Ponderings

There's a lot of reluctance for consultants to enter into fixed-price contracts. There is concern about cost overrun possibility especially when tasks are poorly understood or when the project may change during execution. Yet the same people are often willing to enter into a timeand materials contract with a strictly enforced budget cap. In theory if such a contract goes over budget, the consultant could stop and leave things hanging. In practice, this rarely happens; there are often acceptance clauses for quality of work that require things be in a deliverable condition and there is often a strong desire to spend the time it takes to make the client happy, even if some of that time cannot be recovered. Hypothesis: people often don't rationally asign value or risk in these situations.

I was talking to Luke this morning about some really neat work he's in the middle of doing. It prompted me to think about how the security projects I've been in over the last 10 years fit together and whether I've accomplished anything. So, we're not really taking over the world, but we have made a difference in it. By the time I joined the IESG, there were a number of things I really wanted to come together: channel bindings, GSS/SASL unification, GSS naming. A group of us started to do that. None of these were my idea alone; I'm not ever sure if I came up with any of the ideas. We worked together. It was so slow; it's always so slow. Of course as what we did was viewed by others, there has been long attempts to educate, people who disagreed, people who didn't see the complexity.

Things have been moving so slow that I didn't really even notice they were moving at all. They are though. Huge chunks are coming together. I'll talk about the technology over the coming months in my professional blog. I want to talk about the emotional impact now. I'm beginning to realize that the work we did is making a difference. The difference started with how we thought about things; now others are changing how they think about things. Technology is starting to be built to reflect this new thinking. It's really starting to hit though that over the past 10 years I've been (and will continue to be) part of something big. I don't know if it will matter in its own right, or if it will matter by shifting the course of things around it. I don't know if it will be big enough that anyone else will be able to see the effects, but I'm beginning to really believe that 30-40 years from now, if I look into computer security, I'll find influences of what we've been doing; even if they have changed enough that few others can recognize them.

This is one of the most wonderful feelings in my life. I love that this has been such a team project; I've enjoyed working with such a wonderful group of people. I love that it's been sufficiently evolutionary that I can't find the edges—either in terms of what technology is part and what is beyond the edge, or in terms of the team of people working together. I love the technical challenge. I love seeing people I've never heard of taking interest in ideas I've been part of. It has been and will continue to be great!

Obviously, there are a lot of people to thank. Nico, both Jeffs, Tom, both Kens, Larry, Luke, Steve, Marshall, and many others. And of course if you asked any of the people on that list who they thought made valuable contributions, they'd have their own partially overlapping list of names. Technology is fun.

So, I'd really like an ethernet cable run across my basement and presented through a standard RJ45 jack at faceplates in two first-floor rooms. I think appropriate locations for faceplates exist. I kind of feel like this is the sort of thing I'd probably do for myself if I were sighted, but I need to hire someone to do it. I'm looking for someone significantly lower budget than a professional networking installer for a business: I need one cable, no punchdown blocks, etc. However I do want someone who can test the cable, etc.

How do you go about finding help for something like this?

mrw42 and I went to Anticipation last weekend. It was a lot of fun and I definitely think I will enjoy going to Worldcon in the future if I make it. We attended a Heather Dale, a really excellent folk singer. Margaret and I stumbled into the end of a concert she gave at Arisia a couple of years ago, and it was some of the best music I've heard. So, I was really excited to see she was at Worldcon.

We also attended an excellent Neil Gaiman reading. I think that Gaiman can write Jack Vance stories perhaps a bit better than Vance himself. He read a short story he contributed to Songs of Dieing Earth. He also read a love letter that was quite amazing.

I attended a panel on economics in SF. I didn't notice that it was opposite another panel on economics in SF with Niven as a panelist, oops. However at the one I did attend, Charles Stross made an interesting comment about quantum computing. He expressed a theory of a physicist friend that the computational model behind a quantum computer might be powerful enough to make solving the central planning problem possible. That in of itself would be interesting. However his phrasing suggested that it was a question of computability not of complexity—and I'd guess he would understand the difference. I asked, but he didn't really answer whether that is what he meant. I had thought that at least so far we expected QP to be a subset of NP. I had fun discussing what this all really meant with some folks from Cambridge university at a party later in the evening.

