RISKS-LIST: RISKS-FORUM Digest Tuesday 12 April 1988 Volume 6 : Issue 59 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Robot suicide (Tom Slone) Computer Risks? UUCP map entries? () Comment on "Diving Risks" -- Fail Safe Design? (Mark W. Eichin) ``How Computers Get Your Goat'' (Kevin B. Kenny) Should You Trust Security Patches? (Steve Bellovin) Race? (John Macdonald) A Cray-ving for RISK prevention (Matt Fichtenbaum) Re: What happened to personal responsibility? (Henry Spencer) Discrimination (John Lavagnino, Darin McGrew) Nonviral biological analogies -- a reference (Eugene Miya) New constituency for RISKS (Soviets embrace UNIX) (Jon Jacky) Vendor speak with "functioned" tongue! (Chris McDonald) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM. For Vol i issue j, FTP SRI.COM, CD STRIPE:, GET RISKS-i.j. Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85). ---------------------------------------------------------------------- Date: Tue, 12 Apr 88 11:41:26 PDT From: potency@violet.Berkeley.EDU (Tom Slone) Subject: Robot suicide "A Budd Company assembly robot has apparently committed suicide. The robot was programmed to apply a complex bead of fluid adhesive, but the robot 'ignored the glue, picked up a fistful of highly-active solvent, and shot itself in its electronics-packed chest." --Motor Trend, 11/86 [Inspired by Budd's McFrenzy? PGN] ------------------------------ From: [Anonymously Contributed] Subject: Computer Risks? UUCP map entries? Date: Sun Apr 10 13:34:33 1988 I was just going through the UUCP map entries, and noticed quite a few "home systems" mentioned. Did it ever occur to these people that the UUCP map entries make a great shopping list for burglars? "Lemme see now, IBM PC/AT, nahhhhhh, I hates them segment registers, SUN 3/50, nah, m'az well steal a VT-100, ahhhhhh SUN 3/280-LS/MFT, big disk, just what I need for doing the floor plan of First Federal..." I just finished creating a map entry for my home system, and I stopped to think, "would I put a sign on the front of my home saying I have a few thousand dollars worth of computer equipment inside". I doubt it very much. But people (me included, I guess!) routinely post map entries for the (netnews) world. Am I being excessively paranoid, or is it a healthy mistrust of my fellow creatures? I realize the possibility of a Bad Person using the maps for "shopping" was probably unlikely a few (2? 3?) years ago, but with the proliferation of netnews systems, especially "public" netnews systems, I'm sure the probability went up. [Anonymouse traps waiting to spring? No, this is just the old inference problem, which has been discussed here amply, and which is clearly exacerbated by the networking of databases. PGN] ------------------------------ Date: Fri, 8 Apr 88 00:42:25 EST From: Mark W. Eichin Subject: Comment on "Diving Risks" -- Fail Safe Design? Re: diving ascent computer: Does the version with a flashing LED as warning ALSO have a test button (or some other test) to see if the LED has failed? If not, divers could grow to trust it, then if (when!) the LED fails, they would be in danger of accident... ------------------------------ Date: Mon, 11 Apr 88 12:45:46 CST From: kenny@b.cs.uiuc.edu (Kevin B. Kenny) Subject: ``How Computers Get Your Goat'' (RISKS-6.54) : ... The researcher, Jan L. Guynes, used psychological tests to classify 86 : volunteers as either Type A or Type B personalities... She found that a : slow unpredictable computer increased anxiety in both groups equally... I read a study several years back which, while not classifying Type A vs. Type B subjects, studied psychological response to response time. The results of the study were that the VARIANCE in the response time was significant; the mean was much less so. The conclusion could be that `unpredictable' is the key word in the preceding paragraph. See Harold Sackman, Man-Computer Problem Solving, Auerbach, Princeton NJ, 1970. Kevin ------------------------------ From: smb@research.att.com Date: Tue, 12 Apr 88 10:27:15 EDT Subject: Should You Trust Security Patches? (Re: RISKS-6.58) These wonderful new security patches that were sent out without publicity -- how do you know the fix really came from DEC? Just a thought to keep you really paranoid... --Steve Bellovin ------------------------------ Date: Mon Apr 11 18:54:37 1988 From: harvard!linus!utzoo!spectrix!John_M@rutgers.edu (John Macdonald) Subject: Race? (Re: RISKS-6.55) Organization: Spectrix Microsystems Inc., Toronto, Ontario, Canada I would have thought that the appropriate answer to the question "Race:" on a driving license application would be "never" or "Formula One" or any similar experience. It is a quite reasonable question for them to be asking :-). [A grammatically correct answer to "Race?" would be "No (I don't)." PGN] ------------------------------ Date: Mon, 11 Apr 88 09:14:30 edt From: mlf@genrad.com (Matt Fichtenbaum) Subject: A Cray-ving for RISK prevention (Re: RISKS-6.55) >CRAY - A traditional Shinto ceremony was performed at Cray's systems check-out >building in Chippewa Falls to introduce a protective spirit into a new X-MP/24 Quite a feat of Cray, eh? ------------------------------ Date: Tue, 12 Apr 88 14:57:31 EDT From: mnetor!utzoo!henry@uunet.UU.NET Subject: Re: What happened to personal responsibility? > ... To sit in a 30mph steam train was not only a joy, you placed > your life in the hands of engineers who were ultimately accountable. To > sit in a 125mph bullet train or a high-speed local subway is no longer > quite so joyful. You *still* place you life in the hands of the company, > but is it the Engineers, software or otherwise that carry the can? Why, nobody, of course. If you want a good example of what I'm talking about, consider the Challenger disaster. I think there is little doubt that specific people could plausibly be held responsible for it, although there might be some debate about exactly who. Now, look at the aftermath. How many people have been arrested on criminal charges as a result? None. How many people have been fired in disgrace as a result? None. (A few have run into trouble for talking too much about the incident, but not for causing it!) How many companies have been disbarred from government business as a result? None. What penalties were assessed against Morton Thiokol? Well, after a long debate it was agreed that ten million dollars would be deducted from payments on their SRB contracts. (Note that (a) the replacement value of a shuttle orbiter is approximately two *billion* dollars, (b) both NASA and its customers have been hard-hit by the long hiatus in spaceflight and other side effects of the disaster, (c) Morton Thiokol has received many millions of dollars in fix-the-SRBs contracts, and (d) the issue of an alternate source for SRBs, a major worry to M-T, has been postponed for some years.) To avoid a repetition of the Challenger disaster, people need an incentive to avoid one. For the lawyers and MBAs who run most aerospace companies, that means a financial incentive. Only if technical disaster translates into financial disaster will the bean-counters see to it that the whole company has a firm commitment to avoiding it. Only then will a "no" from the engineers be backed up by the management, even if it hurts. So how much of a financial disaster has Morton Thiokol undergone? None! Look at the results, not the rhetoric. Who was responsible for Challenger? Nobody. Henry Spencer @ U of Toronto Zoology {allegra,ihnp4,decvax,pyramid}!utzoo!henry ------------------------------ Date: Tue, 12 Apr 88 11:46 EST From: (John Lavagnino) Subject: Re: Discrimination and careless arguments David Thomasson writes: > Lavagnino confuses two separate actions: gathering information, > and misusing information. Can we believe in this separation after reading the accounts of actual practice that appear in RISKS? And can we believe in Thomasson's (unstated) assumption that the various bureaus of our government have no connection with each other? I'm afraid I can't. His analysis of Earnest's story reduces it to a mere fallacy by throwing out all evidence of the meaning of race in that place and time; that evidence he dismisses as just a bunch of anecdotes, because he assumes there are no connections, but to me it's clear that it's what leads to Earnest's reaction to the license application. Thomasson's conclusion is further based on his (unstated) opinion that no objection to governmental activities may be made without irrefutable evidence of misbehavior -- which is a reasonable opinion, but it's an opinion all the same, and there are others on the matter, such as Earnest's. This method amounts to throwing out all the evidence