dents he explored in his “Viewpoint” “Your Students Are Your Legacy” (Mar. 2009). With appropriate changes based on the substance of study, the model is extensible well beyond CS. Patterson’s legacy is indeed well deserved. I only wish he had been my advisor when I was in graduate school.
The Viewpoint “Computing as Social Science” (Apr. 2009) by Michael Buckley was not really about social science, but about social service, which is quite a different thing. This is not a mere quibble. In 20 years of work with computer scientists, I have often had to start from the beginning, educating them about sociology—and the social sciences—as analytic disciplines.
Barry Wellman, Toronto, Canada
The article “Lest We Remember: Cold-Boot Attacks on Encryption Keys” by J. Alex Halderman et al. (May 2009) took me back to my student days in the 1970s when I discovered that the Control Data Kronos operating system had a similar vulnerability. One could access other users’ passwords by running the command-line tool to change passwords followed by the debug tool to “dump core” to a file. The privileged password utility could read the system password file to perform its function, but because it didn’t “zero out” the RAM disk buffers before it terminated, the nonprivileged memory dump utility revealed the IDs and passwords of many other users.
Bruce Wallace, Ooltewah, TN
with some unintended inaccuracies concerning the Cross Site Reference Forgery or Cross Site Request Forgery (XSRF) attack. XSRF leverages established session state in the browser. Also, if a user is authenticated into a Web site and the attacker somehow generates a URL to that site from the same browser, it may be authenticated as well. This is true for several types of authentication mechanisms, including session cookies. This type of attack does not require multiple tabs and has been around for a while, but tabs give it a new dimension, since more and more users keep multiple tabs open that are potentially authenticated to important (or high-value) sites. If a user logs into a bank and then in a separate tab goes to a page that somehow sends a malicious URL to the bank, that URL may be authenticated and able to perform actions on the user’s bank account without the user’s knowledge or consent. What we were attempting to show is that sometimes features have unintended security implications, an issue applicable to all major browsers.
While we regret this error, the article’s original thrust is the same—that browser security issues are complex, more so every day, and the risks they pose are not to be taken lightly.
Thomas Wadlow, San Francisco, CA Vlad Gorelik, Palo Alto, CA
Communications welcomes your opinion. To submit a Letter to the Editor, please limit your comments to 500 words or less and send to letters@cacm.acm.org.
© 2009 ACM 0001-0782/09/0700 $10.00
Coming Next Month in COMMUNICATIONS
How to glean meaning and usability from a blind user’s interaction with technology.
equal opportunity support for All You wouldn’t expect a woman CS department chair and a 1960s liberal to jointly criticize an article promoting women in computing, but we were disturbed by some aspects of the cover article “Women in Computing—Take 2” (Feb. 2009).
Much of the it was devoted to a set of excellent suggestions for creating and nurturing CS careers, from initial
childhood exposure through gaining tenure at a research university. But why were these suggestions covered in an article limited to women in computing? Nearly every suggestion applies equally well to any demographic: underrepresented minorities, people with handicaps, low-income people, plain old white males. (There were a few exceptions, such as “send students to the Grace Hopper Conference” or “join CRA-W,” but other career-advanc-ing conferences and organizations can be substituted with the same overall message.) We would advise anyone considering a career in CS, or anyone in a position to nurture a CS career, to pay close attention to the good ideas in the article, while disregarding its focus on women.
For example, it suggested that introductory CS students should program in pairs. We like this idea very much for a number of reasons, none concerning gender. One might think intuitively that female students in particular prefer pair programming. However, from the statistics provided by the cited study, there is an even more positive influence on males than on females. (That is, the technique had a slightly better chance of motivating any given reluctant male to continue in CS than of motivating any given reluctant female.)
At the junior-professor level, the article suggested less teaching for the first two years, sufficient startup funding to support graduate students, help writing grant proposals, and being clear about what is expected to gain tenure. Aren’t these strategies appropriate for all junior faculty? Should females be granted such departmental support while males are denied? We certainly hope not.
There’s no question that women have faced obstacles over the years when choosing and building careers in CS, as well as in other fields. Still, an article providing sound general advice, while limiting it to women, is not an appropriate solution.
Jeffrey D. ullman and Jennifer Widom, Stanford, CA
Boolean satisfiability: From theoretical hardness to practical success.
Revitalizing computer education by building free and open source software for humanity.
More on Browser security Our article “Security in the Browser” (May 2009) included a paragraph
Plus the latest news on collaborative filtering, facial recognition technology, and games and education.
References:
Archives