RISKS-LIST: RISKS-FORUM Digest Wednesday 29 March 1989 Volume 8 : Issue 46 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: B-1B wept-swing swept-wing (PGN) Soviets Lose 2nd Mars Probe (PGN) Satellite failure due to unremoved lens Cap (PGN) Technology strikes again -- Dodge Spirits and Dodge Fever (Matt Fichtenbaum) Suing over runaway computer systems (Rodney Hoffman) Virus Hits Hospital Computers (Rodney Hoffman) Prank Virus Warning Message (Bruce N. Baker) Subversive bulletin boards (Eric Percival) UK Computer Threat Research Association (David J. Ferbrache) Will the Hubble Space Telescope Compute? (Paul Eggert) The Airbus disaster and Ada (Ted Holden via Bob Burch via jpff) DIAC-90 -- Call for Papers (Douglas Schuler) ---------------------------------------------------------------------- Date: Wed, 29 Mar 1989 10:49:24 PST From: Peter Neumann Subject: B-1B wept-swing swept-wing The Air Force temporarily grounded its fleet of B-1B bombers yesterday after the wings on one of the planes malfunctioned just before a training flight... The crew could not get the plane's wings to move back and forth in tandem and, at one point, the left wing apparently moved too far forward and punctured a fuel tank inside the fuselage. The wings are normally swept back for high-speed attack runs and forward for takeoffs and landings... The B-1B still has problems with its radar-jamming gear... [San Francisco Chronicle, 29 March 1989, p. A11] ------------------------------ Date: Wed, 29 Mar 1989 10:51:29 PST From: Peter Neumann Subject: Soviets Lose 2nd Mars Probe The Soviet Union has lost radio contact with its backup spacecraft to Mars and the Martian moon Phobos... In September 1988 the Soviets lost contact with the first of the twin Martian probes, Phobos I. [See RISKS-7.53 and 56.] ------------------------------ Date: Wed, 29 Mar 1989 10:56:52 PST From: Peter Neumann Subject: Satellite failure due to unremoved lens cap A $140 million Star Wars Satellite [launched on 24 March] failed one of its first tests... The satellite was meant to observe the firing of a nearby rocket in space but was unable to do so because a lens cap blocked its view. The lens cover stayed on a sensor too long, blocking it from tracking the second-stage engine as it drifted away in space. As a result, the satellite was pointed in the wrong direction to view the longer of the second-stage firings. [San Francisco Chronicle, 28 March 1989, p. A10] ------------------------------ Date: Mon, 27 Mar 89 16:22:43 EST From: mlf@genrad.com (Matt Fichtenbaum) Subject: Technology strikes again -- Dodge Spirits and Dodge Fever I test-drove a Dodge Spirit last week. It had Chrysler's new 4-speed overdrive automatic transmission, which is controlled electronically. As we were sitting in the car before beginning the test drive, the salesman folded down his sun visor, noted the vanity mirror built into it, and said, "Illuminated mirrors! How nice!" So I folded down _my_ visor, lifted the cover on the mirror, and noticed that the lights didn't light. "How did you make yours light?" I asked. "They won't, until we connect a connector under the hood," said he, "we disconnect things that might drain the battery if left on inadvertently." I resolved to check the mirror illumination later. So I drove out from the dealer's lot, accelerated gently to about ten miles per hour, and notice that the transmission had not yet shifted up. "Shift, you!" said I. The salesman then started to laugh embarrassedly and remembered that the transmission controller needed "that connector" reconnected. This time the Spirit wasn't quite willing. [And the Flashers were weak... PGN] ------------------------------ Date: 29 Mar 89 10:41:46 PST (Wednesday) From: Rodney Hoffman Subject: Suing over runaway computer systems Edited excerpts from a feature article by Jeffrey Rothfeder in 'Business Week' magazine April 3, 1989: USING THE LAW TO REIN IN COMPUTER RUNAWAYS MORE UNHAPPY BUYERS ARE TAKING SYSTEMS SUPPLIERS TO COURT Geophysical Systems Corp. hired a Raytheon Corp. subsidiary, Seismo- graph Service Corp., to build a $20 million computer system to process sonar-generated data. The system couldn't do it. Geophysical's clients canceled their contracts, and Geophysical entered bankruptcy. Last December, a Los Angeles jury awarded Geophysical Systems Corp. $48.3 million from to cover computer-system costs and lost profits, although the judge has ordered a new trial to review the size of those damages. Geophysical had claimed that the Seismograph system couldn't