Frederick Giasson – Page 122 – Machine Learning, Engineering & Data

On Writing – A letter to myself… Ramblings on knowledge, ideas and writing

January 1, 2005May 21, 2006 Frederick Giasson

On Writing

A letter to myself… Ramblings on knowledge, ideas and writing

My first reader is myself. Why am I writing? For myself, to help me manage my knowledge; help me to structure my thoughts; help me to get a trace of what I thought at a specific time in my life. Why now and not before even later? I really don’t know. I just start to find the benefit of writing. How I found it? By writing; as a child I wasn’t literate oriented; I was playing in the woods, hunting everything that moved. Eventually I worked in a library. I was young; I hadn’t really read books by myself before. I checked them, I manipulated them and I fall in love with them. Since then, I was ordering hundreds of books at my local library and at Amazon; books on any type of subjects. Since then, hundreds, thousands of worlds opened to me at once. I was privileged to be in touch with other human beings’ ideas. If someone writes a thing, it’s because there is an idea behind it. Ideas are the fuel of Knowledge. Reading something is trying to get the fuel to understand the knowledge generated by it combustion. The possibilities are awesome. You can get the knowledge you just learn, get it as is; interpolate from it; extrapolate from it; infer with it; put it in relation with other bit of knowledge you have; then find new knowledge or meanings. Everything can be knowledge; knowledge is everywhere just waiting to be understood. Writing is a way to understand it, to communicate it and to archive it.

People that had read my about section know that I started to write this blog to increase my English skills. Why do I write on security? Because it’s a field of interest and that I have things to write about. Sometime I can be right; sometime I can be wrong. In both cases the aims are the same: learning, understanding and sharing.

Do I have readers other then me? Probably some. Do people syndicate my blog? I don’t have idea. Do people like what I write? Some possibly, other no. Do I care? I’m not too sure. I first write for myself. I share on the web what I write in the case that one person can find one of my thought useful to himself. If I upgrade my English skills by writing this blog, if I learn from my search and from others’ comments and if I succeed in being understood then my goals are fully reached.

I bought the Oxford’s essential Guide to Writing this Christmas. I just started to read it in parallel with The Da Vinci Code (Yeah I know, I’m a little slow on this one) and I found it a really interesting writing. Thomas S. Kane gets to the point and had written some really interesting things that everyone loves been remembered:

… And so people say, “I can’t think of anything to write about.”

That’s strange, because life is fascinating. The solution is to open yourself to experience. To look around. To describe what you see and hear. To read. Reading takes you into other minds and enriches your own. A systematic way of enriching your ideas and experiences is to keep a commonplace book and journal.

I’ll also rewrite his introduction that is really inspirational:

Two broad assumptions underlie this book: (1) that writing is a rational activity, and (2) that it is a valuable activity.

To say that writing is rational means nothing more than that it is an exercise of mind requiring the mastery of techniques anyone can learn. Obviously, there are limits: one cannot learn to write like Shakespeare or Charles Dickens. You can’t become a genius by reading book.

But you don’t have to be a genius to write clear, effective English. You just have to understand what writing involves and to know how to handle words and sentences and paragraphs. That you can learn. If you do, you can communicate what you want to communicate in words other people can understand. This book will help by showing you what good writers do.

The second assumption is that writing is worth learning. It is of immediate practical benefit in almost any job or career. Certainly there are many jobs in which you can get along without being able to write clearly. If you know how to write, however, you will get along faster and farther.

There is another, more profound value to writing. We create ourselves by words. Before we are businesspeople or lawyers or engineers or teachers, we are human beings. Or growth as human beings on our capacity to understand and to use language. Writing is a way of growing. No one would argue that being able to write will make you morally better. But it will make you more complex and more interesting—In a word, more human.

Is there anything that I can say after these words? Only one thing, Have a happy new year!

Story of an English traveler in Delhi

December 27, 2004May 21, 2006 Frederick Giasson

Story of an English traveler in Delhi
Psychology or awareness problem? The outcome is the same, he was rubbed.

I came around this interesting story of an English traveler in India.

