Subject: RISKS DIGEST 16.66 REPLY-TO: risks@csl.sri.com RISKS-LIST: RISKS-FORUM Digest Tuesday 20 December 1994 Volume 16 : Issue 66 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** HAPPY HOLIDAYS!!! ***** ***** NOTE, THE SRI RISKS ARCHIVE SOURCE has moved to unix.sri.com. ***** ***** See last item for further information, disclaimers, etc. ***** Contents: Microsoft has no plans to acquire Catholic Church (from EDUPAGE) Mistaken Identity (Tom Knoedler) Emergency Broadcast System Goes Automatic? (Darrell F. Oresky) Brands Burn the Bull's Behind (Peter Wayner) Followup to "No I'm not Newt" (Ted Koppel) Re: Oral Hackers (Steve Holzworth) Re: Technology Under the Weather (Ross Oliver) Intel announces new Pentium replacement policy (Rich Kulawiec) Pentium bug as data management problem (Rob Aitken) Testing the Pentium bug (Daniel Essin) Mary Payne and "Good to the last bit!" (Paul A. Karger) Pentium FDIV problem - so what's new ? (A. Padgett Peterson) Spreadsheet Errors Study (Ray Panko) The Status of Disclaimers (Dick Nickalls) CFP: New Security Paradigms Workshop (Catherine A. Meadows) CFP: Safety and Reliability of Software Based Systems (Stella Page) Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. ---------------------------------------------------------------------- Date: Mon, 19 Dec 94 11:43:01 PST From: "Peter G. Neumann" Subject: Microsoft has no plans to acquire Catholic Church (from EDUPAGE) The latest Internet hoax has Microsoft acquiring the Roman Catholic Church, including exclusive electronic rights to the Bible. The story, written under an Associated Press byline, says the agreement provides for Pope John Paul II becoming the senior vice president of the company's new Religious Software Division, and two Microsoft senior vice presidents being invested in the College of Cardinals. The fake story included a promise from Bill Gates to "make the sacraments available online for the first time." Officials at Microsoft and AP said they didn't know where the story originated. (Tampa Tribune 12/17/94 B&F10) [FROM EDUPAGE, 18 Dec 1994, which concludes thusly:] [EDUPAGE is what you've just finished reading. To subscribe to Edupage: send a message to: listproc@educom.edu and in the BODY of the message type: subscribe edupage Count Dracula (assuming that your name is Count Dracula; if it isn't, substitute your own name) ... To cancel subscription to Edupage: send a message to: listproc@educom.edu and in the BODY of the message type: unsubscribe edupage.] [Several folks submitted the original hoax to RISKS. It was not run here for a variety of reasons. The omission was not a sacra-mental lapse on my part. Fakes Vobiscum. PGN] ------------------------------ Date: Wed, 14 Dec 94 13:50:00 PST From: "Knoedler, Tom" Subject: Mistaken Identity In the 19 December 1994 edition of *Newsweek*, read the `My Turn' column entitled ``A Case of Mistaken Identity: On the Information Highway, you are guilty until proven innocent'' by Michael W. Klein. Mr Klein, an attorney in New Jersey, was was falsely identified as a reckless driver because a police clerk made a mistake on an address search. Law enforcement personnel were prepared to lock him up even though the physical descriptions did not match, even though the demographics did not match, just because the warrant had come out of the computer. Thomas Knoedler knoedler@sangamon.edu [... A familiar kind of case for long-time RISKS readers. PGN] ------------------------------ Date: Fri, 16 Dec 94 14:48:28 EST From: dforesky@jumbo.Read.TASC.COM (Darrell F. Oresky) Subject: Emergency Broadcast System Goes Automatic? I heard a short note on the local all news radio station recently about a planned upgrade to the Emergency Broadcast System (EBS). This upgraded service would allow the EBS to reach radio and TVs that were not actually turned on when the broadcast was sent. The intent is to inform even those misfortunates who were not actively listending or watching at the time of an emergency. I assume such an upgrade would require changes to radios and TVs to allow them to be turned out remotely via some sequence of commands carried over the airwaves? One potential risk of this configuration is that one could remotely activate speakers or video devices that may be part of the television or radio, and use this mechanism to listen in without anyone knowing. Darrell Oresky dforesky@tasc.com ------------------------------ Date: Tue, 20 Dec 1994 09:36:51 -0500 From: pcw@access.digex.net (Peter Wayner) Subject: Brands Burn the Bull's Behind The Sports Monday of the NYT (12/19/94) ran a headline calling one basketball team the "Pentium" of basketball teams. It wasn't because they were playing 2-3 times faster than last year's team. This illustrates the RISKS of imprecise technical language. There was no real meaning to the word "Pentium" before. The Intel, AMD and other clones were all supposed to be interchangeable. The brand name was just a marketing ploy that was even more hollow than the work of the folks at P&G, Coke or Pepsi. After all, there _is_ a difference between colas. So, if there is no meaning to the word, it shouldn't be surprising that the first hint of a meaning, no matter how irrational, rushes in to fill the vacuum. ------------------------------ Date: Fri, 16 Dec 1994 18:50:38 -0700 (MST) From: tkoppel@carl.org (Ted Koppel) Subject: Followup to "No I'm not Newt" To add to Steve Barr's comments about AOL and how anyone can have any name on that system: My real name is Ted Koppel. There happens to be another fellow, a broadcaster, who has the same name as I do. I took my "ten free hours" on AOL, and explored the system. Not surprisingly, I used my name (actually Tkoppel, which is a reasonable login variation). One of the places to visit on AOL is an area 'owned' by ABC News. I was in there, reading some of their stuff, and talking in one of the forums there, when I was told, in no unambiguous terms, to either get off the forum or change my name. Since my name is, after all, on my driver's license, I figured that I had a pretty good right to use it :-) So I told the fellow that. It turns out that he is/was some sort of a staff person working for the ABC Ted Koppel, and he was concerned that people would mistake ME for his Ted Koppel (a legitimate risk, I suppose). On the other hand, I'm not convinced that threatening me rudely was the appropriate way to go about it. By the way, I subsequently dropped AOL, partially for this reason, but primarily because there was no 'killer app' that made me want to stay. Ted Koppel * The UnCover Company * The CARL Corporation * tkoppel@carl.org Work: 404 242 8733 Fax: 404 242 8511 ------------------------------ Date: Tue, 20 Dec 1994 04:40:19 GMT From: sch@unx.sas.com (Steve Holzworth) Subject: Re: Oral Hackers (RISKS-16.65) Mac 840AV machines (and presumably other AV machines) have a voice recognition feature. When we got ours, shortly after they had been released, and before anyone started doing useful work, we used to have great fun popping into someone's office and stating: "Computer, Restart, Yes." whereupon the Mac would dutifully reboot. ("Shutdown" was another option...). Steve Holzworth, SAS Institute, SAS/Macintosh Development Team, Cary, N.C. ------------------------------ Date: Fri, 16 Dec 1994 22:01:46 GMT From: rosso@roscoe.csd.sgi.com (Ross Oliver) Subject: Re: Technology Under the Weather (Symonds, RISKS-16.65) This article is biased and oversimplified view of a complex set of requirements. I wonder whether the weather specialist quoted in the article has an axe to grind against automated weather reporting systems. The fact that the weather station report did not match current conditions is not unusual, regardless of who or what is making the report. Most airport weather reports are made once per hour, so if the weather is changing rapidly (for example, a storm front is moving in), actual conditions may be quite different from what is reported in the last hourly observation. This is not the fault of the automated observation system. Pilots must take into account when the observation was made, and how likely it is that conditions may have changed. The article also stated, "the machines also cannot tell when there are clouds above 10,000 feet," implying a crippling limitation. In reality, clouds more than 5,000 or 6,000 feet above the ground are not particularly relevant to airport operations (i.e. takeoffs and landings), so less effort is expended to gather data on high clouds. Ross Oliver ---------------------------------------------------------------------- Date: Tue, 20 Dec 94 08:55:07 EST From: rsk@gynko.circ.upenn.edu (Rich Kulawiec) Subject: Intel announces new Pentium replacement policy Public radio's "Marketplace" show is carrying a story this morning announcing that Intel will now replace, on request, any and all Pentium processors. This is a revision of their earlier policy, which required that Pentium owners justify the replacement to Intel staffers. I suspect that they could no longer afford the bad publicity or the manpower cost associated with the phone banks used to screen replacement requests. [I suppose it is the corrected chip that will be called RePentium. PGN] ------------------------------ Date: Fri, 16 Dec 1994 12:44:26 -0800 From: Rob Aitken Subject: Pentium bug as data management problem With all the discussion of verification, formal or otherwise, it seems to me that another explanation is being overlooked. Given the immense amount of data associated with a given chip design, it could be that the hardware implementation of the Pentium divide unit and the software representation which was verified (by whatever techniques Intel uses) were not the same. Before a chip is fabricated, it exists as a huge software database, often including several mutually incompatible representations, with a large number of people using and changing it. Version control is a serious problem. If a design change was made after verification, or if verification was inadvertently performed on an earlier design, it is easy to see how a bug could slip in, even with formal verification. If something like this did in fact happen, then the Pentium bug is an example of a much more mundane data management RISK than it has been made out to be, both in this forum and elsewhere. Rob Aitken ------------------------------ Date: Sat, 17 Dec 94 1:10:26 PST From: Daniel Essin Subject: Testing the Pentium bug I need a new, faster computer so I went to some computer stores to look at the Pentium 90's. Knowing of the fpu bug, I took my trusty formula snared off the net to test them. >put in 5505001/294911. The correct answer is 18.66665197297. The Pentium >produced 18.666092939000. I carried out this test on two Pentium machines in the store using windows calculator. they both produced the wrong answer. A 486/66 of the same brand produced the correct answer. When I asked the sales people about the bug, they said that the also had a test routine so we tried it. The instructions were to perform the use qbasic and run the following program: PRINT (4195835 * 256)/(3145727 / 256) Their instructions say that the correct answer is 87413.2569545927. Both Pentiums produced the correct answer - however - they also produced the correct answer to 5505001/294911. I suspect that since qbasic has to run on oldx86 machines that lack fpu's, all floating point is probably done with a software emulator. Using this test, the store will never identify a single chip as defective creating a false sense of security with the customers and avoiding the difficulty of getting chips that are actually defective replaced. caveat emptor ------------------------------ Date: Fri, 16 Dec 94 10:06:30 -0500 From: "Paul A. Karger" Subject: Mary Payne and "Good to the last bit!" Tony Lauck commented on Mary Payne's work on assuring that DEC's computational routines always gave good results. I also worked with Mary at DEC, and was VERY impressed with her commitments to mathematical accuracy. Her motto at the time was that the computations should be "Good to the last bit!" I have to agree that between Mary's work on algorithmic analysis and DEC's VERY extensive testing of instruction sets on each new processor model, it would have been very unlikely for a bug of the severity of the Pentium FDIV problem to have gotten out on a VAX or an Alpha processor. ------------------------------ Date: Fri, 16 Dec 94 09:23:39 -0500 From: padgett@tccslr.dnet.mmc.com (A. Padgett Peterson) Subject: Pentium FDIV problem - so what's new ? Might point out that there is nothing new in the FDIV problem, 80x86 chips are notorious for "different" microcode - for a semi-complete list see the "86BUGS.LST" file in Ralf Brown's interrupt list. For just one example, the operation of the instruction AAA ("ASCII Adjust for Addition" hex code 37) is noticeably different when executed on an 8088 as opposed to an 80386 - with initial value of AX=FFFF on an 8088 the result will be 0005h while on a 386, 0105h will result. As a consequence any financial programs using BCD addition and requiring the AAA instruction may have different values on different systems. Padgett PS. Of course, I do not know of any program using either BCD or AAA and AX=FFFFh should never result from BCD addition, but what does that matter (AAM 37 now... 8*) ? ---------------------------------------------------------------------- Date: Fri, 16 Dec 1994 10:02:15 -1000 From: "Ray Panko" Subject: Spreadsheet Errors Study I have recently completed a study on the types of errors that people make when they uses spreadsheet programs. I am currently writing up the results. If you know of previous research that looked at spreadsheet errors other than the Michigan work of Olson and others or the Brown and Gould study at IBM, I would be grateful for citations or other information. Basically, we found that student spreadsheeters have about the same error rates as professional programmers. About five and a half percent of their cells have errors before debugging. The problem is that they did not spontaneously debug, a lack seen in the Brown and Gould lab study and also in two ethnographic studies of real world spreadsheeters. Given these error rates and apparent lack of deep debugging, the question is not what fraction of spreadsheets have errors but rather how many errors the typical large spreadsheet has. Aloha, Ra3y (the 3 is silent) Prof. Raymond R. Panko, Decision Sciences Dept, College of Business Admin. U of Hawaii, 2404 Maile Way, Honolulu, HI 96822 Panko@hawaii.edu (808) 956-5049 ------------------------------ Date: 17 Dec 1994 10:28:18 GMT From: mtzrwn@vaxb.ccc.nottingham.ac.uk Subject: The Status of Disclaimers This is a HELP message. Can anyone out there direct me to any info/archive which will tell me the current state of disclaimers. I am writing some programs for medical use, and have come across the problem of how to phrase the disclaimer so that it stands up in court. The problem seems to be, at least in the UK, that one cannot say "..we disclaim all liability.." since apparently one has to put a sensible and realistic liability limit in the disclaimer. Perhaps some folk can help me here. Dick Nickalls,, Dept Anaesthesia, City Hospital, Nottingham, UK dick.nickalls@nottingham.ac.uk 100115.1010@compuserve.com -------------------------------------- Date: Thu, 15 Dec 94 19:33:40 EST From: meadows@itd.nrl.navy.mil (Catherine A. Meadows) Subject: CFP: New Security Paradigms Workshop CALL FOR PAPERS NEW SECURITY PARADIGMS '95 A Workshop Sponsored by ACM SIGSAC, DoD, and the Aerospace Institute Residence Inn University of California at San Diego La Jolla, CA August 22-25, 1995 Paradigm shifts disrupt the status quo, destroy outdated ideas, and open the way to new possibilities. This workshop explores radical new models for computer security, trusted system integration, and intercomputer networking security. The goal is to develop transcendent solutions that provide the flexibility and interoperability users require in trusted systems. We offer a creative and constructive workshop environment for about 25 participants at a small campus inn in scenic La Jolla adjacent to San Diego. Dress is casual. The tone is exploratory rather than critical. The refereed papers will be printed in a workshop proceedings. To participate, submit preferably via email a research paper or a 5-10 page position paper to Program Chairs John Dobson and Catherine Meadows at the email addresses listed below by April 1, 1995. Alternatively, submit five copies of a hard-copy paper to either program chair by March 24, 1995. The Program Committee will referee the papers and notify authors of acceptance status by June 9, 1995. Cost of the workshop, lodging, and meals will be about $550. Scholarships are available. WORSHOP ORGANIZERS Workshop Chair: Hilary Hosmer, Data Security, Inc., 58 Wilson Road, Bedford, MA +1 (617)-275-8231 (voice and fax) Hosmer@dockmaster.ncsc.mil Program Co-Chairs John Dobson, Computing Science Department, University of Newcastle Newcastle NE1 7RU, UK +44 91-222-8228 John.Dobson@newcastle.ac.uk Catherine Meadows, Naval Research Laboratory, Code 5543, Washington, DC 20375 +1 (202)-767-3490 (voice) +1 (202)-404-7942 (fax) meadows@itd.nrl.navy.mil Program Committee: Thomas Haigh, Secure Computing Corporation Deborah Hamilton, Hewlett Packard Leonard LaPadula, MITRE Ruth Nelson, Information System Security Pierangela Samarati, Universita di Milano Marvin Schaefer, Arca Systems Bruce Schneier, Counterpane Systems Olin Sibert, Oxford Systems Adrian Spalka, University of Bonn Daniel Sterne, Trusted Information Systems Local Arrangements: Dr. Thomas Lincoln (Rand) +1 (310)-393-0411 Publications: Deborah Hamilton (Hewlett Packard) Scholarships: Prof. Ravi Sandhu (George Mason Univesrity) +1 (703)-993-1659 Treasurer: Janet Haley (Haley Computer Services) +1 (609)-266-1471 Registration Chair: James Williams (MITRE) +1 (619)-223-2301 ext 31 ACM SIGSAC Liaison: Dixie Baker (Aerospace) +1 (310)-336-7998 ------------------------------ Date: Tue, 20 Dec 94 12:53:26 GMT From: Stella Page Subject: CFP: Safety and Reliability of Software Based Systems European Network of Clubs for Reliability and Safety of Software Centre for Software Reliability SAFETY AND RELIABILITY OF SOFTWARE BASED SYSTEMS Reims, France, 12-15 September 1995 ANNOUNCEMENT & CALL FOR PAPERS 12th Annual CSR Workshop 1st Annual ENCRESS Conference Supported by the EC ESSI Programme and Lloyd's Register In the past decade, there have been enormous advances in the use of computers - and hence software - in areas where safety and reliability are of significance both to individual users and to society at large. Examples can be found in all sectors of industry: railway signalling is increasingly computerised; fly- by-wire aircraft are the current technological trend in civil aviation; motor car engines and braking systems are computer- controlled; programmable logic controllers (PLCs) used in the process industries have increasingly complex software embedded within them; and commercial companies of all sizes become ever more dependent on the reliable operation of their computer systems. These systems do not always deliver the levels of safety and reliability which users and society are entitled to expect. There are many reported examples of software-related failures which have caused, or had the potential to cause, death, injury, environmental damage, or significant economic loss. These include deaths in hospitals of patients undergoing radiotherapy treatment, software-defect induced release of sufficient water from a reservoir to flood a valley, lost space-craft, and company failures. Very often, these incidents could have been prevented, or their consequences reduced, by better awareness of safety and reliability issues as they apply to computer-based systems. Ideally, developers of systems should have evidence that their approach to system development is likely to lead to the required levels of safety and reliability. Often, evidence of this sort will form part of a safety case, or other justification for system reliability and/or safety, that has to be presented for approval or acceptance by an appropriate authority. Many projects in the ESSI programme aim to produce evidence to support the use of particular technologies, in the development of safe and reliable systems. These projects are particularly encouraged to submit papers to this conference, which has been selected as one of the events at which ESSI Application Experiments can present their results for peer review and evaluation. This is an open call for papers: we also seek other papers which argue for the suitability of particular technologies, methods or management approaches for use in developing reliable and safe systems, especially those which present the results of industrial experience. Topics that could be addressed include: A historical perspective on safety cases, and on how the current regulations requiring the production of safety cases have arisen. How do software engineering methods and tools contribute to product safety, reliability, etc.? What evidence is there to support the use of particular technologies to achieve reliable systems? How do organisations deal with the safety and reliability of PES? Do different industrial sectors deal with PES safety and reliability in a similar manner? Should we focus on management procedures more and technology issues less? (Some accident reports suggest this is so.) Are tightly coupled time critical systems inherently less safe or reliable than other systems? How do software metrics, software reliability models, etc., relate to dependability attributes? How do we deal with the integrity of evidence used in safety arguments? What is the impact of organisational rules and work practices on safety and reliability? Dates for Authors ================= Authors are invited to submit extended abstracts (two A4 pages), or near full papers, to Carol Allen at the address given below. Papers should be written in English which will be the language of the Workshop/Conference. The following dates have been set: Submission of abstracts/papers 31st January 1995 Notification of acceptance 28th February 1995 Announcement of provisional programme 31st March 1995 Workshop version of paper available 31st May 1995 The proceedings will be published following the Workshop. As there is a requirement for the proceedings to be edited changes may be requested of authors after the papers have been presented. Organising and Programme Committee ================================== Roger Shaw Chair Lloyd's Register Carol Allen Administration City University Ole Anderson DELTA (Denmark) Tom Anderson Newcastle University Robin Bloomfield Adelard Sandro Bologna ENEA CRE-Casaccia (Italy) Annie Combelles Objectif Technologie (France) Chris Dale ENCRESS Project Manager Norman Fenton City University Bev Littlewood City University Bob Malcolm Malcolm Associates Francesca Saglietti ISTec (Germany) Peter Scharbach Lloyd's Register Contacts: ========= Chairman: Roger Shaw Administration: Ms Carol Allen Lloyd's Register Centre for Software Reliability Lloyd's Register House City University 29 Wellesley Road Northampton Square Croydon London CRO 2AJ EC1V 0HB Tel: +44 (0)181 681 4818 Tel: +44 (0)171 477 8421 Fax: +44 (0)181 681 4839 Fax: +44 (0)171 477 8585 email: roger.shaw@aie.lreg.co.uk email: c.a.allen@csr.city.ac.uk ------------------------------ Date: 15 December 1994 (LAST-MODIFIED) From: RISKS-request@csl.sri.com Subject: Info on RISKS (comp.risks), contributions, subscriptions, FTP, etc. The RISKS Forum is a moderated digest. Its USENET equivalent is comp.risks. Undigestifiers are available throughout the Internet, but not from RISKS. SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent) on your system, if possible and convenient for you. BITNET folks may use a LISTSERV (e.g., LISTSERV@UGA): SUBSCRIBE RISKS or UNSUBSCRIBE RISKS. U.S. users on .mil or .gov domains should contact (Dennis Rears ). UK subscribers please contact . Local redistribution services are provided at many other sites as well. Check FIRST with your local system or netnews wizards. If that does not work, THEN please send requests to (which is not yet automated). SUBJECT: SUBSCRIBE or UNSUBSCRIBE; text line (UN)SUBscribe RISKS [address to which RISKS is sent] CONTRIBUTIONS: to risks@csl.sri.com, with appropriate, substantive Subject: line, otherwise they may be ignored. Must be relevant, sound, in good taste, objective, cogent, coherent, concise, and nonrepetitious. Diversity is welcome, but not personal attacks. PLEASE DO NOT INCLUDE ENTIRE PREVIOUS MESSAGES in responses to them. Contributions will not be ACKed; the load is too great. **PLEASE** include your name & legitimate Internet FROM: address, especially from .UUCP and .BITNET folks. Anonymized mail is not accepted. ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY. Relevant contributions may appear in the RISKS section of regular issues of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise. All other reuses of RISKS material should respect stated copyright notices, and should cite the sources explicitly; as a courtesy, publications using RISKS material should obtain permission from the contributors. CURRENT ARCHIVES: "ftp unix.sri.comlogin anonymousYourName cd risks or cwd risks, depending on your particular FTP. Issue J of volume 16 is in that directory: "get risks-16.J". For issues of earlier volumes, "get I/risks-I.J" (where I=1 to 15, J always TWO digits) for Vol I Issue j. Vol I summaries in J=00, in both main directory and I subdirectory; "bye" I and J are dummy variables here. REMEMBER, Unix is case sensitive; file names are lower-case only. =CarriageReturn; UNIX.SRI.COM = [128.18.30.66]; FTPs may differ; Unix prompts for username, password; bitftp@pucc.Princeton.EDU and WAIS are alternative repositories. See 15/risks-15.75 for WAIS info. To search back issues with WAIS, use risks-digest.src . With Mosaic, use http://www.wais.com/wais-dbs/risks-digest.html . FAX: ONLY IF YOU CANNOT GET RISKS ON-LINE, you may be interested in receiving it via fax; phone +1 (818) 225-2800, or fax +1 (818) 225-7203 for info regarding fax delivery. PLEASE DO NOT USE THOSE NUMBERS FOR GENERAL RISKS COMMUNICATIONS; as a last resort you may try phone PGN at +1 (415) 859-2375 if you cannot E-mail risks-request@CSL.SRI.COM . ------------------------------ End of RISKS-FORUM Digest 16.66 ************************