I’ve been trying for a long while to put into words why I became disenchanted with the Ph.D. process, and why that was one reason — though not the overriding reason — why I terminated my pursuit of a doctorate. But today, sitting back and reading a bit of Thomas Aquinas I came to a sudden epiphany. The reason is straightforward, and ironically was told to me by a dearly departed friend years ago. The problem, is that Ph.D.s are too narrowly focused. Or, as Jim Anderson so eloquently put it way back when, “Some of the stupidest people I know have Ph.D.s.” He bemoaned their inability to grasp the larger picture, instead focusing on minutiae, some small problem ignoring all else. Sometimes ignoring reality itself and coming up with a “solution” that worked only within some fantastical model that had little relation to how the real world functioned.
Now Jim, like myself, was an old grey beard of security. In fact, I would argue that Jim was responsible for what today is called “information security”. The very foundations of computer security were formulated and documented by Jim way back in 1972. I was fortunate enough to work with Jim on-and-off from 1987 through 1994. His passing a couple years back was truly sad.
And Jim, being more of a big picture kind of guy, never earned his Ph.D. He published the seminal work of computer security: Computer Security Planning Guide in 1972. Although I find the word “seminal” overused today, I believe anyone in computer security would easily assert it was a seminal paper. In fact, its very ideas still form the foundations of IT security. Although some may smile at the though of the Reference Monitor, it is still at the core of security technologies today. And I can state that in a distributed environment it’s purpose is only reinforced, especially when viewed from the modern interpretation of PDPs and PEPs.
Thus, Jim was a big thinker. He looked at the larger picture. It’s something I deeply admired in Jim and it was something that drove — and drives — my IT security research. Why focus on some small piece when the problem is much larger. When the problems can’t be resolved via a given technology — say, cryptography — but must be addressed by an attempt to combine social and engineering solutions. So long as people remain within the IT mixture the problems will continue to have deep social fractures that need to be understood, modeled, and properly addressed.
But many Ph.D. programs today demand you focus on a single problem. That was a problem for Jim. It’s a problem for me. And I would argue that Jim’s 1972 treatise is easily the most influential computer security document, ranking up there with Claude Shannon’s A Mathematical Theory of Computation in terms of overall impact and influence on where IT security has gone.
Of course, another problem is the fairly recent attempt to create a mathematics of IT Security. You see this pseudo-math in a lot of papers on IT Security. It’s all rather laughable. It’s attempting to formally define something that is totally non-deterministic. Computer/IT Security is a flow-control problem. And unlike flow-control that has mathematical models and is thus computational, security is non-deterministic because the main cause of the flow are humans. And humans are, well, non-deterministic. They simply will not do what you want and will, in fact, do exactly what you don’t want them to do. They’ll stress systems, find ways around “security solutions” that aggravate them, and generally act in irrational ways — which seem perfectly rational to the end-user ;-).
Jim understood that. Too many today don’t. And thus you see this pursuit of perfection. This attempt to quantify everything. To focus on a small piece of the problem as if that will somehow result in a solution. And to preclude anyone from looking at the larger picture.
It’s not as if I don’t comprehend the need and desire to focus on particularly vexing problems. I’m good with that. But why are we totally ignoring those amongst us who would better solve the larger problem?
I think I know. It’s an issue of “research”. Many academics today believe that research is divided into well defined silos: pure research, applicative research, etc. To that I say “bah!”. Research is research. It will all, ultimately, be applicable. G.H. Hardy famously stated that he focused on “pure mathematics” because it meant that “[He has] never done anything ‘useful’. No discovery … made, or likely to [be made], directly or indirectly, for good or ill, [will make] the least difference to the amenity of the world.” He was quite wrong. His work is applicable to a wide variety of studies ranging from physics to computer science.
Hence, if you want to focus on something a bit more loosely defined, that’s less formal, it is still good research. If you want to focus on problems at hand, they’re also good things to study. Especially in computer security where just about every problem is open and will remain open so long as we have to deal with end-users, especially today when they’re highly integrated into the fibre of the networks and are very very interconnected.
So when I think about what I like doing I realize I lack focus, enjoy dealing with ongoing open research areas, bemoan the application of “formality” to something that is actually a fuzzy social problem, and that requires a deep philosophical viewpoint, one that looks out to the infinite in a realistic way. And that’s anathema to the Ph.D. process, or at least the one I’ve dealt with.
