The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 9 Issue 52

Friday 8 December 1989

Contents

o Unsafe French software?
A. N. Walker
o Congress repeals catastrophic insurance, SSA still collects premiums
Rich Rosenbaum
o Another runaway military computing project: WWMCCS
Jon Jacky
o Courts say violation of professional code is malpractice
Jon Jacky
o Risks of computerized typesetting
Chuq Von Rospach from SF-LOVERS
via Alayne McGregor
o 486 chip faults: PC shipments halted, customers warned
Jon Jacky
o Selling Government-Held Information
Peter Jones
o Cellular phone service in Hungary
Adam J. Kucznetsov
o Info on RISKS (comp.risks)

Unsafe French software

"Dr A. N. Walker" <anw@piaggio.maths.nott.ac.uk>
Tue, 5 Dec 89 18:08:51 GMT
According to "The Sunday Correspondent" [a new `quality' weekly] of December
3rd, "Nuclear experts fear that reactors along the northern coast of France
have fundamental design faults that could lead to a disaster which could
devastate large areas of Britain. ...  British experts are also concerned about
the increasing reliance being placed by French nuclear engineers on computers
whose tasks are so complex they can never be checked for safety. ..." (page 1).

The inside story, page 3, concentrates on engineering problems with the French
PWR reactors, but there appear to be also some computer RISKS:

               "Key computer safety scheme error prone

  French nuclear engineers are programming their computers using a language
  which is notorious for allowing dangerous errors to slip in, say British
  experts.

  ... Although computer equipment is now highly reliable, the incredible
  complexity of the software they [sic] run makes it very difficult to
  guarantee their behaviour ...

  Professor John Cullyer, of Warwick University, ... says ...  [the complexity]
  is ``beyond present capabilities''.

  The French nuclear industry's wide use of a computer language called C is
  also criticised by [unnamed -- ANW] British software experts.  They claim
  that it is too easy to write dangerous programs with C, yet difficult to spot
  the mistakes ....

  [A French spokesman said ...] ``Yesterday we had a demonstration
  for visitors and everything worked fine''.

On the whole, I suppose I'm impressed that they use C rather than Fortran,
Cobol, Assembler or BNF.  Andy Walker, Maths Dept., Nott'm Univ., UK.


Congress repeals catastrophic insurance, SSA still collects premiums

Rich Rosenbaum 226-5922 <rosenbaum@nssg.enet.dec.com>
Tue, 5 Dec 89 16:38:16 -0800
A story on "All Things Considered" (National Public Radio) this evening
reported that although Congress has recently repealed the catastrophic illness
law, the Social Security Administration (SSA) will be unable to stop collecting
insurance premiums until June 3, 1990.

It seems that the SSA "warned" Congress that unless legislative action was
taken by October 24, they would be unable to enact the changes quickly.

The problem?

     "Apparently there are 150 different software programs that have
     to be changed and the computers just are not geared up to do that."

Once again, the computer is at fault.  Interestingly, it is possible for
the SSA to raise the premium in January to $5.30.

By the way, people will eventually get their money back, without interest.

Rich Rosenbaum


Another runaway military computing project: WWMCCS

Jon Jacky <JON@GAFFER.RAD.WASHINGTON.EDU>
Thu, 7 Dec 1989 22:02:31 PST
This digest has carried occasional articles about problems with
the WorldWide Military Command and Control System (WWMCCS).  A history of the
project since the early 1970's appears in the article, "The Pentagon's
Botched Mission," by Willie Schatz, DATAMATION, Sept. 1 1989, pps. 22-26.
>From the lead paragraph:

"Seven years after the (WWMCCS modernization) project started, the military
has spent $395.4 million, the users are outraged, the system is unfinished,
responsibility for the project has been transferred, its name has been changed
twice, and no one is entirely sure what will happen now."

- Jonathan Jacky, University of Washington


Courts say violation of professional code is malpractice

Jon Jacky <JON@GAFFER.RAD.WASHINGTON.EDU>
Thu, 7 Dec 1989 21:54:52 PST
Here are excerpts from the article, Malpractice in IS? by J.J. Bloombecker
in DATAMATION, October 15 1989, pp. 85 - 86:

A ruling by a US Court in Missouri ... recognized computer malpractice as
the basis for holding third-party IS practitioners liable for acquiring
an unworkable computer system for a client ...

