12-Nov-86 13:17:43-PST,12085;000000000000 Mail-From: NEUMANN created at 12-Nov-86 13:15:55 Date: Wed 12 Nov 86 13:15:55-PST From: RISKS FORUM (Peter G. Neumann -- Coordinator) Subject: RISKS DIGEST 4.10 Sender: NEUMANN@CSL.SRI.COM To: RISKS-LIST@CSL.SRI.COM RISKS-LIST: RISKS-FORUM Digest, Wednesday, 12 November 1986 Volume 4 : Issue 10 FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Extreme computer risks in British business (Lindsay F. Marshall) Alabama election snafu caused by programmer (PGN) Looping mailer strikes again (Brian Reid, Nancy Leveson) Lost files on Bitnet (Niall Mansfield) VOA car testing (Bill Janssen) Re: Aftermath of the Big Bang (apology) (Robert Stroud) Re: The Future of English (T. H. Crowley [both of them]) Word-processors Not a Risk (Ralph Johnson) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. (Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM) (Back issues Vol i Issue j available in CSL.SRI.COM:RISKS-i.j. MAXj: Summary Contents Vol 1: RISKS-1.46; Vol 2: RISKS-2.57; Vol 3: RISKS-3.92.) ---------------------------------------------------------------------- From: "Lindsay F. Marshall" Date: Tue, 11 Nov 86 09:54:27 gmt To: risks@csl.sri.com Subject: Extreme computer risks in British business FIRMS 'SUICIDAL' ON COMPUTERS, by Peter Large (From The Guardian 10/11/86) [10 Nov 86?] British business suffers nearly 30 computer disasters a year, involving firms in direct losses running into millions, according to a survey published today. Datasolve, the computer software arm of Thorn EMI, questioned the UK's biggest 500 accountancy firms and found that 28 per cent of them had encountered computer disasters among their clients in the past five years; and at least 67 per cent of those breakdowns were avoidable. These are not cases of computer fraud or interference by young computer "hackers": they are cases of accidental loss of data, through system breakdowns or operator errors, and through fire and flood. In some cases firms have lost all records of staff pay, orders, and contracts. Mr. Chris Wood, chief executive of Datasolve, said: "The survey shows that many firms are risking commercial suicide. Figures from the US indicate that 90 per cent of firms suffering a major computer disaster subsequently went out of business within 18 months. "The only reason we are not seeing the same statistics here is because UK firms are currently less computerised than their US counterparts." The Datasolve report says that small and medium-sized firms, operating micro- and mini-computers without full-time professional staff, are most at risk. The accountants questioned blamed ignorance, lack of resources, and perceived cost for the unnecessary risks that firms are taking. Most of the accountants said that firms needed to spend between 1 and 4 per cent of their annual computer budgets on stand-by computers and other protection methods. A third of them suggested that auditors should warn shareholders if a company's protection measures are inadequate. ------------------------------ Date: Wed 12 Nov 86 12:55:00-PST From: Peter G. Neumann Subject: Alabama election snafu caused by programmer To: RISKS@CSL.SRI.COM Election results in Mobile, Alabama, were delayed for several hours due to "computer problems". According to a report on WKRG-TV in Mobile, the problem was caused by a programmer improperly opening an output file, causing the vote totals to be sent to the bit bucket. The results were not lost, they just could not be printed out until the bug was found and fixed. The delay in reporting caused the outcome of the Senate race to be undetermined for quite some time. (Mobile is the hometown of Sen. Denton, who was narrowly re-elected.) [I hope this is a correct version. I had several earlier fragmentary versions...] [If you suspect any hanky-panky, be sure to (re)read the previous messages on RISKS on this subject, including RISKS-2.42. PGN] ------------------------------ From: reid@decwrl.DEC.COM (Brian Reid) Date: 11 Nov 1986 2314-PST (Tuesday) To: Risks@csl.sri.com Cc: lindsay@cheviot.newcastle.ac.uk Subject: Looping mailer strikes again On November 7, Andrew Walker of Nottingham University sent me a mail message. I received 72 copies of the message on November 7, the first arriving at 09:53 PST and the last arriving at 17:22 PST. Two days later on November 9 I got 21 more copies. Note that all 93 copies of this message (1890 characters) were sent across the Atlantic separately. The guilty party is the PDP-11/44 mail relay computer at University College, London. Most outgoing mail from the UK to the ARPAnet passes through this machine. I have not contacted the management of the machine to find out what the story was. I think that this supports Lindsay's claim that he didn't do it.... Brian ------------------------------ Date: 11 Nov 86 08:51:49 PST (Tue) From: Nancy Leveson To: lindsay%cheviot.newcastle.ac.uk@cs.ucl.ac.uk, neumann@csl.sri.com Subject: Looping mailer strikes again ReSent-To: RISKS@CSL.SRI.COM You requested any information about another similar incident. Well, on 7 Nov. 86 at 14:12:47 gmt I received 10 identical copies of a message from Tom Anderson. Nancy ------------------------------ Date: Tue 11 Nov 86 14:41:34 N To: risks@csl.sri.com From: Niall Mansfield Organisation: European Molecular Biology Laboratory Postal-address: Meyerhofstrasse 1, 6900 Heidelberg, W. Germany Phone: (06221) 387-0 [switchboard] (06221) 387-247 [direct] Subject: Lost files on Bitnet (cf RISKS-4.9) Losing files on Bitnet through IBM machines going