Football analytics: when football meets science

Written on 12 November 2017, 09:51pm

Tagged with: , , ,

I wrote a piece about football analytics in Romanian: when football meets science. It was one of the articles I really enjoyed writing and it took me over 10 evenings to do it.

Here are the top level details:

Football analytics is all about using data about previous events in order to have an indication about the outcome of future events.
It is not new: it started somewhere in the ’50 and one of the first coaches to use it was a Russian trainer called Valeri Lobanovsky, in an era where a computer was taking up rooms.
I found a correlation about the DIKW pyramid and the usage of football data:
– Data – numbers and metadata collected using manual operators, tracking devices or video tools
– Information – when data is put into context. One indicator that recently became mainstream is the ‘expected goal‘ (xG) – a percentage associated with every shot based on previously aggregated data
– Knowledge – when information is combined with previous experience. Example – aggregating information about indicators like xG (xG for, xG against, non-shot xG, xG difference)
– Wisdom – using previous levels to take strategic decision enabling competitive advantage.

The first two levels are for the football fans, media writers and TV pundits.
The last two levels are for the professional football clubs and for the betting companies. This is where the football analytics takes places and these levels can give indication about future events.

A few examples of football analytics:
1. transfers: before any transfer, the targeted player is analysed from a few perspectives: tactical, physical, technical. The modern clubs are using players databases with custom criteria in order to maximize their match rate.
2. injury prevention: by tracking the way a player runs and measuring how long his feet stays on the ground, one can evaluate the player tiredness
3. predicting outcome of future events by calculating and maintaining a club index (ex. fivethirtyeight.com)
4. penalty shoot-out: statistics showed that the team shooting first has a 20% advantage over the second team. The football governing bodies realized this un-fair advantage and recently changed the order of the shoot-out (now ABBA instead of ABAB)

In the end, football remains a random sport. Using analytics can give indications, and make the clubs better understand some questions, but it cannot (yet) give definite answers. As long as football is played by humans, the human factor will play its part and will keep football random and enjoyable.


The graphics on Fifa 16 are something else

The anaerobic threshold and training

Written on 4 November 2017, 11:52pm

Tagged with: ,

This is a continuation of this post about aerobic (low intensity) vs anaerobic (high intensity) training.
A quick review of the two types of activities:
Aerobic: the energy is created by burning fat and carbs. This produces CO2 and water (breathing and sweating).
Anaerobic: to keep up with the additional energy requirements, the body burns sugar supplies (glycogen) in addition to the carbs and fat. This produces lactic acid (in addition to CO2 and water), and when this acid is produced faster than it can be metabolized, the muscle pain appears.

The anaerobic threshold (AT) is the point where the aerobic system can no longer keep up with the energy requirements. After this threshold, the anaerobic metabolism kicks in. Because of the lactic acid production, the AT is also known as lactate threshold.

The fitter you are, the longer you can fuel your body with the aerobic system before the anaerobic system needs to take over.
Interval workouts are effective for raising the AT. For the best results, vary your workouts between aerobic work (where duration takes priority over high intensity), and higher-intensity intervals (where you will be just under or at your Maximum Heart Rate).
http://www.concept2.com/indoor-rowers/training/tips-and-general-info/anaerobic-threshold

The AT is generally linked with the heart rate.
A quick estimation of your AT is 85% of the maximum heart rate (MHR). The MHR can be in turn estimated to 220 - age. So for a 36 year old person, the MHR=184, and the AT is 157bpm. Basically this tells that once this hearth rate is reached by a 36 year old, his body switches to anaerobic metabolism.

In order to push the AT, you can either:
– do HIIT (high intensity interval training), where you alternate low intensity with high intensity intervals (aerobic vs anaerobic)
– or do ATT (anaerobic threshold training), where you train just around the AT value.

Again, these types of training are generally linked with the hearth rate. A widely used concept is the training hearth rate (THR) (some gym machines also refer to the target heart rate).
In determining the THR, the following indicators are being used:
– the resting hearth rate – RHR. It can be determined with a heart rate monitor or Apple watch right after you wake up.
– the maximum hearth rate – MHR. It can be either measured with an ECG in a controlled environment, or estimated as 220-age (other formulas exists).
– the heart rate reserve – HRR defined as MHR minus RHR

Using the indicators above, each type of training can be associated with a certain THR range:
– the aerobic training (low intensity), 50–75% HRR + RHR
– the AT training, 80–85% HRR + RHR
– the anaerobic training (high intensity), 85-95% HRR + RHR

If RHR=52, MHR=184, HRR = 132 and age=36, then
– THR range for low intensity training: 118-151 bpm
– THR range for AT training: 158-164 bpm
– THR range for high intensity training: 165-177bpm


Image: sportograf.com

Web PKI: 3 improvements

Written on 24 September 2017, 03:09pm

Tagged with: , ,

Some insights about web security from the excellent ‘Bulletproof SSL and TLS‘ book from Ivan Ristic.

– the Internet was not designed with security in mind
– the first efforts to improve this were in 1995, when SSL3 was released (by Netscape). Then TLS followed up.
– TLS 1.2 – the most recent version – was released in August 2008 (its successor – TLS 1.3 – is still under development, as of September 2017)
– the goal back in 1995 was to enable e-commerce. Today we have that (‘commercial security’), but we want much more.

One of the biggest problem with the Web PKI is the approach to certificate validation. The following improvements aim to fix that:
1. Public Key Pinning:
– addresses the fact that any CA can issue a certificate for any domain name without the owner’s permission.
– with pinning, site owners can select (pin) one or more CAs that they trust, creating their own (small) trust ecosystem
– delivered via HTTP headers (Public-Key-Pins)

2. HTTP Strict Transport Security (HSTS)
– allows web servers to declare that web browsers should only interact with it using secure HTTPS connections, and never via the insecure HTTP protocol.
– also, when an invalid certificate is encountered, it instructs compliant browsers to replace warnings with errors, disallowing bypass.
– delivered also via HTTP headers (Strict-Transport-Security)

3. OCSP stapling
– There are two standards for certificate revocation (revocation is used when the private key is compromised or no longer needed)
– CRL (Certificate Revocation List) is a large list of revoked certificate serial numbers maintained by the CA. Because of the size, the lookup is slow
– OCSP (Online Certificate Status Protocol) allows browsers to obtain the revocation status of a single certificate.
– the problem with OCSP is that the individual lookup can slow down browsing and can affect the performance of the OCSP responder for high traffic websites
– to address this, OCSP stapling allows each server to embed an OCSP response directly into the TLS initial handshake

In the end, do not forget that the current Web PKI is controlled by 2 actors: Certificate Authorities (interested in profit) and browser vendors (interested in market share).

Neither group has strong security as its top priority, but they are not necessarily to blame—at least not entirely. They won’t give us security until we, the end users, start to demand it from them.

Update 10 October 2017: I have just enabled HSTS here. Inspired by Troy Hunt.