Rendered at 19:30:21 GMT+0000 (Coordinated Universal Time) with Cloudflare Workers.
dredmorbius 7 hours ago [-]
Neumann had a tremendous impact on perception and curation of technology-related risks. His passing is a moment of sadness.
It wasn't unforeseeable, however, and it pains me to see on the Catless RISKS archive this note: "I'm sad to have to tell you that Peter Neumann died on the 17th May. This website will be here as long as I am able to maintain it, but whether or not there is any future RISKS content anywhere, I cannot say."
Death is a risk, but not an inconceivable one, and it's a reminder that whilst a single individual can often drive with singular vision and surprising efficacy a project, that if they fail to establish some broader foundation, that project dies with them.
Sometime in the 2000s I started reading the RISKS Digest mailing list[1] from the beginning. I did it for fun - it's an interesting mix of fun anecdotes and lessons learned, and the 80's and early 90's were before my time which I found interesting too.
A side effect of reading the mailing list in bulk is that a set of common "stereotypes" of failure (for lack of a better word) start to emerge clearly from the stream of anecdotes. These really influenced my mental model of technology risks. I would still recommend the exercise for anyone interested in the subject.
Another thing to appreciate while reading is that Risks started pre-Web, when the Internet was a much smaller place, so PGN's work on Risks was well-known, and presumably influenced the thinking of a lot of people.
As one example, I bumped into Risks in my teens (I think through Usenet comp.risks), at the internship start of my software engineering career. I now think back to things I said and did back then, and the formative influence of Risks is unmistakable.
The MBA-ification of the Internet came later, but before that, PGN helped educate and guide a generation of Internet-savvy people in the best direction.
rconti 2 hours ago [-]
Same- I slowly stopped reading Risks even though I am still a subscriber (as far as I know).
What's weird was, back then, I thought about geography on the internet even LESS than I do now. It's strange now to realize PGN worked at SRI, just a few blocks from where I'm typing this. And he may have passed away at the hospital my wife's working at right now.
nickdothutton 10 hours ago [-]
RISKS Digest got me started too. I think there are some things best learned from the very beginning. "Consider modes of failure" is probably my favourite piece of security advice.
stogot 7 hours ago [-]
Fun How long do you think that took you?
ontouchstart 7 hours ago [-]
Bookmark this link for future reference, it is very relevant in the era of “agentic engineering”
> There is an old adage (e.g., Zen) to the effect that we become what we perceive. In computer terms, our (human)
outputs become identified with our inputs. Computer technology is exceedingly habit forming, and our civilization seems to be becoming more computer-like, in the name of "progress". Many people tend to identify with their computers, while others become more computer-dependent, willingly or unwillingly. In addition, the so-called "factory experience" has an antihuman element to it. Although it could indeed help to reduce repetitiveness, it must also allow a suitable role for creativity. (In the spirit of this paper we note that unbridled attempts at creativity can often be detrimental, resulting in obfuscational terminology that masks an absence of novelty, or the reinvention of suboptimal or intermediate steps that have previously been discarded by others for subtle reasons not perceived by the "reinventor".) Thus, it is incumbent on system designers and system development managers to understand the negative effects of the use of computers, and to attempt to minimize those negative effects. In this way, it should be possible to increase incentives, challenges, and satisfaction, to reduce boredom, burnout, and laziness, and generally to increase the effectiveness of computer developers and users.
ontouchstart 7 hours ago [-]
> Although there is an element of apparent sloppiness in many creative people, discipline is also required. (Note that time-sharing has been condemned by some as encouraging sloppiness, as opposed to batch processing [where sloppiness can be exceedingly costly in time and computing resources]. Perhaps time-sharing could actually encourage creativity, although there is the countering argument that computers intrinsically stifle creativity.) Similarly, diversity of experience also appears to be extremely important (e.g., [Sheppard]); the perspective afforded by familiarity with a variety of systems, subsystems, programming languages, and methodologies provides extremely valuable insights, especially where there is wide diversity (e.g., among TOPS-20, Multics, UNIX, and OS/370; SCRIBE, TEX, PUB and ROFF; Pascal-based languages and LISP; a formal methodology/specification language and conventional design).
