Let’s Get Simple

A picture of a mess of wiresIn the summer of 2004 I gave an invited talk at the USENIX Technical Symposium entitled “How Do I Manage All Of This?”  It was a plea to the academics that they ease off of new features and figure out how to manage old ones.  Just about anything can be managed if you spend enough time.  But if you have enough of those things you won’t have enough time.  It’s a simple care and feeding argument.  When you have enough pets you need to be efficient about both.  Computers, applications, and people all require care and feeding.  The more care and feeding, the more chance for a mistake.  And that mistake can be costly.  According to one Yankee Group study in 2003, between thirty and fifty percent of all outages are due to configuration errors.  When asked by a reporter what I believed the answer was to dealing with complexity in the network, I replyed simply, “Don’t introduce complexity in the first place.”

It’s always fun to play with new toys.  New toys sometimes require new network features.  And sometimes those features are worth it.  For instance, the ability to consolidate voice over data has brought a reduction in the amount of required physical infrastructure.  The introduction of wireless has meant an even more drastic reduction.  In those two cases, additional configuration complexity was likely warranted.  In particular you’d want to have some limited amount of quality-of-service capability in your network.

Franciscan friar William of Ockham first articulated a principle in the 14th century that all other things being equal, the simplest solution is the best.  We balance that principle with a quote from Einstein who said, “Everything should be made as simple as possible, but not simpler.”  Over the next year I will attempt to highlight examples of where we have violated both of these statements, because they become visible in the public press.

Until then, ask yourself this: what functionality is running on your computer right now that you neither need nor want?  That very same functionality is a potential vulnerability.   And what tools reduce complexity?  For instance, here is some netstat output:

% netstat -an|more
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address           Foreign Address         State
tcp        0      0 0.0.0.0:993             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:995             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:3306            0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:587             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:110             0.0.0.0:*               LISTEN
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:2544          0.0.0.0:*               LISTEN
tcp        0      0 127.0.0.1:817           0.0.0.0:*               LISTEN
udp        0      0 0.0.0.0:32768           0.0.0.0:*
udp        0      0 127.0.0.1:53            0.0.0.0:*
udp        0      0 0.0.0.0:69              0.0.0.0:*
udp        0      0 0.0.0.0:111             0.0.0.0:*
udp        0      0 0.0.0.0:631             0.0.0.0:*
udp        0      0 127.0.0.1:123           0.0.0.0:*
udp        0      0 0.0.0.0:123             0.0.0.0:*
udp        0      0 :::32769                :::*
udp        0      0 fe80::219:dbff:fe31:123 :::*
udp        0      0 ::1:123                 :::*
udp        0      0 :::123                  :::*

It’s difficult for an expert all of this stuff.  Heaven help all of us who aren’t experts.  So what do we do?  We end up running more programs to identify what we were running.  In other words?  That’s right.  Additional complexity.  What would have happened if we simply had the name of the program output with that line?  This is what lsof does, and why it is an example of reducing complexity through innovation.  Here’s a sample:

COMMAND     PID    USER   FD   TYPE DEVICE SIZE NODE NAME
xinetd     3837    root    5u  IPv4  10622       TCP *:pop3 (LISTEN)
xinetd     3837    root    8u  IPv4  10623       TCP *:pop3s (LISTEN)
xinetd     3837    root    9u  IPv4  10624       UDP *:tftp
named      3943   named   20u  IPv4  10695       UDP localhost:domain
named      3943   named   21u  IPv4  10696       TCP localhost:domain (LISTEN)
named      3943   named   24u  IPv4  10699       UDP *:filenet-tms
named      3943   named   25u  IPv6  10700       UDP *:filenet-rpc
named      3943   named   26u  IPv4  10701       TCP localhost:953 (LISTEN)
named      3943   named   27u  IPv6  10702       TCP localhost:953 (LISTEN)
ntpd       4026     ntp   16u  IPv4  10928       UDP *:ntp
ntpd       4026     ntp   17u  IPv6  10929       UDP *:ntp
ntpd       4026     ntp   18u  IPv6  10930       UDP localhost:ntp

Voting Machines: Thank Heavens for Academia

vote buttonOften times it is said that the purpose of academic research is to seek the truth, no matter where it leads.  The purpose of industry representatives is often to obscure the truths they do not like.  Such apparently was the case at a recent hearing of the Texas House of Representatives’ Committee on Elections.  These are the guys who are nominally supposed to ensure that each citizen of Texas gets an opportunity to vote, and that his or her vote is counted.  The committee provides oversight and legislation for electronic voting.

