Sometime in the 2000s I started reading the RISKS Digest mailing list[1] from the beginning. I did it for fun - it's an interesting mix of fun anecdotes and lessons learned, and the 80's and early 90's were before my time which I found interesting too.
A side effect of reading the mailing list in bulk is that a set of common "stereotypes" of failure (for lack of a better word) start to emerge clearly from the stream of anecdotes. These really influenced my mental model of technology risks. I would still recommend the exercise for anyone interested in the subject.
Another thing to appreciate while reading is that Risks started pre-Web, when the Internet was a much smaller place, so PGN's work on Risks was well-known, and presumably influenced the thinking of a lot of people.
As one example, I bumped into Risks in my teens (I think through Usenet comp.risks), at the internship start of my software engineering career. I now think back to things I said and did back then, and the formative influence of Risks is unmistakable.
The MBA-ification of the Internet came later, but before that, PGN helped educate and guide a generation of Internet-savvy people in the best direction.
Same- I slowly stopped reading Risks even though I am still a subscriber (as far as I know).
What's weird was, back then, I thought about geography on the internet even LESS than I do now. It's strange now to realize PGN worked at SRI, just a few blocks from where I'm typing this. And he may have passed away at the hospital my wife's working at right now.
I haven't seen it mentioned here or in the obituaries, but Peter started the RISKS Digest in 1985 partly in response to the Strategic Defense Initiative (SDI, "Star Wars") which proposed a space-based anti-ballistic missile system run autonomously by computers [1].
Another response was the formation of Computer Professionals for Social Responsibilty (CPSR) [2]. Peter was an early member, and many early RISKS submissions were by CPSR members.
Peter's letter to readers about the creation of RISKS in Issue #1.01 [3] mentions SDI and CPSR (it's long, scroll down)
RISKS Digest got me started too. I think there are some things best learned from the very beginning. "Consider modes of failure" is probably my favourite piece of security advice.
Neumann had a tremendous impact on perception and curation of technology-related risks. His passing is a moment of sadness.
It wasn't unforeseeable, however, and it pains me to see on the Catless RISKS archive this note: "I'm sad to have to tell you that Peter Neumann died on the 17th May. This website will be here as long as I am able to maintain it, but whether or not there is any future RISKS content anywhere, I cannot say."
Death is a risk, but not an inconceivable one, and it's a reminder that whilst a single individual can often drive with singular vision and surprising efficacy a project, that if they fail to establish some broader foundation, that project dies with them.
> Although there is an element of apparent sloppiness in many creative people, discipline is also required. (Note that time-sharing has been condemned by some as encouraging sloppiness, as opposed to batch processing [where sloppiness can be exceedingly costly in time and computing resources]. Perhaps time-sharing could actually encourage creativity, although there is the countering argument that computers intrinsically stifle creativity.) Similarly, diversity of experience also appears to be extremely important (e.g., [Sheppard]); the perspective afforded by familiarity with a variety of systems, subsystems, programming languages, and methodologies provides extremely valuable insights, especially where there is wide diversity (e.g., among TOPS-20, Multics, UNIX, and OS/370; SCRIBE, TEX, PUB and ROFF; Pascal-based languages and LISP; a formal methodology/specification language and conventional design).
I will think “Agentic Engineering” is the “time-sharing” of our time. Embrace it.
> There is an old adage (e.g., Zen) to the effect that we become what we perceive. In computer terms, our (human)
outputs become identified with our inputs. Computer technology is exceedingly habit forming, and our civilization seems to be becoming more computer-like, in the name of "progress". Many people tend to identify with their computers, while others become more computer-dependent, willingly or unwillingly. In addition, the so-called "factory experience" has an antihuman element to it. Although it could indeed help to reduce repetitiveness, it must also allow a suitable role for creativity. (In the spirit of this paper we note that unbridled attempts at creativity can often be detrimental, resulting in obfuscational terminology that masks an absence of novelty, or the reinvention of suboptimal or intermediate steps that have previously been discarded by others for subtle reasons not perceived by the "reinventor".) Thus, it is incumbent on system designers and system development managers to understand the negative effects of the use of computers, and to attempt to minimize those negative effects. In this way, it should be possible to increase incentives, challenges, and satisfaction, to reduce boredom, burnout, and laziness, and generally to increase the effectiveness of computer developers and users.
