NOTE: Many recent RISKS cases not yet included. Try the risks.org search engine. Election problems brought up-to-date 1 Oct 2008.

Copyright 2008, Peter G. Neumann, SRI International EL243, Menlo Park CA 94025-3493 (e-mail Neumann@csl.sri.com; http://www.CSL.sri.com/neumann; telephone 1-650-859-2375; fax 1-650-859-2844): Editor, ACM SIGSOFT Software Engineering Notes, 1976-93, Assoc.Ed., 1994-; Chairman, ACM Committee on Computers and Public Policy (CCPP); Moderator of the Risks Forum (comp.risks); cofounder with Lauren Weinstein of People For Internet Responsibility (http://www.pfir.org).

Contents

This list summarizes items that have appeared in the Internet Risks Forum Digest (RISKS) - which I moderate (comp.risks newsgroup) - and/or published ACM SIGSOFT Software Engineering Notes (SEN). In this collection of mostly one-liner summaries, (R i j) denotes RISKS volume i issue j; (S vol no:page) denotes an issue of SEN, where there has been one volume per year, with vol 33 being the year 2008; page numbers are given fairly regularly from 1993 on; (SAC vol no) indicates an item in the quarterly SIGSAC Security and Control Review, where vol 16 is 1998, which was the final volume. The RISKS-relevant SEN material prior to 1995 is summarized in my Computer-Related Risks book (see below). SEN material is now being brought on-line by Will Tracz: http://www.acm.org/sigsoft

Some incidents are well documented, while others need further study. A few are of questionable authenticity, and are noted as such ("bogus???"). Please send me corrections and new cases, along with suitable references. This document is updated at least quarterly and is browsable on-line (ftp://ftp.CSL.sri.com/neumann/illustrative.html courtesy of Otfried Cheong's Hyperlatex). [Hyperlatex is wonderful Free Software:
http://www.cs.uul.nl/~otfried/Hyperlatex).] This document is also printable in a two-column 8-point format (illustrative.pdf and illustrative.ps).

SEN regular issues, by year, volume&number 
..1976,vol 1: #1 = May; #2 = Oct
  ==================================
..year 1977 78 79 80 81 82 83 84 85 
  volume  2  3  4  5  6  7  8  9 10 
  ---------------------------------
  Jan    #1  1  1  1  1  1  1  1  1 
  Apr    #3  2  2  2  2  2  2  2  2 
  Jul    #4  3  3  3  3  3  3  4  3 
  Oct    #5  4  4  4  5  4  5  5  5 
  ==================================
..year 1986 87 88 89 90 91 92 93 94 
  volume 11 12 13 14 15 16 17 18 19 
  ---------------------------------
  Jan    #1  1  1  1  1  1  1  1  1 
  Apr    #2  2  2  2  2  2  2  2  2 
  Jul    #3  3  3  5  3  3  3  3  3 
  Oct    #5  5  4  6  5  4  4  4  4 
  ==================================
..1995,vol20: #1=Jan; 2=Apr; 3=Jul; 5=Dec
..1996,vol21: #1=Jan; 2=Mar; 4=Jul; 5=Sep
..1997,vol22: #1=Jan; 2=Mar; 4=Jul; 5=Sep
..1998,vol23: #1=Jan; 3=May; 4=Jul; 5=Sep
..1999,vol24: #1=Jan; 3=May; 4=Jul
..2000,vol25: #1=Jan; 2=Mar; 3=May; 4=Jul 
..2001,vol26: #1=Jan; 2=Mar; 4=Jul; 6=Nov
..2002,vol27: #1=Jan; 2=Mar; 3=May; 5=Sep
..2003,vol28: #2=Mar; 3=May; 4=Jul; 6=Nov
..2004,vol29: #2=Mar; 3=May; 5=Sep; 6=Nov
..2005,vol30: #1=Jan; 2=Mar; 3=May; 4=Jul; 6=Nov
..2005,vol31: #1=Jan; 2=Mar; 3=May; 4=Jul; 6=Nov
..2006,vol32: #1=Jan; 2=Mar; 3=May; 4=Jul; 5=Sep; 6=Nov
..2007,vol33: #1=Jan; 2-Mar; 3=May; 4=Jul; 5=Sep; 6=Nov
..2008,vol34: #1=Jan; 2-Mar; 3=May; 4=Jul; 5=Sep; 6=Nov

Read the Risks Forum as comp.risks if you can, or send e-mail to risks-request@csl.sri.com for a subscription, single text line "subscribe" (append desired address only if not your From: address), or "info" for info. Send contributions to risks@CSL.sri.com. Archives are available at http://www.risks.org, which redirects to Lindsay Marshall's Web site at Newcastle http://catless.ncl.ac.uk/Risks/, including a nice search facility. Specific issues can be read directly as http://catless.ncl.ac.uk/Risks/I.J.html [where I=volume#, J=issue#]. SRI's archive is at ftp://ftp.sri.com/risks or by "ftp ftp.sri.com", "login anonymous", "cd risks" (which gets the "dir" for the current volume, and "cd i" then gets you into the subdirectory for noncurrent volume i). An Australian mirror is at http://the.wiretapped.net/security/textfiles/risks-digest/. "Inside Risks" distills some of the discussion into a monthly inside-back-cover column in the Communications of the ACM. The list of columns to date is given at the end of this document.

My book (Peter G. Neumann, Computer-Related Risks, Addison-Wesley (ISBN 0-201-55805-X) and ACM Press (ACM Order 704943), 1995) summarizes many of these cases and provides additional analysis. (A few errata for the first three printings are on my Web page, noted above.) Most of the (S vol no) items listed below for no < 20 are discussed in the book; more recent items generally include the relevant on-line (R i j) references. If you cannot find the book in a bookstore, it is on amazon.com, or call A-W within the U.S. at 1-800-822-6339 - or if you are outside of the U.S., 1-617-944-3770 and ask for International Orders. The book is now also available in Japanese (ISBN 4-89471-141-9). Instead of trying to produce a second edition in the face of a massive influx of new RISKS cases, the fourth and fifth printings of the book gives the URL for the Addison-Wesley Web site (http:www.awl.com/cseng/titles/ISBN-0-201-55805-X/), which includes the first chapter of the book and an extended preface. That Web site and my own contain further material that would otherwise have gone into the second edition.

Henry Petroski (among others) has noted that we rarely learn from our successes, and must learn more from our failures. The collection of cases cited here provides rich opportunities for reflection that could help us to avoid similar problems in the future. Unfortunately, it also demonstrates that the same types of mistakes tend to recur, over and over...

SEN and RISKS also consider approaches for developing better computer systems, e.g., safer, more reliable, more secure, fewer cost and schedule overruns, etc. There are many approaches to developing sound systems; none is guaranteed. Whereas the emphasis in the following list is on problems rather than on would-be solutions, the pervasive nature of the problems suggests that techniques for the effective development and operation of computer-related systems are frequently ignored. Worse yet, even ideal systems can result in serious risks, through unanticipated technological problems or human foibles. We include here primarily cases that have been publically reported, although we know of various additional cases whose existence for one reason or another has not seen the light of day. A few successes are also included, although the failures seem to predominate. We are always interested in hearing more about successes. Although I receive occasional complaints about the preponderance of failures in RISKS, there appear to be very few real successes. Perhaps not enough folks are heeding some of the advice that you can gather from RISKS and that are distilled in Computer-Related Risks.

Descriptor Symbols

! = Loss of life/lives; * = Potentially life-critical or safety problem

V = Overall system or subsystem surViVability problems (with respect to diVerse adVersities, including attacks and malfunctions). Startlingly many cases fit this category; many V-unflagged cases also represent failures to continue performing properly, or delays, or other cases of misuse that could have led to much more serious survivability problems.

$ = Loss of resources, primarily financial

S = Security/integrity/misuse problem; P = Privacy/rights abuse or concern

H = Intentional Human misuse (e.g., user-administrator-operator-penetrator)

h = Accidental Human misuse or other inadvertence

a = Event attributed to animal(s)

I = Insider; O = Outsider; A = Inadequate Authentication, Access control, or Accountability

d = System Development problems

e = Improper Evolution/maintenance/upgrade. (H,h,i,f,d,e involve human foibles.)

r = Problems with Requirements for system or operation (including the overall system concept)

f = Flaws (or Features in design, or hardware/software implementation)

i = MisInterpretation/confusion/human errors at a man-system Interface; documentation problems

m = Hardware Malfunction attributable to system deficiencies, the physical environment, acts of God, etc.

M = Malfunction or misuse specifically due to electronic or other interference

+ = Beneficial; - = problematic with none of the above categories

@ = This item is also listed in another category

1 Collected Items Listed by Categories

1.1 Recent yet-to-be-merged items

*SM UK trials of GPS controlled car speeds (R 21 22-23)

V(m/f?) Canadian grocery chain Sobeys' software crash lasts 5 days (R 21 22)

Vf University of Washington server crash leaves thousands of students unable to register for classes (R 22 38)

i Risks of not-quite-identical keyboard layouts (R 21 26)

$h United Airlines Web site for one hour accidentally offered SFO-Paris round trips for cost of taxes and fees only (roughly $30 instead of $300) (R 21 24-25)

f Japanese modem misdialing seemingly at random in pulse-dial mode (R 21 25)

eh EoExchange shuts down free ad-supported services without warning; customer data lost (R 21 32)

i PC virtual-parrot squawks confuse firemen (S 26 6:10, R 21 46)

f Cable theft results in network congestion when Seti@Home screen savers are unable to access Seti servers (R 21 48,53)

fe Carefully planned seamless British Telecom BT SurfTime upgrade seemed very seamy, with premature cancellation of old service (R 21 44)

hie Risks in MacOS 10.2.4 update and httpd.conf replacement (R 22 56)

$fe UK magistrates courts staff upgrade failure requires two sets of systems instead of one, and a huge windfall for the deficient contractor (R 21 59)

fe Adobe Acrobat 5.0 pdf upgrade not backward compatible (R 21 59)

e NASA data from 1970s lost due to "forgotten" file format (R 21 56)

f California DMV sorting machine sends licenses to wrong people; 8-year-old sorting machine blamed (R 21 39)

* IBM auto dashboard system can shoot water at drivers not answering questions properly (R 21 53)

he Half of Norway's banks offline for a week: erroneous keystroke in EDB Fellesdata AS upgrade wiped out entire data warehouse instead of merely initializing 280 new disks (R 21 58)

+ OnStar GPS computer reports accident, pinpoints hit-and-run driver (R 21 46)

f* Polarized sunglasses mask LCD displays (R 21 53,54,56)

f False fatal-error report on completed atomic transaction (R 21 53,54,57)

mh Fiber cut takes out network connectivity within U. Pennsylvania (R 21 55)

i Another autoresponder loop (R 21 51,56)

$fhe Euro computer cutover risks (R 21 40)

f$ Payday delayed by one day in Belgium; once-in-five-year glitch (R 21 45)

h JDS Uniphase bad quarterly results report allegedly hacked, halting trading - but it turned out the report was Web-posted prematurely! (R 21 56)

eHS Beware of free URL-forwarding services (R 21 47)

di Custom system risk: dead men produce no documentation (R 21 47)

$h 40,000 federal tax returns and $800M payments missing at Mellon Bank processing center (R 21 63)

$m CD-eating geotrichum fungus amongus (R 21 51)

? Singapore bans divorce by SMS (short-text messaging between cell phones), overruling Muslim authorities, after 16 divorces Apr to Jun 2001 (R 21 58)

$ Chinese divorce: fight over online Mir 2 game account characters and virtual items worth over 40,000 Yuan (R 23 93)

- Chinese Internet blind date turns out to be married couple; big spat when they finally rendezvoused! (R 21 55)

$fh New British solar parking meters give free parking in bad weather, when installed under trees, etc. (R 21 65)

$H Judge tosses out red-light camera tickets because contractor had incentives to increase the number of citations (R 21 65)

fi Poor car-wash control interface design (R 21 77)

!hi Military intelligence at its best? "As a pilot, I can do everything perfectly with a perfect weapon system, and still cannot account for every weapon going exactly where it's supposed to go." U.S. Rear Admiral John Stufflebeem was responding to the deaths of three U.S. soldiers in Afghanistan after yet another bomb went astray. (S 27 2:5, R 21 82)

he Stupid defaults in database conversion cause propane runout (S 27 2:5, R 21 89)

e Mistranslated fields and changed defaults create problems in database conversion for propane company changeover (R 21 89)

*hi(VSP also) Sometimes high-tech isn't better: discussion of doctors' dependence on computers (Laura S. Tinnel, S 27 2:5, R 21 84)

$f Japanese Yohkoh satellite loses control due to annular eclipse during invisible-orbit out-of-sight period, draining batteries; recovery possible but not clear (R 21 85)

Vm Durham NC water line break closes 911 center and police department (R 21 89)

Vf(SH?) Dutch royal chat session failed on apparent overload (R 21 89)

fi Excel cut-and-paste glitch (R 21 88) +/-? Largest prime number: Mersenne prime, 4,053,946 digits: 2^13,466,917-1; found with 130,000 volunteer participants (R 21 82-83)

??? 100:1 lossless compression hype sounds like oil (R 21 87)

h Euro cutover risks: lots of screw-ups, wrong currencies, etc. (R 21 84,86,87); Luton schoolboy profits from ATM giving 1.6£to the Euro, rather than the reverse (R 21 86)

$f UK NatWest bank turns debits into virtual credits in Quicken and MS Money .OFX format (R 21 81)

$hf Grocery self-checkout risks: duplicate charges (R 21 81)

$f Automated bus pass kiosk denies authorization but debits: previous customer's authorization screen image displayed (R 21 81)

hV Outsourcing of upgrade to automated system knocks out Australian Bureau of Statistics (R 21 90)

f Johns Hopkins researchers announced the "color of the universe" based on a weighted average of the electromagnetic frequency of emissions from all galaxies in the observable universe: it's turquoise; after discovering a software glitch, no, it's really beige (R 21 98); no, because of an algorithm error, it's really salmon (R 22 02); could there be a pot of gold at the end of the rainbow for the culler of colors?

