I've been using Skype a little bit lately. The main reason is that a programmer who works for me just moved to Venezuela, so we use it to video conference him into our weekly meetings, as well as for text chatting and occasional voice calls. Overall it works pretty well.
I have been using the campus Jabber server to chat with the consultants in our testing lab but hadn't really been using anything to chat with the programmers. Since we all installed Skype, we've been chatting through that, so I actually talk to them more than I had been, even though it only takes about 7 seconds to walk out my door into their office.
So I got an email from one of the campus security team saying that my computer was serving as a supernode for about 400,000 Skype clients. Basically, Skype uses a peer to peer network for handling traffic, and since I had a fast enough computer with a high speed internet connection that was always on and logged into Skype, I got volunteered to route calls through my machine for people. Yikes.
One site that talked about how to keep from getting wrestled into being a Skype supernode was much less technologically advanced than I hoped it would be. Their suggestion? Block Skype with your firewall and only run the program when you are planning to make or receive a call. That's not ideal, but I suppose it will work, except I now have to pick a different communication method to determine when we need to load up Skype so we can communicate. Google Talk may work, since you can make voice calls through it; it doesn't do video, but none of us are really that exciting to look at anyway.
So, the lesson for today is be careful with Skype.
Wednesday, February 27, 2008
Tuesday, February 19, 2008
Surf the Channel
While teaching about Information Law & Ethics recently, some students in my class asked about this website, Surf the Channel. I hadn't heard of it before, so I did a little research into it. It looks to be an interesting model. It's an advertising-driven Sweden-based site, and they claim that they exist for fun, not for profit. All they provide is links to embedded videos that are hosted somewhere else on the web. You pick a channel, such as Movies, TV, Sports, etc. and there is a huge list of videos hosted by other people, many of which appear to be tudou.com, which seems to be something along the lines of a Chinese YouTube.
To make sure I fully researched the topic, I watched Evan Almighty. It had Chinese subtitles and was split into three sections. It had a few buffering problems, but that wasn't too difficult to deal with. It was a good show, by the way. I had been planning to watch it with a free Redbox code, but this saved me the trip.
After talking to my class about what I found, the question came up whether it is illegal to watch the movies or TV shows that are posted there. Surf the Channel disclaims responsibility, since they just link to content that other people have hosted, so we have some gray area there, but it is pretty clear that the content hosting sites are in the wrong for providing copyrighted content that they don't own. So what about watching copyrighted content, through streaming video that you don't download and re-share yourself? I basically told my class that the MPAA and RIAA are going to go after the low hanging fruit of people providing illegal content before they start going after the consumers, which will be much more difficult to track or prove anything. But watch at your own risk.
If you want to try a similar site for watching videos, where they have actually licensed the content they are showing, you might try out Joost. I haven't actually tried it myself yet, so I'd be interested to hear anyone's opinion of it. For streaming music, I recommend Pandora.
To make sure I fully researched the topic, I watched Evan Almighty. It had Chinese subtitles and was split into three sections. It had a few buffering problems, but that wasn't too difficult to deal with. It was a good show, by the way. I had been planning to watch it with a free Redbox code, but this saved me the trip.
After talking to my class about what I found, the question came up whether it is illegal to watch the movies or TV shows that are posted there. Surf the Channel disclaims responsibility, since they just link to content that other people have hosted, so we have some gray area there, but it is pretty clear that the content hosting sites are in the wrong for providing copyrighted content that they don't own. So what about watching copyrighted content, through streaming video that you don't download and re-share yourself? I basically told my class that the MPAA and RIAA are going to go after the low hanging fruit of people providing illegal content before they start going after the consumers, which will be much more difficult to track or prove anything. But watch at your own risk.
If you want to try a similar site for watching videos, where they have actually licensed the content they are showing, you might try out Joost. I haven't actually tried it myself yet, so I'd be interested to hear anyone's opinion of it. For streaming music, I recommend Pandora.
Sunday, January 20, 2008
Oh baby, that's a nice pen!
In about a week, a new product should hitting the virtual shelves. It has the potential to really hit it big. What is it? A pen. Specifically, the Livescribe. In addition to being a pen, it's also a computer, with an open platform to develop applications. We've all heard of products that are supposed to change the world. The difference with this particular device is that it's not supposed to change the world, and that is the exact reason that it might. Let me digress for a moment, then I'll come back to the pen, and hopefully that last sentence of mine will make more sense.
