Author: adamo

I am a Greek DevOps Engineer ranting about everything, from email to sports; to living in Athens, Greece.

“Personal Renewal”

I found out about John Gardner’s “Personal Renewal” from a tweet by @karounos. Being employed in the public sector one gets struck by boredom fairly easily and even when not bored one wonders on the meaning of his work:

Someone said to me the other day “How can I be so bored when I’m so busy?” And I said “Let me count the ways.”

I found this essay highly inspirational:

There’s a myth that learning is for young people. But as the proverb says, “It’s what you learn after you know it all that counts.” The middle years are great, great learning years. Even the years past the middle years. I took on a new job after my 77th birthday — and I’m still learning.

and even amusing at times:

Another example was Pope John XXIII, a serious man who found a lot to laugh about. […] When someone asked him how many people worked in the Vatican he said “Oh, about half.”

Do yourself a favor and read the speech, even when on the bus.

crypt(3) archaeology

There seems to be a bug biting crypt(3) on Lenny amd64. On such platforms when using crypt(3) with the traditional DES scheme you get a segmentation fault. You do not get this when using the Modular Crypt Format ($digit$ password hash style). Fortunately, for the problem I was facing, I located and used the crypt(3) implementation from the Seventh Edition Unix. It is available from The Unix Heritage Society thanks to Henry Spencer.

Deliverability versus delivery

I copy from Word to the Wise:

  • Delivery is what happens to a particular email. It is what ISPs are most concerned about.
  • Deliverability is the delivery potential of a particular email. It is what marketers, commercial senders and ESPs are concerned about. Deliverability is more than just “can this email be delivered”, it is the sum total of factors that play into email marketing: relevance, structure, content, and reputation.

Beckstrom’s Law: FAIL

I stumbled upon Beckstrom’s Law due to a message at SOCNET. As the paper states in its very first sentence, Beckstrom’s Law tries to answer the question “What is the value of a network?”. The claim is that it does a better job at that, than Metcalfe’s Law and Reed’s Law. The paper begins with a really nice idea:

Beckstrom’s Law solves the valuation problem by looking at how valuable the network is to each user.

Beckstrom uses the transactions that a user performs when using the network to valuate it and reaches to a formula that reads “The net present value (V) of any network (j) to any individual (i) is equal to the sum of the net present value of the benefit of all transactions less the net present value of the costs of all transactions on the network over any given period of time (t)”:

V_{i,j} = \sum_{k=1}^n \frac{B_{i,k}}{(1+r_k)^{t_k}} - \sum_{l=1}^n \frac{C_{i,l}}{(1+r_l)^{t_l}}

Note that in the paper the first expression contains a minor typo since r_k is simply referenced as r .

He then proceeds and defines a simplified version:

V_{i,j} = \sum B_{i,k} - \sum C_{i,l}

and declares the value of the entire network as the sum of the network values as seen by each individual user.

For the above expressions we read on this slashdot comment:

There are indices simply missing. The letter l (ell) is clearly not a good index. He uses n for number of transactions, users and networks. He even uses n for networks and users in the same formula, which must mean that number of users and networks are identical. In the summation of the users he leaves the denominators simply away.

And I want to add a question: Since every transaction that a user performs comes with a benefit (B) and a cost (C) why not define the (user) network value as:

V_{i,j} = \sum_{k=1}^n (B_{i,k} - C_{i,k})

where k represents the user’s transactions on the network?

Before proceeding to the second part of the paper, let us see what Bob Metcalfe himself wrote about his law at a guest blog post over at VCMike in 2006:

While they’re at it, my law’s critics should look at whether the value of a network actually starts going down after some size. Who hasn’t received way too much email or way too many hits from a Google search? There may be diseconomies of network scale that eventually drive values down with increasing size. So, if V=A*N^2, it could be that A (for “affinity,” value per connection) is also a function of N and heads down after some network size, overwhelming N^2. Somebody should look at that and take another crack at my poor old law.

And again, as we can see from this slashdot comment, Beckstrom in fact restated Metcalfe’s Law, only in an unusable way.

When using Metcalfe’s Law (and especially the n^2 expression) to evaluate a network you do not get a result in dollars. What you get is a number that you can use to compare networks. That way it is easily explained why your home network is of smaller value than that of your laboratory and why their value increases dramatically when they connect to the Internet while on the other hand the Internet couldn’t care less.

When you try to use Beckstrom’s Law to reach to a certain result you have to either use trivial transactions where you can calculate the benefits and costs, or make assumptions for non-trivial cases. In that case, as Metcalfe writes, I prefer to stick with n^2 .

Beckstrom then proceeds to offer an extention of his formula to include security investments: “The net benefit value of a network is equal to the summation of all transaction benefits, less all transaction costs, less security costs, and less security related losses to a user”:

V_{i,j} = B_{i,k} - C_{i,l} - SI_{i,o} - L_{i,p}

He then states that a goal should be to minimize SI_{i,o} + L_{i,p} and writes:

This leads to an important insight. One dollar of security investments is only a benefit when it reduces expected losses by more than a dollar.

Please excuse me, but isn’t this is the very definition of investment anyway? He then continues by rediscovering the Paretto principle as applied to security investments, namely that 80% percent of the problems can be dealt with fairly easily, while dealing with the rest 20% becomes increasingly expensive with every step. Please point me to at least one system administrator or security professional that is unaware of this (admittedly empirical) fact, regardless of whether they know of Paretto or not.

While summarizing, Beckstrom argues that his law answers the network value question. This is not true. Beckstrom’s Law introduces the really nice concept that the same network has different value for different users. This fact is established by bringing the transactions that the users perform into the picture. However, as the last statement says “how can we best value the benefit of transactions?”.

cameroom (ξανά!)

Διαβάζω στο OWASP blog:

σύμφωνα με τις δηλώσεις του αναπληρωτή υπουργού Εσωτερικών κ. Μαρκογιαννάκη ότι “για την αντιμετώπιση του σύγχρονου εγκλήματος είναι αναγκαία η χρήση καμερών βάσει της ευρωπαϊκής εμπειρίας όπως συμβαίνει και σε άλλες χώρες”.

Οι κάμερες στην καλύτερη περίπτωση θα βοηθήσουν να βρεθεί αυτός που διέπραξε κάτι. Οι πολίτες οφείλουμε να αποφασίσουμε τι μας ενδιαφέρει περισσότερο:

– Να βρεθεί ο κλέφτης ή να μην μας κλέψουν;

Εγώ προτιμάω να γίνονται επενδύσεις ώστε να μην εγκληματούν εις βάρος μου (παιδεία και ανεργία κανείς;). Η κάμερα δεν είναι αποτρεπτική επένδυση, επικουρικός μηχανισμός στη διαπίστωση της πράξης είναι. Η εμπειρία από τα γήπεδα θα έπρεπε να μας έχει διδάξει σχετικά.

(previous)