R
Robert Myers
You *are* drinking. "That's beneath you," is not the same as "You're
beneath me."
I usually cut a lot of slack to those with technical competence.
You've exhausted your allowance. Go kick the dog or something.
Robert.
You *are* drinking. "That's beneath you," is not the same as "You're
beneath me."
I usually cut a lot of slack to those with technical competence.
You've exhausted your allowance. Go kick the dog or something.
Robert.
R
Robert Redelmeier
Robert Myers said:
At what cost and via what mechanisms? The CISC "problem" was
not consciously worked as a problem, and certainly not around
any edicts. x86 is rather like english -- it succeeded and
prdominates for subtle reasons _in_spite_of_ theoretical problems.
Quality is a variable to be optimized, not some
deity to be worshipped. "Beware false gods".
Merely because something turns out badly does not prove
any particular cause of that failure. Ex post facto.
There is risk in everything we do. And different coping mechanisms.
I see no reason to suppose that software quality will be legislated
or otherwise adjudicated. Legal and scientific proofs are
fundamentally different. Far more likely, certifying agencies
will evolve like UL. Where human life is at risk, certification
might be legislated. Otherwise using the principle of minimum
interference, contract and tort remedies would apply. Note UCITA
failed in nearly all states, and safe harbor in some.
Oh dear, you really _do_ live in fear. NYC? My sympathies.
Most of the listed items are _potentials_ whose probability
and consequences need to be weighed against other threats.
-- Robert
R
Robert Myers
A recent poster to comp.arch referred to the "cubic dollars" that AMD
and Intel had spent to make the instruction decoding problem go away,
so I assume that the investment was large. The software quality
problem is huge and a huge investment to solve it is more than
justified.
Market mechanisms were adequate to drive a solution to the RISC vs.
CISC problem, but market mechanisms do not always work. You have only
to look at the pharmaceutical industry. I urge you not to take me on
about this one. I lost a good friend three summers ago because of the
long term effects of a miracle drug that was introduced before we had
our current system of regulation.
The system of drug regulation we have now is far from perfect, but a
stroll around Cambidgeport on the edge of the MIT campus will clue you
in that lots of money is being made, in spite of hugely burdensome
regulatory requirements like drug trials.
I can just imagine hanging that as a motto in someone's office.
You're kidding, right? Heard of ISO 9000? Prepare to worship a false
god. From what I've seen of it, I'm not keen on ISO 9000, but the
success of something so clunky should be a clue.
It doesn't matter what it proves. No one will be asking George Bush's
advice about war making except as a learning from mistakes exercise.
Similarly, citing financial institutions as expert in risk management
would have worked before Long Term Capital Management. As it is, the
financial industry, like George Bush, is a study in the catastrophic
consequences of being overconfident.
The funny thing about risk, like NASA's estimates of risks to the
shuttles, is that you learn that the methodology is faulty only after
a catastrophic failure. A statement of confidence about handicapping
of risk should tell you to find another handicapper.
As I've already pointed out, they already have evolved.
Big changes are on the way. Maybe later rather than sooner, but they
will come. If you're going to plug into the internet, you will be
regulated. I'm not happy about that, but I see no way around it.
There's nothing hypothetical about what I presented. All the
incidents I've described have already occurred.
Robert.
K
krw
You're not very sharp, are you R0bert.
I do too. Unfortunately...
That's exactly what I am doing.
R
Robert Redelmeier
Robert Myers said:
Uhm ... err ... when did you start believing USENET uncritically?
"cubic dollars" I take as BILLIONS, and AMD has never had this to
spend on development. Intel might over a number of years. But hasn't.
x86 CISC decode into RISC was "solved" over ten years ago with iP6 and
aK6 and basically only tweaked since then. Probably at a development
cost of less than 1 M$. That wouldn't even begin to address a total
re-write or even audit of the commercial codebase. For an Idea of
what is involved, look into the OpenBSD review process.
This depends entirely on your definition of "work", and you
must expect different people to have different values.
Uhm ... err ... the US FDA has been around since the 1930s.
They were somewhat lax until the Thalidomide debacle in the
late 1950s, clamped down and predictably have been relaxing
ever since, especially in the past 15 years.
Why do you think spending and flash cash equates to
money being made? Real money is invisible -- Omaha NE.