The guy was trying to get a rickshaw that spoke English at the door of his hostel. Soon he gets one and an Indian English speaking lad of a certain age intercepted him:

“Sorry Sir, can I go with you? Will share the price of the run.”
It’s rare that I saved money on such a deal. “Yeah sure.”

Then they get in and drove down in Delhi’s streets and alleys. Our traveler, we’ll call him John, had remarked that the rickshaw was always stopped. The causes were always rickshaw malfunctions.

Soon they were in a dark alley of the old Delhi. One of the wheels had problem and forced the rickshaw to stop. All around there were just beggars, wearing drab and dusky clothes, sleeping near pestilential smelling detritus.

I was checking for the situation; no one was moving, my rickshaw companion was waiting after the driver, smiling. I get out of the rickshaw; I give 10 rupees to the driver.
“I’ll check for another rickshaw, thank for the run.”
“No, No!! I’ll repair the rickshaw soon; it’s just a little problem. No, don’t leave! Everything will be okay soon. Please!”
I tried to get another rickshaw; I seen no one; I was alone, with two Indians and a broken rickshaw in an somber alley of Old Delhi. I had nothing to do other than waiting and hoping. I seated back into the rickshaw.
My companion had just got out of his bag a bottle of water.
“In India, it’s in our tradition to share our food with our fellows. Take.”
“No thank, I’m not thirsty; thank a lot”
“No, no, take it, it’s in our traditions.”
“No, I don’t want it, thank a lot, but I don’t need it, thank”
Then he leaved me alone with his water.
I saw him getting cookies out of his dam bag.
“In our country, we are not rich, we don’t have many food, but we share our food with our fellows, take this cookie, it’s in our tradition to share.”
“No thank, I really don’t want this cookie, thank.”
“No, get it, it’s in our tradition! You can’t offend it like this!”
Then, knowing that it was not the thing to do, I don’t know why but I got the cookie and putted it in my throat. I knew that I was in trouble when the cookie was in my stomach. I feel asleep, my head had fallen on a metal bar on my side, and I was KO.
Some times later, I was lying in a ruin; dry blood in my hairs and sores all around the body. I didn’t know where and what was the time. I wasn’t in pain… I was… in another world…

The story is talking by itself. Everybody knows that they need to be aware of drugged food. Don’t take food from strangers; my mother said to me when I was young. This advice is good anywhere in the world even in your neighborhood.

What is interesting in this story is the cultural side of it. You are a foreigner; you travel to a new country to meet new people and cultures. Then what you do in this situation? You don’t want to obfuscate them. You are here to learn their habits. You started with this minding, then, going against it is not coherent. You know that you can be in troubles, but your mind seem to bypass your awareness. This situation is more a question of psychology then a question of awareness; you need to be consistent with your thoughts. It can seem stupid but it’s the reality. Many of these tricks can be used by marketing peoples. An excellent book on the subject is Influence: Science and Practice by Robert B. Cialdini.

Read the story, ask you what would be your reaction in this situation and hope that it will really be your if the situation arise.

What’s the cost of a nuclear weapon? – Get back the field agents

December 26, 2004May 21, 2006 Frederick Giasson

What’s the cost of a nuclear weapon?
Get back the field agents

When I read this article I was thinking of a post that I wrote some months ago.

This article restart the question: Why field agents are essential in information gathering? There was a shift in the nineties to cut off field agents and put efforts of information gathering on airwaves or wires taping. As I said, it’s probably a big mistake decry by many CIA agents. Hopefully the CIA had infiltrated the ground in 1990. They had been able to get prime information on the network; they used it and put down Khan’s network around the world. Some expert critic the delay of the intervention. I’m not in position to put an opinion on that fact but my point is that without well trained field agents I don’t think that the modus operandi of the network was ever discovered. Don’t forget that other such networks can exists or can emerge from the ashes of Khan’s network. There is probably money to do and power to get.

This rise a question: how can cost a nuclear bomb? This question is interesting when you consider some things. First, it’s a very specific type of traffic with quite few clients. The risk is greater than narco-traffic and narco-traffickers can do billions of dollars. Then how can cost a nuclear bomb?