Well, hell. I only new Peter peripherally, but every time I met him he was a wonderful human. I built cryptography libraries in the 90s and Peter was responsible for expanding my thinking about the systems surrounding security controls and (not surprisingly) their associated risks. And he did it with great patience, speaking to me (and everyone else) at a level we could understand, but never patronizing. I would bump into him at a conference one year and he would suggest a direction of study or experiment. At the next conference I saw him at I would report my findings (or send them to the RISKS list) and then there would be another, interesting direction suggested.
There's a Peter-shaped-hole in Sili Valley tech culture.
Sometime in the 2000s I started reading the RISKS Digest mailing list[1] from the beginning. I did it for fun - it's an interesting mix of fun anecdotes and lessons learned, and the 80's and early 90's were before my time which I found interesting too.
A side effect of reading the mailing list in bulk is that a set of common "stereotypes" of failure (for lack of a better word) start to emerge clearly from the stream of anecdotes. These really influenced my mental model of technology risks. I would still recommend the exercise for anyone interested in the subject.
[1] https://catless.ncl.ac.uk/Risks/
Another thing to appreciate while reading is that Risks started pre-Web, when the Internet was a much smaller place, so PGN's work on Risks was well-known, and presumably influenced the thinking of a lot of people.
As one example, I bumped into Risks in my teens (I think through Usenet comp.risks), at the internship start of my software engineering career. I now think back to things I said and did back then, and the formative influence of Risks is unmistakable.
Correctness? Safety? Security? Privacy? Societal implications? Responsibility?
The MBA-ification of the Internet came later, but before that, PGN helped educate and guide a generation of Internet-savvy people in the best direction.
Same- I slowly stopped reading Risks even though I am still a subscriber (as far as I know).
What's weird was, back then, I thought about geography on the internet even LESS than I do now. It's strange now to realize PGN worked at SRI, just a few blocks from where I'm typing this. And he may have passed away at the hospital my wife's working at right now.
I haven't seen it mentioned here or in the obituaries, but Peter started the RISKS Digest in 1985 partly in response to the Strategic Defense Initiative (SDI, "Star Wars") which proposed a space-based anti-ballistic missile system run autonomously by computers [1]. Another response was the formation of Computer Professionals for Social Responsibilty (CPSR) [2]. Peter was an early member, and many early RISKS submissions were by CPSR members.
Peter's letter to readers about the creation of RISKS in Issue #1.01 [3] mentions SDI and CPSR (it's long, scroll down)
1. https://en.wikipedia.org/wiki/Strategic_Defense_Initiative
2.https://en.wikipedia.org/wiki/Computer_Professionals_for_Soc...
3. https://catless.ncl.ac.uk/Risks/1.01.html
RISKS Digest got me started too. I think there are some things best learned from the very beginning. "Consider modes of failure" is probably my favourite piece of security advice.
Fun How long do you think that took you?
Neumann had a tremendous impact on perception and curation of technology-related risks. His passing is a moment of sadness.
It wasn't unforeseeable, however, and it pains me to see on the Catless RISKS archive this note: "I'm sad to have to tell you that Peter Neumann died on the 17th May. This website will be here as long as I am able to maintain it, but whether or not there is any future RISKS content anywhere, I cannot say."
<https://catless.ncl.ac.uk/Risks/>
Death is a risk, but not an inconceivable one, and it's a reminder that whilst a single individual can often drive with singular vision and surprising efficacy a project, that if they fail to establish some broader foundation, that project dies with them.
