A remarkable series of photos was made in my SRI office many years ago
for the ``Designated Holist'' magazine article (noted below) by
North-Bay photographer Jim Sugar, who died on 24 Jul 2024 at
78, and will be greatly missed. Jim had been a wonderfully
innovative National Geographic photographer and for many years,
all-around friendly person, and for a while was my official go-to
photographer for professional in-situ shots. The San
Franciso Chronicle had a well-deserved obit coverage on
1 Sep 2024, copied from the local Mill-Valley paper:
Click here for a
short bio. More detailed bio information is available on request.
333 Ravenswood Ave EL-243
Menlo Park California 94025-3493, USA
This Web page (http://www.csl.sri.com/~neumann) can also be reached from the primary CSL Web site (http://www.csl.sri.com) by clicking on "CSL Staff" and then "Neumann". (It differs from the default CSL page.) The following sections are included here, and can be moused directly if you do not want to read linearly.
The work for my two doctoral theses (Tony Oettinger was my Harvard advisor, and Alwin Walther my Darmstadt advisor) and various subsequent papers involved variable-length Huffman-like codes and later was extended to Huffman-style information-lossless sequential coding schemes with surprisingly strong self-resynchronization properties despite arbitrary fault modes and denial-of-service attacks, even in the presence of very low or minimum redundancy as in Huffman codes. These schemes provided the possibility of highly survivable communication systems in the presence of arbitrary temporary interference. Earlier, my undergraduate thesis in mathematics (1954) involved identifying five nomographic classes of motions based on elliptic integrals, establishing canonical transformations for each of those classes, and generating tables for them (using the Harvard Mark IV).
I had two reverse sabbaticals as Visiting Mackay Lecturer, during the spring quarter of 1964 at Stanford University in Electrical Engineering, and the academic year 1970-71 at U.C. Berkeley (teaching courses in hardware, operating systems, and coding theory, and co-leading two seminar courses). I also taught a course on survivable systems and networks at the University of Maryland in the fall of 1999, half in person, half by video teleconference; the course notes are indicated below.
My first computer job was in the summer of 1953, as a programmer on the IBM Card-Programmed Calculator, for the U.S. Naval Ordnance Lab in White Oak MD, a punched-card machine with four registers and ZERO memory. (The cards provided auxiliary memory!) Among other things, I wrote a nifty recursive complex matrix-inversion routine. The three-address instruction interpretation was done in the plugboard, which represented an early compiler/assembler! My boss was Cal Elgot, who later became director of the IBM mathematics group at IBM in its very early days at the Lamb Estate, before the research effort moved to the Watson Lab in Yorktown Heights, NY.
I had ten exciting years in the Computer Science Lab at Bell Labs in Murray Hill, New Jersey (1960-70) -- including extensive involvement in Multics from 1965 to 1969. Beginning in 1965, Bob Daley (then at Project MAC at MIT) and I did the Multics file system design, which included directory hierarchies, access-control lists (ACLs), dynamic linking of symbolic names to cacheable descriptor-based addresses, and dynamically paged segments within a novel hardware-supported virtual memory concept. (It is nice to find dynamic linking again being ``rediscovered'' in Webware! Multics also had multiprogramming, multiprocessing, multiple protection domains, and other forms of multiplexing.) I had a minor role in the Multics input-output design, heavily influenced by Ken Thompson, Joe Ossanna, and Stan Dunten, with symbolic stream names (which Ken later transmogrified into Unix pipes) and device-independent I/O. After Vic Vyssotsky moved over to Whippany, I found myself the Bell Labs member of the Multics Triumvirate, coordinating with Fernando Corbató (Corby) at MIT and Charlie Clingen at Honeywell, and flying to MIT for a meeting almost every other week. There was some really beautiful innovation in Multics, and many wonderful people. For those of you who are young folks with little idea of Multics' contributions to computer history, check out Tom Van Vleck's Multicians website at http://www.multicians.org/, which (as of 22 May 2015) listed 2003 names of people who were associated with Multics! Particularly notable among those not already mentioned here is Jerry Saltzer, although many others were important contributors as well.
The Winter 2017 issue of ;login: has a remarkably comprehensive interview conducted and edited by Rik Farrow. It was really delightful to be asked to reminisce on the past. Click here .
Click here for a few selected bibliographic references and other items. A list of CSL-related .bib entries is available at the bottom of the official CSL Web site page for me .
The "Zennish, Anyone" aspect is discussed in my book chapter, Psychosocial Implications of Computer Software Development and Use: Zen and the Art of Computing, Theory and Practice of Software Technology, D. Ferrari, M. Bolognani, and J. Goguen (editors), North-Holland, 1983, pp. 221--232.
A major advance in our efforts has recently resulted from Arm adopting the CHERI ISA as part of their mainline hardware architecture. Richard Grisenthwaite (chief hardware architecture at Arm) gave a talk (available on request), Arm Morello Evaluation Platform -- Validating CHERI-based Security in a High-performance System, on CHERI-Arm Morello (incorporation of CHERI into the Arm 64-bit processor hardware architecture) for HotChips 2022. An article by Dan Robinson, How Arm Popped CHERI Architecture into Morello Program Hardware, summarizes that talk in The Register. All of the above CHERI-related reports and published papers are noted in the CHERI Research website at the University of Cambridge. Just a few are noted here.
NDSS 2019 A. Theo Markettos, Colin Rothwell, Brett Gutstein, Allison Pearce, Peter G. Neumann, Simon W. Moore, and Robert N. M. Watson, Thunderclap: Exploring Vulnerabilities in Operating-System IOMMU Protection via DMA from Untrustworthy Peripherals, Proceedings of the Network and Distributed Systems Symposium (NDSS 2019), 24--27 February 2019.
IEEE SSP 2015 Robert N. M. Watson, Jonathan Woodruff, Peter G. Neumann, Simon W. Moore, Jonathan Anderson, David Chisnall, Nirav Dave, Brooks Davis, Ben Laurie, Steven J. Murdoch, Robert Norton, Michael Roe, Stacey Son, and Munraj Vadera. CHERI: A Hybrid Capability-System Architecture for Scalable Software Compartmentalization, IEEE Symposium on Security and Privacy, San Jose, CA, May 18-20, 2015.
ASPLOS 2015 David Chisnall, Colin Rothwell, Brooks Davis, Robert N.M. Watson, Jonathan Woodruff, Simon W. Moore, Peter G. Neumann, and Michael Roe, Beyond the PDP-11: Architectural Support for a Memory-Safe C Abstract Machine, 20th International Conference on Architectural Support for Programming Languages and Operating Systems, ASPLOS 2015, Istanbul, Turkey, 14--18 March 2015.
ISCA 2014 U.S. URL and ISCA 2014 UK URL. Jonathan Woodruff, Robert N. M. Watson, David Chisnall, Simon W. Moore, Jonathan Anderson, Brooks Davis, Ben Laurie, Peter G. Neumann, Robert Norton, and Michael Roe. The CHERI capability model: Revisiting RISC in an age of risk, Proceedings of the 41st International Symposium on Computer Architecture (ISCA 2014), Minneapolis, MN, USA, June 14--16, 2014. This paper received an "honorable mention" in the Guest Editor piece for the Micro Top Picks edition.
The earliest paper resulting from this project, Peter G. Neumann and Robert N. M. Watson, Capabilities Revisited: A Holistic Approach to Bottom-to-Top Assurance of Trustworthy Systems, was presented at the Fourth Layered Assurance Workshop (in association with ACSAC 2010) in Austin Texas, 6-7 December 2010. A 2012 paper reflected subsequent progress on the development of the hardware architecture, CHERI: A Research Platform Deconflating Hardware Virtualization and Protection for the RESoLVE workshop associated with ASPLOS in London, March 2012.
Considerably more recent published papers and released reports can be found on the Cambridge CHERI Website noted above. They are now too numerous to itemize here.
An article by Nicole Perlroth, "Reinventing the Internet to Make it Safer", in The New York Times on 3 December 2014 considers the DARPA clean-slate CRASH program; it is on also on The Times' blog. (The article refers to CTSRD pronounced as "Custard" -- where referring to "the CHERI hardware-software system" might have been more to the point -- see my note below.) See also her companion article, "The Hacked vs. the Hackers: Game On" also on The Times' blog.
Note: The CTSRD acronym is alternatively pronounced "Custard" primarily in the UK, where it was once accompanied by custard tarts for the weekly conference calls, or "CatSword" (thanks to Jon Anderson) elsewhere, especially as a logo in our slides -- where it is represented by a heraldic shield of a lion with a sword. It was originally conceived rather weakly as "CutSurd" (i.e., get rid of the irrational and absurd security problems), although that is no longer in use.)
The comparable poster and slides for our companion joint SRI-Cambridge project (MRC)-squared for DARPA's Mission-oriented Resilient Clouds (MRC) program are for the project website at the University of Cambridge.
I delivered the 2013 Elliott Organick Memorial Lectures at the University of Utah in March 2013. Slides --- A Personal History of Layered Trustworthiness -- are online for some of the material presented (in addition to slides from the above-noted PI meetings). A profile of me written by John Markoff was included in The New York Times Science Tuesday section on 30 October 2012, and is online, along with a short video clip. John also did an audio interview, but that is probably buried somewhere in the archives of The Times.
Note: John's article attributes to me the naming of Ken Thompson and Dennis Ritchie's system as `Unics' -- as a pun, an emasculated successor of Multics -- perhaps based on a sentence in Peter Salus's 1994 book, A Quarter Century of UNIX. On the other hand, Brian Kernighan recalls that he had suggested the name Unics. However, when the switch from Unics to Unix took place remained unclear to Peter Salus in 1994, and remained so to both Brian Kernighan and Doug McIlroy when I asked them in 2012. My guess is that some AT&T lawyers eventually decided that the punned name (Unics) did not reflect well on the corporate image, and insisted that it be changed it to Unix. But that's only a guess. It came a pun a midnight clear, as I started writing this paragraph around 5am on 3 Jan 2012.
Incidentally, my recollection of the first two days of what ultimately became Unics and then Unix was this: After Bell Labs bailed on Multics in 1969, Ken Thompson acquired a PDP-7 that Max Mathews was no longer using. Ken came in one day for lunch having worked much of the previous night to create a roughly thousand-line one-user operating system kernel. I suggested that Ken might want to use some of the concepts we developed in Multics to extend his kernel into a multi-user system. The next morning Ken came in with another thousand lines, and had indeed done so. The rest is history. Ken has always been amazingly productive.
A subsequent profile written by Bruce Newman appeared in the San Jose Mercury News on 12 Mar 2013 is titled Peter G. Neumann: Top cop on the hair-raising cybersecurity beat.
A 45-minute segment from the Minnesota Public Radio Daily Circuit on 27 Dec 2012, in discussion with Matt Honan (EFF) and me, considers the subject of the limitations of passwords and computer security, and is online (click on `LISTEN').
My coauthors Matt Bishop, Sean Peisert, Marv Schaefer, and I wrote a paper, Reflections on the 30th Anniversary of the IEEE Symposium on Security and Privacy, for the May 2010 proceedings of the 31st annual meeting. We regret inadvertently omitting recognition of Sushil Jajodia for the most accepted papers (in Section VII), and Gerry Popek [d] (in Section IX). The paper is of course subject to IEEE copyright, but you have my permission to use it for educational and noncommerical purposes. (The ``[d]'' designation here indicates that an individual is no longer alive -- although I have probably missed a few tagged.)
I gave a keynote talk, Identity and Trust in Context, for IDtrust 2009 at NIST on 15 April 2009. The slides are online at the conference website and on my website. This talk included discussion of the importance of holistic system considerations rather than trying to deal with identity and authorization in isolation, with applications to health care, and summarized the work of Brent Waters (Attribute-Based Encryption), Carl Gunter (Attribute-Based Messaging), and Chris Peikert (Lattice-Based Cryptography).
In the early 2000s, DARPA funded thirteen projects under its Composable High-Assurance Trustworthy Systems (CHATS) program, created by Douglas Maughan. I led one of those projects (CHATS project website), in the SRI Computer Science Laboratory. The emphasis in the CHATS program was on composable trustworthy open-source operating systems. The final report, Principled Assuredly Trustworthy Composable Architectures, was completed on 28 December 2004, and is available in three forms: html, pdf, and ps. An earlier paper summarizing the project as of early 2003 appeared in the DISCEX03 proceedings: Achieving Principled Assuredly Trustworthy Composable Systems and Networks.
