cordelia's New Writeups

Incentivizing antisocial behavior (idea)

2002-12-21T16:45:47Z

A community exists as a social fiction between a group of individuals who find themselves drawn together by something common - locality, religion, or common interest. A community is a microcosm of society, and the ties that bind people together can be ever so fragile.

Oddly, one often finds that as a society grows, it can create rewards for some form of antisocial behavior. Take a look at any depression era. Some would act out - throwing a rock through a store window - for the privilege of spending a warm night in jail, and getting a hot square meal at the same time. Inadvertent rewards are but a small step - it's when the reward becomes institutionalized that the community must beware.

Example: Curve-based grading

When my mother was getting her degree, she recalls a professor with a strict curving system: 3 people would get an A on each exam from each class; 8 a B, etc. Now my mother was a straight A student, and, halfway…

CISSP (person)

2002-10-06T21:55:03Z

Certified Information Systems Security Professional

The CISSP certification is maintained by the International Information Systems Security Certification Consortium (2" class='populated' >ISC2). Mastery of a common body of knowledge, encompassing ten domains, as well as three years of experience in the field are required for certification. The ten domains are:

Detecting an attacker's IP address hidden by backscatter (idea)

2002-10-06T13:55:01Z

It is a commonly held belief in the Information Security community that an attacker, performing reconnaissance against a set of computers, will hide their own identity and location by including a large number of forged source packets. Most Information Security professionals don't have a strong enough math background to realize that this technique, used simply, is flawed, and thus, defeatable.

Posit an attacker that generates a stream of traffic, with their own source IP. To cover their tracks, for each packet in this stream, they generate a large number of similar or identical packets, with a randomly chosen IP address.

Here's where the math comes in. Using the linearity of expectations, we can calculate how many unique source IPs we expect to see from a given amount of traffic.

Assume the attacker sends 10,000 random packets per second, and 1 true packet. Sampling across 30 seconds, we see 300,030 different packets. The expectation…

Humour: D&D Third Edition (idea)

2002-06-03T22:58:13Z

An interesting collection of e-mail humor, that points out some inconsistencies in a ruleset. But then, it also makes fun of itself, by laughing at the wrong things. Some of these catches are definite issues, but that's why the book is called the Dungeon Master's Guide. DMs are supposed to make rulings up as they go to maintain consistency. But to address some of the comments that seemed most bogus:

The extreme heat/extreme cold rules render much of the real world uninhabitable as everyone in Fairbanks in winter or Phoenix in summer takes enough subdual damage to render them unconscious in just a few hours.: Yup. I've been in Phoenix in the summer. And, if it weren't for air conditioning and drinking lots of water, odds are, I would've passed out had I tried to adventure around in that weather.
Simulacrum produces a creature that has among other traits 51-60% of the "speech" of the

…

Bordeaux (place)

2002-02-16T03:25:57Z

Both a city and a region in Southern France. The city straddles the banks of the Garonne River, making it an inland port city (in fact, Fort Medoc defends access from its island location downstream on the Gironde). A relatively small city, Bordeaux is quite pleasant even for the non-Francophone s (if you speak English), as a multi-century vacation spot for the British. In addition to having an airport just outside the city, access to the city via the TGV is convenient from Paris - a 3 hour express train, or a 4 hour local train.

While in town, take a stroll down Rue St. Catherine, a (mostly) pedestrian street stretching from town center to the Place des Quinconces. The shops, patisseries, and people make it quite enjoyable. If you're an American, you'll probably want to make sure your hotel has at least three stars (there is a nice Holiday Inn a 5 minute walk from the train station). If you want a guided tour of some wineries, the…

Big Five (place)

2002-01-16T03:52:03Z

The collection of large accounting and professional consulting firms, used by most corporations to audit their books, as well as providing other services. The Big Five are:

With the collapse of Enron, it seems possible that the Big Five will shrink to the Big Four; these companies are primarily selling trust, and Andersen's trust has been tarnish ed by this escapade.