Peter Neumann's Home PageSRI International Computer Science LaboratoryUnless you came through the main csl.sri.com Web site, you might want toclick on the above photo for an informal pool picture (which is already onthe main site), taken by my wife, Elizabeth S. Neumann, or the moreformal official SRI photo. For professional photos, please contact JimSugar, jimsugar@aol.com, 1-415-388-3344, fax 415-388-3345, 45 MidwayAve., Mill Valley, CA 94941, a former National Geographic photographer andall-around good guy. Peter G. Neumann Position:Principal ScientistAddress:Computer Science Laboratory333 Ravenswood Ave EL-243Menlo Park California 94025-3493, USAE-mail: Neumann@csl.sri.com Webpage: http://www.csl.sri.com/neumann Tel: 650/859-2375 (if you don't like voicemail,press "0" to speak with a real human being.) Click here for ashort bio. More detailed bio information is available on request.This Web page (http://www.csl.sri.com/neumann) can also be reached from theprimary CSL Web site (http://www.csl.sri.com) by clicking on "CSL Staff" andthen "Neumann". (It differs from the default CSL page.) The followingsections are included here, and can be moused directly if you do not want toread linearly. Academic and R&D BackgroundResearch Interests at SRIRISKS, Inside Risks, Illustrative RisksComputer-Related Risks, The BookComputer-Related ElectionsPFIR: People For Internet ResponsibilityURIICA: Union for Representative International Internet Cooperation and Analysis Advisory ActivitiesHonors and AwardsMentorsMentoringMusicStatistical Metalinguistics and Zipf/Pareto/MandelbrotSome Quasi-Literary PursuitsOther Odds and EndsEnd (finally?)Academic and R&D BackgroundI have been a member of the SRI InternationalComputer Science Laboratory since September 1971.I spent eight years at Harvard (1950-58, with my A.B. in Math in 1954,S.M. in Applied Math in 1955, and PhD in 1961 after returning from mytwo-year Fulbright in Germany (1958-60), where I also received the German Drrerum naturarum in 1960. The work for my two doctoral theses (Tony Oettinger was my Harvard advisor,and Alwin Walther my Darmstadt advisor) and various subsequent papersinvolved variable-length Huffman-like codes and later was extended toHuffman-style information-lossless sequential coding schemes withsurprisingly strong self-resynchronization properties despite arbitraryfault modes and denial-of-service attacks, even in the presence of very lowor minimum redundancy as in Huffman codes. These schemes provided thepossibility of highly survivable communication systems in the presence ofarbitrary temporary interference. Earlier, my undergraduate thesis inmathematics (1954) involved identifying five nomographic classes of motionsbased on elliptic integrals, establishing canonical transformations for eachof those classes, and generating tables for them (using the Harvard MarkIV). I had two reverse sabbaticals as Visiting Mackay Lecturer, during the springquarter of 1964 at Stanford University in Electrical Engineering, and theacademic year 1970-71 at U.C. Berkeley (teaching courses in hardware,operating systems, and coding theory, and co-leading two seminar courses).I also taught a course on survivable systems and networks at theUniversity of Maryland in the fall of 1999, half in person, half by videoteleconference; the course notes are indicated below. My first computer job was in the summer of 1953, as a programmer on the IBMCard-Programmed Calculator, for the U.S. Naval Ordnance Lab in White Oak MD,a punched-card machine with four registers and ZERO memory. (The cardsprovided auxiliary memory!) Among other things, I wrote a nifty recursivecomplex matrix-inversion routine. The three-address instructioninterpretation was done in the plugboard, which represented an earlyassembler! My boss was Cal Elgot, who later became director of the IBMmathematics group at IBM in its very early days at the Lamb Estate, beforethe research effort moved to the Watson Lab in Yorktown Heights, NY. I had ten exciting years in the Computer Science Lab at Bell Labs in MurrayHill, New Jersey (1960-70) -- including extensive involvement in Multicsfrom 1965 to 1969. Beginning in 1965, Bob Daley (then at Project MAC atMIT) and I did the Multicsfile system design, which included directory hierarchies,access-control lists (ACLs), dynamic linking of symbolic names to cacheabledescriptor-based addresses, and dynamically paged segments within a novelhardware-supported virtual memory concept. (It is nice to find dynamiclinking again being ``rediscovered'' in Webware! Multics also hadmultiprogramming, multiprocessing, multiple protection domains, and otherforms of multiplexing.) I had a minor role in the Multics input-outputdesign, heavily influenced by Ken Thompson, Joe Ossanna, and Stan Dunten,with symbolic stream names (which Ken later transmogrified into Unix pipes)and device-independent I/O. After Vic Vyssotsky moved over to Whippany, Ifound myself the Bell Labs member of the Multics Triumvirate, coordinatingwith Fernando Corbató (Corby) at MIT and Charlie Clingen at Honeywell,and flying to MIT for a meeting almost every other week. There was somereally beautiful innovation in Multics, and many wonderful people. Forthose of you who are young folks with little idea of Multics' contributionsto computer history, check out Tom Van Vleck's Multicians website athttp://www.multicians.org/, which (as of 19 Feb 2007) listed 1880 names ofpeople who were associated with Multics! Particularly notable among thosenot already mentioned is Jerry Saltzer, although many others were importantcontributors as well. Click here for a few selected bibliographic references and other items. A list ofCSL-related .bib entries is available at the bottom of the official CSL Website page for me . Research Interests at SRIMy main research interests continue to involve security, cryptoapplications, overall system survivability, reliability, fault tolerance,safety, software-engineering methodology, systems in the large, applicationsof formal methods, and risk avoidance. (I am apparently an EclecticalEngineer, a Zennish ZScientist, and a Peregrine Philosopher. A profile onme in the February 1999 issue of ICSA's Information Security magazine in pdf and in PostScript depictsme as a ``designated holist''.) A short article on Holistic Systems summarizes the challenges of developing trustworthysystems holistically, with possible lessons from energy, health care, and agriculture. (This appeared in the ACM SIGSOFT Software EngineeringNotes, 31, 6, November 2006, pages 4--5.) Trustworthiness: SecurityIn the early 2000s, DARPA funded thirteen projects under itsComposable High-Assurance Trustworthy Systems (CHATS) program,created by Douglas Maughan. I ledone of those projects(CHATS project website), in the SRI Computer Science Laboratory.The emphasis in the CHATS programwas on composable trustworthy open-source operating systems.The final report, Principled Assuredly Trustworthy Composable Architectures,was completed on 28 December 2004, and is available in three forms:html,pdf, andps.An earlier paper summarizing the project as of early 2003 appeared in the DISCEX03 proceedings:Achieving Principled Assuredly Trustworthy Composable Systems and Networks.Incidentally, a significant effort is underway in Peter Denning'sGreat Principles project, which considers the importance ofprinciples more broadly --- as common elements across system designs.He is in the process of writing a book on that effort.The Provably Secure Operating System (PSOS) project began in 1973and continued until 1983. The 1980 PSOS final report (noted in mypartial reference list) has been scanned in and is online inPostScript form (over 300 pages). The report includes the systemarchitecture and many of the basic hardwareand operating system layers, plus some illustrative applications(all formal specified in the SPECIAL language of HDM, theHierarchical Development Methodology). The Feiertag/Neumann paper summarizing the architecture as of1979 is available in a retyped, more or less correct, hand-edited pdf form. A 2003 paper,PSOS Revisited by meand Rich Feiertag, was presented at ACSAC 2003 in Las Vegas in December2003, as part of the Classic Papers track (which was initiated at ACSAC 2002for the Karger-Schell paper on the Multics multilevel secure evaluation).Please read it if you are interested in capability architectures.The PSOS project continued from 1980 to 1983, supporting the Goguen-Meseguerpapers and the Extended HDM effort that led to SRI's PVS system.A 1996 report, Architectures and Formal Representations for SecureSystems, considers what formal methods can do for system security, andvice versa. It is available in PostScriptform. and contains various references to earlier work, e.g., to our1970s work on the formally specified capability-based object-orientedhierarchically-layered Provably Secure Operating System (PSOS), andthe role of system structure and abstraction -- which has been along-standing interest. A 1992 paper by Norm Proctor and me, ArchitecturalImplications of Covert Channels from the 1992 Computer SecurityConference, is available in html form. Thatpaper develops the concept of multilevel-secure systems in which there areno end-user multilevel-secure workstations, and consequently nouser-oriented covert channels. This paper is really a paper on how to buildmultilevel-secure systems and networks out of non-MLS end-user componentsand a few high-assurance trustworthy servers. It further pursues anapproach begun by Rushby and Randell in their 1983 paper. The concept isalso applicable to architectures of (single-level) networked systems inwhich trusworthiness is localized in certain critical servers. The Oraclethin-client network computer is ideally suited to such an architecture. An extensive collection of information on our current efforts(EMERALD) and past work (IDES, NIDES) on analyzing systems andnetworks for the purposes of anomaly and