4-Jun-86 22:53:06-PDT,16507;000000000000
Mail-From: NEUMANN created at 4-Jun-86 22:50:31
Date: Wed 4 Jun 86 22:50:31-PDT
From: RISKS FORUM (Peter G. Neumann, Coordinator) <
[email protected]>
Subject: RISKS-3.1
Sender:
[email protected]
To:
[email protected]
RISKS-LIST: RISKS-FORUM Digest, Wednesday, 4 June 1986 Volume 3 : Issue 1
FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Unshakeable Faith in Technology (Richard A. Cowan)
Unshakeable Faith in Technology: Shuttles & Nuclear Power (Peter G. Neumann)
Basis for SDI Assumptions? (Doug Schuler)
Technical vs. Political in SDI (Herb Lin)
Computer Crime Laws (Peter G. Neumann)
Backups for micros (Evan Dresel)
The Clock Lies Again (PGN, Jagan Jagannathan)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, nonrepetitious. Diversity is welcome.
(Contributions to
[email protected], Requests to
[email protected].)
(Back issues Vol i Issue j available in SRI-CSL:<RISKS>RISKS-i.j.
Summary Contents in MAXj for each i; Vol 1: RISKS-1.46; Vol 2: RISKS-2.57.)
----------------------------------------------------------------------
Date: Tue 3 Jun 86 21:07:28-EDT
From: Richard A. Cowan <
[email protected]>
Subject: Unshakeable Faith in Technology
To:
[email protected]
The following passage from a 6-part "editorial" in the San Francisco
magazine "Processed World" argues that the Space Shuttle disaster will
not (as Proxmire claimed) shake people's faith in technology. Instead,
it may strengthen their resolve to pursue technology regardless of risks.
(Fortunately, the same argument can not be applied to the Chernobyl accident;
people don't have the same love affair with Soviet nuclear power that they
had with the Shuttle.)
Send me mail if you want more info about the magazine; this is from the
recently published Number 16.
"Braking Star Wars, or a New Standard of Patriotism"
by Marcy Darnovsky
"If the fireball that consumed Space Shuttle Challenger slows down the
development of Star Wars, the seven people that perished in it will
not have died in vain.
"To millions of space enthusiasts, the shuttle and the space program
are tributes to curiosity, imagination, courage, and the quest for
knowledge and adventure. These are among the worthy impulses of the
human spacies. But what most space boosters don't see through the
glitter of the stars (leaving aside the problem of how to divide the
purse between cross-town buses and interplanetary travel) is how
these impulses are being used and perverted.
"Whatever its origins, there can be no doubt about what master the
Shuttle now serves. Starting in 1987, the Pentagon had planned to use
half of the spacecraft's cargo bay at least twice a year for Star Wars
experiments alone. It had claimed a third of the available shuttle
launches over the next ten years. Under the National Space Policy
adopted by Reagan, the Pentagon is not only NASA's largest customer,
but also its preferred customer, and as such is entitled to bump
civilian, commercial, and scientific payloads off Shuttle flights.
"For a short time, the suspension of Shuttle missions and the loss of
one of the four orbiters will slow the military's invasion of space.
But before long, the space arms race will be back in harmony with the
spheres. The scientific and commercial aspects of the space program
will probably come out the losers, with NASA dancing to the Pentagon's
tune even more slavishly than before.
"A month after the explosion, some of the astronauts voiced dissatisfactions
with NASA safety procedures and secrecy. It's too soon to tell whether
their criticisms will crack the unnerving unaniminity of popular support for
more space spectaculars.
"Remarkably, instead of planting doubts about the reliability of complex
technologies and the push into space, the destruction of the Challenger
seems to have convinced most Americans that no sacrifice is too great for
the technology that will conquer the stars. NASA reports it received 90,000
letters in the two weeks following the explosion, 99% of them supporting the
space program. "Something like this brings the nation together," said
Daniel Boorstin in the New York Times. "The space program in general has
done that; people understand the grandeur even if not the technology, and to
share that grandeur is what makes a great nation." Boorstin is right: the
majestic lift-off of a rocket with human beings perched atop it raises
modern Americans out of their everyday lives into an epiphany of
technological awe intertwined with chauvinistic pride.
"The Shuttle catastrophe has constructed a new standard of patriotism:
giving your life for your country's technology. Instead of making it
acceptable to question the military takeover of space, the Shuttle
disaster may make the space program more sacred than ever. If the
explosion of the Challenger and the seven dead astronauts have
transformed protest into heresy, it was more of a tragedy than we've
yet realized."
