Monday, October 21, 2013

Legal and Political Perspectives of Cyber Security

New Bit9 blog post: Legal and Political Perspectives of Cyber Security

Saturday, October 5, 2013

No comment

The comments on my blog seem to not show up on postings after June 12th. Not only that, but I cannot even read them. I have a thread going over on the help forums to hopefully figure it out, but until it gets resolved I won't see any comments. I apologize for the inconvenience.

Wednesday, October 2, 2013

Mysteries of the kingdom

I do not consider myself "old," but I have lived enough life to have seen a thing or two. In fact, I've seen enough to know and accept that I do not know everything. That does not mean it does not frustrate or needle me from time to time. I recently had a number of things happen which brought to the forefront some things I do not know.

In the context of my religion, things I do not know often fall under the realm of "mysteries of the kingdom." A lot of these things are really obscure and are often fodder for those who seek to discredit the church. When things fall into that category I might initially raise my eyebrows a bit, but in the end I find a way to make peace with it.

I feel the more interesting category surfaces only when an individual really understands and believes the gospel. As of right now I have three items in that category:

  1. Priesthood keys play a central role in the restoration, ministration, and administration of the LDS church, but what does that actually mean? What do keys give a person that the Priesthood or faith do not? Why don't all leadership roles in the church hold keys? Why do the ones that do hold keys need them? How does one exercise keys (as opposed to other forms of church leadership)?
  2. One of the recent triggering events I mentioned earlier was a blog post describing how Mormons don't understand the Atonement. I implies a very liberal and generous view, full of good feelings for everybody. That approach seems to get preached often in the church these days. How does that reconcile with the straight & narrow, gnashing of teeth, and all the other things which indicate a more narrow view?
  3. Elder Neal A Maxwell pointed out that the only thing we can really give God is our agency. That makes sense because He gives us everything. The problem then becomes one of destination. Consider the council in heaven. Heavenly Father presented a plan where we would come down to earth to learn how to be like him, and the way we would do that would be to subjugate the natural man and our will to the will of the Father. Then Satan got up and said that he'd take away our will and make us do the right thing. Success in either plan means giving up our will. A bit of a paradox.

At this point I don't really expect any satisfying answers for these three items. Then again, maybe something said in General Conference this weekend will address part of one of these. 

Thursday, September 5, 2013

Widening the bell curve

My wife calls me a hero worshipper. My hero worshipping manifested itself at an early age by my love of He-Man and Superman. Thank goodness we did not have YouTube during my childhood and therefore will never again see 5-year-old-me running around in Superman underwear with a cape and boots. I grew out of that, but did not grow out of wanting to be a hero. In the years since my youthful admiration of fictional heroes I have learned that real heroes exist, but they often start out as normal people. Men such as Joshua Lawrence Chamberlain and Roger Bushell rose to the occasions into which they were placed. The key to becoming a hero is recognizing a need and then filling it.

Famous heroes manifest themselves in difficult situations when the need is great and filling it seems impossible.The horrors of war provide those circumstances in abundance. I like learning about wars for that reason. Heroes can appear anywhere and everywhere during a war. That includes anything from the battlefield heroics on Omaha beach to the decryption of Enigma at Bletchley Park. Considering those two scenarios as a computer geek, I can more easily picture myself assisting in the war effort alongside Turing and his bombes. Maybe that would not make a great Spielberg movie, but it could definitely fill a lengthy novel.

I recently finished Cryptonomicon, a historical/science fiction novel by Neal Stephenson that reviews the Enigma decryption effort in significant detail. A large portion of that story deals with a real practice that one character calls “widening the bell curve.” With regards to cracking Enigma, having it cracked only remained valuable so long as the Nazis did not know the Allies had broken it. Unbridled use of cracked information would yield short-term victories, but then Allies would tip their hand and reveal the weaknesses of Enigma. The Axis could then address those weaknesses and upgrade their encryption. On the other hand, not using the information rendered it equally useless. The trick became figuring out how use it without revealing knowledge of it. 

