29-Apr-86 22:57:32-PDT,14277;000000000000 Mail-From: NEUMANN created at 29-Apr-86 22:56:00 Date: Tue 29 Apr 86 22:56:00-PDT From: RISKS FORUM (Peter G. Neumann, Coordinator) Subject: RISKS-2.46 Sender: NEUMANN@SRI-CSL.ARPA To: RISKS-LIST@SRI-CSL.ARPA RISKS-LIST: RISKS-FORUM Digest, Tuesday, 29 Apr 1986 Volume 2 : Issue 46 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Martin J. Moore (on Challenger article) TV "piracy" (Nicholas Spies) HBO -- Hacked Briefly Overnight (Mike McLaughlin) The dangers of assuming too much -- on TMI-2 (J. Paul Holbrook) A POST Script on Nuclear Power (Peter G. Neumann) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@SRI-CSL.ARPA, Requests to RISKS-Request@SRI-CSL.ARPA.) (Back issues Vol i Issue j stored in SRI-CSL:RISKS-i.j. Vol 1: MAXj=45) ---------------------------------------------------------------------- Received: from eglin-vax.ARPA [...] Mon 28 Apr 86 16:10:02-PDT Date: 0 0 00:00:00 CDT From: Subject: Re: Challenger article To: "risks" > From: Rminnich@dewey.udel.EDU > [excerpts from article Phila. Inquirer of 4/24.] > "... It is now clear that there was no explosion ..." Rubbish. There was certainly an explosion; what do they think scattered debris for miles and threw some so high it took an hour to impact? That it was not an all-consuming explosion as was originally thought, is now obvious. But I still wouldn't want to be anywhere around an explosion like the one we saw. > "... The astronauts ... were probably making frantic efforts > to bring their craft under control as it hurtled downward. If the > craft had been equipped, as it should have been, with parachutes and > seat-ejection fail-safe systems they could have saved themselves. " According to figures I have seen in the news media (AP stories, I think; the newspapers are in the trashpile now) at the moment of downlink loss the cabin pressure was 800 psi and the acceleration was 16g. These were extrapolated to be 2000 psi and 100g a few seconds later. These are obviously unsurvivable in themselves, not to mention that the cabin windows would not have survived the overpressure, resulting in explosive decompression, which is not exactly healthy either. Of course, *if* anyone survived the initial blast and remained conscious, I'm sure they would have made frantic efforts to bring the craft under control (who wouldn't?). On the subject of parachutes, I think that any external parachute system would certainly have been burned away or ripped away by the initial blast. As for ejection seats, these may or may not be useful; I believe there are severe technical problems (I'll have to pass on the details -- maybe an expert on the subject will speak up.) > "They died because of NASA's false economies and incompetence. " The commission hasn't even made its report yet, but this reporter obviously has all the facts and has completed the inquest. It's true that NASA looks less than pure based on what the media have reported, but this verges on deliberate slander (can you slander a government agency? sorry, I digress.) (Also, let's please *not* start the "whose fault was it" flamage here; those of you who read SPACE are probably more than sick of it by now, as I am.) > "... Dr. William Doering, professor of chemistry at Harvard, pointed > out that ... was not an explosion at all. 'It is best described > as a fast fire ... If the fuel tank had exploded ... it would be > producing something much bigger ... They have stopped showing the > space module [sic] but I am confident that it is intact also or > was until it hit the water. '" I haven't the chemistry knowledge to dispute this on technical grounds; however, my point about debris scattering still holds. Also, why did he wait until the crew module was found? Why didn't he say after seeing the pictures, "That's not an explosion, it's just a fast fire." Also, what is "intact"? "More or less in one piece" or "completely sound"? Apparently at least the former was true. But the 100g acceleration would pretty well rule out the latter. > "... Terry J. Armentrout, director of the NTSB investigation, > told reporters that '... the shuttle Challenger, including the crew > compartment, apparently survived the blast mostly intact'". Aw, c'mon! The crew module stayed in one piece, but it was completely separated from the rest of the Orbiter, which was wrecked (it's no surprise that the crew module could maintain its integrity even if no other