Think back a few years ago when Dean Kamen released the Segway. It is a transportation device that was heralded by some as having the potential to change the way that cities are built. Everyone in the world would want one. It would solve traffic problems, encourage walkable communities, clean up the air, etc. Fast forward about six years, and you'll maybe see an airport cop patrolling the terminal on one. A few mailmen deliver on them. There are specialty tours where you can see the city on a Segway. There are also arguments about whether the Segway should be allowed on the sidewalks since it could knock over pedestrians, but cars don't want to share the road with them either. Why isn't the Segway catching on, even though it's a wicked cool device? It requires us to change or adapt the way we do things in order to use it. It's neither a pedestrian device nor a vehicle. There's nowhere to park it. It takes about 5 hours to fully recharge after driving a maximum range of about 10 miles. It's too different, yet does not provide much benefit over a standard bicycle, other than being easier to make it up hills and harder to throw on the rack on the front of the bus.
My daughter got a doll for Christmas. (I'm still digressing, and I'm still planning on coming back to the pen.) This doll was supposed to be different than the dog my other daughter got for Christmas the year before. It's not. Both the doll and the dog are voice-activated. You talk to the dog and it does tricks or plays with a chew rope or eats a bone. You teach it to howl and shake. Well, when it understands what you say anyway, you can do all that stuff. It has to be perfectly quiet in the room, which doesn't happen much with four kids running around the house. It can't hear you if its moving or talking. You can only tell it commands that have been preprogrammed. You have to talk clearly. With high end voice recognition software like Dragon Naturally Speaking, there is a training period where it learns your voice, but it also trains you to speak more clearly. With this doll and dog, there's no training. It either understands you or it doesn't. I don't know how the experience with the dog didn't make it obvious that the doll wouldn't be a good buy either, but nevertheless it made its way to our house in Santa's bag. She plays counting games. She cries, and you have to ask her what she needs. You can feed her and make her go to sleep. Well, when it understands what you say anyway, you can do all that stuff. A good toy lets you do whatever you want with it. These voice-activated toys that don't understand what you want them to do just cause frustration, because you can only play with them how they were programmed to let you play with them.
What did all that have to do with the Livescribe? Well, it's a pen. It writes - whatever you want to write, in your own handwriting, as fast or as slow as your hand moves, just the same as any pen or pencil you've grown up with. You don't have to change or learn anything new. We've been writing so long that it would be hard to learn to write in another way. Just like the Qwerty vs. Dvorak keyboards - Dvorak is more efficient, but you have to relearn how to type, so we perpetuate Qwerty. So Livescribe simply lets you write, and while you write you can have it record audio. Later, when reviewing your notes, you can click on a word and play back the audio it recorded while you were writing that word. You can upload your notes to your computer and email them to your friends or search for certain words that you wrote down. So you still take notes the way you always have, but you now have recorded the audio that went with it. Cognitive load is decreased, because you don't have to worry about transcribing every word if you missed something. If you record a lecture using a regular mp3 voice recorder or tape recorder and you want to find the part where your professor explained a certain concept, you're going to be fast forwarding and rewinding, trying to find it. With Livescribe, you click on the word in your notes and hear the professor's voice defining it for you. Think of the uses: business meetings, field reporters, servers in a restaurant, professors grading student essays, etc.
In addition to being able to synchronize handwritten notes with recorded audio and easily share both with others, the Livescribe is an open platform, which will allow anyone to develop new applications to use the Livescribe. So really, the uses are endless and there will be little or no training required to use it. You just click record and start writing. Then you click play and point to the word where you want it to start playback from. It costs less than many iPods or cell phones, at about $200. You don't have to do anything different from what you might normally do, but you get the benefit of multiple technologies working together.
I hope it lives up to all the possibilities. The company is run by a team of experts who have collectively worked at such big names as Apple, BEA, Leapfrog, IBM, HP, Palm, GE, CNET, Chevron, and Lexar. If anyone can do it, hopefully these guys can.