How secure is your electronic vote, compared to a paper ballet?  Can you have an electronic hanging chad?  A group of researchers have spent a fair amount of time answering that very question.  Drs Ed Felton & Dan Wallach, as well as others, have looked at numerous different voting systems, and found all sorts of little problems.  For instance, some voting machines are susceptible to virii, and if they get it they can give it to their peers.  That’s not a problem, according to the manufacturers’ spokesmen.  But who are we to believe?  An academician whose purpose is to advance the state of the art and find truths, or a spokesman, whose purpose is to obscure them?

There are mistakes made in many, if not all elections and surveys.  Here are just a few questions:

  • What is an acceptable rate of error?  As 2000 demonstrated, even a hand count of paper ballots can have problem.
  • Rather than prevaricate, why shouldn’t the vendors of these voting machines fix the problems that have been reported?
  • What sort of regulations are appropriate?  The spokesmen all but demanded a common standard in as much as they complained that there was none.

Conveniently Dr. Wallach has an answer to that last question.  His testimony recommends just that.

For what it’s worth, as an expatriate I do not expect to use a voting machine for quite some time, but rather a paper ballot.

Bon Voyage and Happy Hunting

eclipseThere are those who think, “Oh cool, Eclipse.  Let’s all party and watch the {sun|moon} disappear for a few minutes.”  And then there are those who are serious about it.  While we all were celebrating the 4th of July (wherever we were), several friends of mine were busy getting themselves and a lot of provisions onto a plane to China in order to observe the upcoming solar eclipse in the eastern part of that country.  This is not the first eclipse for which they’ve traveled far and wide.  Two years ago March there was another solar eclipse in Southern Libya.  Do you what is in Southern Libya?  Sand.  Not much else.  That wasn’t the craziest place to travel.  In 2003, there was an eclipse over Antarctica.  Now the thing about Antarctica is that it’s not an easy place to stay.  And so what they did was charter a Boeing 747-400 from Quantas and flew it through the path of totality as fast as they could without the equipment being disturbed.

Why all the fuss?  What is so special about a lack of sun for a few minutes?  In the case of one of my friends, the answer lies in what’s near the sun.  He has devoted considerable effort to attempting to prove that volcanoid asteroids exist.  These little things come so close to the sun that on any normal day state of the art optics are unable to see them because of the sun’s rays.  And so, with the light turned off for a few minutes, one can scan the surrounds.

But if you thought this would be a purely scientific or humorous article, tough.  My friend brought with him a considerable amount of equipment with which to visualize the astroids, and some of it isn’t cheap, and some of it is custom made metal.  Knowing this, he went to the Department of Homeland Security to find out how to go about getting the equipment from here to China.  It took a Congresswoman to get DHS to meet with him in the first place, and then they provided him absolutely no guidance, saying that if the screener on duty (someone who is probably paid only a bit above minimum wage) decides an object doesn’t get on a plane, it doesn’t get on a plane.  There is no way to pre-clear anything.  And so he was told to ship the object through a known shipper.

The U.S. does recognize a distinction between known shippers and just the average Joe.  This is one of many circumstances where a positive reputation is required to get something done.  Now unless you’re going to buy your own airplane or cargo ship, you are going to use a shipper fo some sort, so why not use a known one?  Well, the story doesn’t end there.  In the passing the buck, each shipper is looking to limit their liability and hence want to know exactly who and what they are dealing with.  If you are an published astronomer as my friend is, you must put an extraordinary amount of effort into seeing that your goods arrive intact.

Personally, as someone who has had belongings stolen due to DHS policies I find all of this a bit rich.  If a baggage handler can rip off my stuff out of my bag and get it out of the airport, what’s to stop them from putting stuff in?

Think about it.

Anyway, I wish my friends on their trip happy hunting for objects that are extremely elusive, to the point where they might not actually exist.

