Intellectual Ore

Today, I received a letter of acceptance to graduate school at the University of Illinois.

Last fall, almost a year ago to the day, I sent an email asking Prof. Steve Lumetta if I could speak with him during the upcoming week. Come Thursday, I found myself sitting in the weekly 5pm staff meeting with the usual suspects: Greg, Kirsten, Ali, Danny, and everyone else. In retrospect, I stayed with ECE 190 in large part due to the number of high-quality acquaintances I made as a lab assistant for that course. The meeting adjourned around 6pm, and I found myself standing in the hall with Prof. Lumetta or “Steve”, as he always insisted that we call him.

“You wanted to talk to me?” We sat down in his office.

For the next 45 minutes, I was engaged in the most direct, hard-hitting talk I’d had in a very long time. As anyone who has dealt with him would tell you, Steve has a very distinct way of dealing with people that is academically colloquial, yet demanding in a quasi-parental way. Steve is the most intellectually honest person I’ve ever met, which depending on the circumstances, can be a needed breath of fresh air, or the last straw which pushes someone over the edge on a bad day.

That Thursday, he did not mince words about my future.

“I think I might be interested in graduate study here.”
“Really? That’s great to hear. What’s your GPA?”
I told him my GPA.
“Dave, that is too low. What are doing?”
“Well, I’m doing a lot. For one, I’m trying to help teach this class. I’m also trying to run the finances of a 101-person organization, which requires that I go around collecting about 2000 dollars from 101 people. I’m also trying to find a job…”

My phone rang.

“Dave, you have a problem. When I first met you, you seemed very bright to me, but you have a tendency to overcommit to things.”
“I’m not going to argue that - but every single person I meet here, every graduate student, professor, everyone, also seems to be really busy all the time.”
“Well, that may be, but how can you expect to get anything done when people are dinging your phone all the time? You have to learn to say ‘no’ to people.”
“Well, it’s hard. When I say I’m going to do something, I really mean that I’m going to do it. But then stuff comes up, and I end up practically killing myself to deliver on all the committments that I’ve made. How do you manage this?”
“When someone asks me if I can do something, I default to telling them ‘no’, unless it’s something very important. Either way, I don’t tell someone that I’ll do something for them without taking time to think through what that committment entails. You have three semesters teaching this class, but you’re still a lab assistant. After your third semester doing this, I spoke to Wen-Mei about the possibility of lettinng you teach a class, but we agreed that you probably wouldn’t put adequate preparation into putting together the material to handle giving a lecture yourself. So we chose Greg instead of you, even though he has less experience.”
…
“So what can I do at this point? Is this just entirely hopeless? I’ve interviewed with a bunch of companies, and that’s going nowhere. Should I just give up? Go crawl under a rock and die? What are you suggesting?”
“I’m suggesting that you get your act together. I can get you into graduate school, but you have to convince me that it’s what you want to do.”
“And how should I go about that?”
“Get A’s next semester. All A’s. Go get a 4.0 and then I’ll be able to tell the committee that you had gotten bad grades, but there was a step-change in your work ethic and attitude toward school.”
“I understand.”
…
“So what are you interested in anyway? If you want to get into graduate school, it helps to have a specific idea of what you’re going to study.”
“Well I’m interested in engineering, but more of the operational issues than developing new products.”
“Have you considered studying security?”

After that conversation, I was probably the most depressed I had ever been in my life. I was in the middle of an unsuccessful job search, and having been rejected by Amazon. Accenture, Citadel, Morgan Stanley, DRW Trading, Infinium, DE Shaw, Microsoft (where I had done a successful internship), and more, hearing that I probably wouldn’t be able to get into graduate school was the last thing I needed.

I finished that semester with a 2.6. This academic train wreck was largely due to the amount of travel I was forced to do as part of my job search. I was also taking a very demanding class load, with ECE 411 and CS 418 both requiring major projects, and the fact that I still lived in the Evans Scholar house didn’t help, either.

So I decided to study computer security.

Over winter break, I spent a lot of time reading about computer security. I spent at least a week straight reading articles about everything from encryption protocols to buffer overflow exploits. It was also over that break that I registered this domain, and unsurprisingly, I also started using GPG to sign my email. I wanted to take a class in security, so I registered for ECE498IA, “Introduction to Information Assurance”, taught by Nikita Borisov. I decided to take a look at his work, and found that he had published a huge body of research on privacy-enhancing technologies, encryption, and network security. I recall staying home one night during our ski trip to Crested Butte that winter, and reading Nikita’s paper on Off-the-Record messaging.