So what is it that I want to focus on? The social aspects of information flow within large networks and how that information flow can be reasonably well secured to ensure things like privacy and accountability. And this is of paramount importance as more and more people move their once private affairs to the internet. As they dump pictures, documents, journals, etc. online for everyone to peruse. As they work and attempt to separate what is “personal” from that which is actually “work related”. It’s all blurred and that blurriness inevitably allows malcontents and miscreants to wedge malicious software and social engineering into the gaps causing/wreaking havoc.
Besides, those big picture problems are cool. I simply cannot comprehend why anyone would want to study some small piece of minutiae. To examine some aspect of, say, cryptography for 4 years and then write a treatise on it. I simply couldn’t care less. It’s just “details”. Perhaps this is a result of my entrepreneurial streak. My attitude is you just hire people to deal with details, or things you don’t like doing.
One example might help. During my aborted Ph.D. studies I had to study combinatorics. I frankly couldn’t care less for combinatorics. When asked how to solve a problem I said “I don’t care.” I remember being asked how I’d deal with that problem were I facing it as a professor, say. I said “I’d look it up in a book or find someone who cared.” Not the right answer, it seemed. Supposedly, I should have had a deep caring for combinatorics — and a bunch of other esoteric gibberish I could have just looked up in a book. To me it was all akin to them asking me to memorize and then regurgitate the phone book. The point would be, what?
In the end it seems that parts of the academic establishment are truly what Jim bemoaned, focused on minutiae, disinterested in the big picture, unwilling to reward those who truly can think as opposed to those that can regurgitate useless statistics, meaningless formulae, etc. Ultimately, their loss.
And I’m not alone. I’ve found out from many friends and colleagues that there are a lot of people who’ve abandoned their Ph.D.s for the same reason. More the pity.
I will therefore take Mark Twain’s famous advice and never let my schooling interfere with my education.
Tags: Uncategorized
Sometimes things just happen. Like silence in a crowded restaurant. Recently I had back-to-back songs with cowbell pop up on my iTunes random playlist. Quite eclectic collection. I’m sure there are others.
- Dance the Night Away, Van Halen
- Don’t Fear the Reaper, Blue Oyster Cult
- Hair of the Dog, Nazareth
- Lay Lady Lay, Bob Dylan
- Time Has Come, The Chambers Brothers
I’m sure there are plenty more, but these have it pretty front-and-centre.
And whenever I hear a cowbell I think of Gene Frenkle and that Saturday Nigh Live sketch.
Tags: Uncategorized
I’m not a camera buff. But I know a cool camera hack when I see one :-).
This hack by a Japanese camera buff is totally cool. Although it only works for stationary objects being photographed, the resolution is absurdly high (130 megapixels). And I can think of some pretty cool uses such as photographs of the nighttime sky, for example. Hooking this baby up to an equatorially mounted telescope would result in stunning photographs. Totally cool.
Tags: Uncategorized
I had a chat with an old friend last night about a bevy of CS things and we came to why I haven’t programmed much the past decade or so. It’s not that I can’t. I had to for one of my Ph.D. courses. It’s just that I find it too low bandwidth. It’s a general problem I have. I find many things too low bandwidth. That includes pursuing a Ph.D. wherein they want you to know all kinds of minutae while I would prefer to just ask someone else to do that work for me. Why do I need to know about probability? I’ll just hire someone to do that for me. It’s obviously my entrpreneurial streak, but really, why would anyone want to know everything? Seems like a pointless effort/exercise.
And thus my take on programming, and my missive from yesterday. Most programming languages are way too verbose. And being someone who likes high bandwidth tasks it’s been easier for me the past 20 years to get someone else to code while I just orchestrate what needs doing. Over time I’ve simply left coding behind as its too low bandwidth requiring too much time for what I perceive as viable outputs.
I’m hoping that languages like Python and Clojure will actually help me. Not to become a programmer again, but in getting more done faster with the resources at my disposal. If Clojure and Python are 10x more dense, then that means I can build solutions to client problems substantially faster! And as an entrepreneur, I can build it faster, still charge good amounts for the solutions, and leverage the newly made-available time to build new solutions for new customers. Win-win!
It’s why I remain perplexed why so few companies opt for the denser languages. You can use either fewer developers or do the project in less time allowing one to spend more time bringing in more business. Seems like the logical thing to do to me. Yet, most seem hell-bent on using languages like C++, C#, and Java all of which are verbose and require way too much typing. Maybe it’s the “you can always find a C++/C#/Java programmer” argument. To me that’s silly. A good developer should be able to learn any language and should be happy they’d see results quicker in a new language than an old one. The crappy developers, well, there’s no hope for them anyway.