Incidentally, a significant effort is underway in Peter Denning's Great Principles project, which considers the importance of principles more broadly --- as common elements across system designs. I believe PJD is still in the process of writing a book on that effort.
The Provably Secure Operating System (PSOS) project began in 1973 and continued until 1983. The 1980 PSOS final report (noted in my partial reference list) has been scanned in and is online in PostScript form (over 300 pages). The report includes the system architecture and many of the basic hardware and operating system layers, plus some illustrative applications (all formal specified in the SPECIAL language of HDM, the Hierarchical Development Methodology). The Feiertag/Neumann paper summarizing the architecture as of 1979 is available in a retyped, more or less correct, hand-edited pdf form. A 2003 paper, PSOS Revisited by me and Rich Feiertag, was presented at ACSAC 2003 in Las Vegas in December 2003, as part of the Classic Papers track (which was initiated at ACSAC 2002 for the Karger-Schell paper on the Multics multilevel secure evaluation). Please read it if you are interested in capability architectures. The PSOS project continued from 1980 to 1983, supporting the Goguen-Meseguer papers and the Extended HDM effort that led to SRI's PVS system.
My 1990 paper, Rainbows and Arrows: How the Security Criteria Address Computer Misuse, for the National Computer Security Conference examined the Trusted Computer Security Evaluation Criteria (TCSEC) -- the so-called Orange Book and its spinoffs comprising the Rainbow Series. It may be of historical interest.
A 1996 report, Architectures and Formal Representations for Secure Systems, considers what formal methods can do for system security, and vice versa. It is available in PostScript form. and contains various references to earlier work, e.g., to our 1970s work on the formally specified capability-based object-oriented hierarchically-layered Provably Secure Operating System (PSOS), and the role of system structure and abstraction -- which has been a long-standing interest. A 1992 paper by Norm Proctor and me, Architectural Implications of Covert Channels from the 1992 Computer Security Conference, is available in html form. That paper develops the concept of multilevel-secure systems in which there are no end-user multilevel-secure workstations, and consequently no user-oriented covert channels. This is really a paper on how to build multilevel-secure systems and networks out of non-MLS end-user components and a few high-assurance trustworthy servers. It further pursues an approach begun by Rushby and Randell in their 1983 paper. The concept is also applicable to architectures of (single-level) networked systems in which trusworthiness is localized in certain critical servers. The Oracle thin-client network computer was ideally suited to such an architecture.
An extensive collection of information on our current efforts (EMERALD) and past work (IDES, NIDES) on analyzing systems and networks for the purposes of anomaly and misuse detection is available on our Website at http://www.csl.sri.com/intrusion.html, thanks to the efforts of my colleague Phil Porras. EMERALD significantly extends our earlier work, addressing not just host systems but also networks, servers, and hierarchically layered analysis. A 1997 paper is available in html form for browsing or in PostScript form for ftp-ing . A 1999 paper on Experience with EMERALD, jointly authored with Phil Porras, is available in PostScript and in html for the USENIX Workshop on Intrusion Detection and Network Management, 11-12 April 1999. (It won the best-paper award for the workshop!)
I helped organize a workshop on preventing, detecting, and responding to insider misuse, held in Santa Monica in August 1999. The final report and the slide materials for long and short briefings are available on our Web site at http://www2.csl.sri.com/insider-misuse/. My position paper for that workshop is also available online. A second workshop was held in Honolulu in July 2000.
I have updated and extended the 1999 paper in a new position paper that I prepared for the Dagstuhl Workshop on Insider Threats, 20-25 July 2008: Combatting Insider Misuse, with Relevance to Integrity and Accountability in Elections and Other Applications click here. Although I was unable to attend, Matt Bishop most graciously presented it for me. Matt's slides are online.
The Dagstuhl Workshop article has been extended and is included in a book: P.G. Neumann, Combatting Insider Threats, chapter 2, in Insider Threats in Cybersecurity -- and Beyond, C.W. Probst, J. Hunker, D. Gollman, and Matt Bishop, (editors), Springer Verlag, 2010. [Incidentally, see my screed on Combatting `Combating', below.]
Just for kicks, let me mention my 1969 paper, The Role of Motherhood in the Pop Art of System Programming, from the 2nd Symposium on Operating Systems Principles, which has now been put on the Web courtesy of Olin Sibert and posted on Tom Van Vleck's Multicians website.
I taught a course ENPM 808s as an Adjunct Professor at the University of Maryland in the Fall of 1999 on material related to the Army Research Lab survivability study: http://www.csl.sri.com/~neumann/umd808s.html. All of my UMd lecture materials (except for my RISKS book) are online as source-available open-course documents. (It is wonderful to see MIT's announcement of its OpenCourseWare in April 2001. That is a marvelous development.) My final set of Maryland lecture notes is also available in a 6-up PostScript form, that is, six slides to a printed page. Please let me know if you find the course materials interesting and/or useful. Similar courses were also taught at the University of Pennsylvania by Tony Barnes (I gave one of Tony's lectures), and at the University of Tennessee by Doug Birdwell (birdwell@hickory.engr.utk.edu) and Dave Icove (djicove@tva.gov) -- Electrical & Computer Engineering 599 -- using some of my lectures and lecture materials, and some of their own. Georgia Tech (Blaine Burnham) gave such a course in Winter 2000, and the Naval Postgraduate School (Cynthia Irvine) was contemplating such a course in the spring of 2000, according to an earlier discussion with Cynthia. Other universities have also expressed interest in piggypacking on the course materials.
My two-page position paper for a panel on open-box software (e.g., open-source and free software, where you can actually get inside the box and change something, as opposed to black-box software where you cannot even see inside the box) at the IEEE Symposium on Security and Privacy at Oakland CA, May 2000, is titled ``Robust Nonproprietary Software'' and is clickable (subject to IEEE copyright) in PostScript and pdf form.
A set of 28 slides for my keynote talk on the same general subject, titled
``The Potentials of Open-Box Source Code in Developing Robust Systems'' for
an April 2000 NATO conference, on The Ruthless Pursuit of COTS is also
available, in a variety of forms:
PostScript, 1 per page, 4 per page, 6 per page,
and
pdf, 1 per page, 4 per page, 6 per page.
(I
also handed out to the NATO
audience a preprint of the IEEE-copyrighted position p aper noted above:
PostScript and pdf
form.)
A 2001 set of slides on the pros and cons of open-box software, from a talk on 27 February 2001 is available in PostScript and pdf formats.
Open-box software is not a panacea -- it does not solve all the problems. It still requires all of the discipline in development and operation that we would like to see in proprietary closed-box software. But it has enormous potential, and needs to be pursued as a serious contender.
More or less as a sideline, I moderate the ACM Risks Forum newsgroup, known as comp.risks in the USENET community, under the sponsorship of the ACM Committee on Computers and Public Policy (CCPP), which I chaired since 1985 -- until it was disbanded in 2018 as part of a complete reorganization of ACM committees. (The current issue is accessible at http://www.csl.sri.com/~risko/risks.txt, and the last item of each regular issue contains further info about the newsgroup.) For a subscription, send e-mail to the automated list server at risks-request@csl.sri.com with a single line of text, ``subscribe'' -- or if you wish to subscribe at an address other than your From: address, include that address after ``subscribe''. (The latter alternative will bounce to me for personal attention, so please don't try the old spoof of subscribing folks such as the White House or Newt Gingrich, which happened some years ago.) The archives of back issues (beginning with volume 1 number 1 on 1 Aug 1985) are available at ftp.sri.com/risks or courtesy of Lindsay Marshall at Newcastle http://catless.ncl.ac.uk/Risks . (I am very grateful to Lindsay, who provides a RISKS redistribution service for the UK and a lovely complete archival search and retrieval system, also accessible as http://www.risks.org .
The ever-growing document, Illustrative Risks to the Public in the Use of Computer Systems and Related Technology, summarizes as one-liners many of the most interesting cases over the past decades. Unfortunately, in recent years I have not been able to keep it up-to-date (except for some more recnt election integrity issues and the Inside Risks summary): for browsing. The same content is also available in printer-friendly formats in pdf form and PostScript from ftp.sri.com or from csl.sri.com . However, although no longer maintained up-to-date, this old document still exists for historical reasons.
Nevertheless, the Y2K problem resurfaced on 1 Jan 2020, when a fix that had been contrived in 2000 failed -- a windowing scheme that treated 00-19 as 2000 years, and 20-99 as 1900 years. In response to a request from Eric Hofnagel, I pulled together a historical list of Y2K-related problems. historical list of Y2K-related problems..
In 2006, I was once again asked to do a Classic Paper for ACSAC, this time revisiting the RISKS experience. The paper Risks of Untrustworthiness and the slides for the talk are online.
Various folks have taught courses related to the RISKS material -- for example, Jerry Saltzer and others at MIT, Roy Maxion at CMU -- and Rebecca Mercuri when she was at Bryn Mawr.
In a related effort that was supported in part by the ACM Committee on Computers and Public Policy, Lauren Weinstein moderates the Privacy Forum Digest and Network Neutrality Squad. He is providing a superb service for those of you who are deeply concerned about privacy issues. You may subscribe or request information via privacy-request@vortex.com . Check out the Privacy Forum and Network Neutrality Squad>.
I am a regular contributor to the ACM SIGSOFT Software Engineering 1Notes (which I founded in 1976; I was Editor for its first 18 years before turning it over to Will Tracz, who has now persisted for an even longer editorship!). Will has put most of the content of all the back issues online. Selected edited excerpts from RISKS continue appear in each regular issue of ACM Software Engineering Notes, under subsequent SIGSOFT editors.
For 18 years beginning in 1980, I was a Contributing Editor to the Communications of the ACM (CACM). I either wrote or shepherded a column under the Inside Risks rubric. From July 1990 until June 2008, this was a monthly column that appeared inside the back cover of CACM. After 216 consecutive one-page monthly appearances, longer articles are now scheduled to appear three times a year. Most columns (except for some of the earliest ones) are accessible online at http://www.csl.sri.com/~neumann/insiderisks.html; reuse for commercial purposes is subject to CACM and author copyright policy.
I am very grateful to the members of what was the ACM CCPP; they kept me and RISKS-related efforts on the straight and narrow over the past many years, and still help out informally without the imprimatur of CCPP. The group now includes Steve Bellovin, Peter Denning, Virgil Gligor, Nancy Leveson, Dave Parnas, Jerry Saltzer, Lauren Weinstein, and most recently, Kevin Fu, Zeynep Tufekci, and Ben Zorn. (Jim Horning [d, 18 Jan 2013] was one of my original members -- see the lead item in RISKS-27.14. Sy Goodman, Rob Kling [d], and Barbara Simons were earlier long-time members.) They have all contributed nobly -- among other things, in guiding the authors of the monthly Inside Risks columns and acting as a review board when sensitive issues come up regarding RISKS submissions, and in some cases writing columns themselves.
One of the thornier issues relating to the lack of good software-engineering practice, particularly in the development of systems with critical requirements, is that of whether certification of programmers would help. A panel statement I wrote for the 2000 IEEE International Conference on Requirements Engineering is accessible in PostScript and pdf forms. I have deep concerns relating to certification and licensing. You should not read that position statement as an endorsement, but rather as a skeptical set of concerns. My keynote address slides are also available, PostScript.
The book has also been translated into Japanese and published by Addison-Wesley in 2000 (although the rampant puns are completely lost in translation). ISBN 4-89471-141-9.
``Not everything that can be counted counts, and not everything that counts can be counted.'' (attributed to Albert Einstein; thanks to Will Tracz for sending me this delightful quote, serendipitously relevant to problems with elections!) Incidentally, Bunny Little, one of the founders of my Greeenwood Music Camp, once played first violin in a string quartet with Einstein on second fiddle. Her bottom-line comment: ``He can't count.'' (referring apparently to AE's lack of patience with multi-measure rests, where he might typicallu come in too early).
Dan Thomsen, Jeremy Epstein, and I were guest editors of the special issue, Lost Treasures, IEEE Security and Privacy (Building Dependability, Reliability, and Trust), November-December 2012, pp. 17--50, and authors of its introduction (pp. 17--19), which also includes a one-page sidebar by I wrote, titled Lost Lessons: Election Systems, Lost Lessons: Election Systems, on page 18.
I was SRI's PI for the NSF ACCURATE effort: A Center for Correct, Usable, Reliable, Auditable and Transparent Elections, NSF Grant number 0524111. ACCURATE was initially led by Avi Rubin at Johns Hopkins, and then by Dan Wallach at Rice. Other PIs are Mike Byrne at Rice, David Dill and Dan Boneh at Stanford, Dave Wagner at U.C. Berkeley, Doug Jones at the University of Iowa, and more recently Jeremy Epstein and Natarajan Shankar at SRI. See the ACCURATE website. Although that grant has ended long ago, the work will evidently never be completed!
