Home
 

The Underpinnings

About Recent Entries

So I moved to Princeton Jun. 28th, 2009 @ 12:15 am
Most of you know that I recently moved to Princeton, New Jersey for the summer. As a native Californian who generally expects all other states to be completely inferior in every way, (not really) I didn't relish the thought of moving, to of all places, New Jersey. Yet my lack of relish was misplaced. While Princeton isn't exactly the most happening place in the world, it certainly looks like it will be a nice place to spend the summer. Instead of desperate urban hellscape that New Jersey's reputation would lead you to believe, Princeton is instead a nice quiet little town that really if anything, is too nice.

For those of you who don't believe, here's some photos of Princeton, you can see for yourselves: http://www.flickr.com/photos/39879310@N02/3667480710/in/set-72157620661940642/

As for why I'm here, I'm working at Fraser Research, which is a small little research firm redesigning the Internet. It's a project that has been going on for quite a few years now and is slowly getting nearer to completion. The design is interesting and may or may not ever see the light of day, but either way ends up being an nifty project to work on. Some pieces of the design are influenced by some of the work that was done at Bell Labs, as that's Sandy's old stomping grounds. Various pieces take into consideration things that usually are never thought about, so those parts end up being fairly fascinating. Overall, I think it should be a fun summer.

On another topic, due to an amusing set of circumstances other than myself, every last person currently at Fraser is British or an ex-Brit. The other three students are from Cambridge and Sandy and his wife both crossed the pond quite a bit back. It's a bit of an odd experience: I traveled to New Jersey and ended up surrounded by British people, which seems amusing enough to note. The bottom line seems to have been that my active vocabulary has shifted to use words like "bugger" much more often than I really expected.

For those of you who don't really care to go through the full stream of pictures I linked to above, here's a few links into the middle of the stream where you can see something more specific:
Pictures of the office: http://www.flickr.com/photos/39879310@N02/3666676329/in/set-72157620661940642/
Pictures of the house: http://www.flickr.com/photos/39879310@N02/3666674929/in/set-72157620661940642/

Oh, also: Tomorrow I visit Manhattan. Perhaps more pictures then.

Reviewing Scientific Papers May. 25th, 2009 @ 06:07 pm
I don't have any sort of claim to vast experience with reviewing papers or even a claim to producing useful scientific papers. Yet, I do have a claim to needing to take a break from a paper I'm reviewing to let my thoughts simmer down into something coherent. In the meantime, I thought I'd jot down a few thoughts on paper reviews. These thoughts aren't unique and it's unclear there's much of a contribution in stating them here, but perhaps a recasting of ideas in different words might inspire thought. (Or not, I keep re-reading this and it seems more rambling and disorganized than thought provoking. One day I'll learn to do drafts of things I write before hitting that submit button.)

Reviewing a scientific paper can be incredibly multifaceted. You can take a paper that demonstrates an amazing piece of technology that provides substantial improvements that the authors have data to back up and end up deciding it doesn't make a very good paper. The reasons why this is so can sometimes be hard to express. Especially to the poor disappointed authors who eventually receive your review and read it carefully for clues on how to vanquish whatever it was that turned you off from the research they've put so much time into.

Sometimes a paper's problem is that while one can take a piece of technology and construct an amazing system that works well in a lab, it can be highly unlikely that system will work well in real life. The thing is, you never know whether this is the problem. No one really has any clue what types of systems nicely transition from a lab to real-life. We all have ideas on which types of things will make the transition, but determining whether or not this is going to be a problem with a particular paper is not easy. Real life and reality have been frequently known to adopt sub-optimal solutions just as easily as they've been known to adopt triumphs of the research community. Completely accurate determinations as to which systems will succeed involve market forces, timing and a bunch of other factors not easily grasped, predicting the likelihood research turns to reality requires a type of foresight we haven't isolated. Since this problem is impossible, publication venues for papers generally base review criteria on the contribution a paper provides.

Generally, this means that in addition to creating a good system, one must bring something new to the table. The standard thought is that a paper that doesn't make some sort of contribution is just about unlikely to turn into reality as the work done before it. So even if the authors end up building a good system, if a very similar system has already been built, or the authors only solve a few simple issues along the way, we generally assume that solving those issues was not the limiting factor preventing that type of technology from finding it's way out into the world and making everyone's lives better. So when you read paper reviews or you end up reviewing papers, you hear a lot of discussion about what the contribution of each paper might be. The magnitude of the contribution, that is—the actual advancement in the paper—is the defining factor that usually determines a paper's ability to get published.

While this might seem to make sense, let me re-emphasize: The value of the paper is in it's contribution. No one cares what amazing things the system does if it doesn't also bring a contribution to the table. There are many papers which have laid out what should be really nice solutions to really pressing problems that never go anywhere because of niggling reasons reality cares about and academia doesn't. Unless a paper can show that they've overcome a specific problem with their system any future papers that build equivalent amazing systems aren't useful contributions to the field and will face rejection.

To make this all just a little more complex is the problem that no one really has a clear idea on what merits a good contribution. The type of contribution a paper might bring to the table is entirely ill-defined and often only begins to make sense through lots of practice. A contribution can sometimes simply be combining things together in a different way that uses some undefinable yet recognizable spark of innovation and/or insight to transform a series of most theoretical papers into a robust and deployable system. Another type of contribution is providing a fundamental building blocks that don't really yield any immediate benefit but will eventually (hopefully) be used by later systems to change the world. There are many other types of contributions. While all the types of contributions are important, everyone has slightly different ideas on how to reconcile the wide variety of contributions into a coherent scheme which dictates what papers are truly important and which are not.

It can be frustrating to end up giving poor marks to systems you think are good while giving good marks to systems you think are bad. But it's about the contribution, not about the system.

The end conclusion? Paper reviews are hit and miss. A lot of papers are easy to review and most people who read them agree on the outcome. Others however, are much less clear. Often I think, the more interesting papers tend to fall into the latter category.

