FC: Was Windows NT responsible for crashing a U.S. Navy ship?

[Declan McCullagh <declan () well com>]

[A lot of folks wanted to weigh in on this 
(http://www.politechbot.com/p-01321.html). Sorry for the delay. --Declan]

**********

> Date: Thu, 10 Aug 2000 17:59:46 -0500
> To: declan () well com
> From: David McElroy <David () McElroy net>
> Subject: Re: FC: Microsoft representative replies to Windows/aircraft
>  carrier   story
>
> I hate to mention the obvious, but if a simple human error -- entering a 
> zero into a database -- can shut down an entire ship, the problem IS the 
> OS that's dumb enough not to be able to deal with that. The real "human 
> error" happened when somebody designed the software so that's possible. 
> And then the second human error happened when somebody at the Navy decided 
> to keep using an OS that has a track record of being that easy to "break."
>
> I'm sure MS's PR people will have SOME answer to that one, too. A fat lot 
> of good it will do us when we're in the middle of a war and ships can't 
> achieve their combat objectives because they're running on software that 
> can't handle human error.

***********

> Date: Thu, 10 Aug 2000 18:24:29 -0400
> From: Jamie McCarthy <jamie () mccarthy vg>
> Subject: Re: FC: Microsoft representative replies to Windows/aircraft 
> carrier  story
> To: declan () well com
> X-Mailer: Mailsmith 1.1.4 (Bluto)
>
> somebody @ microsoft.com writes:
>
> > Declan - GCN followed up the story cited below with this one
> > (http://www.gcn.com/archives/gcn/1998/november9/6.htm) in which
> > the same author wrote:
> >
> > "Human error, not Microsoft Windows NT, was the cause of a LAN
> > failure aboard the Aegis cruiser USS Yorktown that left the Smart
> > Ship dead in the water for nearly three hours last fall during
> > maneuvers near Cape Charles, Va., Navy officials said.
> >
> > The Yorktown last September suffered an engineering LAN casualty
> > when a petty officer calibrating a fuel valve entered a zero into
> > a shipboard database, officials said. The resulting database
> > overload caused the ship's LAN, including 27 dual 200-MHz Pentium
> > Pro miniature remote terminal units, to crash, they said.
>
> "Human error" is the cause of every computer problem, if you just
> trace the error back far enough.  "Human error" is the reasonable-
> sounding but meaningless catch-phrase that usually means a PR person
> is spinning.  When someone can take down a cruiser's engines by typing
> "0" in the wrong place, "human error" is an insufficient explanation
> of the problem.
>
> As for what exactly happened, we may never know exactly (presumably
> security concerns explain why).  The most informative article to
> date was published in Scientific American, and explains that "the
> computer system proceeded to divide another quantity by that zero.
> The operation caused a buffer overflow, in which data leak from a
> temporary storage space in memory, and the error eventually brought
> down the ship's propulsion system."
>
> http://www.sciam.com/1998/1198issue/1198techbus2.html
>
> It's difficult to parse exactly what that means ("buffer overflow"
> in the traditional sense is totally unrelated to memory leakage).
> But the "LAN crash" described elsewhere, the mention of memory
> leakage, and the "eventually," point circumstancially to the OS,
> namely Windows NT, being at least partly to blame.
> --
>         Jamie McCarthy
>         jamie () mccarthy vg    <-- note change
>  http://jamie.mccarthy.org/

********

> From: "Hiawatha Bray" <watha () monitortan com>
> To: <declan () well com>, <politech () politechbot com>
> Cc: <jsampson () microsoft com>, <cyber () IBPINC com>
> Subject: RE: Microsoft representative replies to Windows/aircraft 
> carrier  story
> Date: Thu, 10 Aug 2000 18:22:38 -0400
> X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
> Importance: Normal
>
> Like, so what?  The point is that in a well-ordered operating system, this
> should have caused the one app to crash, not the whole bloody system.  Get a
> clue, willya?
>
> Hiawatha Bray

