RISKS-LIST: RISKS-FORUM Digest Friday 3 June 1988 Volume 7 : Issue 3

RISKS-LIST: RISKS-FORUM Digest Friday 3 June 1988 Volume 7 : Issue 3

FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Contents:
OTA Report: Science, Technology, and the First Amendment (Jan Wolitzky)
Disasters and computer facilities (Rodney Hoffman)
Running as root; Hinsdale redundacy; Daedelus (David Herron)
Optimizing PL/I (Bard Bloom)
Re: Auckland cable cars (Richard A. O'Keefe)
My experience with metal balloons (David J. Edgerton)
Halon (Romain Kang)
Virus collection (Robert Slade)

The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome.
Contributions to [email protected], Requests to [email protected].
For Vol i issue j / ftp kl.sri.com / get stripe:<risks>risks-i.j ... .
Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85),(6,95).

----------------------------------------------------------------------

Date: Thu, 2 Jun 88 08:02 EDT
From: [email protected]
Subject: OTA Report: Science, Technology, and the First Amendment

The U.S. Congress's Office of Technology Assessment (OTA) recently issued a
special report that may be of interest to readers of the RISKS Digest. It
is entitled, "Science, Technology, and the First Amendment," (OTA-CIT-369,
Washington, DC: U.S. Government Printing Office, January, 1988, 73 pp.,
$3.50). The table of contents follows:

I. Freedom of the Press in the Information Age
1. New Technologies for Gathering News and Information
Newsgathering
Computer Databases
Media Satellites
Implications for Privacy
Implications for National Security
2. New Technologies for Editing and Selecting News and
Information
Electronic Publishing
Editorial Control and Liability
Global Networks and the International Press
3. New Technologies for Publishing and Disseminating News
and Information
The Convergence of the Media
Cable Television
Information Services Delivered Over Telephone Lines
II. Scientific Communications and the First Amendment
4. National Security and Scientific Communications
Science, Free Speech and National Security
The Executive Branch and Classification of Documents
Export Controls
5. The 1980s: Converging Restrictions on Scientific
Communications
Contractual Restrictions on Communications
Restrictions on Informal Communications
Self-Restraint
National Security Directives and the Role of the
National Security Agency
6. Constitutional Issues: An Overview

Jan Wolitzky, AT&T Bell Labs, Murray Hill, NJ; 201 582-2998; mhuxd!wolit
(Affiliation given for identification purposes only)

------------------------------

Date: 2 Jun 88 11:56:13 PDT (Thursday)
From: Rodney Hoffman <[email protected]>
Subject: Disasters and computer facilities

The 'Wall Street Journal' for Tuesday, May 31 features a story by Wendy L. Wall
headlined "FEW FIRMS PLAN WELL FOR MISHAPS THAT DISABLE COMPUTER FACILITIES"
(page 25 -- front page of Section 2). The lead sentence says, "Welcome to the
era of the electronic disaster."

Starting with a review of the Hinsdale fire and its effects, the story discusses
"accidents that disable the concentrated computer and telecommunications
networks on which companies depend increasingly for basic tasks.... In a recent
University of Texas study, 75% of businesses surveyed said they would have a
'critical or total loss of functioning' within 14 days if they lost their
computer support.... Serious disruptions ... are becoming more common as
computers spread...."

"Most businesses are ill-prepared to cope with electronic disasters, computer
and communications specialists say.... Many top executives 'don't realize that
the value of the information (in the computer) could very easily be worth
several times the value of their hardware, software and building,' says Steven
Christensen, a researcher at UT. In addition, the cost of insurance or backup
computer systems can be high...."

Besides dividing operations between several sites, the other major precaution
taken by a growing number of companies is buying disaster insurance to use
backup computer centers and networks: "The two largest disaster-recovery
companies ... have nearly 1500 clients...."

The major example used in the story is that of wholesaler United Staioners,
which has spent nearly $1 million a year on emergency preparations which served
them well in the present Hinsdale fire: "Within hours, they dispatched a 31-man
team, with backup data tapes, to an insurer's computer facility in New
Jersey.... By the next day, they had reconstituted their entire computer
network.... Although all this cost some $600,000 over two weeks, including a
$40,000 fee for the insurer and travel costs for the 31 people sent to New
Jersey, it probably saved the company at least $30 million in sales during that
time, says United Staioners' CEO. Even more important, he adds, was the boost
to customer confidence."

[Stationers? Stainers? Stallioniers? P.]

------------------------------

Date: 2 Jun 88 16:36:56 GMT
From: David Herron <[email protected]>
Subject: A few points from recent risks
Organization: U of Ky, Math. Sciences, Lexington KY

Running as root bad:

Someone from CMU berated the fella who'd messed up his disks for doing dumps as
root and suggested instead running as "sys". hmm. My first thought was "what
about files that people have protected against global reading? You'd need root
to be able to read them". But dump reads directly from the device... no
problem. I'd suggest a small change -- make the permissions "400" rather than
"444" to prevent "everyone" from being able to read the disk.

In general however I've found it very good to engrave some of the more mystical
and hard to remember incantations into shell scripts and the like. One of the
first projects I did here was to come up with a backup procedure for our
systems. I of course used shell scripts for the whole thing... I also put a
sticker on the console giving the format of the backup command for those times
when I was typing it directly, and relied on that sticker to jog my memory.