misuse detection is available on our Website at http://www.csl.sri.com/intrusion.html,thanks to the efforts of my colleague Phil Porras. EMERALD significantlyextends our earlier work, addressing not just host systems but alsonetworks, servers, and hierarchically layered analysis. A 1997 paper isavailable in htmlform for browsing or in PostScript form forftp-ing . A 1999 paper on Experience with EMERALD,jointly authored with Phil Porras, is available in PostScript and in html for theUSENIX Workshop on Intrusion Detection and Network Management, 11-12 April1999. (It won the best-paper award for the workshop!) I helped organize a workshop on preventing, detecting, and responding toinsider misuse, held in Santa Monica in August 1999. The final report and theslide materials for long and short briefings are available on our Website at http://www2.csl.sri.com/insider-misuse/. My position paper for that workshop is also available on-line. A second workshop washeld in Honolulu in July 2000. I have updated and extended the 1999 paperin a new position paper, Combatting Insider Misuse, with Relevance toIntegrity and Accountability in Elections and Other Applications, that Iprepared for the Dagstuhl Workshop on Insider Threats, 20-25 July 2008 --although I will be unable to attend.Just for kicks, let me mention my 1969 paper,The Role of Motherhood in the Pop Art of System Programming,from the 2nd Symposium on Operating Systems Principles, which hasnow been put on the Web courtesy of Olin Sibert and posted onTom Van Vleck's Multicians website. Trustworthiness: Survivable Systems and NetworksMy final report for the Army Research Lab, Practical Architectures for Survivable Systems and Networks,30 June 2000, is available for browsing in html, and for printing in PostScript,and in pdf. From the abstract:This report summarizes the analysis of information systemsurvivability. It considers how survivability relates to other requirementssuch as security, reliability, and performance. It considers a hierarchicallayering of requirements, as well as interdependencies among thoserequirements. It identifies inadequacies in existing commercial systems andthe absence of components that hinder the attainment of survivability. Itrecommends specific architectural structures and other approaches that canhelp overcome those inadequacies, including research and developmentdirections for the future. It also stresses the importance of systemoperations, education, and awareness as part of a balanced approach towardattaining survivability.I taught a course ENPM 808s as an Adjunct Professor at the University ofMaryland in the Fall of 1999 on material related to the Army Research Labsurvivability study: http://www.csl.sri.com/neumann/umd808s.html. All of my UMd lecture materials (except for my RISKS book) are on-line as source-available open-coursedocuments. (It is wonderful to see MIT's announcement of its OpenCourseWarein April 2001. That is a marvelous development.) My final set of Marylandlecture notes is also available in a 6-up PostScript form,that is, six slides to a printed page. Please let me know if you find thecourse materials interesting and/or useful. Similar courses were alsotaught at the University of Pennsylvania by Tony Barnes (I gave one ofTony's lectures), and at the University of Tennessee by Doug Birdwell(birdwell@hickory.engr.utk.edu) and Dave Icove (djicove@tva.gov) --Electrical & Computer Engineering 599 -- using some of my lectures andlecture materials, and some of their own. Georgia Tech (Blaine Burnham)gave such a course in Winter 2000, and the Naval Postgraduate School(Cynthia Irvine) was contemplating such a course in the spring of 2000,according to an earlier discussion with Cynthia. Other universities havealso expressed interest in piggypacking on the course materials. Robust Open-Box SoftwareThe CHATS effort was strongly motivated by an interest in demonstrating theviability of making open-source software more secure and robust. See theCHATS program information noted above. My two-page position paper for a panel on open-box software (e.g.,open-source and free software, where you can actually get inside the box andchange something, as opposed to black-box software where you cannot even seeinside the box) at the IEEE Symposium on Security and Privacy at Oakland CA,May 2000, is titled ``Robust Nonproprietary Software'' and is clickable(subject to IEEE copyright) in PostScript and pdf form. A set of 28 slides for my keynote talk on the same general subject, titled``The Potentials of Open-Box Source Code in Developing Robust Systems'' foran April 2000 NATO conference, on The Ruthless Pursuit of COTS is alsoavailable, in a variety of forms: PostScript, 1 per page, 4 per page, 6 per page, andpdf, 1 per page, 4 per page, 6 per page. (Ialso handed out to the NATOaudience a preprint of the IEEE-copyrighted position paper noted above:PostScript and pdf form.)A 2001 set of slides on the pros and cons of open-box software,from a talk on 27 February 2001 is available in PostScriptand pdf formats.Open-box software is not a panacea -- it does not solve all the problems.It still requires all of the discipline in development and operation that we would like to see in proprietary closed-box software. But ithas enormous potential, and needs to be pursued as a serious contender. If you have an active interest in the development of robust nonproprietaryopen-box software, please contact me by e-mail about participating activelyin a small newsgroup dedicated specifically to the challenges ofrobustifying open-box software. Spam and E-Mail RisksMy keynote talk might be of interest: ``CEAS and DESIST?'' for theSecond Conference on E-mail and Spam, 21-22 July 2005, at Stanford: ``This talk will take a far-reaching big-picture view of some fundamental problems that must be confronted in the future, spanning issues such as security, reliability, survivability, safety, critical infrastructure protection, homeland security, national security, long-term research, sound science, free and open source software, and the development of predictably trustworthy systems and networks that can avoid past and foreseeable risks. Clearly, E-mail And Spam (CEAS!) are just one piece of the overall puzzle. In this context, the last part of the whimsical talk title (DESIST!) might be considered as a polymorphic backronym: Don't Encourage Simplistically Inadequate Software Techniques, or perhaps Dependably Engineered Secure Information System Technology. In any event, some radical changes are necessary and [were] considered.''RISKSMore or less as a sideline, I moderate the ACM Risks Forum newsgroup,known as comp.risks in the USENET community, under the sponsorship of the ACM Committee on Computersand Public Policy (CCPP), which I have chaired since 1985. (The current issue isaccessible at http://www.csl.sri.com/~risko/risks.txt, and the last item ofeach regular issue contains further info about the newsgroup.) For asubscription, send e-mail to the automated list server atrisks-request@csl.sri.com with a single line of text, ``subscribe'' -- or ifyou wish to subscribe at an address other than your From: address, includethat address after ``subscribe''. (The latter alternative will bounce to mefor personal attention, so please don't try the old spoof of subscribingfolks such as the White House or Newt Gingrich, which happened a few yearsago.) The archives of back issues (beginning with volume 1 number 1 on 1Aug 1985) are available at ftp.sri.com/risks or courtesy of Lindsay Marshall at Newcastle http://catless.ncl.ac.uk/Risks .(I am very grateful to Lindsay, who provides a RISKS redistribution servicefor the UK and a lovely archival search and retrieval system, alsoaccessible as http://www.risks.org .The ever-growing document, Illustrative Risks to the Public in the Useof Computer Systems and Related Technology, summarizes as one-linersmany of the most interesting cases over the past decades. It can be browsed.It is also available in more printer-friendly formats in pdf form and PostScript fromftp.sri.com or from csl.sri.com . In 2006, I was once again asked to do a Classic Paper for ACSAC, this timerevisiting the RISKS experience. The paperRisks of Untrustworthiness and the slides for the talk are online.Various folks have taught and/or are teaching courses related to the RISKSmaterial -- for example, Jerry Saltzer and others at MIT, Roy Maxion at CMU-- and Rebecca Mercuri when she was at Bryn Mawr.In a related effort that is supported in part by the ACM Committee onComputers and Public Policy, Lauren Weinstein moderates the Privacy ForumDigest. He is providing a superb service for those of you who are deeplyconcerned about privacy issues. You may subscribe or request informationvia privacy-request@vortex.com . Check out the Privacy Forum on-line.I am Associate Editor of the ACM SIGSOFT Software Engineering Notes(which I founded in 1976 and was Editor for its first 18 years beforeturning it over to Will Tracz) and Contributing Editor to the ACM (for theInside Risks columns noted next). Excerpts from RISKS appear in eachregular issue of ACM Software Engineering Notes. I contribute to and edit a column in the Communications of the ACM,inside the back cover, called Inside Risks, the most recent columnsof which are accessible on-line athttp://www.csl.sri.com/neumann/insiderisks.html; reuse for commercialpurposes is subject to CACM and author copyrightpolicy. From July 1990 until June 2008, this was a monthly columnthat appeared inside the back cover of CACM. After 216consecutive monthly appearances, the column is expected to appearless frequently in a newly revamped form of that journal. I am very grateful to the members of the ACM CCPP, who have kept me andRISKS-related efforts on the straight and narrow over the past many years.CCPP includes Peter Denning, Sy Goodman, Jim Horning, NancyLeveson, Dave Parnas, Jerry Saltzer, Barbara Simons, and LaurenWeinstein. (Rob