************


> X-Mailer: QUALCOMM Windows Eudora Light Version 3.0.6 (32)
> Date: Thu, 10 Aug 2000 17:14:34 -0700
> To: declan () well com, politech () politechbot com
> From: David Honig <honig () sprynet com>
> Subject: Re: FC: Microsoft representative replies to Windows/aircraft
>   carrier  story
> Cc: jsampson () microsoft com, cyber () IBPINC com, watha () monitortan com
>
>
> 1. The PLCs do the fine timing in industrial controls.
>
> 2. NT is NOT suitable for real time work, too much
> latency and too much jitter.  See #1.
>
> 3. The Navy also chose IE as their standard browser a year
> or so ago, despite numerous security problems.  They are
> trying to do COTS for better or worse...
************

> Date: Thu, 10 Aug 2000 19:17:41 -0600
> To: declan () well com
> From: Tony Toews <ttoews () telusplanet net>
> Subject: Re: FC: Microsoft representative replies to Windows/aircraft
>   carrier  story
>
> >"Human error, not Microsoft Windows NT, was the cause of a LAN failure
> >aboard the Aegis cruiser USS Yorktown ...
>
> This still doesn't make sense to me.  This is more information than I've
> ever seen before on this problem but it's still not enough information to
> satisfy me..  I'm a hardcore programmer in Microsoft Access using NT as the
> operating system every day.   NT is remarkably stable.  Those few times
> that an app has locked up on me a simple Ctrl+Alt+Del to open the task
> manager and end the offending task or process has worked for me.
>
> This is also not human error.   Or rather the error doesn't exist with the
> Petty Officer.  Instead the error exists with the programmers but more
> likely management of the various software vendors.   I say management
> because possibly the project was underbid and enough quality resources, ie
> programmers and testers, weren't available.  Possibly Dilberts PHB (Pointy
> Haired Boss) was in charge.  The Remote Data Base Manager or whatever other
> software was in place should never have been allowed by Windows NT to
> "overload the database" including the remotes.  How can a person playing
> with data lock up the system?  None of my users, in Windows NT, has ever
> done so.
>
> Was some of the SCADA software running in some type of privileged mode
> which is not routinely used by most software?  What really caused a problem?
>
> Oh, and why wasn't entering 0 in a particular field tested by the software
> vendor?  A common problem with us programmers when we do testing is we put
> valid values in fields.  It seldom occurs to us to enter clearly nonsense
> data.  It's amazing just how quickly a novice user or my sister can break
> an app.  <smile>
>
> Tony
> -----
> Tony Toews, Microsoft Access MVP
> Microsoft Access Links, Hints, Tips & Accounting Systems at
>    http://www.granite.ab.ca/accsmstr.htm

************

From: "Roderick Sprattling" <roderick () bigfoot com>
> To: <declan () well com>
> Cc: <jsampson () microsoft com>, <cyber () IBPINC com>, <watha () monitortan com>
> Subject: RE: Microsoft representative replies to Windows/aircraft carrier 
> story
> Date: Thu, 10 Aug 2000 18:13:08 -0400
> X-Mailer: Microsoft Outlook IMO, Build 9.0.2416 (9.0.2910.0)
> Importance: Normal
>
> That's a bit like saying the car blew up because the driver opened the door
> at 60 mph. Even granted Remote Data Base Manager had a design flaw that
> caused it to perform an unreasonable action given out-of-range data, why
> would that then take out the OS on other nodes on the LAN? What exactly is
> meant by a "database overload?"
>
> Roderick Sprattling
************

