I am grateful to Mark Brader for his report in RISKS-32.53 "Confusing computer-interface complexity causes train crash" and have now read the
report of the Rail Accident Investigation Branch that he cited.  As
usual the crash had multiple causes including the relative inexperience of
the driver on a newish type of train.  But a train simulator issue
caught my eye: the immediate cause of the crash was that the driver found he could not enter a new headcode for the short trip from Leeds Station to the maintenance depot and spent 20 seconds grappling with the train management screens when he should have been looking out of the windscreen. 
While he was distracted his train accelerated much faster than he expected until he was unable to avoid hitting the one in front.

It turns out that the train computer would only accept a new headcode if the button "Check Stops" was used before returning to the home screen. 
The manuals produced by the train manufacturer, Hitachi, did not make it
clear that "Check Stops" had to be used even if there were no intermediate stops.  As a result the training manuals were incorrect.  Not
only that, an App simulating the train management system (produced in the
UK) and a full train simulator (produced in France) also misunderstood this point so both would accepted a new headcode without use of the Check Stops button.  It is hardly surprising that the driver did not realise that
this step was essential.

This raises a more general issue: not only train drivers but also airline pilots rely a great deal on simulators, especially in training them to cope with rare conditions unlikely to happen in normal training flights: for
example the activation of the flawed MCAS system on the Boeing 737 MAX, or
the icing up of both pitot tubes on an Airbus (which resulted in the AF447 crash off Brazil).  The 737 MAX has now been re-certified in many
countries but no doubt that is partly because extensive sessions on
simulators show that it is now much safer.  But what assurance do we
have that the simulators are themselves correct?

------------------------------

Date: Fri, 12 Mar 2021 18:15:51 -0800
From: Henry Baker <hbaker1@pipeline.com>
Subject: Re: Spy agencies have big hopes for AI (RISKS-32.53)

Fifty years ago, we computer scientists used to sleep soundly at night,
knowing that if all else failed, we could simply pull the plug on an errant computer.

As Russian interference with Ukrainian power grid has shown us, we are long past this solution.

If spy agencies start depending upon "AI" in order to translate languages
and spot trends, how do you protect the decision-makers from the *spoofing* that enables "AI"-powered self-driving vehicles from stopping at fake stop signs or running over real pedestrians/cyclists ?

E.g., how long did it take "terrorists" to learn that drone strikes were
100% correlated with satellite orbits, and how long did it take Russia,
China, N Korea, Iran, etc., to modify their satellite "signatures" to avoid raising suspicion ?

Every sensor, whether inanimate or animate, has its limitations, and its
output needs to be cross-checked with *independently derived* information
from other *independent* sources.

With China and the U.S. rushing headlong into this AI-hype future, how long before a war is started based solely upon "AI"-derived information (on both sides) ?

Who cares if there's a person-in-the-middle making the dreaded "go/nogo" decision if the input information is faulty ? The problem won't lie with the decision-maker, but with the information on which his/her decision is based.

WWI was supposedly an "accidental" war, started by <150 people who misunderstood the actions of their counterparts in other countries. Which
"AI" has the deep understanding of history to know how "accidental" wars get started?

------------------------------

Date: Sat, 13 Mar 2021 17:06:59 +0000
From: Martyn Thomas <martyn@72f.org>
Subject: Re: Farms are going to need different kinds of robots (RISKS-32.53)

If precision farming will be worth $12B+ to the global economy by 2027,
perhaps a percentage of this should be invested in providing a robust terrestrial backup to the GPS signal, as GPS has a range of known vulnerabilities. Large farms would seem to be attractive targets for a "protection racket" by anyone with a jammer and a balloon.

------------------------------

Date: Fri, 12 Mar 2021 17:49:34 -0800
From: Henry Baker <hbaker1@pipeline.com>
Subject: Re: Farms are going to need different kinds of robots (Stein,
RISKS-32.52)

"Precision" aka "vertical" farming got its start when a Columbia University professor challenged his students in 1999. [Wikipedia]

Actually, VF/PF is a good idea, as it trades acreage for technology, and it will eventually win.