$fe More on PayPal problems: IPO prospectus, flaws, upgrade difficulties, fraud reported, fraud holds, merchant views (R 21 92,94,98) Paypal meets the Patriot Act: eBay accused of facilitating Internet gambling, eBay rebuts (R 22 67,69; S 28 4:9-10)

$SH $1M eBay fraud scams 1000 victims for $1000 each for nonexistent laptops (R 22 77)

Vm Disk crash destroys on-line law-enforcement mug shots in Macomb County, Michigan; no backup other than some hardcopy photos! (R 22 08)

Vhie 50,000 Idaho court records erased during upgrade; no viable backup (R 22 60)

$(m/f?)V Crash of critical legacy system costs Comair $20 million (R 23 87)

V(f/m?) Year 2000 crash destroys WashDC maintenance database of 5000 trees destined for removal, causing serious subsequent problems (R 22 08)

+? Dutch city implanting chips to monitor tree health (R 22 10)

Si Risks of deceptive characters in URLs: Rob Graham (R 21 89), and note on Gabrilovich/Gontmakher's Inside Risks column on The Homograph Attack, with look-alike characters in different languages Comm.ACM 45, 2, Feb 2002 (R 21 89); confusion among lowercase L, uppercase I, number 1 (R 21 91-93); lloyds vs llyods and domain protections (R 22 11, correction R 22 12)

Shi Risks of ordinary GUI "pop-up" windows: hidden spoofing (R 23 46,49; S 30 1:13)

Risks of Unicode and WSIWYG interpreting addresses: lookalike Japanese and English modes (S 27 3:8-9:, R 21 96)

fi Undesired text alterations: Microsoft Outlook appropriates the word "begin" to denote uuencoded text; recommended solution is not to start messages with the word "begin" (R 21 90); .Net violates English rules (R 21 91); search engines give wrong site, altering punctuation (R 21 91); OCR scanning alterations as well (R 21 92); UK Waitrose strips apostrophes from message content (R 21 92) and perhaps is using SQL? (R 21 93); BAD! in Perl, apostrophes are string delimiters (R 21 93); some Web forms reject addresses containing a plus sign (R 21 93)

SV Dutch royal chat session failed; intended for 100 selected citizens, and using a site designed for tens of thousands of users, the site reportedly received 3 billion hits (which seems implausible)! (R 21 89)

e Time runs out for BBC's Domesday time-capsule discs: media unreadable (R 21 93)

$i Australian man racked up A$22,000 in fines on Melbourne toll road, not having updated his address, and not having acquired a transponder (R 21 93)

$(f?h?) Seattle City light billing disputes (R 22 05)

(f?) Two unsolved telephone mysteries: unattended mobile phone calls home, and replicated phone bills; software faults? (R 22 08-10)

$h E-commerce Web site mistakenly listed low price for Kodak cameras; automatic response constituted acceptance of sale (R 21 90);

$hi PC mail-order price typo cost Marubeni over $2 million; company honored the error (R 23 02)

$ Buy.com mispriced a monitor; automated price search promises lowest price; (R 20 21)

h (but blamed on computer) Argos retail offered Sony Nicam TV for 3£ instead of 300£ (R 20 57)

$(hi?) Oops! US Air round trip for $1.86 (R 23 85)

$h Huge $25 airfare bargains from United Airline's Web site (R 22 10)

$h Compaq issues refunds for one-cent PCs after canceling the erroneous promotion (R 22 08)

$hi Self-service gas station loses money due inadvertent low pricing: $.19/gallon instead of $1.83/gallon (R 23 72)

$hi Candy machine non-atomic transaction punishes the quick-thinking (R 22 08-10); a related story (R 22 10)

* China bans toxic American junk: computers, TVs, copy machines, etc. (R 22 14)

$ No more JPEGs: ISO to withdraw image standard in infringement case (R 22 18)

$ef Boston Big Dig overruns $1 billion (R 22 55; correction 22 56)

*m Sentinel Fire Mapping tool for Australian fire location overloaded by heavy demand by nonemergency users (R 22 58)

mef IBM's DB2 blamed for Danish banking crisis (R 22 68; S 28 4:6)

i Risks of misquoting Google hit counts (R 22 72)

ai$ Turtle tangled in discarded beacon triggers Coast Guard massive search and rescue effort (R 22 70)

f?h? Kellogg's American Airlines online sweepstakes: thousands of nonwinners erroneously notified of winning (R 22 71)

- The Googlewashing of our language: Risks of trusting Google? (R 22 67)

m?f?h? Database crash loses names of Canadians in nationwide firearms registry (R 22 77, S 28 6:9)

f Verizon's error sends customers to Massachusetts adult phone line (R 22 84)

fmV GenCon conference registration woes blamed on computer network (R 22 84)

f Guardian crossword puzzle unable to handle numbers! (R 22 82)

i(-$) Cingular sends final bill for -$3.36 after refund check, threatening late fee (R 22 88)

m Eurofighter Typhoon brake fault (R 23 02; S 29 2:9)

f FAA warns of FlightLogic EFIS system fault (R 23 12; S 29 2:9)

defm Houston 911 system prone to crashes (R 22 92; S 29 2:10)

$drfh UK MoD scraps £130-million inventory management system (R 23 05; S 29 2:10)

Sdfi Computer virus freezes 21 VMS York car park displays tracking empty spaces; one system showed 349 spaces instead of none; mass chaos (R 22 92; S 29 2:10)

$df Messed-up test run gives erroneous deposits on outsourced payroll system (R 22 96; S 29 2:11)

+ Rigorous semantics of SPARK Ada applauded (see John Barnes' High Integrity Software); also more discussions of avoiding GOTOs (R 23 02)

*m Faulty wiring in window heater led to windshield cracks in 3 Boeing 777s (R 22 94)

*m Seattle Air Traffic Control [and elsewhere] affected by fires in Southern California (R 22 98)

hi$ Continental Airlines backs off erroneous 500K free-mile winners (R 22 92)

m Risk of leaving devices turned OFF: electrolytic capacitors degrade chemically: new kind of bit rot (R 22 98)

*m Nokia blames mobile-phone battery explosions for nonNokia batteries (R 22 97)

e$ WBIG radio unable to pay employees after computer upgrade (R 23 01)

*fi Honda CRV 4WD electronic doors trap man in Australian flood, nearly drown him (R 23 06); try the rear window, which is not electric! (R 23 12)

*hi(f?) Driver relies on car navigation system, winds up inside a supermarket (R 22 96)

i Acura MDX and BMW 7 series (in)human interfaces (R 23 01); BMW: "When you add complexity you add risks" (R 23 02); Karcher's Law: "Don't check for error conditions you are not prepared to handle." (R 23 03)

*$f BMW series 5 flaw disables Dynamic Stability Control and ABS (R 23 60; S 30 2:18)

hi Input data error on auto registration transfer causes driver's arrest (R 23 11)

fi French weather program mistakenly interprets frost (on a spider web on a sensor) as snow (R 23 03)

$hi Trifecta race-track bet on 2003 Melbourne Cup wins AU$2.6 million despite betting operator's ten-fold error: bettor had not requested confirmation (R 23 03; S 29 2:14)

hi Goofs: Animated billboard congratulates the Chicago Cubs on winning the baseball's National League pennant - but they lost! someone hit send instead of delete (R 22 96); New York Post prepared opposite editorials, released the wrong one: N.Y. Yankees lose 2003 American League pennant - but they won! (R 22 97); Israel's YNET.co.il announced Columbia had landed safely (with Israel's first astronaut aboard, and details of what he was supposed to be doing after landing) - but the Columbia was lost on reentry (R 22 98)

hi `Technical error' blamed for dirty picture shown to Mexico's first lady (R 22 92)

f Difficulties with U.S. Census Bureau income data: Gini averages based on truncated individual data for the wealthiest, max recorded is $999,999, to protect identities? No! (R 22 93,95,97)

$f Computer problem affects Mississippi liquor stores and restaurants (R 22 98)

fe South Carolina DMV software glitch costs Sumter County $164,000; car tax records vanish (R 22 98)

$hi E-ZPass returned via UPS truck keeps getting charged for Jersey Turnpike trips! (R 23 01)

$ Official self-service litigation system available in England/Wales (R 23 06)

$himf Peter Deutsch's Eight Fallacies of Distributed Computing (R 23 06)

hi NOAA training session test message warns of hotter weather as Earth nears the Sun (R 23 07)

i Southern drawls thwart voice recognition for Shreveport police (R 23 04)

hi Proper understanding of "The Human Factor" (essay by Don Norman, R 23 07, commentary on two earlier RISKS items in R 23 04 and 06); two follow-ups from Doug Jones and Peter Ladkin (R 23 08); more on Murphy's Law (R 23 09) and developers (R 23 09); similar arguments about medical records (R 23 10)

i 'Master' and 'slave' computer labels unacceptable, LA officials say (R 23 05)

m Sony recalling 550,000 CD Walkman battery packs (R 23 04)

hi Erroneous Australian banana import recommendation due to error in risk assesment input to Microsoft Project file with @Risk add-on (R 23 28)

(m/f/h?) Dispatch computer glitch grounds Delta flights for 2 hours in Atlanta (R 23 35)

f Netgear/UWisc NTP router to keep time accurate: bug causes incessant retransmissions; fascinating item (R 23 41)

d Risks of believing in testing; also a GAO report (R 23 38-43)

f Jim Horning: Risks of inadequate exhaustive testing of 10M cases (R 24 42, S 31 6:23)

$f Poor fallbacks on automated systems: Paytrust SmartBalance (R 23 39)

fi Reason Magazine subscriber-customized covers messed up (R 23 39)

hi The Daily Farce online satire (Rumsfeld banning digicams in Iraq) reported as truth (R 23 39)

fi USB "square" plugs plug in backwards! (R 23 32)

fi Florida sues AT&T for billing a million noncustomers (R 23 35)

ef Canada's largest bank has "processing disruption" (R 23 43)

$f TurboTax electronic filing option fails to send AMT Form 6251 (R 23 35)

de Risks of broadband upgrades: Cox outage affects the recommended Toshiba 1100 cable modems: bad upgrade (R 23 30)

$fm MiniDV Firewire connector fragility (R 23 33)

e On-line accounting software upgrade problem: increased ID number length breaks system, which converted to scientific notation and rounding! (R 23 51)

m Zinc whiskers from under datacenter floors can lead to high equipment failure rates (R 23 45)

m DSL problem: mice, snakes, and wiring (R 23 57)

$f Lack of sanity checking in Web shopping cart software: beware of specifying fractional items (R 23 51)

$m Gloria Estefan performance in Dallas canceled due to computer crash (R 23 49)

i Emoticon-interpreters create risks in instant messaging services: :) becomes a yellow smiley-face icon (OK), but 401(k) in e-mail to female boss becomes 401 followed by "a big pair of smoochy lips"(R 23 48)

fhi Leslie Lamport: A Comedy of Errors; TLA+ quoted character anomaly (R 23 66; S 30 2:19-20) and discussion (R 23 67)

fhi Jim Horning: Risks of lenient parsing: a tale of tracking down an HTML problem (R 23 66; S 30 2:20) and discussion (R 23 67)

fi Software is no substitute for thought: yet another instance: need for human checks for reasonableness (R 23 60; S 30 2:20)

f Bruce Tognazzini list of 130+ most common bugs (R 23 67):
http://asktog.com/Bughouse/index.html

$fh Belgium's Banksys cashpoints failed due to small technical errors and overload, affecting 220K bank card transactions and 60K credit card transactions (R 23 63)

$(f/h/i/m?) Strange Standard and Poor stock numbers: index fell 870 points, 73% of its value, for one day (R 23 62,63)

fi Unintended effects of RFID devices; RFIDing babies (R 23 62,63,65)

hi E-mail notification from Southwest Air to wrong person, with no reply possibility (R 23 61)

$hi Problems with Chicago-area toll road transponders (R 23 67)

$hi Ticket not in computer system: your insurance rates may increase, because you cannot pay the fine! (R 23 66)

fm (etc.) 130 most common bugs - and counting (R 23 67; S 30 3:29)

hi- Vatican Web page on Pope John Paul II's death on 2 Apr 2005 was prepared on 1 Apr 2005, before his death, announcing "Vacancy of the Apostolic See" (R 23 84)

*(f/m/?) Judge accepted hypothesis that Ontario Safari Park tiger triggered power window opening and entered the automobile, awarded $2M in damages (R 23 69)

m A risk of high-speed CD/DVD-rom drives in current-day PCs, and slowing them down (R 23 71,72); Macrovision DVD copy-protection (R 23 72)

!*+/-? Hospitals have dramatically reduced unnecessary deaths? (R 24 32,33)

$f $8 million for self-parking charge: 8.1E+6 (R 24 30-31)

e NZ IRD tax numbers about to run out (R 24 33)

m Wily crows disconnect wired Tokyo (R 24 33)

f Irish ATM pays double; ethical dilemma (R 24 30)

fi Construction blocked by e-mail filtering `erection' (R 24 30)

Vhi Risks of relying on the Web in wartime: Australian Consulate required registration online, with no electric power (R 24 35)

hi DVD player human interface, not designed for usability?
(R 24 44)

*hi Silliness in Action: California poised for car cell phone ban (R 24 40)

British ambulance crew goes 200 miles off course based on name confusion in satellite navigation (R 24 48,49)

END of yet-to-be-merged items .....

1.2 11 Sep 2001 and Homeland Security

..... Combatting Terrorism

!!!*VSHf$$ 11 September 2001: terrorist highjacking of four planes used as cruise missiles to destroy the World Trade Center twin towers and part of the Pentagon, with thousands of lives lost and extensive disruption of lower Manhattan infrastructures; relevant GAO reports cited (S 27 1:7, R 21 66-67)

!h Stray bomb caused by typo in coordinate digit (R 21 70,71,73);

Sf Discussion of the risks of remotely controlling airliners to prevent hostile takeovers (R 21 68-69); tamperproof autopilot (R 24 60)

SP Joke e-mail seemingly from bin Laden reportedly landed its recipient in jail, but the details were in dispute (R 21 68-70)

+ Role of amateur (ham) radio communications after land-line and cellular comms failed (R 21 68-71)

!ih Friendly fire in December 2002 caused by Special Forces GPS battery changeover resetting Taliban target confirmation to its own location!!! (S 27 3:5, R 21 98)

Sm RISKS discussion of earlier World Trade Center problems (R 21 67) and lessons of 7 WTC (R 21 80)

S The Web Never Forgets, foiling attempts to remove info later thought to be sensitive (R 21 80)

SHA Airport security: can you trust a "trusted traveler"? (S 27 3:, R 22 03)

SPfh No-fly terrorist blacklist snares peace activists, a nun, etc. (R 22 29); More on the No-Fly List (R 22 74); people named David Nelson turned away by CAPPS II pattern matching: at least 6 in LA area, 18 in Oregon, 4 in Alaska (R 22 80); in Austin, David Nelson planned to fly as D. Austin Nelson (R 22 81)

SPhi Travelers continue to struggle with wrongful Watch List matches (R 24 05)

SHfh "Homeland Insecurity": technology not foolproof; subsequent discussion on Probabilistic Risk Assessment, firearms in the cockpit, and Computer Assisted Passenger Screening (R 22 20-21,23-24,27); Real risks of cyberterrorism, related to disaster planning; large-scale events; SCADA systems, even if not Internetted; nonpublication of Gartner/ NavalWarCollege study; beware of fear-mongering (R 22 22-23,27)

SH SCADA systems hacked (R 24 44, S 31 6:28)

Sf Unexpected consequences of airport random screening: 20selected instead of 2% (R 24 36, S 31 6:28)

Sfhi Vancouver Int'l Airport locked down due to training software phantom bag (R 24 44, S 31 6:27-28)

SH Richard Clarke on Homeland Security, airport ID checks, etc. (R 23 78-79; S 30 3:30); "High-tech passports are not working" (R 23 73; S 30 3:31)

$SH Thieves sabotage Dutch telecom infrastructure (R 24 43, S 31 6:28)

S Digital retouching of photos to make a propaganda point (R 24 36, S 31 6:28)

..... Cybersecurity

SHfi User security, system security, DMCA, etc.: Edupage neatly juxtaposes two items: Richard Clarke (at Black Hat in Las Vegas) urges hackers to find and report bugs; HP uses DMCA against bug finders (R 22 20); FTC uses Dewie the Turtle to promote computer security through hard-to-guess passwords, antivirus software and computer firewalls, just like President's Critical Infrastructure Protection Board - which puts the onus on users, not on the need for secure systems (R 22 27); reminiscent of Bert the Turtle from Duck and Cover (R 22 28); relying solely on users to tighten security is misguided (R 22 33); attempts to rescind parts of DMCA by Rick Boucher and by Zoe Lofgren (R 22 28)

Shi Education and the National Strategy to Secure Cyberspace: a critical review of the second version of the national cyberstrategy (Rob Slade, R 22 63)

S?H?f? Ptech raided for suspected al Qaeda link? No, financial crime investigation, says U.S. attorney; their software is used by Government agencies, but possibilities of Trojan horses reportedly unfounded (R 22 42)

$ Liability risks from cyberterrorism (S 27 6:12, R 22 18)

SP American style cyberwarfare: what are the risks? (S 27 6:13, R 22 18,22)

S Federal agencies get failing grades on cybersecurity; half D or worse (R 23 73; S 30 3:30-31)

*S Security? Nuclear plants don't need no stinkin' security! (R 23 78; S 30 3:31)

*SHfff Nation's Critical Infrastructure Vulnerable to Cyber Attack (U.S. House Science Committee, R 24 04; S 30 6:20-21)

*(SV) One radio frequency for emergency services? (R 24 04) No, (R 24 05,07)

[See also the sections on security and privacy.]

