The RISKS Digest
Volume 1 Issue 26

Wednesday, 4th December 1985

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Please try the URL privacy information feature enabled by clicking the flashlight icon above. This will reveal two icons after each link the body of the digest. The shield takes you to a breakdown of Terms of Service for the site - however only a small number of sites are covered at the moment. The flashlight take you to an analysis of the various trackers etc. that the linked site delivers. Please let the website maintainer know if you find this useful or not. As a RISKS reader, you will probably not be surprised by what is revealed…

Contents

Humility
Matt Bishop
Reliable Computer Systems
Jim Horning
Electromagnetic Interference
Peter G. Neumann
Hackers
Thomas Cox
"The Hacker Game": Is it simulating security of *REAL* machines?
Ted Shapin
Unexpected load on telephone trunks
Ted Shapin

Humility

Matt Bishop <mab@riacs.ARPA>
2 Dec 1985 0926-PST (Monday)

In Risks 1.25, you wrote a very good article pleading for greater humility. I'd like to add a little to that. Very often a solution is proposed which alleviates the symptom, but aggravates the cause, of the problem. (Draw your own examples, folks — the best ones are political, and I'm not touching THOSE with a ten-foot pole!) Unfortunately, those are often the most appealing because they let us forget, for a time, that the problem exists. When it returns, the symptoms are different but the root cause is still there — and more rotten than ever.

As another thought, I've found that in order to ask the question that leads to a solution for a problem you have to know most of the answer already — it's merely a matter of synthesizing the various parts into a whole. (As an example, Riemannian geometry existed before Einstein put it to use; it was a mathematical toy, done to prove the Fifth Postulate was just that, a postulate.) But for all non-technical problems, science alone cannot provide the answers — it can provide techniques for solving the technical components, but no more. And when people forget this, disaster follows, because science is used to treat the result, rather than the cause. (Incidentally, "science" is not the culprit. The same thing happens in spheres where science takes a back seat to ethics and morality — and what I said still applies. No one discipline can provide a complete answer to any non-technical problem. Unfortunately, an incomplete, but complete-looking, answer can usually be obtained from any discipline — and this is what we must avoid doing!)

Matt

Reliable Computer Systems

Jim Horning <horning@decwrl.DEC.COM>
2 Dec 1985 1354-PST (Monday)

Although reliability is only part of risk assessment, it is an important one. I would like to bring to the attention of this forum a book to which I made a modest contribution.

``Reliable Computer Systems: Collected Papers of the Newcastle Reliability Project,'' edited by Santosh K. Shrivastava, Springer-Verlag, 1985, xii + 580 pages, ISBN 0-387-15256-3 (New York) and 3-540-15256-3 (Berlin).

This volume brings together in one place more than 30 papers by more than 20 authors reporting more than a decade of research on reliability. It contains papers that survey the issues, define terminology, propose partial solutions, and assess the state of the art.

<

Please report problems with the web pages to the maintainer

x
Top