Revelations of Sexism

As kid that grew up having to defend my sex for being “not as good in science and math”, or just simply “not as smart” as the opposite sex, it has gotten so clear lately that the education system (at least the one I was under) is/has been sexist to the core. I’m pretty mad that our books had a bias. How else would I explain the fact that I learned of so many men that won the Nobel prize or were mathematiciains, for so many different things, yet I never learned about the likes of Rosalind Franklin or Dorothy Hogkin?
1. Chronological list of women mathematician
2. Dorothy Hodgkin page
3. Rosalind Franklin page
Women can do science. They can do math. They can be stay-at-home moms if the want too. They can do anything they put their minds to just as men can.
And to close with a quote from Rita: she says that the women that changed the world never needed to show anyone anything expect for their intelligence. On a second thought I’m not sure what she means, but she’s a boss (LOOK HER UP!) so, I’ll just leave this here 🙂

Morality, technology and human nature

“(…) scientific and technical work routinely implicates politics. (…) Technological ideas and technological things are not politically neutral: routinely, they have strong, built-in tendencies.”

Isn’t it fascinating that even when we think we’ve escaped things like “politics”, “power struggles”, we haven’t really? The reason I liked science for so long, the reason I wanted to bury my face and head in it, was so I didn’t have to deal with the very imperfect human world that is shaped and pushed back and forth by human vice: pride, greed, envy to pure destructive desires. Imagine my surprise when I discovered, heck, these bad things are everywhere. Even in the idealist and vice-fighter myself!

Not only are these found in all humans, they can also permeate everything we do, be it science, technology or philosophy. That was a sad realization for me, really.

From my earliest days I had a passion for science. But science, the exercise of the supreme power of the human intellect, was always linked in my mind with benefit to people. I saw science as being in harmony with humanity. I did not imagine that the second half of my life would be spent on efforts to avert a mortal danger to humanity created by science. (Rotblat, Nobel Peace Prize speech)

As I conclude with this argument, I want to get back to the first quote of “strong, built-in tendencies”. It is theses tendencies we have, that we transmit to our inventions, our ideologies, our thoughts, our actions. Even our science and technology. It convinces me more and more. We have a great affect on the things we do as broken people.

It convinces me in a way, though this might be somewhat of a leap, of the nature of science and technological advances: a nature that is not objective, but highly subjective and with dubious intentions behind it.

Anyways, the main reason I started even talking about this is because of a paper I had to read. Funny story about my encounter with this paper: I saved it in my to-read list during IAP/winter holiday (it was sent out to my school’s CS lab mailing list). As life got busy I did not manage to read it. Then as I take two classes this semester, they both require me to read this paper. Of course, it was a win-win moment for me 😀

The paper I’m quoting is this fascinating one from Phillip Rogaway: The Moral Character of Cryptographic Work.  You can find the link for it here.

More about the paper: It has some great advice on how as a cryptographer one should view his work. Less of being only interested in the technical work and more awareness in the ethics and effects your work has. Which is a great lessor for all of us.



Security in my Computer Systems Engineering Class

Part I


In my Systems Class we’re currently discussing security in relation to system design. When we build reliable systems, we build them in the face of “more-or-less random”, “more-or-less independent” failures and sometimes-unpredictable targeted attacks from adversaries. Adversaries can do many things:

  • phishin attacks
  • botnets
  • worms, viruses
  • personal stolen information


Computer security is different from general security mostly because of the Internet. The rise of the Internet has also brought with itself challenges regarding security. The Internet is cheap, fast and widely-available (relatively speaking), which makes for fast, cheap, scalable attacks on our system. The number of adversaries in the Internet is also huge: almost anyone can be an adversary. The fact that in the Internet you can’t tell a dog apart from a person, also doesn’t help: anonymity of adversaries gives them more leeway to challenge and attack computer systems. Attacks toward computers can also be automated. Another difference in computer security is the potential of an adversary’s resources (botnets). Finally, users have generally poor intuition about protecting themselves, which makes them easy targets of phishing and other forms of attacks, that in the end put an entire system in danger.

