Wednesday, August 29, 2012

Historical Exponential View vs The Heart of Man

This essay has probably influenced my thinking about technology more than any other:  Ray Kurzweil starts it off by promising that you will get $40 trillion by just reading it.  In it he compares the intuitive linear view of how we expect technology to progress with the historical exponential trend that is has demonstrated.  The reason we intuitively think of technological progress as linear is because exponential trends appear to be linear when viewed (and experienced) for a brief period of time.  In general, I think being optimistic about technological progress is the right attitude.  But ten years later, I’ve embraced a more cautious optimism regarding the concept of the singularity.  Kurzweil goes way off the charts near the end of the essay, following his singularity to a logical conclusion of an ever expanding existence merely comprised of self-organizing knowledge.  Intuitively I’ve always felt that to be a little off, but since he posits very well early on in the essay that intuition can sometimes be wrong, I kind of just shrugged and decided to take the latter part of the essay on authority.  It’s not like it likely matters to us anyway, if it happens we can adjust and if it doesn’t… well then it doesn’t matter.

Lately I’ve been exploring a more logical and objective counterpoint to the “knowledge blob assimilation theory” (my name for it… not his). The limits of technological advancement might be similar in concept to the limits of functional abstraction in programming.  Think for example about writing software libraries.  As we write functionality we can reference, as long as we can understand how we implemented it and remember how to reference it, it empowers us to write new software much faster.  There’s a point of diminishing returns as we lose familiarity with the libraries we have built or work with and it takes some time to catch up again and be as productive.  But in general abstraction makes things happen faster.  The technological singularity might end up giving us what we would now consider extreme capabilities.  For example being able to tell our car where to take us and then relaxing, having perfect digital memories thanks to implants, and being fully immersed in virtual worlds whenever we choose; but the limits of abstraction hit in at some point.  And the heart of man never changes.  Tying technology abstractions to the intents of the heart of man (who we are and what we want to be or do) will be the upper limit of the advancement.  I think a different way to articulate the concept will be to say that what we will be able to do post singularity will be limited by our imaginations.  But since our imaginations are limited and imperfect (even when augmented), there will be a limit.  Mike Minter, an intellectual that I respect highly and routinely get to hear speak, made plain an example of technological advancement vs the heart of man in this short video.  The title of the three part series (each part is two minutes) is “The Ultimate Contradiction”.  It’s worth watching. The first part is the story I’m referring to.  The second part describes why this happens: “The insatiable desire for a man to be satisfied will always be thwarted by his inability to be satisfied.”  Regardless of your perspective and opinions, it’s certainly an interesting time to be alive.

Monday, August 27, 2012

Fundamental truths of building things

Sometimes when you are building something it feels like youre uncovering structures that always existed.  Things that are fundamental truths that were there before you and will be there after for others to enjoy.  Like math; prime numbers, Fibonacci, the golden ratio.  I think this is how the structure a bit of code can look beautiful.  How the structural simplicity of an arch eliminating tensile stresses and resolving them into compression can be pleasing to the eye.  I find it in the bending of a bow and the flight of an arrow.  They feel solid, atomic (non-reducible), and elegant.  When you get to the point where things cant be any simpler, that's when you've made it all the way.  Unfortunately, we don't always make it that far in the real world, there are trade offs; but it stands as an admirable goal and hints toward the existence of a higher order of things being there beyond just us.

One of my favorite paintings, Clairvoyance, is a self portrait of the artist RenĂ© Magritte sitting at an easel, looking at an egg while painting a picture of a bird with its wings extended. The title translates to "Perspicacity" which means: Acuteness of perception, discernment, or understanding or keen vision. The meaning of the painting is indicated by the title. The egg will become a bird. The artists see what it will become. In the eye of the artist, he already sees the bird. Through understanding of the laws of the Universe, the artist knows that the egg will become a bird; that it is already a bird.  There's something to be said for having that clairvoyance about what things can be.  In the case of building things, the egg needs our help to hatch.  So we roll up our sleeves to do battle in the war of art and overcome the resistance holding us back.

Monday, August 13, 2012

Automated vulnerability scanning

A hefty dose of caution and expectations management when it comes to static code analysis or vulnerability scanning tools.

- Scan findings often contain a few thousand items.  The vast majority of them don't matter.
- Scanning tools often do not take into account the attack surface when they scan. This means that vulnerabilities found by them should not immediately be described as those that cause a risk.
- The code libraries common in use are open source, these libraries have lots of code in them which does not make it into the final software. This unused code might be included in the scan and it would be a waste of time to go hacking apart a library just to make the scan results better.