meet its complex computation requirements -- and that Seismograph knew this before it started building the system. By finding for his client, says Geophysical's attorney, "the court is saying that if we wanted a computer unable to handle our data we could have gone to Toys 'R' Us and been out $20 instead of $20 million." As computer runaways -- systems that are over budget, installed late, or don't work -- become endemic, fed-up customers are fighting back. And they're using the law to do it. In 1988 the American Arbitration Assn. took on 190 computer disputes, most of them concerning defective systems, totaling $198 million in claims. That was up from 123 cases in 1984, representing claims of $31 million. Dozens of law firms now specialize in high-tech matters. [More tales of (smaller) cases.] When a customer sues, it loses its computer supplier. It may take years to find a replacement and build a new system -- not to mention win the original suit. Because of this, says one attorney, "when you sign a contract for a computer system, you're locked in a deadly embrace with the supplier that you not be able to, or want to, get out of." The boilerplate agreement that suppliers typically offer includes numerous so-called exclusions of warranty that limit the supplier's liability for system failures or delays. Also, the contract usually states that nothing in it is binding unless specifically spelled out. A former Price Waterhouse senior consultant recalls telling customers that it will take "only 72 hours for a crucial software project. But we wouldn't put this into the contract. Then when it took us two months to do the job, we simply explained that the project now costs more because the extra work we did was out of the scope of our agreement." The State of New Jersey reached a settlement with Price Waterhouse over a bungled system to handle licensing and traffic violations for the Motor Vehicles Dept. During nearly two years of negotiations, the accounting firm fixed the system. New Jersey got the system for $1.2 million less than the contracted price, and Price Waterhouse swallowed approximately $2 million in additional project costs. Many customers are starting to demand contract clauses providing for binding arbitration of disputes, and for acceptance tests before the customer pays. Surprisingly, the new legal aggressiveness of customers isn't particu- larly troubling to most systems suppliers. Customer activism may even reduce the number of runaways from an estimated 35% of all current computer projects. Says a systems designer at one Big Eight accounting firm: "It could be just the thing we need to make us more honest." A sidebar lists THINGS TO DEMAND WHEN BUYING A COMPUTER SYSTEM: * ACCEPTANCE TEST. Requires the supplier to run the customer's actual data successfully through the system. * GUARANTEE. The customer pays leasing or purchase charges only after the new system has been working correctly for two months. * BINDING ARBITRATION. Stipulates that the customer can elect to have disputes resolved by an outside arbitrator. * SOFTWARE OWNERSHIP. Give the customer the rights to the system's source code and leaves it in the customer's possession. * SUPPORT. Guarantees that support and servicing for the system will be available for at least a year -- even if the supplier goes out of business. ------------------------------ Date: 29 Mar 89 14:15:09 PST (Wednesday) From: Rodney Hoffman Subject: Virus Hits Hospital Computers A short note in the `Los Angeles Times' 27 March 1989 carried this summary of information from a letter in the 'New England Journal of Medicine': VIRUS HITS HOSPITAL COMPUTERS A "virus" infected computers at three Michigan hospitals last fall and disrupted patient diagnosis at two of the centers in what appears to be the first such invasion of a medical computer, it was reported last week. The infiltration did not harm any patients but delayed diagnoses by shutting down domputers, creating files of nonexistent patients and garbling names on patient records, which could have caused more serious problems. "It definitely did affect care in delaying things, and it could have affected care in terms of losing this information completely," said Dr. Jack Juni, a staff physician at the William Beaumont Hospitals in Troy and Royal Oak, Mich., two of the hospitals involved. "It was pretty disturbing." If patient information had been lost, the virus could have forced doctors to repeat tests that involve exposing patients to radiation, Juni said. The phony and