My position paper for the CSTB workshop on Voter Registration Databases, December 29-30 2007, is online.
Various columns relating to
the use of computers in the voting process are included
in the Inside Risks series in the Communications of the ACM:
U.S. Election After-Math, Peter G. Neumann, February 2009
Risks of E-Voting, Matt Bishop and David Wagner, November 2007
COTS and Other Electronic Voting Backdoors,
Rebecca T. Mercuri, Vincent J. Lipsio, and Beth Feehan, November 2006
Evaluation of Voting Systems,
Poorvi L. Vora, Benjamin Adida, Ren Bucholz, David Chaum, David L. Dill,
David Jefferson, Douglas W. Jones, William Lattin, Aviel D. Rubin,
Michael I. Shamos, and Moti Yung, November 2005
Security by Insecurity, Rebecca Mercuri and PGN, November 2003
Florida 2002: Sluggish Systems, Vanishing Votes, Rebecca Mercuri,
November 2002
Uncommon Criteria, Rebecca Mercuri, January 2002
Vote Early, Vote Often, Rebecca Mercuri, November 2000
Corrupted Polling, Rebecca Mercuri, Nov 1993
Voting-Machine Risks, Rebecca Mercuri, Nov 1992
Risks in Computerized Elections, PGN, Nov 1990
and are particularly timely in light of the aftermath of the November 2000
Presidential election (fuzzy-math? fuzzy after-math?) and various
2002 and 2004 problems.
(I've evidently given up documenting them.)
In addition, a paper I wrote in 1993, Security Criteria for Electronic Voting, is also available. This paper was adapted for inclusion in Computer-Related Risks. Evidently, I have been a psephologist as well as a psephotechnologist -- for well over two decades. (Thanks to Doug Jones for pointing this out!)
A National Public Radio piece (just under 7 minutes) by Dan Charles featuring Rebecca Mercuri and me ran on 10 February 2003, and is available as audio from the NPR archives. An old LinkTV program excerpt (courtesy of Lauren Weinstein's editing) on voting is available online as an mp4 file. It is somewhat dated and chatty, but still generally relevant. (Many things don't seem to change!)
Ronnie Dugger's November 1988 article in The New Yorker is on my Web site and also on The New Yorker website. His long article, How They Could Steal the Election This Time, in The Nation (16/23 August 2004) is also online, along with a collection of subsequent letters to the editor and a response from Ronnie.
For the convenience of folks trying to uncover some of the earlier history prior to the year 2000 election problems, I have also placed some of the material on electronic voting in Computer-Related Risks, although that material is under Addison-Wesley copyright.
Finally, if this topic is of serious interest to you, check out Rebecca Mercuri's doctoral thesis on the subject; info at http://www.notablesoftware.com/evote.html. This is a remarkable thesis, and should be considered seriously by everyone involved in developing, evaluating, or using voting systems in future elections.
Furthermore, check out David Dill's Web site,
http://verify.stanford.edu/evote.html, which has become a very valuable
contribution to the cause of election integrity. Read his petition, and
join hundreds of computer scientists and many other people as well in
signing it. He has also summarized the proceedings currently ongoing in
Santa Clara County, where he and I and (remotely) Rebecca Mercuri were
involved in trying to get the county to include a voter-verified paper audit
trail as a part of their efforts to rush into all-electronic voting
machines. The county has been partially responsive, and has contracted for
an upgrade path to that end. Subseqently, then California Secretary
of State Shelley has mandated a VVPAT for all-electronic voting machines
by 2006. Much more has happened since then, as evidenced by the
current California Secretary of State Debra Bowen's
Top-To-Bottom Review in 2007.
Also of topical interest are the first two items in
Risks Forum issue vol 21 no 13, and also
an article in the San Francisco Chronicle
by Henry Norr on 4 December 2000, on the risks of touch-screen
balloting (in PostScript form). Remarking on our efforts in
February 2003 to get Santa Clara County to use voter-verified hardcopy
ballot images in their ongoing procurement of touch-screen systems (for
example, see David Dill's Web site noted above), a highly supportive article
in the San Francisco Chronicle by Henry Norr on 3 March
2003. I greatly admire Henry's willingness to publicly change his mind
when he discovered his earlier views were short-sighted -- as he has done in
these two articles.
My position statement for a hearing of the California Assembly
Committee on Elections Reapportionment and Constitutional Amendments
on 17 Jan 2001
pdf
and
PostScript
gives a one-page summary on the integrity of the election process
plus two one-page items (the Inside Risks
piece from January 2001 with Rebecca Mercuri, and an article in RISKS-21.14
by PGN, Rebecca Mercuri, and Lauren Weinstein). A statement for a subsequent
hearing for the same committee on 15 Jun 2004 is also available:
in pdf form.
Testimony for the California Senate Elections Committee on 8 Feb 2006
is also available
in pdf form, on The Relative Merits of Openness in Voting Systems,
written for Debra Bowen when she was in the California Senate.
A remarkably forthright detailed analysis of the lack of trustworthiness and
usability of voting machines used in California in 2007 was conducted over
the summer of 2007 under the auspices of California Secretary of State Debra
Bowen.
in the Top-To-Bottom Review. That effort seems to have inspired several
subsequent analyses, all of which have greatly increased the general
awareness of the breadth and depth of problems with electronic voting
systems.
PFIR: People For Internet Responsibility
Lauren Weinstein (Privacy Forum) and I have created an entity called
People For Internet Responsibility (PFIR). Check it out at
http://www.pfir.org. There are some
important position statements on Internet voting, Internet governance,
Internet hoaxes and misinformation, Government interception of Internet
traffic, hacking, spam, censorship, and other topics. PFIR seeks to create
an iterative process by which progress can be made. A conference
took place at the end of July 2004,
Preventing the Internet Meltdown:
see http://www.pfir.org/meltdown.
PFIR provides FactSquad
http://www.factsquad.org,
which is aimed at debunking much of the misleading information that
floats around the Internet. Also, see Fact Squad Radio, one- to three-minute
audio features on critical topics
http://www.factsquad.org/radio.
It also sponsors the Network Neutrality Squad http://www.nnsquad.org.
I am one of the 11 authors of the June 1997 report (along with Hal Abelson, Ross Anderson, Steve Bellovin, Matt Blaze, Whit Diffie, John Gilmore, Ron Rivest, Jeff Schiller, and Bruce Schneier), The Risks of Key Recovery, Key Escrow, and Trusted Third-Party Encryption,. This report was reissued in June 1998, with a new preface that notes that little has improved in the intervening year. The report is available for web browsing, and from CDT. It is also available for direct ftp-ing from Matt Blaze in PostScript or ASCII.
My July 1997 written testimony on that report for the Senate Judiciary Committee, originally scheduled for a crypto key-recovery hearing for 25 June 1997, was delivered on 9 July 1997. It is available online: Security Risks in Key Recovery. As a follow-up to that hearing, Senator Hatch asked each panelist to respond to specific questions from Senators Thurmond, Grassley, Leahy, and Feinstein. My responses to those questions are also available online. The proceedings of the entire set of hearings are available as Security in Cyberspace, S. Hrg. 104-701, 1996, pp. 350-363. ISBN 0-16-053913-7, 1996.
Incidentally, I note that the surveillance issue is perennially before us, for example, with respect to the Internet rather than telephony. The FBI's Carnivore monitoring system has been subjected to a review, and the draft IITRI Carnivore report is online on the DoJ site. At the request of the Department of Justice, I participated in a review of the IITRI report, with Matt Blaze, Steve Bellovin, Dave Farber, and Eugene Spafford. Our Carnivore review comments as submitted to DoJ are available here in html form. (As a result of widespread criticism relating to the choice of its seemingly predatory name, Carnivore has been renamed DCS1000, the Digital Collection System.)
A more recent article on risks of surveillance was written by Steven M. Bellovin, Matt Blaze, Whitfield Diffie, Susan Landau, PGN, and Jennifer Rexford, Risking Communications Security: Potential Hazards of the ``Protect America Act'', IEEE Security and Privacy, 6, 1, January-February 2008, pp. 18--27.
In 2015, we reconstituted the 1997 group and added a few more people.
The resulting report, released in July 2015 is
Keys Under Doormats: Mandating insecurity by requiring government access
to all data and communications,
Harold Abelson, Ross Anderson, Steven M. Bellovin, Josh Benaloh,
Matt Blaze, Whitfield Diffie, John Gilmore, Matthew Green,
Peter G. Neumann, Susan Landau, Ronald L. Rivest, Jeffrey I. Schiller,
Bruce Schneier, Michael Specter, Daniel J. Weitzner.
The report is online
.
It was discussed on 6 July 2015 in The New York Times blog
and in the 7 July 2015 print edition article
(front page, above the fold)
both by Nicole Perlroth.
The report was noted by several speakers
during a hearing of the Senate Judiciary Committee on 8 July.
Subsequently, an op-ed piece appeared on 28 Jul 2015 Washington
Post by three leading former government executives,
Mike McConnell, Michael Chertoff and William Lynn:
Why the fear over ubiquitous data encryption is overblown.
That article constructively
supports and amplifies the arguments in our report.
My 25 June 1996 written testimony for the Senate Permanent Subcommittee on Investigations of the Senate Governmental Affairs Committee is online: Security Risks in the Computer-Communication Infrastructure. The written testimony is included in Security in Cyberspace, Hearings, S. Hrg. 104-701, ISBN 0-16-053913-7, 1996, pp. 350-363; my oral testimony is transcribed on pages 106-111 of that volume.
My 19 May 1998 follow-up written testimony for the
Senate Permanent Subcommittee on Investigations of the
Senate Governmental Affairs Committee is online: Computer-Related
Infrastructure Risks for Federal Agencies.
My testimony preceded the historically ground-breaking L0pht
testimony from Mudge and his team, including answering that indeed
one person in the L0pht could make the Internet unusable in less than 30 minutes.
Their oral testimony and ensuing discussion is available online:
My 6 November 1997 written testimony for a hearing of the U.S. House Science
Committee Subcommittee on Technology is also online: Computer-Related
Risks and the National Infrastructures. (My
responses to subsequent questions appear in the proceedings
of the hearing, ISBN 0-16-056151-5.)
On 15 April 1999, I was again testified for the House Science
Committee subcommittee on technology, this time for a hearing on
the Melissa Microsoft Outlook Word Macro propagating e-mail
Trojan horse/virus; I did a differential analysis on my November
1997 testimony, and argue that
Melissa is merely the tip of a very large iceberg.
On 10 May 2000, I was asked to testify for the same House committee
on the ILOVEYOU Microsoft Outlook propagating Trojan e-mail horse/virus,
Risks in Our Information Infrastructures:
The Tip of a Titanic Iceberg Is Still All That Is Visible.
A further testimony for the House Committee on Government Reform,
Subcommittee on Government Efficiency, Financial Management,
and Intergovernmental Relations, August 2001,
provides another update,
Information Security Is Not Improving, Relative to the Risks.
Relative to other events, computer-communication security
appears to have regressed steadily in recent years, rather than progressed.
In December 2000, I participated in a panel on emerging technology issues
as part of a program that the
Harvard JFK School of Government puts on every two years
for newly elected members of Congress.
See my handout page.
I was invited to speak at the 1997 Gore Commission Conference on Aviation
Safety and Security. My position paper,
Computer Security in Aviation: Vulnerabilities, Threats, and Risks,
is browsable.
Of particular relevance on that topic are some of the reports of
Department of Transportation by Alex Blumenstiel that are
cited in my paper, and a long series of GAO reports
(click on airport security
and on terrorism),
all of which seem to have been almost completely ignored.
[Written in 1997, this paper considers many topics that today
seem less far out.]
Written testimony for the House Ways and Means Subcommittee on the Social
Security Administration hearing on 6 May 1997 is available here ; there was no oral
testimony on my part, although Marc Rotenberg and Keith Rhodes were there
and alluded to my written testimony. A slightly extended subsequent
version of that statement was presented as part of a Social Security
Administration panel in San Jose CA on 28 May 1997. The SSA announced on 4
Sep 1997 that they would reinstate the PEBES database, but with considerably
increased attention to security issues. I am pleased that their revised
plans go a long way toward what is recommended in my position statement.