Think back a few years ago when Dean Kamen released the Segway. It is a transportation device that was heralded by some as having the potential to change the way that cities are built. Everyone in the world would want one. It would solve traffic problems, encourage walkable communities, clean up the air, etc. Fast forward about six years, and you'll maybe see an airport cop patrolling the terminal on one. A few mailmen deliver on them. There are specialty tours where you can see the city on a Segway. There are also arguments about whether the Segway should be allowed on the sidewalks since it could knock over pedestrians, but cars don't want to share the road with them either. Why isn't the Segway catching on, even though it's a wicked cool device? It requires us to change or adapt the way we do things in order to use it. It's neither a pedestrian device nor a vehicle. There's nowhere to park it. It takes about 5 hours to fully recharge after driving a maximum range of about 10 miles. It's too different, yet does not provide much benefit over a standard bicycle, other than being easier to make it up hills and harder to throw on the rack on the front of the bus.
My daughter got a doll for Christmas. (I'm still digressing, and I'm still planning on coming back to the pen.) This doll was supposed to be different than the dog my other daughter got for Christmas the year before. It's not. Both the doll and the dog are voice-activated. You talk to the dog and it does tricks or plays with a chew rope or eats a bone. You teach it to howl and shake. Well, when it understands what you say anyway, you can do all that stuff. It has to be perfectly quiet in the room, which doesn't happen much with four kids running around the house. It can't hear you if its moving or talking. You can only tell it commands that have been preprogrammed. You have to talk clearly. With high end voice recognition software like Dragon Naturally Speaking, there is a training period where it learns your voice, but it also trains you to speak more clearly. With this doll and dog, there's no training. It either understands you or it doesn't. I don't know how the experience with the dog didn't make it obvious that the doll wouldn't be a good buy either, but nevertheless it made its way to our house in Santa's bag. She plays counting games. She cries, and you have to ask her what she needs. You can feed her and make her go to sleep. Well, when it understands what you say anyway, you can do all that stuff. A good toy lets you do whatever you want with it. These voice-activated toys that don't understand what you want them to do just cause frustration, because you can only play with them how they were programmed to let you play with them.
What did all that have to do with the Livescribe? Well, it's a pen. It writes - whatever you want to write, in your own handwriting, as fast or as slow as your hand moves, just the same as any pen or pencil you've grown up with. You don't have to change or learn anything new. We've been writing so long that it would be hard to learn to write in another way. Just like the Qwerty vs. Dvorak keyboards - Dvorak is more efficient, but you have to relearn how to type, so we perpetuate Qwerty. So Livescribe simply lets you write, and while you write you can have it record audio. Later, when reviewing your notes, you can click on a word and play back the audio it recorded while you were writing that word. You can upload your notes to your computer and email them to your friends or search for certain words that you wrote down. So you still take notes the way you always have, but you now have recorded the audio that went with it. Cognitive load is decreased, because you don't have to worry about transcribing every word if you missed something. If you record a lecture using a regular mp3 voice recorder or tape recorder and you want to find the part where your professor explained a certain concept, you're going to be fast forwarding and rewinding, trying to find it. With Livescribe, you click on the word in your notes and hear the professor's voice defining it for you. Think of the uses: business meetings, field reporters, servers in a restaurant, professors grading student essays, etc.
In addition to being able to synchronize handwritten notes with recorded audio and easily share both with others, the Livescribe is an open platform, which will allow anyone to develop new applications to use the Livescribe. So really, the uses are endless and there will be little or no training required to use it. You just click record and start writing. Then you click play and point to the word where you want it to start playback from. It costs less than many iPods or cell phones, at about $200. You don't have to do anything different from what you might normally do, but you get the benefit of multiple technologies working together.
I hope it lives up to all the possibilities. The company is run by a team of experts who have collectively worked at such big names as Apple, BEA, Leapfrog, IBM, HP, Palm, GE, CNET, Chevron, and Lexar. If anyone can do it, hopefully these guys can.
Wednesday, January 9, 2008
DRM Who?
After the black eye Sony received a few years ago with their DRM rootkit fiasco, they seem to be headed in the right direction with their plans to provide some DRM-free music. It appears to be due to market forces, in trying to compete with Apple's iTunes, but it's encouraging nonetheless. We'll see how it actually ends up playing out.
For a lot of people, trying to get the music they paid for to work on the various devices they listen on is more difficult than it should be, so removal of DRM will be beneficial for many. It doesn't really affect me that much personally. I can load songs on my phone and listen to them through white headphones snaked up through my shirt so I don't have to hear people calling my name when I'm walking around campus, but I choose not to.