Aside from the difficulties as mentioned above – as if they weren’t enough, – it’s just difficult to think about every possible attack scenario, or possible threats facing computers. Achieving that is considered “negative goal”. A negative goal is for example when you say “x can not do something y.” in contrast to a positive goal where you would say “x can do y.” In the positive goal case you can easily check is the goal is met. Not so in the second one.

Another fatality when it comes to securing your system, is well the fact that even one small failure due to an attack can be enough to corrupt the system. However, even knowing failures does not say much about the nature of the attack at times. As a result, a complete security solution does not exist. What we do instead is model systems in the context of security, and assess common risks/attacks.

To create a security model we basically need two things: the goals (or policy) and the assumptions (or threat model). The goals may include privacy (limitation to who can read data), integrity (limitations on who can write data) and availability (ensuring that the service keeps operating). Assumptions, or threat model include plausible assumptions of what we’re protecting against: adversary with unlimited computing power, or adversary with limited computing power. Compromising happens when systems do not have a complete threat model or unrealistic threat model (like assuming the attack comes from an outsider only — it’s not true, sometimes the attack can come from an insider too).


Part II

We now consider an example of a security model called the guard model. We think back to client/server models. In client/server model the client makes a request to access some resource on the server. However, there is reason to worry about the security of the server. We would like to secure the resource that is being stored in the server. To attempt to do this, the server needs to check all accesses to the resource (this is called complete mediation). The server, thus puts a guard in place to mediate every request for access.

The guard provides:

  • authentication: verifies the identity of the principal, for example checks the client’s username and password
  • authorization: verifies whether the principle has access to perform its request on the resource, for example by consulting an access control list for a particular resource.

The guard model applies to lots of places, not just client/server.

download (1)

Examples (copyright to lecture notes from 6.033):

  1. UNIX file system:
    1. client: a process
    2. server: OS kernel
    3. resource: file, directories
    4. client’s requests: read(), write() system calls
    5. mediation: U/K bit and the system call implementation
    6. principal: user ID
    7. authentication: kernel keeps track of a user ID for each process
    8. authorization: permission bits & owener UID in each file’s inode
  2. Web server running on UNIX:
    1. client: HTTP-speaking computer
    2. server: web application
    3. resource: wiki pages (?)
    4. requests: read/write wiki pages
    5. mediation: server stores data on local dist, accepts only HTTP requests
    6. principal: username
    7. authorization: list of usernames that can read/write each wiki
  3. Firewall = a system that acts as a barrier between a presumbly secure, internal network and the outsde world. It keeps untrusted computers from accessing the network.
    1. client: any computer sending packets
    2. server: the entire internal network
    3. resource: internal servers
    4. requests: packets
    5. mediation:
      1. internal network must not be connected to Internet in other ways
      2. no open wifi access point on internal network for adversary to use
      3. no internal computers that might be under control of adversary
    6. principal: none
    7. authentication: none
    8. authorization: check for IP address & port in table of allowed connections

What can possibly go wrong?

  1. Complete mediation can be bypassed due to software bugs or an adversary
    1. how to prevent this? can reduce complexity (the area to cover with the guard)
    2. The principle of least-privilege which limits the privileged or trusted components
  2.  Policy vs. mechanism: high level policy is ideal, clear and concise. Security mechanisms (like for example, guards) provide lower-level guarantees. :/
  3. Users make mistakes!!!
  4. Users may be unwilling to pay cost of security mechanism.