On 7 Jun 2007, I testified once again for a hearing of the
House Ways and Means Subcommittee on the Social
Security Administration on the Employment Eligibility Verification
System (EEVS). My written testimony on behalf of USACM is available in pdf form..
The entire hearing was webcast, and I was followed by Marc Rotenberg
whose testimony is also of interest.
(The testimony is also available
on the USACM website, along with subequent testimony for USACM
on protecting the privacy of social security numbers,
by Annie Anton.)
I served on the IRS Commissioner's Advisory Group for 2.5 years
ending in June 1996, primarily as an advocate for privacy and personal
rights, and prevention of internal misuse, but also as a critic of the Tax
Systems Modernization effort -- now scuttled to the tune of something like
$4 billion. One of my first recommendations involved asking the IRS to
remove Social Security Numbers from appearing visibly on the mailing labels.
Perhaps I had an impact, although it is obviously hard to tell. (``Well, it
works; there are no elephants.'') [Added note: I don't really
think I had any effect, but when Peter Z. Ingerman saw my Web page, he noted
that in 1994 he had filed a class-action lawsuit to that effect
including every taxpayer -- although he could not afford to appeal to the
Supremes when it was thrown out. Perhaps PZI's suit actually had an
effect!] With Senators Glenn and Pryor, I then
wound up on an IRS training tape on privacy risks, noting that privacy is
something most people don't even realize they had until after they have lost
it. Incidentally, I notice that insider misuse of IRS databases and SSNs is
once again a hot topic.
I have been a member of the U.S. Government Accountability Office
Executive Council on Information Management and Technology since
November 1997, although it has been deprecated since 2016. (The GAO -- prior to July 2004 known as the General
Accounting Office -- is the investigative arm of the U.S. Congress, and the
nation's auditor.) Our meetings in the previous century were heavily
concerned with the Y2K problem and the U.S. Government's initially slow
reaction to it. We had briefings from President Clinton's Y2K czar John
Koskinen, and from Senator Bennett and Congressman Stephen Horn
(check out the Website for the Committee on Government
Reform, Subcommittee on Government Management, Information, and
Technology). More recently the GAO EXIMT has also been concerned with
the software development situation, computer security more generally,
and of course critical-infrastructure protection.
I am a member of the advisory committee for the California Office of Privacy
Protection.
From April 2001 through June 2003, I was a member of the National
Science Foundation Computer Information Science and Engineering Advisory
Committee (NSF CISE AC, if you like acronyms). Research is absolutely
fundamental to the future, and I was particularly concerned with issues
relating to computer systems and networks, security, reliability, good
software engineering, formal methods, and education, among other topics.
I am on the Advisory Board and previously a member of the Board of Directors
of the
Electronic Privacy Information Center (EPIC) -- run by Marc Rotenberg.
EPIC is playing an extraordinary role in trying to defend our
computer-related privacy.
I have served on technical advisory boards of several companies in the past:
Cryptography Research Inc.
(Paul Kocher, paul@cryptography.com), before its acquisition by Rambus;
Cigital
(formerly Reliable Software Technologies, Gary McGraw, gem@cigital.com),
prior to its acquisition by Synopsys.
Other advisory boards that have officially disbanded or merged into others
included Counterpane, Zero Knowledge, and AlertSoft.
I am a Fellow of the AAAS, ACM, and IEEE, and recipient of the ACM
Outstanding Contribution Award in 1992, the Electronic Frontier Foundation
Pioneer Award in 1996, and the ACM SIGSOFT Outstanding Contribution Award in
1997. (I was an ACM National Lecturer for 16 months during 1969 and 1970.)
I am greatly honored by being the 1997 recipient of the Norbert Wiener Award
for excellence in promoting socially responsible use of computing
technology, which I received on 4 Oct 1997 at the annual conference of
Computer Professionals for Social Responsibility (CPSR) -- of which I was a
member from the beginning. Notes from my Wiener-Winner acceptance speech are
online, and include some truly prescient quotes from Wiener. I received the
National Computer System Security Award (sponsored by NIST and NSA) in 2002,
and the ACM SIGSAC Outstanding Contributions Award in 2005. At the ACM
Awards Banquet in June 2013, I received the Computer Research Association
Distinguished Service Award. I am became an SRI Fellow in 2000. On 29
October 2001, I became an Honorary CISSP (Certified Information Systems
Security Professional), awarded by the International Information Systems
Security Certification Consortium -- (ISC)^2.
I was delighted to be included in the inaugural induction into the National
Cyber Security Hall of Fame on 17 Oct 2012, along with Len Adleman, Dorothy
Denning, Whit Diffie, Marty Hellman, Carl Landwehr, Lynn McNulty [d], Ralph
Merkle, Ron Rivest, Adi Shamir, and Roger Shell. General Keith Alexander
was the evening keynote speaker, and is in the middle of the group
photo of those who were able to be honored in person: CLICK HERE ==>
In 2018, I received a Lifetime Achievement Award from EPIC, and the
Albert Nelson Marquis Who's Who Lifetime Achievement Award.
My parents, J.B. Neumann [d] and Elsa Schmid Neumann [d], each
of whom had an extraordinary influence in my life, and who constantly
encouraged me in my pursuits of my varied interests. My father was a noted
person in the art world from 1906 to 1961. See a 1932 scuptural portrait of
. My mother was an artist and
mosaicist (known as Elsa Schimd) from the 1920s until her death in
1970. (Biographical information on them is available on request.) I
learned many wonderful things from my sons John [d]
and Chris [d], and from my daughter Helen Krutina
Neumann --- from whom I am still learning. In her forties, Hellie
went back to school at the Pacific College of Oriental Medicine in San
Diego, and is now applying her knowledge and experience in practice,
also extending it to better understanding of immune systems, Lyme
disease, and more.
Malcolm Holmes [d, 1953], head of the New England Conservatory,
conductor of Harvard-Radcliffe Orchestra (for 26 years), the New England
Conservatory orchestra, and the Harvard Band (1942 and 1946-1952), superb
violinist, and erstwhile fine athlete. Through the last four of my five
summers (1947-1950) at Greenwood Music Camp near Tanglewood in the
Berkshires (see below) and at the beginning of my freshman year at college,
Mal was a true inspiration to me. As an avid reader of The New York
Times since 1940, I was happy that he would share his copy of the paper
with me after lunch each day at Greenwood (even if it came a day late by
mail) and discuss many issues (musical and otherwise) while he was whittling
batons. His presence was an unforgetable experience for me. His early
death was a great loss to thousands of people whom he had similarly
inspired.
Marsden V. Dillenbeck (30 Jul 1908 -- [d] Jan 1990), my very
literate high-school senior-year English teacher, who inspired my interest
in language and languages. See my Epic Annotated Limerick
homage to him, also note below. At my 50th high-school reunion in
October 2000, it was clear that he had had a huge impact on other classmates
as well, as his memory was often invoked.
Roger Nash Baldwin [1894-1981], humanist, founder of the American
Civil Liberties Union in 1919. Over much of my life, until he died at the
age of 97, we did many things together, discussions on all sorts of topics,
four-hand piano, nature-walking, blueberry pancakes, canoeing on a beautiful
New Year's Day on the Ramapo River in New Jersey, and many summers together
on Martha's Vineyard. He was interested in everything and everyone, and had
extraordinary life values.
Albert Einstein [14 March 1879, d 18 April 1955] who made a
wonderful cameo appearance in my life on the morning of 8 November
1952. I had the enormous privilege of a more than two-hour visit with
him, with a discussion that ranged over complexity and apparent
simplicity in mathematics, science, and -- at great length -- music
(among many other topics). In this context, I became presumably just
one of the many people who heard him say, ``Everything should be made
as simple as possible but no simpler.'' (I recall seeing a simpler
version of that quote when I was in High School, in the Readers'
Digest, without reference, perhaps omitting the word ``made'',
although that makes less sense. Also, there is wonderful quote
from Stewart Brand. `` "Keep it simple stupid", is a good way to keep
it stupid.'' quoted from Stewart's journal, and noted in John Markoff's book,
``Whole Earth: The many lives of Stewart Brand''. Penguin 2022.
The Einstein quote -- and indeed my entire conversation with him --
made a huge impact on my subsequent approach to computer systems (and
my life, and as noted below in some musical compositions). It
undoubtedly inspired a life-long fascination with hierarchical and
other forms of abstraction -- which recurs in much of my writings and
system designs (e.g., Multics, PSOS, SeaView, and the CHATS report on
composable systems) and complexity in computer systems. Einstein was
someone I felt I knew before I met him because of looking at my
mother's remarkable 1944 mosaic portrait of him in our home during my
teenage years. In 1998 I donated the portrait to Boston University,
where a U.S. manifestation of the Einstein Papers Project was
centered. Elsa Schmid, Mosaic
portrait of Albert Einstein is now in the reference reading room
in the main library at B.U. Here is my translation from the original
German of the main text of Einstein's letter to my mother (known
professionally as Elsa Schmid, and long ago Elsa Schmid-Krutina) after
he saw her mosaic. His letter (dated 19 February 1945) gives some
idea of the power of the portrait and why it had such a strong impact
on me personally:
``The viewing of your mosaic portrait has been an artistic experience
for me that I shall never forget. I am happy that through my very
existence I have been the inspiration for the origin of such a work.
In this portrait is perfectly expressed exactly that which is so
completely missing in modern man -- inwardness and contemplation,
detachment from the here and now. It is a riddle to me how it is
possible to achieve such a delicate and strong expression with this
inflexible material.'' (signed A. Einstein)
It was Einstein's step-daughter Margot, who initiated the connection for the
Einstein mosaic by asking my mother to teach her the techniques underlying
mosaics. In response to a letter my mother wrote to Margot after Einstein's
death, Margot wrote a wonderful letter:
``You know how much I love your work! But the portrait of my father
is one of the finest things you have done. It expresses his whole spirit --
you are the only one -- I would say -- who presented the real
Einstein who was so humble in his heart, so kind and child-like and wise
altogether. In your work I find all these qualities. The mosaic expresses
the simplicity and purity he had -- and one sees so rarely in the work of our
time. Looking at it makes me feel happy and sad at the same time -- because
he is no more -- but in your work he lives again and will live forever.
This I want you to know. Margot''
[Incidentally, there are two more wonderful large mosaic portraits also done
by my mother in the mid-1940s -- of Abraham Lincoln, based on two
original Matthew Brady daguerreotypes lent to her from the Frederick Hill
Meserve collection. The
Elsa Schmid full-face mosaic portrait of Abraham Lincoln
has also found a permanent home in
the Boston University Library, along with her Einstein portrait and the
Matthew Brady collection of daguerreotypes of Lincoln (from which the
Lincoln mosaic was made).
Her profile portrait of Lincoln has been donated to the University of
Illinois at
Springfield, which has a curriculum that includes various tributes to
Lincoln. A few of her other mosaic portraits are in museum collections:
Martin D'Arcy in the Museum of Modern Art in NY, John Dewey in the Newark
Museum, and Dikran Kelekian in the Walters Art Museum in Baltimore.]
Philippe LeCorbeiller [d], Professor at Harvard for many years, and
my informal undergraduate thesis advisor in 1954 (motions depending on
elliptic integrals). He was a wonderfully caring human being. (Joe Walsh
in the Math Dept was my formal advisor.)
Tony Oettinger, [d] Harvard Professor, and my PhD advisor, still somewhat
involved long after his delightful 70th birthday party in March 1999 (noted
below). Tony and I have always had many similar interests. I was a
guinea pig in 1953 for his doctoral thesis on translation of Russian into
English, completed in 1954. He passed away on 26 July 2022, with a
wonderful history of service to Harvard and to the U.S. government.
Alwin Walther[d], (6 May 1898 -- 4 January 1967, Technische
Hochschule Darmstadt Professor and department director for many years. His
enthusiasm and encouragement during my wonderful two-year Fulbright stint
led me to teach a course, write a second doctoral thesis, play in the
student orchestra, represent him on committees, and travel around Europe.
Many thanks to Prof. Dr.-Ing. Winfried Goerke (Karlsruhe) for sending me the
100th birthday commemorative publication, Alwin Walther: Pionier des
Wissenschaftlichen Rechnens, Kolloquium zum 100. Geburtstag, volume 75
of the Technical University Darmstadt Schriftenreihe Wissenschaft und
Technik, ISBN-3-88607-120-0.