garbled files could have caused a mix-up in patient diagnosis, he said. "This was information we were using to base diagnoses on," said Juni, who reported the case in a letter in the New England Journal of Medicine. "We were lucky and caught it in time." ------------------------------ Date: Tue, 28 Mar 89 08:06:39 PST From: Bruce N. Baker Subject: Prank Virus Warning Message An individual placed a time bomb message on a government service system in the San Francisco Bay Area saying, "WARNING! A computer virus has infected the system!" The individual is learning that such a prank is considered almost as funny as saying that you have a bomb in your carry-on luggage as you board a plane. Bruce Baker, Information Security Program, SRI International ------------------------------ Date: Mon, 27 Mar 89 13:27:32 BST From: Eric Percival Subject: Subversive bulletin boards This week's (26 March.) Sunday Times (UK) has an article relating to a Bulletin Board being run by a 14-year-old boy in Wilmslow, Cheshire, England, which contains information relating to such things as making plastic explosives. Anti-terrorist detectives are said to be investigating for possible breaches of the Obscene Publications Act. Apparently reporters were able to easily gain access to this bulletin board and peruse articles on such subjects as credit card fraud, making various types of explosive, street fighting techniques and dodging police radar traps. One article was obviously aimed at children and described how to make a bomb suitable for use on "the car of a teacher you do not like at school," which would destroy the tyre of a car when it was started. The boys parents did not seem to think that their son was doing anything wrong, preferring him to be working with his computer rather than roaming the streets. A London computer consultant, Noel Bradford, is quoted as having seen the bulletin board and found messages discussing "how to crack British Telecom, how to get money out of people and how to defraud credit card companies. Credit card numbers are given, along with PIN numbers, names, addresses and other details." ------------------------------ Date: 28 Mar 89 09:32:34 GMT From: "David.J.Ferbrache" Subject: UK Computer Threat Research Association For those of you interested an umbrella organisation has been established in the UK to co-ordinate information on, and research into all aspects of computer security. In the first instance one of the organisations primary concerns will be combatting the threat posed by computer viruses by acting as a clearing house for virus information and control software. Below is a copy of an initial letter mailed to prospective members: The Computer Threat Research Association The computer threat research association, CoTra is a non-profit making organisation that exists to research, analyse, publicise and find solutions for threats to the integrity and reliability of computer systems. The issue that caused the formation of CoTra was the rise of the computer virus. This problem has since become surrounded by fear, uncertainty and doubt. To the average user the computer virus and its implications are a worry of an unknown scale. To a few unfortunates whose systems have become a critical issue. The key advantage of CoTra membership will be access to advice and information. Advice will be provided through publications, an electronic conference (a closed conference for CoTra's members has been created on the Compulink CIX system) as well as other channels such as general postings direct to members when a new virus is discovered. CoTra membership will be available on a student, full or corporate member basis. All software that is held by CoTra that enhances system reliability, such as virus detection and removal software, will be available to all members. It is intended to establish discounts with suppliers of reliability tools and services. A library of virus sources and executables and other dangerous research material will be made available to members who have a demonstrable need. A register of consultants who have specific skills in the systems reliability field will be published by CoTra and reviews of reliability enhancing software will be produced. Your support of CoTra will ensure that you have the earliest and most accurate information about potential threats to your computer systems. CoTra, The computer threat research association, c/o 144 Sheerstock, Haddenham, Bucks. HP17 8EX Part of the organisation's aim is to establish reciprocal links with other similar