In DIVERSIFIED GRAPHICS V. GROVES, the jury held consultants from Ernst &
Whinney (Now Ernst & Young, having merged with Arthur Young and Co.) liable
for shirking the Management Advisory Services Practice Standards of the
American Institute of Certified Public Accountants (AICPA) in their procurement
of a turnkey system for Diversified Graphics.  In February, the US Court of
Appeals of the Eighth Circuit agreed, and it let the jury verdict stand.

"DIVERSIFIED is a significant precedent for [establishing] the proposition
that liability can by incurred by any professional performing the types of
services that E&W offered to perform," says Peter Sadowsky, a partner in The
Stolar Partnership in St. Louis, which represented Diverisified Graphics.  "It
is equally likely to apply to people doing systems design or programming,
not just systems acquisition." ...

"Prior to DIVERSIFIED GRAPHICS, most courts refused to extend professional
liability standards to computer specialists.  Now we've got a federal court
of appeals doing just that,"  said J.T. Westermieir, a partner in the Washington
DC office of Fenwick, Davis and West, and a specialist in computer law.

Futhermore, says Westermeier, an IS manager who lists membership in an
association such as DPMA or ACM on a resume implies that he or she has accepted
the associations professional standards.  Having done that, a computer
professional should expect his or her work to be judged by those standards.

Other lawyers who have analyzed the case, however, say it is unclear whether
professional standards for IS managers could be used as a similar basis as
the AICPA standards were in DIVERSIFIED.

John Hennelly, a partner at Bryan, Cave, McPheeters and McRoberts in St. Louis,
which represented Ernst & Whinney, says the case doesn't necessarily lead
to broader conclusions about the liability of nonaccountants ...

Eric Savage, with the Hackensack, N.J.-based law firm of Michael Goodman,
believes it was easy for the court in DIVERSIFIED to find E&W guilty of
malpractice because of the accounting organization's highly visible
professional standards.  Thus, he says, it would be difficult to apply the
decision to a case that is adjudicating the liability of a computer
professional not employed by an accounting firm. ...

(There are two sidebars to the story.  One, labelled A CASE IN POINT, describes
the client's needs, and how the system recommended by the accounting firm
failed to meet the client's needs.  This sidebar quotes the court's finding
that the accounting firm did not have sufficient expertise to recommend a
computer system for this client.  Another sidebar, HOW SOME OF THE STANDARDS
COMPARE, quotes the relevant portions of the AICPA Standards, which essentially
say that members shall only accept jobs which they are qualified to perform,
and shall conscientiously perform the jobs which they have accepted to the
benefit of their client.  This is placed alongside sections from the
Association for Computing Machinery (ACM) Disciplinary Rules which essentially
say the same thing.)

- Jonathan Jacky, University of Washington


risks of computerized typesetting

Alayne McGregor <alayne@gandalf.UUCP>
Thu, 7 Dec 89 10:58:22 EST
Date: Mon, 23 Oct 89 09:01:54 EDT
From: Saul Jaffe (The Moderator) <sf-lovers-request@rutgers.edu>
Sender: sfl@elbereth.rutgers.edu
To: SFLOVERS-RECIPIENTS
Subject: SF-LOVERS Digest   V14 #339
Reply-To: SF-LOVERS@rutgers.edu

SF-LOVERS Digest            Monday, 23 Oct 1989       Volume 14 : Issue 339

[...]

Date: 20 Oct 89 23:25:08 GMT
From: chuq@apple.com (Chuq Von Rospach)
Subject: Angel Station Typos

[[The following press release was distributed by Tor books about the typos
in Walter Jon William's new book, Angel Station. If you are one of those
who bought it and want a corrected copy, replacement instructions are
included.

How many publishers do *you* know that replace faulty books? Kudos to
Tor...]]

For immediate release: 11 October 1989

THE STRANGE LUCK OF WALTER JON WILLIAMS

Not too long ago, Tor SF author Walter Jon Williams got a very pleasant
surprise: His science fiction novel HARDWIRED (Tor, 1986) was prominently
featured in a national advertising campaign for Nissan Motors' new
"Infiniti" automobile.