The biggest problems for agriculture are weather, water, pests, land, and labor. VF/PF solve all of these problems.

Weather: the farm is *indoors*, and semi-climate-controlled. Water: the
farm is, or can be, sealed, so that water input/output is no longer an issue
-- a godsend for arid areas. Pests: the farm is *indoors*, so the influx of pests can be controlled. Land(*): the farm can be vertically stacked, so
that large footprints of land are no longer needed. Labor: the racking
system is designed with purpose-built robots in mind.

(*) By giving up land, PF/VF now need large amounts of *electrical power*, which can be generated by massive solar farms elsewhere -- thus *decoupling* the absorption of solar power from the actual farming.

Basically, a PF/VF uses precision LED's to produce optimum light conditions
to grow food in areas/latitudes where traditional farms are impossible.

It shouldn't surprise anyone that the leaders in VF today are cannibis growers. Hopefully, they will pay the way for less expensive crops like vegetables.

BTW, we're going to have to get really good a PF/VF if we plan to put
any significant number of humans on the Moon or Mars.

------------------------------

Date: Sat, 13 Mar 2021 11:20:00 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Re: Farms are going to need different kinds of robots (Baker,
RISKS-32.54)

Thanks for your insight Henry. What did Norman Borlaug, *The Father of the Green Revolutio*, say about vertical farming?

"I agree fully...in support of agricultural biotechnology, which states that
no food products, whether produced with recombinant DNA techniques or more traditional methods, are totally without risk. The risks posed by foods are
a function of the biological characteristics of those foods and the specific genes that have been used, not of the processes employed in their
development."

See "Ending World Hunger. The Promise of Biotechnology and the Threat of Antiscience Zealotry," by Norman E. Borlaug. https://academic.oup.com/plphys/article/124/2/487/6098810.

Guess he'd be ok with a few bots merged into the food chain despite their vulnerability to malware pests.

------------------------------

Date: Fri, 12 Mar 2021 18:29:10 -0800
From: Henry Baker <hbaker1@pipeline.com>
Subject: Re: Google will remove *facts* if they think they're harmful
(RISKS-32.53)

I've toyed with the thought of setting up a *tautology server*, which serves
up nothing but *facts* -- e.g., the simplest of which would be "$A or not
$A", where "$A" is *any statement, whatsoever*, for example, "Trump is an idiot" or "Black Lives Matter" or "COVID-19 vaccines aren't harmful".

The mathematical validity of such 'facts' wouldn't matter, of course, to any misinformation detector, as they aren't looking for truth; they are merely looking for a *mention* -- the "Scunthorpe Problem".

The point of this post is to simply remind people that the general problem
of proving some fact wrong is -- wait for it -- *undecidable*, so we're
going to be waiting a long time for an algorithmic solution to something
that isn't amenable to algorithms.

------------------------------

Date: Fri, 12 Mar 2021 19:07:13 -0800
From: Henry Baker <hbaker1@pipeline.com>
Subject: Re: Too much choice is hurting America (RISKS-32.54)

Krugman is proof of "Pauling's Principle", that the Nobel Prize is capable
of causing early onset dementia.

IMHO, Krugman's best paper was his 1978 analysis of the effect of relativity
on economic analysis: "The Theory of Interstellar Trade". :-)

His NYTimes article about too much choice is -- depending upon your point of view -- either 100% right-wing: Henry Ford's "any color so long as it's
black", or 100% communist -- Google "beriozka" (aka "beryozka"), the Soviet stores catering solely to foreigners that had all the "good stuff".