There's a very interesting discussion to be had about the interactions between the computability of consciousness, the separation between complexity classes like P and NP, the computability model of quantum computing, and the complexity model of quantum computing. It's been running around in my head since the weekend, but I'm having trouble articulating it all. Perhaps after the singularity, it will all become clear:-)

It's MIT graduation time. That has caused me to think of this, although it's not just people from the MIT community. A lot of people I know are going off and doing cool and interesting things. They're starting interesting companies, building families, or doing other cool and neat things. Especially for the professional type stuff, there's been a lot of mixed emotions going through my head. I'm really happy for them. However, I'm also sad; some of these ideas seem really cool. I keep thinking to myself, "Why didn't they ask me if I wanted to be involved."

In some cases, they did. In other cases, they clearly knew I wouldn't be what they needed or I don't have enough time. In one case, we're even seeing if we can try and make it work.

I have my own cool things. I'm trying to figure out how to make them more cool and get others involved. So, this is all irrational, but it does make me wish I had more time, more energy and could do more.

Last weekend, I spoke at a polyamory seminar organized by some friends in Washington state. It probably wasn't worth going out there for a one-day seminar, but going out to see friends, introduce them to Zoe and attend the seminar definitely made a worthwhile trip. Discussions of group relationships rather than multiple pairwise relationships featured more prominently in the seminar than they tend to in poly discussions in the Boston community. I'm not sure if that was sample size or a different emphasis in what communities are looking for.

The seminar opened with a cute icebreaker game. Everyone got a card describing their relationship constraints and had to find people who had compatible constraints. Then the resulting relationship graphs were drawn on the board. (There was one fully connected sub-graph and one other network; this was a factor both of the cards and of a couple of decisions people made.) What I found most interesting is that everyone (including myself) found the icebreaker very effective and positive. Amusingly though, when I try to describe lessons one might draw from the experience they're fairly negative. I could use that game to illustrate STD risk, or to illustrate how in poly relationships, your life can be influenced significantly by people several steps away from you. However, I don't think anyone there was thinking about it that way, at least not as their primary focus.

The discussion was well worth participating in and was of high quality. Multiple groups there had experience with parenting, dealing with families, communications, and the other sorts of issues that tend to get discussed at poly panels. I found one part of the communication discussion really fascinating. The speaker was talking about not drudging up old examples of behavior when discussing a problem. I completely get why this is important; when your past mistakes become a burden of ever-lasting inadequacy, it destroys the ability to feel that you are a respected and valued partner in a relationship. However I found myself in conflict with the advice because pattern analysis is a critical part of how I approach problem solving. If someone is in a hurry and doesn't get a chance to clean up after themselves, then I'm happy to pitch in and help out. Some day I'll need help too. However if someone is rarely able to find the time to clean up after themselves, then it's worth discussing. Either they need to adjust to what they are doing or I need to change my expectations. I need to think more about how to balance these concerns. I definitely appreciate discussions that give me something to think about.

My friend who organized the event did a great job! She is good at organizing conferences.r

I went to NEFFA for the first time. mrw42 suggested she wanted to go and I had always wanted to go myself. I had a great time. I'm not really into dance, but I definitely enjoy folk music, music, meeting people, stories and a lot of the other events that were there. I also think that I could learn to square dance and if I did I'd enjoy doing it. I don't know whether I'll do that: it is something that would be worth it if there is someone in my life who is sufficiently into dancing. Margaret enjoys dancing and has square dancing experience, but I don't know if she will be into it enough to make it worthwhile for me.

Later Saturday, I went to a party and had a great time with old friends and new alike.

The last couple of days I've been debugging some things for a client involving Miredo, the Linux Teredo implementation. I spent a frustratingly long time only to discover that while I wasn't looking my Teredo address had changed and so the reason my packets weren't quite working out right is that they went to the wrong place. Along the journey I was trying to debug the procedure Teredo uses to avoid address spoofing. This proved difficult. Miredo forks off a daemon process to monitor its child (and I think handle some privilege separation issues). Eventually the actual worker process gets started; that's a multi-threaded complex process. Many events have timeouts, so if you spend too long in the debugger, peer entries or short-lived authentication checksums may time out. In addition, pthread_cancel is used in some cases where there is a timeout, so you may find that the thread you are debugging has been blasted from on high.

The trivial approach of setting a breakpoint sure didn't work. Somehow in all the forking around, Gdb failed to remove the break point in the child. So, I got the amusing message

Program terminated with signal SIGTRAP, Trace/breakpoint trap.
The program no longer exists.