The semester after break almost killed me. I took five classes: German, Programming Studio, Fundamental Mathematics, Computer Networking, and Information Assurance (Nikita’s class). I again was taking two project classes. Stephanie had also decided to study abroad in Vienna, which further complicated things as her time was seven hours ahead of mine. Fundamental mathematics was a majors-track math course that concentrated in formulating correct formal proofs of various mathematical ideas. Programming studio required completion of a project every week which typically took 10-12 hours to complete. Computer Networking was taught by a sadistic PhD graduate student who expected the entire class to share his love of the topic - spending 30-40 hours on a two-week project wasn’t uncommon. Additionally, my partner in networking was a graduate student who considered 4pm-12am “normal sleeping hours” and would regularly call me at 11:30pm on Friday nights to come to the lab and help him. On several Saturdays, I spent 12 straight hours in the networking lab, leaving only to get lunch and dinner. I didn’t even go out most weekends because I was so tired and sleep-deprived that I just wanted to spend the weekends in bed - but I couldn’t, because I had 3 meal job shifts on Friday, Saturday, and Sunday night. Most weeks, I spent 6:30pm-12:30am Monday-Thursday programming. It was hell.

German and Information Assurance were my two saving graces. German was the most fun class I’ve taken in a very long time, and was a welcome release from the day-to-day pressures of engineering education. When I traveled to Germany and Austria over spring break, practicing my new German skills with native speakers was incredibly fulfilling. Something as simple as saying, “Ich möchte nach Flughafen gehen” - I would like to go to the airport (to pick up Stephanie from her flight from Austria) - was incredibly satisfying. I went out of my way during that trip to speak as much German as possible, and even conversed (or tried) in French, with a guy we met in an absinthe bar in Berlin. Being able to speak two foreign languages, even at a rudimentary level, is absoutely awesome.

However, taking Information Assurance was what ultimately got me on track for the future. I loved Nikita’s lectures. He’s one of the most friendly professors I’ve ever met and is incredibly knowledgeable about a vast array of topics. He was responsible for the “off the record” protocol implemented in Pidgin (formerly gaim), worked to crack 802.11b, and is currently working on various issues in electronic privacy. One day in the course, Nikita advertised a new “ITI Internship Program”, a 10-week summer program designed to get undergraduates work experience.

I applied to the program and was accepted. My graduate career began the day I was selected to ITI. I worked over the summer to improve the state of network intrusion detection, and met a ton of interesting people in Nikita’s group. I was offered the chance to follow up this work during the school year, and gladly accepted.

I finised the semetser with a 3.87.

And now, I have an office at CSL. I’m part of the security reading group, and our research group (”Hatswitch”) has recurring meetings on Mondays to discuss recent research. It’s been a pleasure to work with Hatswitch. The people are absolutely first-rate, and I love my project: research in developing a language and system for vulnerability-specific filtering.

I hope that my readers can find inspiration in the story of my path to graduate school. This has been the most challenging life of my year, but I’ve accomplished a lot and met tons of interesting people.

I harbor no delusions about how I got here, and it was not alone. I owe debts of gratitude to the many excellent people that have been a part of my life over the past year. Foremost, I’m thankful for such a supporting, caring girlfriend that has been a continuous source of encouragement, even when times were rough. I’m also thankful to Steve Lumetta, for setting me straight a year ago. I’m thankful to Nikita for having faith in me, and for Bill Sanders, for his guidance on our project and his continued high professionalism. All three of these gentlemen go far beyond their professional duties in providing guidance to students, and they all wrote me recommendation letters which no doubt decided my application. I’m also thankful to the many friends that have provided conversation and support, in particular my roommate of 3 years Dan Garcia, and various members of the “Nerd Herd”. Kurt, I still feel really badly about hitting you in the face on the ski trip last year; I hope time can heal that.

More than anything, I’ve learned that there is no force so great as ironclad conviction to a goal, no matter what that goal might be.

Thanks for reading.

Just seen on economist.com:

THE September 29th issue of the National Journal, an inside-the-Beltway magazine, contains a striking news item. Hillary Clinton has quietly signed a deal with the University of Illinois to house her presidential library. The university will put up $15m to help finance the construction and operation of the huge building on its Urbana-Champaign campus, close to where Hillary Rodham was born.

This was, of course, a joke—but it contains a serious point. The political establishment is betting heavily that Hillary Clinton will become America’s next president. And it has reason. Mrs Clinton is way out in front of the Democratic field. The latest Washington Post/ABC News poll puts her 33 points ahead of Barack Obama and 40 points ahead of John Edwards. She raised $22m in the last quarter—more than Mr Obama at $19m and much more than Mr Edwards at $7m. The once-mighty Republican Party is a shadow of its former self, divided not only about who should lead it but also about where it should go. Intrade, a pay-to-play prediction market, shows a 36% chance of the Republicans holding the White House alongside a 12% chance of them taking the House and a 7% chance they might take the Senate.