Compassion, empathy, positive bias and the Pollyanna effect

I have been thinking about this lately. How do we go about living? It’s definitely nicer (I believe) to be pollyanesque and put a silver lining on everything. It makes you feel happier, and sure it might not be true all the time, but then you can focus on other things rather than be wallowed up in your misery. Right? It also helps you be more thankful, and being thankful is seriously very good for you. Then there is the other side of the coin, people that say putting the silver lining on things does not help, but diminishes one’s experience (be it your own or others’). People that view Pollyanas as being fake and suspicious, annoying even. It is better to be empathetic, not sympathetic they say. There seem to be tension between the two mindsets, yet one is exhausting and the other is, in the short run at least, fulfilling and helpful. What’s the point of being vulnerable and letting your own darkness come once again so you can relate with someone else’s? Aren’t you better off with a strong foot on the green grass as you’re trying to help someone that is in the dark pits? Is it not possible to show someone you care despite not sharing their feelings, or commiserating with them? Maybe this is biased, but in perspective, it’s been more helpful to be around people that I felt did not understand me at the moment, but that eventually shook me off the darkness I was in. Except for times when I was not ready to leave the darkness and then it felt somewhat violating to be pulled out of it… How do we live and be thankful and mindful of every small thing? Isn’t Pollyanna (positive bias) more like the way to go about life than the other approach? (maybe not Pollyanna but a sort of hybrid-Pollyanna is closer to the answer?)


  4. The video on empathy and sympathy:

Book List

A post intended to be changed with time:


  1. Time of White Horses – Ibrahim Nasrullah
  2. This is how you lose her – Junot Diaz
  3. Master and Margerita – Mikhail Bulgakov
  4. The Scarlet Letter – Nathaniel Hawthorne
  5. How to kill a mockingbird 
  6. Mein Kampf – Adolf Hitler
  7. The Name of the Rose – Umberto Ecco
  8. The Garlic Ballads –  Mo Yan (China)
  9. Almost transparent Blue – Ryu Mukarami
  10. A doll’s house – Henrik Ibsen
  11. My name is Red – Orhan Pamuk
  12. Children of Gebelawi
  13. The House of the Spirits – Isabel Allende
  14. Fahrenheit 451
  15. The Last Lecture – Randy Pausch
  16. A fine balance


  1. Four Loves – C.S. Lewis
  2.  Brothers Karamazov – Dostoevsky
  3. Siddharta – Herman Hesse
  4. The Prophet – Khalil Gibran
  5. Don Quixote – Cervantes
  6. The Great Divorce – C.S.Lewis
  7. The problem of Pain – C.S.Lewis

Foreign language reading

New hellos and goodbyes

It’s been about 4 years since I last wrote in this blog. I’ve been very busy for the duration of those 4 years: doing life, doing school, sometimes, even doing nothing. I’m sort of back now though, a very changed Erjona. So much has happened, dear friend. So much has changed.

However, I’m happy and the change is not something I see as bad at all! I’ve found new meanings, new thrills, new loves. Most importantly, my whole world-view has changed. Now the sun under which I see the world, is very different and very unexpected. I’ll keep talking cryptic for a while unfortunately, but hopefully the coming posts should give a good idea about what’s been happening so far 🙂

Spoiler alert: I’ve found something that makes me more excited than anything else. Something that has stolen my heart and has shifted my perspective in an amazing, thorough way. My heart has been stolen by the one I’ve been looking for my entire life. The one I loved long time ago as a child, the one I trust and believe in again now.


South Albania


This is my first time taking a stab at writing a poetry in Spanish, so here it goes (it’s an assignment for a class):

Vienes en mi pecho, como un traicionero
Sé que no eres bueno para mí
Pero quizás es mi maldito destino ser junto a ti
País, país, país, país ridículo
No, ridículo es el amor que siento por ti
Ridículo es que no puedo olvidar
Ridículo es que no puedes alcanzar

Mentiras, ya te he olvidado tantas veces
Mentiras, son lo que me enseñaron de ti

No, no todo fue mentira, no
pero aun así
Ya no sé qué hacer por ti
Ya no sé cómo debería amar-a-ti
Ya no sé si debería preocuparme de ti

Pero, qué hay de mí?
Si no hay amor
Si no hay amor siquiera por ti?
Y si entregase mi cuerpo para ser quemado,
Que hay de mi si no hay amor por ti?
Y que hay de ti, si matas el amor de tus colibrís
Que hay de ti, si niegas el amor del unico salvador,
Que hay de ti?

“Dichosos son los que lloran
Porque serán consolados”