I will think “Agentic Engineering” is the “time-sharing” of our time. Embrace it.
jabwd 7 hours ago [-]
If you ignore the health, ethical, social, moral, legal, financial, environmental issues then yeah you could embrace it I suppose.
ontouchstart 6 hours ago [-]
By "embracing" I mean embracing the coming storm and survive it, facing the challenge and admit it is not magically going away.
Well, hell. I only new Peter peripherally, but every time I met him he was a wonderful human. I built cryptography libraries in the 90s and Peter was responsible for expanding my thinking about the systems surrounding security controls and (not surprisingly) their associated risks. And he did it with great patience, speaking to me (and everyone else) at a level we could understand, but never patronizing. I would bump into him at a conference one year and he would suggest a direction of study or experiment. At the next conference I saw him at I would report my findings (or send them to the RISKS list) and then there would be another, interesting direction suggested.
There's a Peter-shaped-hole in Sili Valley tech culture.
It wasn't unforeseeable, however, and it pains me to see on the Catless RISKS archive this note: "I'm sad to have to tell you that Peter Neumann died on the 17th May. This website will be here as long as I am able to maintain it, but whether or not there is any future RISKS content anywhere, I cannot say."
<https://catless.ncl.ac.uk/Risks/>
Death is a risk, but not an inconceivable one, and it's a reminder that whilst a single individual can often drive with singular vision and surprising efficacy a project, that if they fail to establish some broader foundation, that project dies with them.
I'd noted this myself, in this context, several years ago: <https://news.ycombinator.com/item?id=37582242>.
I continue to hope that RISKS may survive Peter.
A side effect of reading the mailing list in bulk is that a set of common "stereotypes" of failure (for lack of a better word) start to emerge clearly from the stream of anecdotes. These really influenced my mental model of technology risks. I would still recommend the exercise for anyone interested in the subject.
[1] https://catless.ncl.ac.uk/Risks/
As one example, I bumped into Risks in my teens (I think through Usenet comp.risks), at the internship start of my software engineering career. I now think back to things I said and did back then, and the formative influence of Risks is unmistakable.
Correctness? Safety? Security? Privacy? Societal implications? Responsibility?
The MBA-ification of the Internet came later, but before that, PGN helped educate and guide a generation of Internet-savvy people in the best direction.
What's weird was, back then, I thought about geography on the internet even LESS than I do now. It's strange now to realize PGN worked at SRI, just a few blocks from where I'm typing this. And he may have passed away at the hospital my wife's working at right now.
https://dl.acm.org/doi/pdf/10.1145/1005937.1005938
> There is an old adage (e.g., Zen) to the effect that we become what we perceive. In computer terms, our (human) outputs become identified with our inputs. Computer technology is exceedingly habit forming, and our civilization seems to be becoming more computer-like, in the name of "progress". Many people tend to identify with their computers, while others become more computer-dependent, willingly or unwillingly. In addition, the so-called "factory experience" has an antihuman element to it. Although it could indeed help to reduce repetitiveness, it must also allow a suitable role for creativity. (In the spirit of this paper we note that unbridled attempts at creativity can often be detrimental, resulting in obfuscational terminology that masks an absence of novelty, or the reinvention of suboptimal or intermediate steps that have previously been discarded by others for subtle reasons not perceived by the "reinventor".) Thus, it is incumbent on system designers and system development managers to understand the negative effects of the use of computers, and to attempt to minimize those negative effects. In this way, it should be possible to increase incentives, challenges, and satisfaction, to reduce boredom, burnout, and laziness, and generally to increase the effectiveness of computer developers and users.
I will think “Agentic Engineering” is the “time-sharing” of our time. Embrace it.
RIP
There's a Peter-shaped-hole in Sili Valley tech culture.
(And if you don't get it, you wouldn't get it)