Subject: RISKS DIGEST 11.15 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Thursday 21 February 1991 Volume 11 : Issue 15 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Racetrack overpayments (Rodney Hoffman) Peace Shield in trouble (Henry Spencer) Is Unix the ultimate computer virus? (Mike T. on Dick Gabriel, via Martin Minow) Re: Murder, She Wrote (Jerry Hollombe) Re: Maintenance, Warranties, etc. (Charles Shub, Joseph M. Newcomer, Richard H. Miller, John Sullivan, Greg Johnson, Gene Spafford) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line. Others ignored! REQUESTS to RISKS-Request@CSL.SRI.COM. FTP VOL i ISSUE j: ftp CRVAX.sri.comlogin anonymousAnyNonNullPW CD RISKS:GET RISKS-i.j (where i=1 to 11, j is always TWO digits. Vol i summaries in j=00; "dir risks-*.*" gives directory; "bye" logs out. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. ---------------------------------------------------------------------- Date: Wed, 20 Feb 1991 15:16:26 PST From: Rodney Hoffman Subject: Racetrack overpayments A short item by Steve Schuelein in the 'Los Angeles Times' 18 Feb. 91 says that "a series of computer malfunctions" resulted in $26,000 in excess payouts at the local Los Alamitos racetrack. A too-lucrative payoff was posted for several minutes before the error was corrected. Track president and general manager Lloyd Arnold said the computer problems also prevented satellite wagering at 14 outlets in Nevada, and the Nevada Racing Commission might suspend wagering on races at Los Alamitos until the problems are corrected. According to Arnold, "[Amtote] said a printer on the computer malfunctioned, but I think the personnel here is not qualified." ------------------------------ Date: Wed, 20 Feb 91 22:21:48 EST From: henry@zoo.toronto.edu Subject: Peace Shield in trouble No, this is not another SDI contribution! "Peace Shield" is the USAF- managed project to provide Saudi Arabia with an integrated air-defence control system. From Flight International, 23 Jan: The USAF is looking to Hughes, Unisys, Westinghouse or General Electric to pick up the pieces of the Peace Shield Saudi Arabian air-defence ground environment following termination of most of Boeing's contracts on the beleaguered programme. The USAF says it cut the bulk of the $1.05 billion contract because of Boeing's "...failure to make progress so as to endanger final operational capability". [sic] [Original target date was April 1991. Revised Boeing estimate was August 1994; USAF hopes others can do better. USAF action probably prompted by Saudi pressure.] Boeing's difficulties centred on developing the software for integrating the disparate sensors, sector operations, sector command and command operations centres. The programme appears to have suffered a similar fate to other software-intensive projects in that the prime contractor underestimated the quantity and the technical complexity of the software. Peace Shield required hundreds of thousands of code lines to be developed. The depth of the problem encountered by the company was indicated by its failure to meet even a considerably revised continental United States integration testing. [sic] [Boeing retains some minor hardware contracts for Peace Shield.] ------------------------------ Date: Wed, 20 Feb 91 13:12:19 PST From: "Martin Minow, ML3-5/U26 19-Feb-1991 1606" Subject: Is Unix the ultimate computer virus [Slightly edited by Martin Minow] From: "mt@media-lab.media.mit.edu" To: unix-haters@mc.lcs.mit.edu Subj: Worse is better I apologize for the relative lack of vituperation in the following, but you can draw your own conclusions. MADRE::MWM 203 lines 8-FEB-1991 15:14 >> I once went to hear a talk by Thompson at MIT. Thompson said one of >> the professors had said to him, "I hate you. UNIX stopped all research >> in operating systems." Thompson apologized. The professor exaggerates - but not by much. The comments by Bob in .29 are relevant in both cases. Oddly enough, there's been some talk in comp.society.futures about windowing systems, and an interesting article (included below) on OS developement (included below) landed in my mailbox recently. The problem with OSF/Motif - and X in general - is not that it's missing features; it's that critical parts of it are arcane and unusable. I'm not sure that the resource mechanism can be deleted from it in any reasonable way. Subject: Re: Maintenance (car recall/software analogies, RISKS-11.14) => [ several articles on who gets fixes to bugs in software ] I find this thread of discussion interesting and amusing. We don't really do any "software maintenance" in this field. What we are really doing is "software upgrades" no matter what we want to call it. I don't know the history behind the term "maintenance" in this context but can hypothesize several reasons. The discussion brought to mind some past frustrations in dealing with a subsidiary of Ford Motor Company, the frustrations arising on my part because of my inability to convince some people there that software was somehow fundamentally different from automobiles, and hence the construction processes were probably dissimilar. My frustration reached its peak when I was unable to properly convey my incredulity at the notion of periodic scheduled preventive maintenance on a piece of software. I still do not understand what that means. The risk, of course, is that by using a "wrong" term we imply wrong things as aptly demonstrated (albeit peripherally) in the recent discussion of bug fixes. charlie shub cdash@boulder.Colorado.EDU -or- ..!