Tuesday, December 27, 2016

Evolution of an Algorithm

In linear algebra, the Coppersmith–Winograd algorithm, named after Don Coppersmith and Shmuel Winograd, was the asymptotically fastest known matrix multiplication algorithm until 2010. It can multiply two  matrices in  time. This is an improvement over the naïve  time algorithm and the  time Strassen algorithm. Algorithms with better asymptotic running time than the Strassen algorithm are rarely used in practice, because the large constant factors in their running times make them impractical. It is possible to improve the exponent further; however, the exponent must be at least 2 (because an  matrix has  values, and all of them have to be read at least once to calculate the exact result).
In 2010, Andrew Stothers gave an improvement to the algorithm,  In 2011, Virginia Williams combined a mathematical short-cut from Stothers' paper with her own insights and automated optimization on computers, improving the bound to  In 2014, François Le Gall simplified the methods of Williams and obtained an improved bound of 
The Coppersmith–Winograd algorithm is frequently used as a building block in other algorithms to prove theoretical time bounds. However, unlike the Strassen algorithm, it is not used in practice because it only provides an advantage for matrices so large that they cannot be processed by modern hardware.

Source: Wikipedia, Coppersmith–Winograd algorithm

Karatsuba Fast Multiplication Algorithm

The Karatsuba algorithm is a fast multiplication algorithm. It was discovered by Anatoly Karatsuba in 1960 and published in 1962. It reduces the multiplication of two n-digit numbers to at most  single-digit multiplications in general (and exactly  when n is a power of 2). It is therefore faster than the classical algorithm, which requires n2 single-digit products. For example, the Karatsuba algorithm requires 310 = 59,049 single-digit multiplications to multiply two 1024-digit numbers (n = 1024 = 210), whereas the classical algorithm requires (210)2 = 1,048,576.

The Karatsuba algorithm was the first multiplication algorithm asymptotically faster than the quadratic "grade school" algorithm. The Toom–Cook algorithm is a faster generalization of Karatsuba's method, and the Schönhage–Strassen algorithm is even faster, for sufficiently large nSource: https://en.wikipedia.org/wiki/Karatsuba_algorithm

Pseudocode:
procedure karatsuba(num1, num2)
  if (num1 < 10) or (num2 < 10)
    return num1*num2

  // calculates the size of the numbers
  M = max(size_base10(num1), size_base10(num2))
  N = M/2

  // split the digit sequences about the middle
  high1, low1 = split_at(num1, N)
  high2, low2 = split_at(num2, N)

  // 3 calls made to numbers approximately half the size
  z0 = karatsuba(low1,low2)
  z1 = karatsuba((low1+high1),(low2+high2))
  z2 = karatsuba(high1,high2)

  return (z2*10^(2*N))+((z1-z2-z0)*10^(N))+(z0)

Implementation:
public static BigInteger karatsuba(BigInteger x, BigInteger y) {

  // cutoff to brute force
  int M = Math.max(x.bitLength(), y.bitLength());
  if (M <= 2000) return x.multiply(y); // optimize this parameter
  
  // number of bits divided by 2, rounded up
  int N = (M / 2) + (M % 2);
  
  // x = a + 2^N b, y = c + 2^N d
  // x = low1 + 2^N high1, y = low2 + 2^N high2
  BigInteger high1 = x.shiftRight(N);
  BigInteger low1 = x.subtract(high1.shiftLeft(N));
  BigInteger high2 = y.shiftRight(N);
  BigInteger low2 = y.subtract(high2.shiftLeft(N));
  
  // compute sub-expressions
  BigInteger z0 = karatsuba(low1, low2);
  BigInteger z1 = karatsuba(low1.add(high1), low2.add(high2));
  BigInteger z2 = karatsuba(high1, high2);
  
  return z0.add(z1.subtract(z0).subtract(z2).shiftLeft(N)).add(z2.shiftLeft(2*N));
}

Source: http://introcs.cs.princeton.edu/java/99crypto/Karatsuba.java.html

Tuesday, December 13, 2016

Товьёгтой, нийлмэл PDF файл үүсгэх нь

Хичээлийн улирлын эцэст, шалгалтын өмнөхөн, оюутнууд бид баахан PPT, PDF файл сөхөж харах хэрэгтэй болдог. Жишээлэхэд миний одоо авч буй Network & Internet Security хичээл гэхэд л 37 PPT, PDF файл хосолсон слайд, нэмэлт унших материалтай. Энэ бүх файлыг нэгбүрчлэн нээнэ гэдэг их төвөгтэйн дээр, нэгдсэн хайлт хийх боломжоор тун маруу.

PPT файлыг PDF формат руу хөрвүүлээд, гарсан PDF файлуудаа Линуксын pdfunite коммандаар хялбархан нэгтгэж болох ч, товьёг гаргаж өгдөггүй болохоор баахан чамлалттай. Нэг том PDF файл дотроо хүссэн хичээл рүү гээ үсэрч чадаж байвал нь дөхөмтэйсэн.