Kling [deceased] was also a long-time member.)They have contributed nobly -- among other things, inguiding the authors of the monthly Inside Risks columns and acting as areview board when sensitive issues come up regarding RISKS submissions, andin some cases writing columns themselves. One of the thornier issues relating to the lack of good software-engineeringpractice, particularly in the development of systems with criticalrequirements, is that of whether certification of programmers would help. Apanel statement I wrote for the 2000 IEEE International Conference onRequirements Engineering is accessible in PostScript and pdf forms. I havedeep concerns relating to certification and licensing. You should not readthat position statement as an endorsement, but rather as a skeptical set ofconcerns. My keynote address slides are also available, PostScript. Computer-Related Risks, The BookMy RISKS book is still very timely: Computer-Related Risks,Addison-Wesley/ACM Press, ISBN 0-201-55805-X, 1995, 384pp., paperback,and has transcended its fifth printing, and is now printedon demand. Further info on thebook is available at http://www.csl.sri.com/neumann/neumann-book.html.Click herefor an errata list for the first three printings. Some events thathave occurred since the book was published are also available, along with some further references. It is quite remarkable that almosteverything said in the book is still true today, and in many casesthe situation is even worse! More recent material is summarized in the Illustrative Risksdocument, the Risks Forum, and issues of Software EngineeringNotes.The book has also been translated into Japanese andpublished by Addison-Wesley in 2000. ISBN 4-89471-141-9. Computer-Related Elections``It's not who votes that counts, it's who counts the votes.''(attributed to Joseph Stalin) ``Not everything that can be counted counts, and not everything that countscan be counted.'' (attributed to Albert Einstein; thanks to Will Tracz forsending me this delightful quote, serendipitously relevant to problems withelections!) My position paper for the CSTB workshop on Voter Registration Databases, December 29-30 2007,is online.As noted above, the Illustrative Risks section onproblems in past elections (click on Election Problems) is particularlytimely in light of the the aftermath of the November 2000 Presidentialelection (fuzzy math? fuzzy aftermath?). I brought the sectionup to date on 15 Aug 2008 with respect to items in RISKS. The legend for the descriptors is at the beginning of the file. An excerpt of just the section on election problems (in a somewhat lessreadable format) is available as a 7-page pdf file.Various columns relating to the use of computers in the voting process are includedin the Inside Risks series in the Communications of the ACM: Risks of E-Voting, Matt Bishop and David Wagner, November 2007 COTS and Other Electronic Voting Backdoors, Rebecca T. Mercuri, Vincent J. Lipsio, and Beth Feehan, November 2006 Evaluation of Voting Systems, Poorvi L. Vora, Benjamin Adida, Ren Bucholz, David Chaum, David L. Dill, David Jefferson, Douglas W. Jones, William Lattin, Aviel D. Rubin, Michael I. Shamos, and Moti Yung, November 2005 Security by Insecurity, Rebecca Mercuri and PGN, November 2003 Florida 2002: Sluggish Systems, Vanishing Votes, Rebecca Mercuri, November 2002 Uncommon Criteria, Rebecca Mercuri, January 2002 Vote Early, Vote Often, Rebecca Mercuri, November 2000 Corrupted Polling, Rebecca Mercuri, Nov 1993 Voting-Machine Risks, Rebecca Mercuri, Nov 1992 Risks in Computerized Elections, PGN, Nov 1990and are particularly timely in light of the the aftermath of the November 2000Presidential election (fuzzy math? fuzzy aftermath?) and various2002 and 2004 problems. In addition, a paper I wrote in 1993,Security Criteria for Electronic Voting, is also available.This paper was adapted for inclusion in Computer-RelatedRisks. Evidently, I have been a psephologist as well asa psephotechnologist -- for two decades. (Thanks to Doug Jones forpointing this out!)A National Public Radio piece (just under 7 minutes) by Dan Charlesfeaturing Rebecca Mercuri and me ran on 10 February 2003, andis available as audio from the NPR archives.An old LinkTV program excerpt (courtesy of Lauren Weinstein's editing)on voting is belatedly available online as anmp4 file. It is somewhat dated and chatty,but still generally relevant. Ronnie Dugger's November 1988 article in The New Yorker ison my Web site.His long article in The Nation (August 16/23 2004)is also on-line (unfortunately, requiring nine downloads).For the convenience of folks trying to uncover some of the earlierhistory prior to the year 2000 electionproblems, I have also placed some of the material on electronic voting in Computer-Related Risks, although that material is under Addison-Wesley copyright.Finally, if this topic is of serious interest to you, check out Rebecca Mercuri's doctoral thesis on the subject;info at http://www.notablesoftware.com/evote.html.This is a remarkable thesis, and should be considered seriouslyby everyone involved in developing, evaluating, or using votingsystems in future elections. Furthermore, check out David Dill's Web site,http://verify.stanford.edu/evote.html, which has become a very valuablecontribution to the cause of election integrity. Read his petition, andjoin hundreds of computer scientists and many other people as well insigning it. He has also summarized the proceedings currently ongoing inSanta Clara County, where he and I and (remotely) Rebecca Mercuri wereinvolved in trying to get the county to include a voter-verified paper audittrail as a part of their efforts to rush into all-electronic votingmachines. The county has been partially responsive, and has contracted foran upgrade path to that end. Subseqently, then California Secretaryof State Shelley has mandated a VVPAT for all-electronic voting machinesby 2006. Much more has happened since then, as evidenced by thecurrent California Secretary of State Debra Bowen's Top-To-Bottom Review in 2007. Also of topical interest are the first two items inRisks Forum issue vol 21 no13, and also an article in the San Francisco Chronicleby Henry Norr on 4 December 2000, on the risks of touch-screenballoting (in PostScript form). Remarking on our efforts inFebruary 2003 to get Santa Clara County to use voter-verified hardcopyballot images in their ongoing procurement of touch-screen systems (forexample, see David Dill's Web site noted above), a highly supportive articlein the San Francisco Chronicle by Henry Norr on 3 March2003. I greatly admire Henry's willingness to publicly change his mindwhen he discovered his earlier views were short-sighted -- as he has done inthese two articles.My position statement for a hearing of the California AssemblyCommittee on Elections Reapportionment and Constitutional Amendmentson 17 Jan 2001pdfand PostScriptgives a one-page summary on the integrity of the election processplus two one-page items (the Inside Riskspiece from January 2001 with Rebecca Mercuri, and an article in RISKS-21.14 by PGN, Rebecca Mercuri, and Lauren Weinstein). A statement for a subsequent hearing for the same committee on 15 Jun 2004 is also available:in pdf form.Testimony for the California Senate Elections Committee on 8 Feb 2006is also available in pdf form, on The Relative Merits of Openness in Voting Systems,written for Debra Bowen when she was in the California Senate.A remarkably forthright detailed analysis of the lack of trustworthiness andusability of voting machines used in California in 2007 was conducted overthe summer of 2007 under the auspices of California Secretary of State DebraBowen. in the Top-To-Bottom Review. That effort seems to have inspired severalsubsequent analyses, all of which have greatly increased the generalawareness of the breadth and depth of problems with electronic votingsystems.PFIR: People For Internet ResponsibilityLauren Weinstein (Privacy Forum) and I have created an entity calledPeople For Internet Responsibility (PFIR). Check it out at http://www.pfir.org. There are someimportant position statements on Internet voting, Internet governance,Internet hoaxes and misinformation, Government interception of Internettraffic, hacking, spam, censorship, and other topics. PFIR seeks to createan iterative process by which progress can be made. A conference took place at the end of July 2004, Preventing the Internet Meltdown:see http://www.pfir.org/meltdown.PFIR provides FactSquadhttp://www.factsquad.org,which is aimed at debunking much of the misleading information thatfloats around the Internet. Also, see Fact Squad Radio, one- to three-minuteaudio features on critical topicshttp://www.factsquad.org/radio.It also sponsors the Network Neutrality Squad http://www.nnsquad.org. URIICA: Union for Representative International Internet Cooperation and AnalysisFor the sake of Internet users everywhere, Lauren Weinstein, Dave Farber,and I have created a new organization called URIICA: Union forRepresentative International Internet Cooperation and Analysis http://www.uriica.org. URIICA's intent is explicitly not to try to control the futureof the Internet, but rather to provide an open forum through which atruly international representative basis can be sought that is notcaptive of commercial and other special interests. We recognizethe complexity of any such efforts, and are in no way attempting toimply that we have all the answers. However, we are convinced that suchan approach is essential, pulling together the strengths of existingInternet-related groups and creating new ones as needed. On theother hand, URIICA is not currently active.Advisory ActivitiesI was part of the National Research Council's crypto study group,whose report is a 700-page tome, Cryptography's Role In Securing theInformation Society (a.k.a. the CRISIS report), available from theNational Academy Press. The executivesummary is available