Aww man. A job at Blizzard has been a dream of mine for years, and now, suddenly, it’s really not anymore.
Category: Programming
If you monitor human-human interaction, you do it on your own time, understand?
I’ve been thinking about my performance evaluations class (which I’m failing, but still find interesting, except for the math), Leonard’s comment on bad metrics and the concept of keystroke counters and loggers (thanks to spam). There’s a quote in the textbook for the aforementioned class, “that which is monitored improves,” attributed to “Source Unknown.” So I can’t call out the person who said it for being wrong, which it is.
Here’s a handy set of heuristics for deciding when to monitor. For you! It would be better drawn as a flowchart or tree, but I’m lazy.
Good Things To Monitor
- Efficiency of system-system interaction, based on system output
- Quality of human-system interaction, with the goal of improving the system, based on user-satisfaction output
Bad Things To Monitor
- Quality of human-system interaction, with the goal of improving the human
- Quality of human-system interaction, based on system output
Incidentally, this also covers the basis of the problem I have with standardized testing. Or the lecture-test educational system as a whole, in fact.
Update 09.25.2004 1054 hrs: Leonard has pointed out to me that I somehow copied the wrong Crummy hyperlink. It’s fixed.
I feel like getting arrested
Hey, wanna see if you’re a terrorist? Excuse me–“Specially Designated National or Blocked Person?” Thanks to the Department of the Treasury, you can, in PDF or ASCII flavors! (As stated above, I do feel like getting arrested, so I was going to write a form script that would search the file for you, but it’s 1.35Mb of unmarked-up plaintext, and I don’t want to kill my webhost with that much sequential search.)
I’m aware of this list because today I had to write down some personal info and sign a release form at work. My company could be getting a federal contractor as a client, so every employee name has to be checked against the list. Fair enough. I don’t like that, but it is the law.
I do have a problem, though, with the fact that we contracted an outside firm to do the checking. Everybody in this company had to sign a paper saying that neither my employer nor this firm were liable for any consequence of having yourself checked. Then everybody had to print his or her first, middle and last names, DOB, and SSN. The forms will be sent off to VeriCorp, who of course can be trusted with my SSN and corresponding information! I guess!
Keep in mind that my employers are probably paying thousands of dollars for this: VeriCorp is going to take a list of a few hundred names, then they’re going to take the text file linked above, and they’re going to have some people hit CTRL-F a few times. And if one of those people makes a typo and you go to Secret Terrorist Jail, whoops! Oh well! They’re not liable!
I am making use of hyperbole here, obviously. Nobody’s going to go to jail; if you’re on the SDN list and the FBI doesn’t know where you are, you’re certainly not going to be working under your real name, much less putting it down on that form. This whole thing is a redundancy measure, a legal fallback.
My point is that there is no reason to be sending hundreds of people’s personal info to an outside contractor, liability-free, when the list is publicly available, and we have an in-house software development team who are all experts at data correlation. I guess the potential client doesn’t trust us to verify our own employees, because we’re an interested party in the negotiations. But if they don’t trust us to verify the information correctly, why trust us to send it correctly in the first place?
A response to Paul Boutin of Slate.com
Sumana sent me a great article called “Fight Virus With Virus,” where by “great” I mean “horrendously ill-advised.” Basically, Paul Boutin argues that instead of offering cash rewards for the capture of virus writers, the (ostensible) good guys should write viral programs that attack the malignant viruses with their own methods.
You may recall last fall, during the heyday of Blaster, when some idiot attempted to build a “good worm” that would fix the problem Blaster exploits. I’m sure it came as a shock, to people who weren’t paying attention, when it only made the problem worse. Boutin makes that worm (“Nachi”) a key point of his proposal. “Ingenious!” he says. “There was only one problem: Nachi overloaded networks with traffic, just like Blaster had.”
Casting it in those terms makes it seem like the traffic problem was a minor side effect, something that could have been fixed with a little careful programming. In fact, it’s a big glaring fundamental flaw. Boutin’s argument is equivalent to saying “there’s only one problem with water: it’s wet.”
The fact is that it no longer matters what, if any, payload a virus carries. The Denial-of-Service attacks that MyDoom and Blaster were supposed to create failed, because it was easy to figure out what they were doing and take countermeasures. It’s self-evident that it’s very easy to protect a single target when you know it will be attacked, and very difficult to defend millions of targets when the time of attack is unknown. The problem isn’t the end goal of a single instance of the virus, it’s their collective method of replication–which, in an increasing number of cases, is the end goal.