------------------------------
Date: Wed 4 Jun 86 22:01:31-PDT
From: Peter G. Neumann <
[email protected]>
Subject: Re: Unshakeable Faith in Technology: Shuttles & Nuclear Power
To:
[email protected]
cc:
[email protected]
*** Shuttle ***
Today's SF Chron contains a Los Angeles Times story by Maura Dolan:
Shuttle Program Was Doomed, Panelists Say
The space shuttle prgram was so plagued by a lack of spare parts and
mission softwre and inadequate crew training that flights would have been
substantially slowed or halted by now even if the Challenger disaster had
not occurred, members of the presidential commission that investigated the
accident said yesterday. ``There was no management of this program," a
commissioner said. ``Even without the accident, the program would have
ground to a halt by this point.''
The article goes on to quote other commissioners anonymously on inadequate
planning, having to steal spare parts from other shuttles, lack of training
time, one or two of the two simulators being down often, last-minute
reprograming without testing, and so on. It also outlines some of the
recommendations of the forthcoming report.
There are about four or five other ... safety things that NASA has been
playing the same game with as the O-rings -- the main engine, the brakes,
the flapper valves (that control fuel flow), the automatic landing
system," one panelist said.
*** Nuclear Power ***
Jack Anderson's column in the same paper returned to Chernobyl and the
nuclear power situation in the United States:
We have learned that, since the hideous accident in the Ukraine, the
Nuclear Regulatory Commission staff called in the inspectors and informed
them that new, more lenient interpretations of the fire-safety regulations
had been approved by the commissioners over the inspectors' vehement
protests... Incredibly, the new guidelines let nuclear plant operators
sidestep the protection of redundant control systems by planing fire
safety for the first set of controls only. The guidelines permit
partial fire barriers between the first control system and the backup
system, which can be in the same room. This means that a fire could
short-circuit both systems.
------------------------------
From: bcsaic!douglas@uw-june <Doug Schuler>
Date: Tue, 3 Jun 86 07:56:46 pdt
To: uw-june!uw-beaver!SRI-CSLA.arpa!Neumann
Subject: Basis for SDI Assumptions?
ReSent-To:
[email protected]
I have to question two statements that were made by Bob Estell in relation
to SDI software. The first one, "A missile defense is worth having if it is
good enough to save only 5% of the USA population in an all-out nuclear
attack" is oft-heard. The phrase "worth having" could be applied to a
number of things that aren't being had by many people (things like food,
shelter, medical care, or safer cars). The question of whether something is
"worth having" irrespective of costs, as if one could snap his fingers and
have that thing is fine for idle conversation but of little use
realistically. The question of what is worth pursuing and to what degree
must be taken up by society at large. The magnitude of SDI costs as well as
admitted technical dubiousness must be compared with alternatives. We can't
have everything that anybody says is "worth having."
The second quote, "That shield might save 75% of the population in a
terrorist attack, launched by an irresponsible source" deserves some
comment. The "terrorist" argument is used fairly often also to garner
support for SDI, as terrorism is a popular topic on television, etc. I am
prompted to ask from what quarter this terrorist attack would arise.
England? France? Also, I would expect that SDI would fail miserably in the
event of anything less than the full-scale attack that it was billed as
deflecting.
How does this apply to Risks? The rationale and the requirements are
the basis for a system. If these are invalid, the system will probably
be invalid. As Herb Lin said, "Politics are just requirements at the
top level."
POSTING NUMBER 2:
[Re Bob Estell's posting]
I am not sure of the facts on this but I think it is pertinent to RISKS.
What is the story on the software for the Sargent York gun? Was a "high
level" language used. If so, and the complexity still defeated the project,
it bodes ill for SDI which consists of [the logical equivalent of?]
thousands (hundreds?) of Sargent York guns launched into space. If a
high-level language was used, there is still life in the "historical"
argument described by Bob Estell.
** MY VIEWS MAY NOT BE IDENTICAL TO THOSE OF THE BOEING COMPANY **
Doug Schuler (206) 865-3228
{allegra,ihnp4,decvax}uw-beaver!uw-june!bcsaic!douglas
[email protected]
[The use of a high-level programming language is only part of the
problem. In many cases, deep flaws exist in the design, and
the implementation makes things only a little bit worse. In those
rare cases where the design is actually sound, the programming
language -- whether high-level or low-level -- introduces the
possibility of additional flaws, such as loss of encapsulation,
lack of strong typing, lack of consistent exception handling,
improper sequencing or atomic actions particularly in distributed
systems, lack of adequate control transfers and domain changes,
and so on. But such problems exist in ALL of the commonly used
programming languages. PGN]
------------------------------
Date: Thu, 5 Jun 1986 00:32 EDT
From:
[email protected]
To: risks%
[email protected]
Subject: Technical vs. Political in SDI
I subscribe to RISKS, and I moderate ARMS-D. I will forward to ARMS-D
any SDI messages that appear on RISKS, unless specifically told not to
do so by the subscriber.