Ямартай ч, хичээлийнхээ слайдыг бүгдийг нь PDF рүү хөрвүүлчихлээ. pdfdir гэх нээлттэй эхийн програм ашиглаад товьёгтой, нэг том PDF файл үүсгэх гэтэл алдаа заагаад болсонгүй. Алдааг нухаж байх зав байсангүй тул, дараагийн програм болох Sejda Console-г туршиж үзэв. 

sejda-console merge -b one_entry_each_doc -f $(ls netsec/*.pdf) -o NetSec-All-Slides.pdf

Ер нь яг санаснаар нэгтгэж байна. Гарсан үр дүн нь энэ:


Хичээлийн хуваарь болон шалгалтын асуултын тоймыг хамгийн эхэнд тавьж өгөөд, өнөө 37 слайдаа бүгдийг нь нэгтгээд авлаа. Нийт 2,536 хуудастай томоо PDF файл үүсч. Одоо ингээд хичээлийн бүх слайдаас нэг дор хайлт хийх, хүссэн хичээлийн, хүссэн сэдэв рүү хулганы нэг товшилтоор очих боломжтой болов. 4 хоногийн дараах шалгалтаас өмнө лав бүх слайдаа хэд гурав гүйлгээд харчих нь ээ. Болоо ш дэ :)

Өөр бас нэг анзаарсан зүйл нь хэрэв тусдаа байгаа PDF файлуудаа эвтэйхэн паттернтай нэрлэчихвэл нь паттерн тус бүрээр PDF файл үүсгэж болох нь. Жишээ нь энэ хичээлийн слайдууд дараах үндсэн гурван төрлийн слайдуудаас бүрдэж байгаа: 1) Corporate Computer Security ном; 2) CERT-ийн слайд; 3) Cisco-н слайд.

Corporate Computer Security номын слайдын нэр '-bk' тэмдэгт агуулж байгаа тул доорх коммандаар зөвхөн энэ номын слайдуудыг нэгтгэж болох нь:
sejda-console merge -b one_entry_each_doc -f $(ls netsec/*-bk*.pdf) -o CorpCompSecBook.pdf

CERT-н слайдын нэр '-cert' тэмдэгт агуулж байгаа тул доорх коммандаар зөвхөн CERT-н слайдыг нэгтгэж болох нь:
sejda-console merge -b one_entry_each_doc -f $(ls netsec/*-cert*.pdf) -o CERT-Slides.pdf

Cisco-н слайдууд 'Cisco' тэмдэгт агуулж байгаа тул доорх коммандаар зөвхөн Cisco-н слайдуудыг нэгтгэж болох нь:
sejda-console merge -b one_entry_each_doc -f $(ls netsec/*Cisco*.pdf) -o Cisco-Slides.pdf

Эцэст нь, ингэхэд энэ нөхөр ямар файлуудыг нэгтгэчихэв гэж та гайхаж байж магад. Хариу нь энэ:
[bsanchin@bsanchin-linux netsec]$ ls -1 | while read f; do du -h $f; done | awk '{print $2, $1}' | column -t
W00-1-Syllabus.pdf                                                   384K
W00-2-Final_Exam_Study_Topics.pdf                                    288K
W01-bk1-The_Threat_Environment.pdf                                   7.2M
W01-bk2-Planning_and_Policy.pdf                                      9.5M
W01-cert-Governance.pdf                                              1.1M
W01-cert-Risk_Management.pdf                                         1.2M
W02-Ch01-Cisco-Introduction_to_Switched_Networks.pdf                 464K
W02-Ch02-Cisco-Introduction_to_Switched_Networks.pdf                 1.3M
W02-Ch03-Cisco-WLANs.pdf                                             896K
W02-Ch04-Routing_Concepts.pdf                                        1.7M
W03-cert-Demystifying_IPv6.pdf                                       3.2M
W03-IP_Fundamentals-CCNA1v3.1_Mod09.pdf                              1016K
W03-The_OSI_Model_and_Security.pdf                                   896K
W04-bk-Security_Networks.pdf                                         9.3M
W04-cert-LAN_security_using_switch_featuresv2.pdf                    1.8M
W04-Suppl1-Securing_the_LAN.pdf                                      5.2M
W04-Target_Breach.pdf                                                5.2M
W05-cert-Network_Security-Wireless.pdf                               1.1M
W05-Merging_LANs,_WLANS,_and_controller-based_Wireless_Networks.pdf  2.8M
W06-bk-Access_Control.pdf                                            12M
W06-cert-Network_Access_Security.pdf                                 1.7M
W06-Password_Recovery_Procedure_for_the_2600_Router.pdf              20K
W07-bk-Firewalls.pdf                                                 12M
W07-cert-Network_Security_Enterprise_Tools.pdf                       2.1M
W08-bk-Host_Hardening.pdf                                            9.1M
W08-cert-Network_Security_Host_Hardening.pdf                         688K
W09-bk-Data_Protection.pdf                                           8.0M
W09-cert-Mobile_Device_Security.pdf                                  4.4M
W09-cert-Threats_to_Mobile_Device.pdf                                2.4M
W09-Implementing_VPN_-_Cisco-CCNA.pdf                                4.5M
W10-cert-Insider_Threat.pdf                                          3.2M
W11-bk-Application_Security.pdf                                      6.0M
W11-Common_Developer_Crypto_Mistakes.pdf                             372K
W12-bk-Data_Protection.pdf                                           7.4M
W13-bk-Incident_and_Disaster_Response.pdf                            8.6M
W13-cert-IncidentHandlingResponse.pdf                                1.9M
W14-cert-Cloud_Computing_Security.pdf                                2.2M
W15-MS-cert1-Mobile_Threats.pdf                                      2.4M
W15-MS-cert2-Mobile_Device_Security.pdf                              4.4M
[bsanchin@bsanchin-linux netsec]$ 

