Slashdot Mirror
Nuclear Materials System Not Buggy, Says Microsoft
Darkmeat writes: "Saw this on ZDNet. Looks like SQL Server was causing some problems in nuclear databases in Russia." Another similar story at Yahoo. This is a followup to this story detailing the problems.
Of course, if the database were mySQL or PostGres , the story would have never made it on /. .
-k
Read the original e-mail piece. It's long, but it's well worth the read.
There a numerous issues in this article that are significantly "re-formulated" our left out - and that actually matters a lot in this case.
This article gives the impression (in my oppinion) that it is disputable wether the flaws were serious at all, and it seeks to give the impression that microsoft offered help which the russians refused.
If you read the longer original transcript, you will see that there were several other significant flaws found in 7.0 which made it unusable, and that the fix microsoft offered was "upgrade to 7.0".
The original transcripts ends with the russians expressing their deepest concern and surprise over microsoft actually suggesting them to fiddle with numeric formats etc. in order to work around real bugs that show up in SQL server.
That's why medicine took the 'nuclear' out of Nuclear Magnetic Resonant Imaging - patients would freak out at the mere mention of 'nuclear' so they changed it to just MRI. It still involved the nuclei of atoms.
try { do() || do_not(); } catch (JediException err) { yoda(err); }
I'm all for M$ bashing - when they deserved to be bashed (and there are plenty of areas where they deserve this). But in this case, the article is nothing more than anti-M$ propoganda.
No. The article is either pro-Microsoft spin couched as innefectual criticism or profoundly incompetently written. If you check the referenced source material you'll find that, in fact, there were severe bugs related solely to Microsoft's SQL Server which have not only compromised the Russian nuclear tracking system, but even more severely compromised the American nuclear tracking system. What is worse, the Russians were wise enough to keep their manual system intact as a check, despite ridecule from their American colleagues. The United States, on the other hand, has had no manual system or check of any kind in place. Verifying the American stockpiles will cost on the order of a Billion US Dollars and will not detect any material which has already been diverted.
Los Alamos has verified the bugs, both in the version of SQL server the Russians were using and in the version Microsoft recommended they upgrade to.
Microsoft spin and apologist propoganda aside, this fiasco is real, has truly shocking and horrifying security implications for the entire planet, and is absolutely inexcusable. Of course, inexcusable lapses on the part of Microsoft and the quality of their proprietary products is hardly new or surprising, but it remains news so long as their shoddy products continue to dominate the market through marketing misrepresentation and public ignorance of the facts.
The Future of Human Evolution: Autonomy
A complete synopsis of the email exchange released by the Center for Defense Information reveals that the flaws in Microsoft's SQL server were serious, and seriously affected both the American and Russian systems for tracking nuclear materials.
Nuclear material may or may not have been misplaced or diverted. What is certain, however, is that currently neither country has complete track of its materials as a direct result of the aforementioned software bugs in Microsoft's SQL server, and the cost of reinventorying the materials will cost on the order of one billion US dollars for the United States alone. Furthermore, if materials have been diverted from within the US inventory, the diversion will not be identified by the reinventorying methods available. This situation is unambiguously a result of the problems both teams have had with Microsoft's SQL server, coupled with the fact that the bugs weren't identified until the project was well underway.
You may deny, deny, deny as much as you like, but the public record is clear and unambiguous, and, once again, the fault lies squarely on Microsoft's incompetent shoulders.
The Future of Human Evolution: Autonomy
No it's.... while( upgrade.exists() == true )
{
upgrade.sell
}
See it's much easier this way.
From the article:
Murchie said the bug was a minor problem in Microsoft's instructions for using the software and has been resolved. "It was not a product flaw."
From Neal Stephenson's essay, "In the Beginning was the Command Line":
Commercial OSes have to adopt the same official stance towards errors as Communist countries had towards poverty. For doctrinal reasons it was not possible to admit that poverty was a serious problem in Communist countries, because the whole point of Communism was to eradicate poverty. Likewise, commercial OS companies like Apple and Microsoft can't go around admitting that their software has bugs and that it crashes all the time, any more than Disney can issue press releases stating that Mickey Mouse is an actor in a suit.
Hmm. Perhaps our Russian friends are excercising a bit of well earned scepticism.
Post may contain irony: discontinue use if experiencing mood swings, nausea or elevated blood pressure.
Sorry, you're wrong.
I was in a bank the other day asking about opening an account.
The terminal that was being used to look everything up; open new accounts; etc. was a WINDOWS 95 machine accessing the database via a WEB BROWSER interface with JAVA.
It also had an IP address taped to the monitor and they had limited INTERNET access (so they can show their lovely Internet Banking).
--
Charles E. Hill
Learning HOW to think is more important than learning WHAT to think.
Drops one transaction in a thousand? What if instead this was installed at a major bank -- like a Federal Reserve or a National Bank?
A year or so of "dropping" 1 in 1,000 transactions could be quite a sum.
Hmmm...if any banks out there are looking for SysAdmins to implement an MS SQL Server solution -- I'm available!
--
Charles E. Hill
Learning HOW to think is more important than learning WHAT to think.
Hey- I just need to speak up, I have no idea about the missing data thing, but as far as "a new security flaw that could give unauthorized people easy access"... that's bunk!