..... Natural disasters

hi Risks ignored: Hurricane Katrina - predictions before and response after (R 24 04; S 30 6:20)

!*m Katrina's telecom damage tops $400 Million; repairs may take months. [Of course, that is just the tip of an enormous iceberg.] (R 24 03)

*hi Katrina victims required to use Microsoft Internet Explorer (R 24 05,06)

SHP Health records of Hurricane Katrina evacuees go online; privacy implications (R 24 04; S 30 6:23-24)

1.3 Space

..... Manned/Womanned [Peopled?] Space Exploration:

!!$$Vrfh Shuttle Challenger explosion, 7 killed. [Removed booster sensors might have permitted early computer detection of leak?] [28Jan1986] (S 11 2) [Probably not? See Paul Ceruzzi, Beyond the Limits - Computers Enter the Space Age, MIT Press, 1989, Appendix.] Whistle-blower Roger Boisjoly fired by Morton Thiokol after reporting O-ring problem that led to loss of the Challenger (R 5 78, R 5 80, and R 12 40)

!mhi NASA cultural failures on STS-107 leading to loss of the Columbia shuttle (reminiscent of the Challenger loss); final data unrecoverable; more discussion (R 22 54); Over-reliance on PowerPoint leads to simplistic thinking, linked to Columbia shuttle accident analysis and disaster (23 07)

* Mercury astronauts forced into manual reentry? (S 8 3)

$f STS-1 1st Space Shuttle Columbia backup launch-computer synch problem. See Jack Garman, "The bug heard 'round the world" (S 6 5:3-10) Oct. 1981. I summarize this in my Computer-Related Risks book, page 20-21, along with several of the following cases.

*f STS-2 shuttle simulation: bug found in jettisoning an SRB (S 8 3)

*f STS-2 shuttle operational simulation: tight loop upon cancellation of an attempted abort; required manual override (S 7 1)

*Vf STS-6 shuttle bugs in live Dual Mission software precluded aborts (S 11 1)

*m STS-9 Columbia return delayed by multiple computer malfunctions (S 9 1)

*f STS-16 Discovery landing gear - correlated faults (S 10 3:10)

*if STS-18 Shuttle Discovery positioned upside down; mirror to reflect laser beam from Mauna Kea site aimed upward (+10,023 miles), not downward (+10,023 feet) (S 10 3:10)

*$ STS-20 Two-day delay of Discovery launch: backup computer outage (NY Times 26 Aug 1985); Syncom 4 satellite failure as well (S 10 5)

$f SRS-36 Atlantis launch delayed [25Feb1990]; "bad software" in backup tracking computer system, but no details given. (S 15 2)

h Shuttle Discovery shutdown procedure for two computers reversed (S 16 1)

*hife STS-24 Columbia near-disaster, liquid oxygen drained mistakenly just before launch, computer output misread (S 11 5)

*f Columbia orbiter suddenly rotates, due to telemetry noise (S 15 3)

$m Columbia delayed by computer, interface, sensors; then navigation (S 16 3)

$f Shuttle Endeavour computer miscomputes rendezvous with Intelsat satellite; nearly identical values interpreted as identical; those SW problems force spec changes (AviatWkSpT 29May/8Jun1992, S 17 3 duplic S 17 4)

* Shuttle computer problems, 1981-1985; 700 computer/avionics anomalies logged; landing gear problems in STS-6 and -13; multiple computer crashes in STS-9, cutting in backup system would have been fatal; thermocouple failure in STS-19 near disaster (S 14 2)

m Atlantis spacecraft computer problem fixed in space (S 14 5)

$f Untested for change, SW delays shuttle launch; 3-min on-line fix (S 15 3)

$(m/f?)V Shuttle Atlantis launch scrubbed: "faulty engine computer" (S 16 4)

$*V Columbia launch scrubbed at T-3sec 22Mar93, leaky valve (S 18 3:A14)

$*V STS-56 Discovery launch scrubbed at T-11sec 5Apr93, main propulsion system high-point bleed valve open-indicator went to off, closed-indicator did not switch to on. Indicator problem? program error? (S 18 3:A14)

h Discovery SRB recovered with missing pair of pliers (S 18 3:A14)

*h Discovery shuttle tail speed-brake gears were installed backwards in 1984, not discovered until 2004, 30 flights later! (R 23 29; S 29 5:13)

fm Channel blocked, Discovery exhausts storage for ozone data (S 18 3:A14)

H Experimental Space Shuttle e-mail address divulged, bombarded (S 16 4)

m Woodpeckers delay shuttle launch (S 20 5:8)

*m Docking problem aboard Soviet space station Mir (S 15 5)

m Mir Space Station computer problems add to difficulties; main computer failed during docking attempt, 19 Aug 1997 (R 19 31,32), with detailed analysis by Dennis Newkirk (R 19 33)

m Mir computer failure affects steering; replacement computer fails to load (end of May 1998, just before Discovery launch) (R 19 78)

*$d GAO reports on NASA Space Station: increased safety risks, costs (S 17 4)

* Risks of junk in space much greater than previously thought (S 17 4)

*f$ Potential software nightmare for International Space Station, with considerable discussion (R 19 49-51)

*$f International Space Station software problems in 2001 predicted in 1997 (S 26 4:4, R 21 37): see (R 19 49-51)

deh$ Space Shuttle launch-pad test of redesigned fuel tak omitted; problem of test-induced failure (R 24 28)

..... Space Exploration, Satellites, Probes, Others:

$f Hubble Space Telescope problems, soaring costs, missed deadlines, reduced goals, etc. (S 15 2); sensors misdirected because of wrong sign on precession in star data; antenna # 2 limited by misplaced cable, #1 limited because software had only one limit stop, same for both (S 15 3) No system test. 1mm error in monitor program of mirror polisher (S 15 5) See M.M. Waldrop, Science 249, 17Aug1990, pp.735-736.

Vf/m Hubble Space Telescope antenna swing causes shutdown (S 17 1)

fh More Hubble SW: misloaded ephemeris table, bad macro (S 18 1:24)

$fhV $150M Intelsat 6 comm satellite failed; booster wiring error, payload in wrong bay; miscommun. between electricians and programmers (S 15 3)

$mV Canadian TeleSat Aniks die: solar coronal hole electron flux (S 19 2:3) Anik E-2 control restored, but with shorter life ($203M asset) (S 20 2:11)

$(f/m?)V Taurus rocket plunges into Indian Ocean, destroying Orbital Imaging satellie, NASA QuikTOMS, and cremated remains of 50 people (S 27 1:8, R 21 68)

hif NASA's DART spacecraft smashes into satellite; faulty nav data (R 24 29, S 31 5:16)

$fhe Backward gravity switches: Genesis slammed to Earth after parachutes failed (R 24 33, S 31 5:16)

fmV SOHO Mission Interruption Preliminary Status and Background Report documents apparently unconnected multiple failures that caused the satellite to lose control (R 19 87)

fhV Final report on the Solar and Heliospheric Observatory (SOHO) spacecraft failure: software flaw and improper command (R 19 90); mis-identification of a faulty gyroscope, staffing problems, inadequate training, ambitious schedule, unreviewed procedure changes, etc. (R 19 90, 94); contact finally reestablished. (S 24 1:31)

hm 5 printers off-line or jammed, Voyager 1 data lost over weekend (S 15 5)

f Voyager 2 software faults at launch, 20 Aug 1977 (S 14 6)

V$ Titan 34D, Nike Orion, Delta-178 failures follow Challenger (S 11 3)

V$* Titan 4 rocket test-stand SRB explosion; simulation missed failure mode (R 12 09, S 16 4)

V(m/f?) Final Titan 4A launch explodes with Vortex satellite; total cost over $1B, Aug 1998 (R 19 91, S 24 1:32)

mV Titan 4B leaves missile warning satellite in useless orbit (R 20 36)

Vm/f? Titan 4B with Milstar communications satellite separates four hours early, resulting in a useless low orbit, 30 Apr 1999 (S 24 4:26, R 19 36)

Vhm$ 6 successive Theater High-Altitude Area Defense (THAAD) failures, including three typos; then a "success" (R 20 43,45); Titan 4B failure (R 20 39) blamed on shifted decimal point in upper-stage software (R 20 45)

Vf,f Delta III launch ends after 71 seconds due to software flaw; two weeks later, Delta III leaves Loral Orion comm satellite in useless low orbit 4 May 1999 (R 20 38)

Vmfh Centaur/Milstar upper-stage failure due to attitude-control system software (R 20 49); roll-rate filter constant .1 factor (-0.1992476, not -1.992476) (R 20 57,59)

Vm$ Private imaging satellite Ikonos 1 disappears 8 minutes after launch (S 24 4:26, R 20 36); loss blamed on an electrical problem that prevented the aerodynamic payload cover from coming off. Subsequent Ikonos launched successfully (R 20 60):

f Terra spacecraft navigation software problems (S 25 3:18, R 20 78)

V$(m?f?) Two satellite failures (R 21 19, S 26 2:5)

Vm/f? Russian rocket blows 12 Globalstar satellites (S 24 1:32, R 19 95)

V$(f?m?) Computer blamed for Russian rocket crash (R 21 18, S 26 2:5)

$fmmm Fascinating historical case recently reported of Russian KORD N-1 rocket-engine shutdown system failures, 1969, 1971, 1973; lots of lessons to be learned (R 21 53)

h Boeing space station tanks accidentally taken to Huntsville dump (R 20 83)

Vh Space Station endangered by NASA flight controllers' blunder in maneuvering around space junk; predicted distance also way off (R 20 46-47)

SH Space Station Problem Reporting Database hacked (R 20 47-48)

$Vmf Space Station risks (R 21 14, S 26 2:5)

f "Truncation error" found in GPS code on Int'l Space Station (S 27 6:6, R 22 11)

$de NASA space station undergoing software repairs for 500 of 1000 known flaws (R 23 46; S 30 1:10)

V$ehf Canaveral Rocket lost; wrong key hit in loading guidance SW (S 16 4)

df NASA finds problems in EOSDIS Earth Observing System (EOS) spacecraft flight operations software development, expected to delay launch (R 19 67)

m+ Apollo 11 lunar module, pen used to replace circuit breaker (S 18 3:A14)

Vr* Lightning hits Apollo 12. "Major system upsets, minor damage". See article by Uman and Krider, Science 27 Oct 1989, pp. 457-464. (S 15 1)

V$m Lightning changed Atlas-Centaur program (51 sec). $160M lost (S 12 3, 15 1)

@V*$m Lightning hits launch pad, launches 3 missiles at Wallops Island (S 12 3)

V$f Mariner 1 Venus probe: HW fault plus programmer missed superscript bar in `R dot bar sub n'. See Paul Ceruzzi, Beyond the Limits - Flight Enters the Computer Age, Smithsonian, 1989, Appendix (S 14 5). (Earlier reports had suggested DO I=1.10 bug (see next item) or a garbled minus sign (or hyphen.) (S 8 5, 11 5, S 13 1)

$f Project Mercury had a FORTRAN syntax error such as DO I=1.10 (not 1,10). The comma/period interchange was detected in software used in earlier suborbital missions, and would have been more serious in subsequent orbital and moon flights. Noted by Fred Webb. (S 15 1)

*f Gemini V 100mi landing err, prog ignored orbital motion around sun (S 9 1)

V$f Atlas-Agena software missing hyphen; $18.5M rocket destroyed (S 10 5)

@VSH Lauffenberger convicted of logic bombing GD's Atlas rocket DB (S 17 1)

Vm Navy Atlas rocket places satellite in worthless orbit (S 18 3:A14)

V$f Aries with $1.5M payload lost: wrong resistor in guidance system; (S 11 5)

V*f TDRS relay satellite locked on wrong target (S 10 3:10-11)

Vm AT&T Telstar 401 satellite failure (S 22 4:26, R 18 76)

de Satellite system outage hits Associated Press (R 21 04; S 26 1:18)

Vm Ariane 5 test problems: motor failures, nitrogen leak (S 20 5:9, R 18 27,28)

V$f New Ariane 5 failure (S 21 5:15); More on Ariane 5: conversion from 64-bit floating to 16-bit signed caused Operand Error (R 18 27-29,45,47); Note: Matra made software for Ariane5 and Taipei subway system (S 21 5:15); Incidentally, Robert L. Baber, Univ. Witwatersrand, Johannesburg, suggests you browse http://www.cs.wits.ac.za/ bob/ariane5.htm - showing how a simple correctness proof could have avoided this problem. (R 18 89-91)

*Mm Cosmic rays hit TDRS, Challenger comm halved for 14hrs [8Oct1984](S 10 1)

$Mr Sunspot activity: 1979 Skylab satellite dragged out of orbit (S 13 4)

hM 1989 pulsar discovery now attributed to TV camera interference (S 16 3)

V$hfe Soviet Phobos I Mars probe lost (Sep 1988): faulty SW update (S 13 4); cost to USSR 300M rubles (Aviation Week, 13 Feb 89); disorientation broke radio link, discharged solar batteries before reacquisition. [Science, 16Sep1988] More on Phobos 1 and 2 computer failures (S 14 6)

V$? Soviets lose contact with Phobos II Mars probe. Automatic reorientation of antenna back toward earth failed. (S 14 2)

V$f 1971 Soviet Mars orbiter failed after "unforgivable" SW bug; new info (S 16 3)

f Assessment of predictions on the Russian Mars Probe crash site (S 22 2:22)

V$fm 1993 Mars Observer lost entering Mars orbit (S 18 4:11; R 14 87,89; 15 01); loss blamed on fuel line leak (Washington Post, 10 Jan 1994)

f What really happened on Mars Rover Pathfinder? David Wilner on VxWorks system resets and preemptive priority scheduling, and Glenn Reeves - first-hand commentary must be read (R 19 49,50,53,54) and further discussion of priority inversion (R 19 50,53,54,56)

fe Spirit Rover failure on Mars: software upload to delete files failed, file space exceeded, caused reboot with insufficient file space, causing reboot loop (R 23 14,15, see final summary in R 23 24); DOS file system continual growth design oversight (R 23 51) ["Spirit was willing, but its flash was weak." Jim Griffith, R 23 17]

dfe More on NASA Spirit and MS-DOS/VxWorks FAT system (R 23 51,52; S 30 1:10)

V$fm Mars Climate Orbiter lost, dipped too close to Mars due to English/Metric confusion; Mars Polar Lander reprogrammed to report back directly on 3 Dec 1999 (R 20 59-62); Mars Lander then lost entirely on landing attempt, search abandoned after a month. Crash finally blamed on software shutting engines off prematurely (R 20 84,86)

+ Mars Odyssey probe maneuver braked successfully in orbit, 22 Oct 2001 (S 27 1:8, R 21 71)

m$ Japan's Mars probe Nozomi goes off course (R 23 07; S 29 2:9)

m+/- Pioneer 10 still alive, sort of, 30 years later (R 22 44)

f+ Cassini-Huygens mission to land on Saturn's moon, Titan succeeded; software flaw detected and fixed (R 23 65,67; S 30 2:17)

$h Loss of data from the Huygens Probe: one comm channel not turned on (R 23 67; S 30 3:22)

$f/h? NASA HESSI shake test 10 times too strong, damaging spacecraft (S 25 3:15, R 20 86)

$f Sea Launch rocket drops satellite into Pacific Ocean (S 25 3:15, R 20 84,86); single line of code allowed launch with second-stage valve open, causing helium leak (R 20 97)

Vfm$ Electronics startup transient opened telescope cover prematurely, destroying Wide Field Infrared Explorer (WIRE) spacecraft (R 20 47-48)

V$m $1.4B Galileo antenna jammed, en route to Jupiter (S 18 4:11)

V$m Landsat 6 vanishes; space junk tracked by mistake (S 19 1:10)

V$f Magellan space software problems: serious design flaw fixed (S 14 5) Nonatomic setting of scheduled and active flags interrupted. See H.S.F. Cooper, Jr., The Evening Star: Venus Observed, Farrar Straus Giroux, 1993. Discussion in J.M. Rushby, SRI-CSL-95-01.

$m Magellan spacecraft manual guidance overcomes faulty computer chip (S 15 2)

V*h Soyuz Spacecraft reentry failed, based on wrong descent program, (orbiting module had been jettisoned, precluding redocking) (S 13 4)

*fh Software bug in autopilot on return sends Soyuz off course (R 22 72,74,78; S 28 4:6, S 28 6:7)

V$fe Viking had a misaligned antenna due to a faulty code patch (S 9 5)

*f Ozone hole over South Pole observed, rejected by SW for 8 years (S 11 5)

? Global-warming data confusion (R 19 91-92)

@Vfm Channel blocked, Discovery runs out of storage for ozone data (S 18 3:A14)

* Continuing trend toward expert systems in NASA (S 14 2)

f SW bug on TOPEX/Poseidon spacecraft "roll momentum wheel saturated" alarm aborted maneuver. It was recoverable, however. (S 18 1:24)

1.4 Defense

V!hhh U.S. F-15s take out U.S. Black Hawks over Iraq in Friendly Fire; 26 killed, attributed to coincidence of many human errors. (Other cases of friendly fire included 24% of those killed in the Gulf War.) (S 19 3:4) According to a seemingly reliable private correspondent who has read through at least 62 volumes of investigation reports, the public was seriously misled on this situation and there was a considerable cover-up. For now, contact me if you want further background.

