RISKS@KL.SRI.COM (RISKS FORUM, Peter G. Neumann -- Coordinator) (01/20/89)
RISKS-LIST: RISKS-FORUM Digest Thursday 19 January 1989 Volume 8 : Issue 11
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
Risks of no backup systems for critical applications (Yoram Eisenstadter)
Computer malfunction downs traffic lights, one killed, one injured
(Scott Campbell)
Chaos Theory Predicts Unpredictability (PGN)
China accused of software piracy (PGN)
Friday the 13th Again (PGN)
Computer error locks out politicians (D. Steele)
Re: Losing Systems (Jerome H. Saltzer)
Technical brilliance v. commercial acumen (Jerry Harper)
National Credit Information Network (Sidney Marshall)
Re: Ethics of the Internet (John Gilmore)
RISKs of reading newspapers: Credit card fraud is not hacking. (Mike Van Pelt)
Counting engines (Don Alvarez)
The RISKS Forum is moderated. Contributions should be relevant, sound, in good
taste, objective, coherent, concise, and nonrepetitious. Diversity is welcome.
* RISKS MOVES SOON TO csl.sri.com. FTPable ARCHIVES WILL REMAIN ON KL.sri.com.
CONTRIBUTIONS to RISKS@CSL.SRI.COM, with relevant, substantive "Subject:" line
(otherwise they may be ignored). REQUESTS to RISKS-Request@CSL.SRI.COM.
FOR VOL i ISSUE j / ftp KL.sri.com / login anonymous (ANY NONNULL PASSWORD) /
get stripe:<risks>risks-i.j ... (OR TRY cd stripe:<risks> / get risks-i.j ...
Volume summaries in (i.j)=(1.46),(2.57),(3.92),(4.97),(5.85),(6.95),(7.99).
----------------------------------------------------------------------
Date: Thu, 19 Jan 89 00:16:37 EST
From: Yoram Eisenstadter <yoram@garfield.cs.columbia.edu>
Subject: Risks of not having backup systems for critical applications
The following article, which appeared in the "Metropolitan Diary"
section of today's New York Times, illustrates the risk of not having
backup systems for super-critical computerized applications.
The other day, Gloria Ross was late for an appointment at a
company on the Avenue of the Americas. She holds herself
blameless for being tardy and in defense she offers this
explanation:
The high-technology building where the company has its
offices has a computerized directory. To find the floor of the
person you wish to visit, you push a button with the first letter
of the last name.
Aware of this procedure, Ms. Ross pressed the button marked
"O" on one of the computer monitors mounted on a large black
column. Nothing happened. A guard told her to try the next
column. Again, nothing. The computer was down. Her next stop:
the information desk in the lobby.
"I get my information the same way you do, lady," the man at
the desk said, informing her that even he did not have a printed
directory...
The article goes on to describe the chaos that ensued in the building, with
"dozens of people desperately cruising from floor to floor" looking for the
right offices. Let's hope that the building's managers learned the obvious
lesson from this incident.
------------------------------
Date: Wed, 18 Jan 1989 22:48:49 PST
From: Peter Neumann <neumann@csl.sri.com>
Subject: Computer malfunction downs traffic lights. One killed, one injured.
One child was killed and another injured [Mon 9 Jan 1989] when they were hit
by a truck after entering a crosswalk where the pedestrian signals were not
working. The malfunction was caused by a computer error that affected
traffic signals at 22 school crossings. The pedestrian signal cycles failed
to switch to the school schedule. The cause reportedly may have been a
breakdown in the radio communications between a computer in Colorado Springs
and an atomic clock in Boulder. [Colo Spgs Gazette Telegraph, 10 and 11 Jan
1989; contributed by Scott Campbell, PAR Gov't Sys Corp, Colo Spgs.]
