Forwarded-by: Chris LaFournaise From a talk given by Professor Nancy Leveson, Dept of Computer Science and Engineering, University of Washington, on Software Safety & Reliability (IEEE & ACM Sponsored 4/20/94) : * An F16 pilot was sitting on the runway doing the pre-flight and wondered if the computer would let him raise the landing gear while on the ground - it did... * When initially developing the sidewinder missile pylon mounting there were a few problems. The software would release the latch and fire the missile - initially however the latch was closed shortly thereafter not allowing enough time for the missile to leave the wing. Imagine the pilots dismay when there was a bunch of extra thrust attached to one of the wings! * The F16 has a sophisticated software system that performs load balancing to optimize flight performance. This includes dropping empty fuel tanks in such a way as to balance the plane. A minor prerequisite to dropping the tanks was overlooked in the software - it's usually a good idea to be upright when releasing the tanks. Imagine flying upside down and having empty fuel tanks come flying off... * A manufacturer of torpedoes for the Navy wanted to make a 'safe' torpedo. Their initial solution was to cause the torpedo to self-destruct if it made a 180 degree change in course. On the test run for this new 'safe' torpedo the captain fired the torpedoe and nothing happened. So the captain ordered the sub back to base, executing a 180 degree turn... ============================= From RISKS: Date: 4 Jun 96 14:20:39 EDT From: Kevin Rainier Subject: Loopy Mail It all started innocently enough. Last night somebody sent a message to the recreational mailing list "virtua-fighter@netcom.com". This is an infrequently used mailing list for the discussion of the Virtua Fighter family of SEGA arcade games. Since the last time somebody had used the list a Microsoft employee left the company -- perhaps he died -- and the mail address is no longer valid. Microsoft is a helpful company and informed the list (automatically, of course) that the address is not valid. Netcom is a helpful list server and sent the message to all recipients of the list, including the late, lamented employee of Microsoft. And so it continued. And continued. It's now morning. I'm receiving a message every two or so minutes, the subject line has maxed out with "Undeliverable: Undeliverable: ...". Members of the list have just begun arriving at their desks and discovering over 150 messages from postmaster@microsoft.com via the virtua-fighter mailing list. Naturally, they panic and rush to unsubscribe from the list. Not knowing how to do that, they send an "unsubscribe" message to -- where else -- "virtua-fighter@netcom.com". Which sends a message to the user at Microsoft. So far we've had five attempts to unsubscribe. As I've been composing this mail, the frequency of new mail has increased to more than one message per minute. Oh no. There's a bad address at dartmouth.edu. It replied to the list too. I suppose I can hope that it won't reply to its own replies. But I'm sure that Microsoft will. And since the Dartmouth message is responding to a Microsoft "Failed Mail" message, that part of the loop is working just fine. Hmm, I just found out that our outgoing mail server isn't working, though our incoming one is working just fine. I love computers. One final postscript: I just received a message (two hours after the above portions were written) from the list maintainer -- the list is now dead. I also haven't received any new autoreply messages for an hour. Seems that the storm has passed. kevin_rainier@crd.lotus.com