!!$rhi Iran Air 655 Airbus shot down by USS Vincennes' missiles (290 dead); Human error plus confusing and incomplete Aegis interface (S 13 4); Commentary on Tom Wicker article on Vincennes and SDI (S 13 4); Aegis user interface changes recommended; altitude, IFF problems (S 14 1); Analysis implicates Aegis displays and crew (Aerospace America, Apr 1989); Discussion of further intrinsic limitations (Matt Jaffe, S 14 5, R 8 74); USS Sides Cmdr David Carlson questions attack on Iranian jet (S 14 6)

!!$rfe Iraqi Scud hit Dhahran barracks (28 dead, 98 wounded); not detected by Patriot defenses; clock drifted .36 sec. in 4-day continuous siege, due to SW flaw, preventing real-time tracking. Spec called for aircraft speeds, not mach 6, only 14-hour continuous performance, not 100. Patched SW arrived via air 1 day later (S 16 3; AWST 10Jun91 p.25-26); Shutdown and reboot might have averted Scud disaster (S 16 4) Patriot missiles misled by `accidental' decoys; T.A. Postol report (S 17 2); summary of clock drift, etc. GAO/IMTEC-92-26, February 1992 (S 17 2); reprisals against Postol for his whistleblowing (R 13 32, S 17 2); Army downgrades success to about 10% rather than 80% [4 out of 47 hits] (R 13 37, S 17 2, 17 3); A retrospective analysis (in Italian) by Diego Latella (R 24 41, S 31 6:26)

GAO report documents clock problem in detail (S 17 3) 24-bit and 48-bit representations of .1 used interchangeably (S 18 1:25)

$(m/f?) Two of three Patriot missiles failed (R 21 92)

!m/f/h Friendly Fire: Patriot software again a concern: shoots down British Tornado GR4 near Iraq/Kuwait border (R 22 65-67); more discussion (R 22 67-70); confusions with numbers (R 22 69-70); Aegis (R 22 71)

!!$hV Russian airliner shot down by Ukrainian missile in errant test; earlier Ukrainian missile test killed four people in an apartment block (S 27 1:8, R 21 69)

*f Patriot system fails again (S 25 3:18, R 20 85)

!mhi Report on Patriot missile friendly fire over Iraq on 2 Apr 2003; plane mistaken for hostile missile (R 23 72; S 30 3:23)

*f Software snafu slowed critical data during Iraq raid (S 24 3:25, R 20 23)

!!V$h? Sheffield sunk during Falklands war, 20 killed. Call to London hindered antimissile defenses on same frequency? [AP 16May1986](R 2 53, S 11 3) An "official" version disputes this conclusion - see "The Royal Navy and the Falkland Islands" by David Brown, written at the request of the Royal Navy. Page 159 of that report discusses another problem with the Sea Wolf system, occurring several days later.

@SVf$ Royal Navy battle software unsafe; whistle-blower fired (R 23 56)

!V$ British Falklands helicopter downed by British missile. 4 dead (S 12 1)

!fi Software problem in Advanced Field Artillery Tactical Data System kills soldiers in training incident; unspecified altitude defaults to zero (S 27 6:10, R 22 13)

!!V$f USS Liberty: 3 independent warning messages to withdraw were all lost; 34 killed, more wounded. Intelligence implications as well. (S 11 5)

!Vhfi? Stark unpreparedness against Iraqi Exocets blamed on officers, not technology, but technology was too dangerous to use automatically (S 12 3); Captain blamed deficient radar equipment; official report says radar detected missiles, misidentified them. (S 13 1)

Vrf$ USS Yorktown Aegis missile cruiser dead in water for 2.75 hours after unchecked divide by zero in application on Windows NT Smart Ship technology (S 24 1:31, R 19 88-94); letter to Scientific American: it was an explicit decision to "stimulate" [sic] machinery casualties? (S 24 4:26, R 20 37)

$hfe Navy software problems in upgrading software on battle cruisers USS Hue City and USS Vicksburg (S 23 5:25, R 19 86-87)

$SVrfe Navy to use Windows 2000 on aircraft carriers (R 20 95)

fid Not-so-smart weapons in Kosovo (R 21 01; S 26 1:18)

*Vf 5th Bell V22 Osprey crash: assembly error reversed polarity in gyro (S 16 4); Bell V-22 Osprey - correct sensor outvoted (S 17 1)

!V$fmh Another Osprey crash April 2000 kills 19 (R 21 14, S 26 2:5); falsified maintenance records; yet another crash 11 Dec 2000 killing 4 Marines, blamed on hydraulics failure, software failure, and incompletely tested backup (Ladkin in R 21 21, 21 24, see also R 21 25,33-36, with more detailed analysis in R 21 38 and 41; summarized in S 26 4:3)

!fmH More on the Osprey (S 26 6:8): software problem identified, but downplayed in Blue Ribbon report (R 21 41); 8 Marine officers charged with falsifying maintenance records (R 21 60)

!V$fmh? Two U.S. F-15 jets disappeared over Scotland, 26 Mar 2001; U.S. Army RC-12 reconnaissance plane crashed near Nuremberg, killing two pilots - same day; German military helicopter crashed in Peppen, Germany, on 27 Mar 2001, killing four (R 21 31; S 26 4:4)

*hi Sea King helicopter crashes onto Canadian HMCS Iroquois: fire control system deployment failure (R 22 76, S 28 6:8)

Vfhi Predator UAV crash, 25 Apr 2006: console locked up switchover erroneous, cut fuel (R 24 29, S 31 5:17)

*h Swiss radar controller jokingly labeling helicopter as al Qaeda almost leads to French fighter intercept of civilian craft (R 22 79, S 28 6:7)

$ Expensive Australian Navy avionics development failure in Super Seasprite helicopters (R 24 29, S 31 5:17)

*H Fraudulent test SW in Phalanx anti-missile system, Standard missile (S 13 4)

Hhf West German flies Helsinki-Moscow through Soviet Air Defense (S 12 3)

Hhf Soviet Air Defense penetrated again by amateur pilot (S 15 5)

$h Russian missile-site power outage due to unpaid utility bill? (S 20 1:17)

**f Returning space junk detected as missiles. Daniel Ford, The Button, p.85

** WWMCCS false alarms triggered scrams 3-6 Jun 1980 (S 5 3, Ford pp 78-84)

** DSP East satellite sensors overloaded by Siberian gas-field fire (Daniel Ford p 62); Ford summarized (S 10 3:6-7)

**f BMEWS at Thule detected rising moon as incoming missiles [5Oct1960] (S 8 3). See E.C. Berkeley, The Computer Revolution, pp. 175-177, 1962.

** SAC/NORAD: 50 false alerts in 1979 (S 5 3), incl. a simulated attack whose outputs accidentally triggered a live scramble [9Nov1979] (S 5 3)

*** Serious false 2200-missile-alert incident 3 Jun 1980 described by Stansfield Turner, mentioning thousands of other false alarms (S 23 1:12, R 19 43)

*fmh Russian early-warning system close to retaliatory strike: Norwegian weather rocket mistaken for American Trident (R 19 85)

m Report from Kommersant Vlast on Serbukov-15 base false detection of ICBMs en route to Moscow on 25 Sep 1983; human intervention stopped retaliation; system allegedly misbehaved due to radiation (R 19 97)

*$VfM Libyan bomb raid accidental damage by "smart bomb" (S 11 3) F-111 downed by defense-jamming electromagnetic interference (S 14 2) More on U.S. radio self-interference in 1986 Libyan attack (S 15 3)

* Iraq using British Stonefish smart mines, with "sensitive" SW (S 15 5)

*fh Discussion of US/UK smart bombs missing targets in Iraq (R 21 26-28)

*SP Britain bugged radio equipment sold to Iraq (S 16 4)

*SP Trojan horse implants in DoD weapons (S 16 4)

*SP Trojan horse inserted in locally netted printer sold to Iraq? (S 17 2)

*Vm Arabian heat causing problems with US weapons computers (S 15 5)

*V$m Lightning hits launch pad, launches 3 missiles at Wallops Island (S 12 3)

* Frigate George Philip fired missile in opposite direction (S 8 5)

*h? Unarmed Soviet missile crashed in Finland. Wrong flight path? (S 10 2)

*Vf 1st Tomahawk cruise missile failure: program erased [8Dec1986] (S 11 2)

*Vm 2nd Tomahawk failure; bit dropped by HW triggered abort (S 11 5, 12 1)

f/m? CALCM cruise missile software bugs revisited (S 22 2:22)

hi Accidental launch of live Canadian Navy missile: color-code mixup (S 22 1:18)

*$rf Program, model flaws implicated in Trident 2 failures; self-destruct 4 seconds into one flight caused by unexpected turbulence before leaving the water (S 14 6, R 9 12)

*VrmM RF interference caused Black Hawk helicopter hydraulic failure (S 13 1); More on Black Hawk EMP problems and claimed backwards pin (R 17 39,42)

*VSM RF interference forces RAF to abandon ILS in poor weather (R 21 17)

f Reliability risks in USB Army 'Land Warrior' soldier-of-the-future (R 21 27)

*f Sgt York (DIVAD) radar/anti-aircraft gun - software problems (S 11 5)

$f Software flaw in submarine-launched ballistic missile system (S 10 5)

V$f AEGIS failures on 6 of 17 targets attributed to software (S 11 5)

Vf WWMCCS computers' comm reboot failed by blocked multiple logins (S 11 5)

$ WWMCCS modernization difficulties (S 15 1)

*$f Gulf War DSN 20-30% call completion persists 3 mos. until SW patch (S 17 4)

$f Armored Combat Earthmover 18,000 hr tests missed serious problems (S 11 5)

$rfi Stinger missile too heavy to carry, noxious to user (S 11 5)

**V$$rS Strategic Defense Initiative - debate over feasibility (S 10 5); Pentagon says SDI complexity comparable to nuclear reactors (Newsweek, S 17 3) See Way Out There in the Blue: Reagan, Star Wars, and the End of the Cold War, Frances FitzGerald, Simon & Schuster, 2000 for a fine retrospective analysis.

$d SDI costs, budget issues, risks discussed (S 17 4)

$ StarWars satellite 2nd stage photo missed - unremoved lens cap (S 14 2)

f StarWars FireFly laser-radar accelerometer wired backwards (S 19 2:2)

*f "Faith-based" National Missile Defense system discussed (S 26 6:6, R 21 41,43,45); two of the most recent three tests failed, and the other had radar failing to indicate "success" (R 21 53); all three reportedly had GPS-based homing beacons to aid the interception! (R 21 63)

fff Alistair Cooke on National Missile Defense: among other risks, crude wobblers are harder to detect than sophisticated missiles (R 21 65)

-[VSfmde?] StarWars to be exempt from oversight, reporting, and testing requirements? (R 22 59)

h StarWars missile-defense test failure [11 Dec 2002] linked to single chip malfunction (R 22 68; S 28 4:6)

$f Missile interceptor shut down before it could leave its silo [15 Dec 2004]; too many missed messages (R 23 65-66; S 30 2:17)

$ Another missile interceptor test doesn't leave its silo [14 Feb 2005]; timing problem in ground support? 6th failure in 9 attempts (R 23 72; S 30 3:22-23)

$f Software safeguards prevent Solar Sail from separation? (S 26 6:8, R 21 55)

$* 1.7M resistors recalled. Used in F-15, Patriot, radar, comm aircr. (S 16 3)

$hd DoD criticized for software development problems (S 13 1)

$df Future Combat Systems procurement and development problems: GAO report considers JTRS, WIN-T, SOSCOE (R 23 93; S 30 4:19-20)

* US Navy radar jammers certified despite software errors, failed tests (S 17 3)

$ USAF software contractors score poorly on selections (S 14 1)

$d ADATS tank-based anti-copter missile system development problems, $5B overrun, unreliability, ... (S 16 1)

$d British air defense system ICCS SW causes ten-year delay (S 15 5)

*Sf US Army Maneuver Control System vulnerable to software sabotage (S 15 5)

$d US-supplied Saudi Peace Shield air defense software problems (S 15 5)

$d Serious software problems in UK Trident nuclear warhead control (S 15 5)

*m Russian nuclear warheads armed by computer malfunction (R 19 14)

*h Outdated codes made US missiles useless until annual inspection (S 14 5)

S Classified data in wrong systems at Rocky Flats nuclear weapons plant (S 16 4)

SPh Classified disks lost by Naval commanders on London train (R 17 54)

hi? Listing of US Navy safety problems in two-week period (S 15 1)

Vm Rain shuts down Army computers; lightning effects and prevention (S 15 1)

fh Army Automated Time and Attendance Production System (ATAAPS) loss of data for 10 days (R 20 97)

* Role of e-mail, Internet, FAX in defeating 1991 Soviet coup attempt (S 16 4); (S) power surges used to fry faxes and computers in countermeasure (S 16 4)

* Russian auto-response missile system still in place in Oct 1993 (S 19 1:10)

!!*V(f/h?) Russian nuclear submarine explosion (missile test awry) kills crew of over 100 in Barents Sea, 13 Oct 2000. Also, Izvestia reported over 507 sub crew members had died previously. (R 21 01)

*Vh Russian nuclear sub near-disaster due to utility power shutoff? (R 17 42,44)

!mh Kursk submarine sinking: 23 crewmen reached the floating rescue capsule, but it failed to disengage - it had never been tested (R 22 11)

*fV Russian remote-controlled rescue submarines failed to respond in time of urgent need due to software flaw (R 24 01, S 30 6:17); British sub comes to the rescue to unsnarl the Russian sub

!! Analysis of U.S. peacetime submarine accidents http://freeweb.pdq.net/gstitz/Peace.htm

!*hi The crash of the USS San Francisco into an undersea mountain at a depth of 525 feet (8 Jan 2005) has been attributed to use of the wrong chart, although other charts on board showed the seamount. (R 24 01)

Vfm Software disaster leaves new Australian submarine unfit; wide range of pervasive hardware/software failures reported (R 20 48)

1.5 Military Aviation

!!V$f Handley Page Victor tailplane broke, crew lost. 3 independent test methods (wind-tunnel model didn't scale, resonance tests, low-speed flight tests), 3 independent flaws, masking flutter problem (S 11 2-12, correction S 11 3)

!Vf Harrier ejection-seat parachute system accidentally deployed, blew through the canopy, but without ejecting the seat and pilot, who was killed (S 13 3)

f Harrier targets police radar gun; fortunately not armed! (S 21 4:14)

*V(h/m?) Japanese pilot accidentally ejected into the Pacific (S 19 4:12)

*V$h British Harrier accidentally bombs British carrier, Ark Royal (S 17 3) 5 injured. Auto aim-off SW blamed for the Ark Royal bombing (S 18 1:23) Correction noted Mar2001: it was a Royal Air Force Harrier GR3, not a Sea Harrier.

*V$f SAAB JAS 39 Gripen crash caused by flight control software (S 14 2, 14 5)

*V$fmhi 2nd JAS 39 Gripen crash 8Aug1993 blamed on pilot/technology (S 18 4:11); interface difficulties, complicated analysis (S 19 1:12)

*V$rf Software problems in B-1B terrain-following radar, flight-control; electronic countermeasures (stealth) jam plane's own signals (S 12 2); array antennas and effects on mobile phones can defeat stealth cloak of invisibility (R 21 49)

*V$h B-1B swept wing punctures gas tank on the ground; blamed on low lubricant; problem found in 70 of 80 B-1Bs inspected (S 14 2)! No computer sensors?

