Humans of Computer Systems

Professor Murat  has an interesting section in his blog called the Humans of Computer Systems. I've been thinking about documenting my own "history in computing/systems" so I decided to answer some of the questions in HCS.

Programming

How did you learn to program?

I first learned to program using programmable calculators which I borrowed from my rich high school classmates. I was amazed how using variables saves time when computing some formula. Some of my classmates even have graphing calculators. I usually borrow their calculator and the manual overnight to try it out. I then learned BASIC on my own when my father brought home an IBM PS/2 laptop. I learned other programming languages in school. 

Tell us about the most interesting/significant piece of code you wrote.

When I was in college and taking an assembly language programming course, I wrote a text editor in C, which I called ASMEdit.  It allows me to assemble and link inside the editor. For me, this was an interesting project since I learned how to use pointers to functions to implement the menu system. I also learned to call external programs, TASM.EXE and TLINK.EXE, inside another program. I also implemented syntax coloring for the assembly instructions. This project was developed for the MS-DOS operating system.

Who did you learn most from about computer systems?

I learned about computer systems in my undergraduate OS class, mostly by reading the dinosaur book by Silberschatz et. al. It was in this class that was able to use a Unix OS called Solaris running on Sun hardware. My undergraduate SP/Thesis adviser was a systems and networks guy so I also learned a lot from him. I even learned a lot more about systems when I switched to linux desktop starting with Red Hat 7.3. 

Who is the greatest programmer you met, and what is impressive about them?

Some of my college classmates were really good programmers. They can easily implement advanced data structures and algorithms, especially graph and network algorithms. There was no Stack Overflow then.

What is the best code you have seen?

Over time, I realized that there is actually no best code. I do admire readable and maintainable code. OS kernel source code is quite messy.

What do you believe are the most important skills to be successful in your field?

Desire to learn new things. Oral and written communication. Working in a team. Navigating the academic politics.

What quality or ability do you value most in a computer systems person?

The desire to learn and experiment or tinker with various things. The ability to "see" the big picture at the same time can work on the specifics. Courage to break things.

Personal

Which of your work/code/accomplishments are you most proud of?

I am proud that I was able to get tenure at the university. This gave me the freedom to work on various areas in computer systems that interest me without worrying too much about job security despite the low pay. The ICS-OS paper actually gave me tenure. I enjoyed working on it and using it in my classes.

What comes to you easy that others find hard? What are your superpowers?

Understanding systems. Connecting/integrating things together.

What was a blessing in disguise for you? What seemed like a failure at the time but led to something better later for you?

I was not accepted in the private company that I applied to after graduation. My rejection in that company led me to apply as an Instructor in the university since I also want to pursue graduate studies. 

What do you feel most grateful for?

I feel grateful for everything I have right now. 

What does your perfect day look like?

Learning something new. Helping some people. Exercising and playing sports.

What made you most happy in the last year?

I was able to survive despite the pandemic. Though anxiety kicks in from time to time.

Work

What was your biggest mess up? What was the aftermath?

Some colleagues were pissed when they lost internet access because my private cloud setup has an exposed DHCP server which assigned IP addresses to their machines. We were able to isolate and resolve the problem but it was already late in the afternoon.

What was your most interesting/surprising or disappointing interaction at work?

I need to babysit the son of my colleague on a weekend because he needs to argue/discuss with another colleague about the "draconian" network access filtering.

What do you like most about your job/profession?

The freedom to tinker. The opportunity to share what I know. The chance to mentor and help others. Working with smart people. Playing the publications game. Navigating academic politics.

What would be the single change that would improve your work environment most?

Improving the research culture. Most of my colleagues are great teachers but they disregard the research aspect of the profession. CS is a fast-changing field. We need to keep up with the advances.

Technical

What do you think are the hardest questions in your field?

System reliability and performance. Ethics. Should we build this system because we can?  Is there one operating system to rule them all?

What are you most disappointed about the state-of-the-art in your field?

Sometimes the state of the art is just an incremental step or just scaling up. 

What are the topics that you wish received more attention? What do you think is a promising future direction in your field?

