May 15 2012
Congrats to my research colleagues on our recent publication by Cambridge University Press in Operations Research. It has been a great year+ of revisions and waiting.
Lixin Miao,
Qingfang Ruan,
Kevin Woghiren
and Qi Ruo (2012).
RAIRO – Operations Research, Volume 46,
Issue 01, January 2012 pp 63-82
http://journals.cambridge.org/action/displayAbstract?aid=8586204
May 03 2012
Took the opportunity on a relatively clear night in VA to take moonshots with my telescope and 10mm eyepiece. Decided to post one of the pics from my astronomy logs (private).
Apr 24 2012
Security comes with a new face every year. The acceptance of security as a dynamic state is crucial for the protection of any enterprise and its assets. A famous philosopher once quipped, “It is in the nature of things that when one tries to avoid one danger, another is always encountered”. Let’s take a look at the infamous Stuxnet malware, for example; the malware was able to infiltrate Iran’s nuclear program within a network requiring rigorous security screenings including biometrics ID and no internet access. This begs the question: Is IT security better off by treating security as a game of perfect information where strategists should be valued and emphasized more over tools and skills, which the opposition is most likely equally matched with (think chess)? Threats to a company, after all, can both be internal and external.
With increasing popularity in initiatives like BYOD and BYID, IT departments are constantly trying to find the balance between openness and security. Bring Your Own Device (BYOD) seems to sit at one end of the spectrum and Bring Your own ID (BYID), on the other end. Both initiatives are part of a larger consumerization of IT trend that has been gripping the corporate environment since the advent of smart personal devices and cloud services. BYID may seem to pose a security threat, at face value, but it’s actually both convenient and provides a stronger security environment than a one tier authentication method. With the continued growth of cloud services, identity needs to be taken off of users’ plates via delegated authentication using such standards like OAuth and OpenID. Imagine a use case where you provide a service online to users either on a trial basis and/or full subscription. If a user only wants to use your service on a trial basis, he or she does not have to create a login to temporarily access your service but should be able to instead use a social network account, for example, to access a trial account. When it comes time to upgrade to a full subscription, the user will then have the option to create a login specific to your site unless you choose to continuously leverage a 3rd party vendor for authentication purposes. This type of authentication brokering should be embraced more by companies of all sizes and is even more applicable for business partnerships. It becomes a true partnership when two different businesses can use their respective credentials to access non-sensitive data on each other’s sites.
At the other end, BYOD seems like a good idea at face value but the openness that is achieved comes at a high cost to personal privacy and enables personal devices as easier entry points into a company. With BYOD, one of the biggest threats is phishing within an application with a good install base. It’s important to remember that when it comes to choosing mobile applications, there is no central vetting service and users have to rely on reviews and the “reputation” of developers. This is a serious threat to corporate networks. Although there are methods such as network access control (NAC) or virtualization that can help in protecting a company’s network from intrusion via personal devices, one big disadvantage is in the remote capabilities arena. For example, company-owned devices can be easily encrypted or wiped clean in the event of a lost or stolen device; but, with employee-owned devices, this policy poses a challenge and has far reaching ramifications into privacy. The language in many corporate end user agreements, regarding personal mobile devices, spells it out clear that personal data is indistinguishable from company data and can be audited or remotely deleted if there is ever a perceived or realized compromise to the company. Although storage is guaranteed in the event of a remote swipe, avoidance of personal data compromise does not seem to be.
Unlike other IT trends of the past such as outsourcing work to foreign countries, that can be more easily reversed, BYOD would be much harder to reverse if the initiative proves to be too expensive (i.e. storage costs of virtualization) or unsustainable. Is BYOD really worth the risk it poses to both employees and employers? As an employee, if you were to misplace your company-registered personal device, would you report it to Security immediately or wait until it turned up because you are trying to protect your personal data first?
Apr 21 2012
As a show of stewardship to the environment, I will be keeping a weekly photo journal of the tomato plant below (accessible via my Random Journals page on the right). Happy Earth Day 2012!
Feb 23 2012
By Guest Blogger: Max Woghiren, Google
RSpec is a testing framework for Ruby based on the notion of behavior-driven development. It’s designed to allow unit tests to be easily written in terms of behavior, and provides simple, intuitive documentation for the entities being tested. It’s a valuable tool that makes test- and behavior-driven development enjoyable and straightforward. Let’s check it out.