Boutin proposes that the hypothetical antivirus would “[spread] itself slowly and carefully to prevent traffic jams.” But programs that are allowed to grow unchecked are impossible to control, because they grow unchecked. Even writing a program that, say, replicates itself no more than once a week would mean only a minor delay on its growth pattern. Self-replicating programs grow exponentially, and restrictions would only divide that growth factor by a constant. People who know about complexity theory know that no matter how many fractions you put in front of an exponential variable, it’s still exponential; whether or not its curve stretches horizontally near the origin very quickly ceases to matter.
The heart of the virus / antivirus problem is an ethical one: it is wrong to alter any system without its owner’s informed consent, regardless of your intentions. It’s wrong to take over a system to use it for a DOS attack. It’s equally wrong to take over a system as part of a plan to stop that attack. This is a fundamental principle for the “white hats” to whom Boutin is trying to appeal.
(An aside: Microsoft will probably soon begin including the ability for Windows to patch itself automatically, which I’m gonna go ahead and say now will be exploited, and badly. I’m not really an outright MS-basher, but I don’t think the folks in Redmond have ever really been considered white hats, either.)
Boutin actually states the best available solution to the whole problem in his article, before going on to ignore it. “As the Washington Post reported yesterday, protecting yourself is easy,” he writes. “Install some anti-virus software and set it to automatically update itself (the default for most programs).” Actually, it’s not that easy, it’s not cheap, and many people can’t be bothered to do it. And yes, it sucks that their apathy screws up the entire Internet for the rest of us.
But as democracy is to government, so self-protection is to countervirus measures: the apathy of the many causes problems for all, yet it’s the least bad solution available. Increasingly complex tools are subject to increasing numbers of flaws, and will be so as long as they continue to increase in complexity (according to Moore’s Law, that’s forever). The right to repair those flaws rests solely with the owner of any particular instance of a tool; no matter how much one wants to, taking those rights for one’s own is wrong. Malignant programs can make computers into monsters, but as somebody who knew a little about computers once said, there is no silver bullet.
Basically, DRM is bad
Aagh! DRM for Linux!
This was the shortest and most cryptic entry I’ve ever posted, until I wrote this sentence.
Adkins’s First Law
Any sufficiently advanced technology is indistinguishable from art.
Generalization: Technology is art.
I’ve done a lot of work today, but I’ve also spent hours geeking out over my camera that I don’t actually own yet and can’t afford. This is silly, because I have no serious photography equipment or experience, and even if I did I’ll already be putting myself into debt this fall to buy or build a new computer.
Regardless, I’ve been looking at it for a year with absolutely undiminished hunger (so long the price dropped). There are two things I can think of on which I’ve geeked out this long and this hard:
- The trip to Comic Con this summer.
- A good camera with which to take pictures on that trip.
The former is rapidly becoming a reality, as I paid for the train tickets a couple of days ago. I hope the latter can too.
Once, the thought of a new computer would have filled me with butterflies. Now it’s more a hassle than anything–I can’t afford one, but I have to get one, because my current box is no longer capable of doing the work I need to do in grad school. The Digital Rebel has taken its place, I think. It’s a specialized technical hobby; it’s highly modular; the value of my investment drops very quickly; and it’s going to take me years to get any good at it, by which time I’ll cringe at the things I inflict on you when I’m starting out. Man, I can’t wait.
Worked hard all day today on a big Internet Applications project (my very first servlet!) and have it practically done, which is pretty neat. In celebration, Maria and I are watching X-Mans on my new (used) DVD. Starting at 2320 hrs. I have to get up at 0630 hrs. This is gonna be awesome.
This morning, there was a kid two floors down screaming about helicopters for a good solid hour. Also, there were a bunch of helicopters. It was that kind of morning.
(Note: the preceding paragraph exists only to make sure that on April 24th, 2005, the first “Today in History” entry won’t be so obviously referencing the second one.)
A year ago, apparently, I was gasping with horror that I’d left the same cam pic up for a week; now I’m noticing that it’s practically May and I’ve only taken like ten all year. I don’t think I’m all that short on ideas; it’s just that since I no longer have to hit the NFD front page to make sure an entry has posted right, I hardly ever see it and ergo don’t get sick of it. This is really an advantage–remember, NewsBruiser Makes Everything Better–but I don’t want to let all my content feeds get neglected. I need to take more. Anybody want a plastic mullet portrait?
I really need to get around to what I’ve been planning to do since fall 2002, which is put up a navigable IdiotCam© archive and, while I’m at it, enable time-lapse cam posts into the future. I might as well hack together an RSS feed while I’m at it. Yet another project for the summer.