RISKS@SRI-CSL.ARPA (RISKS FORUM, Peter G. Neumann, Coordinator) (11/20/85)
RISKS-LIST: RISKS-FORUM Digest Wednesday, 20 Nov 1985 Volume 1 : Issue 24
FORUM ON RISKS TO THE PUBLIC IN COMPUTER SYSTEMS
Peter G. Neumann, moderator
Contents:
Doing Something About Risks in Computer Systems (Brad Davis)
Space Program Software (Jerome Rosenberg)
Susceptibility to interference (John Brewer)
Expecting the unexpected (Herb Lin)
Philip W. Anderson's "Case Against Star Wars" (Pete Kaiser)
Summary of Groundrules:
The RISKS Forum is a moderated digest. To be distributed, submissions should
be relevant to the topic, technically sound, objective, in good taste, and
coherent. Others will be rejected. Diversity of viewpoints is welcome.
Please try to avoid repetition of earlier discussions.
(Contributions to RISKS@SRI-CSL.ARPA, Requests to RISKS-Request@SRI-CSL.ARPA)
(FTP Vol 1 : Issue n from SRI-CSL:<RISKS>RISKS-1.n)
----------------------------------------------------------------------
Date: Tue, 19 Nov 85 11:05:34 MST
From: b-davis@utah-cs.arpa (Brad Davis)
To: RISKS@sri-csl.arpa
Subject: Doing Something About Risks in Computer Systems
Often the discussion has touched on failure of software and hardware, but
rarely on levels and methods of protection that should be built into these
systems. Is is good to trade cycles for protection? What are the best ways
to recover from failures? Does anyone have real experiance with these
questions?
Brad Davis
[Clearly these are leading questions! We have indeed mentioned many
good techniques of software engineering that help. But there are no
easy answers -- especially in the absence of specific requirements.
But let's see if any of our readers wants to take a crack at this one.
PGN]
------------------------------
Date: Tue, 19 Nov 85 14:46:49 CST
From: jerome@rsch.wisc.edu (Rosenberg Jerome)
To: RISKS@sri-csl
Subject: Space Program Software
We have heard a great deal about the great successes of the space
program but we rarely hear about the difficulties that have to be overcome
with great effort and dedication. I suggest you direct your readers to the
current issue of DATAMATION for an article by Edward Joyce entitled "The
Art of Space Software". Its subtitle tells a far different story than
some hand-waving protagonists of the SDI tell about the Space software.
The subtitle -- The complicated software labyrinth behind the shuttle is
still far from error-free -- tells the story. The article should serve to
alarm those who are quick to discount the sincere critics of the SDI
software problems. jerome @rsch.wisc.edu
------------------------------
Date: Tuesday, 19 Nov 1985 10:21:51-PST
From: brewer%ace.DEC@decwrl.DEC.COM (too busy for bureaucracy -John 5522026)
To: risks@sri-csl.ARPA
Subject: Re: Susceptibility to interference
RE: Bennett Smith's comments of emi-rfi susceptibility in automobile
control applications... cb's are low power, limited frequency devices. As an
Amateur radio operator, one has to be aware of much higher output power, as
well as a much wider bandwidths. Amateur Radio frequency allocations include
segments from 1.8Mhz to Ghz ranges.
As I remember, some of the control modules are also pretty good
emitters of Emi/Rfi hash as well. Typical (legal) output power of a CB is 5
watts or less. A typical ham radio mobile transmitter output power is
100-200 watts.
Something to think about!
-John
------------------------------
Date: Tue, 19 Nov 85 15:10:41 EST
From: Herb Lin <LIN@MIT-MC.ARPA>
Subject: Expecting the unexpected
To: RISKS@SRI-CSL.ARPA
Regarding your comments about spontaneous failure: The Russians have a
saying regarding rifles used on stage in plays: once every decade an
unloaded gun will fire; once every century a rake will fire.
[Perhaps that is what prompted Stravinsky to stage
"The Rake's Progress". PGN]
------------------------------
Date: Wednesday, 2 Oct 1985 21:32:34-PDT
From: kaiser%furilo.DEC@decwrl.ARPA (Pete Kaiser, 225-5441, HLO2-1/N10)
To: RISKS@SRI-CSLA.ARPA
Subject: Philip W. Anderson's "Case Against Star Wars"
[The following message was put aside for evaluation before my absence.
With the reminder that we of course would like to see more informed
pro-SDI contributions in RISKS as well, Anderson's article seems
worth including -- not because it breaks new ground, but because it
represents a position for discussion. PGN]
The article below, by Professor Philip W. Anderson of Princeton University,
appeared in the Princeton Alumni Weekly of September 25, 1985, and is reprinted
here with the author's permission. Professor Anderson won the Nobel Prize for
Physics in 1977, and was awarded the National Medal of Science in 1982.