Suppose we want to write a calculator. The calculator will operate using Reverse Polish notation. In Reverse Polish notation, operations come after operands; for example, 3 + 4 becomes 3 4 +. A calculator using this notation maintains a stack of numbers, and whenever an operation is entered, we pop the top two numbers from the stack, perform the operation, and push the result back onto the stack….
READ MORE here
Feb 11 2012
When I first heard about OpenLabel’s idea for an app, I initially thought out loud in solitude, “Not another soon-to-be-defunct barcode scanning app!” But as I read more, I realized that OpenLabel’s new app was a crowd-sourced solution designed to provide more transparency on products and brands. For example, not only would a barcode contain price information, but it would contain other data such as the environmental impact of the product and whatever other information that consumers wanted to share with society.
The idea isn’t original but the timing seems to be right as crowd-sourcing is becoming more commonplace. However, since OpenLabel will not be monitoring any of the user input, the potential defamation of brands is increased and could result in lawsuits against both the start-up and its user base. In addition, even if this app becomes successful and profitable, I do not think brand loyalty would succumb to its effects.
Dec 29 2011
2011 is dedicated to the eurozone’s fortitude. Despite the surmounting pessimism surrounding the fate of the 17-nation area and a prediction from Credit Suisse’s Fixed Income Research team last month that “we seem to have entered the last days of the euro”, the eurozone is showing signs of a long term makeover more so than signs of impending failure.
Avi Tiomkin of Forbes Magazine quoted in a 2008 article, “It is only a matter of time, probably less than three years, until the euro experiment meets its end…Tensions between inflation-obsessed Germany and growth-hungry Latin countries will spell its end.” As rising inflation continued to plague the eurozone in 2008, comparable to today’s eurozone environment, Avi Tiomkin’s argument was that the “Latin” countries’ (France, Italy, and Spain) thirst for growth ran counter to their more inflation-wary counterparts in the German bloc (Austria, Luxembourg, the Netherlands). Although he makes a valid point for the demise of the euro, he ignores the fact that the much stronger German bloc has both the most to gain if the Euro survives and lose if the Euro fails. For example, Germany’s competitiveness and balance of payments have far outpaced those of its eurozone counterparts since the introduction of the Euro than if it were to have a stand-alone currency.
Talks of a eurozone bailout from other countries and the ECB, earlier this year, have since dissipated significantly due to the potential moral hazard and increased inflation risk they pose, respectively. Unlike the 1997 Asian “capital account” Crisis, global financial contagion, in the event of a eurozone member default, is more of a threat in the current European Debt Crisis due to the highly intertwined and indebted Western financial system. Raising capital via the debt markets has been and continues to be a challenge for eurozone members due to the likely exploitation of the Crisis by bond speculators. 2012 is no doubt crucial for the future of the eurozone, and as the ECB continues to lend cheaply to eurozone banks, risk exposure will only increase; however, default by a member state is no longer a viable option.
At the end of the crisis, many expect the complete dismantling of the monetary union, but I think a slimmer eurozone is more realistic with Portugal and Greece being the first victims. However, before this process can begin, borrowing costs must decrease as recently experienced during Italian bond auctions.
Nov 20 2011
The following are my “favorite” plausible end of world scenarios posted in a Guardian article by science correspondent, Alok Jha. To add to the “Gamma Rays From Space” scenario, our sun also emits gamma rays during solar flares; a big enough solar flare would do the trick as supposed to waiting for a nearby star to go supernova.
MEGA TSUNAMI
Geologists worry that a future volcanic eruption at La Palma in the Canary Islands might dislodge a chunk of rock twice the volume of the Isle of Man into the Atlantic Ocean, triggering waves a kilometre high that would move at the speed of a jumbo jet with catastrophic effects for the shores of the US, Europe, South America and Africa.
Danger sign: Half the world’s major cities are under water. All at once.
GEOMAGNETIC REVERSAL
The Earth’s magnetic field provides a shield against harmful radiation from our sun that could rip through DNA and overload the world’s electrical systems. Every so often, Earth’s north and south poles switch positions and, during the transition, the magnetic field will weaken or disappear for many years. The last known transition happened almost 780,000 years ago and it is likely to happen again.
Danger sign: Electronics stop working.
GAMMA RAYS FROM SPACE
When a super-massive star is in its dying moments, it shoots out two beams of high-energy gamma rays into space. If these were to hit Earth, the immense energy would tear apart the atmosphere’s air molecules and disintegrate the protective ozone layer.
Danger sign: The sky turns brown and all life on the surface slowly dies.