$fd Stealth development problems including SW miscalculation in wiring (S 15 1)

$f UHB demonstrator flight aborted by software error at 12,000 feet (S 12 3)

*V$fh F-22 prototype crash first blamed on computer SW, then on pilot (S 17 3)

$*Vhif $133M F/A-22 Raptor air-superiority fighter crashed 11 seconds after takeoff, 20 Dec 2004; momentary power loss interpreted as switch to test mode; all three rate-sensor assemblies failed, with no warning; redesign in progress (R 23 90; S 30 4:19)

*V$f F-18 crash due to missing exception cond. Pilot OK (S 6 2, more SEN 11 2)

*Vhi F-18 missile thrust while clamped, plane lost 20,000 feet (S 8 5)

fm F/A-18 jets have a severe brake failure problem due to thin electrical cable (R 24 01,02)

*f F-16 simulation: virtual plane (or perhaps the apparent display horizon?) reportedly flipped over whenever it crossed equator (S 5 2); More on the upside-down F-16 bug: it was reportedly caught in simulation: the bug apparently led to a deadlock over whether to do a left or right roll to return to upright, and the software froze (S 9 5). This case is still one that still needs definitive resolution after all these years. Either (1) this was a flaw in the avionics software that was detected by the simulation, or (2) perhaps it was an error in the simulation program itself rather than the avionics software. Does anyone still alive know for sure? [I mentioned this again in connection with the F-22A Raptors, whose computers could not correctly cross the International Date Line (R 24 58). PGN, Mar 2007]

$Vhi F-16 landing gear raised while plane on runway; bomb problems (S 11 5)

*Vfh Unstallable F-16 stalls; novice pilot found unprotected maneuver (S 14 2)

$d USAF ECM systems: software 2 years late for F-16 and F-111 (S 15 5)

*hif Accidental shootdown of one Japanese F-15 by another (R 17 65, R 18 18); controversy continues (R 18 41,57)

*V$f? F-14 off aircraft carrier into North Sea; due to software? (S 8 3)

*V$f F-14 lost to uncontrollable spin, traced to tactical software (S 9 5)

Vf YF-23 fly-by-wire prototype attempted tail corrections while taxiing. Same problem on first X-29. (AFTI/F-16 had weight-on-wheels switch.) (S 16 3) AFTI/F-16 DFCS redundancy management: ref to J.Rushby SRI-CSL-91-3 (S 16 3)

+- Historical review of X-15 and BOMARC reliability experiences (S 17 3)

$ Systems late, over budget (what's new?); C-17/B-1/STC/NORAD/ASJP (S 15 1)

V*$fd C-17 SW/HW problems documented in GAO report; 19 on-board computers, 80 microprocessors, six programming languages; complexity misassessed GAO: "The C-17 is a good example of how not to approach software development when procuring a major weapons system." (S 17 3) Chairman John F. McDonnell's reply (S 17 4)

f C-130 testbed uncovers 25-yr-old divide-by-zero bug in X-31 SW (S 16 3)

*Vmf X-31 crash, 19 Jan 1995 (R 17 45,46,47,60,62; 60=Pete Mellor)

V(f?) Unplanned 360-degree roll of NASA's X-38 in test (R 21 10)

*VM US missile-warning radar triggers accidental explosions in friendly aircraft; radar must be turned off when planes land! (S 14 2)

* AF PAVE PAWS radar can trigger ejection seats, fire extinguishers (S 15 1)

!$h 1988 RAF Tornados collided, killing 4; flying on same cassette! (S 15 3)

V$ef DarkStar unmanned aerial vehicle (UAV) crash from software change, cost $39M (S 22 1:17-18)

$V(f?m?) Helios solar-powered remote-controlled flying wing with $10M fuel-cell system lost in Pacific after severe oscillations; previously had set altitude record of 100,000 feet (R 22 80, S 28 6:9)

mM? Air Force bombs Georgia - stray electromagnetic interference? (S 14 5, R 8 72)

*hme, etc. Navigation, GPS, and risks of flying (R 19 73,75,77); Implications of the U.S. Navy no longer teaching celestial navigation (R 19 75,77-79,81-82)

*$VSf GPS vulnerabilities need attention, with increasingly critical dependence on continuous functionality; see Dept of Transportation report (R 21 67)

- U.S. National Geospatial-Intelligence Agency (NGA) proposes to withdraw all aeronautical data and products from public distribution (R 23 91)

*+/-? US Navy to drop paper charts in favor of global online digital database (R 24 01,02)

1.6 Commercial Aviation

hi Crew reliance on automation cited as "Top Risk" in future aircraft (R 21 35)

..... Commercial flight incidents

!!hi Comair 5191, 27 Aug 2006: Taxiway altered before Kentucky jet crash; only one controller on duty (R 24 41, S 31 6:22)

!!$V(hi?) Korean Airlines KAL 007 shot down killing 269 [1Sept1983]; autopilot on HDG 246 rather than INERTIAL NAV? (NYReview 25 Apr 85; SEN 9 1, 10 3:6, 12 1) or espionage mission? (R.W. Johnson, "Shootdown") Further information from Soviets, residual questions (S 16 3); Zuyev reports Arctic gales had knocked out key Soviet radars; Oberg believed Sakhalin air defense forces were "trigger-happy" following earlier US Navy aircraft overflight incursions [Reuters 2Jan1993]; Analysis of recent articles on KAL 007 (Ladkin, R 18 44)

!!Vfe Korean Airlines KAL 901 accident in Guam, killing 225 of 254; worldwide bug discovered in barometric altimetry in Ground Proximity Warning System (GPWS) (S 23 1:11, R 19 37-38)

!!Vm Alaska Airlines flight 261, 31 Jan 2000, dove into Pacific Ocean after jackscrew failure in stabilizer assembly; hearing results show loss of paper trail (R 21 15)

!!V(m?h?) TWA Flight 800 missile-test accident hypothesis causing near-empty fuel-tank explosion off Long Island widely circulated in Internet e-mail, causing considerable flap. Missile theory officially discredited. Minireview of James Sander's The Downing of TWA Flight 800 (R 19 12); speculative discussion on the downing of TWA 800 (R 19 13); possibility of EMI raised in article by Elaine Scarry, New York Review of Books, 9 Apr 1998 (R 19 64-66). Harvard Magazine Jul-Aug 1998, pp. 11-12, diagram shows TWA 800 at 13,700 feet between a P3 Orion directly overhead at 20,000 feet, Black Hawk helicopter and HC-130 at 3,000 feet both directly below (with a C-141 and C-10 nearby). But this seems unlikely. (R 19 86) Report by the late Commander William S. Donaldson III, USN Ret., 17 July 1998, claiming a hostile missile attack, with radar tracks, etc. http://www.twa800.com/index.htm.

!!V$rh Air New Zealand crashed into Mt Erebus, killing 257 [28Nov1979]; computer course data error detected but pilots not informed (S 6 3, 6 5)

!!V$f/m? Lauda Air 767-300ER broke up over Thailand. 223 dead. Cockpit voice recorder: thrust reverser deployed in mid-air. Precedents on 747/767 controlled; investigation in progress. (S 16 3, AWST 10Jun91 pp.28-30) Suitcase full of cheap lithium-battery Chinese watches exploded? Earlier lithium battery problems: South African 747 in 1987, killed 159; Cathay Pacific 1990 emergency landing (S 16 3, Sunday Times, London, 23 Jun 91) Many other planes may be flying with the same thrust-reverser defect; FAA, Boeing simulations, suggest 757 less aerostable than though (S 16 4) Ex-Boeing expert had warned of software flaw in 747/767 proximity switch electronics unit; he claims he was ordered to suppress data. (S 17 1)

!!Vhifmr Northwest Air flight 255 computer failed to warn MD80 crew of unset flaps misset, thrust indicator wrong; 156 dead (S 12 4;2); circuit breaker downed the warning system that should have detected those problems. [But who checks the checker?] Simulator, plane behave differently (S 13 1); Report blames pilot error, unattributed circuit outage (S 13 3); Report that the same pilots had intentionally disconnected the alarm on another MD-80 two days before raises suspicions (S 14 5, R 08 65); NW sues CAE over spec error in flight training simulator (S 15 5); A Federal jury ruled on 8 May 91 that the crew was to blame.

!!V$mf/h/i? British Midland 737 crash, 47 killed, 74 seriously injured; right engine erroneously shut off in response to smoke, vibration (Flight International 1 Apr 89); suspected crosswiring detected in many OTHER planes (S 14 2); low-probability, high-consequence accidents (S 14 5); random memory initialization in flight management computers (S 14 5); Kegworth M1 air crash inquest: many improvements suggested (S 15 3); Criticism of "glass cockpits" (S 15 3); UK AAIB fingers 737-400 liquid crystal display layouts (S 16 3, R 11 42); now-retired British vicar Reverend Leslie Robinson claims a witches' coven was operating under the flight path (R 20 12)

!hi B747 freighter crash on takeoff from Nova Scotia; data from previous flight used; all 7 aboard killed (R 24 34, S 31 5:16-17)

!!mhi Cockpit confusion found in Cypriot airliner crash, resulting in cabin depressurization and 121 dead (R 24 03,05,07; S 30 6:13) (The aircraft was a Boeing 737, rather than the incorrectly reported attribution in the SEN summary.)

!m Midair Collision in Brazil at about 37,000 feet, despite TCAS 2000 (R 24 50)

*mfhi(+/-) etc. Analysis of flight control system software anomalies (Ladkin, R 24 03; S 30 6:13-16); autopilot software hijacks Malaysian Airlines 777 (R 24 05; S 30 6:16-17); more (R 24 07)

* Example of two faulty avionics programs outvoting the correct one in a two-out-of-three majority voting experiment: J.E. Brunelle and D.E. Eckhardt, Jr., Fault-Tolerant Software: An Experiment with the SIFT Operating System, Fifth AIAA Computers in Aerospace Conference, 1985, 355-360.

*fm Air disasters: A crisis of confidence? Phuket Air 747 aborts (R 23 83; S 30 3:23-24)

!!Vh Aeromexico flight to LAX crashes with private plane, 82 killed (S 11 5)

!!Vh Metroliner&transponderless small plane collide 15 Jan 87. 10 die (S 12 2)

!!Vh Two planes collide 19 Jan 87. Altitude data not watched by ATC. (S 12 2)

!!Vfih 1994 China Air A300-600 Nagoya accident killing 264: final report blames pilots and autopilot human-computer interface (R 18 33); (see also R 16 05-07, 09, 13-16)

!Vh Air France Airbus A320 crash blamed on pilot error, safety controls off (S 13 4); 3 killed. Airbus computer system development criticized (S 13 4); Subsequent doubts on computers reported: inaccurate altimeter readings; engines unexpectedly throttling up on final approach; sudden power loss prior to landing; steering problems while taxiing (S 14 2); reportage by Jim Beatson (R 08 49, 08 77), barometric pressure backset? (S 14 5) investigators blame pilot error; pilots charge recorder tampering (S 15 3) Pilots convicted for libel in blaming technical malfunctions! (S 16 3)

!!V? Indian Airlines Airbus A320 crashes 1000 ft short of runway; 97 die (S 15 2) A320 flight modes (S 15 3); apparent similarities in crashes (S 15 3) Air India unloading their A320s (S 15 5)

V(m?) Air India Airbus 320 autopilot failure [19Apr1999]? (S 24 4:26, R 20 32)

!!Vhmi French Air Inter A320 crash on approach to Strasbourg airport [20Jan1992]; 87 dead, 9 survivors; 2,000-foot altitude drop reported (R 13 05); crash site at 2496 feet. Report fingers mixture of human and technical error, airport ill equipped, serious failings in altimeter system, pilot unable to stop descent (S 17 2); Air Inter official charged with negligent homicide (S 18 2:9); Commission of Enquiry blamed Pilot Error (S 18 4:12); New case of A320 descent-rate instability identified approaching Orly, related to Air Inter crash (S 18 1:23); Final report blames crew training and interface problems (S 19 2:11)

!Vf 1994 Toulouse A330 accident blamed on experimental SW. 7 died (S 19 4:11)

*mf FADEC computers cause uncommanded shutdowns of aircraft engines in flight; linked to power transistor (R 21 05; S 26 1:22)

*f Airbus A300 AA587 tail "BSD" incident, dropping 3000 feet: screens blanked for 2-3 seconds; unreliable data reset Symbol Generator Unit software changes required (R 21 96)

*h/f? Misleading report on Air Transat A330 emergency landing in Azores, 24 Aug 2001, (R 21 93) addressed by Peter Ladkin; fuel leak not detected early enough, and other problems (R 21 94)

!,*m(h?) Airbus A300/310 rudder problems: Air Transat 961; AA 587 out of JFK; others (R 23 79; S 30 3:23)

* A320 flight-control computer anomalies summarized by Peter Ladkin (R 18 78)

!*(V,etc.) Compendium of commercial fly-by-wire problems (Peter Ladkin) (S 21 2:22)

@!!$hi Iran Air 655 Airbus shot down by USS Vincennes' Aegis system (above)

?h Qantas airliner challenged by US Cowpens, Aegis missile cruiser (S 17 4)

!V(f/h/i?) Varig 737 crash (12 dead) flightpath miskeyed? (S 15 1)

!V 707 over Elkton MD hit by lightning in 1963, everyone killed (S 15 1)

!V$m American Airlines DC-10 stall indicator failed; power was from missing engine (S 11 5)

!V Bird strikes cause crash of Ethiopian Airlines 737, killing 31 (S 14 2)

!V Dominican Republic 757 crash 6 Feb 1996, cause unclear (S 21 4:13, R 17 84)

!V BirgenAir crash at Puerto Plata killed 189 (R 17 87)

!!V$hi Further discussion of American Airlines Cali and Puerto Plata B757 crashes (R 18 10); in Cali crash, killing 159 of 163: same abbreviated code used for different airports (S 22 1:17); in a trial, evidence was given that 95 of 8,000 navigational beacons were not included in the airline database, including Cali's Rozo (R) - see media reports 17 Apr 2000. US Federal jury allocated responsibility 17% to Jeppessen, 8% to Honeywell, 75% to American Airlines (R 20 92; S 26 1:23)

!if American Airlines crash: simulator upset-recovery scenario predisposing pilots? (R 22 33)

!fi EFIS failure main suspect in Crossair crash (S 25 3:17-18, R 20 78)

!Vh 1996 B757 Aeroperu Flight 603: duct tape over left-side static port sensors? (S 22 2:22; R 18 51,57,59) Peru Transport Ministry verified this [Reuter, 18Jan1997]

*m Failure of Embraer Brasilia aircraft electronic displays due to icing (R 22 65; S 28 4:6-7)

*mfi Leisure International Airways A320 overran Ibiza Airport in the Balearic Islands [21 May 1998], partly due to computer failure (R 22 65-66)

*fh Airplane takes off without pilot, flies 20 miles, crashes (R 21 84,87)

Vm Migratory birds jam FAA radar in Midwest (R 17 44)

m Lovesick cod overload Norwegian submarine sonar equipment (R 20 07) [Who needs a cod peace?]