and assuming that you haven't thereby distorted the problem you set out to study; again, think about that procedure from a RISKS point of view. John Lavagnino, Department of English and American Literature, Brandeis Univ. ------------------------------ Date: Mon, 11 Apr 88 15:57:24 PST From: ibmuupa!mcgrew@ucbvax.Berkeley.EDU (Darin McGrew) Subject: Discrimination Organization: IBM TCS Development, Palo Alto In RISKS 6.55, David Thomasson says: > If one thinks it is a simple matter of separating the "bad" kinds of > discrimination from the "good" (or "acceptable") kinds, try phrasing a > general principle that will make that distinction. This is rather off the subject of computer risks, but it shows a related problem. "Bad discrimination" is that which is based on qualities that should be irrelevant to the choice being made. "Good discrimination" is that which is based on qualities that are relevant. The problem comes from the decision of what qualities are relevant to a given decision. When we disagree about the relevance of certain qualities, my right to be considered apart from "irrelevant" qualities will conflict with your right to consider all my "relevant" qualities. Problems also arise when I perceive that you considered irrelevant qualities when you didn't. This problem shows up with computer systems when information is considered relevant by one person, and not by another. This causes people to ignore warning indicators because they learn that the engineer considered a lot of "irrelevant" information important. It also causes hidden failures (eg, of failsafe systems) because the engineer didn't consider something important to be "relevant." Darin McGrew ucbvax!ibmuupa!mcgrew I speak for myself, not for my employer. ------------------------------ Date: Fri, 8 Apr 88 21:51:44 PDT From: Eugene Miya Subject: Nonviral biological analogies -- a reference Since we are talking about the biological analogy of computer viruses, I would like to call attention to a book to further continue (non-viral) biological analogies. The author would like to get people thinking about them: %A B. Huberman, ed. %T Computational Ecologies %I North-Holland %D 1988 It does not deal with viruses per se, but does wish to consider distributed systems in an ecological context. --eugene miya ------------------------------ Date: Thu, 24 Mar 88 09:22:45 PST From: jon@june.cs.washington.edu (Jon Jacky) Subject: New constituency for RISKS (Soviets embrace UNIX) Organization: University of Washington >From Electronic Engineering Times, March 7 1988 UNIX POPULARITY EXTENDS INTO USSR by Ray Weiss Unix popularity is spreading. It has even reached the Soviet Union, where Unix classes will be held this summer. A series of one-week classes will be taught in English by instructors from an American company, Lurnix. The classes, to be held in Peraslava some 60 miles north of Moscow, will be open to both Soviets and foreigners. In fact, Lurnix is setting up a tour for Americans that would like to combine travel to the USSR with a study of the operating system. One hangup is the current export policies. They allow Unix object code to be exported, but Unix source code is embargoed. Without source code, Unix cannot be easily adapted to different host computers or special peripherals. Consequently, the classes will concentrate on Unix system administration and programming under the Unix operating system. ... The last project Lurnix worked on was a study that explored networking between grade schools and its effect on learning. The study was funded by the Carnegie Corp. The new classes are part of an effort to establish Unix s a standard in the country's schools. ------------------------------ Date: Tue, 12 Apr 88 15:30:47 MST From: Chris McDonald STEWS-SD 678-2814 Subject: Vendor speak with "functioned" tongue! We recently received a quantity of Unisys terminals. In the operator's manual I was surprised to read the following on the subject of function keys. You can define the keys "to do such things as: Transmit a special password or instruction to the host..." I find it curious that a firm that has indicated its intention to build "trusted systems" against the National Computer Security Center's Orange Book criteria should use such an example. ------------------------------ End of RISKS-FORUM Digest ************************