on-line at http://www2.nas.edu/cstbweb . I amalso a coauthor of the earlier 1995-96 ACM cryptostudy report -- indeed the only one who was on both. I am one of the 11 authors of the June 1997 report (along with Hal Abelson,Ross Anderson, Steve Bellovin, Matt Blaze, Whit Diffie, John Gilmore, RonRivest, Jeff Schiller, and Bruce Schneier), The Risks of Key Recovery,Key Escrow, and Trusted Third-Party Encryption,. This report wasreissued in June 1998, with a new preface that notes that little hasimproved in the intervening year. The report is available for web browsing, and from CDT. It is alsoavailable for direct ftp-ing from Matt Blaze in PostScript or ASCII. My July 1997 written testimony on that report for the Senate JudiciaryCommittee, originally scheduled for a crypto key-recovery hearing for 25June 1997, was delivered on 9 July 1997. It is available on-line: Security Risks inKey Recovery. As a follow-up to that hearing, Senator Hatch askedeach panelist to respond to specific questions from Senators Thurmond,Grassley, Leahy, and Feinstein. My responses to thosequestions are also available on-line. The proceedings of the entireset of hearings are available as Security in Cyberspace, S.Hrg. 104-701, 1996, pp. 350-363. ISBN 0-16-053913-7, 1996. Incidentally, I note that the surveillance issue is again before us, thistime with respect to the Internet rather than telephony. The FBI'sCarnivore monitoring system has been subjected to a review, andthe draft IITRI Carnivore report is on-line on the DoJ site. At the request of the Department of Justice, I participatedin a review of the IITRI report, with Matt Blaze, Steve Bellovin, DaveFarber, and Eugene Spafford. Our Carnivore review comments as submitted to DoJ are available here inhtml form. (As a result of widespread criticism relating to the choice ofits seemingly predatory name, Carnivore has been renamed DCS1000, theDigital Collection System.)My 25 June 1996 written testimony for the Senate Permanent Subcommittee on Investigations of the Senate Governmental Affairs Committee is on-line: Security Risks inthe Computer-Communication Infrastructure. The written testimonyis included in Security in Cyberspace, Hearings, S. Hrg. 104-701,ISBN 0-16-053913-7, 1996, pp. 350-363; my oral testimony is transcribed onpages 106-111 of that volume. My May 1998 follow-up written testimony for the Senate Permanent Subcommittee on Investigations of the Senate Governmental Affairs Committee is on-line: Computer-RelatedInfrastructure Risks for Federal Agencies. My 6 November 1997 written testimony for a hearing of the U.S. House ScienceCommittee Subcommittee on Technology is also on-line: Computer-RelatedRisks and the National Infrastructures. (Myresponses to subsequent questions appear in the proceedingsof the hearing, ISBN 0-16-056151-5.) On 15 April 1999, I was again testified for the House ScienceCommittee subcommittee on technology, this time for a hearing on the Melissa Microsoft Outlook Word Macro propagating e-mailTrojan horse/virus; I did a differential analysis on my November 1997 testimony, and argue that Melissa is merely the tip of a very large iceberg.On 10 May 2000, I was asked to testify for the same House committeeon the ILOVEYOU Microsoft Outlook propagating Trojan e-mail horse/virus, Risks in Our Information Infrastructures:The Tip of a Titanic Iceberg Is Still All That Is Visible.A further testimony for the House Committee on Government Reform, Subcommittee on Government Efficiency, Financial Management, and Intergovernmental Relations, August 2001, provides another update, Information Security Is Not Improving, Relative to the Risks.Relative to other events, computer-communication securityappears to have regressed steadily in recent years, rather than progressed. In December 2000, I participated in a panel on emerging technology issuesas part of a program that theHarvard JFK School of Government puts on every two yearsfor newly elected members of Congress.See my handout page. I was invited to speak at the 1997 Gore Commission Conference on AviationSafety and Security. My position paper, Computer Security in Aviation: Vulnerabilities, Threats, and Risks, is browsable. Of particular relevance on that topic are some of the reports of Department of Transportation reports by Alex Blumenstiel that arecited in my paper, and a long series of GAO reports (click on airport securityand on terrorism),all of which seem to have been almost completely ignored.[Written in 1997, this paper considers many topics that todayseem less far out.] Written testimony for the House Ways and Means Subcommittee on the SocialSecurity Administration hearing on 6 May 1997 is available here ; there was no oraltestimony on my part, although Marc Rotenberg and Keith Rhodes were thereand alluded to my written testimony. A slightly extended subsequentversion of that statement was presented as part of a Social SecurityAdministration panel in San Jose CA on 28 May 1997. The SSA announced on 4Sep 1997 that they would reinstate the PEBES database, but with considerablyincreased attention to security issues. I am pleased that their revisedplans go a long way toward what is recommended in my position statement.On 7 Jun 2007, I testified once again for a hearing of theHouse Ways and Means Subcommittee on the SocialSecurity Administration on the Employment Eligibility Verification System (EEVS). My written testimony on behalf of USACM is available in pdf form..The entire hearing was webcast, and I was followed by Marc Rotenbergwhose testimony is also of interest. (The testimony is also available on the USACM website, along with subequent testimony for USACM on protecting the privacy of social security numbers,by Annie Anton.).I served on the IRS Commissioner's Advisory Group for 2.5 yearsending in June 1996, primarily as an advocate for privacy and personalrights, and prevention of internal misuse, but also as a critic of the TaxSystems Modernization effort -- now scuttled to the tune of something like$4 billion. One of my first recommendations involved asking the IRS toremove Social Security Numbers from appearing visibly on the mailing labels.Perhaps I had an impact, although it is obviously hard to tell. (``Well, itworks; there are no elephants.'') [Added note: I don't reallythink I had any effect, but when Peter Z. Ingerman saw my Web page, he notedthat in 1994 he had filed a class-action lawsuit to that effectincluding every taxpayer -- although he could not afford to appeal to theSupremes when it was thrown out. Perhaps PZI's suit actually had aneffect!] With Senators Glenn and Pryor, I thenwound up on an IRS training tape on privacy risks, noting that privacy issomething most people don't even realize they had until after they have lostit. Incidentally, I notice that insider misuse of IRS databases and SSNs isonce again a hot topic. I have been a member of the U.S. Government Accountability OfficeExecutive Council on Information Management and Technology sinceNovember 1997. (The GAO -- prior to July 2004 known as the GeneralAccounting Office -- is the investigative arm of the U.S. Congress, and thenation's auditor.) Our meetings in the previous century were heavilyconcerned with the Y2K problem and the U.S. Government's initially slowreaction to it. We had briefings from President Clinton's Y2K czar JohnKoskinen, and from Senator Bennett and Congressman Stephen Horn(check out the Website for the Committee on GovernmentReform, Subcommittee on Government Management, Information, andTechnology). More recently the GAO EXIMT has also been concerned withthe software development situation, computer security more generally,and of course critical-infrastructure protection. I am a member of the advisory committee for the California Office of PrivacyProtection. From April 2001 through June 2003, I was a member of the NationalScience Foundation Computer Information Science and Engineering AdvisoryCommittee (NSF CISE AC, if you like acronyms). Research is absolutelyfundamental to the future, and I was particularly concerned with issuesrelating to computer systems and networks, security, reliability, goodsoftware engineering, formal methods, and education, among other topics.I am on the Advisory Board and now a member of the Board of Directors of theElectronic Privacy Information Center (EPIC) -- run by Marc Rotenberg. EPIC is playing an extraordinary role in trying to defend ourcomputer-related privacy. I am nominally on technical advisory boards of several companies,although meetings have been increasingly scarce lately: Cryptography Research Inc. (Paul Kocher, paul@cryptography.com), Counterpane (Bruce Schneier, Schneier@counterpane.com), Cigital (formerly Reliable Software Technologies, Gary McGraw, gem@cigital.com).Honors and AwardsI am a Fellow of the AAAS, ACM, and IEEE, and recipient of the ACMOutstanding Contribution Award in 1992, the Electronic Frontier FoundationPioneer Award in 1996, and the ACM SIGSOFT Outstanding Contribution Award in1997. (I was an ACM National Lecturer for 16 months during 1969 and 1970.)I am greatly honored by being the 1997 recipient of the NorbertWiener Award for excellence in promoting socially responsible use ofcomputing technology, which I received on 4 Oct 1997 at the annualconference of Computer Professionals for Social Responsibility (CPSR) -- ofwhich I am a long-standing member. Notes from my Wiener-Winner acceptance speech areon-line, and include some truly prescient quotes from Wiener. I received the National Computer System Security Award (sponsored byNIST and NSA) in 2002, and the ACM SIGSAC Outstanding Contributions Awardin 2005. I am also an SRI Fellow. On 29 October 2001, Ibecame an Honorary CISSP (Certified Information Systems SecurityProfessional), awarded by the International Information SystemsSecurity Certification Consortium -- (ISC)^2.MentorsOne of the most important aspects of my life has been the influence of asequence of inspirational mentors, at