That brings us back to “widening the bell curve.” A normal distribution follows a bell curve: extremes happen much less often than the average. Something not following that probability, such as “magically” finding every Nazi transport, would appear as an extraneous bump on the bell curve. The information theory solution of widening the bell curve ahead of time tries to avoid exposing that bump. Widening occurs by adding additional data points to smooth out the distribution, and must be added in many places to ensure a smooth and symmetrical bell shape. Figuring out just what to do to maintain the normal bell curve became the job of one protagonist in Cryptonomicon.

The Allies, both in the book and in the real war, introduced additional data points through various means. Instead of magically showing up with a fleet to attack a transport, they sent out “spotter” submarines and aircraft to “find” the transport. Even better, they sent out additional spotters to other locations, providing false negatives. The Allies had to occasionally ignore information from the Enigma because acting on it would reveal the cypher’s weakness.. At one point the Allies transmitted a congratulation to a non-existent spy in Italy for the excellent information provided, which covered up an out-of-the-blue convoy attack. These and similar techniques resulting in the Enigma cracking remaining secret until publicly disclosed nearly three decades later. The most accurate word to describe the effort involved to maintain that secrecy is heroic.

This all has direct applications to today’s security landscape. We can look for irregularities in computer usage, or bumps on the bell curve, to indicate a threat. However, in order to find the bumps we must already know the shape of the curve. Bad actors will try to widen the bell curve in order to avoid detection. Organizations something to fill the role of identifying washed-out bumps. Bit9 can map the curve and identify the bumps so you can become a security hero!

Monday, September 2, 2013

You are awesome

Notes for a lesson I gave yesterday (9/1) in a class at my church congregation. As is often the case, it seemed a lot better in my mind but came out poorly in reality. I pictured it more like a psych-up, and it actually was more like a sleep-through. Study the references and hopefully you'll see what I was trying to say.

Tuesday, July 23, 2013

Person of Interest: Now a documentary!

I love this show. It seems like sci-fi nuts seem to criticize it for not having enough fi. It's not their fault it lines up with the news so perfectly! They showed this at SDCC last week:

I wrote a blog posts at the ends of season one and two talking about how the show's world melded with our current reality and what we could learn from that.

Wednesday, June 12, 2013

CS Reading List

I am not a bookworm and books do not represent my media format of choice. Nevertheless, I still have lists of books I feel everybody should read. That includes a list of books I feel every software engineer (or manager of software engineers) should read. That doesn’t mean people who aren’t software engineers won’t enjoy these books or benefit from them. It just means that if you write code for a living then you should at least be familiar with these:

This textbook changed my life, or at least the course associated with it did. I thought I wanted to do computer graphics up until taking CS 324 at BYU. The labs which come with this book introduced me to an abstraction level of computing that I loved: looking at the hardware side while staying barely on the software side. I still regularly use this book for a reference.
Anyone serious about software development will at least have some familiarity with design patterns. Of course, knowing design patterns no more makes you a software designer than knowing the contents of a Lego store makes you a Lego sculptor. Still, the Gang of Four’s canonical introduction to this topic helps us all have a foundational vocabulary upon which to build.
A paradigm shift in the construction and motivation of complex systems. The open source software movement continues forward. Whether or not you subscribe to the philosophy to any degree, you will interact with people who do. This book can help Cathedral types understand, appreciate, and maybe become more like Bazaar types. It does not include free beer.
My graduate school advisor recommended that all incoming computer science students read this book. Although it centers on Licklider, it provides an amazing background on the advent of modern computing up to the start of the century. It blew my mind to realize how early the visionaries imagined the world at which we eventually arrived.
I admit that this one is old. Fred Brooks experience managing the development of IBM’s System/360 took place in the mid-60s, and the essays center on that experience. Later editions have added chapters looking back on the earlier suppositions, and they appear to hold up well. Wading into software engineering management really does mean walking through tar pits.
Technology in the information age has rapidly outpaced legislation and societal norms. This creates significant problems as old laws and ways of thinking about things can artificially cripple and hamper technology enabled progress. Typically, those that understand the societal norms and legislation are not the ones who understand the technology, and vice versa. Lessig grasps both sides and, more importantly, proffers solutions.
I admit this may be more of a fanboy addition and that a similar list to this one in 20 years probably will not include this book. However, I like the perspective Jeff Jarvis brings to the discussion about privacy. I’m not saying he’s 100% correct, just that we need to see things from this point of view as well. We are social beings ready to reap the benefits to be gained through sharing.

