Alex JohnsonPosts and pictures.
http://alxmjo.com/
Drawing the Soul Toward Truth: The Math of Ancient Greece<p>In my <a href="posts/#MathHistory">previous posts</a> on the history of math, one theme that came up repeatedly was that the same mathematical ideas arose again and again in different periods and in different cultures. Classic examples of this include the decimal system of numeration, the concept of zero, the basic operations, and even more advanced ideas such as the Pythagorean theorem.</p>
<!--more-->
<p>In many cases, it’s impossible to determine which culture was the first to come up with an idea, due to a lack of physical evidence, imperfect dating techniques, and other challenges. This is the case for many ideas, but not for that of the <a href="https://en.wikipedia.org/wiki/Axiomatic_system">axiomatic proof</a>, an idea which came out of Ancient Greece and forever changed mathematics and the modern world. But before we get to proofs, let’s take a step back. And unless otherwise noted, my summary and commentary here is based on <em><a href="https://www.pearson.com/us/higher-education/program/Katz-History-of-Mathematics-A-3rd-Edition/PGM118392.html">A History of Mathematics</a></em> by Victor Katz.</p>
<h3 id="ancient-greece-and-the-historical-record">Ancient Greece and the historical record</h3>
<p>The period we’re concerned with here dates from approximately the sixth century BCE. At this time, Greece lacked a central government and was instead made up of a collection of city states. These city states existed under the rule of law that was premised on argument and debate, two critical ingredients when trying to prove anything, mathematical or otherwise.</p>
<p>What we know of the mathematics of this period is only thanks to copies of copies of the original Greek texts. In fact, according to Katz, “there are virtually no extant texts of Greek mathematics that were actually written in the first millennium BCE.”</p>
<p>For numbers, the Greeks <a href="https://en.wikipedia.org/wiki/Greek_numerals">used</a> a decimal system which used Greek letters to represent numbers. This was not a positional system. Indeed, there were different symbols altogether for 1, 10, and 100, and numbers in the thousands and greater were made by using a superscript notation, such that ‘θ would represent 9,000, the θ for 9 and the ‘ for thousands.</p>
<p>To represent fractional parts, the Greeks employed a system similar to that of the <a href="egypt-mesopotamia">Ancient Egyptians</a>, in which there existed symbols for the unit fractions, like a half, quarter, and so on, plus a symbol for two-thirds. These symbols would then be combined into a sum of fractions to represent the fractional part. For example, three-fourths might have been represented as the sum of one half and one quarter.</p>
<p>This similarity with the Ancient Egyptian system is consistent with the fact that there was significant sharing between the two cultures (though they were active in different periods). Indeed, the Greeks themselves said that their discoveries were made possible by discoveries made by the Egyptians.</p>
<h3 id="pythagoras-the-pythagoreans-and-a-theorem">Pythagoras, the Pythagoreans, and a theorem</h3>
<p>Pythagoras was born in the 6th century BCE in Somos, now modern Greece, and died in what is now Italy about 75 years later. In the interim, he founded a school which focused on a kind of mathematical mysticism.</p>
<p>One important conviction of the Pythagoreans was that “number was the substance of all things.” This speaks volumes about the possibility of using numbers to know and understand the universe, a thread that can be seen throughout Ancient Greek philosophy.</p>
<p>Perhaps the most well-known idea to come out of Ancient Greece (ignoring for now that other cultures were aware of it, too) is the <a href="https://en.wikipedia.org/wiki/Pythagorean_theorem">Pythagorean theorem</a>, which states that the sum of the squares of the legs of a right triangle are equal to the square of the hypotenuse (a²+b²=c²).</p>
<p>Much has been written about Pythagoras, but one thing we don’t know for sure is whether he invented it. We do know, however that <a href="ancient-chinese-math">other cultures</a> were aware of the relationship and likely discovered it in independence. Nevertheless, Pythagoras is credited with the first proof, though no extant version exists.</p>
