RISKS-LIST: RISKS-FORUM Digest Friday 3 June 1988 Volume 7 : Issue 3 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: OTA Report: Science, Technology, and the First Amendment (Jan Wolitzky) Disasters and computer facilities (Rodney Hoffman) Running as root; Hinsdale redundacy; Daedelus (David Herron) Optimizing PL/I (Bard Bloom) Re: Auckland cable cars (Richard A. O'Keefe) My experience with metal balloons (David J. Edgerton) Halon (Romain Kang) Virus collection (Robert Slade) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome. Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM. For Vol i issue j / ftp kl.sri.com / get stripe:risks-i.j ... . Volume summaries in (i, max j) = (1,46),(2,57),(3,92),(4,97),(5,85),(6,95). ---------------------------------------------------------------------- Date: Thu, 2 Jun 88 08:02 EDT From: research!wolit@research.att.com Subject: OTA Report: Science, Technology, and the First Amendment The U.S. Congress's Office of Technology Assessment (OTA) recently issued a special report that may be of interest to readers of the RISKS Digest. It is entitled, "Science, Technology, and the First Amendment," (OTA-CIT-369, Washington, DC: U.S. Government Printing Office, January, 1988, 73 pp., $3.50). The table of contents follows: I. Freedom of the Press in the Information Age 1. New Technologies for Gathering News and Information Newsgathering Computer Databases Media Satellites Implications for Privacy Implications for National Security 2. New Technologies for Editing and Selecting News and Information Electronic Publishing Editorial Control and Liability Global Networks and the International Press 3. New Technologies for Publishing and Disseminating News and Information The Convergence of the Media Cable Television Information Services Delivered Over Telephone Lines II. Scientific Communications and the First Amendment 4. National Security and Scientific Communications Science, Free Speech and National Security The Executive Branch and Classification of Documents Export Controls 5. The 1980s: Converging Restrictions on Scientific Communications Contractual Restrictions on Communications Restrictions on Informal Communications Self-Restraint National Security Directives and the Role of the National Security Agency 6. Constitutional Issues: An Overview Jan Wolitzky, AT&T Bell Labs, Murray Hill, NJ; 201 582-2998; mhuxd!wolit (Affiliation given for identification purposes only) ------------------------------ Date: 2 Jun 88 11:56:13 PDT (Thursday) From: Rodney Hoffman Subject: Disasters and computer facilities The 'Wall Street Journal' for Tuesday, May 31 features a story by Wendy L. Wall headlined "FEW FIRMS PLAN WELL FOR MISHAPS THAT DISABLE COMPUTER FACILITIES" (page 25 -- front page of Section 2). The lead sentence says, "Welcome to the era of the electronic disaster." Starting with a review of the Hinsdale fire and its effects, the story discusses "accidents that disable the concentrated computer and telecommunications networks on which companies depend increasingly for basic tasks.... In a recent University of Texas study, 75% of businesses surveyed said they would have a 'critical or total loss of functioning' within 14 days if they lost their computer support.... Serious disruptions ... are becoming more common as computers spread...." "Most businesses are ill-prepared to cope with electronic disasters, computer and communications specialists say.... Many top executives 'don't realize that the value of the information (in the computer) could very easily be worth several times the value of their hardware, software and building,' says Steven Christensen, a researcher at UT. In addition, the cost of insurance or backup computer systems can be high...." Besides dividing operations between several sites, the other major precaution taken by a growing number of companies is buying disaster insurance to use backup computer centers and networks: "The two largest disaster-recovery companies ... have nearly 1500 clients...." The major example used in the story is that of wholesaler United Staioners, which has spent nearly $1 million a year on emergency preparations which served them well in the present Hinsdale fire: "Within hours, they dispatched a 31-man team, with backup data tapes, to an insurer's computer facility in New Jersey.... By the next day, they had reconstituted their entire computer network.... Although all this cost some $600,000 over two weeks, including a $40,000 fee for the insurer and travel costs for the 31 people sent to New Jersey, it probably saved the company at least $30 million in sales during that time, says United Staioners' CEO. Even more important, he adds, was the boost to customer confidence." [Stationers? Stainers? Stallioniers? P.] ------------------------------ Date: 2 Jun 88 16:36:56 GMT From: David Herron Subject: A few points from recent risks Organization: U of Ky, Math. Sciences, Lexington KY Running as root bad: Someone from CMU berated the fella who'd messed up his disks for doing dumps as root and suggested instead running as "sys". hmm. My first thought was "what about files that people have protected against global reading? You'd need root to be able to read them". But dump reads directly from the device... no problem. I'd suggest a small change -- make the permissions "400" rather than "444" to prevent "everyone" from being able to read the disk. In general however I've found it very good to engrave some of the more mystical and hard to remember incantations into shell scripts and the like. One of the first projects I did here was to come up with a backup procedure for our systems. I of course used shell scripts for the whole thing... I also put a sticker on the console giving the format of the backup command for those times when I was typing it directly, and relied on that sticker to jog my memory. Multiple routes aren't multiple