RUNAWAY BLACK HOLE
Black holes are the most powerful gravitational objects in the universe, capable of tearing Earth into its constituent atoms. Even within a billion miles, a black hole could knock Earth out of the solar system, leaving our planet wandering through deep space without a source of energy.
Danger sign: Increased asteroid activity; the seasons get really extreme.
Oct 01 2011
French mathematician Emile Borel was one of the first few intellectuals to pose these questions (not in original form): How many monkeys would it take to successfully reproduce a work of Shakespeare (or any other literature) and how long would the process take? And, if infinite variables, what is the probability of success? The method: They are all typing randomly on 50-key standard typewriters.
To give the scale of the task, I will invoke some statistics and quotes from Seth Lloyd’s Programming the Universe. The following stats assume a 50-key standard typewriter. Ignoring capitalization, the probability of randomly typing ‘h’ is 1 in 50…typing ‘ha’ is 1 in 2500…typing ‘ham’ is 1 in 125,000…typing ‘hamlet. act i, scene i’ would take a magnitude of 10^-38 (approximately, “it would take a billion billion monkeys, each typing ten characters per second, for each of the roughly billion billion seconds since the universe began”).
A large number of experiments have been carried out to answer Emile Borel’s question using both real and virtual monkeys, but they have all, for the most part, failed or come to a stand-still. One of the latest researchers to try the experiment is Jesse Anderson, an American programmer. Equipped with the Hadoop programming tool and Amazon’s cloud, EC2, Mr. Anderson set out to create the virtual project in August and has recently reported a 99.990% completion rate of Shakespeare’s collections (~3,695,990 characters) using millions of virtual monkeys. How is this possible within such a short time period? Mr. Anderson’s success isn’t due to intelligent algorithms or a secret access to quantum computers, but because he has established very convenient constraints in his program. One constraint is the disregard for punctuation and spaces, while another is the production limit of 9-character text strings per monkey at each time interval. The latter constraint enables Mr. Anderson to sift through each produced text strings for characters that match those within Shakespeare’s collections, which explains his high success rate.
Without any constraints, ‘Borel’s’ project is nearly impossible to simulate using contemporary computers. Without the ubiquity of quantum computing, the answer to Emile Borel’s question will continuously be settled at ‘infinity’. It has been suggested by various computer scientists and physicists that it would be far easier for randomly typing monkeys to recreate computer programs, which are often shorter, less imaginative, and less coherent than literature, than to create masterpieces. So this begs the question: How many monkeys would it take to randomly write Jesse Anderson’s computer program and how long would it take?
Aug 30 2011
Random Fact: There has been an average of 10 to 11 million motor vehicle accidents annually in the US since 2004 (Source: U.S. Census Bureau)
Another Random Fact: Only ~12% of a car’s energy use goes toward providing momentum/moving the passenger (Source: Hofstra)
While both facts/issues have garnered the interests of academia and industry folks, some of the solutions proposed thus far have been counter-intuitive, but expectantly diverse. Academia seems preoccupied with creating smart-phone applications and providing the driver with more responsibilities and distractions, while on the other hand, private enterprises are leaning more toward car automation and yielding less responsibilities to the driver. In a not-too-recent article, UC Berkeley and IBM announced plans of a partnership to create a smart-phone app that would be the equivalent of a “prediction” model for daily traffic in order to combat congestion and fuel inefficiency, given a driver’s GPS data history. And on the East Coast, researchers at MIT and Princeton were reported to having developed a smart-phone traffic app that provides real-time traffic signals in advance to drivers for the sake of improving fuel efficiency. The catch: its a crowd-sourcing app that relies on high traffic activity in order to be effective.
The private enterprise approach has been the more costlier model but, in the long run, it proves to be more effective in reducing motor vehicle accidents and improving fuel efficiency. I remember, a while back, reading an article about a Google project aimed at fully automating the car driving experience. Although the project is still far from being market-ready, the effort is definitely a step forward. However, with that being said, I do not think a human driver will ever be fully replaced when it comes to the ubiquitous automobile given the multitude of changing environmental variables on any given route and on any given day that a computer may not simply be capable of accurately assessing 100% each time. I liken the scenario to GPS-guided smart bombs that can become error-prone due to electronic noise. In addition to its autonomous vehicle project, Google has recently partnered with Ford Motors on a project similar to UC Berkeley and IBM’s “prediction model”. The only difference is that the Google and Ford project would integrate a car’s computer with the cloud, thus providing the car with real-time decision-making abilities, instead of relying on a smart-phone app.
In my opinion, the private enterprise is correct in focusing on further automating the car driving experience.