Economics as a human endeavor goes back hundreds of thousands of years, to
when humans began to *trade* with one another, allowing the exchange of
goods from hundreds and thousands of miles away. Why did they trade? For greater *choices*! Indeed, "Economics" (with a capital "E") is the study of
the dramatic increase in human welfare due to these *exchanges* of the
widest variety of goods. P.S., ask yourselves why someone would go to great effort and expense to transport a good hundreds or thousands of miles unless someone really wanted it. Indeed, Columbus discovered America by accident
when he really wanted a better route to India and the far East for *trade*.

Krugman has now become an embarrassment to the field of economics.

------------------------------

Date: Sat, 13 Mar 2021 14:27:56 +0800
From: Richard Stein <rmstein@ieee.org>
Subject: Re: Too much choice is hurting America (Baker, RISKS-32.54)

Henry, Deregulation enables corporate behavior that can jeopardize public health and safety.

The deregulation choice saddles consumers with increasingly opaque
assumptions of product or service safety. Corporate terms of service shield corporate governance from accountability with indemnification and liability clauses.

Paul Krugman's opinions are occasionally controversial, but they are
rigorously investigated, and factually traceable. When Krugman is mistaken,
he apologizes as professional ethics dictate.

Contrast this conduct with a corporation's behavior if their product or
service is discovered and established to enable or cause casualty or data breach. If "corporations are people," their accountability for an mistake is vigorously, and unapologetically, defended until or unless a settlement is reached which may include a gag order prevent settlement term
disclosure. This asymmetry skews the perception of justice rendered to salve injury from choice.

------------------------------

Date: Sat, 13 Mar 2021 11:05:23 +0100
From: Peter Bernard Ladkin <ladkin@causalis.com>
Subject: Re: Boeing 777 PW4000 engine problems (Risks-32.53)

Richard Stein suggests in Risks-32.53 that commercial transport aircraft maintenance in general, and engine maintenance in particular, is an example
of the "expert service problem" and quotes the NYTimes article "When Trust
in an Expert is Unwise", by David Leonhardt from 2007-11-07

"...the same expert who is diagnosing the flaw is the one who will be paid
to fix it. In most of these cases, consumers aren't sophisticated enough
to make an independent judgment. That's why they went to the expert."

In the case of jet engines in particular, this is misplaced.

One major engine manufacturer, Rolls Royce, does not sell its engines. It leases them, as "power by the hour". Rolls obtains all the parameters
thought to be useful from its engines every second they are running (and, I imagine, also from some time when they are not). There are fixed maintenance cycles, designed to keep these engines running perfectly. The design of
these maintenance cycles is by no means a trivial engineering task, and is
part of airworthiness certification. (Rolls is not the only mechanical-engineering company which does this. I know of a wind-turbine company which has complete real-time operating records from each one of its turbines since it started building them, more than 25,000 of them over round about three decades.)

There are things which don't go to plan. QF32 on 2010-11-04. That engine disintegration was finally attributed to a manufacturing quality issue
(parts not satisfying the design specification).

The PW4000 engine which "threw a blade" (to use the technical term :-) ) on UA328 over Denver on 2021-02-20 had a blade inspection interval of 6,500
cycles (a cycle is a period from engine start-up to shut-down). There had apparently been way fewer than that many cycles on the engine.

Blades are not supposed to be thrown. It happens when there is "metal
fatigue", as it is known. There are inspection techniques which determine whether a fan blade is "serviceable" (as it is called). The point of
inspection cycles is to catch blades exhibiting phenomena associated with "fatigue" before they fail. The reaction to any unsafe or potentially unsafe event in commercial aviation is regulatory. The FAA issued an emergency Airworthiness Directive (EAD) requiring inspection of each fan blade on each
of the 104 installed engines of this type on US carriers. Other regulatory authorities will have followed suite immediately.

The FAA AD which was derived from the EAD may be read at https://rgl.faa.gov/Regulatory_and_Guidance_Library/rgad.nsf/0/f8805a359a2d163b862586930059d404/$FILE/2021-05-51.pdf

Readers will notice that it includes a precise dollar-figure estimate of the cost of compliance. 22 hours labour cost per engine; less than $2,000. Total cost across all US operators, less than $200,000.