Яг энэ постыг уншаад сууж байгаа эрхэм та оюутан бол шалгалтанд тань өндөр амжилтыг хүсье! 

Monday, November 21, 2016

How to learn entire 4-year MIT curriculum for computer science, without taking any classes just in 12 months?

Scott H. Young's MIT Challenge is definitely worth to review. See here for more information: https://www.scotthyoung.com/blog/myprojects/mit-challenge-2/

Picture source: https://www.scotthyoung.com/blog/myprojects/mit-challenge-2/

Sunday, November 20, 2016

The Art of the Finish: How to Go From Busy to Accomplished

Дээрх гарчигтай, нэг ийм сонирхолтой блог пост олж уншив. Доорх хэдэн өгүүлбэр аргагүй анхаарал татах ажээ:

From my experience, the most common trait you will consistently observe in accomplished people is an obsession with completion. Once a project falls into their horizon, they crave, almost compulsively, to finish it. If they’re organized, this might happen in scheduled chunks. If they’re not “like many” this might happen in all-nighters. But they get it done. Fast and consistently.

It’s this constant stream of finishing that begins, over time, to unlock more and more interesting opportunities and eventually leads to their big scores.

If you are productive without harboring this intense desire for completion, you will end up just being busy. We all know the feeling. You work all day off of your to-do list. Everything is organized. Everything is scheduled. Yet, still, months pass with no important projects getting accomplished.

Эх сурвалж / Source:
Cal NewportThe Art of the Finish: How to Go From Busy to Accomplished, 2007, https://www.scotthyoung.com

Tuesday, November 15, 2016

Becoming an Expert: The Elements of Success

FarnamStreet-ийн нийтлэлүүдийг би бээр боломж л гарвал уншиж байдаг юм. Бүтээмжээ хэрхэн өргөх вэ?, хэрхэн цэгцтэй, далайцтай бодож сэтгэх вэ?, хэрхэн төвлөрөх вэ? гэх мэтчилэн асуултуудад хариу олохоор байнга эрэлхийлдэг нь энэ блогийн нэг гойд онцлог. Өнөөдөр 'Becoming an Expert: The Elements of Success' нэртэй нийтлэл хэвлэгдсэн нь бүтээмжийн талаар сүүлийн 10 жилд гарсан бүх сайн номын санааг базаад тавьсан мэт сэтгэгдлийг төрүүлэв. Барбара Өөклийн номон дээр chunking гэсэн ойлголтын талаар тайлбарладаг. Бүхэл бүтэн номыг нь уншсан хэрнээ, дөнгөж сая л учрыг нь ухаж ойлгов, би. Сонин юм шүү. За юутай ч, эргээд дахин дахин уншина, холбоосоор байгаа бүх номыг нь олж уншина гэж төлөвлөөд, 'Becoming an Expert: The Elements of Success' нийтлэлийн холбоосыг энд аваад ирье.

Monday, November 14, 2016

Three Months

The seeds of major software disasters are usually sown in the first three months of commencing the software project. Hasty scheduling, irrational commitments, unprofessional estimating techniques, and carelessness of the project management function are the factors that tend to introduce terminal problems. Once a project blindly lurches forward toward an impossible delivery date, the rest of the disaster will occur almost inevitably.

T. Capers Jones, 1988 Page 120

Одоо үзэж байгаа хичээлийн слайд дунд энэ ишлэл байх аж. Яг ямар номны 120 дахь хуудас болохыг нь гүүглдээд, 3 минутын дотор олж амжсангүй. Юутай ч, үнэний хувьтай санагдсан тул энд аваад ирлээ.

Monday, November 7, 2016

Predicting Pregnancy

The first part is easy. Target has a baby shower registry in which pregnant women register for baby gifts in advance of the birth of their children. These women are already Target shoppers, and they’ve effectively told the store that they are pregnant. But here is the statistical twist: Target figured out that other women who demonstrate the same shopping patterns are probably pregnant, too. For example, pregnant women often switch to unscented lotions. They begin to buy vitamin supplements. They start buying extra big bags of cotton balls. The Target predictive analytics gurus identified twenty five products that together made possible a “pregnancy prediction score.” The whole point of this analysis was to send pregnant women pregnancy related coupons in hopes of hooking them as long term Target shoppers.

