Dune

September 5th, 2010

Author: Frank Herbert

I was pretty embarrassed about not having read Dune as a teenager, seeing how it’s one of the Sci-Fi classics. I finally decided to check it out because a bunch of my friends told me it was indeed really good. After reading it, I whole-heartedly agree with everything I’ve heard. Not only is the story line unique and intricate, but Herbert paints a vivid picture of fictional landscapes, provides rich character development and all around pretty solid writing.

The book centers around a boy, Paul Atriedes, the son of Duke Leto Atriedes. The Duke is urged (forcefully) by the Emperor to take control of the desert planet Arrakis from the Harkonnens, who are supposed to relinquish power voluntarily. Without getting into to many details, Paul ends up living with the natives (the Fremen) and eventually becomes the religious and political leader of their tribes. The later half of the story revolves around his attempt to regain power of Arrakis in spite of the Harkonnens and the Emperor, who are both trying to dispose of him. I don’t really want to get too much into the plot because if you haven’t read it I don’t want to give it away, so instead, just go read it.

Dune kind of reminded me of Lord of the Rings in that Herbert has created this really detailed world, complete with religious history, clashing cultures, and governments and all of these aspects of his world come out in the novel. I really look forward to reading the rest of the books in the series and getting to see more of Herbert’s world.

Food Rules

August 21st, 2010

Author: Michael Pollan

Michael Pollan is a health food specialist and a Professor at UC Berkeley (which is cool). He has written a few books about healthy eating and many of them have been NY Times best-sellers. My mom introduced his books to me and I read “Food Rules” on my flight to Pittsburgh. It’s a really quick read, really more of a list of advice for eating properly, and while I think it is really hard to follow all of his rules, they are ultimately good things to keep in mind when you’re buying groceries and eating.

Pollan’s mantra is: “Eat food. Mostly plants. Not too much.” The book is divided into three sections corresponding to each of these sentences, and provides a bunch of rules that help clarify the statements. The first section is filled with rules about eating real food, things without artificial additives and whatnot. His advice ranges from things like don’t buy foods with ingredients you can’t pronounce or with more than 5 ingredients, to shop at the borders of the grocery store (because that’s were the natural stuff usually is. The second section instructs you to eat mostly plants or to make your meals predominantly vegetable-like, cut down on meat intake, and snack on fruits rather than cookies or junk food. In the last section, Pollan gives advice on how to eat: eat lots of small meals, stop eating before you’re full, etc.

I pretty much agree with all of the rules, but at the same time, I find it really hard to follow all of them. I would have to invest a lot more of my time into cooking and buying groceries, in addition to increasing my spending on groceries (to buy organic etc.). As a busy grad student, I think it’s hard to follow all of the rules, but they are definitely something to keep in mind.

Six Not-So-Easy Pieces

August 19th, 2010

Author: Richard Feynman

After the success of “Six Easy Pieces,” the publishers decided to find another set of Feynman’s famous “Lectures on Physics” and release them as a book. These lectures cover much more advanced topics (things that I haven’t ever studied), but things that one should definitely know about. The topics are: vectors, symmetry, the special theory of relativity, relativistic energy and momentum, space-time, and curved space.

While these lectures are definitely more math-intensive than the previous 6, Feynman still does a great job of explaining these advanced physics topics through extensive use of analogy. I for the most part glossed over a lot of the math, but still was able to uncover the main takeaway: the ideas about relativity, the relationship between space and time, and how matter perturbes space-time.

Like the previous lectures, this is a pretty quick read. If you haven’t taken advanced physics, I think it’s worthwhile. Otherwise it’s probably material you’re already familiar with, but it is still interesting to see how Feynman presents the material.

Recently Read Books

August 17th, 2010

Recently, I realized that I don’t remember things unless I write them down. I probably should have made this realization years ago, but I guess now is as good a time as any other one, especially considering that I’m just starting my Ph.D. The same realization prompted me to start writing a lot more about the books/papers I’ve read, resulting in this blog post. Below is a list of some of the books I’ve read recently, along with some of my thoughts/takeaways from the books.