Dealing with security questions May. 7th, 2009 @ 04:00 pm
These days everyone asks you for a question and answer combination to recover a password online. These often stump me... it's fairly easy to find out where I went to elementary school or what my mother's maiden name is. Everytime I have to make a new one of these I'm constantly put into a bind.

The trickiest part of coming up with a good security question and answer pair is trying to meet two criteria that have an annoying tendency to conflict:
  1. The answer to the question need to be something you'll remember or could easily find out.
  2. The answer can't be something anyone else would know or could easily find out.

It turns out, there is something that matches this criteria quite well. That's relationships and—more particularly for those who have one to take advantage of—a sexual history.

Now this isn't for everyone, obviously some people's sexual history is rather well documented on Web 2.0 and/or rather well known by their friends, but even in some of these cases it can at least cause quite a bit of work for an attacker and can be used for low-security low-risk type of Q&A pairs. Your friends often can mess with you in other ways, logging onto your accounts usually isn't one of the ones they care to bother with. But hey, maybe your friends like messing with you. Whatever, it's up to you.

There's obviously one more concern I didn't quite document either that's brought up rather quickly when you get into relatioinships and sex. The question shouldn't be that embarrassing. Sometimes you end up talking about these over the phone to some poor customer service representative and something like "Who did I first go down on under the bleachers of my old high school that one time?" is probably not a question or an answer you really want to share with them. That's just too much information. (By the way, for those wondering: This is not an example of a valid question that matches my history.)

So what types of questions are appropriate?

Well, did you ever have a short lived relationship? Simply asking the question:
"Who came before Xander?" or "Who came after Yolanda?" where either Xander, Yoland or the person who matches the answer to those questions could be the person you were in that short lived relationship with awhile back that your friends probably (and maybe hopefully?) forgot about by now.

Or even: "Complete the series: Xander, Yolanda, ???, Zeta." For those with more, uhm, elaborate histories the series could even be people you only did a certain types of acts with if you don't want it to be a simple chronological listing of relationships or partners.

Things like "Who was my first kiss?" tend to come up in those stupid Internet quizzes a lot, so avoid those. Things like firsts are often interesting information and people not yourself are likely to remember them. The person you kissed is likely to remember whether or not they were your first, they may not remember whether they were your fourth or fifth... so questions like "Who was the third person I kissed?" is much more likely to be something you'll still be able to answer but other people will find much more difficult.

Now these still leave some room for social engineering, but doesn't everything?

So go meet someone new tonight, it's a security issue.

(In related news... security implications of blogging about how you chose your security questions online? Probably not the best thing to do, leave it to the professionals.)

SCADA Systems Apr. 8th, 2009 @ 09:33 am
I recently sent a message out to the security research list at UCSD because we've been discussing SCADA systems lately. I thought I'd go ahead and post a variant of the message to my blog.

Before I jump into the body of the message I should probably mention that SCADA is a loose classification of a bunch of different types of systems that deal with industrial controls on private utility networks (among others). When people talk about hackers infiltrating the power grid and scream about the national security implications of something like that, these are the systems they are referring to.

So we've been talking about them. A lot of the security problems around these systems aren't that interesting, but the systems are important so what interesting problems there are with these systems are quite interesting. Here's part of what I wrote:

I recently found some SCADA boxes and got my adventuring companion to take a few pictures of them with her iphone. (Didn't have a camera on me.) I thought a few of you might be interested in the security you might find at these outlying sites.

The particular site we ended up seeing was the Black Mountain site which mostly contains cell antennas. It's easily accessible—you just climb the mountain—but it's remote enough where it's not closely monitored. Certainly if you snuck up there at night you could probably do anything you wanted. I didn't see any cameras either. The site looks like this:


The SCADA systems are nicely labeled:



And are protected with only the finest and most cutting edge security solutions available for under $20 at your local home depot:

(For those of you who don't like picking locks, a pair of metal cutters would do the trick equally well.)

The SCADA boxes aren't even located within any of the locked cages, but to get inside those isn't hard either. This was the typical lock configuration. Talk about the weakest link:


I was perplexed for some time on why they set things up this way and finally realized that they've got a bunch of different organizations using these sites and no common key distribution, so each organization just puts their own lock on the chain and that way each org's field maintenance people can get in without having to coordinate with the others.

I found it slightly amusing that I could throw a lock on there between the two links before their sets of locks and mess up their entire system. One wonders how long it would take before each organization to have their access restored to the site as they'd have to cut the chain and then redeploy each org's locks on there. It doesn't seem like they talk to each other all that well. Of course they could try cutting the lock, but I'm sure you could put a lock on there that would make them opt to cut the chain instead.

You'd think there'd be enough crazy "oh no cell phone towers are killing our children and making my back ache" people out there that you'd get a few who'd want to lock repair people out of these facilities, but I guess this type of attack just isn't that common...

Anyway. I didn't try hooking into any of the SCADA systems. (I didn't have a laptop with me either, this was a spur of the moment hey what's that on that mountain there, let's go climb it and see type of thing. Usually I'd have a small amount of equipment hanging around in my car, but she drove so I didn't have access to that.) So, I can't say for sure how easy it would be to enter their network here, but if you were looking for a place, this is one of many.

We probably have a few on campus too in the facilities complex if anyone wants to take a look.
Tags: , ,

Interesting thing to note Mar. 24th, 2009 @ 08:19 pm
Nuclear reactors could also be used as desalinization plants.
Tags: , , ,
Other entries
» Using cmake
So today I decided to use cmake for one of my projects. I'm not entirely convinced it's going to save the world yet, but I'm convinced that I should give it a try. qmake is one of my favorite build systems and this seemed like the closest thing that didn't actually require installing qmake. (Which on most distributions still isn't packaged separately from Qt and while I like Qt, requiring it to generate makefiles is a bad plan and a good way to annoy anyone who doesn't already have Qt installed.)