With that auspicious start, I began my adventure. I'll skip the play-by-play , but I want to pass along some useful observations.

• The best way to deal with forking is to run the program, find the right process through some other means and attach to it. Life is very frustrating when this doesn't work because you need an early breakpoint, because it's hard to find the process or the like.
• When that fails, the catch fork command can be used to break after a fork succeeds.
• Don't forget to set follow-fork to indicate whether the debugger should stay with the parent or child. (I really wanted the semi-mythical set follow-fork both)
• I found the amazing set scheduler-lock command. This allows you to disable execution of other threads while you're debugging.
• Don't forget to turn off the scheduler lock from time to time: multi-threaded programs get into some fairly unusual deadlocks when only one of the threads is permitted to run.

I'm definitely in my kind of family. The kids were talking at dinner: Rachel: Its confidential.

Owen:I have a need to know.

Rachel:What's your need to know?

Owen:That's confidential.

Clearly, they should ask their grandmother for NSA employment info.

Dear TDAmeritrade: when I'm explaining to you that while I'm not currently closing my existing accounts, I am sufficiently dissatisfied with the interaction I have received so far that I'm not going to open an individual 401K with you, the following responses did not convince me I was wrong.

• What do you want? A good back office and customer service or quality investment advice? (Apparently I don't get both.)
• I am an expert. I just don't know how to mail things out or how our system works. I do understand how to design portfolios!
• I'm good at designing portfolios; I agree you are basically not going to out perform an index.
• Don't you think you're being unreasonable.
• Your account is not big enough to get good service

Over Presidents' Day week, we had an excellent vacation on the island of St. Kitts. Zoe really likes the beach and the ocean and of course pools are wonderful. There's nothing better than a week at a tropical beach in the middle of a Boston winter. There were a couple of incidents though that reminded me we were truly in a foreign country. One happened as we were arriving at the airport. We get off our 737 and walk down steps to the tarmac. There are a couple of near-by planes. We start walking towards the terminal. Suddenly an official stands in front of us and motions to stop. One of the passengers screams "turn around," as another jet turns, blasting us with its jet stream for about 20 seconds. We were not close enough that it was uncomfortably hot, although it did seem warmer than the surrounding air. Initially I was puzzled as I didn't know what was going on. Many of the things that could involve an urgent recommendation to turn around also should involve subsequent mad running. However I'm glad I did turn: there's a hell of a lot of grit coming off a jet. My back was nicely sand blasted; I'm really glad I mostly didn't get that in my eyes. Zoe was not pleased. You could never get away with doing that to a plane full of passengers at an US airport.

We also took a day cruise on a catamaran later in the trip. We got dropped off on an abandoned beach to play around for a while. I gather that the cruise was a bit more fun back before the hurricane took out the resort on that beach. We would have had somewhat more fun if it wasn't raining, but even so, we had a good time playing in the waves. Besides, while the beach was abandoned, there was a sufficient supply of alcohol, so that makes everything better, right? Then it was time to return to the boat.

The surf was fairly heavy at this point. The plan was for the boat to come in close to the beach so it was about knee deep for adults. The captain would use his engines to prevent running aground, and we'd run out to the boat and climb up a ladder. This didn't work so well: there was a lot of timing of waves involved and throwing people up the ladder so that the boat would not be tossed around while people were climbing on. A 60-foot boat has a lot of inertia and while most things would probably be OK, I sure didn't want to get hit in the head if the boat took a sudden toss. Our entire group made it onto the boat just as a huge wave washed over the back. The captain decided that things were too risky and pulled away from shore.

There was apparently some plan to lower the dingy and collect peoples' bags because that might make it easier to collect the people. There was an o-shit moment lowering the dingy: both sides dropped at once and the dingy line fowled the propeller. Crew dropped over the side with a knife to clear things up. The dingy puttered off to the beach. There was some confusion surrounding whether the dingy was picking up people or bags: the crew on shore and all the passengers were apparently out of contact. As far as I can tell, the dingy picked up neither passengers nor bags but did pick up a bar tender to reduce the stress level on the boat.