The system password by default on install is blank, Oracle has a default password too, I think it is "CHANGE_ON_INSTALL". So if you happen to install SQL Server and not have the brains to change the default password, then you deserve everything you are about to get. Now I hate M$ just as much as the next guy, but it's a shame that these dorks have to go blaming their incompetence on other people.
Troy
And change jobs, if your current one don't let you use the OS of your choice. Despite the dot-bomb crash, the labor market for software engineers is still splendid.
Say no to software patents.
"Blue Screen of Death"
No wonder there are fireballs hitting the U.S. East coast.
I'm the big fish in the big pond bitch.
I love how the knee-jerk reactions to these things take an incredibly closed-minded and negative tone when the word "Microsoft" is present. If this had been an open source database, I doubt anyone on Slashdot would be so quick to jump to conclusions.
That's a good way to share technology and sabotage your enemy at the same time.
Make them use Microsoft.
disclaimer: no offense intented
It is a feature.
+++ UGUCAUCGUAUUUCU
I thought free software threatened national security and the american way of life.
I would search my quote database for the name of the person who said "Don't throw stones in glass houses," but given that it's the 1000th transaction of the day, I'm experiencing technical difficulties...
Let's get drunk and delete production data!
In the quest to post as many articles bashing M$, the quality of the posted articles is approaching the level of the World Weekly News.
The Headline "Nuclear Materials System Not Buggy" is misleading. When you read the article, the main two arguments for saying that M$ has buggy code are:
1). Users of SQL Server are able to code software that can screw up the database.
2). When you don't put a password on admin accounts, it causes a security vulnerability.
These two assertions are true for EVERY database server, not just M$. Anyone who has write/commit privileges to database tables has the ability to screw up the database - this is not a SQL Server issue. And if you don't put passwords on your accounts, it is your own damn fault for introducing a security vulnerability.
I'm all for M$ bashing - when they deserved to be bashed (and there are plenty of areas where they deserve this). But in this case, the article is nothing more than anti-M$ propoganda.
"Microsoft has made computing accessible to a population who would otherwise not be able to use computers" - B. Kernigha
I ran a SQL Server 6.5 database that handled 7GB of data a month and processed around 21 billion transactions on that data, then countless more on the "rolled up" summaries. We had a general ledger to reconcile with and I think we would have noticed missing records if they occured every 1000 transactions. SQL 6.5 was a pain in the ass and 7.0 is a lot better. It still has some problems, but I think these reported "bugs" are more bad programmers than bad server software.
--- Don't be a player hater: I meta-mod ALL negative mods as Unfair.
I've used SQL Server for years... not because I want to, but because the company I work for prefers it. I've never seen such a problem of dropping every 1000 transactions. But there is one particular thing about this story that bugs me (no punn intended)... if the bug isn't in Microsoft's software, as they contend, then why did they tell the Russians to upgrade to a newer version to solve the problem???
---
Developers: We can use your help.
Further, Microsoft didn't offer a fix, as far as the document goes, they offered a workaround, that the russians rejected because it would mean changing about 5MB of source code.
Check the document, it's a long read, but it certainly looks like Microsoft is lyin^H^H^H incorrect.
www.lucernesys.comHorizon: Calendar-based personal finance
"No nuclear materials were ever at risk..."
"IE was not illegally 'tied' to Windows..."
"MS is not a monopoly..."
"Ok, if MS is a monopoly, we are a good monopoly..."
"Consumers will benefit from Windows being able to do everything ..."
"Consumers want us to control the world..."
"I've been made King? Awww, shucks! You really shouldn't have..."
Laws affecting technology will always be bad until enough techies become lawyers.
When OSS becomes an effective monopoly and uses anti-competitive tactics to maintain its hold on a specific market then it, too, will become an object of hatred. Hating Microsoft is not a knee-jerk reaction for those of us who have to endure using sub-standard software every day.
Does a Christian soccer team even need a goalkeeper?
This doesn't really seem to shed any light on the previous articles about this. Is this just another excuse to slap Microsoft around a little bit?
--
Do not taunt Happy Fun Ball(TM)
It appears (we had no access to the source, so I can't do better than that) that if you have a complex select statement, with several nested sub-selects, you can get SQL Server into a state where it caches the query plan (roughly, the "compiled version") of some of the sub-queries from one execution to the next. This query plan sometimes acts as if it (incorrectly) includes information derived from other sub-queries as if it was constant. If in a subsequent use the value of these stored "constants" has changed, the where-clauses can fail, causeing the loss of rows in the result set.
We went several rounds of reporting it to MS, bogged down on the "can you produce a simple case that exihibits the problem" phase, and wound you instituting coding guidlines to break such queries into multiple peices using temporary tables.
Consequently I know that there are at least some bugs that are not seen by most users, and am more willing to credit this report than I was before I heard the keywords "SQL server" "complex queries" and "missing data".
-- MarkusQ
M$ just wants to acquire the resources to take on AOL-Time-Warner-Amazon...
Be part of the world's largest collaborative work of art: http://www.paintthemoon.org
I wonder how stable Windows CE for Nuclear Warheads(R) is. Of course we should expect a Mushroom Cloud of Death(TM) instead of a BSOD, though...
http://www.themeparks.ie
"It's operating as intended", Bill Gates chuckles to himself as he closes the view port on his ever growing stockpile of weapons-grade nuclear material.