Local Insanity

This is harder than I thought it’d be. I’ve overslept every time I’ve tried to do it. I need a real alarm. The phone is too easily turned off and the computer is unreliable. My mission today is to get a better alarm.

Jelly Bellies are the product of evil genius. Here’s why:

• They smell good when you open the container, but you can’t taste it until you bite on it (or suck on it for a long time), forcing you to eat them faster than you might like.
• There are many nearly diametrically opposed flavors that nearly share colors.
• When gauging how many there are in a container, you will almost always be at least an order of magnitude off.
• They’ve usurped the position as the official “upgrade” from jelly beans.

I skipped Day 1 mostly because I’d intended to do the blog entry after my 3am nap, but the 3am nap extended all the way until 8am. I guess I’ve gotten pretty good at turning off my alarm in my sleep. So I find myself set back about one day. Today I biked to the coast from work to take my 11am nap. There was already a guy sitting in the spot I would have used, which surprised me given that I’d never seen anyone there before. I remembered that there was a path that led on some switch-backs down the side of the cliff, two of which have some overhanging rock. I stopped at the first one and slept there - or tried to.

It’s really amazing how hard it is to sleep for any length of time if you’re concentrating on doing just that. I was not sleep-deprived enough to need to get into it. I decided to skip both my 3pm and 7pm naps, since I wouldn’t be sleepy enough to do anything with them anyway. I did take the 11pm one though, and I actually did fall asleep. Waking up to the alarm and actually getting out of bed was a near thing though. It is now a quarter past 2am.

Like Steve, I’ve found it somewhat challenging to stay awake in the middle of the night. There’s this psychological pressure that tells me I shouldn’t be doing anything, that I should be asleep, to go to bed. Yet here I am, awake. I think I’ll take a walk - the night should be cool enough to wake me up a little bit. Day 2 video

I saw a journal of this over at stevepavlina.com and decided to give it a shot. Mostly because I’m curious, and I think I can if I try hard enough. I’ll get something out of it, even if it’s just learning that this doesn’t work for me. I thought that it’d be fun to record visually using my new MacBook’s iSight, which should give some idea of how insane I’m getting from sleep deprivation. Here’s day 0.

I’ve tentatively decided on a schedule of 30 minute naps six times a day at 3, 7, and 11. To begin I’ll be going to bed at 11pm, waking up roughly 7:30am, then a nap at 11-11:30am etc. The hardest thing, initially, will be finding things to do at night that are not going to put me to sleep. Here’s hoping I don’t get fired.

I’ve renewed my interest in access control systems recently, and decided to review them a bit more formally rather than looking at specific implementations (NTFS permissions, UNIX permissions, etc).

Access Control Types

Discretionary access control

This system has users with directly assigned permissions. Assets have a concept of an owner, a user which controls access to that asset. An asset without an owner is theoretically defenseless.

Mandatory access control

This is a bit like concentric circles of trust, reminiscent of Meet the Parents, where users are placed in one of the circles and are allowed to access everything on that and all lower levels. Think “Classified” and “Top Secret”.

Role-based access control

This is widely regarded as a best practice, is where users have many roles, roles have many users, and users get permissions based on what roles they belong to. A user without roles has no access. This is great where you have large groups of people who all have similar access needs, such as point-of-sale employees.

What about the enterprise?

The above work well for single applications, but what happens when you have many applications? Each application’s administrator will likely need to manage the same set of users, or at least a large subset of them. This is inefficient, but also leads to other problems. The biggest problem is the fragmentation of roles. A few course-grained roles may be just fine for the primary users of an application, but what about those users who require access but are not easily pigeon-holed? Consultants, contractors, people from other departments, etc.

One paper I read suggested using a request-based permissions system, using a few course-grained roles to cover what can be easily covered. Users will then request specific permissions as they require them, with the request and approval process made a part of the system.

For example, I’m in marketing and I get the default set of permissions that come with that job. I typically do not need access to my company’s source control repositories. At some point I find that doing my job does require it for some reason, so I need to get access to it somehow. In the role-based system one of three things might happen:

1. I’m given an existing role that allows SCM access
2. An existing role is fragmented into roles with smaller permissions, and I’m assigned one of those
3. A new role with the permissions I need is created without changing existing roles

The first is unlikely because it will likely give me more access than I need. The second is likely if this hasn’t been done for anyone else before, the third if it has. The paper I’d read claimed that, over time, this parallel management of applications would cause the number of roles to multiply until it became unmanageable, losing the benefits of the role-based system.

Under the request-based system I’d simply request access to the SCM. That request would be routed to the appropriate person to be approved or rejected. The access I obtain is assigned to me personally, not through any particular role.

Over time this leads to privilege accumulation since users will actively pursue obtaining the permissions they need to do their job, they won’t be so active in shedding those they no longer require. Therefore a periodical, hierarchical audit should take place.

I saw Superman Returns yesterday at Camino Real. It was a good movie, and fairly different from the other superhero movies that have come out in the last few years. It’s trippy how much the actor looks like Christopher Reeve. What struck me most about the movie was that it did not appear to be aware that it was a movie that was going to be judged, discussed, dissected, etc - it wasn’t self-conscious.

The acting was all good, but not spectacular. I felt that Kevin Spacey’s talents were underused. There was a plot twist or two, but they weren’t set up to impress and they didn’t feel fake. Superman’s time spent as Clark Kent was, if not actually short, then seemingly short - this is a good thing. He’s such an uncertain chump.

The use of Superman’s powers was refreshingly realistic and didn’t feel overdone. The flying scenes were awesome, especially the opening scene with the plane and the scene high above the earth, listening to everything.

This is one of the few movies that’s actually worth the price of seeing in the theater.

My new MacBook finally arrived yesterday! I got it mostly set up in a short amount of time and am now testing it to see what it does well, what it does not so well. Here are my initial impressions:

The Good

• It’s a Mac. Need I say more?
• It’s fast - at 2GHz core duo, it’s a huge improvement over my 1GHz G4
• Built-in iSight, Mag-safe power, magnetic latch, bright screen
• Running WishRadar tests takes under a minute!

The Bad

• The keys can be difficult to press, particularly the arrow keys
• The bezel on the screen is a bit big for my tastes - doesn’t really match OS X
• Plastic makes it feel a little cheaper than my old TiBook

In all, it’s a solid machine, and the screen size doesn’t seem to bother me. Hopefully I’ll solve or forget about its problems as time goes on and I realize how much a faster machine will help me code.