David Huffman [d] 9 Aug 1925 -- 7 Oct 1999],
Professor at MIT and Santa Cruz, who invited me to
visit Stanford for the spring quarter of 1964 while he himself was visiting
at Stanford for the year -- and also an ongoing consultant in what is now the
Computer Science Lab at SRI. His interest in my 1964 paper on
self-synchronizing information-lossless sequential machines (itself inspired
by his 1959 paper) began a long friendship. The diversity of his work is
remarkable, from Huffman codes and asynchronous sequential machines to his
little-known paper on graphical representations of error-correcting codes.
His later work on zero-curvature surfaces is extraordinary, and where it led
him is even more remarkable -- some of the most beautiful artistic creations
I have ever seen, while at the same time based on his mathematical theory of
continuous deformations without tearing or cutting: truly amazing. See
David A. Huffman, Curvatures and Creases: A Primer on Paper, IEEE
Transactions on Computers C-25, 10, pp. 1010-1019, October 1975. (A
hint of the variety of some of the astounding and artistically beautiful
``foldings'' he achieved can be found at The New York Times by Margaret Wertheim,
``Cones, Curves, Shells, Towers: He Made Paper Jump to Life,'' June 22,
2004, National Edition, page D2, with a correction on June 25, 2004, page
A2. See also a more recent Web item, Curved Crease Origami,
from The Institute for Figuring.) All in all, Dave had an incredible
ability to provide elegant solutions to complex problems, and often with
visual simplicity -- as in his delightful representation of the seven-bit
Hamming code: Draw a three-circle Venn diagram; label as 1,2, and 4 the
regions that are included in only one circle; label each other region as the
appropriate sum of 1,2, and/or 4 depending on which circles the region
encompasses; the center is thus 7. Regions 3,5,6,7 represent the four
information digits; regions 1,2,4 represent the even-parity-check digits;
the three circles represent the parity checksums. Voila! The Hamming code.
For any single-bit error, it is immediately obvious which bit it must have
been from the three parity checks. Now you can explain a complex mechanism
very simply through a picture! Dave's death on 7 October 1999 was a great
loss to me and many others.
Fernando Corbató, 1 Jul 1926--12 Jul 2019 [d], MIT
Professor emeritus, father of time-sharing, and spiritual and
technical leader of the development of both CTSS and Multics. Corby
was the best man at my wedding in 1997. He was a wonderful colleague
and friend since 1965, and was still very much involved with computer
technology until almost the very end. His wife Emily is a fine
concert pianist, photographess, and wit. I have always been close to
both of them. Katie Hafner wrote a superb obit for Corby in The New
York Times on 13 Jul 2019. The only oddity involved mentioning GE (the
original partner in Multics), and not Honeywell.
E.L. (Ted) Glaser, 7 Oct 1929--5 Dec 1990 [d], was a man of many
careers, whom I knew best during the Multics days. He taught me many things
-- including how to communicate effectively adapting to the needs of the
listener, but also to appreciate the critical need for basic principles in
any development effort. (He and I coauthored the first declaration of
Multics principles!) Despite his blindness, he had the most extraordinary
vision and insights. He had an uncanny practical sense and wisdom. He had
the ability to hear and understand multiple conversations simultaneously, to
listen to speech at many times its normal speed, and to correlate
information across multiple disciplines. He was superb at spotting security
flaws long before anyone else. I particularly remember one day in May 1965
when we were working out the early Multics design in a room with three walls
of blackboards. Late in the afternoon when we had moved to the end of the
third blackboard, someone had made a particular suggestion. Ted pointed to
an item that was still on the blackboard from the early morning (most
everything else around it having been erased and overwritten several times),
and noted that this suggestion contradicted what we had agreed on earlier.
Not just a great memory, but an amazing perception of how things appeared to
the sighted. He was also a marvelous organist, and had a delightful sense
of humor. For example, a modular system is ``one that falls apart easily.''
Multiprogramming is like ``trying to keep 10 balls in the air at the same
time, and discovering that two of them are yours.''
Herbert Blomstedt, conductor of the San Francisco Symphony for ten
years, mid-1980s to mid-1990s (and Conductor Laureate since 1995).
I audited his
conducting course at Loma Linda University in the summer of 1985, and attend
as many of his SFS rehearsals as I can manage (although in his emeritus
role, he now usually visits San Francisco for only two weeks each year). He
inspired a rebirth of my musical existence in 1984 that is still ongoing.
He is an extraordinarily wise person, and has thought deeply about many
musical issues. Conversations with him are truly enlightening.
Martin and Emily Lee, dedicated Tai Chi teachers in Palo Alto,
themselves mentored by Kuo Lien-Ying and Yu Pen-Shi. See their book,
Ride the Tiger to the Mountain, Addison-Wesley, ISBN 0-201-18077-4.
Martin is also a SLAC physicist. The teaching of Martin and Emily has
contributed a wonderful inner peace and balance to my life.
There are many others as well, including (among many others) good friends
and colleagues Edsger Dijkstra (11 May 1930--6 August 2002 [d], -- whom I
visited in his home in Eindhoven, where we played some delightful four-hand
piano pieces), Dave Parnas, Nancy Leveson, Marc Rotenberg, Bob Morris
(college classmate and Bell Labs) [d. 26 Jun 2011] and Whit
Diffie. Mae Churchill [d, 10 February 1996, at 84] (creator of
Election Watch, in the early 1980s if not sooner) convinced me long ago to
become more involved in the never-ending battle for integrity in elections,
and particularly those that are computerized. I had a wonderful long visit
with her in Los Angeles in December 1988. Mae was an enormous inspiration
to me, Rebecca Mercuri, and other early advocates for election integrity.
What a blessing to have such wonderful influences.
At Harvard, I just missed getting Tom Lehrer for Math 1 in 1950
(which might have changed my entire life?). But I did have a wonderful
bunch of professors in the 1950s, including Edward Purcell (1952
Nobelist in physics), Leonard Nash (who did marvelous explosions in
chemistry class), Hartley Rogers (in a scintillating probability
course), Fred Mosteller (a statistical wizard, later famous for his
classes on public television), a General Education class English lecturer
named Martin Swerdlow; he was categorized as an Academic
Roué in the Crimson Confidential's annual faculty
evaluations; he espoused what Marsden Dillenbeck had instilled in me -- the
love of writing), John Finley, Thornton Wilder, Ernest Hooton (with
raunchy anthropology-related jokes), Willard Van Orman Quine [d]
(mathematical logic titan, who died at 92 on Christmas Day 2000; he
considered state lotteries as ``a public subsidy of intelligence'' on the
grounds that ``it yields public income that is calculated to lighten the tax
burden of us prudent abstainers at the expense of the beknighted masses of
wishful thinkers.''), Howard Aiken [d], Ken Iverson [d], Bob
Minnick [d] -- among others. They all provided lots of inspiration, as did
some of my graduate-school colleagues -- Bob Ashenhurst [d, 27 October --
2009], Albert Lafayette Hopkins Jr. [d, 17 May 2016],
Fred Brooks [d], Peter Calingaert, Robin Esch, Rick Gould
[d, June 1958], Marty Cohn, Jim Lincoln, Ramon Alonso, and Willard (Bill)
Eastman, to name just a few.
Speaking of Nobelists and Nobel Lists, I played the Haydn London Trios with
William Lipscomb in 1966 (Nobel in Chemistry, 1978) and Lucy Shelton
(Naumburgs twice -- in flute and voice), and played chamber music with
Andrew Fire (Nobel in Physiology, 2006) and his sister Genevieve -- when
they were wonderful young musicians. Einstein (Nobel in Physics 1921) was
also very musical -- we talked a lot about complexity in music, as noted
above. There seems to be a nice correlation between science and music.
Another Nobelist, in a different context: In the summer of 2014,
my wife and I played some delightful tennis with Herb Abrams (Nobel Peace
Prize, 1985); Herb was a founder of International Physicians for the
Prevention of Nuclear War, and heavily involved in Physicians for Social
Responsibility. (Herb died in January 2016 at 95.) And then there's
another game: Walter Brattain (Nobel for Physics 1956) was often
my partner in evening duplicate bridge tournaments at Bell Labs in the early
1960s.
Incidentally, in a typically imaginative effort, Bob Ashenhurst played a
marvelous trick on my then office-mate Rick Gould. What was perhaps the
gnarliest convoluted page in Rick's 1957 Harvard PhD thesis had to do with
properties of two-terminal graphs representing bridge-network relay
switching function implementations where current could go in either
direction through the bridge elements (as distinct from the one-way
direction in a relay tree). Bob rewrote one page in the thesis to refer to
two-terrible giraffes and subgiraffes (with other creative msipelingz as
well) and placed it in the copy that went to Aiken. Having been tipped off
by Bob, Aiken (who was well-known for his irascibility) charged in and
demanded that Rick explain the meaning of this outrage, pointing to the
altered page. [Tragically, Rick died in an ice-climbing accident, falling
into a crevasse on Dent Blanc in the spring of 1958 together with another
climber.]
Reflecting on the deaths of my sons John and Chris, I am deeply moved by an
excerpt from a letter that Ambassador Joseph Kennedy wrote in 1958 to a
close friend whose son had died:
Long ago, my musical endeavors were many and varied. As an undergraduate, I
did Gilbert and Sullivan operettas. I prepared the chorus and
sang the Sergeant of Police in summer 1951 performances of Pirates of
Penzance in Old Greenwich, Connecticut, which the late
Barry Morley directed and sang.
I sang Mount Ararat with Allan David Miller
and Barry as the other two lords in Winthrop House's
Iolanthe in 1953, and conducted performances of Pirates a few weeks later
in a production directed by Barry).
I was also in the chorus of The Mikado in Winthrop House performances in
1952, with Barry and Al in leads.
I sang in the Harvard Glee Club throughout my college years (including
many symphony concerts with the Boston Symphony under Charles Munch, the
then-definitive recording of Berlioz Damnation of Faust, and a performance
of Stravinsky's Oedipus Rex under William Steinberg and the Buffalo
Philharmonic), and in my freshman year played in the orchestra (including an
LP record of Shostakovich's 5th). My theatrical debut (apart from playing
Peter Pan in the 3rd grade) was as a policeman in a very dumb musical skit
Sally Rand (a then-well-known ecdysiast and fan dancer) had
written for our 1950-51 freshman year class Smoker (which also
featured Tom Lehrer). It was basically puerile, but segued into Sally
pulling a 7-page political manuscript out of her bodice and greatly
disappointing the audience by reading it verbatim -- resulting in
pennies, pencils, and other loose objects being tossed in her
direction. (This was the early years of Senator Joseph McCarthy's
activities.) With ambitions as a nonprofessional musician, I spent
the summer of 1954 working at Tanglewood, as Assistant Registrar of
the Berkshire Music Center, hobnobbing with students, composers, and
symphony players, and attending almost every concert. In graduate
school, there was more:
H is for my alma mater, Hahvard,
(5) I had a ten-year stint on the Board
of Greenwood Music
Camp in Cummington, Massachusetts (1992-2001), where I was a
camper from 1946 to 1950, and regularly attend an annual reunion each
June. I am now back on the board, as of June 2014, although about to
time out again. The camp still thrives as a superb summer experience
for youngsters; a new performance structure was completed in the
summer of 2000.
Liz'z younger son, New York City bassist Timothy Bruce Luntzel
released a wonderful CD in 2006 with his group, Brooklyn Boogaloo
Blowout: Who Burnt The Bacon? The CD is ``outrageous good'' (as
Tim might say). As a bonus for us, Liz plays tuba on two cuts
(including Rumpty Dumpty Part 2), and I'm doing some very-low-bass
backup vocals for Norah Jones (Day and Night) and Richard Julian
(Calypso Boogaloo) -- including some resonant low-A notes (below the
bottom bassoon note). Tim put his recordings
online,
for playing and downloading. See also a review of Who Burnt the Bacon by
John Book.
A recent (2011) CD by Tim's Brooklyn Boogaloo Blowout group
is also online for download..
Tim has also played with Jesse Harris, Jim Campilongo, Jenny Scheinman,
Leah Siegel, Roseanne Cash,
and others, and had a tour with Bright Eyes. See his
his bio page.
Unfortunately, Tim Luntzel's creative life was cut short early when he
passed away on 27 August 2017, from ALS. Two wonderful celebrations
of his life took place in early September 2017 at Sunny's in Red Hook,
Brooklyn, where his last CD had been recorded. Liz's older
son Mark Luntzel plays guitar in his spare time, when he is not
working in his day job as a computer wizard and network security.