down is very common. It seems RSCS holds its store and forward files in a spooling area which is often lost if the machine crashes. We get several such losses reported every month, and it's not uncommon for thousands of files to be lost. It's hard to see why this shouldn't be fairly easy to fix: it would certainly improve net reliability, and without any research on guaranteed-service protocols. ------------------------------ Date: Tue, 11 Nov 86 10:19:13 CST From: Bill Janssen To: Neumann@csl.sri.com Subject: VOA car testing ReSent-To: RISKS@CSL.SRI.COM [This is the tail-end of a private exchange regarding testing, e.g., for interference... PGN] Unfortunately, that's not as singular an example as one might hope. Characterization of electrical noise under most industrial circumstances is very poor. Many microprocessor-based systems are tested with a "showering arc generator", which is a bunch of relays and coils and loops of wire hooked up to motor driven interrupters. The tester turns on the showering arc generator, places the item to be tested near it, and sees if it can perform its standard functions. This is thought to be a "worst case" test, though in fact it's not at all clear that it is. Bill ------------------------------ From: Robert Stroud Date: Tue, 11 Nov 86 19:09:07 gmt To: risks@csl.sri.com Subject: Re: Aftermath of the Big Bang (apology) In my previous article about the Big Bang I said that one of the biggest outstanding problems was a backlog of 55,000 unmatched trade reports at the end of the first week, which had increased to 59,000 by the following Tuesday. In an attempt to put this figure into perspective, I unwisely added that "a semi-informed guess" would be that this represented about 30% of the weeks trading. "Semi-informed" was meant to indicate that it was not totally random, but resulted from some data and some reasoning on my part. Unfortunately, both turn out to be wrong - the correct figure is 15% (I think!). My hesitation arises from having to perform two unit conversions - it said in yesterday's Independent (10th November) that "10,250 represents about 2.5% of the average number [of bargains] in a normal account". That figure is presumably correct, but there are two transactions in a bargain, and two weeks in an account, (at least, I *think* there are two weeks in an account...). Anyway, please accept my humble apologies for dropping a factor of two due to neglecting the transactions/bargain conversion. (It was a factor of four until I remembered the weeks/account figure!) The good news is that the number was down to 20,500 by Saturday morning and should be cleared by Thursday morning - the deadline being Friday night. I don't think it could have been 59,000 last Tuesday in that case, so maybe the problem has been not just keeping records of transactions but keeping records of the records! One of the difficulties in sorting things out has been that some of the computer systems did not allow the records of transactions to be altered (presumably to prevent fraud and preserve an audit trail). Robert Stroud, Computing Laboratory, University of Newcastle upon Tyne. UUCP ...!ukc!cheviot!robert ------------------------------ Date: Mon, 10 Nov 86 22:36:33 PST From: allegra!thc@ucbvax.Berkeley.EDU To: ucbvax!CSL.SRI.COM!RISKS Subject: Re: The Future of English (RISKS DIGEST 4.8) The word processor is leading to a decay of the English language, and now we discover that the typewriter leads to a similar decay. Who knows what evils were caused by the fountain pen and the quill? Well, you can forget all that because the problem can be traced back much farther. A quotation from Plato: ``Said Thoth to the King of Egypt, `This invention, O King, will make the Egyptians wiser and will improve their memories; for it is an elixir of memory and wisdom that I have discovered,' but the king was not convinced and feared that the invention of writing would impair the memory instead of improving it and that the people would read without understanding.'' So, papyrus started this long, slow tumble into chaos. What say you we start a lobby to bring back the clay tablet? [Note: I don't mean to belittle the arguments that warn of the dangers of word processing. Too little thought goes into much of what I read (and write). I just thought this echo from the past brought a new perspective to the discussion. The quotation comes from p. 134 of "Understanding Computers" by Thomas Crowley (my father)] [... and coincidentally, my first boss at Bell Labs in 1960! PGN] ------------------------------ Date: Tue, 11 Nov 86 10:16:00 CST From: johnson@p.cs.uiuc.edu (Ralph Johnson) To: risks@csl.sri.com Subject: Word-processors Not a Risk I do not believe that word-processors damage the quality of writing. Good writing occurs only when the document is revised and reworked extensively. If we write a document first with pen and then type it, we will get at least one chance to revise it. The problem is with those who create a document at the keyboard but never read or revise it. However, even revising a document once is not enough to gain high quality. It takes many, many revisions to create a high-quality document, for which word-processors are invaluable. This applies to software as well as to English, though few programmers seem to realize it. Ralph Johnson "Master, how many times should I revise my documents? Up to seven times?" "I tell you, not seven times, but seventy times seven." ------------------------------ End of RISKS-FORUM Digest ************************ -------