So, I still hate programming but have hope that the new languages like Ruby, Python, Clojure, Scala and others will finally bring enough density to the code that we can have our staff code less, get the same or better results, all the while bringing in new business. It’s much like what Paul Graham was on about re: Lisp and his company which you can read about at his blog. Head over there to read some interesting history on how he leveraged density to make a successful business, and ultimately a lucrative sale.
Tags: Uncategorized
I’ve been disillusioned with programming languages for a long while. I started coding in the 70s and more than 30 years later here I am in a funk about programming languages, but I do see rays of light.
First, let me tell you about the languages I like:
- C
- Pascal
- Algol
- Lisp
- Prolog
- Scheme
- Python
- Clojure
- Arc
- Smalltalk
And that’s not a complete list, just those languages I most like, including some modern ones.
But here’s a list of languages I absolutely hate.
- C++
- Cobol
- Java
- Objective-C
- Common Lisp
And why do I hate them? Verbosity and ugly syntax, primarily. Either one, the other, or a hideous combination of the two. And it’s the rise of languages such as C++ and Java that I more or less no longer program. I just can’t see myself being impeded in my progamming by the verbosity of the language. I want to write small, tight code with the least amount of interference from the language syntax and semantics.
To me, it all went wrong when we went from C to C++ and then onto Java. Each one in turn uglier and more verbose than the last.
But things started to change recently. I’ve watched as languages such as Scala, Ruby, and Python arrived. Each one does part of what Lisp does, but none have gone the full distance to Lisp — namely “Code = Data”. However, each is ray of light. Each allows you to write small, succinct code. The syntax and semantics are (for the most part) there to help you. They’re wonderful languages. I’ve watched as my development teams have written dozens of lines of code to implement a feature, as opposed to dozens of pages of code. The developers have told me that they didn’t think it possible to see a 10:1 or better reduction in code, yet there it was. And that reduction by an order of magnitude in the number of lines of code required is also a reduction by an order of magnitude in the number of possible bugs! A bonus all around: faster coding, fewer bugs, more comprehensible code! Woo hoo.
Of course, they’re not all equivalent in their elegance. Two stand out for their maturity, elegance, and fitness of purpose: Clojure and Python.
I like Python because it has some elegant pieces, namely the way it enforces indentation. It’s easy to comprehend and handles XML and other web-based necessities with flair. It’s fantastic.
But mostly I love Clojure. It’s a new, redone Lisp. It’s web aware. It knows that Code = Data. Hurrah!
Now, Lisp has always been my favourite language but with the advent of Common Lisp I began to despise it. It became verbose. Horrid to code in. What was elegant became ugly, unnecessarily so. I moved onto Scheme as it retained the simple elegance that was the original Lisp implementations. However, Scheme had a fatal flaw: you had to write a lot of support code. It reminded me a lot of Pascal, elegant but not as library rich as C. Clojure solves that problem — as does Arc to a lesser extent. With Clojure the elegant simplicity of Lisp has been rediscovered and Clojure, built atop the JVM, means developers have complete access to all the Java libraries out there without having to code in Java. Bonus!
I’ve noticed that the interest in Clojure seems to be increasing. I see more and more mention of the language and I think maybe, just maybe, people are starting to comprehend what John McCarthy was on about more than 50 years ago.
So I have hope that programming will get more “fun” as we eliminate the verbosity and allow Code to be equivalent to Data.
Here’s to the end of programmatic verbosity.
For those who enjoy a good motivational poster, here’s one from Xach’s Journal. Enjoy.
Tags: Uncategorized
I never thought I’d actually approve of the GG. In general I find it an uber-political appointment that seems so ceremonial that little of value every comes out of it. And then Michaella Jean goes and proves me wrong. As Teddy Roosevelt used to say, Bully!
Good for her for standing up for Canada and the Inuit.
As for all the “bleeding hearts” out there, I still have no time for them. As Bono eloquently put it:
I don’t believe in bleeding hearts or painted roses
While bullets rape the night of the merciful.
Tags: Uncategorized
This article caught my eye today: Once Considered Unthinkable, US Sales Tax Gets Fresh Look.
Obviously, in the US, there will be a massive hue-and-cry over this. But I really don’t see why.
I’m all for consumption taxes. They’re fair. If you want to consume more, or if you can due to how much money you make or have, so be it. You can be taxed for your consumption. But you have the choice to consume less — regardless of your fiscal position. Thus, it’s fair. It does not unfairly impact anyone.