!!V Chinese Northwest Airlines BA-146 Whisperjet crashed on second takeoff attempt, killing 59; cause not available [23Jul1993] (S 18 4:12)

!V Ilyushin Il-114 crash due to digital engine control failure (S 19 1:9)

*V mi Dec 1991 SAS MD-81 crash (ice damaged engine) due to auto thrust restoration mechanism not previously known to exist by SAS (S 19 1:12)

*Vf 11 cases of MD-11s with flap/slat extension problem, including China Eastern Airline plane that lost 5000 feet on 6 Apr 1993 (S 18 4:11)

Vf/m/h? Chinook helicopter engine software implicated (S 23 3:23, R 19 51); more on the Chinook enquiry (R 21 14,18-20,22-23)

$d RAF Chinooks: over 6 year delay; still cannot fly in clouds; "radar systems and software" won't fit in the cockpit! (R 23 31) and correction: software certification, noncompliance, more testing needed, changing operational environment (R 23 32)

$*d UK MoD procurement risks and nonverifiable code; Chinook helicopters, software cannot be validated (R 23 80; S 30 3:23)

*Vrh Lessons of ValueJet 592 crash: William Langewiesche in Atlantic Monthly (R 19 62,63)

*Vf DC-9 chip failure mode detected in simulation (S 13 1)

!!V$f Electra failures due to simulation omission of gyroscopic coupling [not overflow, as originally thought] (S 11 5:9)

!V$f Computer readout for navigation wrong, pilot killed (S 11 2)

*f Apollo NAV/COM air navigation software bearing up to 50 miles and 16 degrees off (R 21 53); Garmin GPS can be interpreted as off by 180 degrees (R 21 56)

*Vhi South Pacific Airlines, 200 aboard, 500 mi off course near USSR [6Oct1984]

*Vhi China Air Flight 006 747SP 2/86 pilot vs autopilot at 41,000 ft with failed engine, other engines stalled, plane lost 32,000 feet [19Feb1985] (S 10 2, 12 1)

m/f B747-400 Electronic flight displays rendered inoperative (R 23 12; S 29 2:9)

*V Simultaneous 3-engine failure reported by Captain of DC-8/73 (S 14 2)

*Vfm Boeing KC-135 autopilot malfunction causes two engines to break off (S 16 2)

$Vfme Design change caused short-circuit causing autopilot reset, premature separation of booster from $150 million Japanese supersonic jet model at Woomera rocket range (R 22 43)

*Vf Avionics failed, design used digitized copier-distorted curves (S 10 5)

*Vf Lufthansa A320 overruns runway in Warsaw; actuator delay blamed (S 19 1:11); Logic flaw in braking system; fix required fooling the logic! (S 19 2:11)

mV A320 engine-starter unit overheats after takeoff, trips breakers, gave false thrust-reverser indications, engine control failure (S 19 2:12)

*mfhie Lufthansa Airbus A320 incident 20 Mar 2001 on takeoff from Frankfurt (R 21 48); detailed analysis of sidestick cross-wired during maintenance (R 21 96); final report April 2003 (R 23 24)

*V$f 727 (UA 616) nose-gear indicator false positive forces landing (S 12 1)

*Vhi USAir 737-400 crash at NY LGA; computer interface, pilot blamed (S 15 1)

!Vi Crash of USAir Flight 427 nearing Pittsburgh, 8 Sep 1994: see Jonathan Harr, (The New Yorker, 5 Aug 1996 (S 22 1:17)

*V Tarom Airbus automatic mode switch escaped pilot's notice (S 20 1:16)

*m Turkish Airbus false sensor indicating nose wheel not descended on landing (R 23 88)

*Vf British Airways 747-400 throttles closed, several times; fixed? (S 15 3)

*Vf JAL 747-400 fuel distribution stressed wings beyond op limits (S 16 3)

*Vf Older Boeing 747 planes suspected of diving due to autopilot design flaw; 747-400 speed reduction of 50 knots ordered; 747-200 sudden increase in thrust, another pitched upwards; etc. (S 17 3); FAA report on possible 747 autopilot faults relating to altitude losses (S 18 3:A15)

Vf 747 tail scrapes runway; center of gravity miscalculated by improper program upgrade (R 19 11)

*Vf Boeing 757/767 Collins autopilot anomalies discussed (S 19 1:10)

m Pilot fixes faulty 757 nosewheel sensor in Menorca airport (R 22 85); confusion in reporting analyzed (R 22 88-89)

**V 767 (UA 310 to Denver) four minutes without engines [August 1983] (S 8 5)

*Vf 767 failure LA to NY forced to alternate SF instead of back to LA (S 9 2)

*Vm Martinair B767 Aircraft suffers EFIS failure; instruments blank (S 21 5:15)

*V(f/m?) B777 autopilot/flight-director problems [Oct1996]? (S 22 4:29, R 18 83)

V$ Boeing 777 landing-gear weakness; strength off by factor of 2 (R 17 04)

*he Australian Ansett B767 fleet grounded due to maintenance breaches (R 21 17)

*Vf 11 instrument software failures in BA aircraft in Jul-Aug 1989 (S 15 5)

*fhi Analysis of potential risks of the Enhanced Ground Proximity Warning System (EGPWS), by Jim Wolper (R 19 56); pilots computer literacy? (R 19 57); relationship with GPS accuracy (R 19 57)

* Missile passes American Airlines Flight 1170 over Wallops Island (S 22 1:18)

m Fire alarms on Boeing 777 triggered by tropical fruit and frog cargo (S 22 1:17)

M Cell phone ringing in Adria Airways luggage alarms avionics; plane returns (R 21 20)

*m INCETE power ports in use in at least 1700 aircraft can result in exploding batteries? (R 19 94)

m* High-flying hijinks: canine passenger sinks teeth into plane (R 20 54)

SHf Air Canada "Jazz" airline grounded by computer virus in flight-planning computer, early Feb 2003 (R 22 54)

Sf/h Airline boarding pass algorithm flaw: two people with the same name (one M, one F) assigned the same seat (R 22 70)

Sh Hong Kong passenger winds up in Melbourne, despite correct boarding pass (R 22 79)

fme Continental Airlines check-in computer foul-up (R 22 77, S 28 6:9-10)

S* Risks of "soft walls" in avionics to keep hijacked planes at bay (R 22 79,80)

$f Comair cancels all flights on Christmas Day 2004: configuration changes exceeded 2¹⁵ for the month (R 23 63,64; S 30 2:21)

*hi Takeoff at Logan Airport aborted: errors by pilot and controller (R 24 07)

mV Faulty radar serving Logan leaves thousands stranded (R 24 07)

fmhi? NTSB report on Southwest Airlines crash, Midway, 8 Dec 2005; delayed reverse thrust (R 24 15,16, S 31 3:17-18); thoughtful item from Don Norman: On learning from accidents: human error or not? (R 24 17, plus discussion, R 24 18-19, S 31 3:18-20)

!$Vfhi The 2005 Helios B737 crash causes discussed by Peter Ladkin and Don Norman's (R 24 22); more (R 24 23-25)

*V$m MV-22 Tiltrotor Crash after FADEC controller switch, March 2006 (R 24 26)

fm United Airlines' 5-hour computer out(r)age in early 2006, affected all operations (R 24 14,15)

fV Nashville airport X-ray baggage screeners offline: "software glitch" (R 24 23)

hi TSA: Computer glitch led to Atlanta airport bomb scare, evacuation, when test item could not be located and test message indication was not delivered (R 24 27)

fi Flight Booking System can't recognise 29 Feb for people who enrolled in a leap year (R 24 09)

* Study on cockpit usability (R 24 18)

*m A risk of using computers in airplanes (R 24 18)

m Two personal occasions: airplane computers had to be rebooted (R 24 48)

m Computer failure causing A320 power intermittent: video and lights flashing, audio system and cabin voice system failed, evacuation alarm sounded in midair ... (R 24 46)

..... Private plane incidents

!Vrhi John Denver plane crash linked to unlabelled implementation change over spec: lever up for off, down for right tank, to the right for left tank; not very intuitive! (R 20 43, R 24 45)

*hi Crossing the International dateline becomes a navigational risk for a small-plane pilot: failure to reconfigure navigation computer results in flying east, not west (R 22 78, S 28 6:10)

..... Airport problems

Vm Power failure disrupts Ronald Reagan National Airport 10 Apr 2000 for almost 8 hours; backup generator failed (R 20 87)

Vmhi Lightning causes problems for lightning-detection system in Montreal airport near-disaster (R 24 01)

$def $200M baggage system seriously delays opening of new Denver airport (S 19 3:5); costly stopgap old-fashioned system planned in the "interim" (S 19 4:6); new software problems for incoming baggage (R 17 61); city overruled consultant's negative simulation results (R 18 66); baggage system only the tip of a huge iceberg of mismanagement, political infighting, etc., according to Bill Dow.

$def United abandons Denver Airport baggage system to save millions in operating costs by not using it! (R 23 89, S 30 4:19)

Vdfm$ Kuala Lumpur International Airport: Risks of being a development pioneer (R 19 68); airport opens 30 Jun 1998, but baggage and check-in systems failed for several days (R 19 84); similar events at the opening of the new Hong Kong airport a few days later (R 19 85)

Vm Amsterdam Schiphol airport computer down for 30 minutes, major delays (R 19 85); unchecked out-of-range value (R 19 93)

V$fe American Airlines' SABRE system down 12 hours; new disk-drive SW launched "core-walker" downing 1080 old disk drives, stripped file names ... (S 14 5)

Vm American Airlines' Sabre system software problem down for four hours (30 Jun 1998, evening rush hour) affected hundreds of flights across 50 airlines; second crash in a week (R 19 84)

m American Airline flights delayed due to computer crash, 29 Jan 2003 (R 22 54)

$m Independence Air computer outage for 6 hours seriously impedes operations (R 23 48)

$mh Computer failure grounds flights with day-long delays on American Airlines and US Airways coast to coast: human error? (R 23 47)

f Is Windows up to snuff for running our world? Windows alert box covered up Delta Airlines display information; also related items (R 23 57,59,61,62); similar problem in a bank (R 23 58)

*f/m/e? Computer error grounds Japanese flights 1 March 2003; flight numbers disappeared from radar screens; related to system upgrade to share flight plans with Japanese Defense Agency? (R 22 60-61)

f/m SAS new baggage system miseries at Copenhagen Airport (R 19 97)

m/f? Sydney Airport's new $43M baggage system fails for second time in five days (R 21 02; S 26 1:23)

m Total primary/secondary power outage at Sydney Airport leaves 20 planes circling (R 20 94; S 26 1:22-23)

h SAS reprinted summer airline timetables for the winter, but Internet version was correct (R 20 05)

mh Boston airport electronic display fiasco on flight to Philly (R 19 96)

m Airport security check powers up computer (R 20 55)

@hfm Two human errors silenced Los Angeles area airport communications; routine reboot forgotten, Microsoft 49.7-day flaw strikes, backup system fails (R 23 53; S 30 1:14-15)

..... Masquerading

*VSH 1986: Miami air-traffic controller masquerader altered courses (S 12 1)

*VSH 1994: Roanoke Phantom spoofed ATC, gave bogus information to pilots for 6 wks, caught (S 19 2:5); out-of-work janitor pleads guilty (R 15 39)

VSH 1996: Manchester (UK) air-traffic-controller message spoofer (UK) (R 17 44, S 21 2:21)

..... Other air-traffic control problems

*h 20-foot aircraft separation near-collision over LaGuardia Airport, 3 Apr 1998, due to controller being distracted by spilled coffee (R 19 79,84) together with increased error rates and radar dropouts results in FAA ordering retraining of air-traffic controllers (R 19 79)

mhe Aeroflot plane leaving Helsinki kept disappeared from tower radar, and had near-miss with Finnair charter, Nov 2000; newer French radar system also had other planes disappearing; problem traced to construction work at the airport! (R 21 22-23)

fe Westbury Long Island TRACON upgrade failed test, but backup to old software backfired (R 19 79)

*Vfm Radar blip lost Air Force One (S 23 4:21, R 19 63)

Vm* Air Force One disappeared from the Gibbsboro NJ radar twice on 5 Jun 1998, with President Clinton en route to MIT for the commencement speech; also reported was near-collision with a Swissair 747, missed by radar, Oct 1997 (R 19 79); Air Force Two disappeared from radar, 7 Jun 1998, and the same radar failed with AF2 overhead 17 Jun 1998 (R 19 82)

m?f? San Francisco Airport radar phantom flights (R 21 20, S 26 2:5)

*m Faulty ASR-9 radar system failures (Boston, JFK) led FAA to inspections, discovery of 23 further cases, and remediations (S 26 4:4, R 21 29)

f Air-traffic control woes (R 21 09, S 26 2:5-6)

fh 2002: Rash of british air-traffic control system outages in National Airspace System (S 27 3:5, R 21 98, 22 02-03, 22 09)

f Anecdote on a then-new European ATC center 99.99% reliable (52 minutes per year) that had already had a 20-hour down time shortly after installation: therefore it should not fail again for 25 years! It failed at 23:59 on 28 Feb (S 27 3:6, R 22 08)

Vm Aviation near-crashes in Kathmandu (R 21 09, S 26 2:6)

*V(m?f?) Indianapolis FAA route center running on generators for a week (R 21 11, S 26 2:6)

*h Delta plane 60 miles off course, missed Continental by 30 feet (S 12 4)

Vf SW fault in aircraft nondirectional beacon landing approach system (S 16 3)

V* New San Jose CA ATC system still buggy, plane tags disappear (S 14 2)

*Vf ATC computers cause phantom airplane images (S 16 3)

*fe Jeppesen GPS restricted-airspace navigation database corruption (R 22 64; S 28 4:6)

Vf West Drayton ATC system bug found in 2-yr-old COBOL code (S 16 3, R 11 30)

*Vh Open cockpit mike, defective transponder caused 2 near-collisions (S 12 1)

h Another open mike: couple join Mile-High Club, disrupt British air-traffic control (S 19 1:10)

*Veh ATC equipment test leads to Sydney landing near-collision (R 20 24)

*Vmf More ATC problems, fall 1998: New air-traffic control radar systems fail, losing aircraft at O'Hare (R 20 07); Dallas-FortWorth ARTS 6.05 TRACON gives ghost planes, loses planes (one for 10 miles), one plane on screen at 10,000 feet handed off and showing up at 3,900 feet! 200 controller complaints ignored, system finally backed off to 6.04 (R 20 07); near-collision off Long Island attributed to failure at Nashua NH control center (R 20 11); TCAS system failures for near-collision over Albany NY (R 20 11); two more TCAS-related incidents reported (R 20 12); landing-takeoff near-miss on runway at LaGuardia in NY (R 20 13); discussion on trustworthiness of TCAS by Andres Zellweger, former FAA Advanced Automation head (R 20 13)

*f? Automation-related Reduced Vertical Separation Minima (RVSM) AIRPROX incident over the North Atlantic, despite ACAS and TCAS (R 22 19); European RVSM safety case is flawed (R 22 22)

*def U.S. west-coast ATC woes 19 Oct 2000 (hundreds of flights affected) and 23 Oct 2000 (loss of flight plans for Northern CA and Western NV) (R 21 09; S 26 1:22)

df$ FAA Runway Incursion System: further delays in AMASS due to excessive false alarms (R 21 60,62)

$*fde STARS: Standard Terminal Automation Replacement Systems to replace ARTS - as of Feb 2002, more than 4 years late, $600 million over budget, "71 specific software problems that could prevent the system from operating as designed" and many questions (S 27 6:7-8, R 22 12)

f/m? Collapse of UK air-traffic control computer (R 20 93-94); known bugs reduced from 500 to 200 (R 21 01)

*dV Reports on UK New En Route Centre NERC for UK ATC (R 19 18,23,69); more on the NERC system crashes at Swanwick (S 27 6:9-10, R 22 12); safety and human factors (S 27 6:10, R 22 13); subsequent questions on readability of displays at the London Area Control Centre (R 22 40,44)

$e British Swanwick ATC slowdown Jun 2004; backup recalcitrant on 30-year-old system (R 23 41,42)

$ Discussion of NERC and STARS: COTS versus Bespoke ATC Systems (Ladkin, Leveson, S 27 6:8-9, R 22 12)

*Vfm Review on air-traffic control outages by Peter Ladkin (S 23 3:26, R 19 59)

*fhm, etc. UK air-traffic control problems summarized at www.pprune.org (R 21 11)

*SHA Fake air controllers alert in UK (R 21 04; S 26 1:22)

*h F-117 stealth fighter in near-miss with UAL jet (R 21 04; S 26 1:22)

V(f/m?) Faulty TCAS behavior. Australian report shows two faulty TCAS cases: Jan 1998 near Hawaii, TCAS off by 1500 feet vertically, caused false maneuvers; Jun 1999 over China, TCAS had higher plane descending toward the lower (R 20 60,62);

*Vfm Complete ATC power failure in the U.S. Northwest, 15 Jan 1999, discussion by Seattle controller, Paul Cox (R 20 19)

*Vmh Dulles radar fails for half-hour 23 Nov 1998 (R 20 10); discussion of air-traffic control safety implications (R 20 11), and ensuing comments from a controller (R 20 12)

*Vh Risks of runway crossings with tight takeoff/landing schedules (R 20 10)

f Airline clock wraparound in displays: UA Flight 63 from SFO "Delayed 1 hr 39 min, Arrive Honolulu Intl 12:01am Tues Early 22 hr 35 min" (R 20 15); More United Airlines Website flight curiosities (R 20 44)

h Accidentally enabled sex-aid vibrator in hand luggage causes bomb scare on Monarch Air flight; apparently not unusual (R 20 34)

