terriko: (Default)
I'm re-reading Richard Hamming's talk on You and Your Research because I felt like I needed the kick in the pants to do great work this month after some very busy months of doing necessary but not necessarily great things.

In this reading, I was struck by this anecdote:

John Tukey almost always dressed very casually. He would go into an important office and it would take a long time before the other fellow realized that this is a first-class man and he had better listen. For a long time John has had to overcome this kind of hostility. It's wasted effort! I didn't say you should conform; I said ``The appearance of conforming gets you a long way.'' If you chose to assert your ego in any number of ways, ``I am going to do it my way,'' you pay a small steady price throughout the whole of your professional career. And this, over a whole lifetime, adds up to an enormous amount of needless trouble.

On a surface level, I've long believed this is true. I've been long primed in the art of social hacking, first by my father and more recently as a security researcher/hacker. Anyone can watch the subtle variations on how I dress on teaching days or days when I'm going to the bank and you'll note that I pay attention to fitting in to the environment and manipulating the way in which I'm perceived. But as a child of the Internet, more or less, my experimentation hasn't limited to physical presentation. Especially as a teenager, I spent a lot of time grossly mis-representing my age and gender as well and watching how that changed my interactions with folk.

But what gets me this time is the end of that quote: "[If you don't appear to conform,] you pay a small steady price throughout the whole of your professional career. And this, over a whole lifetime, adds up to an enormous amount of needless trouble." Sometimes it's important to change the system, but sometimes you just want to get stuff done.

I can dress the part, but I don't generally change my gender presentation in real life. Is my female-ness adding up to an enormous amount of needless trouble over my lifetime given that I work in a field where that's going to make me non-conforming? I suspect it is, although I'm fortunate enough that my gender presentation is often canceled out by my racial makeup (Asian girls are totally good at math, don'tcha know?) so I can console myself by saying maybe it's not as enormous as it might have been. But not every person who doesn't fit the norm for their field has that consolation prize. Are we all paying the price of being different?

It's easy to get a little saddened by this. All that time explaining that no, I really am a techie, has added up to a lot of time I'm not having amazing conversations and doing great work. But before you get too saddened about how your hard-to-hide features like race/age/gender are affecting your ability to Do Great Things, you should stop and listen to Duy Loan Le's excellent 2010 Grace Hopper Celebration Keynote. In it, she talks about what she does to fit in to environments where she felt that letting go of her ego made it possible for her to get more good work done. I think it's really worth a listen, especially if fitting in isn't just a choice of what suit to wear for you.

terriko: I am a serious academic (Twlight Sparkle looking confused) (Serious Academic)
This is the first in my series of short notes on the academic papers I'm reading. This is a paper we read for seminar last week, and I chose to review it here not only because the results are interesting but also because it's a highly readable paper in case any of you get curious and want to read along with me.

Malicious Damage |  2008

Detecting malware domains at the upper DNS hierarchy
Antonakakis, M. et al, 2011

This paper is all about detection of malware using DNS. It turns out that while "normal" domains are accessed by machines that have patterns of geographical and network locations, malware domains are accessed by a bunch of zombie machines that could pop up anywhere on any network so the dns requests are a lot more random. So if you look at DNS, you can figure out what domains are being used by malware, and you can do it on the fly as domains change without needing a manually created blacklist.

It's a pretty neat trick. Malware authors could potentially get around it by adding in more clever requests -- doing something more like facebook or google which route you to "close" servers to provide good quality of service -- but until they do, this could be a handy supplement to existing malware detection. Reminds me a lot of greylisting that way.

author = {Antonakakis, M. and Perdisci, R. and Lee, W. and Vasiloglou II, N. and Dagon, D.},
title = {Detecting malware domains at the upper DNS hierarchy},
booktitle = {Proc. of the 20th USENIX Security Symposium, USENIX Security},
year = {2011},
volume = {11},
pages = {27--27}
terriko: I am a serious academic (Twlight Sparkle looking confused) (Serious Academic)
One of the big problems of academia is that though we produce some amazing things, they're often not available, accessible, or even noticeable for the general public. That is, articles may cost money to read (unless you have access to academic journal subscriptions), interesting results get buried in dense scientific language, and often few people are talking about the results outside of academia (or sometimes even inside academia).

Last year, I committed myself to writing more book reviews to share what I read with others, and it occurs to me that this year, maybe I should make more of an effort to do the same with the scientific papers I read as well. The usual caveats apply: I've got my own set of biases in research just like I have taste in books, and it's entirely possible that I'll interpret results in ways other than they were intended.