<p>There are now hundreds of ways of proving the Pythagorean theorem. One of the most common is by rearrangement, shown below. We’ll see Euclid’s proof, which is the focus of the first book of his Elements, shortly.</p>
<p><img src="http://alxmjo.github.io/images/pythag-proof-rearrange.svg" alt="pythagorean proof by rearrangement" />
<em>A visual proof of the Pythagorean theorem employing reorganization. Refresh this page to see it repeat, or <a href="https://upload.wikimedia.org/wikipedia/commons/9/9e/Pythagoras-proof-anim.svg">click here</a> to see it on Wikipedia.</em></p>
<p>The repercussions of this relationship are nearly limitless. In particular, one outgrowth is that the sides and diagonal of a square are incommensurable, which means that they cannot be expressed as a ratio of integers. For example, take the unit square, whose base and height is 1. Draw a diagonal line connecting two opposite squares of the triangle to create two equal triangles. The hypotenuse of those triangles, according to the Pythagorean theorem, has length √2 (1²+1²=c² → c = √2). This number cannot be expressed as a ratio of integers. In other words, it is irrational, just like π.</p>
<p>This recognition of a number as being irrational was, according to Katz, unique to the Greeks. The Babylonians assigned a length to this hypotenuse (which of course one can), but they didn’t appear to recognize that it was impossible to assign an <em>exact</em> length.</p>
<h3 id="plato-and-aristotle">Plato and Aristotle</h3>
<p>Like Pythagoras, Plato founded a school in Athens around 385 BCE. It was said (though no proof exists) that the entrance to his academy was inscribed with the phrase “Let no one ignorant of geometry enter here.” Plato is now best known for his political and moral philosophy, but it’s important to note that mathematics were included in the education he thought necessary for so-called philosopher kings. The subjects, as described in <em><a href="https://en.wikipedia.org/wiki/Republic_(Plato)">The Republic</a></em>, were as follows:</p>
<ul>
<li>Arithmetic</li>
<li>Plane geometry</li>
<li>Solid geometry</li>
<li>Astronomy</li>
<li>Harmonics</li>
</ul>
<p>More proof of Plato’s feelings toward mathematics, or at least geometry, can be found in this line, also from <em>The Republic</em>:</p>
<blockquote>
<p>Then, my noble friend, geometry will draw the soul towards truth, and create the spirit of philosophy, and raise up that which is now unhappily allowed to fall down.</p>
</blockquote>
<p>The inclusion of harmonics is important because it illustrates an important point about abstraction. Katz writes: “…Plato meant for them to go beyond the actual musical study, using real strings and real sounds, to the abstract level of ‘inquiring which numbers are inherently consonant and which are not, and for what reasons.’”</p>
<p>That Plato (and others) would focus on abstraction is a key reason for why so much of our mathematical tradition is traced to the Greeks. After all, what is mathematics but an abstraction of the physical world?</p>
<h3 id="heres-looking-at-euclid">Here’s looking at Euclid</h3>
<p>The circumstances of Euclid’s birth and death remain unknown, but we do know that he was active in Alexandria after its founding by Alexander the Great, around the late 4th century BCE. His book, <em>Elements</em>, is described by Katz as “the most important mathematical text of Greek times and probably of all time.” In it, Euclid builds a theory of mathematics and geometry from a set of simple axioms, like a straight line connecting two points, and all right angles being congruent. Interestingly, this seminal book of mathematics is almost completely lacking numbers. It’s also lacking in measurement of length and angle, besides that of the right angle.</p>
<p><img src="http://alxmjo.github.io/images/euclid-elements.jpg" alt="euclid elements copy" />
<em>One of the oldest copies of Euclid’s Elements, dating to around 100 CE.</em></p>
<p>Historically, it’s important to point out that the contents of Euclid’s <em>Elements</em> was not created solely by Euclid himself. Instead, his book represents a kind of summary of what was known about mathematics and geometry at that point in time.</p>
<p>Ptolemy is said to have asked Euclid whether there was a shorter way to understanding geometry than through his <em>Elements</em>, to which Euclid replied: “There is no royal road to geometry.” There may be no royal road, but there are certainly more interesting ones. Had Euclid’s <strong></strong><em>Elements</em> been my first textbook I’m sure I would’ve given up a long time ago. It is, according to Katz, “incredibly dull.”</p>