How good was the model? The New York Times Magazine reported a story about a man from Minneapolis who walked into a Target store and demanded to see a manager. The man was irate that his high school daughter was being bombarded with pregnancy related coupons from Target. “She’s still in high school and you’re sending her coupons for baby clothes and cribs? Are you trying to encourage her to get pregnant?” the man asked. The store manager apologized profusely. He even called the father several days later to apologize again. Only this time, the man was less irate; it was his turn to be apologetic. “It turns out there’s been some activities in my house I haven’t been completely aware of,” the father said. “She’s due in August.” The Target statisticians had figured out that his daughter was pregnant before he did. That is their business . . . and also not their business.

Charles Wheelan, Naked Statistics: Stripping the Dread from the Data (Kindle Location 4250), 2014, W. W. Norton & Company

Sell the stock, when....

As a curious side note, researchers have also documented a Businessweek phenomenon. When CEOs receive high profile awards, including being named one of Businessweek’s “Best Managers,” their companies subsequently underperform over the next three years as measured by both accounting profits and stock price. However, unlike the Sports Illustrated effect, this effect appears to be more than reversion to the mean. According to Ulrike Malmendier and Geoffrey Tate, economists at the University of California at Berkeley and UCLA, respectively, when CEOs achieve “superstar” status, they get distracted by their new prominence. They write their memoirs. They are invited to sit on outside boards. They begin searching for trophy spouses. (The authors propose only the first two explanations, but I find the last one plausible as well.) Malmendier and Tate write, “Our results suggest that media induced superstar culture leads to behavioral distortions beyond mere mean reversion.” In other words, when a CEO appears on the cover of Businessweek, sell the stock.

Charles Wheelan, Naked Statistics: Stripping the Dread from the Data (Kindle Location 1872), 2014, W. W. Norton & Company

Saturday, November 5, 2016

The Richest Man in Babylon

Lo, money is plentiful 
for those who understand
the simple rules of its acquisition

1. Start thy purse fattening
2. Control thy expenditures
3. Make gold multiply
4. Guard thy treasures from loss
5. Make of thy dwelling a profitable investment
6. Insure a future income
7. Increase thy ability to earn

. . .

Work, thou see, by this, in the time of my greatest distress, didst prove to be my best friend. My willingness to work enabled me to escape from being sold to join the slave gangs upon the walls. It is also impressed thy grandfather, he selected me for his partner.

George S. Clason, The Richest Man in Babylon (pp. 4, 125), 1926, Magdalane Press (2015 Edition)

Friday, October 28, 2016

Just a container

Pearl #12: When loved ones pass away, you've just lost the containers they lived in, not the essence of the impact they had on family, friends, and community and not the memories you still hold dear.
. . .
Zeke's oldest son delivered a superb eulogy at the funeral. It was heartfelt, loving, contemplative, and funny. He succinctly captured the essence of Zeke's personality and his influence on the people around him. We could all laugh while we cried, remembering the happiness Zeke brought instead of our sadness at his passing. That was Zeke. Not the container, but the memories. I hope I'm able to leave such fond memories when I no longer need the container I walk around in.

Karl Wiegers, Pearls from Sand: How Small Encounters Lead to Powerful Lessons (pp. 59, 61), 2011, Morgan James Publishing

Wednesday, October 26, 2016

Vision

Vision without Action is a Daydream. 
Action without Vision is a Nightmare.

Japanese proverb.

Saturday, October 22, 2016

IoT: Safety & Security

Like the thermodynamics example we provided above, cyber-physical and many IoT systems frequently invoke an intersection of safety and security engineering, two disciplines that have developed on very different evolutionary paths but which possess partially overlapping goals. We will delve more into safety aspects of IoT security engineering later in this volume, but for now we point out an elegantly expressed distinction between safety and security provided by noted academic Dr. Barry Boehm, Axelrod, W. C., Engineering Safe and Secure Software Systems, p.61, Massachussetts, Artech House, 2013. He poignantly but beautifully expressed the relationship as follows:

  • Safety: The system must not harm the world
  • Security: The world must not harm the system

Thus it is clear that the IoT and IoT security are much more complex than traditional networks, hosts and cybersecurity. Safety-conscious industries such as aircraft manufacturers, regulators, and researchers have evolved highly effective safety engineering approaches and standards because aircraft can harm the world, and the people in it. The aircraft industry today, like the automotive industry, is now playing catch-up with regard to security due to the accelerating growth of network connectivity to their vehicles.

Brian Russell, Drew Van Duren, Practical Internet of Things Security, 2016, Packt Publishing

Friday, October 21, 2016

The Same Password...

People often use the same password at multiple sites. For instance, a 2005 study by Cyota found that 44 percent of people surveyed used the same password at multiple sites, and 37 percent of online banking customers used the same password at less secure sites. When passwords are used at multiple sites, if a password is compromised at one site, it is compromised at all sites. In fact, attackers sometimes invite someone to an attractive site and let them pick their own username and password. The attackers then try that username and password at other sites the victim is likely to use.

Randall J. B., Raymond R. P., Corporate Computer Security (pp. 252), 2015, Pearson

Sunday, October 2, 2016

Ouch, Waterfall!