These reasons and more make the results from static code analysis poor metrics.  It's tempting to use them in this manner.  The number of discovered vulnerabilities is such an easy number to find and we all expect it to be reduced quickly as we fix things.  But unlike other metrics, static code analysis results, in the real world, never arrive at a state we can call complete or any other status than “better”.  This is troublesome because metrics, almost by definition, are presented to audiences that are not deep subject matter experts in the nuances of their creation.  That often means that the decisions that are made are not driven by an objective review of the results. Instead, non-expert audiences are swayed in their perceptions, positive or negative, by how well the expert presents their arguments.  An inarticulate developer thrown before leadership holding a report claiming 1000 false positives on a scan is going to fare poorly.  I’ve seen this scenario play out multiple times and it never ends well.  The loss of confidence that can result from confusing metrics is often countered by adding more developers or oversight to the project.  In the worst of cases it can lead to a shift of responsibilities, effectively destroying the hard fought knowledge attained by that developer during the course of their work.  In 1975 Fred Brooks coined Brook’s Law which states that "adding manpower to a late software project makes it later".  I believe it holds true for projects that weren’t late to begin with.  Using bad metrics to report performance can ruin that performance.

With all of the trouble that comes with improper use of their results, scanning tools can still be a powerful tool in your arsenal for writing good software.  I believe that the highest level that those raw scan numbers should go is the person who directly manages the performance of the developers.  These performance management decisions are mostly based on relative personnel performance and developer performance management.  Most importantly the person in this role often has deep subject matter understanding.  This is also the level where implementation of design takes place. If you don't trust your lead developer to be able to find and mitigate code vulnerabilities, find a new one. Everybody up the management chain from them will not have the technical skill to evaluate those decisions although few will hesitate to do so if called on.  When developing status reports for levels higher in the organization than this, the scan results need to be culled down to those that are actionable items.  Typically, they get dropped as a bug fix into a sprint or some other task management system, whatever yours may be.  Those sprint items or the backlog can provide excellent metrics, provided they have an apparent and predictable stability.  Managing requirements coherently is the topic for another post, so I’ll leave it at that here.

Software code and vulnerability scanning is a great tool, but it's a two edged sword... with a few other edges hidden where you don't expect them.

Tuesday, August 7, 2012

Raising kids and the computer scientist as tool smith

In 1996 Fred Brooks put together this great paper.
I was reviewing it recently because it had been mentioned in another book I'm reading, Coders at Work.  The main point of the paper being that Computer Science has been misnamed.  This is funny because Fred Brooks was partly responsible for having named it.  Given the context the paper is written in, I agree. The larger concepts in the paper are still applicable today, as much of his writing is.  Most individuals working with computers are not scientists building things in order to study; we are engineers studying in order to build.  The true metric of our success is how well the tools we create enable our users.  We are more like tool smiths than scientists, but the semantic discussion need not settle starkly on one description of the other.  It only serves to remind us of where our responsibilities are.

Toward the end of the paper he makes a departure from computer science and into discussing the virtues of how we spend our time in general.  The main question being how much time we spend creating and producing versus wasting time.  This being 1996, the TV serves as the time wasting villain.  Today we have even more effective ways to destroy productivity.  The following paragraphs resonated with me.

"TV fails the beauty test. Although the cinematography is frequently very skillful, the overall effect is
ugliness — bleak slumscapes, ugly violence, and endless car chases.
TV is only occasionally good. The voracious appetite for material means mediocre dramas. The characters are rarely people we should like to have as friends, quite unlike, for example, the people in Neville Shute’s novels. Only rarely would we want our children to take TV characters as their role models.
On a late-life occasion honoring the inventor of the vacuum tube, Lee DeForest, he remarked on how the tube had made radio possible, and he sadly commented, “This is DeForest’s prime evil.” Today he would have a new candidate.  “What did people do before TV?” How did we recreate ourselves?"

Just a few years after 1996 the world wide web came along and there was a new candidate for DeForest’s scorn.  The voracious appetite for material continues to drive the creation of ugliness.  Beauty still seems to be the exception online as it was/is on TV.  But that wasn’t what gave me the most pause.  It was his point about how we raise our children.  As I look down and watch my ten month old crawl around the living room, I see alongside his wandering path the various electronic windows to the world now available: laptops, tablets, tvs, and smartphones.  In his lifetime we will become vastly more connected with new devices: glasses, contact lenses, perhaps even implants.  He will have an appetite for and consume much of that ugly time wasting material, as will I.  Material will be set before us and we will seek it out even when we know it's wrong.  The only question left is if we will have the courage to police ourselves and attempt to only seek out only those things that enrich us.  Will we have the awareness to hold things of beauty in higher regard than the rest of it.