So I dove into cmake. It's reasonably similar to qmake, if a bit more ugly. I usually start out most qmake projects with the "qmake -project" command which stares at the files you have and generates a little basic project file. Then you modify this to make it do what you actually want. cmake doesn't have such a thing by default, so my advice is to do this:

$ wget http://websvn.kde.org/*checkout*/trunk/KDE/kdesdk/cmake/scripts/gencmake
$ chmod +x gencmake
$ mv gencmake ~/bin
$ cd ~/projects/projectname
$ gencmake


gencmake has now taken its place as yet another vital script in my ~/bin directory. I hope some of you find it as useful as I did.
Mar. 20th, 2009 @ 02:44 pm
» So an alternative to blogging
So I haven't been blogging much, but for sharing small inane things I've been using tumblr a bit:
http://djcapelis.tumblr.com/

Not that I've been using that much either, but for those of you who use RSS readers and want more things to aggregate, here's a low-traffic median on which I occasionally link to random things I encounter on this Internet thing.
Mar. 11th, 2009 @ 11:09 am
» Shooting yourself in the foot: a case study
This is me complaining about this particular item of news:
http://tech.slashdot.org/article.pl?sid=09/02/09/1348255

This is dangerous. First off, it's ineffective because someone will just create a program that manually loads other programs into its own address space and does co-operative multiplexing between them. While this type of program would actually be fairly easy to create, it causes large changes: This is just going to result in desperate users pushing the identity of a process outside of the control of the operating system into an annoying userspace app. Users will gladly cast aside memory protection and pre-emeption to do this type of thing... it doesn't immediately effect them.

There's two ways this can play out:
1) Microsoft places a limit on fork() (I can't remember the Win32 equiv, but it's there) and forces three applications to actually mean just three processes.
2) Microsoft doesn't place a limit on fork() and everything I said above is null because the one app actually will be able to give memory protection, process identification and pre-emeption abilities back to the OS. Then it turns out Microsoft's restrictions are completely useless and can be nullified by one little small program that re-implements the OS loading code. If it goes ahead and does the right thing to hook the syscalls on the system it'll even be able to do this transparently and getting around these restrictions will be as simple as double clicking on the installer.

It's times like this I almost wish I did a little windows development just so I could write this application and show them how ridiculous restrictions like this are.

In short, the choice Microsoft says they'll be making for monetary and marketing concerns either ends up doing nothing at all except providing an annoyance or provides their end-users with a more dangerous operating system environment that neuters their own OS while still not effectively providing a limit on the number of concurrent codebases running on the computer.

Your turn.
Feb. 9th, 2009 @ 09:19 am
» Hmmm... does anyone know what this means?
Anyone know what this means?

[  118.830022] ------------[ cut here ]------------
[  118.830026] WARNING: at drivers/gpu/drm/i915/i915_gem.c:2470 i915_gem_idle+0x179/0x341()
[  118.830028] Modules linked in:
[  118.830032] Pid: 5377, comm: X Not tainted 2.6.28.2-DJC-AES #5
[  118.830034] Call Trace:
[  118.830041]  [] warn_on_slowpath+0x51/0x6d
[  118.830046]  [] lapic_resume+0x171/0x1fc
[  118.830051]  [] _spin_lock_irqsave+0x23/0x2a
[  118.830056]  [] lock_timer_base+0x26/0x4b
[  118.830060]  [] try_to_del_timer_sync+0x46/0x4f
[  118.830064]  [] i915_gem_retire_requests+0xf2/0x114
[  118.830068]  [] i915_gem_idle+0x179/0x341
[  118.830071]  [] i915_gem_leavevt_ioctl+0x0/0x35
[  118.830075]  [] i915_gem_leavevt_ioctl+0x14/0x35
[  118.830079]  [] i915_gem_leavevt_ioctl+0x0/0x35
[  118.830083]  [] drm_ioctl+0x1d2/0x260
[  118.830087]  [] vfs_ioctl+0x55/0x6b
[  118.830090]  [] do_vfs_ioctl+0x373/0x3ae
[  118.830095]  [] vfs_write+0xcd/0x102
[  118.830098]  [] sys_ioctl+0x51/0x70
[  118.830102]  [] system_call_fastpath+0x16/0x1b
[  118.830105] ---[ end trace 3a06ac7332c964b0 ]---
[  118.873541] mtrr: no MTRR for 80000000,10000000 found


xf86-video-intel version 2.6.1, libdrm version 2.4.4, kernel 2.6.28.2, Xorg 1.5.3-r1 (gentoo's patchset) configured for UXA.

Configuration:
aes ~ # gunzip -c /proc/config.gz | grep -i drm
CONFIG_DRM=y
# CONFIG_DRM_TDFX is not set
# CONFIG_DRM_R128 is not set
# CONFIG_DRM_RADEON is not set
CONFIG_DRM_I810=m
# CONFIG_DRM_I830 is not set
CONFIG_DRM_I915=y
# CONFIG_DRM_MGA is not set
# CONFIG_DRM_SIS is not set
# CONFIG_DRM_VIA is not set
# CONFIG_DRM_SAVAGE is not set

aes ~ # gunzip -c /proc/config.gz | grep -i mtrr
CONFIG_MTRR=y
CONFIG_MTRR_SANITIZER=y
CONFIG_MTRR_SANITIZER_ENABLE_DEFAULT=1
CONFIG_MTRR_SANITIZER_SPARE_REG_NR_DEFAULT=1

aes ~ # xrandr -q
Screen 0: minimum 320 x 200, current 2624 x 900, maximum 2624 x 900
VGA connected 1024x768+1600+132 (normal left inverted right x axis y axis) 304mm x 228mm
   1024x768       60.0*+   75.1     75.0     70.1     60.0*
   832x624        74.6
   800x600        72.2     75.0     75.0     60.3     56.2
   640x480        75.0     72.8     72.8     75.0     75.0     66.7     60.0     59.9
   720x400        70.1
TMDS-1 connected 1600x900+0+0 (normal left inverted right x axis y axis) 443mm x 249mm
   1600x900       60.0*+   60.0
   1360x765       60.0
   1280x800       60.0
   1152x864       75.0     75.0
   1280x720       60.0
   1024x768       75.1     75.0     70.1     60.0
   832x624        74.6
   800x600        72.2     75.0     60.3     56.2
   640x480        75.0     72.8     72.8     75.0     66.7     60.0     59.9
   720x400        70.1

aes ~ # glxinfo | grep -v GL | grep -v extensions
name of display: :0.0
display: :0  screen: 0
direct rendering: Yes
server glx vendor string: SGI
server glx version string: 1.2
client glx vendor string: SGI
client glx version string: 1.4

   visual  x  bf lv rg d st colorbuffer ax dp st accumbuffer  ms  cav
 id dep cl sp sz l  ci b ro  r  g  b  a bf th cl  r  g  b  a ns b eat
----------------------------------------------------------------------
0x21 24 tc  0 32  0 r  y  .  8  8  8  8  0 24  8  0  0  0  0  0 0 None
0x22 24 dc  0 32  0 r  y  .  8  8  8  8  0 24  8  0  0  0  0  0 0 None
0x69 32 tc  0 32  0 r  .  .  8  8  8  8  0  0  0  0  0  0  0  0 0 None


This seems like maybe a configuration issue and not an actual bug... but where do I even look for information about something like this?

Of course, X works... just not terribly well and the last part is definitely a problem. (The part showing no acceleration enabled whatsoever as reported by glxinfo... glxgears gets to about 60FPS when I get lucky and otherwise goes to hell.)

Random gripe only vaguely correlated: The manpage for genkernel does not match the actual tool. The person who changed the tool without updating the manpage for it should be summarily whipped. Bad bad bad to change the command line options on a tool for no apparent reason and then not even update the documentation or leave behind stubs that say "X is deprecated, it's now Y" when the old switches easily map to new ones. Who the hell taught this team how to make a tool? I swear to god as soon as dracut gets just a bit more ready I'm switching to that to make my initrds instead of using genkernel. (Making initrds is the only thing I use genkernel for at the moment now anyways.)
Feb. 3rd, 2009 @ 11:49 am
» Yet another metric

These are R&D Expenditures in CS and EE for FY2006 according to the NSF. I combined these because it doesn't actually make sense to do them separately. You just get whacky results if you do that, like lists that don't include Berkeley or U Washington or a list that shows CMU and MIT doing terribly. Now I really don't particularly care if someone gets a bunch of data for materials synthesis for nanoelectronic fabrication techniques, there's a lot of other things within CS that I also don't particularly care about. It would be nice if I were to pull more specific funding numbers for say, specific NSF programs like Cybertrust ranked by institution, but I haven't gotten around to it.

What I did here is I grabbed everything that was over 10 million/yr in expenditures on each of the CS and EE lists and then combined them to create a composite index of combined EECS spending. (Which is why none of the programs below $20 million have a combined rank, because I didn't combine the full sets.) I also included a few different institutions I found interesting just for kicks including most of the UC system and a few ivies along with some more random ones. A few of them have comments about their YOY trends (which are present on the CS numbers only for this analysis) including departments that look like their funding generally is unstable and problematic or departments that are on upward or downward trends or appear to have just landed or lost one large grant.

Dollars in thousands:

Overall Funding Rank CS Funding Rank EE Funding Rank Institution CS Funding EE Funding Combined Funding
1 4 1 JHU 70,268 (less than 10%+/- YOY for 4 yrs) 133,026 203,294
2 7 2 Georgia Tech 47,560 114,330 161,860
3 1 19 CMU 117,865 20,626 138,491
4 3 9 University of Illinois, Urbana Champaign 81,675 (Large YOY decrease) 39,819 121,494
5 2 15 University of Southern California 93,573 24,539 118,112
6 5 5 University of California, San Diego 64,466 50,185 114,651
7 11 4 Pen State System 32,371 62,257 94,628
8 8 10 UT Austin 41,897 37,600 79,497
9 6 14 MIT 49,500 28,701 78,201
10 NR 3 University of California, Berkeley NR 74,978 74,978
11 9 21 University of Maryland, College Park 37,605 19,857 57,462
12 13 12 Stanford 21,922 (Persistent YOY increases) 31,938 53,860
13 10 22 Ohio State System 33,693 16,211 49,904
14 29 8 Virgina Tech 10,032 39,819 49,851
15 12 26 Cornell 28,091 14,372 42,463
16 43 11 Purdue University 8,232 34,201 42,433
17 26 13 University of California, Santa Barbara 10,671 31,081 41,752
18 NR 6 University of Michigan System NR 41,133 41,133
19 NR 7 Utah State System NR 40,972 40,972
20 19 18 University of California, Los Angeles 15,992 21,426 37,418
21 27 16 Arizona State University, Main Campus 10,409 23,949 34,358
22 16 31 University of Massachusetts, Amherst 17,404 (less than 10%+/- YOY for 4 yrs) 11,575 28,979
23 25 24 University of California, Irvine 11,699 15,223 26,922
24 21 35 University of Wisconsin, Madison 14,454 10,793 25,247
25 18 NR University of Minnesota System 16,606 7,799 24,405
26 NR 17 University of Washington NR 22,874 22,874
27 30 30 Princeton University 9,779 12,903 22,682
28 37 29 Brown 8,839 13,459 22,298
29 14 NR University of Hawaii, Manoa 21,252 NR 21,252
30 51 28 Drexel University 6,763 13,729 20,492
31 28 36 Clemson University 10,226 (5x YOY increase?!) 9,910 20,136
32 68 25 North Carolina State University System 4,907 15,124 20,031
NR NR 20 Vanderbilt University NR 19,924 19,924
NR 59 27 University of Arizona 2,285 14,283 19,786
NR 20 NR University of Utah 15,020 3,147 18,167
NR 15 NR University of Chicago 18,144 (Big YOY increases lately) NR 18,144
NR 61 34 University of Florida 5,479 11,329 16,808
NR 22 NR University of Illinois, Chicago 12,594 4,184 16,778
NR 17 NR Oregon Health and Sciences University 16,702 NR 16,702
NR 44 NR University of California, Davis 7,795 (Big YOY increase) 8,372 16,167
NR NR 23 Northeastern NR 15,976 15,976
NR 36 NR Caltech 9,136 6,430 15,566
NR 73 32 Duke University 2,285 11,570 15,497
NR 42 NR SUNY Stony Brook 8,366 (Large YOY fluctuations) 6,692 15,058
NR 87 33 Rensselaer Polytechnic Institute 2,285 11,367 14,446
NR 23 NR Indiana University System 12,397 NR 12,397
NR 24 NR University of North Carolina, Chapel Hill 11,764 NR 11,764
NR 69 NR Dartmouth 4,821 5,943 10,754
NR 99 NR University of California, Santa Cruz 2,285 4,632 6,917
NR 67 NR Yale 4,940 NR 4,940
NR 100 NR University of California, Office of the President 2,243 NR 2,243
NR NR NR Just for Kicks, UCSD + UCB + UCSB + UCLA + UCI + UCOP NR NR 304,881