Maybe I should do a PhD in Europe…

My phone rang a little after 9pm tonight. I saw a phone number - meaning that my phone’s directory didn’t recognize the caller - from the 847 area code. Maybe it was someone from home, calling me about the recent car accident? Perhaps a friend from high school, or a college friend calling from a new cell phone?

“Hey Dave - you’re never going to guess who this is.”
“No, it sounds familiar, but I’m not sure.”
“It’s Bill Russell.”

I lived with this guy for almost 2 years in college, and we hadn’t spoken in nearly 3 years.

This made my night.

Recently, I’ve had a lot of conversations about how people do calendaring and email. I’ve emailed friends, talked to many students at uiuc, and even chatted with a few professors regarding their management of “Outlook data”: email, calendar, address book, and tasks/todo.

I’ve been trying to find a system offering the following features:

• Not a web app.
  1. I’m tired of handing my personal information hand over fist to random companies. In the past month, facebook announced plans to become searchable using Google searches. What’s more, I’ve read that facebook is in talks to further mine personal information for use in targeted advertising with employers and other commercial interests. To me, having an “opt-out” policy on this kind of targeted advertising represents a gross and unreasonable invasion of privacy. I want to be the exclusive owner of as much of my personal data as possible.
  2. Web apps’ user experience isn’t comparable to desktop clients. Google is proud of their “half-second” user experience guarantee, which is great for a networked application, but it’s still an order of magnitude slower than a native client-side app. Furthermore, I want offline caching of data, so that my access isn’t contingent upon being connected to the Internet. I like to read my mail / plan things on trains and buses.
• First-class support across Windows and Linux. I have three computers (2 Windows, 1 Linux), and on an average day, I use all three of them for at least an hour each.
• Support for full client synchronization of all stored data.
• Windows Mobile 5 synchronization. Having all this data available all the time is a real plus. I might change over to Symbian eventually, depending on what my next phone runs.

After a few months of searching, I think I’ve found a candidate system:

• Platform: Thunderbird 2.0 with remotely-hosted IMAP (1and1.com)
  • I’ve used Thunderbird as my primary email app for a few years now. It’s really a solid piece of software. The uncluttered design and overall snappiness are a real relief after being subjected to Outlook 12 (a.k.a. 2007)
  • The Mozilla products offer unrivaled cross-platform support. It really is a feat of engineering (both software and release engineering) to have such a consistent user experience across OS X, Windows, and Linux.
• Thunderbird Lightning for calendaring.
  • If you’re into Google’s way of doing things, check out the provider for google calendar add-on. It bidirectionally syncs lightning with google calendar. I used provider for about a month and a half, but it doesn’t cache data locally which makes for a lot of waiting while it goes to the server to retrieve all your data (every time you pull up your calendar). Also, provider is a bit rough around the edges when it comes to recurrences, and since I use a lot of these, this solution didn’t quite work out for me.
  • A war story: Lightning was a real dog to get running on my Gentoo Linux machine. Since Gentoo likes to compile everything itself and Lightning runs directly on the metal without a VM, the default Lightning distribution didn’t play nicely with Gentoo’s build of Thunderbird. To make Lightning work, I was faced with the choice of (1) installing the standard build of Thunderbird on Gentoo, or (2) building a custom Lightning package on Gentoo. I started building Lightning from source, but it wasn’t the easiest thing to do - in the interest of time, I eventually installed the binary distribution of Thunderbird from Gentoo’s portage tree. The slashdot crowd insists that Linux is coming to the business desktop any day now; after what I had to go through to make a calendar work, it’s fair to say that those guys need to have their heads examined. (”Yeah. Mom? You have to set up your CVSROOT variable to point at the mozilla pserver so that you can check out the latest nightly of Lightning, then run dot-slash-configure, and make - wait, configure needed an “application option”? Damn, I always forget that!”)
• SyncKolab for cross-machine sync
  • SyncKolab uses an IMAP store as a sync conduit for calendar/contacts/tasks. Initially, it wasn’t synchronizing my stuff correctly, but I think attempting to synchronize using outdated IMAP data (not current with the server state) was causing the inconsistent behavior. If you use synckolab, make sure your IMAP folders are all current before you try to synchronize. It seems to work find when everything is updated.
  • Synchronization should trigger an IMAP fetch automatically; I’m going to file a bug on the project.
• BirdieSync for mobile device sync.
  • Commercial software for synchronizing Thunderbird/Lightning with WM devices. It costs about $25, and I’ve heard great things from many places on the web. Send RMS my apologies for paying money for software that works. (gasp)

I’m really pleased with all of this stuff so far. I’ll be sure to continue writing about my experiences with my “bubble gum and duct tape” system as time goes on.

