Monthly Archives: November 2013

Coyotes in the Arroyo

29 Friday Nov 2013

Posted by in Uncategorized

Leave a comment

While out for a run today, I was humbled by a road runner.  Little guy ran up beside me, teases me with a race, and then turns on the “turbo boosters”, leaving me in the dust of his wake on the running trail.

Upon turning around, I began to understand why the little bugger took off:

Coyote in the arroyo

Can you see him?  I was only armed with my iPhone and I had to pause my nike+ workout and fumble for the camera app…

Coyote lurking about

Coyote looking for a Thanksgiving meal while I was out trying to burn mine off.  Its not just retailers; nature doesn’t get the long holiday weekend off either.

Black Friday

29 Friday Nov 2013

Posted by in Holidaze

Leave a comment

Tags

, ,

When Black Friday comes
I’m gonna dig myself a hole
Gonna lay down in it ’til
I satisfy my soul…

Steely Dan

Today should be no surprise to you.  After all your TV has been spewing ads for this day since October.
blackfriday
Pictures in today’s paper of people waiting in line for hours — camping out for days even — just to get their hands on an Xbox One or a cheap flat screen TV.

Why are we willing to wait for silly ass events like these, but not for the government’s healthcare site when it crashes?  It amazes me how we will not tolerate any delays in shopping for bargains pertaining to our health care, but we will camp out overnight at a Target just to get 60% off on a Sonic Care Toothbrush.

And when did “Black Friday” become a positive event?  How does one go from associating black with death and plagues, to shopping and “door buster bargains”?  As you might expect, it was the work of retailers and marketers.  For so many centuries the color black has just had bad PR.  The same re-branding has worked in other areas.  Before Super Bowls, the only major events to have Roman numerals in their names were World Wars (and European Monarchs).  Lucky for us, Super Bowls lead World Wars 48 to 2.  So far.

Here is another interesting New Yorker article on why we’re so impatient for black Friday and what makes people so impatient in general.  The authors claim: retailers know how to play on people’s “scarcity mentality”; amping up the fears of missing out on a good deal, and consequently, causing people’s desires for black Friday sales to start right after Thanksgiving dinner.  Me?  I think people use black Friday as a way to avoid Thanksgiving left overs.

By the way, did you know that the Pilgrims had eel for their Thanksgiving feast?  Yeah.  Imagine three weeks of left over cold eel sandwiches!  Makes black Friday seem more “appetizing” doesn’t it?

Happy Thanksgiving!

28 Thursday Nov 2013

Posted by in Holidaze

Leave a comment

Tags

, ,

Today I Am Thankful For:

  • Not doing the traditional Thanksgiving turkey thing.  Nope.  Today I am ordering a pizza and drinking pints of Guinness.  Why waste a perfectly good day of football spending it in the kitchen (or stranded at the airport because of the weather)?
  • Football.  Others may be binging on turkey, but I will binge-watch my day away with football.  Bonus: football has no calories!  No wasting my long weekend at the gym allaying my guilt of over-eating.
  • The guy who came up with the whole DVR concept.  I record all my favorite shows so I watch them on my schedule.  My favorite feature: the fast-forward button to blast past all those annoying “Black Friday Sales” that have been airing since BEFORE Halloween.
  • The choice to avoid “Black Friday” all together.  Sorry, but offering me 20% savings is not worth my sleeping in.  If you want my business, you will offer me the best deal whenever, if ever, I decide to grace my presence in your store.   If you are not willing to do that then there is always Amazon.com.
  • Amazon.com.  Thanks to them I have been able to set foot in the mall a LOT less often.  Bonus: not having to navigate swarms of Abercrombie & Fitch clad, hyper-texting pre-teens.
  • My loving wife, who gets me and allows me to get away with avoiding traditions, opting out of the Christmas shopping hype, and watching lots of football.

An Idea on How to Learn Programming and Software Development?

27 Wednesday Nov 2013

Posted by in Programming, Software Development

2 Comments

Tags

, ,

How to learn — or not learn software development

Been reading a lot about the healthcare.gov software development headaches lately.  I am using it as a personal case study of how/when/why software development goes wrong, and how I might be able avoid these issues in any of my projects at the labs.  I have been using the Mythical Man-Month (MMM) as my guide and it is very enlightening how one can learn by observing the examples or misfortunes of others.

What would I do different?