{ucar|nbires}!boulder!cdash cdash@colospgs (BITNET) -or- (719) 593-3492 ------------------------------ Date: Wed, 20 Feb 1991 18:18:37 -0500 (EST) From: "Joseph M. Newcomer" Subject: Warranties >>From: rick@pavlov.ssctr.bcm.tmc.edu (Richard H. Miller) >>[As an aside, I have a difficult time understanding why a person who does not >>pay for software maintenance expects to have bugs fixed. If you choose to >>not pay for the service, then don't expect the vendor to fix it for free.] > brian@ucsd.Edu (Brian Kantor) >When I pay for software, I do so >under the assumption that it would perform as specified, not that it sorta >might work kinda like what the manual said. Absolutely. In fact, if Brian hadn't written this, I would have. If a shrink-wrap software license was applied to any product other than software, Ralph Nader or his equivalent would be on the industry in nanoseconds, and rightfully so. I am a former product developer. We took the attitude that you had to add new features to a product, enough to justify the upgrade fee, AND fix all the bugs reported in the previous version, insofar as possible (note that it was not a bug if the software didn't do something the user expected, as long as it hadn't been promised). I find it immoral and unethical to charge for bug fixes; the product was defective. But since we couldn't afford to give out free updates, we simply made the user buy the bug fixes by buying the new features. This is not totally acceptable, but is the best a 2.5 person company can do. On the other hand, I find it totally unacceptable that a company like Apollo could release a Pascal compiler with known code generation problems and refuse to fix it for a year because "it wasn't in the release cycle". The compiler generated incorrect code for compile-time constant expressions. If we don't police ourselves, some vastly less competent and authoritarian group will eventually do it for us. And as software gets out more into the public there is less and less tolerance for the past attitudes. Law is a way of formalizing what should be polite behavior. If everyone were polite, laws wouldn't be needed. Business-as-usual is putting us all at RISK. ------------------------------ Date: 21 Feb 91 00:26:50 GMT From: rick@pavlov.ssctr.bcm.tmc.edu (Richard H. Miller) Subject: Re: Serious bug... (Pellett, RISKS-11.14) Well, of all the postings so far in response to my original aside, this seems to be the only one which read the rest of the article. I specifically made a point of asking whether this type of software defect warranted special treatment from software vendors. It is my feeling that there are two catagories of software defects that could fit under this catagory, security defects and data corruption defects.I consider these two catagories to be similar to the type of defect which would require a car to be recalled. They can cause the system to be destroyed or data within it to become unreliable. [In a software sense this is comperable to having the brakes fail or the gas tank explode.] These defects should be fixed free of charge. Other types of defects would fit into the same category as what you get with a car. The software is warrented for a period of time in which fixes will be provided. At the end of this time, if you choose to not pay for maintenance, then you are out of luck. [Just as if your distributor goes out on your card after 1 year]. With this premise, what are the responsibilities of the vendor in providing fixes to the two types of defects? I can see no problem on the part of S/W vendors if a patch is all that is required to fix a problem. But if the problem is in the design of the software and requires a redesign which would appear in the next release, should users be provided the new version for free. For the record, I believe that for security and data-integrity problems, the vendor does have an obligation to provide fixes within the scope of the original purchase. Richard H. Miller, Asst. Dir. for Technical Support, Baylor College of Medicine, One Baylor Plaza, 302H, Houston, Texas 77030 (713)798-3532 ------------------------------ Date: Wed, 20 Feb 91 20:21:30 CST From: sullivan@poincare.geom.umn.edu Subject: Re: software warranties Risks 11.14 had a very interesting discussion on software warranties. Many people responded to Richard Miller's suggestion (that someone who does not pay for maintenance should not expect bug fixes) by pointing out that bugs are defects and thus covered under the standard implicity warranties. Flint Pellett suggests that software come with a limited-time guarantee, but ->if you are past the 90 days (or however long) and you didn't ->buy a maintenance contract, then you are (and ought to be) just as much out of ->luck as if you didn't buy a maintenance contract on your fridge. Software ->buyers are likely to start paying attention to how long the guarantee is for, ->and not buy from companies with really short guarantee periods. Since software does not deteriorate over time like hardware, I see little point in putting a time limitation on any warranty. Vendors may wish to allow a short time period in which a dissatisfied customer could get a refund, but bugs (no matter when they are discovered) were presumably present at the time of purchase and should still be covered. Of course, there might be a problem if the company has long since discarded the product. But software usually has a limited useful life so I don't really think we have to worry about people making warranty claims 20 years later. There needs to be some limit, however, on the kinds of bugs covered. Brian Kantor says ->I would maintain that a piece of software which is ->found, at any time, to not perform as specified at time of purchase is ->defective and must be remedied by the vendor. I think this would merely lead to a lack of detailed specifications: "You found a bug? Oh, no, that's a feature." It seems clear that safety-related bugs, like holes in operating systems, should be fixed for free. And if there is gross misrepresentation