Interesting you should bring that up. I have much more than a clue.
At work, I've been an ISO-certified internal auditor for 5 years.
The ISO 9000 series really isn't onerous at all: "say what you do,
and do what you say". It is mostly just good management and some
documentation that you really should have been keeping all along.
Maybe so, but it is far from proven that Hil Obamacaine
would have done any better.
You should study Taleb's book "Black Swans"
No, you just need to realize that failure of imagination
can have serious conequences. "unknown unknowns"
Please rail away. I don't mind. IPv6 has some threats built-in.
But short of technically, managerially and socially infeasible total
packet capture there really is no way to regulate the internet.
Smart people have tried with at best partial success.
So? Occurence just means you can be more precise about threat
probabilities and consequences. Yes, a few people have suffered
horrendous in-depth identity theft. Many more people die on
the roads. Most cases of ID theft are nothing more than CC fraud
which I've suffered and found fairly easy to correct.
-- Robert
R
Robert Myers
The poster was an AMD architect.
That's easy. Markets that "work" are left alone. Markets that don't
"work" are regulated.
You went there, anyway. The thalidomide debacle was not the only
one. Spare me your um's and errs. My friend is *dead*.
I thought financial wizards knew how to estimate risk.
It depends on the business you're in, I suppose.
This is not a discussion of politics. I brought him up as another
"expert" that no one who knew recent history would cite. Financial
institutions claim that one of their areas of special expertise is
management of risk. Recent history has proven that they are at best
unreliable.
Looks like an interesting book. Thanks for calling it to my
attention.
The difference is that most software risk is not unexpected and can be
eliminated.
As painful as the shuttle disasters were, we learned things from each
one. They have resulted in changes in methodology, not drugs to
increase imaginative capacity. What will *not* happen, unfortunately,
is to recognize the behavior patterns of managers present in both
cases and to eliminate such people from critical decision-making
roles.
ISP's are packet-capturing now. CISCO has just released an appliance
with mind-bending bandwidth.
Robert.
R
Robert Redelmeier
Robert Myers said:
If so, perhaps s/he could not see the forest for the trees.
However large it might seem inside, in the context of the
whole industry, AMD is nothing. And I like them.
Unbelieveable ... you have confidence in the US Congress and
political process??? They're the ones who regulate [or not] markets.
I never would have accused you of that
So you think cableTV &internet is a market that "works" [deregulated], vitamins do not
[set for a clamp-down] and cellphones do not [FCC].
Of course. Why do you expect to bring up a topic and
not have it discussed? Asking? Better to edit out.
My condolences. But frankly less than for those who lose a child.
We all die one day, and there are lots of risks before then.
??? even if they did, why would they tell you the truth
from free? Wall Street is all about selling paper, and
the wizards are just window dressing.
Not much, really. The ISO 9000s are very flexible and applicable to
many different kinds of product. However, they are _NO_ guarantee
of any particular quality standard beyond that which management
and customers agree upon. Plenty of weasle-room.
Then why bring GWB up? No US President since Jimmy Carter has ever
been accused of any special expertise. All have been generalists.
Salesmanship. Is it printed on glossy paper?
Then you know it is most probably an unproveable lie.
Are you young? Past history too (S&L & more).
No. Please study the Halting Problem [Turing].
In simple terms, you cannot make anything foolproof
because fools are too d@mned ingenious!
IMHO we learned nearly nothing from either one. Both were
simple things about taking care of business. The O-rings are
still wrong and get burnt each time, just within tolerence.
Tiles still get ice damaged, but we watch.
Methodology is what I had in mind, but your idea of
drugs might also have merit.
Agreed. But why would you expect the power-seekers to
relinquish power?
GHz or THz is nice for a switch but doesn't help capture. Do the
math: Even a small 100 Mbps neighborhood will fill a 1 TB disk
per day. Who is going to shuffle, sort & search all of those?
-- Robert
R
Robert Myers
Oh, who knows. The architects I've talked to publicly and privately
seem to have a pretty good grasp of forest and trees. They're not
bean-counters, though.
I like the Boston Red Sox. I don't generally cheer for companies as
if they were sports teams. On the other hand, I can regret the
direction that an industry is driven by competitive pressures: the big
three auto-makers to large vehicles and the processor business to x86
monoculture.
