12/13

Και τυπικά πλέον. Αλλά μια από τα ίδια. Ή μάλλον χειρότερα: Κύριε Σάββα Θεοδωρίδη κάνε την μέγιστη προσφορά που σου μένει στον Ολυμπιακό. Είναι καιρός να αποσυρθείς. Δεν προστατεύεις κανένα · εκθέτεις όχι μόνο εμάς, αλλά και τον εαυτό σου. Και δεν είναι η πρώτη φορά. Ο παραγοντισμός έχει αλλάξει από το 1950 και πρέπει να το καταλάβεις.

Με σεβασμό.

twitter for file sharing?

The thought occurred to me while reading Matt Welsh’s criticism on how Project Graffiti conducted their experiment. I think it is possible to share files over twitter and I will sketch the concept bellow:

  1. Create N accounts on twitter.
  2. uuencode the file in question so that we have to deal only with printable characters. Optionally encrypt it first.
  3. Pick randomly the account that will tweet first.
  4. tweet the first line of the file.
  5. Use a hash function (like SuperFastHash) and hash the line. That way you will get the next account to tweet the file contents.
  6. The next account replies to the previously tweeted line. The reply contains the next line.
  7. Repeat hashing and replies until the whole file is tweeted.

When the process is finished you end up with a string of replies that if put together contain the (uuencoded) contents of the original file.

Yes, this is neither practical nor distributed file sharing, but in a way it is hiding obscuring information in plain sight.

“Personal Renewal”

I found out about John Gardner’s “Personal Renewal” from a tweet by @karounos. Being employed in the public sector one gets struck by boredom fairly easily and even when not bored one wonders on the meaning of his work:

Someone said to me the other day “How can I be so bored when I’m so busy?” And I said “Let me count the ways.”

I found this essay highly inspirational:

There’s a myth that learning is for young people. But as the proverb says, “It’s what you learn after you know it all that counts.” The middle years are great, great learning years. Even the years past the middle years. I took on a new job after my 77th birthday — and I’m still learning.

and even amusing at times:

Another example was Pope John XXIII, a serious man who found a lot to laugh about. […] When someone asked him how many people worked in the Vatican he said “Oh, about half.”

Do yourself a favor and read the speech, even when on the bus.

crypt(3) archaeology

There seems to be a bug biting crypt(3) on Lenny amd64. On such platforms when using crypt(3) with the traditional DES scheme you get a segmentation fault. You do not get this when using the Modular Crypt Format ($digit$ password hash style). Fortunately, for the problem I was facing, I located and used the crypt(3) implementation from the Seventh Edition Unix. It is available from The Unix Heritage Society thanks to Henry Spencer.

Deliverability versus delivery

I copy from Word to the Wise:

  • Delivery is what happens to a particular email. It is what ISPs are most concerned about.
  • Deliverability is the delivery potential of a particular email. It is what marketers, commercial senders and ESPs are concerned about. Deliverability is more than just “can this email be delivered”, it is the sum total of factors that play into email marketing: relevance, structure, content, and reputation.

Beckstrom’s Law: FAIL

I stumbled upon Beckstrom’s Law due to a message at SOCNET. As the paper states in its very first sentence, Beckstrom’s Law tries to answer the question “What is the value of a network?”. The claim is that it does a better job at that, than Metcalfe’s Law and Reed’s Law. The paper begins with a really nice idea:

Beckstrom’s Law solves the valuation problem by looking at how valuable the network is to each user.

Beckstrom uses the transactions that a user performs when using the network to valuate it and reaches to a formula that reads “The net present value (V) of any network (j) to any individual (i) is equal to the sum of the net present value of the benefit of all transactions less the net present value of the costs of all transactions on the network over any given period of time (t)”:

V_{i,j} = \sum_{k=1}^n \frac{B_{i,k}}{(1+r_k)^{t_k}} - \sum_{l=1}^n \frac{C_{i,l}}{(1+r_l)^{t_l}}

Note that in the paper the first expression contains a minor typo since r_k is simply referenced as r .

He then proceeds and defines a simplified version:

V_{i,j} = \sum B_{i,k} - \sum C_{i,l}

and declares the value of the entire network as the sum of the network values as seen by each individual user.

For the above expressions we read on this slashdot comment:

There are indices simply missing. The letter l (ell) is clearly not a good index. He uses n for number of transactions, users and networks. He even uses n for networks and users in the same formula, which must mean that number of users and networks are identical. In the summation of the users he leaves the denominators simply away.

And I want to add a question: Since every transaction that a user performs comes with a benefit (B) and a cost (C) why not define the (user) network value as:

V_{i,j} = \sum_{k=1}^n (B_{i,k} - C_{i,k})

where k represents the user’s transactions on the network?

Before proceeding to the second part of the paper, let us see what Bob Metcalfe himself wrote about his law at a guest blog post over at VCMike in 2006:

While they’re at it, my law’s critics should look at whether the value of a network actually starts going down after some size. Who hasn’t received way too much email or way too many hits from a Google search? There may be diseconomies of network scale that eventually drive values down with increasing size. So, if V=A*N^2, it could be that A (for “affinity,” value per connection) is also a function of N and heads down after some network size, overwhelming N^2. Somebody should look at that and take another crack at my poor old law.

And again, as we can see from this slashdot comment, Beckstrom in fact restated Metcalfe’s Law, only in an unusable way.

When using Metcalfe’s Law (and especially the n^2 expression) to evaluate a network you do not get a result in dollars. What you get is a number that you can use to compare networks. That way it is easily explained why your home network is of smaller value than that of your laboratory and why their value increases dramatically when they connect to the Internet while on the other hand the Internet couldn’t care less.

When you try to use Beckstrom’s Law to reach to a certain result you have to either use trivial transactions where you can calculate the benefits and costs, or make assumptions for non-trivial cases. In that case, as Metcalfe writes, I prefer to stick with n^2 .

Beckstrom then proceeds to offer an extention of his formula to include security investments: “The net benefit value of a network is equal to the summation of all transaction benefits, less all transaction costs, less security costs, and less security related losses to a user”:

V_{i,j} = B_{i,k} - C_{i,l} - SI_{i,o} - L_{i,p}

He then states that a goal should be to minimize SI_{i,o} + L_{i,p} and writes:

This leads to an important insight. One dollar of security investments is only a benefit when it reduces expected losses by more than a dollar.

Please excuse me, but isn’t this is the very definition of investment anyway? He then continues by rediscovering the Paretto principle as applied to security investments, namely that 80% percent of the problems can be dealt with fairly easily, while dealing with the rest 20% becomes increasingly expensive with every step. Please point me to at least one system administrator or security professional that is unaware of this (admittedly empirical) fact, regardless of whether they know of Paretto or not.

While summarizing, Beckstrom argues that his law answers the network value question. This is not true. Beckstrom’s Law introduces the really nice concept that the same network has different value for different users. This fact is established by bringing the transactions that the users perform into the picture. However, as the last statement says “how can we best value the benefit of transactions?”.