System reliability and performance. Ethics. 

What is your favorite computer systems paper? Why?

*XEN and the Art of Virtualization *A view of cloud computing *MapReduce: Simplified Data Processing on Large Clusters

I reread these papers from time to time.

Story

Is there an interesting story you like to tell us?

Yes.

Tell us your story.

I wrote an EXE non-overwriting computer virus bundled with ASMEdit I described above. My classmates and instructor who copied the program had no idea of the presence of the virus. The virus just replicates though, there is no destructive payload. AV then were signature-based so they never detected the virus I wrote.

Rant your heart out.

We are in a research university. Why are we not reading at least one research paper per week? :)

Read More

InfoSec vs CyberSec vs ITSec vs CompSec vs NetSec vs AppSec

Since I am relatively new to the area of "security", I decided to look up the definitions of the terms that I often read or hear in the community. I took the definitions from CSRC-NIST, SANS, and ACM.

Information Security (INFOSEC)

• "The protection of information and information systems from unauthorized access, use, disclosure, disruption, modification, or destruction in order to provide confidentiality, integrity, and availability."[1]
• "Information Security refers to the processes and methodologies which are designed and implemented to protect print, electronic, or any other form of confidential, private and sensitive information or data from unauthorized access, use, misuse, disclosure, destruction, modification, or disruption."[2]

Cybersecurity (CYBERSEC)

• "Prevention of damage to, protection of, and restoration of computers, electronic communications systems, electronic communications services, wire communication, and electronic communication, including information contained therein, to ensure its availability, integrity, authentication, confidentiality, and non-repudiation."[1]
• (Aside: Cyber/Cyberspace - "The interdependent network of information technology infrastructures, and includes the Internet, telecommunications networks, computer systems, and embedded processors and controllers in critical industries."[1].  Cyberspace can be considered a "realm" or "domain" like land, sea, air, and space where war can happen.)
• "Computer and network security, or cybersecurity.."[8]
• In Education - “computing-based discipline involving technology, people, information, and processes to enable assured operations.  It involves the creation, operation, analysis, and testing of secure computer systems. It is an interdisciplinary course of study, including aspects of law, policy, human factors, ethics, and risk management in the context of adversaries.”[7]

Information Technology Security (ITSEC)

"technological discipline concerned with ensuring that IT systems perform as expected and do nothing more; that information is provided adequate protection for confidentiality; that system, data and software integrity is maintained; and that information and system resources are protected against unplanned disruptions of processing that could seriously impact mission accomplishment. Synonymous with Automated Information System Security, Computer Security and Information Systems Security."[1]
• (Aside: Information Technology - computing and/or communications hardware and/or software components and related resources that can collect, store, process, maintain, share, transmit, or dispose of data. IT components include computers and associated peripheral devices, computer operating systems, utility/support software, and communications hardware and software."[1])
"Information Technology Security also known as, IT Security is the process of implementing measures and systems designed to securely protect and safeguard information (business and personal data, voice conversations, still images, motion pictures, multimedia presentations, including those not yet conceived) utilizing various forms of technology developed to create, store, use and exchange such information against any unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby preserving the value, confidentiality, integrity, availability, intended use and its ability to perform their permitted critical functions."[5]

Computer Security (COMPSEC)

"Computer Security is concerned with the risks related to computer use, and ensures the availability, integrity and confidentiality of information managed by the computer system, permitting authorized users to carry out legitimate and useful tasks within a secure computing environment."[3]
"Measures and controls that ensure confidentiality, integrity, and availability of the information processed and stored by a computer. Rationale: Term has been replaced by the term “cybersecurity”". [1]
(Aside: probably used in the days when computer networks were not yet ubiquitous)

Network Security (NETSEC)

"Network Security is the process of taking physical and software preventative measures to protect the underlying networking infrastructure from unauthorized access, misuse, malfunction, modification, destruction, or improper disclosure, thereby creating a secure platform for computers, users and programs to perform their permitted critical functions within a secure environment."[4]

Application Security (APPSEC)

"Application security describes security measures at the application level that aim to prevent data or code within the app from being stolen or hijacked. It encompasses the security considerations that happen during application development and design, but it also involves systems and approaches to protect apps after they get deployed. "[6]
(Aside: any activity designed to protect the usability and integrity of your applications [desktop, web, mobile, cloud, software in general?] and data)

There is obviously an overlap in the definitions above. I came up with a layering, which is shown in the figure below, in an attempt to put things in perspective.  I equate "security" to "protection" and the layering is based on what is being protected, with "information" the outermost layer having the broadest scope. Most people nowadays use "infosec" and "cybersecurity" interchangeably in general conversations and communications which are popular in hashtags. 

To conclude, what term should we use? I've decided to use a different term depending on the context of the conversation or communication. I will use cybersecurity when the context is national security or education. For enterprise, business, or industry contexts, information security seems to be appropriate and accepted in the community. The other terms will be used in more specific technical contexts in education and in practice.

References:

[1] https://csrc.nist.gov/glossary 

[2] https://www.sans.org/information-security/

[3] https://www.sans.org/computer-security/

[4] https://www.sans.org/network-security/

[5] https://www.sans.org/it-security/

[6] https://www.vmware.com/topics/glossary/content/application-security

[7] http://cybered.acm.org/

[8] http://nob.cs.ucdavis.edu/bishop/papers/2003-spcolv1n1/whatis.pdf  

Read More

My takeaways from The Productivity Project book

Everyone is probably interested in increasing their productivity. The book by Chris Bailey, The Productivity Project, has given me some ideas on how to do just that. Below are some of the takeaways from the book that I am currently adopting. So far, they have increased my productivity despite the pandemic.

• Increasing productivity involves managing time, energy, and attention/focus
• Rule of Threes
• List three items to do today and within the week
• Identify your values
• Know why you want to get something done.
• Determine your Biological Prime Time (BPT) 
• This is the time when you have the most energy and focus. Do important tasks during this time. In my case, my BPT is during 10am-11:30am, 3pm-5pm, 9pm-10pm.
• Limit alcohol and coffee intake
• Create a procrastination checklist
• Spend less time on important tasks
• You create an artificial deadline forcing you to focus your attention and energy
• Do the important things during your BPT
• Disconnect from the Internet and social media
• Balance structured(manager) and unstructured(maker) schedule
• Define what you need to accomplish, understand how much energy and focus you have
• Group maintenance tasks(doing the laundry, cleaning, self-care) and schedule them on a weekend
• Create a project list/notes - next action to move the project
• Develop a worry list
• Identify hotspots - portfolio of life: mind, body, emotions, career, finances, relationships, fun
• I achieve this by creating a mind map
• Can a task be done in two minutes? Do it if yes.
• Being busy is not being productive if you don't complete the tasks you set to do
• Be deliberate when doing your tasks
• Don't check your email unless you have the energy and focus to reply or act on whatever is in the email

Read More

Experiences in remote learning

Last semester was my first experience in remote teaching. Class preparation was quite different compared to when there was no COVID-19. I described the technical aspects of my preparation in a previous post. 

The semester started well and everyone is excited and hopeful. The course staff was able to release the revised course guide, videos, and other materials early in the semester. Communication with students was done using Slack and Zoom. Exercise submission was accomplished using GitHub and Google Classroom. Video materials were uploaded to YouTube. (You can check out my playlists).

Things got problematic in the middle of the semester. Typhoons started coming, internet connectivity became unstable, and personal problems arise. It was hard for us and the students to focus and hold synchronous sessions. 

We originally planned to give synchronous exams via Google Forms. Unfortunately, some students were badly affected by the typhoons so we decided to remove the lecture exam requirement. We gave the weight to the laboratory exercises which became the basis of the grades. We also relaxed the due dates of the submission of laboratory exercises so that students will still be able to submit at a later date. Interestingly, the administration released a "no fail" policy.

I am happy that most of the students were able to submit their exercises and get high grades. However, it is quite hard to assess whether they really learned from the courses and they did their tasks with integrity.

Read More