The maintenance of these engines is a matter of regulation. It is part of
the airworthiness certification of the aircraft. The issue for the regulator
is that there is obviously an engineering issue: the manufacturer and
regulator established during certification that these blades should not be fatiguing inside 6,500 cycles, but one or two now have done. There are engineering issues: why? Is it an unanticipated engineering design issue,
or a quality-control matter, or what is it? And there are management issues: what do we do about it? The obvious short-term answer, encapsulated in the
AD, is: inspect the blades right now, all of them in all engines of this
type. The longer term answer will come when it is known in more detail why
the blade was thrown=2E

Stein is right that there are economic issues involved, but he puts the
finger entirely in the wrong place. The costs of having "experts" address
the issue is trivial, as may be seen from the AD. The cost doesn't compare
with the cost of the airplane not being in service for the time it takes to conduct the inspection on the two engines.

This is generally the case, and it is why Rolls sells "power by the hour"=2E Operators do not want their airplanes to be out of service for any non-scheduled reason, and engine manufacturers sell or lease their engines based on that client requirement for complete reliability.

Prof. Dr. Peter Bernard Ladkin, Bielefeld, Germany

------------------------------

Date: Thu, 11 Mar 2021 13:03:50 -0500
From: Gabe Goldberg <gabe@gabegold.com>
Subject: Allan McDonald Dies at 83; Tried to Stop the Challenger Launch
(NYTimes)

An engineer for the maker of the shuttle's booster rockets, he opposed
letting it take off, worried that cold weather might affect them. He was
right.

https://www.nytimes.com/2021/03/09/us/allan-mcdonald-dead.html

[We've noted Roger Boisjoly before, who was apparently more outspoken.
It's nice to honor Alan McDonald as well here. PGN]

------------------------------

Date: Mon, 1 Aug 2020 11:11:11 -0800
From: RISKS-request@csl.sri.com
Subject: Abridged info on RISKS (comp.risks)

The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
comp.risks, the feed for which is donated by panix.com as of June 2011.

SUBSCRIPTIONS: The mailman Web interface can be used directly to

subscribe and unsubscribe:
http://mls.csl.sri.com/mailman/listinfo/risks

SUBMISSIONS: to risks@CSL.sri.com with meaningful SUBJECT: line that

includes the string `notsp'. Otherwise your message may not be read.
*** This attention-string has never changed, but might if spammers use it.

SPAM challenge-responses will not be honored. Instead, use an alternative

address from which you never send mail where the address becomes public!

The complete INFO file (submissions, default disclaimers, archive sites,

copyright policy, etc.) is online.
<http://www.CSL.sri.com/risksinfo.html>
*** Contributors are assumed to have read the full info file for guidelines!

OFFICIAL ARCHIVES: http://www.risks.org takes you to Lindsay Marshall's

searchable html archive at newcastle:
http://catless.ncl.ac.uk/Risks/VL.IS --> VoLume, ISsue.
Also, ftp://ftp.sri.com/risks for the current volume/previous directories
or ftp://ftp.sri.com/VL/risks-VL.IS for previous VoLume
If none of those work for you, the most recent issue is always at
http://www.csl.sri.com/users/risko/risks.txt, and index at /risks-32.00
ALTERNATIVE ARCHIVES: http://seclists.org/risks/ (only since mid-2001)
*** NOTE: If a cited URL fails, we do not try to update them. Try
browsing on the keywords in the subject line or cited article leads.
Apologies for what Office365 and SafeLinks may have done to URLs.

Special Offer to Join ACM for readers of the ACM RISKS Forum:

<http://www.acm.org/joinacm1>

------------------------------

End of RISKS-FORUM Digest 32.54
************************

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)