Rogue states can afford it. Big criminal groups can probably too. What’s the real danger of such a situation? I don’t think that anybody know the answers to such questions. We can only guess the threat by analyzing the short know history of it.

The operating system oriented security debate is restarted – Phase 2

December 20, 2004May 21, 2006 Frederick Giasson

The operating system oriented security debate is restarted – Phase 2
Examples of what I was saying.

Some days ago I was saying:

“What about the configuration? The complexity of an Operating System with all their services, applications and connectivity hardware is not to forget. A program or a service can be well programmed; without any programming bugs; but only a bad configuration can lead to a security hole. You’ll tell me: Yes but the programming is perfect, without bugs then it’s impossible that such a thing append; if it happened then the cause is the user, not me, so it’s not mine. If you build a hell to configure system then yes it’s your problem. The interaction between a program and their plug-ins or a program with other programs can lead to unexpected behaviors. Usability is probably as important as programming practices”

As you can read, it was not really a great discovery. But today, while reading my blogs entries, I was amused by some of them. Let me point them.

First, Google Desktop. As you can read in the New-York Times:

“The glitch, which could permit an attacker to secretly search the contents of a personal computer via the Internet, is what computer scientists call a composition flaw – a security weakness that emerges when separate components interact. “When you put them together, out jumps a security flaw,” said Dan Wallach, an assistant professor of computer science at Rice in Houston, who, with two graduate students, Seth Fogarty and Seth Nielson, discovered the flaw last month. “These are subtle problems, and it takes a lot of experience to ferret out this kind of flaw,” Professor Wallach said”

It’s probably one of the best examples of the phenomenon I was talking about two days ago. It’s sure that these problems are really hard to find and need imagination to discover them. But the point I want to bring is that the security of a program isn’t just in function of his code quality. Two programs can be without security flaws but together, security holes appear.

A post from Peter Torr also worth the reading. He was writing about Firefox and its appearance of security. Sure the code is probably not too bad, but some of the features (including the download and the installation) are obscures. So, my two pennies in the conversation is just to emphasis on the plug-ins point. I already said it before but please take care of smalls and cools plug-ins. As Peter said it, you don’t have any way to check their authenticity.

What’s cool with Firefox is that it’s a potentially slim browser, that you can change at will, with the features you want. The principle is great but also paradoxical when you have security in mind. Probably that Firefox is or will be well studied to upgrade and patch security, but will it be the case with all available plug-ins on their website? Let me doubts. The solution? Probably the certification of them. The feasibility? Near null for the moment.

Finally I don’t say to stop using it and not using the cool plug-ins available; but only to be aware of the situation when you are using these types of softwares.

The operating system oriented security debate is restarted.

December 18, 2004May 21, 2006 Frederick Giasson

The operating system oriented security debate is restarted.
Please stop your child plays.

I read today an article on Wired News that restart the debate on Linux versus other operating system security issues. The conclusion is:

0.17 bugs per 1,000 lines of code in the Linux kernel
20 to 30 bugs per 1,000 lines of code for commercial software

These statistics have been collected by the Carnegie Mellon University’s CyLab Sustainable Computing Consortium. The problem with these numbers is that they tell nothing. Fine, theoretically I have less chances that my Linux kernel had bugs that cause security threats. It’s sure that there are chances that the core (open source) of an OS was more studied than the softwares he runs. It’s exactly the present situation.

What about all other things that come with all Linux distributions? Are they as studied as the Kernel? Let me doubts about it.

What about the configuration? The complexity of an Operating System with all their services, applications and connectivity hardwares is not to forget. A program or a service can be well programmed; without any programming bugs; but only a bad configuration can lead to a security hole. You’ll tell me: Yes but the programming is perfect, without bugs then it’s impossible that such a thing append; if it happened then the cause is the user, not me, so it’s not mine. If you build a hell to configure system then yes it’s your problem. The interaction between a program and their plug-ins or a program with other programs can lead to unexpected behaviors. Usability is probably as important as programming practices.

How can they resume computer security risks with lines of code? Is anyone can tell me this?