The human race has not flourished to the extent that it has because itUnbelieveable ... you have confidence in the US Congress and
political process??? They're the ones who regulate [or not] markets.
I never would have accused you of that
internet is a market that "works" [deregulated], vitamins do not
[set for a clamp-down] and cellphones do not [FCC].
is socially inept as a whole. It may not always be pretty, but humans
get things done.
The drug industry is not now and never has been adequately regulated,
and people die because of that fact. I'd like to say that your belief
in free markets is touchingly childlike, but it seems more like
obstinately fundamentalist to me. I don't care for fundamentalism of
any flavor.
I was dealing with a hot-head who claimed that financial institutions
know how to estimate risk. When I pointed out the obvious, he changed
his assertion. Yes, indeed, just as I said, Wall Street is a kind of
Ponzi scheme, and the game right now is who gets stuck with the bad
paper.
Doesn't agree with what I've seen.
I needed an outrageous counter-example. No one should be citing
financial institutions as competent to assess risk and no one should
be asking George Bush how to go to war. It has nothing to do with
politics or even George Bush. I don't like George Bush much, but I
feel badly for someone in the spot he's in. He's had to give up golf,
for example.
The end conclusion is that capitalism is a vast con game. It may well
be.
I get tired of people talking about the Halting Problem, Goedel,
Turing, P, and NP, and heaven only knows what else. There are
concrete steps that can be taken to improve the reliability of
software dramatically. I have no interest at all in cosmic
conclusions about software, or markets, or anything else, particularly
when garden variety shoddy workmanship is hiding behind cosmic
conclusions.
Good question.
Only the British think that omnipresence is necessary to fight crime,
and they're finding that their implementation of the panopticon is a
huge waste of money. You don't have to watch everything. You only
have to watch enough to keep the honest people honest and hope that
you can catch enough of the really dishonest people to make a
difference. That's a general law enforcement strategy, not just one
for the Internet.
Robert.
R
Robert Redelmeier
Robert Myers said:
You don't need to count beans, just noses: AMD has about
18,000 employees worldwide. There are 3.2 million people
employed at Computer & Mathematical work in the US alone.
Perspective matters.
Then regret human nature. There are lots of layers,
stopping at any particular one is prejudice.
So why complain about the market?
Are you certain? People also die from over-regulation.
Perhaps less obvious than adverse reactions, but real:
I am allergic to penicillin and would die from an injection.
Had I been in one of the early trials, penicillin could
have been banned. Millions would have died.
Even if you are polar, please do not assume that I am.
Where did I ever say markets are perfect? Merely because I
point out the flaws in regulation does not imply that I believe
markets are perfect. Even fanatics of property rights believe
in regulation -- legal enforcement of their property.
It always is and has been. How bad the paper is varies.
What have you _seen_? Not heard, mind.
Why would you think GWB an outrageous counter-example? Politics is
contentious. If you think him uncontroversial, you should suspect
your dataset is at least incomplete and possibly havily biased.
No. Merely because one part has certain attributes
does not mean the whole has those attributes.
Yes. They why did you ignore my earlier reference to OpenBSD?
They have implemented one solution -- line-by-line review.
But you also need a lot of cooperation. You can jail
1% of the population. But not 10%.
-- Robert
S
Sebastian Kaliszewski
Robert Myers wrote:
[...]
It should be a clue that you don't have one wrt things you're discussing
here.
BTW ISO 900x is not about quality but predictable quality. You can set your
quality bottom low and you have to adhere to that
Your constant insisting on comparability of risk estimation in long term
capital and software only shows your lack of clue.
So please show me that catastrophic failure of risk estimation of software.
You have pointed out only our imaginations.
The problem is that you don't see. Others do. Fortunately world doesn't care
about one's Roberts imaginations.
What? Like national grid being shut down by terrorists? Do you also look for
Bin Laden under your bed every evening?
Sebastian Kaliszewski
[...]
It should be a clue that you don't have one wrt things you're discussing
here.
BTW ISO 900x is not about quality but predictable quality. You can set your
quality bottom low and you have to adhere to that
Your constant insisting on comparability of risk estimation in long term
capital and software only shows your lack of clue.
So please show me that catastrophic failure of risk estimation of software.
You have pointed out only our imaginations.