  • Atlas Shrugged – Ayn Rand I think a lot of people have read or at least heard about Ayn Rand and her ideas about objectivism. Atlas Shrugged is one of her books with objectivism as a primary theme. It’s about this woman (Dagny Taggart) who is an executive at a Railroad company in a dystopian/post-industrial society. In this society, all of the heads of industry are afraid to take positive actions for their corporations as the government begins to exert more control on industry. John Galt, another protagonist, is disgusted by this shift in society, and he leads a strike where all of the most innovative and productive industry leaders refuse to produce for the country. This strike basically stops the production of the society and brings economic and social collapse, resulting in a new world where the producers are not held accountable by the government and society.
    The idea of objectivism is certainly an interesting one; the idea that selfishness at the granularity of the individual is beneficial for society as a whole. Actually, this is also a theme of The Selfish Gene which I also just recently read (see below). I’m not sure if I subscribe to the tenet of objectivism, because it ignores any sort of morality or ethics. It really reminds me a lot of what’s going on in the financial crisis (especially the Goldman Sachs thing). Because of this ability to unconscionably exploit others, I don’t really agree with the objectivism ideas.
    Atlas Shrugged is a good, albeit long, book. If you haven’t already, I definitely recommend reading it.
  • House of Leaves – Mark Danielewski Danielewski is a post-modern fiction writer who has a very unconventional approach to writing. His books are as much a visual experience as they are a literary one, where the shape of the text reflects the actions and plot of the story (i.e. if people are climbing down stairs, then the text on the page will also visually resemble a staircase). House of Leaves is a novel about a man who reads a book about a documentary about a mysterious house in Virginia. Johnny Truant (maybe the protagonist) stumbles upon the manuscript for a book about this documentary called The Navidson Record. Throughout the book, Truant reads and transcribes the manuscript, but as he does so essentially goes crazy. He is one of the narrators of the story, and he tells the reader about some of the events in his life, especially the ones that demonstrate how the book has changed him
    A large majority of the main text of the book is the manuscript that Truant finds, and indirectly about The Navidson Record. The readers meet the Navidson family and follow them as the move to a new house in Virginia and discover some of the peculiarities of the place. Apparently the documentary has been incredibly well-studied, and the manuscript is an amalgamation of the material published about the documentary, although it seems that the manuscript’s author has in fact seen the documentary himself.
    House of Leaves is a really great read. It’s probably one of the best books I’ve read in awhile and I highly recommend it. It’s interesting, bizarre, and an altogether entertaining read.
  • What I Talk About When I Talk About Running – Haruki Murakami I read this in the fall and it was a quick easy read. It’s a memoir of a Japanese American writer/runner and it recounts some of Murakami’s more strenuous runs, such as the NYC marathon, running the original marathon route in Greece, and a 62 mile ultramarathon. It also serves as his training diary and is motivational in the sense that this man does not even dream of giving up running. He runs almost daily and inspired me to keep running whenever I get the chance. It’s a pretty short book and if you’re a runner, it might be worth the read.
  • The Selfish Gene – Richard Dawkins I’m a big Dawkins fan. I read The God Delusion sometime in 2009 and thought his arguments were interesting and thought-provoking. The Selfish Gene is my second Dawkins book and I liked it a lot more than this previous one. It might be because I’m more into science and biology/evolution, but I felt like he knew more of what he was talking about in The Selfish Gene than in The God Delusion.
    The thesis of the book is that individual genes are inherently selfish in nature. This means that they are only concerned with ensuring their survival and increasing their prevalence in a population. His thesis does not mean that individuals are selfish, in fact he provides many examples of how altruistic behavior at the granularity of individuals can arise from selfish behavior at the granularity of genes (meaning that altruistic behavior may be in the best interest of genes looking to spread through a population). The book touches on a range of topics including basic evolutionary game theory, mendelian inheritance, and population genetics. Dawkins also peppers the book with concrete examples from nature that illustrate his points, and I think these examples ground the book in reality and really drive his points home.