Reflecting on the movie’s I’ve watched, the video games I play, the blogs I read, and the content streaming into my social media networks, Fred was right.  Very rarely is there a character (real or imagined) in those electronic windows that I would want my child to hold as a role model.  Rarely are they people we should even like to have as friends.  I know I have the courage and thankfully I still have a few years to figure out the details of how to raise my children right.  In a hyper-connected world, we won’t have the option to shelter them.  But we can certainly prepare them.  I need to work hard at managing the material that I let myself consume and also what I let my children watch.  I hope other parents do the same.

Friday, August 3, 2012

Foreign perceptions

Foreign perceptions of things are often drastically different than what we’d expect from listening to our own news.  An Arabic interpreter that once worked for me tipped me off to this little nugget of fun:  If you go to the Wikipedia Arabic version of the Marshall plan ( and run it through Google Translate, you’ll find out that the Marshall plan was actually a United States plot to take over Europe.  “Washington succeeds in achieving its control through investments and the purchase of existing projects in these countries, in exchange for a promise of payment in dollars, and for giving creditors certificates to those promises”.


Thursday, August 2, 2012

Use use

"Utilize" is overused (not over utilized) because it is a long word.  Use projects the same meaning for fewer letters.  Don't utilize utilize. Use use.

SYSK: The CNN Effect

By focusing instantaneous and ongoing media coverage on a particular conflict, international incident, or diplomatic initiative, the news cycle effectively demands political attention, as governing politicians attempt to demonstrate that they are "on top of" current issues.

Wednesday, August 1, 2012

Innovation Starvation

Neal Stephenson penned a great article after giving an amazing presentation about innovation.



The part of of the article that resounded strongly enough with me to make me want to share:
"Most people who work in corporations or academia have witnessed something like the following: A number of engineers are sitting together in a room, bouncing ideas off each other. Out of the discussion emerges a new concept that seems promising. Then some laptop-wielding person in the corner, having performed a quick Google search, announces that this “new” idea is, in fact, an old one—or at least vaguely similar—and has already been tried. Either it failed, or it succeeded. If it failed, then no manager who wants to keep his or her job will approve spending money trying to revive it. If it succeeded, then it’s patented and entry to the market is presumed to be unattainable, since the first people who thought of it will have “first-mover advantage” and will have created “barriers to entry.” The number of seemingly promising ideas that have been crushed in this way must number in the millions.

What if that person in the corner hadn’t been able to do a Google search? It might have required weeks of library research to uncover evidence that the idea wasn’t entirely new—and after a long and toilsome slog through many books, tracking down many references, some relevant, some not. When the precedent was finally unearthed, it might not have seemed like such a direct precedent after all. There might be reasons why it would be worth taking a second crack at the idea, perhaps hybridizing it with innovations from other fields. Hence the virtues of Galapagan isolation.

The counterpart to Galapagan isolation is the struggle for survival on a large continent, where firmly established ecosystems tend to blur and swamp new adaptations. Jaron Lanier, a computer scientist, composer, visual artist, and author of the recent book You are Not a Gadget: A Manifesto, has some insights about the unintended consequences of the Internet—the informational equivalent of a large continent—on our ability to take risks. In the pre-net era, managers were forced to make decisions based on what they knew to be limited information. Today, by contrast, data flows to managers in real time from countless sources that could not even be imagined a couple of generations ago, and powerful computers process, organize, and display the data in ways that are as far beyond the hand-drawn graph-paper plots of my youth as modern video games are to tic-tac-toe. In a world where decision-makers are so close to being omniscient, it’s easy to see risk as a quaint artifact of a primitive and dangerous past.

The illusion of eliminating uncertainty from corporate decision-making is not merely a question of management style or personal preference. In the legal environment that has developed around publicly traded corporations, managers are strongly discouraged from shouldering any risks that they know about—or, in the opinion of some future jury, should have known about—even if they have a hunch that the gamble might pay off in the long run. There is no such thing as “long run” in industries driven by the next quarterly report. The possibility of some innovation making money is just that—a mere possibility that will not have time to materialize before the subpoenas from minority shareholder lawsuits begin to roll in.

Today’s belief in ineluctable certainty is the true innovation-killer of our age. In this environment, the best an audacious manager can do is to develop small improvements to existing systems—climbing the hill, as it were, toward a local maximum, trimming fat, eking out the occasional tiny innovation—like city planners painting bicycle lanes on the streets as a gesture toward solving our energy problems. Any strategy that involves crossing a valley—accepting short-term losses to reach a higher hill in the distance—will soon be brought to a halt by the demands of a system that celebrates short-term gains and tolerates stagnation, but condemns anything else as failure. In short, a world where big stuff can never get done."

10 timeframes

Amazing graduation speech