4-Jun-86 22:53:06-PDT,16507;000000000000 Mail-From: NEUMANN created at 4-Jun-86 22:50:31 Date: Wed 4 Jun 86 22:50:31-PDT From: RISKS FORUM (Peter G. Neumann, Coordinator) Subject: RISKS-3.1 Sender: NEUMANN@SRI-CSL.ARPA To: RISKS-LIST@SRI-CSL.ARPA RISKS-LIST: RISKS-FORUM Digest, Wednesday, 4 June 1986 Volume 3 : Issue 1 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Unshakeable Faith in Technology (Richard A. Cowan) Unshakeable Faith in Technology: Shuttles & Nuclear Power (Peter G. Neumann) Basis for SDI Assumptions? (Doug Schuler) Technical vs. Political in SDI (Herb Lin) Computer Crime Laws (Peter G. Neumann) Backups for micros (Evan Dresel) The Clock Lies Again (PGN, Jagan Jagannathan) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@SRI-CSL.ARPA, Requests to RISKS-Request@SRI-CSL.ARPA.) (Back issues Vol i Issue j available in SRI-CSL:RISKS-i.j. Summary Contents in MAXj for each i; Vol 1: RISKS-1.46; Vol 2: RISKS-2.57.) ---------------------------------------------------------------------- Date: Tue 3 Jun 86 21:07:28-EDT From: Richard A. Cowan Subject: Unshakeable Faith in Technology To: risks@SRI-CSL.ARPA The following passage from a 6-part "editorial" in the San Francisco magazine "Processed World" argues that the Space Shuttle disaster will not (as Proxmire claimed) shake people's faith in technology. Instead, it may strengthen their resolve to pursue technology regardless of risks. (Fortunately, the same argument can not be applied to the Chernobyl accident; people don't have the same love affair with Soviet nuclear power that they had with the Shuttle.) Send me mail if you want more info about the magazine; this is from the recently published Number 16. "Braking Star Wars, or a New Standard of Patriotism" by Marcy Darnovsky "If the fireball that consumed Space Shuttle Challenger slows down the development of Star Wars, the seven people that perished in it will not have died in vain. "To millions of space enthusiasts, the shuttle and the space program are tributes to curiosity, imagination, courage, and the quest for knowledge and adventure. These are among the worthy impulses of the human spacies. But what most space boosters don't see through the glitter of the stars (leaving aside the problem of how to divide the purse between cross-town buses and interplanetary travel) is how these impulses are being used and perverted. "Whatever its origins, there can be no doubt about what master the Shuttle now serves. Starting in 1987, the Pentagon had planned to use half of the spacecraft's cargo bay at least twice a year for Star Wars experiments alone. It had claimed a third of the available shuttle launches over the next ten years. Under the National Space Policy adopted by Reagan, the Pentagon is not only NASA's largest customer, but also its preferred customer, and as such is entitled to bump civilian, commercial, and scientific payloads off Shuttle flights. "For a short time, the suspension of Shuttle missions and the loss of one of the four orbiters will slow the military's invasion of space. But before long, the space arms race will be back in harmony with the spheres. The scientific and commercial aspects of the space program will probably come out the losers, with NASA dancing to the Pentagon's tune even more slavishly than before. "A month after the explosion, some of the astronauts voiced dissatisfactions with NASA safety procedures and secrecy. It's too soon to tell whether their criticisms will crack the unnerving unaniminity of popular support for more space spectaculars. "Remarkably, instead of planting doubts about the reliability of complex technologies and the push into space, the destruction of the Challenger seems to have convinced most Americans that no sacrifice is too great for the technology that will conquer the stars. NASA reports it received 90,000 letters in the two weeks following the explosion, 99% of them supporting the space program. "Something like this brings the nation together," said Daniel Boorstin in the New York Times. "The space program in general has done that; people understand the grandeur even if not the technology, and to share that grandeur is what makes a great nation." Boorstin is right: the majestic lift-off of a rocket with human beings perched atop it raises modern Americans out of their everyday lives into an epiphany of technological awe intertwined with chauvinistic pride. "The Shuttle catastrophe has constructed a new standard of patriotism: giving your life for your country's technology. Instead of making it acceptable to question the military takeover of space, the Shuttle disaster may make the space program more sacred than ever. If the explosion of the Challenger and the seven dead astronauts have transformed protest into heresy, it was more of a tragedy than we've yet realized." ------------------------------ Date: Wed 4 Jun 86 22:01:31-PDT From: Peter G. Neumann Subject: Re: Unshakeable Faith in Technology: Shuttles & Nuclear Power To: COWAN@XX.LCS.MIT.EDU cc: RISKS@SRI-CSL.ARPA *** Shuttle *** Today's SF Chron contains a Los Angeles Times story by Maura Dolan: Shuttle Program Was Doomed, Panelists Say The space shuttle prgram was so plagued by a lack of spare parts and mission softwre and inadequate crew training that flights would have been substantially slowed or halted by now even if the Challenger disaster had not occurred, members of the presidential commission that investigated the accident said yesterday. ``There was no management of this program," a commissioner said. ``Even without the accident, the program would have ground to a halt by this point.'' The article goes on to quote other commissioners anonymously on inadequate planning, having to steal spare parts from other shuttles, lack of training time, one or two of the two simulators being down often, last-minute reprograming without testing, and so on. It also outlines some of the recommendations of the forthcoming report. There are about four or five other ... safety things that NASA has been playing the same game with as the O-rings -- the main engine, the brakes, the flapper valves (that control fuel flow), the automatic landing system," one panelist said. *** Nuclear Power *** Jack Anderson's column in the same paper returned to Chernobyl and the nuclear power situation in the United States: We have learned that, since the hideous accident in the Ukraine, the Nuclear Regulatory Commission staff called in the inspectors and informed them that new, more lenient interpretations of the fire-safety regulations had been approved by the commissioners over the inspectors' vehement protests... Incredibly, the new guidelines let nuclear plant operators sidestep the protection of redundant control systems by planing fire safety for the first set of controls only. The guidelines permit partial fire barriers between the first control system and the backup system, which can be in the same room. This means that a fire could short-circuit both systems. ------------------------------ From: bcsaic!douglas@uw-june Date: Tue, 3 Jun 86 07:56:46 pdt To: uw-june!uw-beaver!SRI-CSLA.arpa!Neumann Subject: Basis for SDI Assumptions? ReSent-To: RISKS@SRI-CSL.ARPA I have to question two statements that were made by Bob Estell in relation to SDI software. The first one, "A missile defense is worth having if it is good enough to save only 5% of the USA population in an all-out nuclear attack" is oft-heard. The phrase "worth having" could be applied to a number of things that aren't being had by many people (things like food, shelter, medical care, or safer cars). The question of whether something is "worth having" irrespective of costs, as if one could snap his fingers and have that thing is fine for idle conversation but of little use realistically. The question of what is worth pursuing and to what degree must be taken up by society at large. The magnitude of SDI costs as well as admitted technical dubiousness must be compared with alternatives. We can't have everything that anybody says is "worth having." The second quote, "That shield might save 75% of the population in a terrorist attack, launched by an irresponsible source" deserves some comment. The "terrorist" argument is used fairly often also to garner support for SDI, as terrorism is a popular topic on television, etc. I am prompted to ask from what quarter this terrorist attack would arise. England? France? Also, I would expect that SDI would fail miserably in the event of anything less than the full-scale attack that it was billed as deflecting. How does this apply to Risks? The rationale and the requirements are the basis for a system. If these are invalid, the system will probably be invalid. As Herb Lin said, "Politics are just requirements at the top level." POSTING NUMBER 2: [Re Bob Estell's posting] I am not sure of the facts on this but I think it is pertinent to RISKS. What is the story on the software for the Sargent York gun? Was a "high level" language used. If so, and the complexity still defeated the project, it bodes ill for SDI which consists of [the logical equivalent of?] thousands (hundreds?) of Sargent York guns launched into space. If a high-level language was used, there is still life in the "historical" argument described by Bob Estell. ** MY VIEWS MAY NOT BE IDENTICAL TO THOSE OF THE BOEING COMPANY ** Doug Schuler (206) 865-3228 {allegra,ihnp4,decvax}uw-beaver!uw-june!bcsaic!douglas bcsaic!douglas@uw-june.arpa [The use of a high-level programming language is only part of the problem. In many cases, deep flaws exist in the design, and the implementation makes things only a little bit worse. In those rare cases where the design is actually sound, the programming language -- whether high-level or low-level -- introduces the possibility of additional flaws, such as loss of encapsulation, lack of strong typing, lack of consistent exception handling, improper sequencing or atomic actions particularly in distributed systems, lack of adequate control transfers and domain changes, and so on. But such problems exist in ALL of the commonly used