With dingy still deployed, we headed into shore. We were about ready to pick up the first load of passengers when the captain realized that the propeller was much worse for its encounter with the dingy line. He found himself with the boat parallel to shore without sufficient control to control which way he was pointing. He apparently had one of the two engines, but the other was not responsive. He ordered the remaining crew over the side to push the boat away from the beach and yelled at the dingy to come push him so he was pointing out to sea. Back out to the mooring point. Crew go over the side to examine the propeller. Apparently propellers are supposed to have fins not be featureless discs.

I'll take a brief aside to mention that taking the train home after a hockey game is not ideal. I'm listening as a passenger explains why it's OK that he's abusing his wife and the conductor is apparently arresting him. I think this is going to blow our schedule. The passenger has apparently drunk more than the people on our vacation cruise. (To be fair, no one seemed to have drunk enough that they were endangering themselves or out of control on the cruise.) Now other passengers are arguing with him. People are sad: we don't get to see a fight. Apparently the game didn't have enough fights and they are still looking for one.

Anyway, back to the story. Apparently the boat carried an extra propeller, so the crew went over again to install one. Meanwhile the crew on the beach has decided that the passengers would be better off on an abandoned dock. The dock is taped off with caution tape because it is falling apart: boards are missing and there are holes; it is clearly not structurally sound. So the passengers make their way around the holes and onto the dock. No one falls in or gets significantly hurt. It's apparently still too rough to go into the beach, so the dingy picks up a few people at a time off the dock and brings them onto the boat. Around that time the rain clears and we have a great trip back to port. Again, so not a US thing.

The boat adventure was kind of fun. Yes, there were probably risks taken that should not have been. Yes, the chance of people getting hurt was higher than something you could get insurance for in the US. However no one did get hurt, and we all got an amusing story.

I have several blog entries I need to find time to write:

• No Bills for Nancy—9 years later it's still the best bug I've ever run across
• Chernobyl development: what happens when there is a complete disconnect between product management and engineering.
• Commentary on social engineering based on an experience my mom had.
• Quality matters: your hobby's sprintf costs us thousands.
• And I really need to write something in Zoe's blog.

Hopefully I'll find time to work on these soon.

Last week I was in Austin with a bunch of former Fundsxpress people celebrating the resolution of some issues surrounding the sell of FX to First data. It was a wonderful trip: I saw David and lasofia of course, also with Zane, Charles, Gregg, Cote, mhat and a few others. For various reasons, Jay, Arley and John Burns were not able to make it. However I've been working with the three of them lately.

Predictably, there was a lot of talk about getting the company back together. Well, at least getting the people back together on some new project. I was quite impressed with how successful all these people have been since FX. No one has been financially successful to the "never work again" scale or anything like that. However, all of us seem to have reached a high degree of excellence within our chosen fields. It's wonderful to see the depth of discussion whether it is a business or technical topic. For a bunch of high school students who didn't understand databases, version control, or object oriented programming, we've come a long way! Secondly, a lot of the people are working as consultants or the like.

As I mentioned, I have recently worked with John, Jay and Arley. It was a great feeling. I'm certainly one of the people who would love to see overlap in what I do and what other members of the former team did. However it's hard. Anything that happens is likely to be incremental at first: one or two of us working on a project. There are a lot of challenges to growing something like that. You need a project big enough to fund a bunch of senior people. You need something that is interesting enough to everyone. Still, it seems an interesting challenge.

To illustrate the sorts of challenges, Jay, Arley and I worked together on one project. There's a strong desire to work together again. However we're having a significant amount of difficulty understanding what it would men to join forces. Ignore finding the financial side for a moment. We're even having trouble figuring out how in a repeatable sense it would be meaningful for us all to be on the same team.

Austin was also great socially. I saw a number of people and had a wonderful time.

I will be in Austin the afternoon of February 3 through the very early morning of February 7. The original plan was to sit around in court all week looking attentive (except when I was testifying) but that is apparently no longer necessary. So, instead, I'm going to try and get together with all the fine folks who were also in Austin to sit around looking attentive.

If you would be interested in getting together, please let me know. I'm also still looking for places to stay. This is somewhat of a last minute thing:-)

Recently, I got sucked into the Charles Stross Merchant Princes series. It's reasonably good, although I wish Stross was slightly better at characterization and endings. It's not as mind-blowing from a technology and math standpoint as the rest of his work, but it is definitely worth a read.