Another relevant research result answers this question: When waterfall requirements analysis is attempted, how many of the prematurely early specified features are actually useful in the final software product? In a study [Johnson02] of thousands of projects, the results are quite revealing—45% of such features were never used, and an additional 19% were “rarely” used. See Figure 5.1. Almost 65% of the waterfall-specified features were of little or no value!


Craig Larman, Applying UML and Patterns: An Introduction to Object-Oriented Analysis and Design and Iterative Development (pp. 45), October 30, 2004, Prentice Hall

Thursday, September 15, 2016

Information Radiator

An information radiator displays information in a place where passersby can see it. With information radiators, the passersby don’t need to ask questions; the information simply hits them as they pass.
Alistair Cockburn


A picture from 'Kanban in Action' .
Book authors: Marcus Hammarberg and Joakim Sunden.

Saturday, September 10, 2016

Frederick Brooks on Requirements Development

The hardest single part of building a software system is deciding precisely what to build. No other part of the conceptual work is as difficult as establishing the detailed technical requirements, including all the interfaces to people, to machines, and to other software systems. No other part of the work so cripples the resulting system if done wrong. No other part is more difficult to rectify later.

Frederick P. Brooks, Jr., No Silver Bullet: Essence and Accidents of Software Engineering (pp. 13), 1987, University of North Carolina at Chapel Hill

Monday, September 5, 2016

If you’re not failing, you’re probably not trying as hard as you could be

All the failures I’ve overcome? That’s much more important than any successes. I had to repeat ninth grade. I had to repeat the beginning of graduate school. I lost my major source of funding just before I came up for tenure. One of the major things — news flash — that they judge you on for tenure is whether you can support yourself. In each case, it helps if you can think out of the box and think of a new way of doing things. The other thing is: Follow your dreams, even if it does mean taking a risk. If you’re not failing, you’re probably not trying as hard as you could be. And being petrified of failure means you’re going to be probably a very extreme underachiever.
One of the things we recruit people for in my lab is being nice. That’s the ethos we try to encourage. “Nice guys finish last” — isn’t that a terrible message to be sending to the next generation?
I think what goes around comes around. You have to really want all the teams to succeed, all the boats to float. You want your competitors to not fail. It’s hard enough to get progress in the world if everybody’s succeeding.
. . . 
From Alvin Powell's interview with George Church (Professor of Genetics at Harvard Medical School).

Monday, July 18, 2016

Luxurious & Arctic!

What signals success when you walk into an office in parts of Asia? Ridiculously cold temperatures. The blast of frigid air tells you immediately that this firm can afford lots of air-conditioning. Even when the temperature is more than ninety degrees outside, office temperatures are sometimes so cold that some workers use space heaters. The Wall Street Journal reports, “Frosty air conditioning is a way for businesses and building owners to show that they're ahead of the curve on comfort. In ostentatious Asian cities, bosses like to send out the message: We are so luxurious, we're arctic.”

Charles Wheelan, Naked Economics: Undressing the Dismal Science (pp. 121), 2010, W. W. Norton & Company

Sunday, April 17, 2016

Zipcode

The United States Postal Service, which assigns zip codes, has issued about 45,000 of the 99,999 possible zip code values. Some zip codes, however, have no residents, such as a code assigned to a single large office building. The United States Census Bureau compiles statistics on nearly 32,000 regions it calls Zip Code Tabulation Areas, distinct areas approximating the boundary of a geographic postal zip code. With a total U.S. population of over 300 million, each tabulation area thus contains an average of roughly 10,000 people.

Charles, P. P., Shari L. P., Jonathan M. (2015). Security in Computing: Fifth Edition (pp. 615). Prentice Hall. Upper Saddle River, NJ

Sunday, April 10, 2016

Laptops Fly Away at Airports

Ponemon Institute conducted a survey of laptop loss at airports in the United States and Europe [PON08]. At 36 of the largest U.S. airports they found an average of 286 laptops are lost, misplaced, or stolen per week. For eight large European airports, the figure is even larger: 474. Of these, 33 percent were recovered either before or after the flight in the United States and 43 percent in Europe.

Charles, P. P., Shari L. P., Jonathan M. (2015). Security in Computing: Fifth Edition (pp. 691). Prentice Hall. Upper Saddle River, NJ

Sunday, April 3, 2016

Absolution for Dereliction

Y2K was a classic example of a broken window. Recall from Chapter 3, "The Power of Weaknesses," that a broken window is an element of disorder. Inattention and sloppiness invites disorder. And disorder invites greater disorder, even crime. In the case of software, our systems are broken even before we purchase them. Y2K seems to prove this point in spades. The fact that nothing obvious happened on January 1, 2000, is irrelevant. In fact, plenty happened. As a broken window, Y2K sent a message to everyone in the global networked neighborhood that no one was in control of software. Y2K was a message sent around the world heard by everyone: citizen, officials, and organized crime. Only now are we seeing the results.

In their panic, Congress, instead of grabbing the software industry by its ear lobe and saying, "You are arrogant, sloppy little men, what you wrought," passed the Year 2000 Computer Date Change Act limiting the liability of the software industry. In essence, the Act was absolution for dereliction. It just goes to show that it is rather difficult to grab someone by ear when they have you by the balls.

David Rice (2008). Geekonomics: The Real Cost of Insecure Software (pp. 189). Pearson Education, Inc. Boston MA

Friday, April 1, 2016

Seneca: On the Shortness of Life

Personal notes collected from Seneca - On the Shortness of Life (Translated by C. D. N. Costa, Penguin Books)



It is not that we have a short time to live, but that we waste a lot of it. Life is long enough, and a sufficiently generous amount has been given to us for the highest achievements if it were all well invested.
. . .

People are frugal in guarding their personal property; but as soon as it comes to squandering time they are most wasteful of the one thing in which it is right to be stingy.
. . .

You are living as if destined to live for ever; your own frailty never occurs to you; you don't notice how much time has already passed, but squander it as though you had a full and overflowing supply -- though all the while that very day which you are devoting to somebody or something may be your last. You act like mortals in all you fear, and like immortals in all that you desire.
. . .

There are many instructors in the other arts to be found everywhere; indeed, some of these arts mere boys have grasped so thoroughly that they can even teach them. But learning how to live takes a whole life, and, which may surprise you more, it takes a whole life to learn how to die. So many of the finest men have put aside all their encumbrances, renouncing riches and business and pleasure, and made it their one aim up to the end of their lives to know how to live. Yet most of these have died confessing that they did not yet know -- still less can those other know. Believe me, it is the sign of a great man, and one who is above human error, not to allow his time to be frittered away: he has the longest possible life simply because whatever time was available he devoted entirely to himself. None of it lay fallow and neglected, none of it under another's control; for being an extremely thrifty guardian of his time he never found anything for which it was worth exchanging. So he had enough time; but those into whose lives the public have made great inroads inevitably have too little.
    Now must you think that such people do not sometimes recognize their loss. Indeed, you will hear many of those to whom great prosperity is a burden sometimes crying out amidst their hordes of clients or their pleadings in law courts or their honorable miseries. 'It's impossible to live.' Of course, it's impossible. All those who call you to themselves draw you away from yourself. How many days has that defendant stolen from you? Or that candidate? Or that old lady worn out with burying her heirs? Or that man shamming an ilness to excite the greed of legacy-hunters? Or that influential friend who keeps people like you not for friendship but for display?
. . .

Everyone hustles his life along, and is troubled by a longing for the future weariness of the present. But the man who spends all his time on his own needs, who organizes every day as though it were his last, neither longs for nor fears te next day. For what new pleasures can any hour now bring him? He has tried everything, and enjoyed everything to repletion. For the rest, Fortune can dispose as she likes: his life is now secure. Nothing can be taken from this life, and you can only add to it as if giving to a man who is already full and satisfied food which he does not want but can hold. So you must not think a man has lived long because he has white hair and wrinkles: he has not lived long, just existed long. For suppose you should think that a man had had a long voyage who had been caught in a raging storm as he left harbor, and carried hither and thither and driven round and round in a circle by the rage of opposing winds? He did not have a long voyage, just a long tossing about.
. . .

People are delighted to accept pensions and gratuities, for which they hire out their labor or their support or their services. But nobody works out the value of time: men use it lavishly as if it cost nothing.
. . .


The greatest obstacle to living is expectancy, which hangs upon tomorrow and loses today. You are arranging what lies in Fortune's control, and abandoning what lies in yours. What are you looking at? To what goal are you straining? The whole future lies in uncertainty: live immediately.
. . .

So, when you see a man repeatedly wearing the robe of office, or one whose name is often spoken in the Forum, do not envy him: these things are won at the cost of life. In order that one year may be dated from their names they will waste all their own years.
. . .


Sunday, March 27, 2016

Anti-Cloaking Glasses

Suppose you were trying to limit access to a football match being held on an open park in a populous city. Without a fence, gate, or moat, you could not limit who could see the game. But suppose you had super powers and could cloak the players in invisibility uniforms. You would issue special glasses only to people allowed to see the match; others might look but see nothing. Although this scenario is pure fantasy, such an invisibility technology does exist, called encryption. Simply put, encryption is a tool by which we can transform data so only intended receivers (who have keys, the equivalent of anti-cloaking glasses) can deduce the concealed bits.

Charles, P. P., Shari L. P., Jonathan M. (2015). Security in Computing: Fifth Edition (pp. 37). Upper Saddle River, NJ: Prentice Hall.

Saturday, February 20, 2016

Tricking CAPTCHAs

Petmail (http://petmail.lothar.com) is a proposed anti-spam email system. In the description the author hypothesizes the following man-in-the-middle attack against CAPTCHAs from free email account vendors. First, the spam sender creates a site that will attract visitor; the author suggests a site with pornographic photos. Second, the spammer requires people to solve CAPTCHA in order to enter the site and see the photos. At the moment a user requests access, the spam originator automatically generates a request to create a new email account (Hotmail, for example). Hotmail presents a CAPTCHA, which the spammer then presents to the pornography requester. When the requester enters the solution, the spammer forwards that solution back to Hotmail. If the solution succeeds, the spammer has a new account and allows the user to see the photos; if the solution fails, the spammer presents a new CAPTCHA challenge to the user. In this way, the attacker in the middle splices together two interactions by inserting a small amount of the account creation thread into the middle of the photo access thread. The user is unaware of the interaction in the middle.