When I do listen to music, it's usually the Music Genome Project. You create free radio stations of songs that are similar to a certain song or an artist that you like. I've got an instrumental techno station I've created, because when I'm working on homework late at night I like having some music to keep me awake, but the lyrics distract me. One cool thing about it is that it plays music you might not have known about, but that is similar to stuff you like. You're not limited to what songs you've purchased, and you get to hear artists you might not have known about before.
For a lot of people, trying to get the music they paid for to work on the various devices they listen on is more difficult than it should be, so removal of DRM will be beneficial for many. It doesn't really affect me that much personally. I can load songs on my phone and listen to them through white headphones snaked up through my shirt so I don't have to hear people calling my name when I'm walking around campus, but I choose not to.
When I do listen to music, it's usually the Music Genome Project. You create free radio stations of songs that are similar to a certain song or an artist that you like. I've got an instrumental techno station I've created, because when I'm working on homework late at night I like having some music to keep me awake, but the lyrics distract me. One cool thing about it is that it plays music you might not have known about, but that is similar to stuff you like. You're not limited to what songs you've purchased, and you get to hear artists you might not have known about before.
Tuesday, January 1, 2008
Investing in Security
A recent article discussed several myths and realities related to investments in information security. IS investments are very complicated, since companies must provide the "confidentiality, integrity, and availability of information, while also assuring authenticity and non repudiation…." That is to say, data needs to be protected against unknown change and kept away from non-authorized persons, while at the same time assuring that those who have legitimate business with that data are allowed full access.
Because of the complicated nature of many businesses, CxOs rightfully demand some monetary justification for pumping money into security rather than other projects that also need funding. According to the authors of this article, the traditional accounting measure, ROI, does not completely capture the benefits and risks associated with Information Security, so other measures must be used to find a project's Return on Security Investments (ROSI).
The first myth dispelled in the article is that "the accounting concept of 'return on investment' is an appropriate concept for evaluating information security investments." The problem with ROI is that it is an historical accounting measure. The IRR, an economic measure of future asset values and discounted cash flows, is a truer measure.
The second myth is that "Maximizing the IRR on information security investments is an appropriate objective." That is, the highest IRR is not necessarily the best choice. The amount of investment that yields the greatest net benefit is the one that should be used. The IRR measures a percentage return, not an actual return, so the IRR is used to a point, but to determine the actual amount to invest, the proportion with the largest actual return should be used. I'm not so sure that I agree with this point, but of course none of my articles have been published in Strategic Finance yet. What it looks like to me is that if another project has a higher marginal IRR, it will have a higher present value than the IS project, so the alternative project should receive the additional funding. This may be implied, but the article seems to focus on comparing a project's IRR only to itself, not to alternative projects.
The third myth is that "IRR and NPV are ex post metrics for evaluating the actual performance of information security investments." IRR is used to anticipate the returns of a project. Going back to measure the actual return on a project once it has been completed is called "post-auditing." Because of the nature of security investments, the more successful a project turns out to be, the fewer security problems will be seen, and the harder it will be to measure how successful it was. So the most successful project will result in no one even thinking about the security plan.
The fourth myth is that "it's appropriate to invest in security activities up to the level where the investments equal the expected loss from security breaches." The probability of an event taking place must be factored in when determining the present value of those investments. So, with this final point, the authors tell us that optimal level of security investments must be found, not just the project's rate of return.
In their research, they have found that on average, a maximum of about one-third of the expected potential loss should be invested in preventing that loss. By investing more than this, the amount spent preventing a loss approaches the amount of the loss. By investing less than this, a firm leaves its systems completely open.
Gordon, L.A. & Loeb, M.P. (2002). Return on information security investments: Myths vs realities. Strategic Finance, 84(5).
Because of the complicated nature of many businesses, CxOs rightfully demand some monetary justification for pumping money into security rather than other projects that also need funding. According to the authors of this article, the traditional accounting measure, ROI, does not completely capture the benefits and risks associated with Information Security, so other measures must be used to find a project's Return on Security Investments (ROSI).
The first myth dispelled in the article is that "the accounting concept of 'return on investment' is an appropriate concept for evaluating information security investments." The problem with ROI is that it is an historical accounting measure. The IRR, an economic measure of future asset values and discounted cash flows, is a truer measure.