The problem is that you don't see. Others do. Fortunately world doesn't care
about one's Roberts imaginations.
What? Like national grid being shut down by terrorists? Do you also look for
Bin Laden under your bed every evening?
Sebastian Kaliszewski
S
Sebastian Kaliszewski
Robert said:
What risk? You dont understand squat what you talk about. There is no
general risk. So what risk? If they failed at one field doesnt mean they
fail in much simpler ones. Show me one example of impropely estimated risk
wrt to software bringing down one of those companies...
Unreliable in what field?
Oh, you start to get it!
So contrary to financial markets which as Keith described nicely are
Schroedinger Cat on Steroids, software is a good behaved beast.
And you know why? The behaviour is so typical that noone could be declared
immune to that.
Sebastian Kaliszewski
S
Sebastian Kaliszewski
Robert said:
It is allways both ways. For many people untested drugs are the only chance.
If you extend testing even more then you delay drugs introduction even more
and more people won't live long enough to get the treatment.
Go live in some socialistic country (there is still choce: eithre Cuba or
Northen Corea is good). You'll get your regulation there.
And that's the fact. Otherwise they would be nonexistent.
Nope. Your idiotic apples to oranges comparison doesn't change my assertion
at all.
Whatever. These guys make money wether there is upturn or downturn. One may
like it or not, but their attitude "it's immoral to allow suckers to keep
their money" does work for them. And their risk estimation seems to work
pretty well.
[...]
You're demonstrating your utter cluelessness here (not to use stronger
words)
You have no clue about that workmanship at all, so all you talk about that
is nonsense.
Sebastian Kaliszewski
R
Robert Myers
Depends on the business you're in. Like, say, making medical devicesRobert Myers wrote:
[...]
It should be a clue that you don't have one wrt things you're discussing
here.
BTW ISO 900x is not about quality but predictable quality. You can set your
quality bottom low and you have to adhere to that
or materials used in medical devices.
Look.
I didn't go there. You did.
You said the people you work for know what they're doing. You didn't
hedge. The way you put it out there has to be one of the most
laughable claims ever made, given the timing. Your "oh, but I didn't
really mean that" hardly goes with your gunslinger swagger.
NASA (very, very famously) estimated the risk associated with the
Space Shuttle by using fault tree analysis. It's widely recognized
that:
a. The methods used vastly underestimated the risk.
b. Did not and could not capture common mode failure failures.
c. Did not and could not capture failures resulting from exogenous
factors (e.g. the weather) and complex interactions of human beings
(managers sloughing off what the engineers knew).
Had NASA done anything like the number of launches it contemplated
originally, we'd have graveyards full of dead astronauts. That's a
failure of *risk analysis* software. Risk analysis has been widely
overhauled as a result of NASA's experience. Nevertheless, NASA has
had serious problems with/lost any number of unmanned probes due to
the failure of flight control software itself.
Look. You are either so wrapped up in what you're doing that you
can't see what's going on around you, or you're playing stupid. This
isn't a security forum, so there's no point in discussing the nearly
universal agonizing over security threats due to software
vulnerability.
Financial software, online or off, is subject to the same kinds of
problems that NASA discovered. Correctness analysis wouldn't help
with some of those problems, to be sure.
What the shuttle disasters and the World Trade Center attack taught is
that there are more ways for things to go wrong than you can think of
and that apparently acceptable risks can have enormous consequences.
Robert.
R
Robert Myers
You claimed that the people you work for know how to estimate risk.
Manifestly, financial institutions have their shortcomings in the area
of risk estimation. Oh. They know how to estimate software risk
(even though it's known to be an impossibly hard problem), but they
screw up on more important kinds of risk? Do you expect anyone to
take you seriously?
You've changed your story. You remind me of the NASA managers. What
they really wanted was a methodology that would say it was okay to
go. That's all you really want, too. You're becoming strident and
hostile because I've questioned the integrity of your fig leaf.
You're making money however you can. That's cool. Just don't make
claims about knowing more than you could possibly know.
The history of risk estimation, whether in aerospace or finance, has
not been a happy one. NASA, which has learned some bitter lessons
about risk analysis, has had mission failures because of software. I
made a separate post about S&P screwing up a bond rating because of a
software error.
Unfortunately, the methods that are available are rarely used.
