Superconductor

CAT: I've got it. We laser our way through.

KRYTEN: An excellent plan, with just two drawbacks: One, we don't have a power source for lasers; and Two, we don't have any lasers.

Red Dwarf, “White Hole”

In the "White Hole" episode of the old TV show Red Dwarf, there's a scene where Cat and Kryten are trying to get into the bridge of the Red Dwarf but are being thwarted by a locked door. Cat suggests that they blast their way through the doors, and then Kryten explains to Cat that his plan won't work because they're missing some key pieces of equipment that they'd need to carry it out.

I was reminded of this scene recently when I was talking to someone about the Annual Loss Expectancy methodology that's often used in risk management. In the case of ALE you calculate the risk associated with a particular event by multiplying the probability of the event happening by the loss that will accompany the event if it happens. This is often written as R = P x L.

But when you try to apply this framework to the problems that information security tries to address, you find that you're missing two key pieces, much like Cat was in Red Dwarf. Cat was missing both the power source for a laser as well as the laser itself. In the case of ALE, we find that we don't really know either the probably of events happening or how to quantify the damage that will occur of the events happen. But aside from that, as Kryten might point out, using it is probably an excellent plan.

Don't you worry about Wikipedia. We'll change it when we get home. We'll change a lot of things.

Homer Simpson, "Apocalypse Cow"

Thinking about yesterday's post reminded me of another unusual job that I once heard about. An economics professor that I had in college liked to tell about a job that a friend of his had. It seems that this person worked for Proctor and Gamble, the biggest sponsor of those short, episodic works of dramatic fiction that are often called "soap operas."

Apparently, fans of these shows would often send gifts to the characters in the shows. If a female character would get married, for example, then fans would often send in lots of wedding gifts. And they would actually send these to the sponsors of the show, hoping that they be able to forward them to the character. This meant that P&G would end up with lots these gifts, and my professor's friend's job was to find a good home for them.

I'm not exactly sure how you'd describe that particular job on your resume. I doubt that the person's title was "Disposer of Ridiculous Soap Opera Gifts," so now I'm even wondering what their actual title was. 

After reading the recent post about the usability lessons that software vendors could learn from the MMORPG Progress Quest, an alert reader suggested another good candidate for a very usable product, and that's the Holly Hop Drive, as seen in the episode "Parallel Universe" of the TV Show Red Dwarf.

Here's how the Holly Hop Drive is described in Red Dwarf:

LISTER: (Holding up the Holly Hop Drive) Is this it?

HOLLY: What do you think?

LISTER: It’s just a box with “STOP” and “START” on it!

HOLLY: It’s fairly straightforward. If you want to start it you press “START,” and you can work out the rest of the controls for yourself.

I can't say for sure whether or not the usability of Voltage's SecureMail was modeled on the Holly Hop Drive, but I don't recall it ever being mentioned. They do seem somewhat similar, though. In one case you just need to press "START" to get it working; in the other case you just need to click on "Send Secure."

“I know what it's like to feel like it's never going to end.” – Jack Bauer

One of the challenges which face many world-class engineering organizations is how to maintain an atmosphere of innovation while still delivering on customer commitments and scheduled releases. During the early stages of a start up innovation is rampant; there are typically no customers to worry about, no backward compatibility issues and no upgrade paths to test.

As a company matures I have seen many engineering teams stagnate, innovation slows down, and morale suffers. As a VP of Engineering I spend time on the lookout for the warning signs, at Voltage we are blessed with a strong highly motivated team.

Recently within the Voltage engineering team we held our first “Jack Bauer Day.” 24 hours of the engineering team doing anything they wanted to do. From 9 am in the morning of February 2^nd (2/4 for all us in the USA) until 9 am in the morning of February 3^rd the team had free rein with very little direction. The one condition: you had to present what you worked on to the rest of the team.

It was fascinating to watch how ad hoc teams formed; perhaps one of the most interesting was a team of three engineers who took on the task of developing Format Preserving Encryption on regular expressions as described by Bellare, Ristenpart, Rogaway and Stegers in their Format-Preserving Encryption paper.

Within the allocated time period the team was able to demonstrate features such as:

Given a regular expression R describing a regular language and a plaintext p which matches R, then p can be encrypted to a ciphertext c which also matches R and has the same length as p, and c can be decrypted back to p. For example:

Plaintext: jobs@voltage.com

Ciphertext: 3y90zagb@2GMK.com

Decrypted ciphertext: jobs@voltage.com

The team then expanded the initial implementation with some different length encryption. Given regular expressions R1 and R2 (each describing a regular language, with certain restrictions on R2) and a plaintext p which matches R1, then p can be encrypted to a ciphertext c which matches R2 (with varying options for the length of c), and c can be decrypted back to p.

For example:

Plaintext: 4005 Miranda Ave, Palo Alto, CA, 94043

Ciphertext: 8 Bauzvvbuwg Dr, Szptny Oqo, AZ, 25601

It never ceases to amaze me what a small team of focused engineers can achieve if left alone.

Was Jack Bauer day a success? Yes absolutely. We will be holding them on a regular basis.

Acknowledgments: Portions of this post was taken from team rugby’s write up of their Jack Bauer day.