University of Hawaii, Manoa seems to have come out of nowhere... I'm really surprised they're raking in as much money as they are. It would be interesting to see what grants are currently outstanding with them...

For those wondering why U Washington is so low... I would guess that it might have to do with proximity to a certain alternative computer science funding source around the Redmond area. Why bother with federal funds when you can just walk across town and ask for a check?


Jan. 18th, 2009 @ 08:04 pm
» Curiosity, it just doesn't stop.
So someone on a forum suggested that something weird seems to have happened with the AS elections and the votes in favor of the referendum plus those against didn't add up to the total. In addition, the turnout numbers seemed remarkably high given the usual apathy of our student body. While I strongly doubt the university intentionally altered the results and even doubt that the university accidentally had an error in the software they used to collect the votes of the students on campus, I couldn't state for certain that this was not the case. This bothered me.

So this morning I sent the following:

From: D.J. Capelis
To: (easily determined, but I'm removing this information anyways.)
Cc: (easily determined, but I'm removing this information anyways.)
Subject: Public Records Request: Source Code for Recent AS Election
Date: Sun, 18 Jan 2009 11:25:51 -0800


Hello,

This is a public records request under the California Public Records
Act, which as I'm sure you're well aware, occupies sections 6250 though
6270 of the California State Government Code, inclusive.

This request is being sent to the official e-mail address of the campus
public records coordinator and is being cc'd to (edit) in
case the university feels that this request relates to student records.
Arguably, the relation is tangential, but for completeness I'm opting to
notify this individual as well as requested by
http://adminrecords.ucsd.edu/IPARecords/Index.html

The information I am seeking for disclosure of is any and all computer
applications (in the form of electronic source code) that tabulated,
counted, computed, validated or authorized the votes in the recent
Associated Student Fee Referendum held earlier this month. I am not
seeking the release of any individual student information, votes,
records or logs at this time, but simply wish to audit the source code
involved in the processes listed above.

I welcome any assistance your office wishes to provide me in creating a
narrower or more focused request as provided by section 6253.1 of the
government code. I would like to also reiterate that I am requesting
these records in an electronic form as provided by Section 6253.9 of the
government code.

If your office deems that these records are not required to be released
under the California Public Records Act, I would respectfully remind you
that several portions of section 6254 of the government code explicitly
state that the university is allowed to release records it is not
explicitly required to release under the act. I would encourage you to
do this as the public interest is best served by transparent and
auditable elections and the university should be a champion for
increased transparency. Further, release of these records allows the
university to alleviate suspicion, however small and insignificant, of
misconduct or inadvertent error during the voting process.

Further, if the university ends up denying this request for release of
records under the terms of this act, I would be happy to accept the
records under different terms. If these alternate terms were to
including requirements which prevent me from disseminating the actual
records themselves, this would be acceptable so long as the terms do not
prevent me from disseminating the results of my audit. (The university
will of course, be provided with a copy of the audit and terms which
would allow the university to request I not release the audit publicly
for up to 30 days after the university receives it would also be
acceptable, though unfortunate.)

It seems to me that the university could only benefit from this as I
have been employed within positions of the university where I had far
greater access to such data and have been called upon to audit source
code in the past. You would in fact, be receiving my work for free in
this instance as well as serving the public interest and clearing up
doubt around an elections process. Electronic voting is an area of
increasing public concern and having a third-party audit and report
their results would only provide benefits to the university. I would be
happy to provide the university with a summary of my qualifications and
if necessary, affidavits from researchers who have been involved in such
reviews at the state and federal levels which would testify to my
qualifications to perform such an audit.

Respectfully,
D.J. Capelis


I'm expecting them to deny the request in whole under several sections of the act and opt to pursue none of the alternatives I outlined for them. But I figured I'd at least give them an opportunity to say no.
Jan. 18th, 2009 @ 11:31 am
» An "old" project
Last year in CSE 240B (UCSD's graduate level parallel architectures course) I took the opportunity to design a new ISA for my final project in the course. I've always disliked the fact that ISA design is no longer a field of research anymore and so I started off with ambitious goals:

The fundamental principles of ISA design have remained the same for decades. The gigahertz wars of the 1990s adversely impacted ISA design. During this time, ISA design has been stagnant. Yet with the rise of multicore platforms, this is starting to change. We are seeing active research on dataflow architectures and ISAs which have been forgotten for years, if not decades. This makes today an exciting time to be an ISA designer. This project tried to re-capture some of the spirit of the original ISAs and create something rather different, whacky and perhaps a little fun.