I would seek out the expertise of anyone who has had the experience of rolling out a massively wide scale web service.  Hmmmm… who could that be?  Amazon.com immediately comes to mind.  I am very surprised that the administration didn’t seek them out.  I am not privy to the bidding process so maybe they did; maybe they didn’t.  I get the sense (and this is just my opinion) the administration believes that if you throw a bunch of tech-savvy people at a problem, magical and amazing things will happen.  Obviously that is not always the case and it violates of one of the tenets of MMM.  Another idea: tour several silicon valley companies; how do they utilize the power of the tech-savvy to create amazing things?

An Idea on How to Learn How to Program

Seeking the guidance of an experienced expert, such as Amazon is also a great way to improve your programming skills.  I had the opportunity to meet a few developers at the Amazon booth at a security conference last August.  They had these programming puzzles similar to below (can you spot the issues?):

wchar_t *fillString(wchar_t content, unsigned int repeat)
{
    wchar_t *buffer;
    size_t size;
    if (repeat > 0x7fffffffe)
        return 0;
    size = ( repeat + 1 ) * sizeof content;
    buffer = (wchar_t *) malloc ( size );
    if ( buffer == 0 )
        return 0;
    wmemset(buffer, content, repeat);
    buffer[ repeat ] = 0;
    return buffer;
}

They had many of these and I had fun solving them; learned some new programming techniques in the process.  I thought: wouldn’t this be a great way to learn how to program?  What if we compiled a puzzle book of code with various topics and challenges?  One chapter could be on proper syntax and constructs to help with spotting common errors and to teach debugging strategies.  Another chapter could be on pointers where you play the role of the compiler/computer and “run” the program to see if you understand pointer arithmetic.  A chapter on simple data structures where you draw out the logical implementation of a linked-list or a hash table.  And of course a chapter on security with snippets like those above.  And if we could format the book in such a way that at the start, you are ignorant of the language, but by the end, you could start using your new skills to make things.

I have several friends who play chess and they use puzzle books to improve their game play.  They claim they learn how to spot patterns for end-game scenarios and how to mate in 3 or 4 moves.  Perhaps we could do something similar  but with code.  Perhaps I should consult Amazon.com and see if any such books already exist.

Related articles

What Every Computer Scientist Should Know

26 Tuesday Nov 2013

Posted by in Computer Science

2 Comments

Tags

, , ,

I have the pleasure of being a part of Sandia National Laboratories (SNL) College Cyber Defenders (CCD) program.  I have been conducting some of the phone interviews for next summer’s program already.  During the interview, I give each prospective student a chance to ask me any question they want.  “This is your phone interview”, I tell them.

Lately, in addition to the usual questions you would expect, several have asked: “What should a CS student know to be successful at Sandia?”  This is a good question to ask — and not just for the labs but for any research position or job in academia, government, and private industry.

I began wondering: “is my advice too narrow?  I know what is useful in my current research interests and duties, but what about generally?”  What is a good core set of skills that a graduating, eager CS degreed individual entering the work force can build upon in order to have an awesome career before real life crushes their aspirations like an empty beer can?

Using my favorite research tool, I began googling to see what others felt about the subject.  Naturally, everyone has their two cents: what computer science concepts should I know?  However, I stumbled upon this from Joel Spolsky.  Here is another from an academic.  The latter’s list is pretty long; I would focus on the top of the list; the further down, the more specialized the skills become.  Besides, trying to master all of them may take you longer than you have life left.

the lyf so short, the craft so long to lerne.

Chaucer (1340-1400)

Spolsky’s advice is more succinct and do-able.  Learning to write is a great skill for CS and non-CS alike.  If you can not describe, in a page or paragraph, to a reasonably thinking human being what your program is supposed to do, then how do you possibly hope to tell a machine how to do it?  In fact, you don’t need to learn a programming language to learn how to program.  English will work just nicely.  Let another human being be the “compiler/interpreter” and see if they perform the task(s) you described.  If they seg-fault and core dump, they can explain in plain English your error far better than some of the cryptic compiler errors you will encounter.

I would add one more skill to the list: don’t blow off discrete mathematics because its hard.  Discrete math is often called, “math for computer scientists.” for a reason. Time and again you will use the core concepts, combining them, building upon them to design algorithms to solve some of today’s most challenging and interesting problems.  If you want to get in on the Big Data craze everyone is raving about, you will need discrete math.

Of course, dispensing advice is easy so I am going to put my money where my mouth is.  Here’s my story: two years ago, I was at a cross-roads in my career.  I was looking for ways to improve my technical skills.  I thought long and about it.  My time is limited and I am a pretty lazy.  I can’t improve every skill at once, but if I could improve one technical skill that would have the most positive impact in my CS career, what would that be?  I chose to re-study discrete mathematics and I am glad I did.

