Thanks Peter G. Neumann

Peter G. Neumann died a few days ago, at the ripe old age of 93, and I find, much to my surprise, that I have never even once mentioned him in these pages.

Before Varnish happened, I was lucky enough to score a little subcontract far out in the corner of DARPA’s “Composable High-Assurance Trustworthy Systems” program, also known as “CHATS”, which was very much Peter’s project.

I suspect Peter thought of CHATS would be his Opus Magnum, he was 71 years old when the final report landed, and it was very much the final word on how to build trustworthy systems.

The problem with final words, is that everybody assume that we’re done now, and so I find that far fewer people have read the report than should have.

So please, grab a mug, a handful of crackers and a comfy chair:

https://www.csl.sri.com/~neumann/chats4.html

Trust me, it is still worth reading, in particular if you have never read it before, and if for no other reason, then because Peter’s thinking had a huge influence on Vinyl Cache:

With respect to the future of trustworthy systems and networks, perhaps the most important recommendations involve the urgent establishment and use of soundly based, highly disciplined, and principle-driven architectures, as well as development practices that systematically encompass trustworthiness and assurance as integral parts of what must become coherent development processes and sound subsequent operational practices.

I have done what I could to turn that principle into reality in the Vinyl Cache project, and learned that principle-driven architecture is not exactly a popular thing, when people “just need this one quick hack…”.

But it sure does pay in the long run: As I write this, we have just announced VSV00019, and while that is an utterly trivially visible bug, which we all totally failed to spot in code-reviews, it is still only number nineteen, over the twenty year lifetime of the project.

Thanks Peter!

/phk