In reality, the ISA I designed has the following properties:
  • It's truly atrocious to try and program with
  • Portions of it are completely unwise and infeasible to implement in hardware
  • Some of it is just not well thought out


That said... it's a very interesting project and contains some things are a bit strange:

(That should really say "instruction stream" and not "process" under the "kill" instruction there... did I mention this paper was hastily written for a class project during finals week?)

Some of the fundamental ideas *or* vaguely interesting results:
  • Treat data like code and code like data. (Arguably I didn't go far enough with this and should have looked at making the data implicit and not via registers... not sure how this would have ended up working though...)
  • MIMD on the instruction set level
  • Bring loops into hardware
  • Loops sometimes easily transparently decomposed onto multiple cores
  • Modular instruction set designed to support heterogeneous manycore architectures
  • Automatic core migration based on available capabilities and functional units
  • Native and "fast" hardware synchronization primitives via wait/kill (which is arguably just a weird implementation of free/busy bits)
  • Extremely small set of core instructions


Naturally, I implemented exactly none of this functionality in hardware and this was more of a fun thought exercise than anything else.

The presentation on the project can be accessed here and the hastily written final project report can be accessed here.

I'm not sure if any of this actually makes sense if you were to try and just read the documents I've posted, so feel free to e-mail me if it doesn't.
Jan. 17th, 2009 @ 03:12 pm
» Reposted with minimal comment
This was a message posted to the university's system administrator's list today. I agree that it symbolizes a notable shift and felt the need to repost it here.

With no additional commentary, the first part of the announcement is as follows:


ACS/Software Distribution started in large part about 20 years ago to support
the Sun Software consortium. Today I got word that Sun is no longer offering the
sunsolve software support contracts such as we have had. So 1/31/09 when our
current contract ends, will mark the end of an era.

The large movement to the free distributions of Solaris and tools such as MySQL,
and xVM Virtual box (http://www.sun.com/software/) seems to have marked the end to
the need for paid OS updates and such as we have historically provided.

The UC system agreement that currently ends 04/25/2009 (with probability of
renewal), is a baseline price schedule agreement for all Sun Hardware, Software,
and Data Storage from Sun and what was StorageTek (The separate StorageTek
agreement was merged with the sun Agreement). This does not include any specific
software or support activities, just the discount structure from their list
prices. But we do plan on keeping our discount agreement going system wide.

What replaced the sunsolve OS support? Sun now sells OS support priced by the
"Socket", (not the cpu core). The details on Solaris Subscriptions (pricing per
socket) are detailed at:

http://www.sun.com/service/subscriptions/prices.html

This support can be acquired for either purchased Solaris, or OpenSolaris, to get
access to non-public patches and such for Solaris 7 and later as I read it.

Other software service plans are detailed at:

http://www.sun.com/service/serviceplanssoftware/index.jsp

And software support information specifically specifically starts at:

http://www.sun.com/software/index.jsp

Jan. 15th, 2009 @ 04:03 pm
» Looking back
There's a point after you start a project where it takes on a life of its own and you are no longer the sole force in the world keeping it alive. A lot of open-source projects never actually reach this point and many project sites like sourceforge are littered with projects you've never heard of that died because their main developer stopped working on it.

This isn't a bad thing and we've all had a few projects like this. It's just part of the natural ebb and flow of software development.

Tonight I looked at all the projects I started and tried to find the first one that reached this point. The answer, as it turns out, is a modest plugin I built for mediawiki a few years ago: http://www.mediawiki.org/wiki/Extension:Shibboleth_Authentication

I think this might have been the first complete piece of software that I was able to take from idea through implementation and end up at a point where today, I rarely even know what the current version number is. I no longer fix any bugs on the project and my last change to the source code was to change the comments at the top of the file to indicate that I was no longer the maintainer.

Now this isn't that the projects I've left all died, I've been part of plenty of successful projects that carried on just fine when it was time for me to leave. Before this I had also had code I developed independently for things survive me before, but usually because it was integrated into a larger project and a larger developer community took ownership of it. This plugin seems to be the first instance I can remember where the project I wrote ended up with enough of a community where an independent project I started kept going after I left it while staying independent.

Anyone else want to share what the first project you started that didn't die when it was time for you to move on?

(Your answers don't have to be confined to open-source projects, but if it's a project from within a software company it really should be about a project you actually started, designed, implemented and drove yourself.)
Jan. 7th, 2009 @ 12:57 am
» It was easier than setting up a mailserver...
Okay, so maybe this is not the best way to "prove I have an ipv6 enabled mailserver" but it was definitely a way.

djc:~# nc6 -l -p 25
220 ipv6mail.capelis.dj
HELO ipv6.he.net
250 Hello!
MAIL FROM: <ipv6@he.net>
250 ok
RCPT TO: <ipv6@ipv6mail.capelis.dj>
250 ok
DATA
To:
From: ipv6@he.net
Subject: IPv6 Certification Mail Test
Please insert the following code into the website at http://ipv6.he.net/certification:
XXXXXXXXXX


.
250 ok
QUIT


Type fast to avoid a timeout. :)

(Also it's a little confusing because netcat actually never tells you when someone's connected, so just assume a connection happens after you press the send button.)

Also does this mean I now *am* an IPv6 complaint MTA? Like personally?
Jan. 2nd, 2009 @ 03:58 am
» Sometimes...
So since I have no idea what's actually going to happen with my life in six months combined with the year rolling over and bringing on what can sometimes be a problematic period of self-reflection... I made one of these:
---------- 1 djc djc 695 Jan 1 23:38 /home/djc/docs/planb

So, with that taken care of, I can get back to other things.

(And yes, actually having something written down, even if it's only 695 bytes of a plan, does actually make me feel a lot better. It's not even that good! It doesn't have to be, that's not important. It just needs to exist.)
Jan. 1st, 2009 @ 11:32 pm
» Research highlights for the year
Sometimes it's nice to take an opportunity to just take a look at what you did in a year, so here's my research highlights for the year:
  • I invented escalation accounts with pam_escalate.
  • I re-invented the session layer with fived.
  • I re-architected virtual memory with AppSheath.