Although what Professor Anderson has to say is couched partly in specific terms
of Princeton University and the discipline of academic physics, it seems to me
relevant to basic research in general, and to computer science research and the
discipline of computer science in particular. To me, for instance, it seems to
be very personally a social consequence of the military funding of computer
science research that, while I've worked with computers, there have been many
kinds of work which I couldn't conscientiously do because, although they may be
very interesting, they are done essentially only for military purposes and with
military funding.
Finally, Professor Anderson points out that a great deal of sensible thought can
be brought to social issues even by someone who "isn't ... fascinated by the
technical details." Agreed. We must remember that we're not priests.
---Pete
Kaiser%BELKER.DEC@decwrl.arpa
{allegra|decvax|ihnp4|ucbvax}!decwrl!dec-rhea!dec-belker!kaiser
DEC, 77 Reed Road (HLO2-1/N10), Hudson MA 01749 617-568-5441
----------------------------------
The Case Against Star Wars
Philip W. Anderson, Princeton
I am not an expert on strategic weapons. I'm a theoretical physicist who has
been involved in almost all of physics except atomic bombs. I have not done
classified work since 1945, and that was on radar. My total contribution to the
laser -- a major technical component of the Strategic Defense Initiative, which
is better known as Star Wars -- was roughly that when one of the scientists at
Bell Laboratories who originated the things asked me to predict whether a
certain seminal version of it would work if they built it, I said "Well, maybe."
Fortunately, most of the scientific issues that come up in discussing Star Wars
are very simple ones which require neither specialized nor especially technical
-- and therefore classifiable -- knowledge. One needs to know that it costs
everyone about the same amount to put a ton of stuff into a given orbit and that
this is a major portion of the cost of any space system; that signals can't
travel faster than the speed of light; that it takes roughly as much chemical
fuel to burn through a shield with a laser as the shield itself weighs; that
Americans are not measurably smarter than Russians; and a few other simple, home
truths. Given these, almost everyone comes to much the same conclusions.
If you go through the enormously detailed kinds of calculations on specific
configurations which Richard Garwin and his fellow opponents of SDI felt
necessary to convince the stubborn, you leave yourself open to the kind of
errors of factors of 2 or 4 which Martin Muendel '86 found in his widely
publicized junior paper last spring [Princeton Alumni Weekly, May 8] and which
then -- to the lay person -- seem to weaken the whole structure. This is a
particularly tough game because Star Wars advocates do not themselves propose
specific configurations and present specific calculations that can be shot down;
their arguments are given in terms of emotional hopes and glossy presentations.
This is why I think it is good for the argument against SDI to be made by a
mentally lazy, non-expert person like myself who isn't particularly fascinated
by the technical details.
The reasons for not building Star Wars are essentially identical to those which
led both us and the Russians to abandon, for practical purposes, the antibal-
listic missile in 1972 and to sign a treaty restricting ABMs. It is important
to understand that reasoning -- and perhaps it is less emotionally charged than
Star Wars since it is now history and not even controversial history anymore.
Why would anyone feel that a defense against missiles was useless and, in fact,
dangerous and destabilizing?
There are three stages, each more certain than the last: (1) It probably
wouldn't work, even under ideal conditions. (2) It almost certainly wouldn't
work under war conditions. This puts us in the dangerous and unstable situation
of the gunfighter who doesn't know if his gun is loaded. (3) Most certain and
conclusive of all, *each defensive system costs, inescapably, at least 10 times
more than the offensive system it is supposed to shoot down*. Thus it pays the
other side to increase its offensive arsenal until the defender is bankrupt, and
the net result is an *increase* in armaments and a far more dangerous situation,
without any increase in safety.
The offense has, inescapably, enormous advantages: its missiles are sent at
will, in any desired sequence and quantity, with any number of decoys and other
deceptive countermeasures, preprogrammed at leisure to hit their targets; the
defense has to find them, sort them out, get into space at a time not of its own
choosing, and then kill the warheads it finds with nearly perfect accuracy. In
the case of ABM, there were other problems, such as that the explosions were
over the defending side and that the first few explosions probably blacked out
the whole shooting match, but that was sufficient argument against.
As far as almost everyone in and out of the Defense Department was concerned,
until March 1983 this situation was an accepted fact. No technical breakthrough
had or has changed those realities. The change has been purely political and
emotional, and hence now financial. President Reagan's March 1983 speech, as
far as anyone can ascertain, was not preceded by any serious technical review,
but quite the opposite: the most recent and urgent internal study of antimissile
defenses had come out negative on all possible schemes.
Apparently, the President based his speech and his subsequent program on a
collection of rather farfetched suggestions -- farfetched but by no means secret
and previously unknown -- which, to the outside scientific observer, seem to
deserve the oblivion that the last pre-Star Wars study consigned them to. These
schemes amount to a way for the defense to spend more per missile and still let
through a large fraction of the offensive missiles. The defensive hardware that
has to be got up into space still has to have roughly the same mass as the
offense; in many schemes it has to get there faster; and it still has to be much
more sophisticated and therefore vulnerable and delicate. Key components, in
most schemes, have to be left in space indefinitely, inviting the enemy to track
them with space mines, perhaps the most dangerous tripwire mechanism for stating
a war that one can possibly imagine.