different times and in different ways.Each of them took a deep personal interest in me. I would like to honora few of them in return, in chronological order of their appearance.The ``[d]" designation indicates that those individuals are no longer alive(although I have not consistently tagged everyone). My parents, J.B. Neumann [d] and Elsa Schmid Neumann [d], eachof whom had an extraordinary influence in my life, and who constantlyencouraged me in my pursuits of my varied interests. My father was a notedperson in the art world from 1906 to 1961, and my mother was an artist andmosaicist from the 1920s until her death in 1970. (Biographical informationon them is available on request.) I learned many wonderful things from mysons John [d] and Chris [d], and from my daughter HelenKrutina Neumann --- from whom I am still learning. In her forties,Hellie went back to school at the Pacific College of Oriental Medicine inSan Diego, and now has dual practices in Vineyard Haven and Mashpee, Mass.Malcolm Holmes [d], conductor, violinist, fine athlete. Throughfour of my five summers at Greenwood Music Camp near Tanglewood in theBerkshires (see below) and my freshman year at college, Mal was a trueinspiration to me. As an avid reader of The New York Times since1940, I was happy to share his copy of the paper after lunch each day (evenif it came by mail and was a day late) and discuss many issues, which indeedwas a wonderful experience for a teenager. His early death was a great lossto thousands of people whom he had similarly inspired.Marsden V. Dillenbeck [d], my very literate high-school senior-yearEnglish teacher, who inspired my interest in language and languages. See myEpic Annotated Limerick homage to him, below. At my 50th high-schoolreunion in October 2000, it was clear that he had had a huge impact on otherclassmates as well, as his memory is often invoked.Roger Nash Baldwin [d], humanist, founder of the American CivilLiberties Union in 1919. Over much of my life, until he died at 97, we didmany things together, discussions on all sorts of topics, four-hand piano,nature-walking, canoeing on New Year's Day one year in New Jersey and manysummers in Martha's Vineyard, ... He was interested in everything andeveryone, and had extraordinary life values.Albert Einstein [d] who made a wonderful cameo appearance in my lifeon the morning of 8 November 1952. I had the enormous privilege of a morethan two-hour visit with him, with a discussion that ranged over complexityand apparent simplicity in mathematics, science, and -- at great length --music (among many other topics). In this context, I became presumably justone of the many people who heard him say, ``Everything should be made assimple as possible but no simpler.'' (I recall seeing a simpler version ofthat quote when I was in High School, in the Readers' Digest,without reference, omitting the word ``made'', although that makes lesssense.) That entire conversation made a huge impact on my subsequentapproach to computer systems (and my life, and as noted below in somemusical compositions). It undoubtedly inspired a life-long fascination withhierarchical and other forms of abstraction -- which recurs in much of mywritings and system designs (e.g., Multics, PSOS, SeaView, and the CHATSreport on composable systems) and complexity in computer systems. Einsteinwas someone I felt I knew before I met him because of looking at my mother'sremarkable 1944 mosaic portrait of him in our home during my teenage years.In 1998 I donated the portrait to Boston University, where aU.S. manifestation of the Einstein Papers Project was centered. My mother's mosaic portrait of AlbertEinstein is now in the reference reading room in the main library atB.U. Here is my translation from the original German of the main text ofEinstein's letter to my mother (known professionally as Elsa Schmid, andlong ago Elsa Schmid-Krutina) after he saw her mosaic. His letter (dated 19February 1945) gives some idea of the power of the portrait and why it hadsuch a strong impact on me personally:``The viewing of your mosaic portrait has been an artistic experiencefor me that I shall never forget. I am happy that through my veryexistence I have been the inspiration for the origin of such a work.In this portrait is perfectly expressed exactly that which is socompletely missing in modern man -- inwardness and contemplation,detachment from the here and now. It is a riddle to me how it ispossible to achieve such a delicate and strong expression with thisinflexible material.'' (signed A. Einstein) [Incidentally, there are two more wonderful large mosaic portraits also doneby my mother in the mid-1940s -- of Abraham Lincoln, based on twooriginal Matthew Brady daguerreotypes lent to her from the Frederick HillMeserve collection. The full-face portrait has found a permanent home inthe Boston University Library, along with her Einstein portrait and thenewly acquired Matthew Brady collection of daguerreotypes of Lincoln. Theprofile portrait has been donated to the University of Illinois atSpringfield, which has a curriculum that includes various tributes toLincoln. A few of her other mosaic portraits are in museum collections:Martin D'Arcy in the Museum of Modern Art in NY, John Dewey in the NewarkMuseum, and Dikran Kelekian in the Walters Art Museum in Baltimore.] Philippe LeCorbeiller [d], Professor at Harvard for many years, andmy informal undergraduate thesis advisor in 1954 (motions depending onelliptic integrals). He was a wonderfully caring human being. (Joe Walshin the Math Dept was my formal advisor.) Tony Oettinger, Harvard Professor, and my PhD advisor, still workingfull bore even after his delightful 70th birthday party in March 1999 (notedbelow). Tony and I have always had many similar interests. I was a guinea pig in 1953 for his doctoral thesis on translation of Russian intoEnglish. Alwin Walther [d], 6 May 1898 -- 4 January 1967, TechnischeHochschule Darmstadt Professor and department director for many years. Hisenthusiasm and encouragement during my wonderful two-year Fulbright stintled me to teach a course, write a second doctoral thesis, play in thestudent orchestra, represent him on committees, and travel around Europe.Many thanks to Prof. Dr.-Ing. Winfried Goerke (Karlsruhe) for sending me the100th birthday commemorative publication, Alwin Walther: Pionier desWissenschaftlichen Rechnens, Kolloquium zum 100. Geburtstag, volume 75of the Technical University Darmstadt Schriftenreihe Wissenschaft undTechnik, ISBN-3-88607-120-0. David Huffman [d 7 Oct 1999], Professor at MIT and Santa Cruz, who invited me tovisit Stanford for the spring quarter of 1964 while he himself was visitingat Stanford for the year -- and also an ongoing consultant in what is now theComputer Science Lab at SRI. His interest in my 1964 paper onself-synchronizing information-lossless sequential machines (itself inspiredby his 1959 paper) began a long friendship. The diversity of his work isremarkable, from Huffman codes and asynchronous sequential machines to hislittle-known paper on graphical representations of error-correcting codes.His later work on zero-curvature surfaces is extraordinary, and where it ledhim is even more remarkable -- some of the most beautiful artistic creationsI have ever seen, while at the same time based on his mathematical theory ofcontinuous deformations without tearing or cutting: truly amazing. SeeDavid A. Huffman, Curvatures and Creases: A Primer on Paper, IEEETransactions on Computers C-25, 10, pp. 1010-1019, October 1975. (Ahint of the variety of some of the astounding and artistically beautiful``foldings'' he achieved can be found at www.sgi.com/grafica/huffman.A photographic record of these works is being planned in his memory. Seealso an article in The New York Times by Margaret Wertheim,``Cones, Curves, Shells, Towers: He Made Paper Jump to Life,'' June 22,2004, National Edition, page D2, with a correction on June 25, 2004, pageA2. See also a more recent Web item, Curved Crease Origami,from The Institute for Figuring.) All in all, Dave had an incredibleability to provide elegant solutions to complex problems, and often withvisual simplicity -- as in his delightful representation of the seven-bitHamming code: Draw a three-circle Venn diagram; label as 1,2, and 4 theregions that are included in only one circle; label each other region as theappropriate sum of 1,2, and/or 4 depending on which circles the regionencompasses; the center is thus 7. Regions 3,5,6,7 represent the fourinformation digits; regions 1,2,4 represent the even-parity-check digits;the three circles represent the parity checksums. Voila! The Hamming code.For any single-bit error, it is immediately obvious which bit it must havebeen from the three parity checks. Now you can explain a complex mechanismvery simply through a picture! Dave's death on 7 October 1999 was a greatloss to me and many others. Fernando Corbató, Professor at MIT (now emeritus), father oftime-sharing, and leader of the development of both CTSS and Multics. Corbywas the best man at my wedding in 1997. He has been a wonderful colleagueand friend since 1965, and is still very much involved with computertechnology. His wife Emily is a fine concert pianist, photographess, andwit. I delight in visiting with them both. E.L. (Ted) Glaser [d], a man of many careers, whom I knew best duringthe Multics days. He taught me many things -- including how to communicateeffectively adapting to the needs of the listener, but also to appreciatethe critical need for basic principles in any development effort. (He and Icoauthored the first declaration of Multics principles!) Despite hisblindness, he had the most extraordinary vision and insights. He had anuncanny practical sense and wisdom. He had the ability to hear andunderstand multiple conversations simultaneously, to listen to speech atmany times its normal speed, and to correlate information across multipledisciplines. He