I'd noted this myself, in this context, several years ago: <https://news.ycombinator.com/item?id=37582242>.
I continue to hope that RISKS may survive Peter.
Bookmark this link for future reference, it is very relevant in the era of “agentic engineering”
https://dl.acm.org/doi/pdf/10.1145/1005937.1005938
> Although there is an element of apparent sloppiness in many creative people, discipline is also required. (Note that time-sharing has been condemned by some as encouraging sloppiness, as opposed to batch processing [where sloppiness can be exceedingly costly in time and computing resources]. Perhaps time-sharing could actually encourage creativity, although there is the countering argument that computers intrinsically stifle creativity.) Similarly, diversity of experience also appears to be extremely important (e.g., [Sheppard]); the perspective afforded by familiarity with a variety of systems, subsystems, programming languages, and methodologies provides extremely valuable insights, especially where there is wide diversity (e.g., among TOPS-20, Multics, UNIX, and OS/370; SCRIBE, TEX, PUB and ROFF; Pascal-based languages and LISP; a formal methodology/specification language and conventional design).
I will think “Agentic Engineering” is the “time-sharing” of our time. Embrace it.
If you ignore the health, ethical, social, moral, legal, financial, environmental issues then yeah you could embrace it I suppose.
By "embracing" I mean embracing the coming storm and survive it, facing the challenge and admit it is not magically going away.
Conclusion of the article (Wisdom from 1982):
> There is an old adage (e.g., Zen) to the effect that we become what we perceive. In computer terms, our (human) outputs become identified with our inputs. Computer technology is exceedingly habit forming, and our civilization seems to be becoming more computer-like, in the name of "progress". Many people tend to identify with their computers, while others become more computer-dependent, willingly or unwillingly. In addition, the so-called "factory experience" has an antihuman element to it. Although it could indeed help to reduce repetitiveness, it must also allow a suitable role for creativity. (In the spirit of this paper we note that unbridled attempts at creativity can often be detrimental, resulting in obfuscational terminology that masks an absence of novelty, or the reinvention of suboptimal or intermediate steps that have previously been discarded by others for subtle reasons not perceived by the "reinventor".) Thus, it is incumbent on system designers and system development managers to understand the negative effects of the use of computers, and to attempt to minimize those negative effects. In this way, it should be possible to increase incentives, challenges, and satisfaction, to reduce boredom, burnout, and laziness, and generally to increase the effectiveness of computer developers and users.
Previously (25 points - same list, LWN host) https://news.ycombinator.com/item?id=48172640
https://www.nytimes.com/2012/10/30/science/peter-g-neumann-a...
I loved reading RISKS and looks like back in 1991 (35 years ago! Eek!) I was worried about trojan horses on Netware 286: https://catless.ncl.ac.uk/risks/11/65#subj3
RIP
Well, hell. I only new Peter peripherally, but every time I met him he was a wonderful human. I built cryptography libraries in the 90s and Peter was responsible for expanding my thinking about the systems surrounding security controls and (not surprisingly) their associated risks. And he did it with great patience, speaking to me (and everyone else) at a level we could understand, but never patronizing. I would bump into him at a conference one year and he would suggest a direction of study or experiment. At the next conference I saw him at I would report my findings (or send them to the RISKS list) and then there would be another, interesting direction suggested.
There's a Peter-shaped-hole in Sili Valley tech culture.
https://cacm.acm.org/news/in-memoriam-peter-g-neumann-1932-2...
To see "Albert Einstein" in the list of his mentors was beautiful. He was a connection link to many of the greatest minds in our history. RIP.
The mailing list style and his personal web page tells me all that I need to do
(And if you don't get it, you wouldn't get it)
It feels as though an entire era is fading day by day
Impressive that Neumann moderated RISKS for 41 years in addition to all of his other achievements. His contributions were valuable to us all
Not to be confused with John von Neumann
he has died as well
I didn't even know he was sick.