Date: Thu, 10 Aug 2000 19:24:38 -0700
> To: declan () well com
> From: "A.Lizard" <alizard () ecis com>
> Subject: Re: FC: Microsoft representative replies to Windows/aircraft
>   carrier story
>
> At 17:22 2000-08-10 -0400, you wrote:
>
> > ***********
> >
> > From: "John Sampson (LCA)" <jsampson () microsoft com>
> > To: "'declan () well com'" <declan () well com>
> > Subject: RE: MS Windows will control new U.S. Navy aircraft carrier (no 
> > joke!)
> > Date: Thu, 10 Aug 2000 13:21:54 -0700
> >
> > Declan - GCN followed up the story cited below with this one
> > (http://www.gcn.com/archives/gcn/1998/november9/6.htm) in which the same
> > author wrote:
> > "Human error, not Microsoft Windows NT, was the cause of a LAN failure
> > aboard the Aegis cruiser USS Yorktown that left the Smart Ship dead in the
> > water for nearly three hours last fall during maneuvers near Cape Charles,
> > Va., Navy officials said.
> > The Yorktown last September suffered an engineering LAN casualty when a
> > petty officer calibrating a fuel valve entered a zero into a shipboard
> > database, officials said. The resulting database overload caused the ship's
> > LAN, including 27 dual 200-MHz Pentium Pro miniature remote terminal units,
> > to crash, they said.
>
> If a system is *that* vulnerable to accidental bad data entries, the human 
> error was made by whoever selected it for mission-critical use. Note that 
> the frequency of bad entries can be reasonably expected during the stress 
> of combat or other shipboard emergency situation to *increase*. If this 
> statement is intended to be reassuring, your effect has been the opposite.
>
> I wonder how many people are going to submit my original post *and* the 
> attempt by MS to control the spin to comp.risks.
>
> > The petty officer, who has since left the Navy, fed the bad data into the
>
> I hope he was rewarded for his scapegoat role.
>
> A.Lizard


************

X-Mailer: QUALCOMM Windows Eudora Pro Version 4.2.2
> Date: Thu, 10 Aug 2000 21:18:07 -0700
> To: declan () well com
> From: Alan Olsen <alan () clueserver org>
> Subject: Re: FC: Microsoft representative replies to Windows/aircraft
>   carrier story
> Cc: politech () politechbot com, jsampson () microsoft com, cyber () IBPINC com,
>         watha () monitortan com
>
> At 05:22 PM 8/10/00 -0400, Declan McCullagh wrote:
>
> > ***********
> >
> > From: "John Sampson (LCA)" <jsampson () microsoft com>
> > To: "'declan () well com'" <declan () well com>
> > Subject: RE: MS Windows will control new U.S. Navy aircraft carrier (no 
> > joke!)
> > Date: Thu, 10 Aug 2000 13:21:54 -0700
> >
> > Declan - GCN followed up the story cited below with this one
> > (http://www.gcn.com/archives/gcn/1998/november9/6.htm) in which the same
> > author wrote:
> > "Human error, not Microsoft Windows NT, was the cause of a LAN failure
> > aboard the Aegis cruiser USS Yorktown that left the Smart Ship dead in the
> > water for nearly three hours last fall during maneuvers near Cape Charles,
> > Va., Navy officials said.
> > The Yorktown last September suffered an engineering LAN casualty when a
> > petty officer calibrating a fuel valve entered a zero into a shipboard
> > database, officials said. The resulting database overload caused the ship's
> > LAN, including 27 dual 200-MHz Pentium Pro miniature remote terminal units,
> > to crash, they said.
>
> So they did not trap for bad data?  And it crashed their whole LAN!
>
> Can you say "Denial of Service Attack" boys and girls?  I knew you could!
>
> That has got to be one of the LAMEST excuses for a system crash  have ever 
> heard in my 23 years of being a programmer!
>
> I bet every anarchist and Unix programmer in the world is laughing their 
> asses off right about now.
>
> ---
> |             Terrorists - The Boogiemen for a new Millennium.           |
> |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer:         |
> | mankind free in one-key-steganography-privacy!"  | Ignore the man      |
> |                                                  | behind the keyboard.|
> |         http://www.ctrl-alt-del.com/~alan/       |alan () ctrl-alt-del com|

************