The second myth is that "Maximizing the IRR on information security investments is an appropriate objective." That is, the highest IRR is not necessarily the best choice. The amount of investment that yields the greatest net benefit is the one that should be used. The IRR measures a percentage return, not an actual return, so the IRR is used to a point, but to determine the actual amount to invest, the proportion with the largest actual return should be used. I'm not so sure that I agree with this point, but of course none of my articles have been published in Strategic Finance yet. What it looks like to me is that if another project has a higher marginal IRR, it will have a higher present value than the IS project, so the alternative project should receive the additional funding. This may be implied, but the article seems to focus on comparing a project's IRR only to itself, not to alternative projects.
The third myth is that "IRR and NPV are ex post metrics for evaluating the actual performance of information security investments." IRR is used to anticipate the returns of a project. Going back to measure the actual return on a project once it has been completed is called "post-auditing." Because of the nature of security investments, the more successful a project turns out to be, the fewer security problems will be seen, and the harder it will be to measure how successful it was. So the most successful project will result in no one even thinking about the security plan.
The fourth myth is that "it's appropriate to invest in security activities up to the level where the investments equal the expected loss from security breaches." The probability of an event taking place must be factored in when determining the present value of those investments. So, with this final point, the authors tell us that optimal level of security investments must be found, not just the project's rate of return.
In their research, they have found that on average, a maximum of about one-third of the expected potential loss should be invested in preventing that loss. By investing more than this, the amount spent preventing a loss approaches the amount of the loss. By investing less than this, a firm leaves its systems completely open.
Gordon, L.A. & Loeb, M.P. (2002). Return on information security investments: Myths vs realities. Strategic Finance, 84(5).
So you want to start a business?
A few years ago, I attended a presentation by the owner of a car dealership. He had some advice on starting a business. One of his first points was that the statistics showing large numbers of failed businesses are skewed, because smart people often go for the guaranteed money, working for someone else, so many that would be successful never start their own business.
The smart ones that do make it and build a successful business will run their business by the numbers, not by emotion (of course, this is all coming from an Accountant). The following principles will guide entrepreneurs to success:
The smart ones that do make it and build a successful business will run their business by the numbers, not by emotion (of course, this is all coming from an Accountant). The following principles will guide entrepreneurs to success:
- Know your break even point every month or day
- Staff according to your slowest month; you may be understaffed on occasion, but never overstaffed
- YOU be the key employee
- Put money into what will make you money (buy vs lease)
- Personal overhead = business overhead
- Don't spend money just to reduce taxes; pay taxes like you should
- It is safest to invest money in your own business, where you have the control; don't play the stocks
- Only grow the business if it will make your bottom line grow
- Always outsource if costs are the same as doing something in-house
- Reinvest in the customer
- Offense is exciting, but defense wins the game; that is, sales are exciting, but low expenses make the money
Cryptography
President Clinton passed the E-Sign Law in July of 2000 allowing a digital signature to complete a valid enforceable contract, but there is still little done by consumers using digital signatures. A few years ago, someone in my office came to me asking for my help in creating a digital signature. I did some research, found the costs and what technologies might be appropriate, and presented the options to my coworker. It turned out that all my coworker needed was for me to scan a signature from a piece of paper to insert into a Word document. I didn't explain that it wasn't really a digital signature I'd be creating; I just created it. Five-plus years later, I don't think that general consumer knowledge has risen much from where it was back then.
TCP/IP and the Internet in general was not designed to be secure. It was designed to not fail. In order to become secure, layers must be added at higher levels to protect data when it is being handed around the Internet. PGP (Pretty Good Privacy) and GPG (GNU Privacy Guard) are programs that use PKI for encrypting and signing data.
Public Key Infrastructure (PKI) is an application of cryptography. Technology is used to implement cryptography, but cryptography itself is inherently mathematic. Symmetric cryptography involves using one key to both lock and unlock or encode and decode a set of data. The sender and receiver must both have a copy of the same key. Asymmetric cryptography involves a public key and a private key. The public key is passed out to anyone, but the private key must be kept secret. With asymmetric cryptography, one key is used to encrypt or mark a set of data and the other key is used to decrypt or verify that the data sent has not changed. An asymmetric pair of keys can be used for either encryption or a digital signature or both. A symmetric key can only be used for encryption.