There is no surprise at all in the Zipf/Pareto/Mandelbrot theories once you
understand that each formula can be derived mathematically. In 1959, my old
Russo-Belgian friend Vitold Belevitch [2 Mar 1921--*26 Dec 1999] (see On the
Statistical Laws of Linguistic Distribution, Ann. Soc. Sci. Bruxelles
73, III, 1959, 310-326) considered a wide class of more or less
well-behaved statistical distributions (normal or whatever), and performed a
functional rearrangement that represents the frequency as a function of
rank-ordered decreasing frequency, and then did a Taylor expansion of the
resulting formula. Belevitch's lovely result is that "Zipf's Law" follows
directly as the first-order truncation of the Taylor series. Furthermore,
"Mandelbrot's Law" (which seem even more curious and mysterious to most
people) follow immediately as the second-order truncation. ("Pareto's Law"
lies in between Zipf and Mandelbrot, with different slope of the 45-degree
curve.) There is nothing magical or mystical about it! And yet very few
people know of his wonderful paper, and tend to overendow the amazingness of
one of the various "Laws", oblivious to this remarkably simple result.
Click here for a
copy of this wonderful paper. (I referred long ago to Belevitch's article
in a paper based on my PhD work, Efficient Error-Limiting Variable-Length
Codes, I.R.E. [precursor to the IEEE] Transactions on Information Theory
IT-8, July 1962, 292-304.) I am grateful to Pierre-Jacques Courtois, who
has written a superb biographical piece on Vitold, and reminded me that my
earlier memory of the paper had been misrepresenting Vitold's work -- which
did not explicitly mention Pareto. I was also delighted in a more recent
discussion with Jean-Jacques Quisquater to discover that JJ was long ago
a colleague of Vitold.
Jim Horning [d] once asked me about a possible connection with the 80-20
rule. My response was this:
See my thesis work and subsequent papers on rapidly self-resynchronizing
variable-length Huffman-like codes for large alphabets, which demonstrate a
wide range of departures from the so-called 80-20 rule. Two examples
illustrate this:
* In 36,299 occurrences of English words (Miller et al.), the most frequent
18% of the words account for over 80% of the word occurrences. That's
close to the so-called 80-20 rule.
* In over 11 million occurrences of German words (Kaeding -- fascinating
book, incidentally), the most frequent .6% of the words account for over
75% of the word occurrences, which is in some sense roughly 20 times more
skewed than the so-called 80-20 rule. Perhaps the wider skewing is due to
the fact that conjugated forms and declined forms (such as the most
frequent der, die, das, etc.) are counted as different words, which
linguistically of course, they are.
Both of these language statistical studies closely follow Zipf-Mandelbrot
all the way down to the tails. But the parameters are slightly different.
Thus, the supposed 80-20 split does not in anyway follow directly from Z-M.
It could be 80-20, or 99-1, or worse!
* Another skewing involves wealth in the U.S. In March 2022, the
wealthiest two people possess more than the bottom 40%; the top
1% has more than the bottom 92%. World-wide, the wealthiest 10
multibillionaires own as much as 40% of that of the world total --
i.e., more than the bottom 3.1 billion people.
[NOTE: The so-called 80-20 rule is discussed in Linked,
Albert-László Barabási (Plume, 2003), which Paul Concus
once shared with me. (The book subtitle is ``How Everything Is Connected to
Everything Else and What It Means for Business, Science, and Everyday Life''
-- which is very relevant.) Linked has a few errors that strike
home: (1) p.147 mentions Paul Baran at the 1967 symposium in Gatlinburg,
\textit{Texas}. It was indeed 1967, the first ACM Symposium on Operating
Systems Principles, in Gatlinburg, \textit{Tennessee}. (ALB might have been
thinking of the Texas Steak House in Gatlinburg}.) (2)
p.149: ``e-mail was born when an adventurous hacker, Rag Tomlinson ...''
Well, no, e-mail was evidently born on CTSS at MIT by
Tom Van Vleck and Noel Morris
[d] in the mid-1960s, possibly somewhat contemporaneous with a similar
effort at Dartmouth. ARPANET e-mail was around close to the beginning
of the ARPANET in 1969.
(3) p.151 cites the first
Internet (NO, ARPANET) node at UCLA, and the first e-mail having been sent
from UCLA to Stanford. NO NO NO. It was UCLA to SRI. The first two sites on
the ARPANET were UCLA and Stanford Research Institute (now SRI
International), in 1969.
But Linked is an excellent read despite slips such as these.]
With respect to everything being linked, one of my favorite quotes is from
Bob Morris (then chief scientist of the National Computer Security Center):
``To a first approximation, every computer in the world is connected with
every other computer.'' (19 September 1988, in a briefing from Bob, K
Speierman -- then Chief Scientist of the NSA -- me, and Don Good, for the
National Research Council Computer Science and Technology Board in
Washington DC) (This was of course about 6 weeks before the Internet
Worm!)
* Pandora's cat is out of the barn, and the genie won't go back in the
closet. [This polymorphic statement can be variously applied to
cryptography, export controls, viruses, spam, terrorism, outsourcing,
and many other issues. I `coined' it during the first cryptowars.]
* It's like shooting a straw herring in midstream. [Straw men have
a difficult time catching red herrings!] An alternative version that
I have used is ``It's like flogging a straw herring in the foot.''
* In an article by John Schwartz
in The New York Times, 30 Mar 2001, on Internet technologies in
business, reflecting on the acceleration being a double-edged sword, I was
quoted as saying,
``Many of the swords have more than two edges -- sort of a Swiss
Army Knife with the blades in upside down, so that you keep cutting
yourself on some of the implements whenever you try to take one out.''
Tad Simmons of *Presentations* (June 2001) cited this, and added
``Without saying a single word directly about the economy, Neumann
was able to convey the idea that business propositions in the Internet
age are complex, multi-faceted, and often painful.'' [Seems appropriate
for the U.S. and world economies as well, a truly multidimensional
situation.]
* Giving the camel an inch leads to a foot over the dam.
[The camel's nose under the tent and a foot in the door together
cause water on the knee over the dam. Don't burn your britches over
spilled camel's milk. Sorry. This is still a work in progress.]
* In September 2004, I happened to stumble onto this one from Molly Ivins
for the first time, even though it is an oldie (1991): ``Legislators do not
merely mix metaphors: they are the Waring blenders of metaphors, the
Cuisinarts of the field. By the time you let the head of the camel into the
tent, opening a loophole big enough to drive a truck through, you may have
thrown the baby out with the bathwater by putting a Band-Aid on an open
wound, and then you have to turn over the first rock in order to find a
sacred cow.'' Molly Ivins, *The New York Times Magazine* (quoted in *Molly
Ivins Can't Say That, Can She? Vintage Books, 1991). Her presence is
sorely missed.
* In December 2008, Steven J. Greenwald contributed this item to the cause,
from Futurama, by the idiot character, Captain Zapp Brannigan:
``If we hit that bull's eye, the rest of the dominoes will fall like a
house of cards. Checkmate.''
* In any case, I've bitten the bull by the hornist, or tried to take the
bullet by the hornets.
Timothy Egan, in The New York Times Sunday Review section on 29 Dec
2013, wrote an op-ed piece entitled Words for the Dumpster, citing
his list of ``the most annoying, overused and abused words of the year.''
He managed to use each one of those words in his penultimate paragraph:
``I'm as guilty as anyone in letting these banish-worthy words get into
print. This column is both artisan and gluten-free, an extension of my
brand in a 24/7 environment full of world-class competitors. Whatever. At
the end of the day, I'll try to use best practices and resolve to do
better.''
Although the better (`mieux' in French) may be the enemy of the good
(Descartes), I've long noted that the good that results is
often nowhere near enough. (Recently, see my CACM Inside Risks
columns from October 2012 and February 2013.) The poster child for
that problem may be what are commonly called
best practices, which are usually not best, and certainly even
good. Some of the worst examples arise in connection with the so-called
best practices for security.
In retrospect, attempting to refine Descartes' statement might lead to
a hierarchical system, where the best is the enemy of the better,
which is the enemy of the good, which is the enemy of the bad, which
is the enemy of the execrable, and where the execrable is the enemy of
the very worst. On the other hand, attempting to remediate from one
level to the next is often a futile effort -- which could have been
avoided by trying harder to do it better from the outset. For
examine, the legacy two-digit Y2K COBOL problem has now morphed into a
series of Y2K+n problems (including n = 1, 2, 3, 10, 20, and newly 21
in 2021, as reported in the ACM RISKS Forum), resulting from a
continuing series of attempted temporary retrofits.
Somewhen after writing the preceding paragraph, I read Isabel Wilkerson's
"Caste: The Origins of Our Discomforts", which included this pithy phrasing:
``The awkward becomes acceptable, and the unacceptable becomes merely
inconvenient. Live with it long enough and the unthinkable becomes normal.
Exposed over generations, we learn to believe that the incomprehensible is
the way that life is supposed to be.'' This seems to be a common
consequence of Decartes' simplified single-level syllogism (which as I imply
above where `mieux' is often mistranslated as ``The *Best* is the enemy of
the Good.'').
In 1973 I wrote an
Epic Annotated Limerick in honor of my literary mentor,
Marsden V. Dillenbeck (noted above). It was later
extended in 1978. His passing was one that left me de-ment(or)ed.
WARNING: This should probably be read only by folks who enjoy
crypto-pseudoliterary puns (some multilingual), alliteration, poetic meters,
cryptic puzzles, and other linguistic weirdnesses.
Speaking of puns, one of my favorite situational puns is attributable to
Rishiyur S. Nikhil in RISKS-20.01, in response to a comment I made
in RISKS-19.97:
The current mad craze for good metrics
(Note: Trustworthiness is inherently multidimensional.
Trying to find single-valued metrics is itself risky. PGN, 20 May 2010)
In the fall of 1950, scrawled on the walls of what was then Claverly Hall
at Harvard was the following limerick:
There once was a man overweaning
(I never metalimerick I did not enjoy.)
For Edsger Dijkstra's 60th birthday in 1990, I wrote a chapter called
"Beauty and the Beast of Software Complexity -- Elegance versus Elephants",
which appeared in Beauty is Our Business, A Birthday Salute to Edsger
W. Dijkstra, edited by W.H.J. Feijen, A.J.M. van Gasteren, D. Gries,
J. Misra, Springer-Verlag, 1990. My appendix to the chapter included this
bit of doggerel:
* Elephantine equations: Large-system requirements for which there
may be a multiplicity of integral solutions.
* Pachydermatitis: A breakdown in the outermost layer of a very large
system (e.g., manifesting itself as a flaky user interface).
(Ichthyosis scales up inefficiently.)
* Behemotherhood. In very large systems, motherhood that has a high
likelihood of running amok.
* Hippodromederriere. An awkward race down the back stretch to
write the last half-million lines of code before the system
self-destructs in an evolutionary backwater.
* Hyphen-related ambiguity:
You might be interested in a few items I wrote for a would-be book on
English language usage. One section, referred to as the Hyphen(h)ater's
Handbook, appeared in RISKS, vol 17, issue 95, discussing the deeper
implications of ``email'' versus ``e-mail'' and related ambiguities.
Whit Diffie once sent me an item on Facebook `Like' scams, having read it as
Facebook-like scams (not to be confused with Facebook Likes Scams or even
Facebook Likes Cams). I responded by noticing the difference between
`Diffie-Hellman like crypto' and `Diffie-Hellman-like crypto'.
* The misplaced `only':
Another section of that would-be treatise, Only His Only Grammarian
Can Only Say Only What Only He Only Means, discusses the risks of the
misplaced ``only'' --- in particular, the ambiguity that can result.
* The missing `than':
A more recent addition discusses the ambiguities that arise from
Incomplete Comparisons: The
Missing ``than'' in ``more than''.
* Ambiguities in `less':
An addition discusses the ambiguities that arise from
some uses of `less'.
* Commas, Apostrophes, and More
In Lynne Truss's book
``Eats, Shoots & Leaves'' (which, without the comma, is what a Panda
does), the author notes the wonderful ambiguity between
``Those old things over there are my husbands'.''
and
``Those old things over there are my husbands.''
to illustrate the importance of apostrophes -- which are so frequently
misused (e.g., its vs it's). The book's subtitle is The Zero Tolerance
Approach to Punctuation, and should be of interest to anyone
who has read thus far through my Web site. Gotham Books, April 2004.
Now I guess I don't need to write the rest of the book of which the
Hyphen(-H)aters Handbook was somewhat facetiously conceived to be a part!
