Thursday, January 31, 2008

Paul's Heros: Bruce Schneier

There is a limited place in my mind for the people who I hold in the utmost respect.

Bruce Schneier is one of those people for whom I have that pinnacle level of respect. Bruce is uniquely talented as a writer of very complicated technical materials, yet makes it understandable by dopes like me. Without Applied Cryptography I would have never really understood some of the implementations of cryptographic techniques.

What I admire most about Schneier is that he is somewhat of a maverick in the Security field. He does not assume the posture of an authority figure and use fear as a tool to push his ideas.

In his book, Beyond Fear, Schneier uses his easily digestible style of writing to communicate the role of fear in security. From the beginning Schneier differentiates the concepts of actual security and perceived security, or what he coined "Security Theater". He explains that the two are equally important and that a good security system should have elements of both.

Unfortunately people don't listen to people like Bruce. The fear soaked rhetoric and sensationalism of other security experts tend to stick in the minds of the unanalytical masses.
Regardless of his lack of mass appeal, Bruce Schneier's blog should be on your short list of frequently read content.

http://www.schneier.com/blog/

Bruce, you're alright.

Monday, January 28, 2008

The Lefty Advantage

Like my fellow 10% of the population I write with my left hand.
As other lefties can relate, the world is not made for us. We all learned that we need to adapt on our own.
I find that this permeates through lefties personalities. For our entire lives we've needed to find ways to overcome the challenges that the right handed world presents us.
I chose to use my right hand for many things: scissors, sports, eating. As a result, I am moderately ambidextrous.
As a side effect, adapting to conditions has never bothered me. I never plan things out in greater detail than I need to. Deviations from a plan are not a big deal. My world is not rigid.
There are people who are not so adaptable or welcoming to change. I bet most of them are righties.

Failure is not a bad thing

Recently I attended the Code Freeze 08 conference. The theme of the conference is innovation. There were three speakers who talked to the culture of innovation. The first speaker, Mark Striebeck, represented Google and described Google's culture. From the description, we could clearly see that Google values innovation.
Compared to the companies that I've worked for the differences are huge. Aside from the company provided food and concierge service, Google also encourages their people to try things that may very well fail. Google values the knowledge learned from failing. I can think of one time that I had a boss who didn't mind that a project we participated in failed to achieve its goal. Every single organization I have worked for since would treat that failure as a demerit. The phrase that I gleaned that sums up the philosophy of constructive failure is "Fail Quickly".
Hey Google, you're my kind of company.
I have to admit that most of my own personal breakthroughs have been through experimentation and failure. I always found that I didn't learn much in my classes by following the prescribed experiments--deviating from them often yielded far more interesting results. Unfortunately for my academic records, it wasn't until my senior year in high school that I learned how I was really being evaluated on science labs--Pro Tip: treat a science lab like a fundamentalist religion, read one chapter ahead of the lab material and find the principle that the lab is trying to illustrate. Instead of simply following the instructions and making observations, figure out how the instructions are trying to illustrate the principal and make sure that your steps help facilitate that. A little bit of direction helps a lot.
Oops didn't learn that tip until most of my secondary education was complete. Instead, I used to play with the materials and try to observe the results of messing around with the lab materials. You know, really learn something. Say for example when we had a lab on the principles of serial and parallel wiring in electricity. Sure you get the basics out of the way, but what if you were to combine batteries with your friends and put about a dozen D cell batteries in a series, what would that do to the light bulbs in the circuit? What if we replace the bulb portion with steel wool. Whoa, we didn't it to ember up like that. Now that's an experiment. The teachers didn't see it that way. There were more than a few times that I'd end up in the Vice Principal's office for conspiring my classmates to destroy lab equipment.
But I digress, the freedom to experiment is ultimately a good thing. It's been a while since I have really had the freedom to innovate at work, but it happens from time to time. The last time I was able to create something truly innovative was when I wasn't really part of any project and I could spend a few days experimenting with some ideas. It's been quite a while since I've been able to do that.

Tuesday, January 15, 2008

My take on some of the effects of piracy.