This is something I did occasionally with my web security blog (and hoped to do more), but I'm currently reading papers about complex adaptive systems, biology, security, and more. So for now, these public paper reviews are going here right alongside my book reviews, and they'll be drawn not only from my own research interests but from the overlapping ones of my colleagues. I have a lead on a paper about railway design using slime molds, for example. You've been warned!
terriko: I am a serious academic (Twlight Sparkle looking confused) (Serious Academic)
One of the things I occasionally talk about at work is that my experience in the standards process completely destroyed any illusions I had about standards being made for the good of all[1]. Which is why this quote about the process of deciding on IPv6 amuses me so:

"However, many people felt that this would have been an admission that something in the OSI world was actually done right, a statement considered Politically Incorrect in Internet circles."

- Andrew S. Tanenbaum regarding the IPv6 development process in Computer Networks (4th ed.)

And since I imagine few of you follow my long-quiet web security blog (I didn't really feel like writing more on web security while doing my thesis or shortly thereafter), here's another quote that amused me from the same book:

... "some modicum of security was required to prevent fun-loving students from spoofing routers by sending them false routing information."

- Andrew S. Tanenbaum regarding OSPF in Computer Networks (4th ed.)

In case you're wondering what's up, I'm reading this textbook to brush up on my basic routing terminology with the plan to do some crazy things with routers in the future. It's quite useful for this purpose, but I keep getting distracted by how awesome Tanenbaum's writing is; you can see from his humour and deeper insights why his texts are considered standards in the field of computer science. I think the last time I was this struck by a textbook author was while reading Viega's Building Secure Software.

This sort of carefully crafted understatement is a huge contrast to the other book I'm reading currently, The 4-hour Workweek, which I'll probably review in a later post if I don't give up in disgust. (It's full of useful ideas, but the writing style is driving me nuts.)

[1] Standards are made for the goals of the companies involved in the committee. Sometimes those happen to be good for all, sometimes not, and the political games that happen were very surprising to me as a young idealist.
terriko: I am a serious academic (Twlight Sparkle looking confused) (Serious Academic)
When I was an undergraduate, I found that university really wasn't living up to my expectations of stimulating, interesting people and ideas.

But today, I was totally living the academic dream.

We had a visit from a leading expert on ant behaviour. This wasn't about computer ant algorithms; she studies real live ants. We started off the day with her talk on the Turtle Ants she's been studying in Mexico, a talk filled with pictures of ants and paths and grad students on ladders pointing at the trees. A talk filled with speculation about behaviour and patterns and analogies to search in computer networks and bifurcation of biological trees. Over the course of the day, the group talked ants, bees, simulations on the computer and using robots, immunology, flu and t-cells in the lung, patterns and theories. It was the kind of conjunction of ideas from multiple disciplines where things were just clicking and questions and potential experiments started getting debated.

Biochemistry from my scientist parents, ecology and field work from Macoun Club, immunology from the above plus my own master's research, algorithms from math and CS... I was pretty proud of myself for knowing the jargon pretty much across the board and being able to keep up. I love that I'm with a group where seemingly disjoint backgrounds are consistently recognized as a huge advantage, and my own particular background fits right in.

I learned a bunch about ants and flu today. My notebook is filled with doodles of ants and cells doing stuff. Apparently turtle ants, since they have paths in the trees, sometimes get the paths broken when the wind blows, and the ants just back up and wait for the wind to blow the branches back so they can keep going. I learned that swine flu's replication rates in cells are a hundred times higher than avian flu (and ~20 times more than regular flu) but avian flu does other things to suppress immune response. I learned some about how T-cells get into the lungs and find infection despite the fact that they don't seem to move fast enough to explain how well we handle infection. And I got to watch people putting ideas together in ways that might result in using experiments in ants to try to explain things that would be much harder to test in the lungs, and so many ideas that probably just couldn't happen anywhere else.

So if you've been wondering why the heck I moved here despite the many downsides about the US/desert/altitude/regional poverty/city, etc.... this is why: Cutting edge research at the conjunction of biology, computing, and maybe a few fields besides. Even if I decide to do something else once my contract is played out, this has already been amazingly worthwhile, and with my own project starting to take shape, I'm pretty sure it's just going to get better!
Page generated Apr. 18th, 2014 09:23 pm
Powered by Dreamwidth Studios