was superb at spotting security flaws long before anyoneelse. I particularly remember one day in May 1965 when we were working outthe early Multics design in a room with three walls of blackboards. Late inthe afternoon when we had moved to the end of the third blackboard, someonehad made a particular suggestion. Ted pointed to an item that was still onthe blackboard from the early morning (most everything else around it havingbeen erased and overwritten several times), and noted that this suggestioncontradicted what we had agreed on earlier. Not just a great memory, but anamazing perception of how things appeared to the sighted. He was also amarvelous organist. He also had a delightful sense of humor. For example, a modular system is ``one that falls apart easily.''Herbert Blomstedt, conductor of the San Francisco Symphony for tenyears, mid-1980s to mid-1990s (and Conductor Laureate since 1995).I audited hisconducting course at Loma Linda University in the summer of 1985, and attendas many of his SFS rehearsals as I can manage (although in his emeritusrole, he now usually visits San Francisco for only two weeks each year). Heinspired a rebirth of my musical existence in 1984 that is still ongoing.He is an extraordinarily wise person, and has thought deeply about manymusical issues. Conversations with him are truly enlightening. Martin and Emily Lee, dedicated Tai Chi teachers in Palo Alto,themselves mentored by Kuo Lien-Ying and Yu Pen-Shi. See their book,Ride the Tiger to the Mountain, Addison-Wesley, ISBN 0-201-18077-4.Martin is also a SLAC physicist. The teaching of Martin and Emily hascontributed a wonderful inner peace and balance to my life. There are many others as well, including (among many others) good friendsand colleagues Edsger Dijkstra [d, 6 August 2002], Dave Parnas, NancyLeveson, Marc Rotenberg, and and Whit Diffie. MaeChurchill [d] (creator of Election Watch, in the early 1980s if notsooner) convinced me long ago to become more involved in the never-endingbattle for integrity in elections, and particularly those that arecomputerized. I had a wonderful long visit with her in Los Angeles inDecember 1988. Mae was an enormous inspiration to me, Rebecca Mercuri, andother early advocates for election integrity. What a blessing to have suchwonderful influences.At Harvard, I just missed getting Tom Lehrer for Math 1 in 1950(which might have changed my entire life?). But I did have a wonderfulbunch of professors in the 1950s, including Edward Purcell (aNobelist in physics), Leonard Nash (who did marvelous explosions inchemistry class), Hartley Rogers (in a scintillating probabilitycourse), Fred Mosteller (a statistical wizard, later famous for hisclasses on public television), a General Education English lecturer namedMartin Swerdlow; he was categorized as an AcademicRoué in the Crimson Confidential's annual facultyevaluations; he espoused what Marsden Dillenbeck had instilled in me -- thelove of writing), John Finley, Thornton Wilder, Ernest Hooton (withraunchy anthropology-related jokes), Willard Van Orman Quine [d](mathematical logic titan, who died at 92 on Christmas Day 2000; heconsidered state lotteries as ``a public subsidy of intelligence'' on thegrounds that ``it yields public income that is calculated to lighten the taxburden of us prudent abstainers at the expense of the beknighted masses ofwishful thinkers.''), Howard Aiken [d], Ken Iverson, BobMinnick -- among others. They all provided lots of inspiration, as didsome of my graduate-school colleagues -- Bob Ashenhurst, Albert Hopkins,Fred Brooks, Peter Calingaert, Robin Esch, Rick Gould [d 1958], Marty Cohn,Jim Lincoln, Ramon Alonso, and Willard (Bill) Eastman, to name just afew. Incidentally, in a typically imaginative effort, Bob Ashenhurst played amarvelous trick on my then office-mate Rick Gould. What was perhaps thegnarliest convoluted page in Rick's 1957 Harvard PhD thesis had to do withproperties of two-terminal graphs representing bridge-network relayswitching function implementations where current could go in eitherdirection through the bridge elements (as distinct from the one-waydirection in a relay tree). Bob rewrote one page in the thesis to refer totwo-terrible giraffes and subgiraffes (with other creative msipelingz aswell) and placed it in the copy that went to Aiken. Having been tipped offby Bob, Aiken (who was well-known for his irascibility) charged in anddemanded that Rick explain the meaning of this outrage, pointing to thealtered page. [Tragically, Rick died in an ice-climbing accident, fallinginto a crevasse on Dent Blanc in the spring of 1958 together with anotherclimber.] Reflecting on the deaths of my sons John and Chris, I am deeply moved by anexcerpt from a letter that Ambassador Joseph Kennedy wrote in 1958 to aclose friend whose son had died: ``When one of your loved ones goes outof your life, you think of what he might have done for a few more years, andyou wonder what you are going to do with the rest of yours. Then one day,because there is a world to be lived in, you find yourself a part of it,trying to accomplish something -- something he did not have time to do.And, perhaps, that is the reason for it all. I hope so.'' NYTimes blog item on 31 May 2008.]More recent PhDs are * Drew Dean, 1999 (DDean@CSL.sri.com) at Princeton, withan elegant thesis on modeling Java-like environments.(Formal Aspects of Mobile Code Security) * Lenny Foner, 1999 (foner@media.mit.edu) at MIT (with a niftythesis ADistributed, Privacy-Protected Matchmaking System, on his Yenta systemfor discerning group relationships, while at the same time respectingsecurity and privacy). * Chenxi Wang, 2001 (Chenxi@ece.cmu.edu) at the University of Virginia (a fascinating thesis on creative obfuscation to hinder reverse engineering (A SecurityArchitecture for Survivable Systems) * Rebecca Mercuri, 2001 (Mercuri@acm.org), a reallyimportant thesis on the integrity and lack of integrity in the electronicvoting-system process (ElectronicVote Tabulation Checks and Balances). MusicMusic is a fundamental part of my life. I play a variety of instruments(bassoon, French horn, trombone, piano, etc.), in the Institooters (the SRIalumni 1940s-style swing band), the Foothill Wind Symphony, the PeninsulaSymphonic Band, and summertimes in the Los Altos Olde Towne Band. Mywonderful wife Liz (neé Susan Dal Juvet) plays tuba in all of thosegroups. We have also played in the Peninsula Pops Orchestra, and for a fewyears played traditional Dixieland in the Pastoria Avenue Jazz Band. WithLiz on tuba, I played baritone horn in the 1998 Tuba Christmas (with 216tuba-family instruments) and Eb tuba in the 1999, 2000, and 2002 TubaChristmas spectacle (with great acoustics in the three-level Eastridge Mallin San Jose). Since the summer of 2000, Liz and I have played in theVineyard Haven town band (and once as ringers with the Boston UniversityAlumni Concert Band). Our brass ensemble -- the Shasta Brass Quintet-- (trumpets Dan Swinehart and Ted Tilton, trombone Jerry Rosenblum, Frenchhorn Peter, and tubist Liz -- ``Du bist die Tubiste!'') has been playingtogether regularly for our own enjoyment, although we have had two publicappearances. The StePeLi Trio (for Steve, Peter, and Liz, with mySRI colleague Steve Dawson, a fine clarinetist) meets as often asschedules permit; we've been working on Mozart, Beethoven, and Brahms pianotrios (!), among other works. I played bassoon in a Stanford SavoyardsGilbert and Sullivan performance of The Grand Duke in 2007, and again forYeoman of the Guard in April 2008. I play self-duos with two recorders atonce, occasionally hum and whistle some two-part harmony at the same time (amaster at self-duos is Andy Stein, long-time music man and violinistfor The Prairie Home Companion; however, unlike Ron Graham andvarious MIT/BellLabs folks, I never learned how to juggle while riding aunicycle), sing, and dabble at conducting and composing. For four years, Iaccompanied a young violinist neighbor in violin sonatas throughout herhigh-school years -- until she went off to college. My next book project(still on a back burner) is a collection of something on the order of 50small compositions that I have written (mostly for piano, and some withvoice or other instruments as well), intended to be relatively easy to playbecause of their use of concepts of software engineering, abstraction,structure, symmetries, and iterative learning strategies. (They wereactually inspired by the Einstein quote above.) These simple pieces areintended to almost play themselves! Perhaps I'll eventually put a few ofthem on-line. (Several of you have inquired about when I might do that.Too many distractions, although I do write a new piece now and then.) Andperhaps you'll hear more here about the Shasta Brass Quintet.Long ago, my musical endeavors were many and varied. As an undergraduate, Idid Gilbert and Sullivan operettas (for example, Allan David Millerand the late Barry Morley were the other Lords in Winthrop House'sIolanthe in 1953, and I conducted performances of Pirates a few weeks laterin a production directed by Barry), sang in the Harvard Glee Club (includingmany symphony concerts with the Boston Symphony under Charles Munch, thethen-definitive recording of Berlioz Damnation of Faust, and a performanceof Stravinsky's Oedipus Rex under William Steinberg and the BuffaloPhilharmonic), and in my freshman year played in the orchestra (including anLP record of Shostakovich's 5th). My theatrical debut (apart from playingPeter Pan in the 3rd grade) was as a policeman in a very dumb musical skitSally Rand (a then-well-known ecdysiast) had written for our 1950 FreshmanSmoker. It was basically silly, but segued into Sally pulling a 7-pagepolitical manuscript out of her bodice and greatly disappointing theaudience by reading it verbatim. (This was the early years of SenatorJoseph McCarthy.) With ambitions as a nonprofessional musician, I spent thesummer of 1954 at Tanglewood, as Assistant Registrar of the Berkshire MusicCenter, hobnobbing with students, composers, and symphony players, andattending every concert. In graduate school, there was more: (1) Joint workin 1954-55 with Fred Brooks, Bill Wright, and Albert Hopkinsfor Tony Oettinger's seminars on computational linguistics, in which Al andI used Fred and Bill's Markov analysis of 37 common-meter hymn tunes tocompose generate over 600 "new" hymn tunes based on Markoff chain lengthsfrom 0 to 7 eighth notes, all of which were statistically consistent withthe sample space. The 0-order tunes sounded rather random, while the 7-thorder tunes were more or less indistinguishable from the chosen 37 hymns --but all recognizably different (See the first item in myabridged reference list.) (2) Bob Ashenhurst, Albert Hopkins, and Iused to sing Gilbert and Sullivan trios in the basement of the oldComputation Lab (subsequently renamed the Aiken Lab, and now torn down andreplaced with a new building); (3) In February 1956, I sang the part of theMan in the Moon in what I believe to be the world's first science-fictionopera, Joel Mandelbaum's The Man in the Man-Made Moon, inwhich the Man in the Moon becomes quite jealous of the Man in the Man-MadeMoon and threatens celestial war, whereupon the Scientist who created theMan in the Man-Made Moon performs an operation whereby the Man-Made Man inthe Man-Made Moon is transformed into the Man-Made Maid in the Man-MadeMoon, leading to a Happy Ending. It is a wonderful opera. (In case you hadnot guessed, it was written post-Christine Jorgenson, but pre-Sputnik --and, for that matter, before mooning became popular.) I managed to contactJoel for the first time in 45 years, and he sent me an audio tape! What adelight! Apparently, he is now contemplating reviving the opera, and plansa performance of the overture in a concert in New York in November 2007.(4) I did and still do Tom Lehrer interpretations. How many of youhave heard his apparently unpublished and unrecorded wonderfully cynicalsong about something he observed while riding the Boston MTA in hisgraduate-school days? (I presume it is copyrighted, so I don't want to putit on the Net.) I still revel in the Tom Lehrer title for which he neverwrote the song -- because it would have been an anticlimax: ``If I had it todo all over again, I'd do it all over you.'' And then there was theBoston subway song, to the tune of Mother, on the stations atthe time (Harvard, Central, Kendall, Charles, Park, Washington) -- whichends with the aggregate pronounciation, HCKC PW.More recently, (5) I had a ten-year stint on the Board of Greenwood Music Camp inCummington, Massachusetts (1992-2001), where I was a camper from 1946 to1950. The camp still thrives as a superb summer experience for youngsters;a new performance structure was completed in the summer of 2000. (6) InMarch 1999 I was in Cambridge to help Tony Oettinger celebrate his 70thbirthday; Bob Ashenhurst wrote an adaptation of the Gilbert and Sullivan ``Iam so proud" from the Mikado [see item (2) above], which came out as``He is so wise'', sung by Bob, Jim Adams, and myself. (As notedabove, Tony was my PhD thesis advisor "many years ago" -- which happens tobe the lead line of another G&S song.) Both of Liz's sons are also enjoying their own music. Her older son MarkLuntzel plays guitar in his spare time, and is completing a degree incomputer science. Her younger son, New York City bassist TimLuntzel, in 2006 released a wonderful CD with his group, BrooklynBoogaloo Blowout: Who Burnt The Bacon? The CD is ``outrageous good'' (asTim might say). As a bonus for us, Liz plays tuba on two cuts, and I'mdoing some backup vocals for Norah Jones and Richard Julian. Check out a sample of the CD on the BBB website, with a link toMySpace, and see a review by John Book. Tim alsoplays with Jesse Harris and the Ferdinandos, and has played with Bright Eyesand many others. See hishis bio page.Statistical Metalinguistics and Zipf/Pareto/MandelbrotI frequently see cryptic references to the magic of Zipf or Pareto orMandelbrot, with reference to linguistic and other structures,and sometimes in the context of 80-20 rules relating to almost anything. (See Note.)There is no surprise at all in the Zipf/Pareto/Mandelbrot theories once youunderstand that each formula can be derived mathematically. In 1959, my oldRusso-Belgian friend Vitold Belevitch [2 Mar 1921--*26 Dec 1999](see On the Statistical Laws ofLinguistic Distribution, Ann. Soc. Sci. Bruxelles 73, III, 1959,310-326) considered a wide class of more or less well-behaved statisticaldistributions (normal or whatever), and performed a functional rearrangementthat represents the frequency as a function of rank-ordered decreasingfrequency, and then did a Taylor expansion of the resulting formula.Belevitch's lovely result is that "Zipf's Law" follows directly as thefirst-order truncation of the Taylor series. Furthermore, "Pareto's Law"and "Mandelbrot's Law" (which seem even more curious and mysterious to mostpeople) follow immediately as second- and third-order truncations. There isnothing magical or mystical about it! And yet very few people know of hiswonderful paper, and tend to overendow the amazingness of one of the various"Laws", oblivious to this remarkably simple result. (I referred long ago toBelevitch's article in a paper based on my PhD work, EfficientError-Limiting Variable-Length Codes, I.R.E. [precursor to the IEEE]Transactions on Information Theory IT-8, July 1962, 292-304.)[NOTE: The so-called 80-20 rule is discussed in Linked,Albert-László Barabási (Plume, 2003), which Paul Concusrecently shared with me. (The book subtitle is ``How Everything IsConnected to Everything Else and What It Means for Business, Science, andEveryday Life'' -- which is very relevant.) Linked has a fewerrors that strike home: (1) p.147 mentions Paul Baran at the 1967 symposiumin Gatlinburg, Texas. It was of course 1968, the first ACM Symposiumon Operating Systems Principles, in Gatlinburg,Tennessee. (ALB must have been thinking of the Texas Steak House inGatlinburg, Tennessee.) (2) p.149: ``e-mail was born when an adventuroushacker, Rag Tomlinson ...'' Well, e-mail was born on CTSS at MIT by Tom VanVleck and Noel Morris in the early 1960s, contemporaneous with a similareffort at Dartmouth. ARPANET e-mail was 1969. (3) p.151 cites the firstInternet (NO, ARPANET) node at UCLA, and the first e-mail having been sentfrom UCLA to Stanford. NO NO NO. It was UCLA to SRI. The second site onthe ARPANET was SRI, then Stanford Research Institute. But Linkedis an excellent read despite slips such as these.]With respect to everything being linked, one of my favorite quotes is fromBob Morris (erstwhile college classmate, Bell Labs colleague, and formerchief scientist of the National Computer Security Center): ``To a firstapproximation, every computer in the world is connected with every othercomputer.'' (19 September 1988, in a briefing for the NationalResearch Council Computer Science and Technology Board in Washington DC)(This was of course about 6 weeks before the Internet Worm!)Some Quasi-Literary PursuitsPeter Neumann's Multiply-Mixed Metaphor Mania * Pandora's cat is out of the barn, and the genie won't go back in thecloset. [This polymorphic statement can be variously applied tocryptography, export controls, viruses, spam, terrorism, outsourcing,and many other issues.]* It's like shooting a straw herring in midstream. [Straw men havea difficult time catching red herrings!] An alternative version thatI have used is ``It's like flogging a straw herring in the foot.''* In an article by John Schwartz in The New York Times, 30 Mar 2001, on Internet technologies inbusiness, reflecting on the acceleration being a double-edged sword, I wasquoted as saying, ``Many of the swords have more than two edges -- sort of a Swiss Army Knife with the blades in upside down, so that you keep cutting yourself on some of the implements whenever you try to take one out.''Tad Simmons of *Presentations* (June 2001) cited this, and added ``Without saying a single word directly about the economy, Neumann was able to convey the idea that business propositions in the Internet age are complex, multi-faceted, and often painful.''* Giving the camel an inch leads to a foot over the dam.[The camel's nose under the tent and a foot in the door togethercause water on the knee over the dam. Don't cry over camel's milk.But this one is probably still a work in progress.][* In September 2004, I happened to stumble onto this one from Molly Ivinsfor the first time, even though it is an oldie (1991): ``Legislators do notmerely mix metaphors: they are the Waring blenders of metaphors, theCuisinarts of the field. By the time you let the head of the camel into thetent, opening a loophole big enough to drive a truck through, you may havethrown the baby out with the bathwater by putting a Band-Aid on an openwound, and then you have to turn over the first rock in order to find asacred cow.'' Molly Ivins, *The New York Times Magazine* (quoted in *MollyIvins Can't Say That, Can She? Vintage Books, 1991). Her presence issorely missed.] An Epic Annotated LimerickIn 1973 I wrote anEpic Annotated Limerick in honor of my literary mentor,Marsden V. Dillenbeck (noted above). His passing was one that left me de-ment(or)ed.WARNING: This should probably be read only by folks who enjoycrypto-pseudoliterary puns (some multilingual), alliteration, poetic meters,cryptic puzzles, and other linguistic weirdnesses. A Large-System Glossary for EWDFor Edsger Dijkstra's 60th birthday in 1990, I wrote a chapter called"Beauty and the Beast of Software Complexity -- Elegance versus Elephants",which appeared in Beauty is Our Business, A Birthday Salute to EdsgerW. Dijkstra, edited by W.H.J. Feijen, A.J.M. van Gasteren, D. Gries,J. Misra, Springer-Verlag, 1990. My appendix to the chapter included thisbit of doggerel: * Elephantine equations: Large-system requirements for which there may be a multiplicity of integral solutions. * Pachydermatitis: A breakdown in the outermost layer of a very large system (e.g., manifesting itself as a flaky user interface). (Ichthyosis scales up inefficiently.) * Behemotherhood. In very large systems, motherhood that has a high likelihood of running amok. * Hippodromederriere. An awkward race down the back stretch to write the last half-million lines of code before the system self-destructs in an evolutionary backwater. Writing Style and Grammar* Hyphen-related ambiguity:You might be interested in a few items I wrote for a would-be book onEnglish language usage. One section, referred to as the Hyphen(h)ater'sHandbook, appeared in RISKS, vol 17, issue 95, discussing the deeperimplications of ``email'' versus ``e-mail'' and related ambiguities.