A regular, paper-based signature is used to prove to a third party that a transaction has taken place. Likewise, a digital signature is a mathematical operation to a set of data that proves that a message or transaction was enacted by the person who signed it and that it has not been changed.
A message goes through the following when it is encrypted: the message is written, a mathematical hashing operation is used to process the message, it is encrypted using a public key, the message is received and another hash is performed, and the message is decrypted using the receiver's private key.
A digital certificate, often used on websites and other transactions, contains the public key of a certain user or organization and identifying information such as email address, website, phone number, name, expiration date, etc. The digital certificate is signed by the organization or person who issued the certificate. Their certificate is in turn signed by the organization or person who issued their certificate, until a root is reached. Ultimately, it is that root that must be trusted. Each issuer must take the proper steps to verify the identity of an applicant before the digital certificate is issued.
TCP/IP and the Internet in general was not designed to be secure. It was designed to not fail. In order to become secure, layers must be added at higher levels to protect data when it is being handed around the Internet. PGP (Pretty Good Privacy) and GPG (GNU Privacy Guard) are programs that use PKI for encrypting and signing data.
Public Key Infrastructure (PKI) is an application of cryptography. Technology is used to implement cryptography, but cryptography itself is inherently mathematic. Symmetric cryptography involves using one key to both lock and unlock or encode and decode a set of data. The sender and receiver must both have a copy of the same key. Asymmetric cryptography involves a public key and a private key. The public key is passed out to anyone, but the private key must be kept secret. With asymmetric cryptography, one key is used to encrypt or mark a set of data and the other key is used to decrypt or verify that the data sent has not changed. An asymmetric pair of keys can be used for either encryption or a digital signature or both. A symmetric key can only be used for encryption.
A regular, paper-based signature is used to prove to a third party that a transaction has taken place. Likewise, a digital signature is a mathematical operation to a set of data that proves that a message or transaction was enacted by the person who signed it and that it has not been changed.
A message goes through the following when it is encrypted: the message is written, a mathematical hashing operation is used to process the message, it is encrypted using a public key, the message is received and another hash is performed, and the message is decrypted using the receiver's private key.
A digital certificate, often used on websites and other transactions, contains the public key of a certain user or organization and identifying information such as email address, website, phone number, name, expiration date, etc. The digital certificate is signed by the organization or person who issued the certificate. Their certificate is in turn signed by the organization or person who issued their certificate, until a root is reached. Ultimately, it is that root that must be trusted. Each issuer must take the proper steps to verify the identity of an applicant before the digital certificate is issued.
Freakonomics
I just read the book Freakonomics by Levitt and Dubner. The authors admit that there is no central theme to the book, which is really a series of individual essays that are loosely tied to one another.
Each chapter consists of comparisons between unlike groups of people to make a point. KKK members and real estate agents maintain power (or at least used to in the KKK's case) by protecting the information that they hold. A high school quarterback works hard against the stacked odds of becoming a star, while crack dealers work for minimum wage while hoping to make it some day as a big time drug dealer. Sumo wrestlers in Japan and school teachers in the U.S. sometimes cheat by throwing matches or by changing student answers on standardized tests, even though both professions are considered honorable and above such activity.
Other than these comparisons, there are some controversial findings. The drop in crime in the 1990s was due to abortion becoming legal back in the 1960s. More kids die in swimming pools than from guns in the home. It doesn't matter what school parents send their children to when they have a choice; the fact that they are willing to send their kids to another school means more than the new school itself. Sexual assault rates are lower than what is usually reported, but no one can publicly dispute those numbers due to political pressures.
The book does not cover traditional economic research topics, but in the foreward, Levitt explains that he's not really interested or competent when it comes to monetary policy, fiscal policy, econometrics, and the stock market. The research seems more like Sociology than Economics, but calling him a "rogue economist" sounds better than a "rogue sociologist". Levitt's PhD dissertation at MIT covered several political topics such as campaign spending, incumbent advantage in elections, midterm elections, and politician voting records.
Regardless of the topic of Levitt's research, this book should be required reading for any new PhD student. The book does not necessarily purport to solve any great world problems but rather encourages people to be a little more skeptical and to try to think more about why things happen how they do and to ask more questions. Basic research concepts are covered, such as correlation vs. causality and choosing correct data to measure.