Charles, P. P., Shari L. P., Jonathan M. (2015). Security in Computing: Fifth Edition (pp. 240). Upper Saddle River, NJ: Prentice Hall.

Tuesday, January 5, 2016

The Magic of Living Below Your Means

One of the reasons people give for not giving gifts is that they can't afford it. Gifts don't have to cost money, but they cost time and effort. If you're in a panic about money, those two things are hard to find. The reason these people believe they can't afford it, though, is that they've so bought into consumer culture that they're in debt or have monthly bills that make no sense at all.

When you cut your expenses to the bone, you have a surplus. The surplus allows you to be generous, which mysteriously turns around and makes your surplus even bigger.

From Seth Godin's book--Linchpin.
Page 166.

Monday, January 4, 2016

Linchpin

Notes collected from Seth Godin's amazing book--Linchpin.



Today is a turning point, once-in-a-lifetime moment in time when you get to make a choice. Every day, people like you are choosing to go It a less well-defined path, one in which they make choices and make a difference. It turns out that not only does this fulfill our potential as workers and citizens, it is also precisely what the marketplace demands. Instead of focusing on complying with management as a long-term strategy for getting more stuff and being more secure, we have a chance to describe a powerful vision for our future and actually make it happen. This dream isn't about obedience, it's about vision and engagement.
. . .

For nearly three hundred years, that was the way work worked. What factory owners want is compliant, low-paid, replaceable cogs to run their efficient machines. Factories created productivity, and productivity produced profits. It was fun while it lasted (for the factory owners).

Our society is struggling because during times of change, the very last people you need on your team are well-paid bureaucrats, note takers, literalists, manual readers, TGIF laborers, map followers, and fearful employees. The compliant masses don't help much when you don't know what to do next.

What we want, what we need, what we must have are indispensable human beings. We need original thinkers, provocateurs, and people who care. We need marketers who can lead, salespeople able to risk making a human connection, passionate change makers willing to be shunned if it is necessary for them to make a point. Every organization needs a linchpin, the one person who can bring it together and make a difference. Some organizations haven't realized this yet, or haven't articulated it, but we need artists.

Artists are people with a genius for finding a new answer, a new connection, or a new way of getting things done. That would be you.
. . .

Here is the problem, which you've already guessed. If you make your business possible to replicate, you're not going to be the one to replicate it. Others will. If you build a business filled with rules and procedures that are designed to allow you to hire cheap people, you will have to produce a product without humanity or personalization or connection. Which means that you'll have to lower your prices to compete. Which leads to a race to the bottom. Indispensable business race to the top instead.
. . .

Just over a century ago, leaders of our society started building a system that is now so ingrained, most of us assume that it's always been here and always will be.
We continue to operate as if that system is still here, but every day we do that is a day wasted, dollars lost, and opportunity squandered. And you need to see why.
The system we grew up with is based on a simple formula. Do your job. Show up. Work hard. Listen to the boss. Stick it out. Be part of the system. You'll be rewarded.
That's the scam. Strong words, but true. You've been scammed. You traded years of life to be part of a giant con in which you are most definitely not the winner.
If you are playing that game, it's no wonder you're frustrated. The game is over.
There are no longer any great jobs where someone else tells you precisely what to do.
. . .

The white-collar job was supposed to save the middle class, because it was machineproof. A machine could replace a guy hauling widgets up a flight of stairs, but a machine could never replace someone answering the phone or running the fax machine.

Of course, machines have replaced those workers. Worse, much worse, is that competitive pressures (and greed) have encouraged more organizations to turn their workers into machines.

If we can measure it, we can do it faster.
If we can put it in a manual, we can outsource it.
If we can outsource it, we can get it cheaper.

The end results are legions of frustrated workers, wasted geniuses each and every one of them, working like automatons, racing against the clock to crank out another policy, get through another interaction, see another patient.
It doesn't have to be this way.
. . .

Average Is Over
Our world no longer fairly compensates people who are cogs in a giant machine. There's stress because many of us, that's all we know. Schools and society have reinforced this approach for generations. It turns out that we need are gifts and connections and humanity—and the artists who create them.

Leaders don't get a map or set of rules. Living life without a map requires a different attitude. It requires you to be linchpin.

Linchpins are essential building blocks of tomorrow's high-value organizations. They don't bring capital or expensive machinery, nor do they blindly follow instructions and merely contribute labor. Linchpins are indispensable, the driving force of our future.
. . .

The organizations they work for have a very low PERL (the percentage of easily replaced laborers). In fact, for solely owned organizations, there aren't any easily replaced laborers.

This idea is spreading, faster than most of us realize. Now, the thriving organization consists of well-organized linchpins doing their thing in concert, creating more value than any factory ever could. Instead of trying to build organizations filled with human automatons, we've realized we must go the other way.
. . .