    I really liked this book. If you’re interested in evolution, genetics, or, more broadly, science, it is definitely a worthwhile read.
  • The Dip – Seth Godin On our way to Europe, my friend, Arvind, was looking for a book to read on the plane and he picked up The Dip at the airport. After our flight to the East Coast, he gave me the book and said that it was the worst book he’s ever read. As I was curious about what the really entailed, and because the book was really short, I asked if I could borrow it and read it. He gave it to me and said something along the lines of, “Keep it, I never want to see it again.” Anyway, I read it on the next flight and for the most part agree with him. The book is really terrible.
    The thesis of the book is that people should strive to excel anything they attempt. Moreover, on the path to excellence, one will invariably encounter some incredibly difficult challenges. Godin’s main point is that there is no point embarking on the road to excellence if you are not willing to overcome those challenges. He calls the challenges “The Dip” and says if you’re not willing to put in the effort to get yourself out of the dip, then you’re just wasting your time.
    While I for the most part agree with Godin, I didn’t really need him to tell me it, let alone waste an hour of my life really drilling this point in. I think it’s pretty obvious that it’s really difficult to excel at anything and I also think that in most aspects of life, you need to strive for excellence (I admit that I have hobbies that I’m perfectly ok with being mediocre at, and I disagree with Godin when he tells me to drop these hobbies). The reason Arvind and I disliked the book so much was that he didn’t tell us anything we didn’t already know. Therefore, I cannot recommend the book.
  • Six Easy Pieces – Richard Feynman I read these physics lectures on the plane as I moved to Pittsburgh and for the most part really liked them. Feynman is really good at explaining physics concepts in an easy-to-understand way, and without using a lot of math. The lectures in the book cover the basic ideas of physics, gravitation, different forms of energy, and a brief introduction to quantum mechanics. I’m pretty familiar with most of the concepts he presented, but I definitely got something out of how he presents the ideas. His presentation is more of an exploration of ideas, where he talks about trying various experiments and drawing conclusions from them. I think this is an interesting and really great way of presenting physics because after describing the outcome of an experiment, the student can pause and try and draw conclusions for himself. Most textbooks just present facts/equations and don’t give the student the opportunity to extrapolate and learn on his own (which I think is a much better way of learning)
    I especially liked his lecture on quantum mechanics which talks about the double-slit experiment and how light/electrons behave both like quantized particles but also like waves. He describes several experimental set-ups and their outcomes and shows the reader (as opposed to telling the reader) that light behaves both like discrete particules and like waves. He concludes with Heisenberg’s uncertainty principle and with an experiment that shows how recording which slit the electron came from removes the destructive interference pattern (so that the electrons don’t behave like waves)
    As a science-y person, I really liked how Feynman presents his material. I’m reading Six Not-So-Easy Pieces, which probably is an indicator that I liked this book.
  • Love in the Time of Cholera – Gabriel Garcia Marquez I for the most part like Marquez’s writing. I read One Hundred Years of Solitude a couple of years ago and that prompted me to read Love in the Time of Cholera. The novel recounts a love story between Fermina Daza and Florentino Ariza. Fermina Daza rejects Ariza when they are young and marries Juvenal Urbino, who is the antithesis of Ariza. During their marriage, Ariza has a several brief romantic encounters and eventually Urbino dies, allowing Fermina Daza and Ariza to rekindle the romance of their youth in their old age.
    Marquez is a really good writer (he won a Nobel Prize) and he has an almost poetic style of writing. I really want to read his books in Spanish (although my Spanish has probably deteriorated so much that I’d have a really hard time). Anyway, both Love in the Time of Cholera and One Hundred Years of Solitude are really great books and I highly recommend both of them.