------------------------------
Date: Wed, 18 Jan 1989 22:39:33 PST
From: Peter Neumann <neumann@csl.sri.com>
Subject: Chaos Theory Predicts Unpredictability
A physicist who applied the new mathematics of `chaos theory' to the Star Wars
missile shield foudn that the equations pointed again and again to crisis and
war or -- at best -- a continued and precarious balance of terror. ``The
question is not really Star Wars, but what do you do if all you can predict is
unpredictableness?'' Alvin M. Saperstein of Wayne State University asked [at
the AAAS meeting in San Francisco]. [From an article by Charles Petit, SF
Chronicle, 18 Jan 1989, p. A18]
------------------------------
Date: Wed, 18 Jan 1989 22:32:31 PST
From: Peter Neumann <neumann@csl.sri.com>
Subject: China accused of software piracy
Beijing (Washington Post, 18 Jan 1989) --
American companies are losing "many millions" of dollars in potential
business in China because the companies' computer softwae has been widely
pirated... China has no copyright law of its own...
------------------------------
Date: Wed, 18 Jan 1989 22:28:34 PST
From: Peter Neumann <neumann@csl.sri.com>
Subject: Friday the 13th Again
There were various reports of Friday-the-13th virus deletions in Britain,
attacking MS-DOS systems. The so-called virus "has been frisky and
hundreds of people, including a large firm with over 400 computers, have
telephoned with their problems," according to Alan Solomon, director of S
and S Enterprises, a data recovery center in Chesham. The virus reportedly
bore similarities to the Friday the 13th Israeli virus (13 May 1988, the
previous Friday the 13th). [Source: SF Chronicle, 14 Jan 1989, p. B1]
------------------------------
Date: Thu, 19 Jan 89 09:27:15 EST
From: uivkey@NADC.ARPA (D. Steele)
Subject: Computer error locks out politicians
Just to show that computer systems play no favorites in politics,
local news reports are blaming a computer error for denying Pennsylvania
Republicans tickets and access to many of the Presidential inauguration balls
and festivities. The politicians are complaning "its like being all
dressed up with no place to go".
Submitted by Scott Berger, Naval Air Development Center, Warminster, PA
------------------------------
Date: Thu, 19 Jan 89 12:31:05 gmt
From: "Jerome H. Saltzer" <jhs%computer-lab.cambridge.ac.uk@NSS.Cs.Ucl.AC.UK>
From: Jerome H. Saltzer <Saltzer@LCS.MIT.Edu>
Subject: re: Losing Systems
The question as to why there are so many losing systems may have a simpler,
more fundamental answer than has been suggested in the contributions over the
last couple of weeks. So far, those contributions have (1) suggested
incompetence in management or technical ability, and (2) questioned some of the
currently fashionable magic bullets, such as structured programming.
I believe that the more fundamental answer is that the pace of improvement of
hardware technology in the computer business has, for 35 years now, simply been
running faster than our ability to develop the necessary experience to use it
effectively, safely, and without big mistakes.
The losing systems almost always contain some elements of newness; in fact on
close inspection they usually contain several such elements. (If someone
claims there is nothing new in a project that involves software development,
then ask why they aren't just using previously existing software. It is the
attraction of taking advantage of new possibilities, usually as the result of
hardware being either more functional or cheaper than it used to be, that leads
to new software systems.) If these new elements were to arrive on the scene
one at a time, and spaced far enough apart that thorough experience could be
assimilated with each previous new element, then I submit that traditional
engineering practice, as applied to pyramids, cathedrals, bridges, consumer
electronics, and even airplanes, would lead to higher success probabilities.
Mistakes would still be made, but they would tend to occur on the far-out
projects that are expected to carry an element of risk, rather than the ones
that intuitively seem like they ought to be routine, such as automating the
county records.
Arguing that managers should become computer wizards, or offering structured
programming to fix the problem, just don't seem to me to get to the heart of
this more fundamental issue.