By the way, if your discrete math (DM) class is not using this text, run — don’t walk — run to your nearest book store and get yourself a copy.  Its worth the heady sticker price and it is pretty verbose, but verboseness is good in this case.  The author does an excellent job of explaining the concepts and not pulling any of that “proof is up to the reader” crap so many other DM texts employ.  I used this text in the course of my personal re-study.  It took me about 9 months to get through it cover-to-cover and it was the best thing I ever did for myself.  The text has plenty of exercises; do them and you will walk away understanding the concepts.

I don’t know what’s the matter with people: they don’t learn by understanding, they learn by some other way — by rote or something. Their knowledge is so fragile!

Richard P Feynman (1918 – 1988)

The most profound lesson I discovered is that DM is learning how to communicate in the language of mathematics.  It is a lot like English composition, except the syntax and statements involve logic and mathematical thought, you learn how to write by writing essays.  Lots of essays.  In DM you write proofs.  Lots of proofs.  I found that doing proofs was similar to writing programs — especially inductive proofs.  It is not a coincidence that programming languages are modeled after mathematical statements, structures, and objects.  I know my study of DM has made me a better software developer.

So study your discrete mathematics, kids, and who knows what you will be able accomplish.  Check out what some supposed CS  people did with their discrete math knowledge below.  I leave the proof up to you, my dear reader 😉

Related articles

Why our Government will Never Solve the Cyber Security Problem

25 Monday Nov 2013

Posted by in Cyber Security Research

1 Comment

Tags

, , , ,

One only needs to look at the healthcare.gov debacle as an example.  Software development of this scale needs agility; fast iterations to get all the ideas, both good and bad, on paper.  Everything form the user experience to how data will be stored, accessed, and verified must be hammered out on paper before coding begins.  But agility, as I can tell you from my own experience, rarely happens when a government (or any large, bureaucratic) entity is involved.  From the reports I have read, these poor developers did not get the go ahead to implement until March or April.  With an October deadline, that leaves very little time for rigorous testing of any software solution.  I am not defending the developers, they made missteps too, including not having the in-house capability to handle such a colossal technical task.  There is a lot of blame to go around.

Success is rarely determined by the quality of your ideas. But it is frequently determined by the quality of your execution.

Atwood (Coding Horror), Jeff (2012-07-04). Effective Programming: More Than Writing Code (p. 45). Hyperink – Guide to Effective Programming. Kindle Edition.

It has been my personal experience that if you give a great idea to a mediocre group of people, they will mess it up.  On the other hand, give a mediocre idea to a great team and they will not only make it happen — they will make it better.

Secondly, cyber security is hard problem.  Let me illustrate with a simple analogy: Think of cyber defense as a sphere of Swiss cheese, and this ball of cheese is as big and ever expanding as our universe.  The holes, also infinite, are all the possible vulnerabilities of the system.  There is a very small subset of holes (vulnerabilities) we know about and we can “fix” or plug them (actually, this is not always possible.  There are vulnerabilities that we do know of but no practical fix exists… yet).  We cannot possibly plug every hole.  Attackers only need to find one good hole, or maybe a small handful of holes, to compromise a system.  The defenders have to be vigilant everywhere all the time; its an asymmetric problem.  And I haven’t even addressed the case where an attacker, like a mouse, worms its way in making a new hole.

Now, I know what you must be thinking: “Ok smart guy.  What’s the answer?”  Frankly, I am not sure there is one or will ever be one.  Lots of very smart people in academia, government, and industry, have been working this problem since the beginning of this whole Internet phenomenon.  And all we have to show for it is a handful of anti-virus (AV) and intrusion detection systems (IDS).  Some products are more effective than others but they don’t catch everything.  Attackers still persist.  Becoming more sophisticated, more determined.

So, lots of bright people have tackled, are still tackling this problem, and still no solution.  There may never be a solution.  Does that mean we should curl up into a fetal position, sucking our thumbs while crying, “mommy”?  No!  This is what makes research so exciting.  How to turn the attacker’s asymmetric advantage against them?  There are many interesting research ideas proposed.  However, one thing is certain: we will never solve these problems if our government keeps acting they way it has been lately.

Governments will always play a huge part in solving big problems.  They set public policy and are uniquely able to provide the resources to make sure solutions reach everyone who needs them.  They also fund basic research, which is a crucial component of the innovation that improves life for everyone.”

Bill Gates

If congress seriously wants to “win the war on cyber-terrorism”, or prevent a “cyber-9-11” event, they must quit their sequestration/shutdown shenanigans.  There are organizations active in researching ways to defend our critical infrastructures but they are hamstrung by congress’ actions — er make that in-action.  It is hard to do your job when your representatives aren’t doing their jobs.