Peter -- Is this OK?
[SURE. FINE BY ME. Remember, I don't believe in the
alleged sharp partition between RISKS and ARMS-D. PGN]
------------------------------
Date: Wed 4 Jun 86 22:18:21-PDT
From: Peter G. Neumann <
[email protected]>
Subject: Computer Crime Laws
To:
[email protected]
From the SF Chron, 4 June 1986, Washington Report, p. 13:
The house approved and sent to the Senate yesterday a bill that would
expand coverage of federal laws against computer crime.
The legislation, passed by voice vote, would make it a felony knowingly to
trespass into a "federal interest" computer -- one operated by a federal
agency, a federally insured financial institution or by stockbrokers
registered with the Securities and Exchange Commission -- to obtain anything
of value.
It also would apply to entry into private computer systems located in more
than one state. The top penalty would be five years in prison and a
$250,000 fine.
The measure also would establish a new category of misdemeanor for
"hackers" who use computer bulletin boards to display passwords to computer
systems. The top penalty would be a year in prison and a $100,000 fine.
[I note that "to obtain anything of value" does not cover denials of
service, mass deletions of data, insertion of nonbenevolent Trojan
horses, and so on. The multistate basing clause may lead some
organizations into distributed system and network operations just for
the legal coverage! PGN]
------------------------------
Date: Wed, 4 Jun 86 09:43 EDT
From: <E8D%
[email protected]>
Subject: Backups for micros
To:
[email protected]
There probably isn't a lot more to be said about backing-up data that is
new. Since someone else brought up the subject, I'll recount a very recent
case of incorrect back-up procedures from here in central PA, and then make
a suggestion or two. [OK. I STILL ACCEPT A MESSAGE OR TWO ON THIS TOPIC. PGN]
A small local firm was burglarized and their micro-computers stolen.
All their diskettes were also taken -- yes, including all those carefully
made back-ups. I don't have exact values for the worth of the data but the
loss was enough to have significant impact on a small group.
I guess this comes under the heading of improperly defining the risk.
Everyone knows that computers can "eat" data and that's why one makes
copies. How many of your typical users think about flood or fire, which are
problems common to all data storage systems, much less theft which is a
threat peculiar to micro-computer use where the diskettes are worth
something -- even if they don't contain expensive programs.
I could just say, "Boy, what a dumb mistake. They should have had
hard-copy of as much stuff as practical, and protected those back-up
diskettes." That's not very productive, though. The answer lies in
education and perhaps in program developers meeting the real needs of the
users. Computer users need to know how to protect their data and why. A
couple of horror-stories go a long way. Either practical back-up schemes
described step-by-step (such as how to copy only files created after a
certain date) or else menu type software should be generally available.
This information should be easily accessible to people who don't know a
whole lot about programming or even about their system. (If I were a
diskette manufacturer I'd give away back-up program-packages.) And don't
forget the worst part of using your archive-copies -- figuring out which
version of what you are working with.
Evan Dresel
Dept. of Geochemistry E8D @ PSUVM (bitnet)
228 Deike Bldg. ...!psuvax1!psuvm.bitnet!e8d (uucp <-->
Penn State University bitnet gateway)
University Park, PA 16802 e8d%
[email protected] (arpa)
(814) 863-0672
------------------------------
Received: from SRI-NIC.ARPA by SRI-CSL.ARPA [...] Fri 30 May 86 23:36:39-PDT
Received: from SRI-CSL.ARPA by SRI-NIC.ARPA [...] Sat 31 May 86 00:03:10-PDT
Date: Fri 30 May 86 23:36:19-PDT
From: Peter G. Neumann <
[email protected]>
Subject: The Clock Lies Again
To: "RISKS@SRI-CSL"@SRI-NIC.ARPA,
[email protected]
It is after midnight, but not by SRI-CSL's time. We have another clock
problem. PGN [An homily anomaly?]
[This one was quite different from the one I previously reported.]
------------------------------
Date: Sat 31 May 86 01:21:49-PDT
From: Jagan <
[email protected]>
Subject: Re: The Clock Lies Again
To:
[email protected]
You are absolutely right .... However, I think the problem this time is
not with the algorithm to compute the most reasonable time but the fact that
the machine was unavailable (but not down!) for about half-hour this
afternoon. (The clock had stopped even though the machine didn't think
the clock had.) Jagan [Jagannathan]
------------------------------
End of RISKS-FORUM Digest
************************
-------