Some Star Wars advocates will protest that I do not mention the one idea which
doesn't founder just on the problem of total mass in space. This is the scheme
of exploding hydrogen bombs in space and directing the explosive energy of the
bombs with lasers to kill very many missiles per bomb -- several hundred to
several thousand, if one is to kill an equivalent cost in missiles! If I could
think of any way such a monstrosity could work as opposed to the many ways it
could not work or be frustrated, I would take it more seriously. Apparently
there has been some good and interesting science done on these lasers, but
unfortunately it is classified; no one, however, seems to claim that it helps
much with the technical problem. I cannot, incidentally, see any way to do
meaningful development on such a weapon without exploding H-bombs in space, a
terrible pollution as well as a violation of what treaties we have.
I think the above would represent reasonably well the views on the technical
realities of most trustworthy physicists to whom I have spoken, in or out of
academia and in or out of the Star Wars program. In academic physics depart-
ments, which receive relatively little support from the DOD, a pledge form has
been circulating stating that the signer opposes SDI as unworkable and will not
seek SDI funds; this has had a high percentage of signers everywhere it has been
circulated and its preliminary circulation in Princeton over the summer encoun-
tered only a few holdouts. Those who do not sign feel, primarily, that research
in any guise shouldn't be opposed, while agreeing personally that the systems
proposed are unworkable and destabilizing.
Perhaps it would be worthwhile, therefore, for me to explain why I feel the
large increment of research funds earmarked by President Reagan for SDI is a
very bad thing for the research community, as well as for the country as a
whole. You will note that I said *increment*; every year before Star Wars, we
spent $1 billion in ABM research and development. My main reason is that, on
the whole, Star Wars will represent a further acceleration of three extremely
disturbing trends in the direction of research funding in this country.
First, we are seeing a decrease in basic research relative to mission-oriented,
applied research. The basic research agencies -- National Science Foundation,
Basic Energy Sciences in the DOE, and National Institutes of Health -- have been
maintained at level funding while their missions have been gently skewed toward
applications and engineering by piling more applied responsibilities on them.
At the same time, while the Administration has cut back on development in some
civilian sectors, it has more than compensated by increasing the amount of
applied work for the military.
Second, there is a trend away from scientific administration of federal research
money -- mostly done by the system of "peer review" -- to micromanagement either
by bureaucrats, or, increasingly, by Congress, with all the logrolling possibil-
ities that entails. The three institutions mentioned above, especially NSF and
NIH, operate by subjecting each grant to a jury or other scientists. Like most
democratic procedures, this system is worse than everything except the alterna-
tives; its effect has been reviewed repeatedly and there is no serious doubt
that it works. Military "research," on the other hand, has always operated on
the arbitrary whim of the contracting officers. In the early days after World
War II this administration was a benevolent despotism, but the adjective has
long since lost its meaning. Most of the in-house DOD laboratories have been
rather a scandal in the research community. The dominant motivation in this
system seems to be the standard bureaucratic one of "empire building."
Third, from the point of view of the country as a whole, perhaps the most
dangerous trend is the shift from civilian to military dominance of our federal
research and development spending. Under the Reagan Administration, this has
grown to 72 percent military, up from about 50 percent a decade ago. Everyone
has been told -- and DOD sees to that -- of the great economic benefits of
"spin-off" from military development, but if they exist (and I have never found
an economist who believes in them), they are not evident in our recent economic
performance vis-a-vis Japan and Germany. In fact, in a country like ours with a
serious shortage of trained engineers and scientists, a shortage which would be
crippling if we did not attract great numbers of them from overseas to staff our
universities and research laboratories, the waste of our precious technical
expertise on military hardware is a serious economic debit.
From Princeton's point of view, all of these trends are disturbing. As a top-
flight research university, a heavy percentage of our funding is in individual
support of independently functioning basic scientists, mainly peer-reviewed and
to a large extent from the agencies mentioned above. We have not had to resort
to logrolling political tactics, nor have we had to accept micromanagement, DOD
control of publications, or limitations on citizenship of students to keep our
research funded. SDI control of funding, and in general the shift of research
funding to the military, is a serious danger to the independence of Princeton as
a research university.
Of course, this is a narrow and slightly parochial view, but it is nonetheless
serious. Certainly it is more important that the naive emotional appeal of the
Star Wars concept is being used so blatantly to defuse the country's strong
desire for nuclear disarmament, and to turn this emotional pressure into yet
another excuse for enriching the arms manufacturers and building up a dangerous
and worthless arsenal of nonsensical armaments. To paraphrase Murph Goldber-
ger's testimony on the ABM: Star Wars is "spherically" senseless -- that is,
silly no matter how you look at it.
[End of Philip Anderson's statement, and of Pete Kaiser's Message.]
------------------------------
End of RISKS-FORUM Digest
************************
-------