Not too bad.

Lots of implementation work to do still though.
Dec. 31st, 2008 @ 05:00 pm
» Cholesterol Screening
Now that I'm back in San Diego, I can compare my results from my cholesterol tests with the previous ones and actually see what's causing this still in range and totally fine but monotonically increasing cholesterol number.

Here's what I was worried about:

So while none of the scores are that high (200 mg/DL is borderline) the trend certainly is slightly worrying and I was slightly concerned that if this continued I was going to be having to worry about my cholesterol by the time I was 25.

But it turns out, a lot of the increase in my total cholesterol since last time was actually my HDL rising:

HDL is supposed to be "good" cholesterol... (Under 40 is bad, above 65 is good.)

And the LDL has been mostly stable since the last test:

(Under 100 is good, under 130 is okay, above is borderline to high.)

And the triglycerides account for the rest of the jitter in the data:

(Anything below 150 is fine)

But mostly this is an opportunity to have fun with Google's chart API.

(For those just tuning in, my family has a history of heart disease and I'm overly cautious in checking my cholesterol so I can continue my steak, sugar and eggs diet without worry.)
Dec. 29th, 2008 @ 02:28 am
» 60 Senate Seats Would Have Been Bad
I think Democrats can all breathe a sigh of relief now that, as of Georgia's runoff, there's no possibility of them reaching 60 senate seats this cycle.

The wild idea of getting 60 senate seats was an incredible goal that everyone wanted mostly because that's the next threshold after 50. I'm not sure how many people actually carefully considered whether it would be desirable to have exactly 60 democratic senators, placing the entire government in democratic control only if the democrats had immensely strict party unity.

That last part is the problem. There had been reports for a long time now from Washington insiders which basically indicated that anything over 57 seats was going to be enough to break almost all filibusters. The idea that the party in the majority can't find 3 people to cross is kind of ridiculous, the idea that democrats can't find 1 or 2 is even more so.

So 57 is enough to actually get almost any kind of legislation through. Why would we want 60?

It turns out, 60 senate seats would have been the one of the most dangerous things that would have happened to the Democrats this election. Consider the power dynamics of 60 seats. First off, since the Republicans are mostly powerless, they'll be huddling in a corner feeling totally attacked and will vote with a surprising amount of unity that might be unlike anything we've seen in the Senate before. See the California State Legislature where this type of behavior occurs every summer.

Second, the 60 seat majority means every single Democratic senator has an immense incentive not to vote the party line. Even a threat of voting against filibuster would allow a Democrat to force concessions, add pork, do whatever to reign the individual senator back in. At exactly 60 votes, the Democrats just don't have enough senators to spare to discipline anyone. (See for instance, what happened with Lieberman. (I-CT)) This means that at 60 seats the democratic party, far from being unified for change, instead consistently fractures, deals with internal fighting and united Republican party. Bipartisanship happens only for stasis and never for change and herding cats in the Senate becomes Obama's largest job. Not fun.

Third, at 60 seats, everytime the Democrats lose a filibuster on an important piece of legislation... the public is going to see it as the Democrat's failure to govern. At anything less than 60, you can still blame republican obstructionism, even when it isn't. The Democrat's next step needs to be able to get to 63 in 2010 to avoid these problems, so they can't afford any bad PR while they're in power.

Fourth, the Republicans being at 42 or 41 seats is going to fracture their party just as much or more than the democratic party would be fractured. Their party is already doing very badly because of the national elections, but the demographics in the Senate will help amplify the larger battle for the GOP's soul and hopefully split the entire party. Each Republican senator will have a huge incentive to defect and vote for cloture. The Democrats can add gifts to the bills at random, the Democrats can ask for votes that are politically problematic to filibuster (See SCHIP) and the every single time a Republican defects he can do so claiming that he's a leader in the new era of the bipartisan push for change. On politically popular items, that's going to be a big incentive for any Republican to tell their own party to go to hell.

Summary: At 58 or 59 seats, any bipartisanship in the Senate leads to change. At 60 seats, any bipartisanship in the Senate leads to the status quo. Which do you think is more appropriate given our President-elect?

So while I don't like Chambliss (R-GA) as a person or even as a senator, I'm quietly glad he won. It means Republican party fractures instead of the Democratic party. While it's mean to want either of them to fracture... I know which side I'd prefer to have an incentive to screw their party and cooperate.

For anyone who'd prefer just to read political commentary: Just the political entries of my blog - Feed with politics entries only Don't yet have nice links for anyone to use to *exclude* political commentary though.
Dec. 3rd, 2008 @ 04:56 am
» TripLog - Silicon Valley - Sept 4th
This is part of my continuing series where I recount my trip in September instead of doing the work I need to do today.

(The tense continually switches while I write these for reasons I haven't quite figured out, please try not to let it annoy you too much. Still trying to work out the whole active writing that still allows for brief asides from the present to plop into the middle of the text when needed issues.)

This is the second entry in the series of entries on my trip. You can follow the whole series here

Recall from last time

At this point I've just gotten into the Bay Area and crashed at the aptly named Chez Fun, where IPv6 internet, spare couches and a few of my friends are all easily accessible. Having gotten into town around 6am, I went inside and passed out on a couch rather quickly.


Sept 4th — Around 10:30am

After 5 hours of what seems to be satisfactory sleep, I wake up to an unfamiliar ceiling in the middle of silicon valley. I'm surprisingly oriented and after an attempt at getting my bearings, am in the car driving towards Stanford.

The night before, I had printed out directions on how to get to Stanford, a campus map and a few names of some professors that appeared to be doing interesting work. Since I was in the area, I figured I might as well stop by and see the school and maybe bother a professor or three. Since this was the closest to where I was staying, I figured it was a good place to start.

