The Risks Digest

The RISKS Digest

Forum on Risks to the Public in Computers and Related Systems

ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator

Volume 27 Issue 91

Monday 12 May 2014


NEWS FLASH: RISKS-27.90 caught by Spam Assassin
"Reading, Writing, Arithmetic, and Lately, Coding"
Matt Richtel via Ed Lazowska
"The FCC has already started destroying the Internet"
Paul Venezia via Gene Wirchenko
"Security-vendor snake oil: 7 promises that don't deliver"
Roger A. Grimes via Gene Wirchenko
"Oracle's surprise win in Java API case could make it harder for developers"
Paul Krill via Gene Wirchenko
Info on RISKS (comp.risks)

NEWS FLASH: RISKS-27.90 caught by Spam Assassin

RISKS List Owner <>
Mon, 12 May 2014 1:09:22 PDT
Please check your spam bucket if you did not receive RISKS-27.90, assuming
this issue gets through despite mentioning `large amounts of money'.  Oddly,
there was NO MENTION of the 2.8-point item, which has to do with
H*K*L*O*T*T*O, lightly encoded to avoid a repetition.  This of course
happened (at least) once before, in RISKS-22.20, almost 12 years ago, as
recorded by Danny Burstein in RISKS-22.21.

This is what caught my copy of the previous issue.

Content analysis details:   (5.3 points, 5.0 required)

 pts rule name              description
 0.0 T_URIBL_SEM_FRESH_15   Contains a domain registered less than 15 days
-0.0 T_RP_MATCHES_RCVD      Envelope sender domain matches handover relay
 2.5 US_DOLLARS_3           BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
 0.0 LOTS_OF_MONEY          Huge... sums of money
 2.8 [see above]            [see above, lightly encoded]

"Reading, Writing, Arithmetic, and Lately, Coding" (Matt Richtel)

Ed Lazowska <>
Sunday May 11, 2014 at 5:25:39 PM EDT
Matt Richtel, *The New York Times, 11 May 2014 (Ed Lazowska via Dave Farber)

This Sunday's front-page lead article in *The New York Times* is worth

My opinion:

It's excellent exposure for "the movement" of driving computer science into

But it's hugely vocationally focused, and thus misses the key point:
Computer programming is the hands-on inquiry-based way we teach
computational thinking, which is an essential 21st-century capability for
just about everyone.

The incongruity within the article itself is glaring.  Towards the top, it
says “It is a stark change for computer science, which for decades was
treated like a stepchild, equated with trade classes like wood shop.''  It
then proceeds to focus almost exclusively on a vocational/trade/skill
rationale for the teaching programming.

The wonderful Hadi Partovi ( says it just right in his one quote in
the article: learning our field is “as essential as learning about gravity
or molecules, electricity or photosynthesis.'' But people don't learn about
“gravity or molecules, electricity or photosynthesis'' for vocational
purposes, but rather because they lead towards `modes of thought' that are

This angle gets no coverage elsewhere in the article.  (And Hadi is referred
to as `she' in the print version, further suggesting a level of
misunderstanding ...)

It would be great if *The New York Times*, at least, would get this right
..., but I guess pretty much any press is good press.

"Reading, Writing, Arithmetic, and Lately, Coding" (Matt Richtel)

"Peter G. Neumann" <>
Mon, 12 May 2014 8:01:17 PDT
I have long been an advocate of integrating relevant fundamentals of
discrete mathematics, principles underlying computer technology, and ethics
of computer use into early education, beginning as early as reasonable in
K-12 curricula, and at whatever levels of abstraction can be understood at
each level.  However, it seriously seems overly simplistic to believe that
teaching a visual coding (programming) language early will by itself result
in programmers who can understand the pitfalls of later trying to specify
requirements, programs, and system architectures that can satisfy critical
needs for trustworthy systems and networks.

Perhaps what is also needed is a graded set of staged versions of the
highlights from RISKS that can add some reality to the proposition that
being able to write a simple visual program is only one stepping stone to
becoming a logical person and perhaps eventually a system architect/software
engineer in the sense of real engineering.

Computer literacy is essential, but once again we need to dust off the old
Einstein dictum: Everything should be made as simple as possible, but no
simpler.  Instilling a better understanding of complexity throughout the
progression of increasingly higher education seems to have been accomplished
fairly well in mathematics, but not yet in computer education before
college.  There is clearly a burden on educating the teachers as well, but
visual programming may offer an overly simplistic approach unless the
underlying principles are also visible to them and to the students.  End of
soapbox.  PGN

"The FCC has already started destroying the Internet" (Paul Venezia)

Gene Wirchenko <>
Mon, 12 May 2014 12:56:26 -0700
Paul Venezia | InfoWorld, 12 May 2014
The FCC has already started destroying the Internet
The mere mention of the awful new rules proposed by the FCC already
is causing fallout

"Security-vendor snake oil: 7 promises that don't deliver" (Roger A. Grimes)

Gene Wirchenko <>
Mon, 12 May 2014 12:51:41 -0700
Roger A. Grimes | InfoWorld, 12 May 2014
Beware bold promises from a multibillion-dollar industry that can't
prevent your IT systems from being routinely hacked

"Oracle's surprise win in Java API case could make it harder for developers" (Paul Krill)

Gene Wirchenko <>
Mon, 12 May 2014 12:38:38 -0700
Paul Krill | InfoWorld, 9 May 2014
The ruling that APIs can be copyrighted could make it a lot harder to
take advantage of APIs with a direct license

Please report problems with the web pages to the maintainer