Each chapter consists of comparisons between unlike groups of people to make a point. KKK members and real estate agents maintain power (or at least used to in the KKK's case) by protecting the information that they hold. A high school quarterback works hard against the stacked odds of becoming a star, while crack dealers work for minimum wage while hoping to make it some day as a big time drug dealer. Sumo wrestlers in Japan and school teachers in the U.S. sometimes cheat by throwing matches or by changing student answers on standardized tests, even though both professions are considered honorable and above such activity.
Other than these comparisons, there are some controversial findings. The drop in crime in the 1990s was due to abortion becoming legal back in the 1960s. More kids die in swimming pools than from guns in the home. It doesn't matter what school parents send their children to when they have a choice; the fact that they are willing to send their kids to another school means more than the new school itself. Sexual assault rates are lower than what is usually reported, but no one can publicly dispute those numbers due to political pressures.
The book does not cover traditional economic research topics, but in the foreward, Levitt explains that he's not really interested or competent when it comes to monetary policy, fiscal policy, econometrics, and the stock market. The research seems more like Sociology than Economics, but calling him a "rogue economist" sounds better than a "rogue sociologist". Levitt's PhD dissertation at MIT covered several political topics such as campaign spending, incumbent advantage in elections, midterm elections, and politician voting records.
Regardless of the topic of Levitt's research, this book should be required reading for any new PhD student. The book does not necessarily purport to solve any great world problems but rather encourages people to be a little more skeptical and to try to think more about why things happen how they do and to ask more questions. Basic research concepts are covered, such as correlation vs. causality and choosing correct data to measure.
Friday, December 14, 2007
Reset Vista
I have a new computer that's been sitting on my desk, waiting for me to have time to move everything over off my old computer. I only use it only occasionally, but have logged into it several times. So yesterday, as I was trying to transfer some music files over that I didn't want to store on the file server where I'd been putting everything from my old computer, I couldn't get my old computer to connect to the new one. I end up rebooting it, and when it comes back up, the password doesn't work. I don't know if I changed it or if a security update did something weird, but I was locked out. No other account to login with.
I found a nice Linux CD that boots you up to a registry editor that allows you to reset the passwords on accounts and enable or un-lockout accounts. The website itself was confusing to navigate, but once I found what I needed, it went pretty quick. I reset the password to something else a couple times. Nothing. I tried enabling the Administrator account and setting a password on that (since the Administrator account is disabled by default in Vista). No go.
So as I start looking through his FAQs, I find that setting the password is a bit flaky but just blanking the password should be pretty consistent. So I tried that and was in, and then within Windows I set the password to what it should have been all along. It won't let me change anything on the Administrator account, so I'll have to go disable that again, I guess.
When I was setting the password, I got this little hint from Vista: "If your password contains capital letters, they must be typed the same way every time you log on." Yes, thank you, but the question I have to ask is that if my password does not contain capital letters, does it not have to be typed the same way every time? If it's all lower case letters and numbers, do I not have to type my password the same way? I'm not sure I want to actually find out.
I found a nice Linux CD that boots you up to a registry editor that allows you to reset the passwords on accounts and enable or un-lockout accounts. The website itself was confusing to navigate, but once I found what I needed, it went pretty quick. I reset the password to something else a couple times. Nothing. I tried enabling the Administrator account and setting a password on that (since the Administrator account is disabled by default in Vista). No go.
So as I start looking through his FAQs, I find that setting the password is a bit flaky but just blanking the password should be pretty consistent. So I tried that and was in, and then within Windows I set the password to what it should have been all along. It won't let me change anything on the Administrator account, so I'll have to go disable that again, I guess.
When I was setting the password, I got this little hint from Vista: "If your password contains capital letters, they must be typed the same way every time you log on." Yes, thank you, but the question I have to ask is that if my password does not contain capital letters, does it not have to be typed the same way every time? If it's all lower case letters and numbers, do I not have to type my password the same way? I'm not sure I want to actually find out.