routes if they're the same physical route: About the Hinsdale stuff. There were a number of trunks heading into the same building using the same exact physical route, right? And the claim was that the trunks were going over different routes. Well, this just isn't a very good assumption -- obviously. One only needs to remember the arpanet outage a year or so ago where a backhoe dug up some cables. All of New England's ARPANET traffic was ultimately routed through the cables that were in that one trench, yet they were separate cables going over different "routes". sigh [See RISKS-4.30. PGN] I think that we (as telecommunications customers) should have the ability to demand proper seperate routes (physical routes) for backup communications ... Daedelus thumb stuff: Um, joke or no I'm surprised nobody got scared over the same thing I was immediately scared over. That there's all these financial transactions sitting on my thumbnail and every time I purchase something I'm potentially telling the store all of my financial dealings for the past N months. That's a disclosure of information they have no need or right to know. Weell... they have a "need" in that it would give them a better idea of who they're dealing with, but I certainly don't want to be giving them such detailed information. David Herron ------------------------------ Date: Thu, 2 Jun 88 23:22:40 edt From: Bard Bloom Subject: Optimizing PL/I > Yes, and for this reason, I've always liked the IBM translators, and > particularly the PL/I optimising compiler. PL/I told you (as a > warning-level message) when it detected and deleted unreachable code. The last time I used an IBM PL/I optimizing compiler (some years ago), I had a procedure which took two 32-bit integer arguments. I called it with the constant arguments 1 and 1. It produces some cosmically weird results. Eventually I put a print statement after the procedure entry; when the 1's got passed to the procedure, they were somehow transformed into 65536's. Somehow the compiler was interpreting the 1's as 16-bit numbers and putting them in the wrong half of the 32-bit arguments. I immediately switched to non-IBM PASCAL. -- Bard Bloom ------------------------------ Date: 2 Jun 88 07:38:09 GMT From: quintus!ok@Sun.COM (Richard A. O'Keefe) Subject: Re: Auckland cable cars (Willis Ware, RISKS-7.1) Organization: Quintus Computer Systems, Mountain View, CA It's about a year since I was last home, but Auckland didn't have any cable cars then, and I very much doubt that they've got any now. (The Museum of Transport and Technology has a small tram system, but those are old trams and have no computers.) There's a cable car in Wellington such as Willis describes, but then, Wellington is only the capital, can't expect people to get _that_ right. If the paper was the Sun, I've heard that it's typeset by computer, perhaps that is the risk story? [Willis noted he read an Auckland newspaper. We'll assume the cable cars were really in Wellington, unless someone else contradicts it... PGN] ------------------------------ Date: Thu, 2 Jun 88 14:26:20 PDT From: edgerton%csdpie.DEC@decwrl.dec.com Subject: My experience with metal balloons About 2 years ago (Summer of 86) I bought a metallic balloon for my 2-year old daughter. It had a metal "string" about six feet long. When we were getting into the car, she let go of it, and it flew up into the corner of the parking lot and tangled up in the power transformer there. It shorted out the transformer and killed power for half the town. After my initial surprise at the damage, and feeling lucky that I didn't have to pay for the damage, several thoughts crossed my mind. 1. That metal string should never have been used. Some powerline droop fairly low. 2. I jokingly told some friends that you could really "take out" the power of a town fairly easily. I was not aware how fragile our power system was. 3. The potential for mischief and vandalism implied by #2. David J. Edgerton ------------------------------ Date: 2 Jun 88 19:26:02 GMT From: pyrnj!romain@rutgers.edu (Romain Kang) Really-From: pyrnj!john@rutgers.edu (John Kurzman) Subject: Halon In RISKS 6.87, Anita Gould asks about dry-run tests of halon equipment. Here is a fortunate experience from such a dry-run: To test that the equipment had been installed properly in a computer room, a gas other than halon was put in the tanks. The alarm was then triggered manually, and the room was evacuated. Normally, the operator would have manually shutdown the system (Operating System, not power down), and then left the room. Since this was only a drill, the operator left immediately. When we returned to the room, one of the 'dispersers' from the tank had shot itself across the room and was embedded in the wall. These 'dispersers' are cork-screw shaped metal objects, and have quite a point. In line with the trajectory of the disperser was the operator's chair at the console. If the operator had actually stayed too long in the room to insure an orderly shutdown of the system, his own shutdown would have instead occured. The tank was then turned to aim elsewhere, but the dispersers are normally not supposed to leave the tank. ------------------------------ Date: Thu, 2 Jun 88 07:15:54 PDT From: Robert_Slade@mtsg.ubc.ca Return-Path: <@um.cc.umich.edu:Robert_Slade@mtsg.ubc.ca> Subject: Virus collection Re: my offer of the collected virus messages: please note that American postage is no longer acceptable. Send a 5 1/4" double sided, double density MS-DOS 2.xx or 3.x formatted 360K floppy diskette, with a self addressed *Canadian* stamped mailer to: Robert Slade, 3118 Baird Road, North Vancouver, B. C. V7K 2G6 Thanks to all of those who have followed the proper form. I hope the American stamped packages have not suffered too greatly at the hands of customs. ------------------------------ End of RISKS-FORUM Digest ************************