I almost put this book in the non-fiction section as it’s semi-autobiographical, but in the end it’s a novel. The protagonist of the story investigates the meaning of quality, conveying his thoughts through conversations with others and flashbacks. The thought required to read this book may exercise mental muscles not normally used, but we can all benefit from understanding quality and how to pursue it.
Author Mark Russinovich draws from years of experience architecting software for the Windows operating system to write a compelling, modern-day, thriller. The two biggest weaknesses of the book include a zealous following of stereotypes and more adult content than seems necessary for the story. One thing the book does exceptionally well is get into the nitty-gritty of exploits in an engaging way.
This story moved me to tears, which says something (either about me or about the story). A lot of bad things happen to innocent people in this technological thriller, but in the end the author paints a world-wide networked society in which I want to participate.
The upcoming movie has increased interest in this work, but I first read it as a kid. Probably my favorite book of all time, it presents a number of philosophical and technological issues that still face us today. The movie cannot possibly do this book justice, so I suggest you read it and the other seven books in the series (I know there’s more but I can only vouch for the original eight).
Some may argue that Asimov’s I, Robot should take this spot, but I enjoy the scope and vision of the Foundation series. A political treatise wrapped in science fiction, it provides many nuggets of insight for those wishing to live in a modern and civilized society. “Violence is the last refuge of the incompetent.”
Where Foundation provides nuggets of insight, The Hitchhiker’s Guide extrapolates technology-enabled life to the absurd. A hilarious romp through the genre, it illustrates the importance of not taking ourselves too seriously since we are always finding out new ways in which the universe is weird. Plus, there’s Marvin.
I almost got turned off on this book by the atheist diatribe near the beginning of the book. Luckily I stuck with it and ended up thoroughly enjoying this story. A fun look at MMORPGs and a retrospective of the 80s, the book can introduce that culture for those who missed it. You’ll find it permeates the tech community.

I’ll end there for now. Offended I left something off? Feel like something else deserves a place? Leave suggestions in the comments.

Tuesday, June 4, 2013

Survey results

Thank you to all who participated in my survey for my lesson in Elders Quorum on June 2nd. This chart provides one summary view of the results:

You can still see the survey online at and look at some pie charts of the results Any data miners among you can look at the raw and anonymous data

Tuesday, May 14, 2013


Please help me collect information for a Sunday School lesson on 6/2 by taking this survey:

Monday, March 25, 2013

Climate change survey

Please take a few minutes and fill out this survey on climate change. It's for my sister-in-law's dissertation research. You can enter to win $50 for taking it. Thanks.

Sunday, February 3, 2013

Our relationship with our wife

Come home after a hard day at work and the dinner’s not ready, the house is a mess, and the kids are screaming. What do you do?

How do we treat our wives?

Mosiah 3:19

POV Dyer-gram
- men look at how far they’ve come
- women see how far they have to go
- need to help each other see alternative perspective

The perfect woman does not exist. “Even if she did, she wouldn’t want you!” Woman helps perfect the man and the man helps perfect the woman. - President Dyer Zone Conference 6/8/00

Where are some pitfalls in the marriage relationship?
In what ways does the adversary skew the roles of husband, wife, father, and mother?
Playing “my life sucks more” and other stupid games of one-upmanship
Don’t assume you know motivation behind words/actions
Not trying to fix everything
It’s not 50/50, it’s 100/100!

How do we improve things?
How do we nurture that relationship?
Choose to love. Love the verb, not love the feeling
Serve to love - you value that for which you sacrifice
Zone Conference 10/14/99

  1. No contention, not even in the heart
  2. We all want to be good spouses and parents
  3. We can only change ourselves (don’t carry around lists)
  4. Mental list of things we admire
  5. Companionship is 100%/100% proposition
Validation of feelings and effort
Grandpa Bob's advice - compliment her regularity

Valentine's day
Make it count! Your quality of life is directly proportional to the happiness of your wife.
Memorize Mosiah 3:19

Course manuals: