Tuesday, October 27, 2009

A different kind of interface

Very cool concept with regards to streetlights. Instead of lights shining everywhere, consider this:

The lights are going down in Toulouse. Tomorrow early-rising residents of the Allée Camille-Soula in the south-western French city will have set out to work with the morning gloom held at bay by radical new technology which turns on streetlights only when pedestrians pass.

Installed on a 500-metre section of pavement last weekend, the lampposts double the strength of the light they cast when they detect human body heat. Ten seconds later they revert to normal.

Cool concept. Light pollution and in general light usage at night is quite fascinating.

Tuesday, September 15, 2009

Next computer?

Well, looks like my tablet might need to get an upgrade some time in the near future. I'm sure everyone in the System Interface Class would appreciate a boot time measured in the seconds rather than minutes.

Too bad our IT policy probably prevents me getting one but then again, there might be some sort of a research reason :)

Hat Tip Gizmodo

Thursday, September 3, 2009

Wicked cool enhanced VR glasses

Very cool video from BMW about enhanced virtual reality glasses for mechanics. I doubt this will be making its way out soon but cool to ponder something like this for say home yard machine repair (mower, trimmer, etc.).

Link to Gizmodo

Wednesday, August 19, 2009

Surface Trip to Ball State

Recently, a group of staff traveled to Ball State for a mini-conference on the Microsoft Surface to see what the various groups were up to. There were attendees from Ball State, Notre Dame, and Ohio State. Eric Morgan from the library recorded a video of the various aspects of the Surface.

Saturday, August 15, 2009

Surface control of the home

A bit pricey at $10k but very cool immersive app that allows the surface to use a camera to then control all of the various gadgets in the room. Might be a fairly cool app to try to duplicate as part of the course.

The approach, Cristal, uses gestures to control the various devices and I am assuming, a fair amount of under the hood operation to get things going. It would be very cool if you could blend a limited range Bluetooth to automatically discover devices but the camera input is a bit more intuitive, i.e. I see what is in my room and then can manipulate it.

Hat tip to Gizmodo

Wednesday, August 5, 2009

Touchable Holography

From SIGGRAPH 2009, touchable holography using a combination of convex mirrors (for the holography), Wiimotes (for hand position detection), and point focused ultrasound (for the sensation of touch).


That is wicked cool!

Tuesday, August 4, 2009

WPF Line Graph Control

Very cool line graph control that automatically scrolls operating strictly in WPF


As part of our ramping up for using the Wiimote as a rehabilitation tool, I have been toying with the WiiFit board. Beyond the initial snafus getting Brian Peek's WiimoteLib to work with WPF, it has been relatively smooth sailing since then.

In particular, the weird threading model of WPF and the WiimoteLib was one of those undocumented / magic fixes that seem to crop up every once and a while. Fortunately, several of the example apps with WiimoteLib were fully built in WPF demonstrating how the dispatcher needed to be used to preserve thread safety.

Sunday, July 19, 2009

Public vs. Private Firewalls

Got a bit distracted getting our Microsoft Surface devices up and going. While initially ambivalent about Windows Presentation Format (and its quirky XAML), I am starting to warm up to it. More on that later.

On a very cool note, we recently got our paper on public versus private firewalls accepted into NPSec 2009, a workshop at ICNP. We had a very near miss at HotSec which was a bummer but very good feedback / discussion with the chairs which helped on our shorter submission to NPSec.

In short, the paper tries to debunk the myth that private firewalls are better. The fact that this security through obscurity of private firewall rules has long been a pet peeve of mine but I have not had the math skills to do a reasonable argument beyond random, flailing hyperbole. Enter my graduate student Qi who was willing to try to prove the ramblings of his advisor. With his wife, they constructed a very nice game theory concept showing how private firewalls are lose, lose, lose across the board.

Think of the debate of public versus private in the following manner. Private firewalls back in the day could be argued to provide a reasonable defense. Inference of private rules would take time and would create a glowing, red beacon that one's network would soon be under attack. Beyond exposing oneself or small number of compromised machines, it was not easy back in the day to conduct said inference.

Contrast that with the scenario of today. Botnets are out there and are dirt cheap with massive volumes of machines. Scanning now can be done quite discretely with "disposable" hosts for folks that are more than likely extremely patient enough to wait a few hours or days for the rule inference.

Hence, what do you get from private firewall rules? You get distributed applications being a pain to debug due to how firewalls are typically configured as black holes. Moreover, distributed applications are not going away nor is the next distributed pattern likely to be easy to predict. Thus, one is paying valuable employee or system administration time tracking the problem back to the firewall. Is it your firewall? Is it my firewall?

Certainly, there are a slew vendors that would help you with that task. But why do we even need to go through that? Unless the scanner (bad guy) has some sort of ADD and can't wait just a little bit for a result (perhaps for terrorism / cyber-warfare with state-vested interests might be an exception), there is absolutely no gain to be had with the private firewall rule setup.

The paper has some nice explanations via game theory why this is the case. Moreover, while not listed in this paper, they also derived results that show if you can selectively lie, it can be used as an insurance to actually improve the overall system which is very cool. The partial truth / untruth could be used as an enhanced honey that draws attackers into a honeypot or other system.

Reactions from pitching this to various folks has been an interesting illustration in and of itself. Folks that work in security tend to instinctively flinch while folks that work in systems tend to be intrigued by it. Then again, I would add the caveat that I think that NATs are probably one of the most important security technologies :)

Tuesday, June 30, 2009

Gearing up - yet again

Finally, I'm back again after a very, very long hiatus. Tenured (whoot) which means that I can post a bit more freely now.

Should have weekly updates in preparation for this becoming a course / technology blog once again.

Wednesday, February 25, 2009

Firewall Complexity

It appears that our work looking at firewall complexity in the most recent ISSA Journal is nicely coinciding with work being done in industry. Secure Passage just released a survey coming to roughly the same conclusions that we did albeit focusing primarily on Fortune 1000 companies whereas our survey was more broadly based.

Of particular note, the top two most shocking findings from the Secure Passage report:

Top 10 Shockers Revealed by Respondents:
1. 73 percent think firewall rule bases are too complex or out of control
2. 59 percent feel that a lack of management tools makes policy management difficult

Living firmly in the land of academia and hence being able to speak from the ivory tower, these works should be a huge wake up call for how security research should proceed. All too often in security research, the perfect becomes the enemy of the good but I think researchers forget that easy to use security (yes, Virginia there is such a thing) offers a huge benefit to the overall health of the Internet ecosystem. Certainly, there is a need for high end, complex systems such as for DARPA / etc. but by in large, complexity is not a friend of security.

Moreover, I do not think the problem is one of building a better interface for the existing tools. It is a general philosophy where complexity is viewed as an informal indicator of correctness or completeness. Unfortunately as my students can attest, try publishing something novel but not terribly complex and the results are often less than heartening. Perhaps that is best left to industry but certainly these surveys attest to the security elephant in the room that we know things are bad and really can not do too much about it*.

Hat Tip: Athena Security which has a tool for improving firewall complexity Athena FirePAC

Wednesday, February 4, 2009

Front page baby!

Very cool, our journal article looking at firewall management practices managed to make the cover of the ISSA journal. My student Mike Chapple did a very nice survey of current firewall administrators and IT managers to determine what self impressions administrators had of the correctness of their firewall configurations.

The short / sweet version is that firewall configurations are likely wrong and we know it and things are not getting better. System administrators are swamped and hoping that nothing major goes wrong. For those of you in the security business, I highly recommend using it as justification for a better raise or for hiring new people.

On spam and publicity

As one transitions later in the world of academia from naive, newly minted junior professor to slightly older but still naive junior professor, the opportunities for service become quite numerous. Recently, I have served / am serving as the track chair or publicity chair for several conferences. After having surveyed the landscape for various lists, I have several definite preferences. Keep in mind that this is network-centric and individual experiences may vary.

- The DB World and ACM SIGOPS method are very, very cool. Plug in conference info into a web form and voila, instant posting at an easy to recall location.

- The WTC form is not a bad outlet with the web output being checked before being sent out. This is nice but the form needs a bit of work as it could very easily send out multiple copies.

- The good old standby of tccc is slowly getting over run with everyone and their brother advertising Calls for Papers. Being a member of the list and being in the position of track chair and publicity chair, I have seen things from every angle. Not getting enough papers or getting nervous, one more CFP into the void. *sigh* yet another CFP from that same conference, yeesh.

There is a fairly cool effort that my recent spamming on lists as publicity chair for a conference must solicited an e-mail, WikiCFP. Looks cool and yes, we will be posting our conference there too.

PS For any publicity chairs in the networking area, send me a note and I can give you a definite run-down of pretty much all of the major mailing lists :)

Thursday, January 29, 2009

I still function

Very cool site for those of you in academia needing to cull the newest fad of the h-index from Google Scholar.


The quick explanation of the h-index is that you have h publications with at least h citations. In other words, an h factor of 3 means you have 3 publications with at least 3 citations each. A h index of 25 means 25 publications with each of them having 25 citations a piece.

Who knew I had an h-index of 11? Web of Science, the normal index for such things give me a 4 but they are heavily journal-centric. Pretty sweet and I should have put that in my tenure package.