The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 1 Issue 26

Wednesday, 4 Dec 1985


Matt Bishop
oReliable Computer Systems
Jim Horning
oElectromagnetic Interference
Peter G. Neumann
Thomas Cox
o"The Hacker Game": Is it simulating security of *REAL* machines?
Ted Shapin
oUnexpected load on telephone trunks
Ted Shapin


Matt Bishop <mab@riacs.ARPA>
2 Dec 1985 0926-PST (Monday)

In Risks 1.25, you wrote a very good article pleading for greater humility. I'd like to add a little to that. Very often a solution is proposed which alleviates the symptom, but aggravates the cause, of the problem. (Draw your own examples, folks — the best ones are political, and I'm not touching THOSE with a ten-foot pole!) Unfortunately, those are often the most appealing because they let us forget, for a time, that the problem exists. When it returns, the symptoms are different but the root cause is still there — and more rotten than ever.

As another thought, I've found that in order to ask the question that leads to a solution for a problem you have to know most of the answer already — it's merely a matter of synthesizing the various parts into a whole. (As an example, Riemannian geometry existed before Einstein put it to use; it was a mathematical toy, done to prove the Fifth Postulate was just that, a postulate.) But for all non-technical problems, science alone cannot provide the answers — it can provide techniques for solving the technical components, but no more. And when people forget this, disaster follows, because science is used to treat the result, rather than the cause. (Incidentally, "science" is not the culprit. The same thing happens in spheres where science takes a back seat to ethics and morality — and what I said still applies. No one discipline can provide a complete answer to any non-technical problem. Unfortunately, an incomplete, but complete-looking, answer can usually be obtained from any discipline — and this is what we must avoid doing!)


Reliable Computer Systems

Jim Horning <horning@decwrl.DEC.COM>
2 Dec 1985 1354-PST (Monday)

Although reliability is only part of risk assessment, it is an important one. I would like to bring to the attention of this forum a book to which I made a modest contribution.

``Reliable Computer Systems: Collected Papers of the Newcastle Reliability Project,'' edited by Santosh K. Shrivastava, Springer-Verlag, 1985, xii + 580 pages, ISBN 0-387-15256-3 (New York) and 3-540-15256-3 (Berlin).

This volume brings together in one place more than 30 papers by more than 20 authors reporting more than a decade of research on reliability. It contains papers that survey the issues, define terminology, propose partial solutions, and assess the state of the art.


Please report problems with the web pages to the maintainer