RISKS-LIST: RISKS-FORUM Digest Wednesday 25 November 1987 Volume 5 : Issue 65 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator Contents: Mariner I and computer folklore (Jon Jacky, Jim Horning) Computer-controlled train runs red light (Jon Jacky) Addressable CATV information (Ted Kekatos) A new legal first in Britain... (Gligor Tashkovich) The rm * controversy in unix.wizards (Charles Shub) The RISKS Forum is moderated. Contributions should be relevant, sound, in good taste, objective, coherent, concise, nonrepetitious. Diversity is welcome. Contributions to RISKS@CSL.SRI.COM, Requests to RISKS-Request@CSL.SRI.COM. For Vol i issue j, FTP SRI.COM, CD STRIPE:, GET RISKS-i.j. Volume summaries for each i in max j: (i,j) = (1,46),(2,57),(3,92),(4,97). ---------------------------------------------------------------------- From: jon@june.cs.washington.edu (Jon Jacky) To: risks@csl.sri.com Cc: msb@sq.com, Nicholas.Spies@CMU-CS-H.ARPA Subject: Mariner I and computer folklore Date: Tue, 24 Nov 87 22:13:08 PST Mark Brader asks what really happened to Mariner 1, the Venus probe that had to be blown up when it flew off course shortly after launch. Some versions of the story blame a missing hyphen, others blame a period substituted for a comma. I looked into this about a year ago. I lost the trails of both versions without finding a common ancestor. Here is what I found out. I hope some reader can help. The anecdote is told so often that someone really ought to settle this once and for all. New York Times, July 23, 1962, p. 1 col. 2: Atlas carrying Mariner I goes off course, destroyed by range safety officers New York Times, July 28, 1962, p. 1 col. 4: NASA, USAF, JPL announce Mariner I lost because flight control computer generated incorrect steering commands. Problem described as a "missing hyphen." New York Times, Aug 2, 1962, p. 24 col 5: Letter to the editor about Mariner I, calls for better computer programming practices. Mariner I loss attributed to substitution of period for comma in FORTRAN program: Henry S. Tropp, "FORTRAN Anecdotes," ANNALS OF THE HISTORY OF COMPUTING, Vol 6, No. 1, Jan 1984 pps. 61,62. Tropp merely cites Jim Horning in ACM SOFTWARE ENGINEERING NOTES, 4(4) Oct. 1979 p. 6, who cites in turn G.J. Myers, SOFTWARE RELIABILITY: PRINCIPLES AND PRACTICES, New York, John Wiley, 1976, p. 275. It looks like the missing hyphen version is much older. I haven't been able to trace the period-for-comma version to a printed source before Myers. Still, I am not ready to accept the hyphen version as authoritative. I don't have a copy of the NY TIMES story - I had to make notes from a microfilm reader - but I recall that it seemed a bit confused, as if the reporter did not quite follow the explanation he was given. Also, I seem to recall hearing the period-for-comma version long before Myers, when I was in college around 1970. Can anyone else offer an older citation? A few leads I never followed up: obviously, Myers himself could to be contacted to learn where he got the story. I called IBM, credited in Myers' book as his place of employment. IBM said Myers had left some years ago and they had no forwarding address. Also, RISKS Volume 1 number 2, 28-Aug-1985, included a posting from Nicholas Spies (Nicholas.Spies@CMU-CS-H.ARPA), in which he mentioned a memo about the incident which his father had seen at the time. No details were given in that posting. Nicholas, are you still there? Can you help? I think this matter would make an interesting case study for a folklorist. It certainly has a lot of the aspects of the kind of urban folklore retold in the book THE CHOKING DOBERMAN or an FOAF story ("this happened to a friend of a friend"). In this case however, the tales are based on a real event in the fairly recent past, so it should still be possible to find out what actually happened. It is interesting to note how a single incident gave rise to at least two incompatible versions. They now have an independent life - the RISKS index in ACM SOFTWARE ENGINEERING NOTES, 12(1) Jan 1987 p. 23 cites both versions as if they were two separate events. The versions continue to fracture into increasingly garbled variants. The announcement for COMPASS '88 in RISKS-5.62 said "a rocket to Mars had to be destroyed...". The index in SEN also mentions "Mariner 18 - aborted due to missing NOT in program". It is not clear where this comes from; possibly another Mariner 1 mutation, or maybe it is supposed to be Mariner 8, which my ILLUSTRATED ENCYCLOPEDIA OF SPACE TECHNOLOGY (by Kenneth Gatland, Harmony, 1984) says "was lost during launch." Whatever, there was no Mariner 18 - the last in the Mariner series was 10, a 1973 Venus flyby. - Jonathan Jacky [Jon, MANY THANKS. PGN] ------------------------------ Date: Wed, 25 Nov 87 13:14:04 pst From: horning@src.DEC.COM (Jim Horning) To: RISKS@csl.sri.com Subject: Mariner/Annals [A little duplication and a little more clarification] The reference to ANNALS OF THE HISTORY OF COMPUTING, vol. 6, no. 1, should