Not really. All the problems that NASA has encountered obtain.
People who *really* have to get it right (the fly by wire folks) don't
do business the way you apparently do. Even then, everyone
understands that a plane could fall out of the sky because of a flight
control software problem.
Everyone does it, he explained, as he grabbed for himself as much as
he could.
Robert.
R
Robert Myers
Whatever you're paying attention to, it isn't the pharmaceutical
industry in the US. We're not talking about high risk drugs for which
nothing else is available. We're talking about what amount to
gigantic scams that have needlessly pushed people into riskier and
more profitable drugs. More often than not, they are just elaborate
schemes for extracting money from the US Treasury.
How long has it been since the Berlin Wall came down? You're living
in the Wild West, and you have no business offering me invitations to
go anywhere. I wasn't always happy about my involvement in the Cold
War, but I was damn well involved. Who are you to insult me like
that?
They're merging and going out of business at an amazing rate. The
only reason they're still afloat is because the US Treasury and
Federal Reserve have done things they couldn't or wouldn't do in 1929.
You said they know how to estimate risk. Very, very famously, they do
not. Maybe George Bush could get some other kind of war right. He
won't have the chance to prove himself that way, and Long Term Capital
Management is no more.
You're going to lecture me on the fundamentals of markets? Oh, boy.
That's rich. You got any other surprising things you learned at
school today?
Look. You're in the business of kidding yourself. Kid away. Just
don't try to drag me into your con game. Risk is risk, and the
markets are having a very tough time of it because of exactly the kind
of over-confidence you are exhibiting.
You are swimming against the tide. The energy that you've put into
this discussion is nothing short of amazing. "Current methods of
writing and maintaining software are adequate" is a fascinating
claim. You must live on another planet.
Robert.
R
Robert Myers
I should have told you to take up your argument with the architect I
quoted. He works there. You don't. The quote is easy enough to
find. Go argue with him.
You'd have a lot of work to do to convince me that there is such a
thing as human nature, never mind that it explains anything, never
mind that it is a potential cause of thanksgiving or regret.
The only reason that we are not in a colossal world-wide depression
right now is because we've gotten smarter about fiscal and monetary
policy and the tools have been created to allow that knowledge to be
acted upon. Market mechanisms have nothing to do with it. Left to
themselves, the capital markets would have driven themselves into the
ground any number of times in the last decade. Free markets are a
phantasm, and it's a good thing, otherwise another tulip bulb bubble
would be inevitable. "Free markets" are a fiction and sometimes even
a useful fiction, but that's all they are. Does what I or anyone else
think or say about "free" markets matter? You bet your ass it does.
Do I individually have much influence? Not as a result of posting to
this forum, I'm sure, but not having much influence is not the same as
having no influence. I think the x86 monoculture we have is a
lamentable state of affairs.
Feel free to state your own opinion, just leave it unhooked from
cosmic considerations, please: free markets, human nature, communism
vs. capitalism. The discussions get out of hand, you know.
Penicillin would not have been banned. It might have been used much
more sparingly, and we might not be standing on the edge of the
crumbling antibiotic cliff we are standing on. Am I certain that
patients have died in the modern era because of inadequate oversight
of drug companies? Yes, I am.
Well, we're even then. Regulation of "free" markets is a messy,
imprecise business. Because I acknowledge that regulation of markets
is often necessary does not make me an east coast elitist, never mind
a socialist, never mind a communist.
We are living in an era of arrogance about risk. People talk about
"five sigma events," as if they had eliminated any kind of reasonable
risk. The ugly reality is that no one *really* knows how to calculate
probabilities that small. You can within the constraints of an
artificial model, but reality has stepped time after time with its own
scenario that the model didn't capture, and you don't have to make
very big mistakes to get five sigma probabilities wrong.
How burdensome it can be for a small company.
I really don't want to get into an argument about George Bush. Saying
that financial institutions are competent to assess risk sounds (on
the face of it) about as plausible as saying that George Bush knows
how to run a war. It was a reasonable analogy when I first made it,
it's still a reasonable analogy, and I refuse to be dragged into a
political argument.
Capitalism works as long as markets and economies are growing, but so
do Ponzi schemes. I'm not sure I can see the difference.