programming languages. PGN] ------------------------------ Date: Thu, 5 Jun 1986 00:32 EDT From: LIN@XX.LCS.MIT.EDU To: risks%sri-csl.arpa@CSNET-RELAY.ARPA Subject: Technical vs. Political in SDI I subscribe to RISKS, and I moderate ARMS-D. I will forward to ARMS-D any SDI messages that appear on RISKS, unless specifically told not to do so by the subscriber. Peter -- Is this OK? [SURE. FINE BY ME. Remember, I don't believe in the alleged sharp partition between RISKS and ARMS-D. PGN] ------------------------------ Date: Wed 4 Jun 86 22:18:21-PDT From: Peter G. Neumann Subject: Computer Crime Laws To: RISKS@SRI-CSL.ARPA From the SF Chron, 4 June 1986, Washington Report, p. 13: The house approved and sent to the Senate yesterday a bill that would expand coverage of federal laws against computer crime. The legislation, passed by voice vote, would make it a felony knowingly to trespass into a "federal interest" computer -- one operated by a federal agency, a federally insured financial institution or by stockbrokers registered with the Securities and Exchange Commission -- to obtain anything of value. It also would apply to entry into private computer systems located in more than one state. The top penalty would be five years in prison and a $250,000 fine. The measure also would establish a new category of misdemeanor for "hackers" who use computer bulletin boards to display passwords to computer systems. The top penalty would be a year in prison and a $100,000 fine. [I note that "to obtain anything of value" does not cover denials of service, mass deletions of data, insertion of nonbenevolent Trojan horses, and so on. The multistate basing clause may lead some organizations into distributed system and network operations just for the legal coverage! PGN] ------------------------------ Date: Wed, 4 Jun 86 09:43 EDT From: Subject: Backups for micros To: RISKS@SRI-CSL.ARPA There probably isn't a lot more to be said about backing-up data that is new. Since someone else brought up the subject, I'll recount a very recent case of incorrect back-up procedures from here in central PA, and then make a suggestion or two. [OK. I STILL ACCEPT A MESSAGE OR TWO ON THIS TOPIC. PGN] A small local firm was burglarized and their micro-computers stolen. All their diskettes were also taken -- yes, including all those carefully made back-ups. I don't have exact values for the worth of the data but the loss was enough to have significant impact on a small group. I guess this comes under the heading of improperly defining the risk. Everyone knows that computers can "eat" data and that's why one makes copies. How many of your typical users think about flood or fire, which are problems common to all data storage systems, much less theft which is a threat peculiar to micro-computer use where the diskettes are worth something -- even if they don't contain expensive programs. I could just say, "Boy, what a dumb mistake. They should have had hard-copy of as much stuff as practical, and protected those back-up diskettes." That's not very productive, though. The answer lies in education and perhaps in program developers meeting the real needs of the users. Computer users need to know how to protect their data and why. A couple of horror-stories go a long way. Either practical back-up schemes described step-by-step (such as how to copy only files created after a certain date) or else menu type software should be generally available. This information should be easily accessible to people who don't know a whole lot about programming or even about their system. (If I were a diskette manufacturer I'd give away back-up program-packages.) And don't forget the worst part of using your archive-copies -- figuring out which version of what you are working with. Evan Dresel Dept. of Geochemistry E8D @ PSUVM (bitnet) 228 Deike Bldg. ...!psuvax1!psuvm.bitnet!e8d (uucp <--> Penn State University bitnet gateway) University Park, PA 16802 e8d%psuvm.bitnet@wiscvm.arpa (arpa) (814) 863-0672 ------------------------------ Received: from SRI-NIC.ARPA by SRI-CSL.ARPA [...] Fri 30 May 86 23:36:39-PDT Received: from SRI-CSL.ARPA by SRI-NIC.ARPA [...] Sat 31 May 86 00:03:10-PDT Date: Fri 30 May 86 23:36:19-PDT From: Peter G. Neumann Subject: The Clock Lies Again To: "RISKS@SRI-CSL"@SRI-NIC.ARPA, Jagan@SRI-CSL.ARPA It is after midnight, but not by SRI-CSL's time. We have another clock problem. PGN [An homily anomaly?] [This one was quite different from the one I previously reported.] ------------------------------ Date: Sat 31 May 86 01:21:49-PDT From: Jagan Subject: Re: The Clock Lies Again To: Neumann@SRI-CSL.ARPA You are absolutely right .... However, I think the problem this time is not with the algorithm to compute the most reasonable time but the fact that the machine was unavailable (but not down!) for about half-hour this afternoon. (The clock had stopped even though the machine didn't think the clock had.) Jagan [Jagannathan] ------------------------------ End of RISKS-FORUM Digest ************************ -------