be to page 61, not 6. However, it sheds little additional light: It quotes my note in SEN October 1979, and my reference [3], G. J. Meyers, SOFTWARE RELIABILITY: PRINCIPLES AND PRACTICES, John Wiley, 1976, p. 275. Meyers doesn't cite his source, and I have never been able to get independent confirmation. Jim H. ------------------------------ From: jon@june.cs.washington.edu (Jon Jacky) To: risks@csl.sri.com Subject: Computer-controlled train runs red light Date: Tue, 24 Nov 87 22:16:54 PST From IEEE INSTITUTE, Dec. 1987, p. 8: CHIPS TOO UNRELIABLE FOR TRAINS, SAY ENGINEERS by Gadi Kaplan "..This was one of the main conclusions at the Symposium on Microprocessors in Rail Transit, held in Pittsburgh on Sept. 14-16 by the Rail Systems Center of Carnegie-Mellon University's Mellon Institute. ... Technical experts agree that microprocessor-based systems are more flexible in operation and much better at monitoring and fault diagnosis than the relay-based systems they typically replace. ... Symposium participants expressed concern, however, about the probablity of failure of the microprocessor in an unsafe way as a result of inadequate verification of its software. A case in point was the failure, in February 1986, of a four-car train operated by the Washington Metropolitan Area Transit Authority (WMATA) to stop at a red signal. ... "The failure could not be replicated with the same cars at the same location under any condition with .. prolonged field and laboratory testing," (a WMATA official) reported... However, a more postive view was expressed by panelists from ... suppliers of microprocessor-based systems for rail transport. These panelists said they were confident their software, which required years to develop, at extensive costs, was verifiable and reliable." (End of excerpts from IEEE INSTITUTE) - Jonathan Jacky ------------------------------ Date: Wed, 25 Nov 87 07:39:33 PST From: ihnp4!ihuxv!tedk@ucbvax.Berkeley.EDU To: csl.sri!risks@ucbvax.Berkeley.EDU Subject: Addressable CATV systems In my town, Oak Park, we have CATV provided by Cablevision of Oak Park. The CATV control boxes have a serial number which is recorded (and phoned in to the computer center) by the installer. The digital signal broadcasted from the computer center (within the cable company) provides the boxes with the date and time. Niffy feature, localized time base for all devices. I have a button on my box for "display time" which is displayed at the top of my screen. But most importantly the digital signal transmits an individually addressed (packet?) for each customer that provides a "matrix" of what each channel on the box vectors to from the cable. I have noticed that the order of the channels on the cable (itself) are different than what you see when you get with the CATV box. The "Un-Authorized" channels, such as Playboy and HBO, are _replaced_ with local cable guide (rather than the scambled signal and sound). The CATV box stores the matrix even if un-plugged from power. When the installer plugged in the box for the first time, all the channels where un-authorized. When I call the cable company for a "pay-per-view", they update the matrix in my box to allow me to watch the program. The Matrix software in the box might even have "HOW LONG" information in it. Now, How do I get the localized time base to keep my Microware oven clock on time ????? :-) Ted G. Kekatos, AT&T Bell Laboratories, Indian Hill South, IX-1F-460 Naperville & Wheaton Roads - Naperville, Illinois. 60566 USA backbone!ihnp4!ihuxv!tedk ------------------------------ From: gligor%lerouf.DEC@decwrl.dec.com (Gligor Tashkovich) Date: 25 Nov 87 20:15 To: risks@csl.sri.com Subject: A new legal first in Britain... I heard somewhere that Britain is experiencing a new legal first: Apparently, a computer consultant is on trial there and is charged with criminal damage by planting "logic bombs" in his clients' software. Does anyone else have more information? ------------------------------ Date: Wed, 25 Nov 87 09:54:27 MST From: Charles Shub To: RISKS@KL.SRI.COM Subject: the rm * controversy in unix.wizards Organization: University of Colorado at Colorado Springs Yesterday, I got bit by rm [REMOVE]. I was remotely logged in to a system over a network and had created a bunch of temp files. to delete them, I naturally typed in "rm t*" only the %$*#&^#@ network managed to drop the "t" and you all know what happened then. It wasn't too bad because with the archiving we do it was only 2 hours to get them back. Of course yesterday's changes got lost and had to be redone. The point is that there are two things a command interface could do: 1) protect us from our own stupidity (I'm not convinced it should), 2) protect us from "extended system" errors like dropping a character, but I'm not sure how you separate the two. cdash aka cdash@boulder.colorado.edu aka ...hao!boulder!cdash aka ...nbires!boulder!cdash aka (303) 593-3492 ------------------------------ End of RISKS-FORUM Digest ************************