Andrew Rawlings on Hillary Clinton’s impending presidential win:

You’re going to vote for the Hildebeast?

I’m taking AE 498 MPA with Prof. Tim Bretl this semester. On Monday, we demonstrated our first piece of work for the class, an application which (1) took measurements using GPS, (2) used a recursive estimator (Kalman) to continuously update our estimate of position, (3) determined the total path traveled while the application was running, and (4) displayed a real-time plot of the path taken on a map of the campus. Our application was the ugliest Python hack ever written. After writing a few thousand lines of code, I can say that I am not a fan of “whitespace-significant” languages, but this isn’t going to become an argument about which language is best.

Consumers always fault electronics companies for not giving them the features they want. What’s often absent from these discussions is an appreciation for the enormous amount of foresight required to correctly guess what features will be in demand, while a product is still on the drawing board - often a year or more before the thing actually ships. To put things in perspective, meteorologists have a hard time foretelling the state of a well-studied physical system one day in advance; just try asking one of them if it will rain 14 months from today. ebay paid $2.6 billion for Skype about a year ago - perhaps that didn’t quite pan out?

What’s certain is that players in the mobile industry are starting to make bets on locationally aware services. A quick scan of a few message boards reveals that some believe Nokia is going after handheld navigation units, Garmin’s traditional bread and butter, but I feel this view misses the big picture.

Potential uses for location-based services:

• I’m in a large city - where is the nearest parking structure with availability?
• I want to go to dinner. How far away is the closest pizza joint?
• I run a repair business with 5 roving vans. Which of them is closest to the next job site?
• Are there any friends within 100 meters of my current position?
• I’m at a theme park - where are my kids?

Navigation is just the beginning…

This just in, from Somafm:

We’ll miss you, Miss Moneypenny. 30-Sep-07

In other news, I was involved in a car accident today. After a round of grocery shopping at the Champaign Meijer, I was heading south on Lincoln Ave in Urbana. I stopped to make a left turn, and a gentleman driving a 1994 GMC truck drove his vehicle into my rear bumper. I was about two blocks and 30 seconds from being home. It was quite a pleasant experience overall (as accidents go), and I think that if I would have met the gentleman in the truck under more hospitable circumstances, I would have enjoyed his company. Everyone, including the reporting officer and the other driver, was very friendly about the whole thing, even though the officer issued the other driver a citation for Failure to Reduce Speed to Avoid an Accident.

“Sorry honey, I failed to reduce my speed to avoid an accident today. I’ll try not to do it again.”

Deductibles suck.

While at the Meijer:

Girl 1: “Fig Newtons! Aren’t these healthy?”
Girl 2: “I don’t think so, they still taste really sweet and sugary.”
Girl 1: “It’s not about eating healthy, it’s about substitution!”

yeah…

I presented “Safecard, a gigabit IPS on the network card” (de Bruijin et al.) today for our security reading group. It wasn’t received as well as I had hoped, possibly due to today’s lower-than-average reading group attendance. In any case, it’s a personal favorite and is important to the work I’m doing with Nabil in Prof. Borisov’s Hatswitch group at ITI.

Current intrusion detection systems have a narrow scope. They target flow aggregates, reconstructed TCP streams, individual packets or application-level data fields, but no existing solution is capable of handling all of the above. Moreover, most systems that perform payload inspection on entire TCP streams are unable to handle gigabit link rates.

We argue that network-based intrusion detection systems should consider all levels of abstraction in communication (packets, streams, layer-7 data units, and aggregates) if they are to handle gigabit link rates in the face of complex application-level attacks such as those that use evasion techniques or polymorphism. For this purpose, we developed a framework for network-based intrusion prevention at the network edge that is able to cope with all levels of abstraction and can be easily extended with new techniques. We validate our approach by making available a practical system, SafeCard, capable of reconstructing and scanning TCP streams at gigabit rates while preventing polymorphic buffer-overflow attacks, using (up to) layer-7 checks. Such performance makes it applicable in-line as an intrusion prevention system. SafeCard merges multiple solutions, some new and some known. We made specific contributions in the implementation of deep-packet inspection at high speeds and in detecting and filtering polymorphic buffer overflows.

one of my friends, on the possibility of starting a distributed backup project:

interesting.
alot of users dont have that kind of bandwidth though. like getting a gigabyte uploaded is a pretty big deal for alot of people. Also, most ISPs have bandwidth limits per month and you are starting to see more packet prioritization with services like voip and bit torrent.

i say we start a massively distributed porn torrent system called tit torrent.

–mja