This is my opinion on piracy: in the grand scheme of things it's a good thing.
There are many forms of piracy: but it all comes down to making a copy of intellectual property, IP.
Those who sell that intellectual property, be it as a book or a CD, a movie, or as software will claim that copying that IP is stealing. What are you stealing? You are stealing the opportunity to pay them for the IP. They will claim that you benefit from that IP without compensating them for it. Odd that they aren't apt to compensate people for their time when the IP turns out to be a waste of the audience's time.
Here's the thing, there's are two assumptions that content sellers are trying to sell: people who pirate content would have purchased the IP had they not pirated it, and sales are from people who do not pirate content. There is a third group, those who pirate and purchase content.
There are two extremes. On the one hand you have people who exclusively pirate who take content. They will never ever pay for content. Consider them the same as those who books, music, and movies from the library and will use freeware alternatives to commercial software. They aren't going to buy content no matter what.
On the other extreme you have the people who will buy content at every opportunity. Take a look around my inlaws house and you'll see a mess of books, cds, and dvds, all legally purchased. Oh, BTW, they won't load any of those DVDs onto their iPods because the content sellers say it's piracy and my in laws comply.
Between those two groups is everybody else. We all "pirate" content in one way or another. We borrow books and CDs from each other. We lend a DVD to a friend. We load MP3s onto iPods etc. There are even some of us who will download software, movies, books, and music. There are opportunities for purchase that pirating takes away. I borrowed a DVD, or downloaded it, and therefore I choose not to buy it for myself. There are also opportunities for purchase that are created also. I borrowed a DVD that I really like, or I downloaded it, and I want to add that to my collection.
It is difficult to measure how these groups affect each other. It is a complicated issue.
What I see in content sellers is that they are doing two things to try and stop piracy: they try to make examples of pirates in court, and they try to make piracy difficult.
Both of these approaches are damaging. Legal bullying is a wellspring of bad PR. Having trade group lawyers argue that things that most people feel is fair use, e.g. putting music from CDs on an iPod is illegal, is not going to win any sympathy towards content sellers.
The second tact of trying to make piracy difficult is also counter productive in a similar vein. Most of the so called piracy safe guards makes the legitimate use of purchased content more difficult. That is, those who pay for the content are experiencing a lesser experience than those who just pirate the content.
Pirates will filter the safeguards and take only the content.
The content sellers, especially the music industry really treat their customers like criminals. Look at what Sony did with the root kits that they snuck into some of their CDs back in 2005. What they did was install software onto their customers' computers that allowed people at Sony to look at the content of the customers' computers. They had free reign to do what they want. If I did this to you, I could go to jail. I'm not sure why Sony hasn't faced any legal problems.
I see piracy as a market force. It is impossible to stop it.
What I would like to see is a paradigm shift in the way that IP is sold that embraces piracy, i.e. it uses the force of piracy as a way to benefit those who sell content. The first people to do that, will benefit immensely. The important question is how?
If I may, I think I'll infringe on some IP by saying, "ay, there's the rub"

Tuesday, January 8, 2008

The best television program I ever saw

An evening that I consider to be a pivotal moment in my life was one night as a child spent watching the Tonight Show with Johnny Carson. Johnny's guest, James Randi, or the Amazing Randi, showed how many people misuse the principles of magic for fraud. Randi showed how mentalists can easily bend silverware, how mediums can cause tables to shake and levitate in a "seance", and how people performed "psychic surgery".
Randi's approach is to show how a person could produce the same illusions that so-called psychics were claiming as authentic supernatural phenomena. Silverware can be bent through slight of hand techniques and discretely applying pressure to the silverware, a slipping a toe under one of the legs of a table can give a person complete control over it when they apply downward pressure with their hands, and some blood and chicken parts can be palmed by a person and then produced from someone's belly--it's really the same trick as pulling a coin from someone's ear, just bloodier.
Randi's explanations turned me towards a skeptical path that I have since traveled. I viewed outrageous claims with a skeptical eye. I always sought to find a more simple solution than magic or pseudo-scientific explanations.
This was a huge breakthrough for me. At that time I was living between two worlds. In one world I was learning to use the scientific method and discovering how to explain the physical world. I loved finding scientific explanations for things that I could not explain through the scientific method. Observing something, hypothesizing as to how it happens, creating an experiment that supports/refutes that hypothesis, analyzing the data and drawing conclusions from the data.
In the other world I was told that there is mystical power that created everything and interacts with our daily lives. One hour of every week I would hear how real this god and Jesus are. My whole family believed this. I went to a school that taught the Catholic faith alongside science. Everywhere I turned were christians who basically believed what I was being taught by others to believe.
At this point I knew things to be true for two reasons: I could observe them and provide an explanation for them through observable and reproducible steps, or someone told me it's true because it's in the bible.
That night of seeing Randi explain supernatural claims tipped the scales towards my skepticism.

Not so bored

Sweet, my project is kicking off this week. No lapse and now I need to hustle to get those two weeks of work done in, about a week and a half.

Monday, January 7, 2008

Boredom, that time of year

It's the beginning of the year at my company. That means that new projects are afoot.
There are about 2 weeks of work scheduled for me until I am scheduled to work on the big project. Unfortunately, the big project's about 3 weeks out.

Wednesday, January 2, 2008

What a way to start the year!

Yesterday I had an incredible breakthrough in understanding myself and why I've done things the way that I have. I realized yesterday morning that from an early age I've lived my life with a fear of rejection. I tracked the origin to a series of multiple events when I was only 11 and 12 that shaped the way I behaved for a good 20 or so years!
The better part of my youth was spent coping, poorly, with this fear. I don't think I really got over it until I made something out of myself professionally.
Part of my coping process caused me to behave in a hurtful way towards people. If you know me, and feel that I've hurt you with my words or actions, I ask you to accept my sincerest apology. It was unfair for me to do that to you.
Have a good year!