organisations worldwide to facilitate the sharing of experience and rapid flow of information on new threats. To this end if you are involved in, or have contacts with, a similar organisation in your country, please write to CoTra (or by email to me, and I will forward your correspondence) outlining your organisation and its aims. Yours sincerely, Dave Ferbrache, Dept of computer science, Heriot-Watt University, 79 Grassmarket Edinburgh,UK. EH1 2HJ Tel (UK) 031-225-6465 ext 553 UUCP ..!mcvax!hwcs!davidf ------------------------------ Date: Tue, 28 Mar 89 14:57:02 PST From: eggert%stand@twinsun.UUCP (Paul Eggert) Subject: Will the Hubble Space Telescope Compute? M. Mitchell Waldrop's article (_Science_, 17 March 1989, pp 1437-1439) on SOGS is notable for its coverage accessible to the general scientific public, and for its claim that the software engineering community has switched to rapid prototyping. Selected quotes follow. -- Paul Eggert, Twin Sun Inc. Will the Hubble Space Telescope Compute? Critical operations software is still a mess--the victim of primitive programming methods and chaotic project management First the good news: two decades after it first went into development, the $1.4-billion Hubble Space Telescope is almost ready to fly.... But now the bad news: the Space Telescope Science Institute in Baltimore still has dozens of programmers struggling to fix one of the most basic pieces of telescope software, the $70-million Science Operations Ground System (SOGS).... It was supposedly completed 3 years ago. Yet bugs are still turning up ... and the system currently runs at only one-third optimum speed.... If Space Telescope had been launched in October 1986, as planned at the time of the Challenger accident, it would have been a major embarrassment: a superb scientific instrument crippled by nearly unworkable software.... [chronology: 1980-1 2"-thick requirements doc. written by NASA-appointed committee 1981 contract awarded to TRW; peak team included 150 people 1983 first software components delivered later SOGS declared utterly unsuitable. ] The problem was basically a conceptual one. NASA's specifications for SOGS had called for a scheduling algorithm that would handle telescope operations on a minute-by-minute basis.... The tacit assumption was that the system would schedule astronomers on a monthly and yearly basis by simply adding up thousands upon thousands of these minute-by-minute schedules. In fact, that tacit assumption was a recipe for disaster.... The number of possible combinations to consider rises much faster than exponentially.... In the computer science community, where this phenomenon has been well known for about 40 years, it is called ``the combinatoric explosion.'' Accepted techniques for defusing such explosions call for scheduling algorithms that plan their trips with a road map, so to speak. And SOGS simply did not have it. In addition to performance issues, however, SOGS was also deficient in basic design terms. ``SOGS used last-generation programming technology,'' says one senior programmer.... ``SOGS was designed in such a way that you couldn't insert new releases without bringing down the entire system! For days!'' says the science institute's associate director for operations, Ethan Schreier.... Indeed, the fundamental structure of SOGS is so nonmodular that fixing a bug in one part of the program almost invariably generates new bugs somewhere else.... So, where did SOGS go wrong?... One of the main villains seems to have been the old-line aerospace industry approach to software development.... In the wider computer science community this Give-Me-The-Requirements approach is considered a dismal methodology at best... Modern programming practice calls for ... a style known as ``rapid prototyping''... Even more fundamental ... few people at NASA were even thinking about telescope operations in the early years.... the Space Telescope project as a whole was saddled with a management structure that can only be described as Byzantine.... At the hardware level the chaos at the top was reflected in a raft of independently developed scientific instruments and onboard computers, none of which were well coordinated with the others. Indeed, the presumption was that any such problems would be taken care of later in the software.... So, is SOGS fixed now? Maybe. With TRW's help, the institute has spent the past several years beating the system into shape.... On the other hand, such progress has come at a price. SOGS now consists of about 1 