Another addition, from the Oxford University Press, Edpress News:
* Acronyms: Although we introduced ACLs in Multics in 1965 (as
noted above), I would now like to introduce something we might call
Role-Name Groups (RNGs), so that we can compare ACLs and RNGs! [The
previous sentence is actually a test to see whether, in reading, you
pronounce acronyms (a) as if they are words (ackle), or (b) sequences of
letters (R-N-G) sometimes known as initialisms,
or (c) expansions based on what is referred to by each
letter. I know people who fairly consistently go one way or the other. In
the case of my example, ACLs and RNGs are of course intended to be treated
as case (a) and (b), respectively -- as in "ackles and ar-en-gees". In
particular, I am interested in discovering what personal charactistics are
involved in this choice. For example, it makes a big difference in whether
we might write (a or b) "an HTML document" or (c) "a HTML document",
respectively, and this is truly an ambiguity in writing correct English
around acronyms. Furthermore, for those of you for whom RNGs are Random
Number Generators, comparing ACLs and RNGs is even more suggestive.]
(ACL-ades or even ACL-aids to those of you who have read thus far.) Some
day, perhaps I will write a treatise on initialisms (and the silliness of
having to include periods in I.B.M. and N.S.A.) and acronyms, especially
recursive acronyms such as GNU (which stands for GNU's Not Unix), or even XINU (which stands
for XINU Is Not UNIX)!
Other onomatopoeic or self-referential backronyms, in addition
to ACCURATE:
Combatting ``Combating''
I've been struggling with people who insist on spelling ``combatting'' as
``combating'. Since COMBATING seems to have replaced COMBATTING in our
absurdly inconsistent American English language, I am horrified that we
might now have to live with COTTON BATING and BASEBALL BATING AVERAGES. I
await with BATED but not BATING breath for this idiocy to someday get
reversed. It is utterly absurd. Indeed, I am shocked and horrified that
the spelling correctors are not becoming spell correctors for those of you
who are in a total spell as a result. And I am not baiting you if you too
have succumbed to this utter stupidity. I'm just biting my tongue, and
BIDING my time, betting that soon BETTING will become BETING, BITTER will
become BITER, and BIDDING will become BIDING. BETTER BETTER NOT BE BECOME
BETER.
All other English words that end in "bating" have the "a" accented and
pronounced as as "ay", for example, bating, debating, exacerbating,
incubating, interdebating, intubating, libating, mast**bating, nondebating,
overdebating, probating, rebating, reprobating, Why on earth should we have
to switch to combating? (My working rule: Double consonants are preferred
whenever the syllable is accented, and much less so when unaccented.
CANceled makes more sense than canCELLed, and is preferred by my spelling
corrector. Similarly, the corner case CAN-cel-LAtion is OK, because the
first and third syllables are both stressed.)
* Msipelingz and speling simplifications.
But what about `spell checkers' (instead of spelling checkers)? They
certainly would have been relevant in the pre-computer days of the Salem
Witchcraft trials. (But then Checkers was a dog. Can you spell Checkers?)
* Cut 'em Off at The Cyber Pass:
`Cyber' is popular these days, but its misusage seems to proliferate.
* The Internet:
The Internet is a proper noun and deserves its initial capital in
American usage. There is only one Internet. That is precisely the
foundational notion of its conceptual existence.
* Quotes and Periods: I have had many battles with old-think editors
who insist on putting terminating punctuation (e.g., periods) inside of
quotes even when those periods are not part of the quoted text or literal
string. Consider the editor's forced use of `string.' at the end of a
sentence, when the period is not part of the string but
coerced because it is the end of a sentence. This is just plain silly.
Opposing that, consider a quoted phrase `` `string.'. '', when the literal
string (`string.' in single quotes) actually includes the period and
appears at the end of a sentence, requiring another period. That seems
perfectly reasonable (albeit unusual).
It is refreshing that some new-school editorializers
allow a quoted string not
to include the `period'. My rule is fairly simple: never put a
period inside the quotes unless that period is part of what ``you are
quoting''. This makes perfect sense logically. One way around this is to
use italics instead of single quotes around strings, and reserve double
quotes to quote things that are actually quotes!
* Apostrophe mistakes:
The most common apostrophic misuse seems to arise in the popular confusion
between it's and its. It's easy to know its proper use if
you think about a little grammar -- the difference between a contraction
(ambiguously, for either it is or it has) and
a possessive (its x-ness is precisely the x-ness of it,
where x-ness is, for example, some sort of attribute), respectively.
The possessive apostrophe-s following a word that ends in s is a little
trickier. Proper names generally get an extra s, because the final s in the
name is not a plural being apostrophesized, as in ``Parnas's''. But no
extra s is generally needed when a nonProper word is already plural, as in
``The dogs' blankets are wet.''
An article by Sarah Lyall in The New York Times (16 June 2001)
noted John Richards (a retired newspaper copy editor and reporter living in
Boston, England), who has founded the Apostrophe Protection Society.
Richards -- pictured in front of ``Sweeney Todd, the Modern Mans Barber
Shop'' -- is vigorously trying to protect against misuse of the Queen's
English such as todays menue's and Nigels special
pudding's.
Geoff Kuenning noted this one from the Oxford University Press, Edpress
News: ``It's is not, it isn't ain't, and it's it's, not its, if you mean it
is. If you don't, it's its. Then too, it's hers. It isn't her's. It
isn't our's either. It's ours, and likewise yours and theirs.''
* Old-style grammatical rules don't rule anymore: It may have begun
with California English, such as ``Her and me are going.'' Objectively
unsubjective? Or subjectively unobjective! And now we have things like
``My bad.'' Well, if any noun can be verbed, then perhaps any
adjective can be nouned, and so on -- with a tendency toward
totally interchangeable parts of speech. Is this also happening in much
more strongly typed languages such as German and Russian? It is certainly
somewhat more difficult. Furthermore, ending sentences with prepositions
is usually avoidable (note Winston Churchill's observing that is something
up with which he would not put), but how about the `modern' trend toward
prepositions without the rest of the phrase -- as in ``come with!''.
Of course, one of the favorite so-called rules is ``I before E
except after C, or when sounded as "A" as in neighbor and weigh.''
My daughter Hellie, who shares my linguistic interests, found this
delightful sentence: ``I before E except when your foreign
neighbor Keith receives eight counterfeit beige sleighs from
feisty caffinated weightlifters.''
Some puns are spoken, e.g., exploiting homophones. Other are written,
e.g., exploiting homomorphs. I recently discoveed a hybrid with some
of each at the same time: DRY VERMOUTH vs DRIVER MOUTH (which might
happen in you if you fail to hydrate on long automobile trips).
Vladimar Nabokov (VM) evidently loved multilingual puns. My two
favorites that I have thus far uncovered are these:
In his novel *Ada*, VM refers to a "yellow-blue vase", where in
Russian "Ia lubyliu vas" means "I love you" (in the formal 2nd
person).
In his short story called *Lebeda* in the original Russian, *Lebeda*
in Russian refers to the plant genus *Atriplex*, which includes
various herbaceous plants that thrive in deserts and salt marshes;
apparently quinoa is one such plant. In Nabokov's own English
translation, the story is called *Orache*. At the end of *The Stories
of Vladimir Nabokov* (compiled by his son Dmitri), VM notes that
Atriplex is "orache" in English, but that *ili beda* in Russian is
literally translated as *or ache* in English (by what he calls a
"miraculous coincidence").
Both of these examples from VM seem to be rather complex hybrid
multilingual puns.
* ``Nuclear'': Could there be possible ideological or other
noticeable cultural differences between people who pronounce the word
``nuclear'' correctly, and those who pronounce it as ``nuke-yu-ler''?
This question needs some further psychosocial exploration, because I know
some seemingly thoughtful and open-minded people who consistently pronounce
the word incorrectly (perhaps because their colleagues do?), but also many
folks with seriously closed minds who are incapable of realizing that they
are wrong. Or are they? (Some dictionary publishers seem to think
that this mispronunciation is acceptable -- or perhaps was at least
in the first eight years of the previous decade!
* ``Neumann'':
After many questions regarding the pronunciation of my name, and many
mispronunciations, I thought it might be appropriate to dust off an old
piece of doggerel written on 22 November 1976, in response to a query:
On Peter Noimann
While hoi polloi enjoy the ``new'',
On 23 September 1992, I ran into an SRI mail-delivery person, whom I had not
seen in many years. This was the exchange:
``Mr. Newmann, I'm presumin'?''
PGN:
``No. Mr. Noymann, 'cuz it's Joyman.''
(Well, Germanic, but actually Dad was born in 1887 in
the Austro-Hungarian Empire.)
For me it has always been NOY-mann -- as a DACtyl, not an iAMB,
and not even two equally stressed sylables as NOY-MAHN as the Germans
might say -- Herr Dr Dr PAYter NOY-MAHN.
By the way, There are quite a few other Peter Neumanns. I met Peter
M. Neumann (group theorist at Queens College at Oxford) at the Brooklyn
Polytechnic Symposium on Automata in 1962; he retired in 2008. Peter
J. Neumann is a professor at Tufts (he is director of the University School
of Medicine Institute of Clinical Research and Health Policy Studies. and
also associated with Harvard). There is also a Peter R. Neumann at Kings
College London, Director of the International Centre for the Study of
Radicalisation and Political Violence in the Department of War Studies.
Browsing `Peter Neumann' gets you a bunch of others as well. So if you
looking for me, the middle initial G seems to be more or less unique -- as
far as I know.
* Other poetry: A few pieces of poetry are published in various
places, including some in my Harvard class reunion books. One of my
favorites is a work of abstract poetry that I did long ago with my poet
friend Emmett Williams, an homage to Guillaume Apollinaire on the 50th
anniversary of his untimely death. It was exhibited as a huge banner at the
Institute of Contemporary Arts in London in 1968 spelling out his name. It
appears on pages 348-359 of Emmett's book, Selected Shorter Poems,
1950-1970, Edition Hansjörg Mayer, Stuttgart, 1974, and published in
the U.S. by New Directions Publishing Corporation. The work is a graphical
representation of Apollinaire's utterance of hopes for the future: ``O
mouths, mankind is in search of a new form of speech, with which no
grammarians of any language will be able to talk. We want new sounds.''
These words are embedded into a diamond shape out of which the large-font
letters of his name are formed. Reading across within the large letters
gives all sorts of `new sounds' ... such as `neundsnearch' (with
neunds from new sounds and earch from
search) among the interwoven diamond shapes.
Incidentally, one of the legends of the Chilmark game going back to
the 1950s is the long-time spectacularly steady third baseman Jerry
Kohlberg, best known in that context as The Man in the Red Hat. He
was widely known elsewhere as Jerome Kohlberg, a founder of Kohlberg
Kravis Roberts in 1976. Jerry played in the triple-play game noted
above, although he was at second base. (After years as a fixture at
third, he migrated to shortshop and then second base as his arm
strength -- but not his accuracy -- waned.) I was absolutely
delighted at the news in November 2010 that Jerry and his wife bought
the Vineyard Gazette (reported in its Volume 165 Number 30),
becoming only the fourth family to own the newpaper founded in 1846.
The Kohlbergs follow the Restons, who acquired it in 1975. I'm sad to
note here that Jerry died on 30 July 2015. There is a beautifully
written obit on the front page of the Vineyard Gazette of 7 August
2015 written by Julia Wells, a testament to his being a remarkably
human person who always cared about doing the right thing -- despite
his earlier days at Bear Stearns and then founding KKR. Julia notes
that he was horrified by what was happening to Wall Street during his
time off -- his long-time sense of fairness having been superceded by
a world of hostile takeovers. Jerry Kohlberg will be very sorely
missed by those of us who played in the Chilmark softball games for so
many years -- and of course by many others.
Many years before that, I was playing right field, with a runner on
second. The second-baseman lost a popup in the sun and it bounced
directly off his head to me on the fly. The runner on second had
taken off, so I was able to double him off at second, and had both
putouts in a rather unusual if not historically unique 4-9-9 double
play. As of the summer of 2019, I think only two or three people were
still playing in the Chilmark game were on the field for the freak
triple play with Spike Lee.
I recently stumbled onto a somewhat discolored copy of Herb Caen's
column in the San Francisco Chronicle from Feb 4 1976, which
included the following squib that I would like to record for posterity
before I toss it: "Down at Stanford Research Institute yesterday
morning, computer programmer Peter Neumann was thinking about having
breakfast, glanced out the window toward the cafeteria, saw two trucks
parked in front of it -- Menlo Park Garbage, and Dean's Animal Feeds
-- and changed his mind." I really miss Herb's trenchant humor. (One
of my favorites was Herb's puzzlement when he saw a license plate
"ICECAR", until he realized that it represented "Datsunicecar". In
2008, Don Hudson read that item on my website, and reported that he
had seen a license plate in Vancouver BC "NFUGUE"; it was (of course)
a Honda Prelude, evidently honoring J.S. Bach. And then there is my
musical doormat, ``Bach Later; Offenbach Sooner''.
