Home page logo

risks logo RISKS Forum mailing list archives

Risks Digest 27.91
From: RISKS List Owner <risko () csl sri com>
Date: Mon, 12 May 2014 14:16:06 PDT

RISKS-LIST: Risks-Forum Digest  Monday 12 May 2014  Volume 27 : Issue 91

Peter G. Neumann, moderator, chmn ACM Committee on Computers and Public Policy

***** See last item for further information, disclaimers, caveats, etc. *****
This issue is archived at <http://www.risks.org> as
The current issue can be found at

NEWS FLASH: RISKS-27.90 caught by Spam Assassin (PGN)
"Reading, Writing, Arithmetic, and Lately, Coding" (Matt Richtel via
  Ed Lazowska, PGN)
"The FCC has already started destroying the Internet" (Paul Venezia via
  Gene Wirchenko)
"Security-vendor snake oil: 7 promises that don't deliver" (Roger A. Grimes
  via Gene Wirchenko)
"Oracle's surprise win in Java API case could make it harder for developers"
  (Paul Krill via Gene Wirchenko)
Abridged info on RISKS (comp.risks)


Date: Mon, 12 May 2014 1:09:22 PDT
From: RISKS List Owner <risko () csl sri com>
Subject: NEWS FLASH: RISKS-27.90 caught by Spam Assassin

Please check your spam bucket if you did not receive RISKS-27.90, assuming
this issue gets through despite mentioning `large amounts of money'.  Oddly,
there was NO MENTION of the 2.8-point item, which has to do with
H*K*L*O*T*T*O, lightly encoded to avoid a repetition.  This of course
happened (at least) once before, in RISKS-22.20, almost 12 years ago, as
recorded by Danny Burstein in RISKS-22.21.

This is what caught my copy of the previous issue.

Content analysis details:   (5.3 points, 5.0 required)

 pts rule name              description
- -- ---------------------- --------------------------------------------------
 0.0 T_URIBL_SEM_FRESH_15   Contains a domain registered less than 15 days
                            [URIs: estoniaevoting.org]
-0.0 T_RP_MATCHES_RCVD      Envelope sender domain matches handover relay
 2.5 US_DOLLARS_3           BODY: Mentions millions of $ ($NN,NNN,NNN.NN)
 0.0 LOTS_OF_MONEY          Huge... sums of money
 2.8 [see above]            [see above, lightly encoded]


Date: Sunday May 11, 2014 at 5:25:39 PM EDT
From: Ed Lazowska <lazowska () cs washington edu>
Subject: "Reading, Writing, Arithmetic, and Lately, Coding" (Matt Richtel)

Matt Richtel, *The New York Times, 11 May 2014 (Ed Lazowska via Dave Farber)

This Sunday's front-page lead article in *The New York Times* is worth

My opinion:

It's excellent exposure for "the movement" of driving computer science into

But it's hugely vocationally focused, and thus misses the key point:
Computer programming is the hands-on inquiry-based way we teach
computational thinking, which is an essential 21st-century capability for
just about everyone.

The incongruity within the article itself is glaring.  Towards the top, it
says ``It is a stark change for computer science, which for decades was
treated like a stepchild, equated with trade classes like wood shop.''  It
then proceeds to focus almost exclusively on a vocational/trade/skill
rationale for the teaching programming.

The wonderful Hadi Partovi (Code.org) says it just right in his one quote in
the article: learning our field is ``as essential as learning about gravity
or molecules, electricity or photosynthesis.'' But people don't learn about
``gravity or molecules, electricity or photosynthesis'' for vocational
purposes, but rather because they lead towards `modes of thought' that are

This angle gets no coverage elsewhere in the article.  (And Hadi is referred
to as `she' in the print version, further suggesting a level of
misunderstanding ...)

It would be great if *The New York Times*, at least, would get this right
..., but I guess pretty much any press is good press.


Date: Mon, 12 May 2014 8:01:17 PDT
From: "Peter G. Neumann" <neumann () csl sri com>
Subject: "Reading, Writing, Arithmetic, and Lately, Coding" (Matt Richtel)

I have long been an advocate of integrating relevant fundamentals of
discrete mathematics, principles underlying computer technology, and ethics
of computer use into early education, beginning as early as reasonable in
K-12 curricula, and at whatever levels of abstraction can be understood at
each level.  However, it seriously seems overly simplistic to believe that
teaching a visual coding (programming) language early will by itself result
in programmers who can understand the pitfalls of later trying to specify
requirements, programs, and system architectures that can satisfy critical
needs for trustworthy systems and networks.