I can't begin to imagine how a line-by-line review of software would
accomplish anything. You'll find mistakes, I'm sure. You won't find
all the mistakes and the code base is a moving target.
That's true, although the RIAA seems to be proving that even massive
civil disobedience can be dealt with. You can't put 10% of the jail
in population, but there's nothing to stop you from fining 10% of the
population or even cutting them off from the Internet.
Robert.
S
Sebastian Kaliszewski
Robert said:
Of course you did. Thats you not me who can't see the obvious difference.
Because it's obvious. They would be nonexistant if they didn't.
Besides I do not work for American financial company, so your nonsense does
not apply even if there would be no difference between markets and
software.
As I do not need. I'm talking about obvious things.
It might be laughable only for some clueless dolts.
I meant exactly what I meant. Your hilarious lack of clue and messing apples
and oranges doesn't change that,
ROTFL!
You're piece of work. You apparently can't even read. I asked clearly about
risk estimation *of* software, not risk estimation software.
You keep inventing more and more nonsense to cover your lack of clue instead
of facing the fact that it has been exposed.
Uh, oh.
Yeah. The finacial software will explode releasing about equivalent of 1kt
TNT of energy due to failed o-ring.
Good you accept that.
So your proposed way of (not) making a software would not help either.
Risk of loosing shuttle and astronauts was and still is the "acceptable"
risk for NASA. The risk of major terrorist attack was known for long time
before 9/11. As few soviet atomic suitcases are believed to be missing, the
risk of even greater disaster is still non zero.
But there is also a significant risk of simply getting killed in traffic
accident, and that risk is much greater than becoming a victim of terrorist
attack. But life must go on, we simply must accept that risk. Not accepting
them and hiding somewhere is widely regarded as mental disease.
Sebastian Kaliszewski
S
Sebastian Kaliszewski
Robert said:
Oh, they guy can't pilot a plane, how would you accept he coul'd drive a
car. ROTFL!
Well It's you who can't be taken seriously. Your continued strawman
invention is more and more funny.
You reming me of high skool kids having solution to every problem of the
World. You're simply laughable.
[...]
Look in the mirror. You're discussing stuff you're clules about.
ROTFL!
How all those insurance companies are alive and kicking!
[...]
They are used where they are needed. Your lack of clue about software
production doesn't change the reality. But those methods still do not cover
everything.
You don't know squat how I do business.
Of course.
Whatever. You again didn't get it. And again speak off clulelessness.
When shuttle started to fly many things behaved off normal, oustide design
guidelines. Yet nothing serious happend. So NASA started to change
guidelines to things which apparently occured. As there was large group of
people involved there was not possibility of 100% agreement. And management
pushing for their own goals after many raised concerns turning into nothing
started to care less and less. This is typical human behaviour. It has
nothing to the nonsense you put above.
Sebastian Kaliszewski
S
Sebastian Kaliszewski
Robert said:
Simply go and experience it yourself insted of "being ionwolved".
Another attempt at twist?
Are they alive? Or not?
Uh, oh.
Guy can't fly a plane so he can't drive a car -- it's the same idiotic
logic.
Oh, you "know" software security, medical production, software production,
markets, cold war, Edsger Dijkstra, NASA, and whatever else. Typical of
high school kid. And, unfortunately, like majority of high school kids you
can't read.
Blah, blah, blah.
And denial is a maybe a river in Egypt.
ROTFL!
You're simply piece of the work. Go on! Keep invenitng what others have
said.
Current methods do work. It doesn't change the fact that these methods do
evolve. But they evolve to make software production more effective not to
satisfy some guy with high school kid attitude and black-white views.
Sebastian Kaliszewski
S
Sebastian Kaliszewski
Robert said:
Oh. Sure. There is not. You're funny... It's now clear you don't grip the
reality.
[...]
Neither analogy is reasonable. But it shows your attitude of vast
overgeneralization and plain ignorance of fundamental details. As it's not
G. W. Bush himself who runs the war, as there is no such thing a s just a
risk, etc, etc, etc.
It only shows how far you're from having a clue.
Yeah, sure. The only made things a bit harder. But still everyone can go to
one of those Russian sites and download what they want. What those sites do
is legal in Russia.
Of course there is. That's potential 10% of those who vote, that often makes
big difference. The number starts to be important.
Sebastian Kaliszewski