I think one of the more interesting aspects was looking at how someone from outside the US viewed the post 9/11 American government. "It will be legal by the time the AG's ruling comes out," was a surprisingly common refrain. I find that attitude incredibly alien; it just doesn't fit into my view of how the US works. Sadly, I think I'm the one who is out of touch, not Stross. Every time I'm reminded of the abandonment of freedom and our ideals that we've taken recently in the name of security, I am newly depressed.

In related news, we have a new president. A lot of people I know are really excited by President Obama. I've never managed that. I voted for him, but the best I could say is that he seemed better than the other guy. I listened to a good chunk of his speech, and there were some nice things there. It would be nice to find myself truly supporting an American government again some day. So far, though, it seems like more of the same. Admittedly, the same with more alignment to what I believe in, and that's certainly good. Even that might be enough to end the sham that our justice system has become lately. That would certainly be good.

I've been quiet in 2008. It was a year of change, internal focus and adjustment. Interestingly, it did not appear to be as much of a year of reflection as I would expect. I was too busy to reflect much.

The changes have been good. I've settled into my family. Being a parent is an amazing joy, far more than I had expected. Margaret continues to be the most wonderful partner anyone could hope for and our life together brings me great happiness. I left MIT and have established my consulting practice. It feels good to be moving on professionally.

I look forward to the opportunities of 2009. I hope to focus more outside myself than I did in 2008; I also hope to be more actively introspective in my personal growth in 2009.

A lot of my outward energy in 2009 will be spent on meeting people and being more social. I continue to have an important goal of finding someone to share my life with besides Margaret. Our relationship is wonderful, but I'm also lonely because there is a lot of time we cannot be together; I'd like to find someone to share that part of myself with. I continue to believe the right way to approach this is to find and meet people, grow closer to them as friends and see if something more develops. Having new friends is always wonderful, and if there is more to be found, that is excellent as well. However over the past year, I have not had as much energy for socializing and meeting people as I'd like. I'm also not sure that the energy I have spent has been as effectively spent as it could be; I'll have to ponder that later. I am going to explicitly work to find and use the energy to be social this year.

In the past couple of weeks, I've picked up a quest for self introspection and improvement. I've been noticing a particularly bad tendency to burst other people's bubbles. Someone will be describing some hope of theirs, and I'll find myself pointing out why it won't work, or some problem. It feels like at least part of the motivation on my part is to make sure they understand what obstacles they are facing and to encourage them to have a realistic starting point for trying to build a plan. However, I don't manage to be constructive, I make them feel bad and I feel bad myself. I want to work on this in 2009. It's been a long-standing tendency, although I've just recently begun to understand it well enough to really want to work on it.

I also want to blog more. I've been very quiet here, on my my professional blog, and on Zoe's blog. I want to improve that. My LJ is important so people can learn about me and share what's going on in my life and in my head. The professional blog is helpful for establishing credibility and continuing to maintain my reputation. Zoe's blog is important for my parents and others who want to follow her life but also for me as I look back years later. Right now, I'm writing this on the train into Boston. I wonder if it will work to dedicate time on the train to writing a post for one of these three blogs instead of relaxing or working on other work. I'm going to give it a shot and see what happens.

Saturday was an excellent day. There was a gathering at SIPB to work on Debian and try to fix release-critical bugs. I was expecting we might have around 7 people. We had around 30. There is incredible energy in a room of 30 smart people all working on different problems. People were moving around as they finished problems, helping each other learn new skills, and so on. Those of us most familiar with Debian were working on uploads and on helping people understand packaging. Then, later, I spent the evening at an excellent party where I met some great new people and ran into other friends I see infrequently.

We will be having a partyat our place on September 1 to celebrate my birthday and the end of summer. We'll get out an invitation closer to the event, but I just wanted to note the date now.

mrw42, zoe_hartman and I went to Ireland last week. The IETF was there; that brought Margaret and I. After, we spent some time as tourists in Dublin. My parents met us there to see Zoe and to see Ireland.

It was a really wonderful time. Everyone in Ireland was friendly. The food was great. We visited some of the big tourist sites.The exhibition of the Book of Kells at Trinity College was quite interesting.

Ireland is very kid friendly. Most people seem to like kids and be interested in kids. IT was neat that when Zoe seemed a bit unhappy, total strangers would drop by to cheer her up.

mrw42 got me an early birthday present today: a tandem bicycle! It's been since before high school since I've had a working bike and someone to ride it with. I'm very happy.