part of the Orbiter did; it's the strongest part of the Orbiter.) If the rest of the Orbiter survived "mostly intact" where did the bits of Orbiter wreckage shown by the media (e.g., wing and stabilizer pieces, tiles, etc.) come from? > Continues Shannon, > " ... the astronauts died from the force of the impact as the > craft hit the water ... There is no reason to believe that the crew died > because of sudden decompression ..." Well, they probably died from 100g acceleration before they had a chance to die from decompression; if not, decompression probably would have done it. Maybe we'll never know for sure, but I believe the crew died within seconds of the blast. > He goes on to hint that the down-link was lost as part of a >cover-up rather than due to the fast fire. This is so unbelievable that I don't even know what to say. I don't suppose he offers the least bit of proof? (Speaking from personal experience, which includes over 100 space launches including the first 8 shuttles, I would say that there is *no* way such a coverup could be maintained for long, given the large number of people involved in the launch process.) As always, I express herein only my own personal opinions, and not the official position of my employer or any government agency. Martin J. Moore mooremj@eglin-vax.arpa ------------------------------ Date: 28 Apr 1986 19:48-EST From: Nicholas.Spies@GANDALF.CS.CMU.EDU Subject: TV "piracy" To: risks@sri-csl The recent "Captain Midnight" episode was, in my book, a completely justified display of civil disobedience. I live in Pittsburgh, which has a (pathetic) cable company to which I subscribe, so I am not an aggrieved dish owner, but I sympathize with them. Why? Because cable program providers MUST factor in ONLY wired-in subscribers when signing contracts to buy programming (or else they are idiots) so the fringe viewers with discs (most often far from any cable company) have little or nothing to do with their financial situations. HBO's decision to scramble its signal to force people who cost HBO, or cable systems, ABSOLUTELY NOTHING to "hook up" is ridiculous; at least disc owners should be given a hefty credit for their investment before having to buy a descrambler and pay monthly rates. Not being a lawyer, it also seems that scambling makes a mockery of the 1934 Communications Act, which prevents encoded transmissions over public channels. This sort of problem may prevent another medium -- videodiscs -- from fulfilling their promise of providing vast aounts of cheap information. Consider: a 12" videodisc can store up to 108,000 frames of information. What information? In the case of NASA, lots of planetary images. In the case of the National Gallery of Art, 1645 art works and a couple of movies. But what if a videodisc publisher wanted to provide a comprehensive collection of ALL major works of western art, 65 TIMES the number of art works provides on the NGA disc. As it stands, this would be impossible because each provider of art images would want a royalty for each disk (to pay costs, perhaps 1 cent per work per copy. But this would mean a $10,800 royalty PER DISC for all suppliers, which would make the disc completely unsalable, making a comprehensive history of art expert system all but impossible to develop because the costs could not be amortized. (If you think this is outlandish, consider that the Metropolitan Museum in New York wanted to charge the US Marine Corps $50 for the LOAN of a photograph of an artifact that the Marines wanted to include in their Bicentennial exhibit in Washington DC in 1976. The Marines, to their credit, declined to pay.) Some new paradigm will have to be worked out before mega-media will be acceptable both to information providers and consumers. Nick ------------------------------ Date: Mon, 28 Apr 86 21:51:15 edt From: mikemcl@nrl-csr (Mike McLaughlin) To: risks@sri-csl.ARPA Subject: HBO -- Hacked Briefly Overnight Overpowering a transmitter is essentially trivial. If HBO was scrambling its uplink, Captain Midnight's missive must have been similarly scrambled. Perhaps HBO's scramble algorithm is also trivial. Of course, if the uplink is in the clear, Captain Midnight merely needed brute force. Anyone know how or where the signal is scrambled? Or whether an HBO receiver set to unscramble will pass an in-the-clear signal? I realize that facts may set limits to the discussion. Regrettable. ------------------------------ Sender: "J._Paul_Holbrook.OsbuSouth"@Xerox.COM Date: 29 Apr 86 14:32:33 PDT (Tuesday) Subject: The dangers of assuming too much From: Holbrook.OsbuSouth@Xerox.COM To: Risks@SRI-CSL.Arpa, Methodology^.PA@Xerox.COM [From "Three Mile Island: Thirty Minutes to Meltdown" by Daniel Ford; Viking Press 1982.] (The discussion preceeding this quote talks about how the temperature of the fuel rod at Three Mile Island-2 increased from the normal 600 degrees to over 4000 degrees during the 1979 accident, partially destroying the fuel rods. It also notes that instruments to measure core temperatures were not standard equipment in reactors.) "Purely by chance, there were some thermocouples -- temperature-measuring devices -- present in the TMI-2 reactor when the accident occured. Located about 12 inches above the top of the core, these thermocouples ... were installed as part of an experimental study of core performance, and were a temporary instrumentation feature of the plant, connected to the control-room computer for measuring temperatures during normal operation. Accordingly, if a control-room operator requested temperature data from the computer, he would receive useful information only when the temperature was within the normal 600 degree range. When the temperature got above 700 degrees, the computer, instead of reporting it, would simply print out a string of question marks -- "???????." Although the thermocouples could actually measure much higher temperatures, the computer was not programmed to pass these higher temperature readings on to the operators ... there was an urgent need for timely, reliable data about the temperature in the core in the critical period between 6am and 7am on March 28; what was available from the computer was mostly question marks." Paul ------------------------------ Date: Tue 29 Apr 86 22:42:21-PDT From: Peter G. Neumann To: RISKS@SRI-CSL.ARPA Subject: A POST Script on Nuclear Power While we are on nuclear power plants, please let me know if anyone gets some solid facts that involve the computer-control system in the Chernobyl nuclear accident in the Soviet Union over the weekend ("partial meltdown", "graphite explosion", or whatever it was). By the way, today's Washington Post gave a chronology of some of the more interesting previous nuclear-power accidents, which I summarize here: Dec 2 1952 Chalk River, Canada. Million gals radioactive water built up. 6 mos to clean up. Human error. Nov 1955 EBR-1 experimental breeder, Idaho Falls. Mishapen rods, human err. Oct 7-10 1957 Windscale Pile #1. English coast of Irish Sea. Largest known release of radioactive gases (20,000 curies of iodine). Fire. .5 M gals milk destroyed. Plant permanently shut down. Winter 1957-58 Kyshtym USSR. 400 mi contaminated? Cities removed from maps. May 23 1958 Chalk River again. Defective rod overheated during removal. Another long clean-up. Jul 24 1959 Santa Susana CA, 12 of 43 fuel elements melted. Contained. Jan 3 1961 SL-1 Idaho Falls (military, experimental). Fuel rods mistakenly removed. 3 killed. Oct 5 1966 Enrico Fermi, Michigan. Malfunction melted part of core. Contained. Plant closed in 1972. Jun 5 1970 Dresden II, Morris Illinois. Meter gave false signal. Iodine at 100x permissible. Contained. Nov 19 1971 Monticello Minn. 50,000 gals radioactive waste spilled into Mississippi River, some into St Paul water supply. Mar 22 1975 Brown's Ferry, Decatur Alabama. Insulation caught fire, disabled safety equipment. $150 M cleanup. Mar 28 1979 Three Mile Island II. NRC said, "within an hour of catastrophic meltdown". 4 equipment malfunctions plus human errors plus inadequate control monitors. Feb 11 1981 Sequoyah I, Tennessee. 8 workers contaminated, 110,000 gals radioactive coolant leaked. Jan 25 1982 Ginna plant, Rochester NY. Steam-generator tube ruptured. Feb 22 & 25 1983 Salem I NJ. Auto shutdown system failed twice. Manual OK. Apr 19 1984 Sequoyah I again. Contained. Jun 9 1985 Davis-Besse, Oak Harbor, Ohio. 16 pieces of equipment failed, at least one wrong button pushed. Auxiliary pumps saved the day. PGN (just off the plane from DC) PS. I hope you don't conclude that I am interested ONLY in catastrophes. I really have been professionally involved for many years in trying to develop better computer systems. But that does not mean that I have to trust them... ------------------------------ End of RISKS-FORUM Digest ************************ -------