Honors and Awards
Mentors
One of the most important aspects of my life has been the influence of a
sequence of inspirational mentors, at different times and in different ways.
Each of them took a deep personal interest in me. I would like to honor
a few of them in return, in chronological order of their appearance.
``When one of your loved ones goes out
of your life, you think of what he might have done for a few more years, and
you wonder what you are going to do with the rest of yours. Then one day,
because there is a world to be lived in, you find yourself a part of it,
trying to accomplish something -- something he did not have time to do.
And, perhaps, that is the reason for it all. I hope so.''
Mentoring
Considering how important all of the above people (and others) are and were
to me, I hope I can return something by mentoring others. Long ago in the
1960s, I was on PhD committees for Jeff Ullman at Princeton, and in
1969 for Jim Gray [d, 28 Jan 2007] at the University of California at
Berkeley -- whose wonderful and extraordinary presence is now sorely missed.
[See
John Markoff's NYTimes blog item on 31 May 2008.] More recent
PhDs are
* Drew Dean, 1999 at Princeton,
with an elegant thesis on modeling Java-like environments.
(Formal Aspects of Mobile Code Security)
(Very unfortunately and much to early, my close friend and colleague,
Drew passed away on 23 Aug 2022, doing what he loved most --
-- windsurfing. A memorial celebration of his life takes place at --
SRI on 19 November 2022,)
* Lenny Foner, 1999
(foner@media.mit.edu) at MIT (with a nifty thesis A
Distributed, Privacy-Protected Matchmaking System, on his Yenta system
for discerning group relationships, while at the same time respecting
security and privacy).
* Chenxi Wang, 2001
(Chenxi@ece.cmu.edu) at the University of Virginia (a fascinating thesis on
creative obfuscation to hinder reverse engineering (A Security
Architecture for Survivable Systems)
* Rebecca Mercuri, 2001
(Mercuri@acm.org), University of Pennsylvania, a really important
thesis on the integrity and lack of integrity in the electronic
voting-system process (Electronic Vote Tabulation
Checks and Balances).
* Michael LeMay, 2009, (), University
of Illinois, Urbana-Champaign, (Compact
Integrity-Aware Architectures). Music
Music is a fundamental part of my life. I play a variety of
instruments (bassoon, French horn, trombone, piano, etc.), in the
Institooters (the SRI alumni 1940s-style swing band), the Foothill
Wind Symphony, the Peninsula Symphonic Band, and summertimes in the
Los Altos Olde Towne Band. My wonderful wife Liz (neé Susan Dal
Juvet) played tuba in all of those groups. Unfortunately, she passed
away on 23 November 2020. She is deeply missed. We have also played
in the Peninsula Pops Orchestra, and for a few years played
traditional Dixieland in the Pastoria Avenue Jazz Band. With Liz on
tuba, I played baritone horn in the 1998 Tuba Christmas (with 216
tuba-family instruments) and Eb tuba in the 1999, 2000, and 2002 Tuba
Christmas spectacle (with great acoustics in the three-level Eastridge
Mall in San Jose). Since the summer of 2000, Liz and I have played in
the Vineyard Haven town band (and once as ringers with the Boston
University Alumni Concert Band). Our brass ensemble -- the Shasta
Brass Quintet -- (trumpets Dan Swinehart and Ted Tilton, trombone
Cliff Smith, French horn Peter, and tubist Liz -- ``Du bist die
Tubiste!'') has been playing together regularly for our own
enjoyment, although we have now had a bunch of public appearances.
Our SRI gigs had Ian Colrain (an SRI VIP) as an alternative
trumpter. The StePeLi Trio (for STEve, PEter, and my late wife
LIz, with my former SRI colleague Steve Dawson, an excellent
clarinetist; we worked on Mozart, Beethoven, and Brahms piano trios
(!), among other works. I get together now and then with Rob and Nan
Shostak for various quartets, and played the Schubert Trout Quintet
when Frieder von Henke was in town long ago. I played bassoon in a
Stanford Savoyards Gilbert and Sullivan performances of The Grand Duke
in 2007, Gondoliers, and The Yeomen of the Guard in April 2008 and
2015. I play self-duos on two recorders at once, occasionally hum and
whistle some two-part harmony at the same time. (A master at
self-duos is Andy Stein, erstwhile long-time music man and
violinist for Garrison Keillor's The Prairie Home Companion; however,
unlike Ron Graham and various other MIT/BellLabs folks, I never
learned how to juggle while riding a unicycle) I also sing, and dabble
at conducting and composing. For four years, I accompanied a young
violinist neighbor in violin sonatas throughout her high-school years
-- until she went off to college. I still have on the back burner a
collection of about 50 small compositions that I have written (mostly
for piano, and some with voice or other instruments as well), intended
to be relatively easy to play because of their use of concepts of
software engineering, abstraction, structure, symmetries, and
iterative learning strategies. (They were actually inspired by the
Einstein quote above.) These simple pieces are intended to almost
play themselves! Perhaps I'll eventually put a few of them online.
(Several of you have inquired about when I might do that. Too many
distractions, although I do write a new piece now and then.) And
perhaps you'll hear more here about the Shasta Brass Quintet, which
performs occasionally for friendly occasions, although now it will
have to be reborn without Liz.
(1) Joint work in 1954-55 with Fred
Brooks, Bill Wright, and Albert Hopkins for Tony
Oettinger's seminars on computational linguistics, in which Al and I
used Fred and Bill's Markov analysis of 37 common-meter hymn tunes on
the Harvard Mark IV to compose generate over 600 "new" hymn tunes
based on Markov chain lengths from 0 to 7 eighth notes, all of which
were statistically consistent with the sample space. The 0-order
tunes sounded completely random, while the 7-th order tunes were more
or less indistinguishable from the chosen 37 hymns -- but all
recognizably different (See
the first item
in my partial reference list.) At a subsequent event to celebrate the
unveiling of Harvard's Univac I, probably around 1956, Harvard's Official
Poet David McCord wrote the following common-meter hymn-tune verse (giving
credit to Univac, even though the computing had been done on the Harvard
Mark IV) -- I stumbled onto a copy in my archives, in 2011:
O God, Our help in ages past,
Thy help we now eschew.
Hymn tunes on Univac at last,
Dear God, for Thee, for You.
We turn them out almighty fast,
Ten books to every pew.
(2) Bob Ashenhurst, Albert Hopkins, and I used to sing Gilbert and
Sullivan trios in the basement of the old Computation Lab (subsequently
renamed the Aiken Lab, and now torn down and replaced with a new
building).
(3) In February 1956, I sang the part of the Man in the Moon
in what I believe to be the world's first science-fiction opera, Joel
Mandelbaum's The Man in the Man-Made Moon, in which the Man
in the Moon becomes quite jealous of the Man in the Man-Made Moon and
threatens celestial war, whereupon the Scientist who created the Man in the
Man-Made Moon performs an operation whereby the Man-Made Man in the Man-Made
Moon is transformed into the Man-Made Maid in the Man-Made Moon, leading to
a Happy Ending. It is a wonderful opera. (In case you had not guessed, it
was written post-Christine Jorgenson, but pre-Sputnik -- and, for that
matter, before mooning became popular.) I managed to contact Joel for the
first time in 45 years, and he sent me an audio tape! What a delight!
And after 49 years, Joel informed me of the first full performance since
1956, on 15 April 2015 at Queens College. The subject matter still seems
timely today!
(4) I did and still do Tom Lehrer interpretations, e.g., once in a
while at USENIX Security conferences. I always revel in the Tom Lehrer title
for which he never wrote the song -- because it would have been an
anticlimax: ``If I had it to do all over again, I'd do it all over you.''
And then there was the Boston MTA subway song, to the tune of Mother,
on the stations at the time. I don't believe it was ever recorded, but
I heard him sing it in the fall of 1950.
Tom was riding in the MTA in the late 1940s and noticed the vertical list of
stations on a red plaque, and set them to the tune of Mother:
C is Central, next upon the line.
K is for the cozy Kendall station,
C is Charles, across the foamy brine.
P is Park Street, Boston's busy center,
W is Washington, you see.
Put them all together, they spell ``HCKC PW'', (emphatically)
And that's just what Boston means to me.
(6) In March 1999 I was in Cambridge to help Tony
Oettinger celebrate his 70th birthday; Bob Ashenhurst wrote an
adaptation of the Gilbert and Sullivan ``I am so proud'' from the
Mikado [see item (2) above], which came out
as ``He is so
wise'', sung by Bob, Jim Adams, and myself. (As noted above, Tony
was my PhD thesis advisor "many years ago" -- which happens to be the
lead line of another G&S song.) Statistical Metalinguistics and Zipf/Pareto/Mandelbrot
I frequently see cryptic references to the magic of Zipf or Pareto or
Mandelbrot, with reference to linguistic and other structures,
and sometimes in the context of 80-20 rules relating to almost anything.
(See Note.)Some Quasi-Literary Pursuits
Peter Neumann's Multiply-Mixed Metaphor Mania
Annoying Words and Expressions, especially `Best Practices'
An Epic Annotated Limerick
I had written ``Combine digital photography with the see-through infrared
camera technology described in RISKS-19.93 and we get undie-lewded
truth?''
To this, Nikhil replied ``Beware of geeks baring gifs.''Metrics, Schmetrics!
Is somewhat like judging cute pet tricks.
For software with purity
And cybersecurity,
We're doggedly seeking a quick fix. My Favorite Meta-Limerick
Who expounded the meaning of meaning.
In the limelight he basked
'Til at last he was asked
The meaning of meaning of meaning.A Large-System Glossary for EWD
Writing Style and Grammar
It's is not, it isn't ain't, and it's it's, not its, if you mean it
is. If you don't, it's its. Then too, it's hers. It isn't her's. It
isn't our's either. It's ours, and likewise yours and theirs.
* SPAWN: Salmon Protection and Waterways NetworkSome Absurdities
Cyber is not a verb: you cannot cyber something.
Cyber is not a noun: you cannot buy me a cyber.
Cyber is disparaged as an adjective:
you are not a cyber person and a computer is not a cyber computer,
and you would never say something is more cyber.
Cyber is not an adverb: you cannot say that something is cyber wonderful.
So, this leaves us with a logical conclusion:
Cyber is a combining form: as in Cybernetics (Norbert Wiener)
cybersecurity, cybercrime, and cyber-economics.
But it is grossly overused and abused,
especially by the buzzword-dependent folks who tend to oversimplify
everything by referring to a popular buzzword or buzzphrase,
as in referring to
`cloud computing' as the salvation of everyone's computer problems.
Note that `Web' (short for the World Wide Web) and `web' are somewhat
different: `web' is a noun (not an adjective), and `Web' is a proper noun.
However, I seem to prefer `website' to `Web site'.More on Puns, including Multilingual Ones
Pronunciation
The cognoscenti are the few
Who use the ``noi'' that he as boy
Had always managed to employ,
And which he somehow still does use.
While that it's ``noi'' may come as news,
The use of ``new'' never annoys --
Although it sometimes sounds as noise.Other Odds and Ends
One of the sports rareties of my life occurred during one of the Sunday
summer softball games that the Chilmark Massachusetts community has engaged
in for something approaching 100 years, and in which I have played whenever
possible since the early 1950s. On this occasion, I was playing third base
and Spike Lee was playing first. Runners were on second and third with no
outs. A ball was hit to me sharply down the third-base line, starting out
foul but bouncing fair. I checked the runner at third, and threw the batter
out at first. Spike noticed that the runner at second had run down to third
base, and so he ran directly to third. In the blink of an eye, Spike tagged
the original runner at third as he broke for home, and then the other runner
who had panicked and started back to second. This was a most unusual Triple
Play, 5-3-3-3!
(When I wrote this, there had been 15 unassisted triple plays in Major League
Baseball, 6-6-6, 4-4-4, and in one rare case 3-3-3. However, the Chicago
White Sox pulled off a much more curious triple play on 23 April 2016,
involving five different players, 9-3-2-5-2-5.) End
If you read all the way through this to get here (rather than merely
clicking on the last menu item), you have my greatest appreciation! Best
wishes and cheers! PGN