“Not my job”--three words can kill an entire organization.
In factory, doing a job that's not yours is dangerous. Now, if you are linchpin, doing a job that's not getting done is essential.
. . .

. . .

Schools expect that our best students will graduate to become trained trigonometricians. They'll be hired by people to compute the length of hypotenuse of a certain right triangle. What a waste. The only reason to learn trigonometry is because it is a momentarily interesting question, one worth sorting out. But then we should move on, relentlessly seeking out new problems, ones even more interesting than that one. The idea of doing it by rote, of relentlessly driving the method home, is a total waste of time.
. . .

Organizing around the average, then, is too expensive. Organizing around average means that the organization has exchanged the high productivity of exceptional performance for the ease and security of an endless parade of average performers.
. . .

Depth of knowledge is rarely sufficient, all by itself, to turn someone into a linchpin. There are three situations where an organization will reward and embrace someone with extraordinary depth of knowledge:

  1. When the knowledge is needed on a moment's notice and bringing in an outside source is too risky or time consuming.
  2. When the knowledge is needed on a constant basis and the cost of bringing in an outside source is too high.
  3. When depth of knowledge is also involved in decision making, and internal credibility and organizational knowledge go hand in hand with knowing the right answer.
. . .

If it wasn't a mystery, it would be easy. If it were easy, it wouldn't be worth much.
. . .

As our economy has matured and mechanized, seeking out and adhering to the norm has become unprofitable. It's unproductive to establish a career around the idea of doing what the manual says.
. . .

You must say, “But I'll get fired for breaking the rules.” The linchpin says, “If I lean enough, it's okay if I get fired, because I'll have demonstrated my value to the marketplace. If the rules are the only thing between me and becoming indispensable, I don't need the rules.”

It's easy to find a way to spend your entire day doing busywork. Trivial work doesn't require leaning. The challenge is to replace those tasks with rule-breaking activities instead.
. . .

Shipping something out the door, doing it regularly, without hassle, emergency, or fear—this is a rare skill, something that makes you indispensable.
. . .

The reason that start-ups almost always defeat large companies in the rush market is simple: start-ups have fewer people to coordinate, less thrashing, and more linchpins per square foot. They can't afford anything else and they have less to lose.
. . .

The road to comfort is crowded and it rarely gets you there. Ironically, it's those who seek out discomfort that are able to make a difference and find their footing.

Inevitably, we exaggerate just how uncomfortable we are. An uncomfortable seat on a long airplane flight begins to feel like a open wound. This exaggeration makes it even more likely than embracing the discomfort that others fear is likely to deliver real rewards.

Discomfort brings engagement and change. Discomfort means you're doing something that others were unlikely to do, because they're busy hiding out in the comfortable zone. When your uncomfortable actions lead to success, the organization rewards you and brings you back for more.
. . .

Thomas Hawk is the most successful digital photographer in the world. He has taken tens of thousands of pictures, on his way to his goal of taking a million in his lifetime. The remarkable thing about Hawk's rise is that his pictures are licensed under the Creative Commons license and freely shared with anyone, with no permission required for personal use. Thomas is both an artist and a giver of gifts. The result is that he leads a tribe, he has plenty of paid work, and he is known for his talents. In short, he is indispensable.
. . .

The magic of the gift system is that the gift is voluntary, not part of contract. The gift binds the recipient to the giver, and both of them to the community. A contract isolates individuals, with money as the connector. The gift binds them instead.
. . .

When you walk into your boss's office and ask for advice, she doesn't charge you an hourly fee, even if she's a corporate coach or psycho-analyst, even if you want help with a personal problem. The gift of her time and attention and insight is just that—a gift. As a result, the bond between you strengthens.
. . .

The Magic of Living Below Your Means
One of the reasons people give for not giving gifts is that they can't afford it. Gifts don't have to cost money, but they cost time and effort. If you're panic about money, those two things are hard to find. The reason these people believe they can't afford it, though, is that they've so bought into consumer culture that they're in debt or have monthly bills that make no sense at all.

When you cut down your expenses to the bone, you have a surplus. The surplus allows you to be generous, which mysteriously turns around and makes your surplus even bigger.
. . .

How Does a Linchpin Work?
In a world with only a few indispensable people, the linchpin has three elegant choices:
  1. Hire plenty of factory workers. Scale like crazy. Take advantage of the fact that most people want a map, most people are willing to work cheaply, most people want to be the factory. You win because you extract the value of their labor, the labor they're surrendering too cheaply.
  2. Find a boss who can't live without a linchpin. Find a boss who adequately values your scarcity and your contribution, who will reward you with freedom and respect. Do the work. Make a difference.
  3. Start your own gig. Understand that an organization filled with linchpins is itself indispensable. Hire appropriately.
If you are not currently doing any of these, refuse to settle. You deserve better.
. . .

Focus on making changes that work down, not up. Interacting with customers and employees is often easier than influencing bosses and investors. Over time, as you create an environment where your insight and generosity pay off, the people above you will notice, and you'll get more freedom and authority.
. . .