After wondering a bit on the campus, having made the foolish mistake of assuming that the top of the campus map would point north, I finally find my way to the Gates Computer Science building. As it turns out, this was not nearly as helpful as I hoped it would be. None of the professors I wanted to talk to were in their offices. It was break for them, so this wasn't entirely surprising, but still disappointing. On the upside, I take the chance the see the campus and the offices of a few people of note. Walking around the building and seeing some of the names on the doors was fairly interesting.

Having mostly failed to do anything other than give myself a tour of their campus (which I found interesting enough to make the trip worth it) I go ahead and get online briefly to reconnect with my friends in the area.


Sept 4th — Ten minutes after Noon on #sdcolleges

12:10 < DJCapelis> HA!
12:10 < DJCapelis> I couldn't get on the wireless here... but I found an old sun workstation.
12:11 * DJCapelis doesn't have a real console emulator
12:11 * DJCapelis needs to change his password on his workstation :(
12:12 * DJCapelis is at stanford
12:12 < Tautoz> stanford?
12:12 < Tautoz> what are you doing at stanford?
12:13 < numist> DJCapelis: at home I have an open AP with the SSID:
12:13 < numist> should work fine on the desk-side of the house
12:13 < numist> Tautoz: he's here for the Graton Invasion
12:13 < Tautoz> well, yes
12:14 < Tautoz> oh, right, it's up by where you guys live
12:14 < numist> it's walking distance, yeah
12:14 < numist> although, when I left there were no cars at Chez Fun, so he probably drove
12:15 < DJCapelis> I did, I parked at the hospital
12:16 < DJCapelis> I decided to bother some people here and see what I could see
12:16 < DJCapelis> no one is in their office :(
12:16 < DJCapelis> On the upside, I found Knuth's office.
12:17 < DJCapelis> btw, Tautoz... lunch?
12:18 < Tautoz> DJCapelis: I carpooled, so don't have a car
12:18 < DJCapelis> I do

And so it was settled. I arrive about an hour later at Yahoo, where Tautoz is working. We run out to a nice Pakistani place in the middle of the Valley and have a good lunch. When we get back to Yahoo, Tautoz is nice enough to show me around a bit. It's an interesting campus and I can see where it gets a reputation on being one of the companies that define the traditional working environment in Silicon Valley. Many are remarkably similar to each other. Yahoo's rendition is pretty good.

Before I leave Tautoz, we call a mutual friend and let him know we were coming to dinner. I make some plans with Tautoz for him to skip his carpool and we plan for me to come back later and grab him for dinner after he's done with work.

After saying goodbye to Tautoz, I grab my map and see which of my friends is working closest. I make a phone call.


Sept 4th — A little after four

I pull up in one of the myriad of Cisco's many parking lots and try and figure out where I am. Cisco opts for the "many small buildings (and by small I mean four story buildings) scattered about over a bunch of land" approach to building office space and so it can be a little disorienting to figure out which building it is you need to go. The other thing that's odd about the campus is while you walk around, you notice almost everyone is Indian. No one seems to be exactly sure why that happens at Cisco, but it is interesting nonetheless. After clarifying with my friend which building he works in, I take off towards his building and arrive in the lobby.

I get a visitor's badge (needed one at Yahoo too) from the receptionist, my friend arrives downstairs, signs me in and we're off. Being both a prick and a security guy, I do what any security person would do when given a visitor's badge and put it out of sight in my pocket. My lack of badge did not cause a stir, or even a glance, through our entire visit. In my experience, this was fairly typical of most Silicon Valley companies where they require a visitor's badge at the perimeter but do little once you're inside the doors.

It seems to be a reasonable enough approach. The only exception to this was Apple and VMware, which each represented the "we really care about building security" and the "we don't care about building security" extremes of the spectrum. I'm still not sure which is the approach that makes more sense, there's certainly an attractiveness to the VMware open environment and one wonders if the cost/benefit of what Apple does is really worth it. That said, these environments probably are the right choice for each of these companies as they have some different kinds of needs and attitudes towards secrecy in general.

Anyways, since my friend happened to be working in the core routing group, the story picks back up in the server room for his floor: Racks stretch across the entire expanse of the room just full of routing equipment, which perhaps makes it more of a router room than a server room. I stare at the amazing number of differently colored fiber cables just strewn about the place. While the room isn't exactly disorganized... it's clear they use the place.

My friend shows me the equipment his project and as we're walking down the racks I turn to him and ask "hey are those HFRs?" They were. Two HFRs just sitting there, side by side. They weren't the only pair in the room. For those of you who haven't clicked on the wikipedia article the link points to, the official name for the router is "Carrier Routing System" but the codename is much more simple, and apt: HFR, or Huge Fucking Router. The marketing group vehemently disagrees and says it stands for Huge Fast Router. Sure.

Anyways, that was one of the most impressive rooms I've ever set foot in.

After chatting a little bit more about what it was my friend was actually up to all summer, I leave about an hour after I came and wandered back towards Yahoo to pick up Tautoz.


Sept 4th — Dinnertime, San Jose

Tautoz, a San Jose native, guides me through a dizzying number of surface streets to reach downtown San Jose from Yahoo without actually going on any freeways. We arrive at Ben's place in time for dinner. After knocking on the door, we're shown in, get a small tour and meet their new puppy. As new puppies are prone to do, it's both loud and quite cute. I have to say, it was pretty interesting to see my friend in an apartment, with a puppy and a boyfriend. He transitioned from college student to stable adult pretty damn fast.

So then we went out to dinner in Japantown. We pick a place that Tautoz and Ben agree on, so the fact that the place was good was hardly a surprise. We all have an excellent dinner and after dinner walk back to their place and continue discussing random topics for awhile. We eventually part, I drive Tautoz back to his place and end up back at Chez Fun for the night.

I get online, get a little bit of work done and finally get my second full night of sleep for the week. (September 4th was a Thursday, for those keeping track.)
Dec. 1st, 2008 @ 05:01 am

Advertisement
Top of Page Powered by LiveJournal.com