When the technology ground rules change at a rate that is ten times faster than
in other engineering disciplines, it would seem that unless one can figure out
how to accumulate and assimilate experience also at a ten-times-faster rate,
system failures are an expected result. Perhaps a more interesting question is
how it is that some computer systems manage to be successful. I observe two
related things that are often associated with successful systems:
1. Those systems that are successful are usually conservative, with
somewhat simpler objectives than the state of technology would have
permitted.
2. Systems that are succesful often had the management advantage
of a system dictator who had the absolute power to say NO to
ideas that didn't seem to fit in. A dictator is one of the
few mechanisms that can keep an implementation conservative in
the face of pressures to be state-of-the-art.
My conclusion from these observations is that since: (1) it is hard to be
conservative in the face of tempting technology advances; and (2) appointing
dictators isn't a common management practice; successful systems aren't very
common either. And having conservative goals and a dictator doesn't guarantee
that the system will be winning or that its future users will like it, it just
sets the stage for that possibility.
Jerry Saltzer
------------------------------
Date: Thu, 19 Jan 89 15:34:31 GMT
From: Jerry Harper <jharper@euroies.UUCP>
Subject: Technical brilliance v. commercial acumen
Steven C. Beste made the point that managers are trying to come to grips with
computer technology moreso now than ever before; this I would generally agree
with subject to the caveat that the degree of managerial immersement in the
technology will never match that of the technical expert. One of the last
companies I was consultant to actually lost sales because the management didn't
understand either the product or the market, and knowing both was especially
important as the company was making the transition from conventional DP through
Cobol to providing a logic programming environment on a mainframe. The
permanent technical staff couldn't have sold their souls for ice pops and the
management were having fiercesome difficulty in making the paradigmatic shift
from Cobol inspired projects to AI (expert system bespoke applications). Just
as you thought the management was grasping the core issues Sisyphus would pop
up and roll progress back. Even more lamentable were the salesforce who new
sweet f.a. about either methodology. Because AI was "sexy" the salespeople
were inclined to promise the earth (one salesman reckoned he had a contract for
a complete CASE system for a major motor manufacturer in the UK even though
neither he nor the company had any experience in this area) and take umbrage
when it was explained that the company simply couldn't deliver. The net result
was that the company became unsatisfactory for quite a number of the technical
people who carried their skills elsewhere.Nevertheless, observing the company's
progress from a distance it seems to be doing quite well and the mangement have
made the learning curve.
------------------------------
Date: 18 Jan 89 15:50 EST
From: marshall.wbst@Xerox.COM
Subject: National Credit Information Network
I just received in the mail as part of the BYTE magazine package of postcards
from manufacturers etc. a post card selling a program capable of accessing the
National Credit Information Network (if I qualify). Here is the text of the
postcard (the typography of the card was ragged and this is as exact as I could
make it):
NATIONAL CREDIT INFORMATION NETWORK
ON-LINE ACCESS PACKAGE
AVOID SLOW PAY - NO PAY HIRE QUALITY EMPLOYEES
SAVE $200.00 $498.00 * SAVE $200.00
-------------------------------------------------------
* Federal Trade Commission Regulated data "
* 250 Million Credit Profiles on Individuals
* 9 Million Credit Profiles On Business
* Drivers License Records from 49 of 50 States
* Nationwide Tracing Of Social Security Numbers
* Information / 1000 Credit Bureaus Nationwide
-------------------------------------------------------
IF YOU QUALIFY FOR ACCESS...THIS INFORMATION IS IDEAL FOR:
-------------------------------------------------------
* Qualifying Clients, Buyers, Sellers, Potential Partners
* Pre-employment Qualification for your firm
* Collecting Delinquent Accounts made easier
* Nationwide Skip Tracing via Social Security Number
* Child Support Litigation and/or Collection Data
* Extension of Credit -OR- Opening an Account
-------------------------------------------------------
FREE ON-LINE DEMO
"MONEY-BACK GUARANTEE
IF YOU DO NOT QUALIFY
-------------------------------------------------------
CALL NOW for an immediate on-line presentation
Set your computer/modem to support {300, 1200 or 2400 baud}, (8-N-1 or
7-E-1 format}, & {full duplex and xon/xoff handshaking}.
