Time to look back at 2017 and put together a few things that I enjoyed.
You can read the rest of this post while playing the song below, one of the things that will remind of 2017:

1. A book: Sapiens: A brief history of humankind, by Yuval Harari.
If you want to explain to an alien who we are and what’s our story on Earth, this is probably your handbook. A lot of insightful ideas and explanations, but one that stuck in my mind was how evolution doesn’t care about the individual:

The Agricultural Revolution left farmers with lives generally more difficult and less satisfying than those of foragers. Hunter-gatherers spent their time in more stimulating and varied ways, and were less in danger of starvation and disease. The Agricultural Revolution certainly enlarged the sum total of food at the disposal of humankind, but the extra food did not translate into a better diet or more leisure. The average farmer worked harder than the average forager, and got a worse diet in return. The Agricultural Revolution was history’s biggest fraud.
The evolutionary success of a species is measured by the number of copies of its DNA. If a species boasts many DNA copies, it is a success, and the species flourishes. From such a perspective, 1000 copies are always better than a hundred copies. This is the essence of the Agricultural Revolution: the ability to keep more people alive under worse conditions.
Quote from the book on goodreads.com

2. A photo editing tool: Photolemur. It promises to edit all your photos in one click, with the help of artificial intelligence. I like taking pictures, but I was never really into photo editing. So I am happy to leave this part to AI 🙂
And the results are not bad:

3. A place: Tuscany. One of the most amazing places in Italy, which is in turn one of the most amazing places in Europe. I spent there a full week last summer and I enjoyed every day of it!

4. A game: Really Bad Chess One of the very few games I play; really smart and so addictive that I’m playing it daily. The classic rules of chess apply, but you play with random pieces (ex. you can start with 3 queens and 4 towers).

5. A movie. I did not watch too many movies in 2017. But I watched again (after 8 years) Inglorious Basterds, and I believe that the way Christoph Waltz is playing the German detective is a masterpiece. I could watch it over and over again:

6. A learning tool. I am trying to constantly learn new things. Learning how to learn is one of them. Brainscape helps me create flash cards on my laptop and study them on my phone, whenever I have a few minutes free. Highly motivating.

7. A blog: waitbutwhy.com. Even if I know it for a couple of years, it’s in 2017 when I spent lots of time reading it. The series of posts about Elon Musk are really entertaining, but you have to see them as small novels instead of blog posts. Tim Urban (the author) has a funny way of zooming out and showing you things from a higher perspective.

8. An event: In 2017 I was lucky to attend a number of interesting sports events. I went for the first time on Anfield to watch Liverpool play in Champions League, I saw Ronnie O’Sullivan winning the Snooker Masters in London, and was present to the amazing comeback of Simona Halep in the quarter finals of Roland Garros.
But the live event that I enjoyed the most was no doubt the summer Coldplay concert in Brussels. The sport events have their own way of making you feel the moment, but once it’s over there’s not too much left. But a music concert is different. The way the songs make their way into your mind turns the entire experience into something close to magic and create long-lasting memories.

9. Writing In line with one of the resolutions for 2017, I tried to write a bit more. I had a few guest posts about snooker, football and analytics on anglofil.ro and doubled the number of posts on this blog. Turns out, writing is one of the experiences that I enjoy 🙂

10. A picture: Romanian protests in Bucharest, February 2017. To be continued in 2018…

Functional requirements – what a system must do.
Non functional requirements – how the system must behave. On top of performance, usability, maintanability -> security.
CIA – Confidentiality (Privacy), Integrity, Availability + non-repudiation

Attacker levels

– kid-level: unskilled, opportunistic, bragging rights
– malware/ransomware: automated, opportunistic, financial gain
– professional attacker: highly skilled, resources, persistent, adapt to their targets
– nation state level: best skills available, big resources, goals – aligned with the country military/geo-strategic objectives

Vulnerability / exposure / security incident

Vulnerability types: bugs and flaws. Bugs – defects in the development process; could be detected by automated tools. Flaws – defects in the design process; could not be detected by automated tools.
A vulnerability does not necessarily cause an impact. It needs 2 more steps:
– Exposure: if the vulnerability becomes known to an attacker
– Security incident: if the attacker takes advantage of the exposure to perform an attack

Vulnerability assessment: black box vs white box testing
– Black box – no access to the source code, hosting environment, etc
– White box – full access to the source code, hosting, etc

Some principles:

– minimize the attack area
– secure defaults (coding and configuration)
– fail securely (defensive coding)
– give least privilege (need to know)
– multiple layers (ex. encrypted USB key, in a locked safe)
– no security by obscurity
– keep the design simple

Identification, Authentication, Authorization

Identification – who are you?
Authentication – how can you prove who you are?
Authorization – what can you do once authenticated?

Some specifics

– don’t say why the authentication failed (‘wrong username’ -> enumeration, ‘wrong password’ -> brute force attack)
– do not change data on the server via a HTTP GET request
– allow pasting passwords
– do not make the “Log out” option difficult to find
– just use HTTPS

A/B vs Multivariate Testing

A/B testing: two versions (A and B) are compared, which are identical except for one variation that might affect a user’s behavior. Total number of variations: 2. More
Multivariate testing: multiple variables are modified for testing a hypothesis. The goal of multivariate testing is to determine which combination of variations performs the best out of all of the possible combinations. [Total # of Variations] = [# of Variations on Element A] X [# of Variations on Element B] ... More

Permutations, Arrangements, Combinations

Given a set of n elements (ex – for n=3, the set is A, B, C)
Permutations: each ordered set of n elements P(n) = n!
In our example with n=3, P(3)=3!=6: АВС, АСВ, ВАС, ВСА, САВ, СВА
Arrangements: each ordered set of k elements A(n,k) = n! / (n-k)!
In our example with n=3, ordered pairs of 2, A(3,2)=3!/(3-2)!=6: AB, BA, AC, CA, BC, CB
Combinations: each unordered set of k elements C(n,k) = n! / k! (n-k)!
In our example with n=3, un-ordered pairs of 2, C(3,2)=3!/2!*1!=3: AB, AC, BC
And the relationship between P, A, C: C=A/P
Remember that for the permutations you don’t need a k! More

About learning

Learning isn’t done to you, it’s something you do. You need to take responsibility of your education. There will always be a new technology to learn, but this is not that important. Is the constant learning that counts.
Andy Hunt – Pragmatic Thinking and Learning

We all tend to learn best by doing and teaching. Active learning is a much more effective way to learn than any other way.
It seems a bit strange, but it should really be no surprise that play is a powerful mechanism for learning. […] This simple process that comes natural to us all, but somehow gets “taught” out of us, is the simplest and purest way to learn.
John Sonmez – Soft Skills

Random links:

(more…)