The CIA’s torture teachers: Communist China

Continuing our theme from Independence Day, let’s talk about freedoms and rights.  For those such as Alan Dershowitz who advocate such things as torture warrants, or for simple apologists for the Bush administration’s shameful behavior, now comes this little ditty from the New York Times about how the CIA took a crash course in rough interregation techniques for Guantanamo Bay just after the Towers came down.  What they probably didn’t know was that the material was derived from a 1957 Chinese training manual that an airforce psychologist discredited as generating false confessions.  Of course, even if the method did work, we now know who this administration turns to for guidance: a discredited regime used by a form of government we despised.  This brings me to a point that I’ve always believed: fasism, communism, whatever: each can be used to subjugate citizens in just the same manner.  It’s just a slightly different rationale.  Yes, that says that it can and has happened in the United States, and it goes back to what Benjamin Franklin said: Those who would give up Essential Liberty to purchase a little Temporary Safety, deserve neither Liberty nor Safety. We’ve already seen that U.S. Senator Kit Bond was a perfect example.  Of course, Franklin was defending against a different King George.

With our King George and in this case, we have to worry about what moral authority we have lost.  Those Americans who happen to be abroad and in the wrong place and the wrong time will be the sorry beneficiaries of this president’s legacy.

Happy Independence Day!

fireworksHappy Fourth of July!  232 years ago, descendants of peopel seeking religious freedom declared that they would not be subjugated from afar by a tyrant and his parliament.

We hold these truths to be self-evident, that all men are created equal, that they are endowed by their Creator with certain unalienable Rights, that among these are Life, Liberty and the pursuit of Happiness.

Thomas Jefferson, The Declaration of Independence, July 4, 1776

Since then nearly every government in the world has recognized the basic right to have a say in how one is governed, excepting of course Iran, Libya, Saudi Arabia, Zimbabwe, North Korea, China, Russia, and the United States.  Even as he wrote those words, Jefferson held slaves on his property.  It would take another eighty-nine years for black people to be free, and another 92 years for their children to go to the same schools as white people, and another 51 years for them to have the first black national candidate for president on one of the major party tickets.

Put another way, Jefferson lied.  He did not hold those truths to be self-evident.  People had to fight for them every step of the way, starting with patriots in the American revolution, continuing for the rights of black people during the Civil War.  When we do not stand up for their rights of others, we lose our ability to defend our own rights.  The examples are shameful.  In Germany, nobody stood for others’ rights and the result was a world war and a holocaust that afflicted all of Europe, while back in America we once again jailed our fellow Americans because of the color of their skin.

Now in America we see another group once again fighting for their rights.  That a person is gay does not offend my rights as an individual.  Even were I to find homosexuality offensive in some way (which I do not), we as Americans have the right to offend.  And we do it as early and as often as we can.  Only heaven help the person who does it to us.  The tyranny of the majority part of human nature, and requires each of us to check ourselves about our beliefs.  And so, when Californians go to the polls in November, they will have a choice: indulge their bigotries and impose their will on a minority of people who merely want to the same treatment as others, or stand up for a group who has always held fast that they too are Americans and can and should do their part as patriots.

The tyranny of the majority doesn’t stop at race or sexual orientation, but is rooted in America in religion.  George W. Bush is President of the United States in large part because he galvanized a group of people who wished to impose their religious values on all of us, and he and they have been remarkably successful.  The Office of Faith-Based and Community Initiatives, an organization that gives money to churches, has been held to be constitutional, while school vouchers have stripped away disparately needed money from improving public education.  It is not Muslims who need to fear for their rights, but those of us who want nothing at all to do with religion.  Can you imagine a presidential candidate, never mind a president, who did not end every speech with “God Bless America”?  Our founders saw this fear and clearly placed freedom of religion in the First Amendment of the Bill of Rights.

Today is not also the anniversary of our founding, but also the 182nd anniversary of the deaths of Thomas Jefferson and John Adams.  Those who believe that partisanship is an invention of the late 20th century should take the time to read John Adams, by David McCullough, in which he describes the bitter battle between then opponents in 1800.  That particular bit of rivalry led to the historic decision of Marbury v. Madison in 1803.  Our rivalries are as the framers intended, meant to spur good government.  Whether that goal is met today is an open and fair question.