In fact, I’d like to see here in Canada income tax become something you only pay to the provinces and that the Feds collect money only from a consumption tax (a redone GST) plus corporate taxes. In my view, provinces should not be allowed to tax goods or services, only incomes. That way they’d have to be more responsible to their electorate while the feds focus on the macro economic issues at hand. It also means, by pushing corporate taxes to the federal level only that provinces must control their spending so as not to overly affect the electorate who are paying for the province’s services.
Furthermore, via a proper consumption tax equalization payments to truly “have not” provinces would be OK as it can be based on an examination of taxation levels and service levels wherein the feds ensure that a minimum service level is provided for healthcare, EI, welfare, etc.
I can hope, but I know it won’t happen. I can’t see politicians having the guts to do something as elegant as simplifying the taxation system.
Tags: Uncategorized
There are a lot of mysteries in this universe, not least of which is the way Apple builds their computers. They have computers like the Mac Pro which is wonderfully assembled and easily expandable. Then you have the iMac which is a sealed unit and a bitch to upgrade, other than memory. It seems some mental midget at Apple figured that memory was the only thing that customers would ever want to upgrade, replace, or that would go bad. Of course, if your hard disk goes bad you have one of two choices: bravery or a Mac shop. The former requires some digging on the network to find how to take apart an iMac and then the bravery to actually do what the steps entail. I’ve done that, and trust me it’s a pain. Taking it to a Mac shop is, in my opinion, stupid when all you want to do is replace a defective drive. Why didn’t Apple make it easy to replace the stupid drive? After all, it is a SATA drive so how hard would it have been to create a small door hidden in the back to easily swap out the drive.
It’s why I don’t understand why there’s isn’t a mid-size Mac Pro — a Mac Semi-Pro, if you will :-). It would be perfect for those of us who don’t need the oomph of the Mac Pro but do want some level of upgradability. A half-sized Mac Pro would be optimal. In fact, something like this Gateway FX. It has 2 spare drive bays with trays for inserting SATA drives. Has an i7, which is more than enough for my purposes, and a decent graphics card. It’s about 1/2 the size of a Mac Pro. Just perfect for my needs. But I’d rather have a Mac.
Unless I go through the hassle of making a Hackintosh, I’m screwed — and could be screwed if I go through and build a Hackintosh. Damned either way. So if anyone at Apple reads this, why not a Mac Semi-Pro that has a smaller case, a single i7, a choice of video card, and ample memory for those of us unwilling to shell out the bucks for the Mac Pro and who want something smaller, and able to hold multiple video cards for those of us who already have monitors yet the Mac Mini is just too lightweight a solution. As the Gateway shows, such a box would be a reasonable $1500 or so, maybe a bit more considering the quality of the case, etc. Even at $2,000 it would be a deal.
Tags: Uncategorized
There’s a great article on Rogue over at Gamasutra. It brings back a lot of memories, especially ones of sitting in the computer lab playing Rogue on the Engineering Vax. It so inspired me and a couple of friends that a few years later, around 1985, we coded up a version of Rogue for the CP-6 mainframe. We called our creation Lair. It was quite popular, relatively speaking. Unlike Rogue we opted for Pascal and it we had requests for it worldwide. It required the CP-6 Pascal compiler which was a bonus for my employer at the time, who actually wrote and sold CP-6 Pascal for the Honeywell CP-6 line.
To this day I bump into people who had a Honeywell CP-6 system in their building and played Lair without knowing that I was the primary programmer.
It’s interesting to look around the web and realize Rogue is still popular. I fired it up recently and I still find it fun to play. Hmm. I wonder if I can get Rog-o-matic working with it. That’s another cool program.
Ah, memories.
For the curious who want to sample the Dungeons of Doom, head over to the Rogue Like Development site.
Tags: Uncategorized
One of my favourite snacks is dry figs. Not fresh ones — I’m not a fan. But dry ones. And the best dry ones are out right now: Turkish. I’ve had figs from all over but the dried figs from Turkey — which are just in season now — are by far the best. Head and shoulders better in my opinion than any others. I have no idea why they’re so good, but they’re like candy — yet healthier. And at just 100 calories for 3 of them a treat that even someone trying to watch the old calories can appreciate.
Oh, they also make a wicked dried fruit for power bars or cookies. A mix of dates and Turkish figs and you’ve got a wicked dessert bar or cookie.
Tags: Uncategorized