Apparently the Powers that Be decided that some law of good fortune had
been violated.  When Williams returned from the World Science Fiction
Convention in Boston to linger over the pages of his newest Tor hardcover
ANGEL STATION, he got a most un-pleasant shock: Not only was there a rash
of very strange typographical errors on page 9 of the book, but fully
seventeen lines of type were completely missing from page 354.

When Williams called Tor's editorial staff in New York to report the
errors, they immediately checked the press run of the book.  Sure enough,
the defects were present in every copy -- despite the fact that all
previous proof sheets, and the book's bound uncorrected galleys, were free
of the errors.

This isn't "business as usual" for Tor. Although an occasional typo slips
by the proofreading process, and minor errors creep into final copies,
nothing of this sort has ever happened to a Tor book before.

How did it happen? Well, no one knows exactly -- but the evidence points to
some sort of software error in the generation of the final "repro proof"
long after the stages at which books are normally checked and proofread in
house. For example, the typos on page 9 all involve characters that are
exactly five letters off in sequence from the correct characters.

Tor is offering to replace all defective copies of the ANGEL STATION
hardcover with corrected copies from a new printing. To receive a correct
copy, simply remove pages 1 through 6 (three leaves) and send them, along
with your name and address, to Customer Service, St.  Martin's Press, 175
Fifth Avenue, New York NY 10010, Attn: ANGEL STATION Replacement. This
offer is open to individuals and dealers alike, though copies of the
removed pages must be received for each copy the owner wants replaced.

Alternately, collectors who wish to keep their "true first" edition, typos
and all, may write to Tor's own editorial offices at 49 West 24th St, New
York NY 10010 for an errata sheet correcting the errors, which includes the
missing text.

Meanwhile, Tor's editors are leaving nothing to chance where Williams's
work is concerned. They've set up a special Walter Jon Williams Task Force
to make sure the author's next work, a short-story collection called FACETS
scheduled for publication as a hardcover in January 1990, escapes the
strange luck of Walter Jon Williams.

For further information, contact Patrick Nielsen Hayden, Administrative
Editor, (212) 741-3100.

Chuq Von Rospach
chuq@apple.com


486 chip faults: PC shipments halted, customers warned

Jon Jacky <JON@GAFFER.RAD.WASHINGTON.EDU>
Wed, 6 Dec 1989 22:21:59 PST
Additional news about problems with the 486 chip, noted by Peter Neumann
in RISKS 9.36, appear in a trade newspaper article, "Bug Hampers
486 Shipments" by Elliot M. Kass in COMPUTER DESIGN (News Edition) 28(2), Nov.
13 1989, p. 1:

Santa Clara, CA --- A Halloween fright spooked systems vendors late last month
when a flaw was discovered in the floating point unit of Intel's 80486 micro-
processor.  The bug, unearthed by Compaq Computer (Houston, TX) during routine
testing, could delay initial shipments of some 486-based systems up to two
months.

Intel played down the seriousness of the design defect, saying it still plans
to ship tens of thousands of the IC's this quarter.  The firm reported that it
had already fabricated a corrected version of the 32-bit microprocessor and
that the first production quantities should be available by the end of the
month.  In the meantime, Intel has halted production of the flawed unit.

Intel declined to say how many of the defective chips have been shipped.
Spokespersons insisted that the financial impact on the company would be
mininal.  The 486 was introduced this past April, and volume shipments began
only recently.  The manufacturers will accept returns from customers already
in possession of the faulty IC's.

NOT THE FIRST BUG

Rumors about the bug had persisted for several weeks, according to industry
observers.  Confined to one small section of the IC unit, the flaws are neither
serious nor unusual considering the complexity of the 1.2 million transistor
device, most analysts agreed.

Most sources agreed that Intel's time frame for correcting the problem was
realistic.  On average, the redesign will mean one- to two-month ramp-up
delays for 486-based systems, predicted Michael Slater, editor and publisher
of MICROPROCESSOR REPORT (Palo Alto, CA).

Ironically, this is the second time that Compaq has detected a flaw in an Intel
microprocessor.  Four years ago the systems maker discovered a bug in the 486's
predecessor, the 80386.  That problem, which involved the production process,
went undiscovered for 16 months after the unit had gone into full production,
and was very costly for Intel.  This time around, Slater pointed out, the bug
is confined to a small aspect of the chip's design, and was picked up a few
weeks into production.