*Vm Air-traffic control data cable loss caused close calls (S 10 5)

V$SHm Attack on fibre-optic cables causes Lufthansa delays (S 20 2:12)

VmM Display lasers affect aircraft: pilots blinded over Las Vegas (R 17 55)

*VM More on EMI and RF interference from passenger devices in aircraft systems (Ladkin) (R 19 24); still more, including discussion of Elaine Scarry article in 26 Sep 2000 The New York Review of Books( and follow-ups (R 21 04,08,11)

VSfM Case of GPS jamming of Continental flight by failed Air Force computer-based test (R 19 71) more on GPS jamming/spoofing: British Airways flight lost all three GPS systems while French military was testing jammers; Continental DC-10 lost all GPS signals while Rome Lab was experimenting with jammers (R 19 74,85)

Vf/h? GPS kills 8 in air (R 20 44-45) and radar-assisted collisions (R 20 45)

@*VM Cell-phone linked to London to Istanbul crash-landing? (R 19 34,36,37)VM Australia's Melbourne Airport RF interference affected communications, traced to an emanating VCR! (R 17 44)

*VM Osaka Int'l Airport's radar screens jammed by TV aerial booster (S 12 3)

*m Plane diverts after erroneous 4-digit hijack alert (R 23 89-91)

*M Cellular telephone activates airliner fire alarm (S 14 6)

Vfmhi? Aviation Risks using Windows NT avionics systems (S 23 3:27, R 19 46)

*Vfi Flawed ATC radars: planes disappear from screens; other problems (S 12 1)

hi Controller screwup causes NW 52 to Frankfurt to land in Brussels (R 17 38,40)

*Vdef Risks in the new Sydney airport control system (R 17 43)

*m Computer outage in Concorde leads to rocky nonautomatic landing (S 12 4)

*Ve British ATC 2-hr outage, 6-hr delays: faulty HW/SW upgrade (S 12 1) Computer problems down FL ATC, slow airline flights in Southern U.S. (S 19 1:11)

*Vfmd Air-traffic-control snafus in Chicago, Oakland, Miami, Washington DC, Dallas-FortWorth, Cleveland, New York, western states, Pittsburgh! (S 20 5:12); Another Oakland airport radar outage 28 Nov 1995, two hours (R 17 49)

V*fm Philadelphia airport radar problems, May 1999 (R 20 42) More radar glitches at Philadelphia airport 10 Mar 2000 (S 25 3:18, R 20 84)

Vhm Brief KC power outage triggers national air-traffic snarl (S 23 3:23, R 19 51)

Vhmm Air traffic control snafu around LAX: pickup truck caused power outage, backup power failed, 18 Jul 2006 (R 24 35, S 31 5:17)

!Vm New York air traffic slowed for 10 hrs by construction contamination (R 19 41)

*f Fall 1998 air traffic control upgrade problems: New Hampshire (R 19 93), Salt Lake ATC (R 20 05); Dallas-FortWorth ARTS 6.05 (S 24 1:31, R 20 07), Chicago (R 20 07)

Vm Effects on automated traffic controls of plane crashing into 500Kv power line near Cajon Pass; more than 1000 traffic lights out (R 19 29,30); earlier effects of power failure in Perth (R 19 30); risks of major outages (R 19 32,33)

*Vhe Southern Cal plane crash due to software change? (S 12 1)

*Vmf Alaskan barometric pressure downs altimeters; FAA grounds planes (S 14 2)

*Vfm FAA Air Traffic Control: many computer system outages (e.g., SEN 5 3, 11 5), near-misses not reported (S 10 3:12)

*Vf ATC computer system blamed for various near-misses, delays, etc. (S 12 4)

*Vhi Air-traffic controller errors. O'hare near-miss: wrong plane code (S 12 3)

V(f/m/h?) 2 jets in near-miss approaching LAX; Brazilian VASP MD-11 pilot blames autopilot, others blame pilot (R 19 10)

*Vh F-16 incidents, TCAS: 4 separate risky military approaches (S 22 4:28, R 18 83)

*V$fm FAA report lists 114 major telecom outages in 12 months 1990-91; Secretary Pena blames air-traffic woes on computer systems (S 19 4:11) 20 ATCs downed by fiber cable cut by farmer burying cow [4May1991] (S 17 1); Kansas City ATC downed by beaver-chewed cable [1990] (S 17 1); Other outages due to lightning strikes, misplaced backhoe buckets, blown fuses, computer problems (S 17 1) 3hr outage, airport delays: Boston unmarked components switched (S 17 1) More on the AT&T outage of 17Sep91 noted below (5M calls blocked, air travel crippled, 1,174 flights cancelled/delayed) (S 17 1)

fh WashingtonDC air traffic slowed 11 Jun 1997: old wiring error (S 22 5:13)

V$fe SW bug downs Fremont CA Air Traffic Control Center for 2 hours [8Apr1992]; 12 of 50 radio frequencies died [17Apr1992], reason unspecified (S 17 3)

V$d New Canadian air-traffic control system SW problems, system late, it crashes, planes flying backwards, frozen displays, no radar,... (S 17 4)

*Vm NY Air Route Traffic Control Center computer failure (S 21 5:15)

*Vef Computer glitches foul up flights at Chicago airports (S 24 4:26,R 20 38)

@See below, general telephone problems that affected traffic control.

*$ Discussion of the implications, needs for oversight, assurance (S 17 1)

*V$m FAA ATC computers in Houston down for 3 hours; long delays (S 12 2)*

*V$rm El Toro ATC computer HW fails 104 times in a day. No backup. (S 14 6)

Vhfm Accidental power outage affects Pacific Northwest air traffic (S 21 2:21)

Vm Dallas-FortWorth ATC system power outage affects southwest (R 17 40)

Vm Las Vegas approach radar outage (R 17 41)

*V$m London ATC lost main, standby power, radar; capacitor blamed! (S 12 2)

*f London ATC goof - US ATC program ignores East longitude (S 13 4)

*f Software misdirects air-traffic controller data in Boston (S 13 4)

@d New £300 million UK air-traffic control system confronts complexity (S 22 1:18)

*Vh Commercial plane near-collisions up 37.6% in 1986; 49 critical (S 12 2)

*H Radar center controllers (So.Cal) concealed collision course info (S 12 2)

*V Jetliners in near-miss over Cleveland; wrong freq assigned, neither plane in contact with controllers (S 16 4)

*Vid Complexity of the airplane pilot's interface increasing (R 18 63)

*V Computer errors involved in plane crashes? (Aftonbladet) (R 18 65,66)

* Problems with below-sea-level aircraft altitudes (R 18 72,74)

h Plane takes off, flies for two hours, without pilot (R 19 47)

*Vf `TCAS Sees Ghosts' (see IEEE SPECTRUM, August 1991, p.58) (S 16 4); Traffic Alert Collision Avoidance System blasted by ATC people (S 17 1); See also relevant discussion on human errors by Don Norman (S 17 1:22)

Vih? TCAS related collision-avoidance mistake discussed (S 18 1:24)

*f Air-traffic controller reports on potential TCAS problem (S 18 3:A15)

Vf TCAS blamed for near collision over Portland WA; previous reports of phantom planes and misdirected avoidance maneuvers (S 19 2:12); Followup report (S 19 3:9)

*f?/+ TCAS incidents: northwestern U.S., Tehran (S 20 5:13)

? Discussion of TCAS near-miss in Southern Calif. (R 19 55,56)

!Vhimf South German mid-air collision over Lake Constance, 1 July 2002: TCAS told Russian plane to climb, Swiss controller said descend; plane crashed into DHL plane whose TCAS had prompted descent; discussion in RISKS whether to listen to TCAS or the controller! 71 dead (S 27 6:6-7, R 22 15,18, Ladkin analysis R 22 19) Listen to TCAS, not the controller (R 23 19); later analysis; air-traffic controller subsequently stabbed to death (R 23 23,25)

*m TCAS RA incident in UK airspace; faulty transponder off by 500 feet (R 23 72; S 30 3:23)

*m Analysis of automation-related AIRPROX incident: loss of separation between A330 and A340 operating under RVSM over the Atlantic, 2 Oct 2002; turbulence, TCAS limitations, etc. (R 23 19)

*Vf Chicago's O'Hare Airport radar lost planes, created ghosts (S 17 1)

*h GAO faults FAA for inadequate system planning in Los Angeles area (S 15 5)

$ FAA drops navigation system contract (S 21 5:16)

*Vhi Four 1986 British near misses described - all human errors (S 12 2)

*Vf/m? Leesburg VA Air Traffic primary, backup systems badly degraded (S 15 1)

*Ve? DFW ATC 12-hour outage after routine maintenance (S 15 1)

*V$ Computer outages force delays in So. Cal, Atlanta (S 12 2)

Vm Winnipeg rodent blows transformer, blacks out air-traffic control (R 23 61)

* Macaque reaches 747 cockpit controls; monkey loose on Cosmos 1887 (S 12 4)

$ Travicom computerized air cargo system withdrawn; £5M lost (S 12 2)

$H Computer hides discount airline seats from agents; lost sales (S 12 2)

$f Pricing program loses American Airlines $50M in ticket sales (S 13 4)

f,h,i Ordering airline tickets on-line: Nonatomic transaction gave tickets but no reservation (R 19 27); name confusions on e-tickets, with similar names (R 19 28) and identical names (R 19 29)

$d American Airlines reservation system SW woes adding cars, hotels (S 17 4)

V$m Power outage causes Australian airline reservation system "virus" (S 13 3)

f Delayed DoT airline complaint report blamed on computer (S 12 3)

$ First-day snafu at new Pittsburgh Airport; BA luggage uncoded (S 18 1:25)

Vm Hong Kong Flying Service computers corroded by hydrogen sulphide (R 19 41)

$f*h British Air 10M-pound inventory system loses parts, earnings, convictions, user confidence, nearly causes deaths, and costs legal expenses (S 18 1:9)

*?f?V? Out with pilots, in with pibots in our national airspace (R 21 96), and flocking algorithms (R 22 01)

deS? F-35 fighter jet too reliant on foreign software? (R 23 13)

hi+ Orientation of instrumentation to highlight normal operating conditions in aircraft and submarines (R 23 26,27)

*SHf Korean Airport subject to hackers, viruses, worms, etc. (R 23 53; S 30 1:12-13)

1.7 Rail, Bus, and Other Public Transit

!(h?) German driverless Transrapid maglev train crashes at 200 mph on test track in Emsland, killing 23; crash-proof car crashed into a non-maglev maintenance car (R 24 44, S 31 6:21-22), more (R 24 45)

! US railroad uses Wi-Fi to run 'driverless' trains (R 23 05; S 29 2:8); Union Pacific worker killed by locomotive he was operating remotely (R 23 07; S 29 2:8); Caltrain railroad accident results from deactivated crossing gate (R 23 08; S 29 2:8)

!Vmh Driver killed by unanchored ballast simulating passengers in test of "computer-controlled" AirTrain to JFK intentionally on manual around a curve; damage to the train and to 150 feet of concrete wall as well; blame went to the driver, not the ballast that killed him! (R 22 37)

!h Metra Rail accident in Chicago (R 24 05; S 30 6:17)

f JFK AirTrain passengers end up at storage yard instead of airport (again) (R 23 28)

!Vh 42 die in Japanese train crash under manual standby operation (S 16 3)

!$Vm Loose wire caused Britrail Clapham train crash, 35 killed (S 14 6)

!!$Vhi Canadian trains collide despite "safe" computer; 26 killed (S 11 2) Report by A.M. Smiley of Human Factors North (Toronto) blames freight-train engineer for running red signal (TNX to Mindor Sjaastad)

*Vmh Rail Canada train derailed 3 Sep 1997; early warning alarm ignored by untrained crew, who disconnected it (R 19 94-95,97)

!Vh Southern Pacific Cajon crash kills 3; tonnage computations wrong (S 14 6)

!Vm Cannon St train crash in London, 1 dead, 348 injured, brakes failed (S 16 2)

!Vm Kings Cross passenger trapped in automatic door, killed; no alarm (S 16 2)

!V*h London commuter train crash out of Euston Station, 8 Aug 1996 (S 22 1:18)

V!*h Ladbroke British train collision, Oct 1999; driver ran red Signal 109 (R 20 59-60, 62-63)

*V(r?f?) London underground train went 4 stops with fail-safe doors open (S 16 2)

*Vrf London Docklands Light Railway crash; protection system incomplete (S 12 4)

m/f? U.K. computerized train from London halted in Chester countryside, ran through the entire set of remaining audio station announcements, tried to open the doors, issued false warning of fire; recycling all power for 10 seconds enabled the computer and train to reboot (R 21 47); new computerized Amtrak locomotives require 10 minutes to reboot, while 30-year-old Long Island RR electric trains seem fine (R 21 48);

Vfe Oyster card fault causes problems on London Underground and Docklands Light Railway; failure in system for updating revocations (R 23 79; S 30 3:29)

*f Flawed braking algorithm causes UK Pendolino trains to overrun stops in West Coast Main Line (R 23 63; S 30 2:17-18)

* Discussion of completely automated train controls (R 21 82-83)

*mfdei New `Heathrow Connect' trains do not want to go to Heathrow due to signal fault; scheduling problems with high- and low-speed trains; also braking problems, incorrect automated announcements; lengthening trains requires return to Siemens factory (R 23 91-92; S 30 4:23)

f/m?V Unmanned Rotterdam Parkshuttle system suspended after collision (R 24 12)

*Vh DLR unmanned trains crash under standby manual control (S 16 3)

e DLR train stopped at station not yet built to avoid changing SW (S 16 3)

*hf London Underground wrong-way train in rush-hour (S 15 3)

*fh London Underground train leaves ... without its driver (S 15 3)

*h South Wales train leaves without driver (R 22 26)

*fh Another London Underground driver leaves train, which takes off (S 19 2:2)

@SH London Underground hacked by insider posting nasty messages (R 17 36)

*h 1928 British rail interlocking frame problem revisited (S 15 2)

*f British Rail signalling software problems, trains disappear (S 15 5)

*Vm Leaves on track cause British Rail signal failure (S 17 1)

m Flat train wheels in 124 cars in NY/NJ: oily leaf residue (R 24 47, R 24 51, R 24 52)

$ Britain's Network Rail faces unlimited fine over 16 safety breaches (R 24 46)

*Vf Removal of train's dead-man's switch leads to new crash cause (S 17 1)

*f/h? Severn Tunnel rail crash (100 injured) under backup controls (S 17 1)

Vfm Elbtunnel computer crash causes monster traffic tie-ups (R 23 95; S 30 4:23-24)

f/m Berlin tunnel control fail-safe test fails totally; tunnel closed for five hours during rush-hour (R 24 09); Computer problem closes Berlin tunnel again (R 24 34, S 31 5:17-18)

V*fm Intercom hang-up caused 1997 Toronto train collision, 19 Nov 1997; 50 hospitalized; "dwarf signals" (R 20 49)

!f Aasta trains crashed, killing 19, 4 Jan 2000; safety-critical error; report leaves uncertainties; considerable discussion (R 21 28,30,32,36)

!Veihh Head-on train collision in Berlin killed 3, injured 20; track controls mistakenly set to one-way traffic, overseer overrode halt signal (S 18 3:A3)

!Vm German high-speed train disaster Jun 1998 and implications; automated system with inadequate sensors and overrides (R 19 80,81,83,89)

Vfm Berlin new automated train switching system (Siemens Generation C) fails from the outset of its use (R 19 77)

Vf Berlin S-Bahn stopped by switching SW stack overflow (S 22 2:19, R 18 55)

Vm Berliner S-Bahn power outage took out three switching computers, shutting down train traffic for 2:25 (R 22 53, S 28 3:5)

hi Near-disaster on a French RER commuter train (R 22 92: S 29 2:8-9)

*feh NY City subway crash due to operator, outdated parameters (S 20 5:8)

*m Runaway train on Capitol Hill (S 24 3:26, R 20 13)

*fm Runaway remote-controlled coal train plows into NIPSCO generating station; and earlier accidents; system not designed for these trains (S 27 3:6, R 21 94)

m Computer crash freezes train traffic in 8 US states (S 20 3:8)