<p>That said, there is a certain satisfaction that comes with walking through one of his proofs. Take, for example, his proof of the Pythagorean theorem. Rather than relying on the rearrangement proof shown above, Euclid starts with a right triangle and builds from there. If you’d like to read the proof in detail, the <a href="https://en.wikipedia.org/wiki/Pythagorean_theorem#Euclid's_proof">Wikipedia page</a> has a summary. Alternatively, have a look at the graphic below:</p>
<p><img src="http://alxmjo.github.io/images/pythag-proof-euclid.svg" alt="euclid pythagorean proof" />
<em>The basis of Euclid’s proof of the Pythagorean theorem.</em></p>
<p>The key to Euclid’s proof is that the inscribed triangles DBA and FBC are shown to be equal in area. This leads to the conclusion that ABFG and BDLK (shaded in pink) are equal in area. Similarly, Euclid shows that the rectangles AHIC and KLEC (shaded in blue) are equal in area. The two smaller squares, then, are equal in area to the sum of the parts of the larger square. Or, in other words, that the square of the legs of the right triangle are equal in area to the square of the hypotenuse. I’m skipping a lot of steps here, but that’s the basic idea.</p>
<p>Finally, I wish I could claim the pun which headlines this section, but I <a href="https://www.amazon.com/Heres-Looking-Euclid-Surprising-Astonishing-ebook/dp/B003L786SM">stole it</a> from Alex Bellos.</p>
Fri, 15 Feb 2019 22:14:47 +0000
http://alxmjo.com/math-of-ancient-greece
http://alxmjo.com/math-of-ancient-greeceAlgebra and Restoration<p>In the final chapter of <em>The Crest of the Peacock</em>, Joseph explores the mathematical contributions of the Islamic world, covering the eighth through the thirteenth centuries. One of the central players in this history was <a href="https://en.wikipedia.org/wiki/Muhammad_ibn_Musa_al-Khwarizmi">Muhammad ibn Musa al-Khwarizmi</a>, who was born in present day Iraq around 780.</p>
<!--more-->
<h3 id="al-khwarizmi-and-al-jabr">al-Khwarizmi and al-jabr</h3>
<p>Beyond al-Khwarizmi’s mathematical contributions, he gave us two terms: <a href="https://en.wikipedia.org/wiki/Algebra#Etymology">algebra</a> to mean the manipulations necessary to solve an equation, and <a href="https://en.wikipedia.org/wiki/Algorithm#Etymology">algorithm</a>, which is derived from the name al-Khwarizmi itself.</p>
<p>Algebra comes from the Arabic word <em>al-jabr</em> meaning “the restoration of broken parts.” The connection to mathematics was that of adding a term to both sides of an equation to remove negative values. For example, if x - 3 = 4, then adding three to both sides would show x = 7.</p>
<p>The corollary to restoration is “reduction,” which translates to <em>al‐muqabala</em>. Reduction would be the subtraction of a term from both sides of an equation to remove positive values. For example, if x + 4 = 9, then subtracting four from both sides would show x = 5.</p>
<h3 id="restoring-a-history-and-future-of-math">Restoring a history (and future) of math</h3>
<p>Joseph finishes his book with a short summary of 511 pages that precede it. He writes: “No society, however small or remote, has ever lacked the basic curiosity and ‘number sense’ that is part of the global mathematical experience.”</p>
<p>I love this. In a <a href="the-case-for-transmission">previous post</a> I considered Joseph’s thoughts on the transmission of mathematical ideas. One thing I didn’t mention, however, is my conviction that there are a host of customs and qualities that are shared by humans the world over. This isn’t just my idea, of course, or pulled out of thin air. I first came across it when I was earning a degree in anthropology. Unfortunately, those classes never touched on mathematics as a cultural universal, and I’m embarrassed to admit that I never thought about it much either. So kudos to Joseph for making the case in such a convincing fashion.</p>
<p>As for the future, Joseph writes: “And yet if there is a single universal object, one that transcends linguistic, national, and cultural barriers and is acceptable to all and denied by none, it is our present set of numerals.”</p>
<p>This sentence speaks for itself, though it reminds me of a story. When I traveled to Lebanon a few years ago I was surprised to find license plates that looked like this:</p>
<p><img src="http://alxmjo.github.io/images/lebanon-plate.jpg" alt="lebanon license plate" />
