Re: AMD planning 45nm 12-Core 'Istanbul' Processor ?

On May 26, 10:28 am, Sebastian Kaliszewski
<s.usun...@xxxxxxxxxxxxxxxxxxx> wrote:
Robert Myers wrote:

[...]

Quality is a variable to be optimized, not some
deity to be worshipped. "Beware false gods".

I can just imagine hanging that as a motto in someone's office.
You're kidding, right? Heard of ISO 9000? Prepare to worship a false
god. From what I've seen of it, I'm not keen on ISO 9000, but the
success of something so clunky should be a clue.

It should be a clue that you don't have one wrt things you're discussing
here.

BTW ISO 900x is not about quality but predictable quality. You can set your
quality bottom low and you have to adhere to that :)

Depends on the business you're in. Like, say, making medical devices
or materials used in medical devices.

Similarly, citing financial institutions as expert in risk management
would have worked before Long Term Capital Management. As it is, the
financial industry, like George Bush, is a study in the catastrophic
consequences of being overconfident.

Your constant insisting on comparability of risk estimation in long term
capital and software only shows your lack of clue.

Look.

I didn't go there. You did.

You said the people you work for know what they're doing. You didn't
hedge. The way you put it out there has to be one of the most
laughable claims ever made, given the timing. Your "oh, but I didn't
really mean that" hardly goes with your gunslinger swagger.

The funny thing about risk, like NASA's estimates of risks to the
shuttles, is that you learn that the methodology is faulty only after
a catastrophic failure. A statement of confidence about handicapping
of risk should tell you to find another handicapper.

So please show me that catastrophic failure of risk estimation of software.

NASA (very, very famously) estimated the risk associated with the
Space Shuttle by using fault tree analysis. It's widely recognized
that:

a. The methods used vastly underestimated the risk.
b. Did not and could not capture common mode failure failures.
c. Did not and could not capture failures resulting from exogenous
factors (e.g. the weather) and complex interactions of human beings
(managers sloughing off what the engineers knew).

Had NASA done anything like the number of launches it contemplated
originally, we'd have graveyards full of dead astronauts. That's a
failure of *risk analysis* software. Risk analysis has been widely
overhauled as a result of NASA's experience. Nevertheless, NASA has
had serious problems with/lost any number of unmanned probes due to
the failure of flight control software itself.



Where human life is at risk, certification
might be legislated. Otherwise using the principle of minimum
interference, contract and tort remedies would apply. Note UCITA
failed in nearly all states, and safe harbor in some.

Big changes are on the way. Maybe later rather than sooner, but they
will come. If you're going to plug into the internet, you will be
regulated. I'm not happy about that, but I see no way around it.

The problem is that you don't see. Others do. Fortunately world doesn't care
about one's Roberts imaginations.

Look. You are either so wrapped up in what you're doing that you
can't see what's going on around you, or you're playing stupid. This
isn't a security forum, so there's no point in discussing the nearly
universal agonizing over security threats due to software
vulnerability.

Financial software, online or off, is subject to the same kinds of
problems that NASA discovered. Correctness analysis wouldn't help
with some of those problems, to be sure.

We get it, all right. People's identities and medical
records are stolen en masse, bank accounts are pilfered,
and the Internet is home to powerful botnets with unknowable
levels of capability or maliciousness of intent.

Oh dear, you really _do_ live in fear. NYC? My sympathies.

Most of the listed items are _potentials_ whose probability
and consequences need to be weighed against other threats.

There's nothing hypothetical about what I presented. All the
incidents I've described have already occurred.

What? Like national grid being shut down by terrorists? Do you also look for
Bin Laden under your bed every evening?

What the shuttle disasters and the World Trade Center attack taught is
that there are more ways for things to go wrong than you can think of
and that apparently acceptable risks can have enormous consequences.

Robert.
.

Relevant Pages

  • Re: Saturn V
    ... for vehicle or mission failure depends on the combined risks for the ... The practice of risk analysis is not ... Managing and understanding risks for better safety has a long history ...
    (sci.space.history)
  • Re: Cost of Cockpit Instruments
    ... attitude is too extreme for the actual risk involved. ... over, and people start looking at the likelihood of failure, along ... Sticking some COTS ... Certification means that the instrument will perform at a particular level ...
    (rec.aviation.piloting)
  • Re: Long missions question
    ... general a systemic or common mode failure. ... >the probe reaches its destination. ... risk in the launch vehicle. ... There are no guarantees and they design to a failure rate that is deemed ...
    (sci.space.shuttle)
  • Re: 1 Fatal ...r.a.h or r.a.p?
    ... crashes are caused either by the pilot choosing a course of action that he ... how does one confidently plan for failure ... I am trying to find a way to fly an airplane, how to avoid dangerous ... Life is about risk management whether we do it consciously or ...
    (rec.aviation.homebuilt)
  • Re: Skype use obligation - Security x Productivity
    ... "Risk their efforts in obtaining the mentioned ISO certifications?" ... For the 7799 certification you need to show evidence that the business ... CISSP CISA CISM ISO 27001 Lead Auditor ... accurate risk assessment and management solution FREE - limited Time ...
    (Pen-Test)