Multiple routes aren't multiple routes if they're the same physical route:

About the Hinsdale stuff. There were a number of trunks heading into the same
building using the same exact physical route, right? And the claim was that
the trunks were going over different routes. Well, this just isn't a very good
assumption -- obviously. One only needs to remember the arpanet outage a year
or so ago where a backhoe dug up some cables. All of New England's ARPANET
traffic was ultimately routed through the cables that were in that one trench,
yet they were separate cables going over different "routes".

sigh [See RISKS-4.30. PGN]

I think that we (as telecommunications customers) should have the ability to
demand proper seperate routes (physical routes) for backup communications ...

Daedelus thumb stuff:

Um, joke or no I'm surprised nobody got scared over the same thing I was
immediately scared over. That there's all these financial transactions sitting
on my thumbnail and every time I purchase something I'm potentially telling the
store all of my financial dealings for the past N months. That's a disclosure
of information they have no need or right to know. Weell... they have a "need"
in that it would give them a better idea of who they're dealing with, but I
certainly don't want to be giving them such detailed information.

David Herron

------------------------------

Date: Thu, 2 Jun 88 23:22:40 edt
From: Bard Bloom <[email protected]>
Subject: Optimizing PL/I

> Yes, and for this reason, I've always liked the IBM translators, and
> particularly the PL/I optimising compiler. PL/I told you (as a
> warning-level message) when it detected and deleted unreachable code.

The last time I used an IBM PL/I optimizing compiler (some years ago), I had
a procedure which took two 32-bit integer arguments. I called it with the
constant arguments 1 and 1. It produces some cosmically weird results.
Eventually I put a print statement after the procedure entry; when the 1's
got passed to the procedure, they were somehow transformed into 65536's.

Somehow the compiler was interpreting the 1's as 16-bit numbers and putting
them in the wrong half of the 32-bit arguments. I immediately switched to
non-IBM PASCAL.
-- Bard Bloom

------------------------------

Date: 2 Jun 88 07:38:09 GMT
From: [email protected] (Richard A. O'Keefe)
Subject: Re: Auckland cable cars (Willis Ware, RISKS-7.1)
Organization: Quintus Computer Systems, Mountain View, CA

It's about a year since I was last home, but Auckland didn't have any
cable cars then, and I very much doubt that they've got any now. (The
Museum of Transport and Technology has a small tram system, but those
are old trams and have no computers.) There's a cable car in Wellington
such as Willis describes, but then, Wellington is only the capital, can't
expect people to get _that_ right. If the paper was the Sun, I've heard
that it's typeset by computer, perhaps that is the risk story?

[Willis noted he read an Auckland newspaper. We'll assume the cable
cars were really in Wellington, unless someone else contradicts it... PGN]

------------------------------

Date: Thu, 2 Jun 88 14:26:20 PDT
From: edgerton%[email protected]
Subject: My experience with metal balloons

About 2 years ago (Summer of 86) I bought a metallic balloon for my 2-year old
daughter. It had a metal "string" about six feet long. When we were getting
into the car, she let go of it, and it flew up into the corner of the parking
lot and tangled up in the power transformer there. It shorted out the
transformer and killed power for half the town.

After my initial surprise at the damage, and feeling lucky that I didn't have
to pay for the damage, several thoughts crossed my mind.

1. That metal string should never have been used. Some powerline droop
fairly low.

2. I jokingly told some friends that you could really "take out" the power of
a town fairly easily. I was not aware how fragile our power system was.

3. The potential for mischief and vandalism implied by #2.
David J. Edgerton

------------------------------

Date: 2 Jun 88 19:26:02 GMT
From: [email protected] (Romain Kang)
Really-From: [email protected] (John Kurzman)
Subject: Halon

In RISKS 6.87, Anita Gould asks about dry-run tests of halon equipment.
Here is a fortunate experience from such a dry-run:

To test that the equipment had been installed properly in a computer
room, a gas other than halon was put in the tanks. The alarm was then
triggered manually, and the room was evacuated.

Normally, the operator would have manually shutdown the system (Operating
System, not power down), and then left the room. Since this was only a
drill, the operator left immediately.

When we returned to the room, one of the 'dispersers' from the tank
had shot itself across the room and was embedded in the wall. These
'dispersers' are cork-screw shaped metal objects, and have quite a point.
In line with the trajectory of the disperser was the operator's chair at
the console.

If the operator had actually stayed too long in the room to insure an orderly
shutdown of the system, his own shutdown would have instead occured.

The tank was then turned to aim elsewhere, but the dispersers are normally
not supposed to leave the tank.

------------------------------

Date: Thu, 2 Jun 88 07:15:54 PDT
From: [email protected]
Return-Path: <@um.cc.umich.edu:[email protected]>
Subject: Virus collection

Re: my offer of the collected virus messages: please note that American
postage is no longer acceptable. Send a 5 1/4" double sided, double density
MS-DOS 2.xx or 3.x formatted 360K floppy diskette, with a self addressed
*Canadian* stamped mailer to: Robert Slade, 3118 Baird Road, North Vancouver,
B. C. V7K 2G6

Thanks to all of those who have followed the proper form. I hope the American
stamped packages have not suffered too greatly at the hands of customs.

------------------------------

End of RISKS-FORUM Digest
************************