Have your modem dial the NCI Network.
From Cincinnati, Ohio dial 521-4420 Nationwide dial 1-513-521-4420
After connection, slowly press the [ENTER] key 4 times.
When prompted for a Username: type DECK4 then press [ENTER]
-------------------------------------------------------
For more information use the reverse side of this card or call
1-800-242-6246
Is this scary or what?
--Sidney Marshall
------------------------------
Date: Wed, 18 Jan 89 17:29:00 PST
From: gnu@toad.com (John Gilmore)
Subject: Re: Ethics of the Internet
Someone [Cliff Stoll neglected to say who] wrote in "Ethics of the
Internet", draft RFC:
> The IAB strongly... characterized as unethical and unacceptable any
> activity which purposely: ... or (e) compromises the privacy of users ...
Does the NSA monitoring the Internet come under these guidelines?
Or are there some things that THEY are secretly allowed to do, while
WE are publicly told that these things are unethical and unacceptable?
If they aren't monitoring the net, why do they have 5 IMPs?
John Gilmore {sun,pacbell,uunet,pyramid,amdahl}!hoptoad!gnu gnu@toad.com
------------------------------
Date: Wed, 18 Jan 89 14:30:37 PST
From: Mike Van Pelt <mvp@v7fs1.UUCP>
Subject: RISKs of reading newspapers: Credit card fraud is not hacking.
I read the excerpt from the 1/17/89 "The Australian" with extreme aggravation.
Where do these idiot reporters get the idea that garden-variety credit card
fraud has anything to do with computer "hacking" by any definition of "hacking"?
The only place where computers even came into the story was that the criminals
were using bulletin boards to distribute the stolen credit card numbers.
With the exception of the first paragraph of the story, of course. The
paragraph which had all the obligatory vague references to "defence and banking
networks". This paragraph, which speaks of the alleged "hackers" breaking into
alleged dial-up numbers to alleged "anti-ballistic missile launch silos" is
obviously bogus. The only country on this planet that has any anti-ballistic
missiles is the Soviet Union.
Mike Van Pelt Video 7
------------------------------
Date: Wed, 18 Jan 89 15:20:50 EST
From: Don Alvarez <boomer@space.mit.edu>
Subject: Counting engines
Various contributors have discussed the relative merits of two or three engine
planes. Anybody who thinks they can rate the reliability of a commercial jet
simply by counting the numbers of engines is certainly ignoring something.
Engineering is tradeoffs. I challenge anyone to present a pair of airplanes
whose relative reliabilty can be determined simply by counting the number of
engines.
Imagine two planes which are identical except that one plane has 2
Bratt&Zittley Foobar-900 engines, and the other has 3 B&Z F-900 engines. Well,
clearly the second will fly better on n-1 engines, but it takes in the same
number of $ in revenue for each flight, and costs 50% more to maintain than the
2 engine plane. Economics tells you that the $ have to be made up somewhere.
Chances are you will do a risk/benefit analysis and drop the maintenance
schedule on the second until its reliability drops to the level of the cheaper
plane. Otherwise you go broke. If you say the second plane brings in more
revenues because it holds more seats, then either you are overloading the
airframe of the second plane or else it is bigger than the two engine plane.
If you overload the airframe, that clearly affects safety. If its a bigger
plane, then its a different plane, and you can't compare apples and oranges.
Ditto for putting smaller engines in the three engine plane.
Second guessing the tradeoffs made in designing a system as complicated as a
commercial airliner is more than a simple exercise in counting.
- Don Alvarez
------------------------------
End of RISKS-FORUM Digest 8.11
************************
-------