Perhaps what is also needed is a graded set of staged versions of the
highlights from RISKS that can add some reality to the proposition that
being able to write a simple visual program is only one stepping stone to
becoming a logical person and perhaps eventually a system architect/software
engineer in the sense of real engineering.

Computer literacy is essential, but once again we need to dust off the old
Einstein dictum: Everything should be made as simple as possible, but no
simpler.  Instilling a better understanding of complexity throughout the
progression of increasingly higher education seems to have been accomplished
fairly well in mathematics, but not yet in computer education before
college.  There is clearly a burden on educating the teachers as well, but
visual programming may offer an overly simplistic approach unless the
underlying principles are also visible to them and to the students.  End of
soapbox.  PGN


Date: Mon, 12 May 2014 12:56:26 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "The FCC has already started destroying the Internet"
  (Paul Venezia)

Paul Venezia | InfoWorld, 12 May 2014
The FCC has already started destroying the Internet
The mere mention of the awful new rules proposed by the FCC already
is causing fallout


Date: Mon, 12 May 2014 12:51:41 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Security-vendor snake oil: 7 promises that don't deliver"
  (Roger A. Grimes)

Roger A. Grimes | InfoWorld, 12 May 2014
Beware bold promises from a multibillion-dollar industry that can't
prevent your IT systems from being routinely hacked


Date: Mon, 12 May 2014 12:38:38 -0700
From: Gene Wirchenko <genew () telus net>
Subject: "Oracle's surprise win in Java API case could make it harder
  for developers" (Paul Krill)

Paul Krill | InfoWorld, 9 May 2014
The ruling that APIs can be copyrighted could make it a lot harder to
take advantage of APIs with a direct license


Date: Sun, 7 Oct 2012 20:20:16 -0900
From: RISKS-request () csl sri com
Subject: Abridged info on RISKS (comp.risks)

 The ACM RISKS Forum is a MODERATED digest. Its Usenet manifestation is
 comp.risks, the feed for which is donated by panix.com as of June 2011.
=> SUBSCRIPTIONS: PLEASE read RISKS as a newsgroup (comp.risks or equivalent)
 if possible and convenient for you.  The mailman Web interface can
 be used directly to subscribe and unsubscribe:
 Alternatively, to subscribe or unsubscribe via e-mail to mailman
 your FROM: address, send a message to
   risks-request () csl sri com
 containing only the one-word text subscribe or unsubscribe.  You may
 also specify a different receiving address: subscribe address= ... .
 You may short-circuit that process by sending directly to either
   risks-subscribe () csl sri com or risks-unsubscribe () csl sri com
 depending on which action is to be taken.

 Subscription and unsubscription requests require that you reply to a
 confirmation message sent to the subscribing mail address.  Instructions
 are included in the confirmation message.  Each issue of RISKS that you
 receive contains information on how to post, unsubscribe, etc.

=> The complete INFO file (submissions, default disclaimers, archive sites,
 copyright policy, etc.) is online.
 *** Contributors are assumed to have read the full info file for guidelines.

=> .UK users may contact <Lindsay.Marshall () newcastle ac uk>.
=> SPAM challenge-responses will not be honored.  Instead, use an alternative
 address from which you NEVER send mail!
=> SUBMISSIONS: to risks () CSL sri com with meaningful SUBJECT: line.
 *** NOTE: Including the string `notsp' at the beginning or end of the subject
 *** line will be very helpful in separating real contributions from spam.
 *** This attention-string may change, so watch this space now and then.
=> ARCHIVES: ftp://ftp.sri.com/risks for current volume
     or ftp://ftp.sri.com/VL/risks for previous VoLume
 http://www.risks.org takes you to Lindsay Marshall's searchable archive at
 newcastle: http://catless.ncl.ac.uk/Risks/VL.IS.html gets you VoLume, ISsue.
   Lindsay has also added to the Newcastle catless site a palmtop version
   of the most recent RISKS issue and a WAP version that works for many but
   not all telephones: http://catless.ncl.ac.uk/w/r
 <http://the.wiretapped.net/security/info/textfiles/risks-digest/> .
==> PGN's comprehensive historical Illustrative Risks summary of one liners:
    <http://www.csl.sri.com/illustrative.html> for browsing,
    <http://www.csl.sri.com/illustrative.pdf> or .ps for printing
  is no longer maintained up-to-date except for recent election problems.
 *** NOTE: If a cited URL fails, we do not try to update them.  Try
  browsing on the keywords in the subject line or cited article leads.
==> Special Offer to Join ACM for readers of the ACM RISKS Forum:


End of RISKS-FORUM Digest 27.91

  By Date           By Thread  

Current thread:
  • Risks Digest 27.91 RISKS List Owner (May 12)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]