of what the software does, or if it is so flaky as to be unusable, you would want a refund. If you buy a "screen editor" and get "ed", you return it. But if you get "vi", I'm afraid you're stuck with a few minor problems and shouldn't expect to have them fixed. Everyone seems to know bugs in "vi" (especially in autowrap), but don't hold your breath waiting for Sun or Silicon Graphics or anyone like that to fix them. The bugs are often annoying, but "vi" is still quite useful, and does its basic job. But does it "perform as specified"? Software vendors should be expected to fix major bugs for free, but when it comes to more obscure problems or those with easy workarounds, this is less clear. If the vendor has switched to a new version, with substantial improvements along with fixes, it is hard for them to keep maintaining all earlier versions. While we might want free upgrades for life, this should be an option at purchase time, not required by the government, as it might drastically increase the cost of some software. John Sullivan sullivan@geom.umn.edu ------------------------------ Date: Thu, 21 Feb 91 00:37:30 EST From: johnson@castor.cs.uga.edu (Greg Johnson) Subject: Software is not Hardware...(AT&T != Ford) Flint Pellet says: >I would say that there is no reason software should be any different than >anything else you buy. If you buy a new appliance, you get a guarantee for 90 >days against defects in materials and workmanship, and when you buy software >you ought to get a similar guarantee. A bug like this is a defect in the >workmanship, and if you are still covered by the guarantee, you ought to get it >fixed free. But if you are past the 90 days (or however long) and you didn't >buy a maintenance contract, then you are (and ought to be) just as much out of >luck as if you didn't buy a maintenance contract on your fridge. I disagree. The salient difference is that software, unlike hardware, is not affected by physical laws. Software is the expression of thought, and does not wear out. There are no bearings to go, no heat to fatigue. Thus, the defects which manifest themselves are purely a result of a failure on the part of the manufacturer. There is not, and should not be a MTBF for soft- ware. Though migration between architectures may be grounds to void this warranty, I cannot see how software houses can rationally set a warranty period shorter than that on my hard drive. ------------------------------ Date: 21 Feb 91 17:02:00 GMT From: spaf@cs.purdue.edu (Gene Spafford) Subject: Re: warranties etc. (RISKS-11.14) In RISKS 11.14 there were many responses along the lines of "If I pay good money to buy software, I expect it to work as it should." Brace yourself -- you didn't buy it. You have licensed it. If you check out all the fine print somewhere, you'll see that you have a limited license to use the software. Also, if you look in that same fine print, you are probably going to find a disclaimer of warranty that absolves your vendor of all liability, and that explicitly disclaims any warrant of mechantability or fitness for any purpose. I.e., the software may not do anything, but they aren't *legally* representing it as supposed to be doing anything! I don't think this is a proper way to do business, but it has become standard in the industry. There have been some cases where such warranty disclaimers have been struck down in courts if the software failed to even boot up, but I have never heard of the provisions being struck down for something like the security bug leading to this discussion. In general, if you were to purchase a car or TV or any other major appliance, and in so doing had to sign a piece of paper that said (effectively): "You are not really buying this, you are leasing it. You can't sell it or give it away without our permission, nor are you allowed to take it apart to see how it works. We don't promise that it does anything in particular, despite what the salesman said. If you try to use it and it fails, we're not responsible for any damages of any kind. If really pressed, we'll exchange the item for a pile of the raw materials we used to construct it, at no charge to you. No other warranties are in effect on this item (except what may be in your state law) no matter what the salesman says -- we disavow any promises he made beyond this statement." would you buy it? We do it with software all the time..... The problem has complex roots, beyond the scope of a short message here: intellectual property, software specification and testing, and poorly-informed consumers add to the problem. We have cultivated a professional and commercial attitude that is really like only 2 other professions -- and they have state licensing imposed on them: "I'm sorry, we did everything we could to treat the infection, but he just didn't respond." "I'm sorry -- we gave it our best shot, but the jury didn't believe you." "I'm sorry -- we used state-of-the art methods, but you know how hard it is to find *every* bug." The bottom line: by current definition and tradition, your vendor is not really obliged to provide a fix unless you have a separate maintenance agreement. Talk of a recall is "silly." If you don't like it, you can always try to find another vendor to whom you take your business. Before any of you get too outraged by this, check carefully: * If you sell a computer product, what do *you* disclaim? * If you are a consumer, how many products have you bought this way without complaint? * When have you conveniently blamed something on "the computer"? Gene Spafford, NSF/Purdue/U of Florida, Softw. Eng. Research Center, Dept. of Computer Sciences, Purdue University, W. Lafayette IN 47907-2004 (317) 494-7825 ------------------------------ End of RISKS-FORUM Digest 11.15 ************************