Tuesday, December 11, 2007
Making a Difference with Research
After reading what Fishman, et al. have to say [Fishman, B., Marx, R.W., Blumenfeld, P., Krajcik, J., & Soloway, E. (2004). Creating a framework for research on systemic technology innovations. The Journal of the Learning Sciences, 13(1), 43-76.], I'm not sure if I was supposed to be depressed or excited about all the great work there is still to do: "most innovations derived from Learning Sciences research have not found their way into widespread classroom use", "the primary uses of technology in schools remain drill and practice, word processing, and web surfing", "the field lacks a bridge between focused research and development of learning technologies and the broad-based systemic use of these innovations in schools", "technology used for curricular purposes is often maintained by organizations in the school district that traditionally have not been involved in classroom learning", "the time districts devote to standardized assessment activities cuts into the amount of extended time available for inquiry-oriented learning as called for in the standards", "computers distributed throughout classrooms are difficult to secure and maintain, while centralized computer labs create scheduling conflicts", and "the Internet is down more than it is up".
Since I'm not as much interested in K-12 education as I am in higher ed and business, I would be interested to know how many of the above challenges apply to those environments as well. My guess is that it ends up being similar. Often in business the IT department will be somewhat isolated from whatever is actually produced, just like it is in this example in K-12 education. In my experience, I have seen (and felt) frustration on the part of IT personnel when they are not involved in important decisions of the organization.
One of the most important points I read in the article was that successful reform will happen when the local organization is invested and heavily involved in the reform. In Union City, the school district designed its own reforms to avoid losing control of their district to the state. It's too bad that the federal government can't get its fingers out of the country's education and leave it up to the states or even to the local school districts to make decisions about what is best for their students (as the U.S. Constitution states should be the case). Because the district was in charge of its own reforms, it could make changes both to what is taught in the classroom and the professional development of teachers.
Innovation has to be localized and sustainable in order to be successful. Empowering people at all level of an organization to act on a unified set of goals will make an organization more nimble and responsive. I really believe that putting together good people and allowing them to make appropriate decisions without too many layers of paperwork and bureaucracy will keep morale higher and get more good things accomplished.
I would love to implement a cognitive tutor, like that discussed in the article, to track the behavior of the students I work with in CIL. There are many methods students may use to prepare for our tests (and some don't prepare) so it would be useful to track students' paths and really analyze what people are spending time working on in an online environment. Knowing what people are working on and where they make mistakes would help us refine our instruction.
When they discuss the benefits of collaborating across grades to implement tools that can take advantage of economies of scale, it makes sense, but I don't know of a specific tool at the K-12 level that does so other than maybe Accelerated Reader, which, from what I hear, seems to be a pretty decent product. Perhaps Blackboard is supposed to be a tool at the university level that should allow for collaboration and communication in a classroom; if it is, I'd like to see someone that's actually using it effectively.
Since I'm not as much interested in K-12 education as I am in higher ed and business, I would be interested to know how many of the above challenges apply to those environments as well. My guess is that it ends up being similar. Often in business the IT department will be somewhat isolated from whatever is actually produced, just like it is in this example in K-12 education. In my experience, I have seen (and felt) frustration on the part of IT personnel when they are not involved in important decisions of the organization.
One of the most important points I read in the article was that successful reform will happen when the local organization is invested and heavily involved in the reform. In Union City, the school district designed its own reforms to avoid losing control of their district to the state. It's too bad that the federal government can't get its fingers out of the country's education and leave it up to the states or even to the local school districts to make decisions about what is best for their students (as the U.S. Constitution states should be the case). Because the district was in charge of its own reforms, it could make changes both to what is taught in the classroom and the professional development of teachers.
Innovation has to be localized and sustainable in order to be successful. Empowering people at all level of an organization to act on a unified set of goals will make an organization more nimble and responsive. I really believe that putting together good people and allowing them to make appropriate decisions without too many layers of paperwork and bureaucracy will keep morale higher and get more good things accomplished.
I would love to implement a cognitive tutor, like that discussed in the article, to track the behavior of the students I work with in CIL. There are many methods students may use to prepare for our tests (and some don't prepare) so it would be useful to track students' paths and really analyze what people are spending time working on in an online environment. Knowing what people are working on and where they make mistakes would help us refine our instruction.
When they discuss the benefits of collaborating across grades to implement tools that can take advantage of economies of scale, it makes sense, but I don't know of a specific tool at the K-12 level that does so other than maybe Accelerated Reader, which, from what I hear, seems to be a pretty decent product. Perhaps Blackboard is supposed to be a tool at the university level that should allow for collaboration and communication in a classroom; if it is, I'd like to see someone that's actually using it effectively.
Subscribe to:
Posts (Atom)