million lines of programming code, roughly ten time larger than originally estimated. Its overall cost has more than doubled, from $30 million in the original contract to roughly $70 million.... In both NASA and Pentagon contracting, the cost of the old-line approach is becoming all too apparent. Indeed, it has become a real sore point in the computer community. ``It's the methodology that got us to Apollo and Skylab,'' says [James] Weiss [data systems manager for Space Telescope at NASA headquarters]. ``But it's not getting us to the 1990s. The needs are more complex and the problems are more complex.'' ``SOGS,'' he says, ``is probably the last example of the old system.'' ------------------------------ Date: Wed, 29 Mar 89 11:03:08 BST From: jpff@maths.bath.ac.uk Subject: The Airbus disaster and Ada This is a question for RISKS. I found this on the network. Can any RISKS-readers answer it? From: bob@imspw6.UUCP (Bob Burch) Newsgroups: comp.misc,comp.lang.ada Subject: French Airbus Disaster / Ada? Date: 27 Mar 89 12:37:11 GMT Organization: IMS, Rockville, MD I am hearing a couple of versions of the role which the Ada programming language might or might not have played in the air-bus disaster at the Paris Air Show about a year or so ago. I would appreciate hearing from anyone who actually knows anything about this topic. Ted Holden, HTE ------------------------------ Date: Wed, 29 Mar 89 08:08:18 pst From: Douglas Schuler Subject: DIAC-90 Call for Papers DIRECTIONS AND IMPLICATIONS OF ADVANCED COMPUTING DIAC-90 Boston, Massachusetts July 28, 1990 Computer technology significantly affects most segments of society, including education, business, medicine, and the military. Current computer technology and technologies that seem likely to emerge soon will exert strong influences on our lives, in areas ranging from work to civil liberties. The DIAC symposium considers these influences in a broad social context - ethical, economic, political - as well as a technical context. We seek to address directly the relationship between technology and policy. We solicit papers that address the wide range of questions at the intersection of technology and society. Within this broad vision, we request papers that address the following suggested topics. Other topics may be addressed if they are relevant to the general focus. RESEARCH DIRECTIONS DEFENSE APPLICATIONS + Research Funding Sources/Effects + AI and the Conduct of War + Software Development Methodologies + Autonomous Weapons Systems COMPUTING IN A DEMOCRATIC SOCIETY COMPUTERS IN THE PUBLIC INTEREST + Community Access + Computing for the Disabled + Computerized Voting + Uses of Models and Simulations + Civil Liberties + Arbitration and Conflict Resolution + Computing and the Law + Computing in Education + Computing and Workplace + Software Safety Submissions will be read by members of the program committee, with the assistance of outside referees. The program committee includes Alan Borning (U. WA) Christiane Floyd (Technical University of Berlin), Jonathan Jacky (U. WA), Deborah Johnson (Renssalaer Polytechnic), Eric Roberts (DEC), Richard Rosenberg (SIGCAS, U of British Columbia), Ronni Rosenberg (MIT), Marc Rotenberg (CPSR), Douglas Schuler (Boeing Computer Services), Lucy Suchman (Xerox PARC), and Terry Winograd (Stanford). Complete papers should include an abstract and should not exceed 6000 words. Papers on ethics and values are especially desirable. Reports on work in progress or suggested directions for future work as well as appropriate surveys and applications, will also be considered. Submissions will be judged on clarity, insight, significance, and originality. Papers (4 copies) are due by March 1, 1990. Notices of acceptance or rejection will be mailed by April 15, 1990. Camera ready copy is due by June 1, 1990. Send papers to Douglas Schuler, Boeing Computer Services, MS 7L-64, P.O. 24346, Seattle, WA 98124-0346. For more information contact Doug Schuler (206-865-3226). Proceedings will be distributed at the symposium, and will be available during the 1990 AAAI conference. The DIAC-87 and DIAC-88 proceedings are published by Ablex Publishing Company. Publishing the DIAC-90 proceedings is planned. Sponsored by Computer Professionals for Social Responsibility P.O. Box 717, Palo Alto, CA 94301 DIAC-90 is partially supported by the National Science Foundation under Grant No. 8811437, through the Ethics and Values Studies Office. ------------------------------ End of RISKS-FORUM Digest 8.46 ************************ -------