I think from now on I’ll try and publish a short post whenever I finish a book. I haven’t decided if I’ll write paper summaries here or not.

Also, I realized that the reason I don’t write so much in here is that I’ve been writing really long entries and that I’m not willing to put in the time to do that anymore. I’m going to try writing shorter entries and see if that motivates me to write more often.

Capsules: Designing Web Applications For Review

May 2nd, 2010

I just came back from WWW 2010 where I presented a research project I’ve been working on for the majority of my undergraduate years. The project is about building web applications with high level security properties that can be verified in a code review. This post is about the project and why I think it’s really cool.

I’d like to start off by convincing you that we need web applications with verifiable high-level security properties. First, what is a high level security property? It’s an application-specific guarantee about the privacy and integrity of user data maintained by the application. For example, as a user of an online banking application, I’d like some assurance that I cannot lose money unless I have authorized a transaction. I’d also like some guarantee that only I can view my account balances and transaction histories. These are high-level properties regarding the integrity and privacy of my data. And these are the kinds of guarantees that we want with our web applications; it’s not enough to just defend an app from XSS and CSRF.

Since these properties can be violated by the application itself (as opposed to external attackers), we have to make sure that the application does not violate them. This requires a code review. Unfortunately, with state-of-the-art technologies, and with sophisticated, complex applications, these code review are incredibly challenging. I would argue that they are infeasible. Why? Because verifying that a high-level property is achieved involves an exhaustive review of the application. With current application architectures, every object has the privileges necessary to violate whatever security property we’re interested in. In order guarantee that the application satisfies a property, we therefore have to make sure that the entire application does not violate it. Since applications are enormous, this is very challenging.

My project looked at making these code review easier by partitioning an application into components and granting only specific privileges to each component. Partitioning an application and exposing limited privileges facilitates a code review because now only parts of the application have the privileges needed to violate any particular security property. Auditors may not even have to look at certain application modules because they can guarantee a priori that those modules cannot violate the properties we are interested in.

All we’re doing here is bringing the idea of least privilege to web applications. We used an object capability approach to achieving least privilege in application components. Our goal was to confine each application component to a reduced-privilege context. We took a multi-faceted approach. First, we prevented application components from constructing additional privilege. We did this by requiring that applications are written in an object-capability language (in our case Joe-E). Second, we prevented the application from maintaining state outside of a semi-persistent session object (By semi-persistent, I mean that it lives in memory but is maintained across multiple HTTP requests). Combined, these two properties imply that all privileges to user data and resources must reside within the session object. Finally, we use wrapper objects to expose only a subset of the session object to each application component. This effectively confines each application component into a reduced-privilege context.

In terms of implementation, we built Capsules, a prototype framework that extends the Java Servlet Framework with these ideas. As mentioned, we require that applications are written in Joe-E, an object capability subset of Java. We use several Joe-E features to achieve the three aspects of our approach. First, Joe-E prevents objects from constructing privileges from scratch. Secondly, Joe-E allows us to declare application components (called Servlets) as immutable, which, in short, means that they cannot maintain state. Finally, Joe-E allows us to construct wrapper objects that actually encapsulate their internal state, so that Servlets must go through the interfaces exposed by the wrapper rather than using reflection to obtain a reference to the underlying session object. In this way, Joe-E helps us establish these reduced-privilege contexts.

We also conducted an evaluation of this framework by building a simple web mail application and verifying that the application maintains the privacy and integrity of user mailboxes. In this analysis, we discovered that there were several application components that we could completely ignore, simply because they had no way to violate the privacy and integrity properties. While our application was simple, we believe that this kind of analysis will also apply to more sophisticated applications, making it more practical to review these kinds of high-level properties.

So that’s a overview of the Capsules project. I’ve ommited most of the technical details so that I could concisely convey the main points. If you are interested, I encourage you to read our paper or see the slides for my talk (although I don’t think the slides will be very helpful apart from the pretty pictures). Finally, please feel free to contact me if you have questions or are interested in talking to me about the project.