$Vdef Stack overflow shuts down new Altona switch tower on first day (S 20 3:8)

m Paper-clip causes hard-drive overflow, triggering traffic-control computer failure stopping trains in south Finland for an hour (R 19 10)

* Train Accident in China due to safety systems known not to work (S 17 1)

*m Control faults cause Osaka train to crash, injuring 178 (S 19 1:4)

*f Sydney train system traps man's leg (R 21 01)

VMf$ Sydney's new Millennium trains put on hold by electrical signal interference problems; very complex system with other problems as well (R 22 68-70)

f/m? Computer glitch causes severe train delays in Melbourne (R 20 48)

*m Melbourne's computerised train brakes fail (R 24 47)

* Three of Australia's major railway routes blocked: single track; similar problems in Canada; `dark track' in the U.S. with no signals (R 24 46)

Vm Electrocuted snake cancels 34 trains in northern Japan (R 19 88)

*h Japanese bullet-train drivers must wear hats; driver with missing hat left his seat, and train kept running (R 21 27)

*h Japanese bullet train driver falls asleep at the controls, fails to push confirmation button and brake; automatic brake worked (R 22 60)

$*f Japanese bullet trains with faulty software speed controls, not detected in test runs (R 23 84)

Vm Zürich main railway station outage due to control center failure (R 23 70; S 30 3:24)

*hi Amtrak mainline train collision in Maryland, Feb 1996 (S 21 4:13)

Vf/m? Amtrak ticket system breaks down (S 22 2:19)

$dmfhV Amtrak's high-speed Acela trains sidelined for many months; million-mile brakes don't last, just enough spare parts to keep one train going; deeper problems as well (R 23 85,87)

$mfV Amtrak halted by propagating power failures; Jersey Transit and BaltoWash MARC trains also affected (R 24 29, S 31 5:16)

Vrm Hurricane Floyd had widespread effects, Amtrak operations center problems in Jacksonville affected trains in Eastern Seaboard, Chicago, Michigan; also DC commuter rail (R 20 58); ISDN lines, ATMs, EDS (R 20 62); nationwide AT&T cellphone service interruptions (R 20 59);

f CSX crew spots problem signal, averts collision; insulation problem? (R 21 04; S 26 1:20)

f/m Train-ticket vending machine bogus tickets; innocent victim harassed (R 19 20)

f Train reservation process confuses city codes and airport codes (R 21 51)

Vm Swedish central train-ticket sales/reservation system and its backup both fail (R 20 05)

e Upgrade to Guildford Station (Surrey, UK) software disables hundreds of train tickets for automated gates (R 20 94: S 26 1:20)

!i Washington D.C. Metro crash kills operator (S 21 4:13)

Vmf Washington D.C. Metro Blue Line delay 6 Jun 1997; system+backup failed (R 19 22)

$ef DC Metro discovers flag-day issues with changeover in SmarTrip payment systems (R 23 44, update in R 23 46)

f/m/hi? Woman summoned to court over unread Oyster transit payment card (R 24 08)

Vmfe Computer crash impacts Washington D.C. Metro (S 23 3:25, R 19 50)

Vf/m? Computer problems foul up the Washington D.C. Metro system; graphics system froze (R 20 60)

fi D.C. Metro can't label rerouted holiday trains on 4 Jul 2000: confusion (R 20 95; S 26 1:20)

mf Computer graphics system crash stalls D.C. Metro (S 26 4:4, R 21 36)

mf D.C. Metro computer crash leaves disabled riders stranded (S 26 6:9, R 21 44)

*h Atlanta MARTA commuter train jumps track, injuring 19 (S 21 5:14)

*f LIRR trains fail to trigger computerized crossing gates (S 22 1:18)

m Lightning knocks down wall of an English pub, and closes fail-safe railroad crossing that blocked fire engines (R 19 72)

Vfm Computer crash shuts down Taipei subway (S 21 5:14) Note: Matra made software for both Ariane5 and Taipei subway system (S 21 5:15)

V$mf Swiss locomotives break down in cold weather; SW fails (S 20 2:11)

h Swiss train disappears from tracking system (S 26 6:9, R 21 42)

Vm Single point of failure in self-generated power paralyzes Swiss Railsystem for 3 hours 22 Jun 2005 (R 23 92; S 30 4:22-23)

*f Flaw discovered in Swedish rail control system after near miss (R 19 22)

fh Union Pacific merger aftermath: gridlock, lost trains (S 23 1:11, R 19 41)

* Japanese railway communications jammed by video game machines (S 12 3)

* Japanese train doors opened inadvertently several times; EMI? (S 12 3)

*(m/f?) Caltrain Baby Bullet train runs with door open between stops (R 23 87)

*f SF BART train doors opened between stations during SF-Oakland leg (S 8 5)

f SF BART automatic control disastrous days of computer outages (S 6 1)

*V$m BART power mysteriously fails and restores itself 5 hours later (S 12 3) battery charger short and faulty switch subsequently identified (S 12 4)

m BART ghost train, software crash, 3 trains fail, system delays (S 22 2:19)

f BART ghost trains; 567 cases in two years (R 20 31-32)

defV$ Three days of San Francisco BART upgrade crashes; backup failed as well (R 24 23)

$dh $80M automated BART train-control system mothballed (R 24 33, S 31 5:17)

f SF Muni Metro: Ghost Train recurs, forcing manual operation (S 8 3)

f SF Muni Metro: Ghost Train reappears; BART problems same day (S 12 1)

mM San Francisco Muni adds new communicating streetcars, has to remove old ones blocking comms to increase service (R 19 95); Muni driver leaves car, which went on driverless! (R 19 95)

hi Grenoble streetcar ticket machine welcomes you to London if you select English language interactions (R 24 07)

*fm Chunnel has ghost trains, emergency stops (due to salt water?) (S 20 3:9)

Vf Phantom trains down Miami's Metromover inner loop for 2 days (S 20 5:8)

$*H SF Muni Metro crash; operator disconnected safety controls (S 18 3:A3)

$d Washington D.C. Metro stops payments on troubled computer (S 23 4:21)

h LA Rapid Transit District computer loses bus in repair yard (S 12 2)

$f LA RTD phantom warehouse in database "stores" lost parts (S 12 2)

fhi Analysis of the Chicago train/bus crash (R 17 43)

*Vm Water seepage stops Sydney automated monorail computer controls (S 13 4)

Vfh Daylight savings time changeover halts train for an hour (S 15 3)

if Amtrak's on-line trip planner suggests Portland to Seattle via Chicago and LA (R 23 20,22)

m Risks of the modern train: lots of inconveniences (R 20 54)

@$dmf Las Vegas monorail big development delays; drive-shaft fell off; flaw in train spacing software (R 23 37; S 29 5:14)

f Sydney trains disrupted by unknown software glitch, stranding passengers for two hours (R 23 35; S 29 5:14)

mfhi UK New Southern Railway passengers trapped in trains for up to 45 minutes in new cars; software uses GPS-based detectors to detect trains stopped at station platforms with not-excessive train length; drivers apparently not trained to override (R 23 52); is GPS accurate enough for this? (R 23 53)

*mh Amtrak railroad signal failure (R 23 54)

SHVf Risks of British Rail using satnav/GPS to keep trains running on time; overkill? (R 23 71,72); related risks revisited (R 23 78,82)

hf- Railway map in error omits Colne to Skipton line, which was then discontinued rather than admit the map error! (R 24 27)

1.8 Ships

$*f Puget Sound ferry computer failures - 12 crashes; settlement vs builder $7 million; cost of extra $3 million for manual controls! (S 12 2); Electronic "sail-by-wire" replaced with pneumatic controls (S 15 2)

$fi Ship runs aground; reverse-logic steering problem? (S 15 1)

*hi Canadian ferry crew Queen of The North didn't know how to use ECS display software; ferry sinks (R 24 33, S 31 5:17)

m Royal Majesty runs aground due to GPS antenna failure (S 20 5:8)

*hi Risks of ships relying on GPS-based systems (R 24 03)

*f Hard-left cruise-ship's autopilot blamed for sharp turns (S 26 6:10, R 21 41)

!$ Trawler Antares sunk by submarine; computer showed 3mi separation (S 17 4)

*$rh? QE2 hits shoal; 1939 charts off by 7 feet? (S 17 4)

M GPS on M.V. Manatoulin cargo ship failure traced to interference from the captain's TV antenna (R 19 90)

(+/-) GPS is killing lighthouses (R 23 70) [risks of trusting technology, not your own eyes]

m/h? Computer-controlled ballast tanks tip drydocked ship, both ways! (S 17 4)

*f/m Apparently uncommanded rudder movement in cruise liner injures passengers (R 22 64; S 28 4:6)

$*hhh Computer override backs Australian frigate onto rocks (R 23 71; S 30 3:24)

f Titanic photo expedition control program erratic (S 11 5)

..... Roller-coaster accidents and risks

!Vhmie Two loose screws cause death of Disneyland Big Thunder Mountain roller coaster rider (R 23 05; S 29 2:8)

*m? 42 Japanese injured in roller-coaster car crash (EMI?) (S 12 3)

*$f Computer-controlled Worlds of Fun roller coaster trains collide (S 15 3)

*$f Dorney Park roller coaster crashes; same design flaw, builder (S 18 4:2)

* Roller Coaster controls balance scariness and safety? (S 15 5)

*e Astroworld ride jams at top with reporters; untested SW change (S 16 3)

*f Blackpool roller-coaster (1) fault traps 30; (2) 2 trains collide (S 19 4:5)

*fm Malfunction shuts down computer-controlled British Airways London Eye amusement park ride; also, a carnival ride with blue screen of death just before rapid descent (S 27 3:6, R 21 93-94)

+? More on making roller coasters idiot-proof: automation (R 19 93)

*? A new approach to roller coasters: RoboCoaster Windows-based self-programmed personalized rides, with six axes, 1.4 million combinations; all safe? (R 22 89, S 28 6:8); controls separated (R 22 94)

fm Universal Orlando Incredible Hulk Coaster gets stuck (R 23 69; S 30 3:29)

1.9 Automobiles

!hi Driver kills cyclist while trying to save Tamagotchi virtual pet on her key ring (R 19 67)

!$h Wilson (draw)Bridge warnings not set, truck plows into car (S 17 1); See relevant discussion on human errors by Don Norman (S 17 1-22)

!$f? Mercedes 500SE with graceful-stop no-skid brake computer left 368-foot skid marks; passenger killed (S 11 2)

Hf Mercedes brake test: unworkable demonstration rigged (R 24 11)

!$f? Audi 5000 accelerates during shifting. 2 deaths. Microprocessor? (S 12 1)

SHAOf Car computer systems at risk to viruses (R 23 96, R 24 01; S 30 6:21)

*f? High-voltage hybrid vehicles may be hazardous to rescuers' health? (R 23 35), clarification (R 23 36)

!*hi D.C. red-light cameras fail to reduce accidents, despite increased violations (R 24 06)

*hi Car and van collide; handicapped-equipped Dodge controls rendered inadequate by handicap (R 24 06)

*$f? Microprocessors in 1.4M Fords, 100K Audis, 350K Nissans, 400K Alliances/ Encores, 140K Cressidas under investigation (S 11 2)

fmM More on risks of microprocessors in cars (S 16 2)

*V(f?) Saturn auto assumption cuts off engine at high speed (R 21 10); Nissan also (R 21 13)

*fm Formula 1's string of control-system failures (R 21 48,49)

*SM Sudden auto acceleration due to interference from CB transmitter (S 11 1)

*M Sudden acceleration of Dutch bus commonplace: interference (S 23 1:11, R 19 40)

M GM sudden acceleration (31 deaths, 1121 injuries between 1973 and 1986) linked to EMI in court; Audi cases still suspected; cars less protected than aircraft (R 19 38); note from Adam Cobb in Australia (R 19 42)

*m Runaway Pontiac Sunfire racing out of control, rescued dramatically (R 23 33-34)

m? Runaway truck locked at 60mph for 140 miles; driver wants to sue manufacturer (Sorcerer's Apprentice in the Driver's Seat?) (R 24 05; S 30 6:17)

*fm Hour-long runaway Renault regulator, speed reaches 125mph; solution: pull out the electronic card (R 23 56)

*fhi Another near-disaster due to vehicle automation; accelerator jammed at 130mph (R 24 25,29)

fm 2004/early-2005 Prius cars shut themselves down at speed (R 23 87; S 30 4:24)

*i Handicapped's gas pedal on left side of car leads to 3 injuries (R 22 90)

M Remote-control car starter also controls car doors, turns on heater, defroster, or air-conditioner, up to 400 feet away (R 19 37)

*fmi The dangers of remote start on a car with manual transmission (R 22 90)

*fm MS Windows crash traps Thai politician in BMW (R 22 73, S 28 6:11)

@*fM Keyless remotes to cars suddenly useless (R 23 45)

*f/m [but not human error] Fire truck with electronically controlled all-wheel drive auto-steers itself into tree (R 23 30; S 29 5:14)

*fh Two Opticon-enabling fire trucks collide (R 23 34)

f(i?) BMW under GPS navigation driven into Havel River (R 20 14)

Shi French motorist obeys GPS navigation, makes U-turn into traffic (R 23 62)

fhi More risks of in-car GPS navigation (R 24 10-14)

i?h?f? Man trusting in-car computer directions to meeting in York in NE England arrested for speeding, banned from driving; computer had directed him to small village in NW near Manchester (R 22 37)

M Swedish policeman's handheld digital radio triggered his car airbag, which hit him with the radio unit (R 19 43)

SM Cell phones can interfere with auto systems (R 19 63)

SM Czechs ban mobile phones in gas stations (interference) (R 19 68-69)

Sf Denver car-emission testing program bypass (S 21 4:17, SAC 14 3)

f Connecticut automobile emissions test readings in error; propane measured instead of hexane (R 23 28)

f Auto onboard emissions chip major malfunction (R 24 19)

$f Toyota smog-warning computer lawsuit (R 20 48)

f Germany to rely on on-board diagnostics for vehicle emission checks (R 21 15, S 26 2:7)

f$ Emissions software glitch falsely fails hundreds of older cars in Atlanta (R 20 04)

*? Fly-by-wire SAAB: joystick, no mechanical linkage, keyboard, screen (S 17 3)

*Vefm Jaguar loses all power due to faulty car phone installation (S 15 5)

*f 1986-87 Volvos recalled for cruise-control glitch (S 13 3)

*f Renault cruise-control failures? car won't slow down (R 23 81; S 30 3:25)

* General Motors recalls almost 300K cars for engine software flaw (R 18 25)

f*$ General Motors recalled almost one million cars (1996-97 Chevies, 1995 Cadilacs) for undesired airbag deployments; Chevy fix involved software change (R 19 85)

*f$ GM recalling around 127,000 Chevrolet Corvettes for program flaw (R 23 18)

*f GM recalls 12,329 Cadillac SRX for anti-lock brake flaw (R 23 30; S 29 5:14)

m Sony recalls 40,000 more Vaio PCs due to defective power supply (R 22 70)

- Comments on software explosion in new automobiles (S 22 2:23)

*H Home-reprogrammed engine micro makes 1984 Firebird into race car (S 12 1)

SH Hacking of car engine computers reaches Australia (S 13 4)

*f Anti-skid brakes and computer controlled race cars? (S 12 1)

*Vrf Car with computerized steering loses control when out of gas (S 12 4)

*Vf Non-fail-safe power-outage modes - car locks (S 13 1)

*Vrm Experimental semi-truck micro died (EMI) when near airport radar (S 12 1)

*$f El Dorado brake computer bug caused recall of that model [1979] (S 4 4)

i?m?f? Ford/VW/Nissan cars with Microsoft dashboard Windows PCs (S 23 3:25, R 19 54)

*$f Ford Mark VII wiring fires: flaw in computerized air suspension (S 10 3:6-7)

*Vf Cadillac recalling 57,000 cars for headlights-out computer problem (S 12 3)

* Computerization of the automobile continues apace (R 23 76; S 30 3:27)

V$f Oldsmobile design lost: hard disk wiped, backup tapes blank! (S 12 4)

f GM blames smelly Astros and Safaris on