* The misplaced `only':Another section of that would-be treatise, Only His Only GrammarianCan Only Say Only What Only He Only Means, discusses the risks of themisplaced ``only'' --- in particular, the ambiguity that can result. * The missing `than':A more recent addition discusses the ambiguities that arise from Incomplete Comparisons: TheMissing ``than'' in ``more than''. * Commas and MoreIn Lynne Truss's book``Eats, Shoots & Leaves'' (which, without the comma, is what a Pandadoes), the author notes the wonderful ambiguity between ``Those old things over there are my husbands'.''and ``Those old things over there are my husbands.''to illustrate the importance of apostrophes -- which are so frequentlymisused (e.g., its vs it's). The book's subtitle is The Zero ToleranceApproach to Punctuation, and should be of interest to anyonewho has read thus far through my Web site. Gotham Books, April 2004. Now I guess I don't need to write the rest of the book of which theHyphen(-H)aters Handbook was somewhat facetiously conceived to be a part! * Acronyms: Although we introduced ACLs in Multics in 1965 (asnoted above), I would now like to introduce something we might callRole-Name Groups (RNGs), so that we can compare ACLs and RNGs! [Theprevious sentence is actually a test to see whether, in reading, youpronounce acronyms (a) as if they are words (ackle), or (b) sequences ofletters (R-N-G), or (c) expansions based on what is referred to by eachletter. I know people who fairly consistently go one way or the other. Inthe case of my example, ACLs and RNGs are of course intended to be treatedas case (a) and (b), respectively -- as in "ackles and are-en-gees". Inparticular, I am interested in discovering what personal charactistics areinvolved in this choice. For example, it makes a big difference in whetherwe might write (a or b) "an HTML document" or (c) "a HTML document",respectively, and this is truly an ambiguity in writing correct Englisharound acronyms.] Some day, perhaps I will write a treatise on acronyms,especially recursive acronyms such as GNU (which stands for GNU's Not Unix). * Quotes and Periods: I have had many battles with old-think editorswho insist on putting terminating punctuation (e.g., periods) inside ofquotes even when those periods are not part of the quoted text or literalstring (as in ``string.''). It is refreshing that new-school editors allowa quoted string not to include the ``period''. My rule is fairlysimple: never put a period inside the quotes unless that period ispart of what you are ``quoting''. This makes perfect sense logically. * Apostrophe mistakes: The most common apostrophic misuse seems to arise in the popular confusionbetween it's and its. It's easy to know its proper use ifyou think about a little grammar -- the difference between a contraction(ambiguously, for either it is or it has) anda possessive (its x-ness is precisely the x-ness of it,where x-ness is, for example, some sort of attribute), respectively. The possessive apostrophe-s following a word that ends in s is a littletrickier. Proper names generally get an extra s, because the final s in thename is not a plural being apostrophesized, as in ``Parnas's''. But noextra s is generally needed when a nonProper word is already plural, as in``The dogs' blankets are wet.''An article by Sarah Lyall in The New York Times (16 June 2001)noted John Richards (a retired newspaper copy editor and reporter living inBoston, England), who has founded the Apostrophe Protection Society.Richards -- pictured in front of ``Sweeney Todd, the Modern Mans BarberShop'' -- is vigorously trying to protect against misuse of the Queen's English such as todays menue's and Nigels specialpudding's.Geoff Kuenning noted this one from the Oxford University Press, EdpressNews: ``It's is not, it isn't ain't, and it's it's, not its, if you mean itis. If you don't, it's its. Then too, it's hers. It isn't her's. Itisn't our's either. It's ours, and likewise yours and theirs.''* Old-style grammatical rules don't rule anymore: It may have begunwith California English, such as ``Her and me are going.'' Objectivelyunsubjective? Or subjectively unobjective! And now we have things like``My bad.'' Well, if any noun can be verbed, then perhaps anyadjective can be nouned, and so on -- with a tendency towardtotally interchangeable parts of speech. Is this also happening in muchmore strongly typed languages such as German and Russian? It is certainlysomewhat more difficult. Pronunciation* ``Nuclear'': Could there be possible ideological or othernoticeable cultural differences between people who pronounce the word``nuclear'' correctly, and those who pronounce it as ``nuke-yu-ler''?This question needs some further psychosocial exploration, because I knowsome seemingly thoughtful and open-minded people who consistently pronouncethe word incorrectly (perhaps because their colleagues do?), but also manyfolks with seriously closed minds who are incapable of realizing that theyare wrong. Or are they? A few publishers of dictionaries seem to thinkthat this mispronunciation is now acceptable! * ``Neumann'':After many questions regarding the pronunciation of my name, and manymispronunciations, I thought it might be appropriate to dust off an oldpiece of doggerel written on 22 November 1976, in response to a query: On Peter NoimannWhile hoi polloi enjoy the ``new'',The cognoscenti are the fewWho use the ``noi'' that he as boyHad always managed to employ,And which he somehow still does use.While that it's ``noi'' may come as news,The use of ``new'' never annoys --Although it sometimes sounds as noise.On 23 September 1992, I ran into an SRI mail delivery person, whom I had notseen in many years. This was the exchange: ``Mr. Newmann, I'm presumin'?''PGN: ``No. Mr. Noymann, 'cuz it's Joyman.'' (Well, Germanic, but actually Dad was born in 1887 in the Austro-Hungarian Empire.)* Other poetry: A few pieces of poetry are published in variousplaces, including some in my Harvard class reunion books. One of myfavorites is a work of abstract poetry that I did long ago with my poetfriend Emmett Williams, an homage to Guillaume Apollinaire on the 50thanniversary of his untimely death. It was exhibited as a huge banner at theInstitute of Contemporary Arts in London in 1968 spelling out his name. Itappears on pages 348-359 of Emmett's book, Selected Shorter Poems,1950-1970, Edition Hansjörg Mayer, Stuttgart, 1974, and published inthe U.S. by New Directions Publishing Corporartion. The work is a graphicalrepresentation of Apollinaire's utterance of hopes for the future: ``Omouths, mankind is in search of a new form of speech, with which nogrammarians of any language will be able to talk. We want new sounds.''These words are embedded into a diamond shape out of which the large-fontletters of his name are formed. Reading across within the large lettersgives all sorts of ``new sounds'' ... Other Odds and EndsOne of the sports rareties of my life occurred during one of the Sundaysummer softball games that the Chilmark Massachusetts community has engagedin for something approaching 100 years, and in which I have played wheneverpossible since the early 1950s. I was playing third base and Spike Lee wasplaying first. Runners were on second and third with no outs. A ballwas hit sharply down the third-base line starting out foul but bouncing fairto me. I checked the runner at third, and threw the batter out at first.Spike noticed that the runner at second had run down to third base, and sohe ran directly to third. In the blink of an eye, Spike tagged the originalrunner as he broke for home, and the other runner who had panicked andstarted back to second. This was a most unusual Triple Play, 5-3-3-3! Many years before, I was playing right field, with a runner on second. Thesecond-baseman lost a popup in the sun and it bounced directly off his headto me on the fly. The runner on second had taken off, so I was able todouble him off at second, and had both putouts in a rather unusual if nothistorically unique 4-9-9 double play. I recently stumbled onto a somewhat discolored copy of Herb Caen's columnin the San Francisco Chronicle from Feb 4 1976, which includedthe following squib that I would like to record for posterity before I tossit: "Down at Stanford Research Institute yesterday morning, computerprogrammer Peter Neumann was thinking about having breakfast, glanced outthe window toward the cafeteria, saw two trucks parked in front of it --Menlo Park Garbage, Dean's Animal Feeds -- and changed his mind." I reallymiss Herb's trenchant humor. (One of my favorites was Herb's puzzlement whenhe saw a license plate "ICECAR", until he realized that it represented"Datsunicecar". In 2008, Don Hudson read that item on my website,and reported that he had seen a license plate in Vancouver BC "NFUGUE";it was (of course) a Honda Prelude, evidently honoring J.S. Bach. And then there is my musical doormat, ``Bach Later; Offenbach Sooner''.EndIf you read all the way through this to get here (rather than merelyclicking on the last menu item), you have my greatest appreciation! Bestwishes. PGN . |
|