Compaq, which came across the problem during beta tests of its newly announced
Deskpro 486/25 personal computer, admitted that it in its present state, the
486-based PC's weren't ready for market.  The new processors will heavily
target CAD and other technical applications dependent on the 486's floating
point math processor.  The microprocessor unit's design flaw reportedly
involves the simultaneous execution of tangent and sine or cosine functions,
as well as certain error detection features.  General purpose business programs
that don't make use of the FPU could still run unhindered.

As of press time, Compaq was still uncertain how the shipping schedule for its
new machine would be affected, but said it was confident they would be in
production quantities by the first quarter of next year.

VENDORS MODERATELY AFFECTED

THe effect of the chip defect on other vendors varied.  IBM (Armonk, NY) the
only vendor that's already begun shipping a 486-based product, suspended
shipments of its 486/285 Power Platform.  Company spokespersons said they
would instruct customers already in possession of the board to limit its use to
test environments, or to applications that don't involve the affected portions
of the chip.

IBM said it expects to resume shipments of its processor board early next
month.  The company is continuing production of the Power Platform with the
original chips and will replace them once the debugged units are available.
The substitution procedure is relatively simple, the vendor noted, and will
prevent further slipping of its shipment schedule.  Customers in possession
of the boards will receive an upgrade.

- Jonathan Jacky, University of Washington


Selling Government-Held Information

Peter Jones <MAINT@UQAM.bitnet>
Wed, 6 Dec 89 08:20:17 EST
On CBC's Daybreak program this morning, there was an interview about the
possibility of selling information help by government institutions to private
companies. For example, names and addresses of municipal bonholders or property
owners could be used for direct mailing.

Currently, there is a dispute concerning the information held by the Inspector
of Companies on company names, and names and addresses of directors. This
information, although publicly available, is regarded by the Inspector as
confidential. For example, it would be possible to guess a person's political
affiliations from the presence of his name on the board of directors of a
political organization.

There are two issues here, being disputed by the private companies on one side,
and the government and the Quebec Civil Liberties Association on the other:

   1) Prevention of access to confidential data. (A straightforward computer
      problem).

   2) Making data available in a form that allows massive searching and matching.

This raises the privacy issues currently being disputed.

Peter Jones     MAINT@UQAM     (514)-987-3542


Cellular phone service in Hungary

Adam J. Kucznetsov <adam@cunixf.cc.columbia.edu>
Tue, 5 Dec 89 17:19:48 EST
  From New York Times (5 Dec. 1989) business section (excerpts):

                US West in Budapest phone deal

  US West Inc., one of the nation's seven regional Bell telephone
  companies, said yesterday that it had signed an agreement with Hungary
  to build a mobile cellular telephone system in Budapest.

  The Hungarian cellular system will be the first such telephone network to be
  constructed in Eastern Europe. Because of the shortage of telephones in the
  nation, Hungarians are expected to use cellular telephones for basic home
  service, as well as mobile communications.

  For Hungary and the other Eastern European countries, which have antiquated
  telephone systems, it will be faster and cheaper for the Government to
  deliver telephone service by cellular networks than it would be to rebuild
  the nation's entire telephone infrastructure.
                                                        [one paragraph omitted]

  The system, which is scheduled to go into operation in the first quarter of
  1991, will initially provide cellular communications to Budapest's 2.1
  million residents.  Eventually, the system will serve all of Hungary, which
  has 10.8 million citizens.
                                                      [rest of article omitted]

The article explains that "[the system is] viewed as an alternative until the
country can develop its infrastructure" and goes on to state that "Hungary
currently has 6.8 telephone lines for every 100 people" compared to 48.1 in the
United states.

Hungary's interest in supplanting an antiquated and inadequate phone system is
understandable.  The privacy issues, however, raised by a proposal to make
(presumably unencrypted) cellular telephone service one of the primary
communication channels of the country -- even in transition to a more capable
conventional system -- should be obvious to RISKS readers.

Adam J. Kucznetsov, Department of Linguistics, Columbia University
                                                           {ajuus@cuvmb.BITNET}

Please report problems with the web pages to the maintainer

Top