<em>License plate in Lebanon. Image via <a href="https://en.wikipedia.org/wiki/Vehicle_registration_plates_of_Lebanon">Wikipedia</a>.</em></p>
<p>What were those symbols on the bottom? My guide told me that they were Arabic numerals. I thought <em>ours</em> were Arabic numerals. Later, I learned that there are actually two kinds of Arabic numerals: <a href="https://en.wikipedia.org/wiki/Arabic_numerals">Hindu-Arabic</a> numerals (0,1,2,3,4,5,6,7,8,9) and <a href="https://en.wikipedia.org/wiki/Eastern_Arabic_numerals">Eastern Arabic</a> numerals (٠,١,٢,٣,٤,٥,٦,٧,٨,٩).</p>
<p>The cool thing about the license plates in Lebanon was that they showed the same numbers in both systems. So within a couple days of looking at plates, I had them memorized. I haven’t used that knowledge since, but it was an early education in the fact that while numbers may be universal, their appearance certainly isn’t.</p>
Mon, 11 Feb 2019 23:35:22 +0000
http://alxmjo.com/algebra-restoration
http://alxmjo.com/algebra-restorationKerala and the Case for Transmission<p>Last week I wrote about <a href="ancient-india-math">ancient Indian math</a>, which George Gheverghese Joseph covers in the eight and ninth chapters of <em>The Crest of the Peacock</em>. In the tenth chapter Joseph turns his attention to <a href="https://en.wikipedia.org/wiki/Kerala">Kerala</a>, on the southwestern tip of the Indian subcontinent.</p>
<!--more-->
<p>Modern Kerala first came on my radar when I was living in Qatar, which also home to some 650,000 Indians. Whenever I asked where they were from, they seemed to always say Kerala. Qatar Airways, for its part, operates eight nonstop flights per day between Kerala and Doha, Qatar. But I digress.</p>
<p>This chapter covers a range of subjects, from important mathematicians like <a href="https://en.wikipedia.org/wiki/Madhava_of_Sangamagrama">Madhava</a> and <a href="https://en.wikipedia.org/wiki/Parameshvara">Paramesvara</a>, to countering the notion that all non-European math was purely utilitarian. <a href="https://en.wikipedia.org/wiki/Pure_mathematics">Pure mathematics</a>, as it is known today, is the field of math that does not intend to serve practical application (even if practical applications are <a href="https://math.stackexchange.com/questions/280530/can-you-provide-me-historical-examples-of-pure-mathematics-becoming-useful">eventually found</a>). Joseph writes:</p>
<blockquote>
<p>“I have a vision of a group of pure mathematicians in Kerala between the fourteenth and sixteenth centuries indulging in their passion and probably proud of the fact that the mathematics that they did was of no use to anyone!”</p>
</blockquote>
<p>What really struck me about this chapter, though, is wherein Joseph considers the “case for transmission” of Kerala mathematics. Or, in other words, the argument that certain mathematical ideas were transmitted from Kerala to the West rather than discovered independently.</p>
<p>On the surface, it seems like an easy thing to do. After all, we can <a href="https://en.wikipedia.org/wiki/Trade#Ancient_history">trace the spread</a> of goods, so why not mathematics? Then again, how does one trace an idea?</p>
<p>Joseph doesn’t use this example, but to me it’s like trying to trace the spread of a rumor. Where did it begin? Who shared it with whom? You might have physical evidence to go on, but what if you didn’t? Where would you begin?</p>
<p>Joseph suggests a couple points that give strong evidence for the transmission of a mathematical idea (like the <a href="https://en.wikipedia.org/wiki/Quadratic_formula">quadratic formula</a>, say):</p>
<ul>
<li>Translations of the idea from one language to another.</li>
<li>Errors in calculation or formula that are unlikely to have been come upon by chance.</li>
</ul>
<p>The second one makes me think of cheating on a test. What are the chances that multiple students all found the product of 9 and 9 to be 83? It’s possible that they were all making the same mistakes, of course, but probably more likely that they were sharing answers. As Tolstoy wrote, “Happy families are all alike; every unhappy family is unhappy in its own way.” Or at least they <em>should</em> be.</p>
<p>Without translations or errors to go off of, Joseph volunteers a second class of evidence that follows the legal ideas of motivation and opportunity. The motivation the West had to import the mathematical ideas of Kerala were the trifecta of astronomy, date keeping, and navigation. And the opportunity for transmission was provided by trade and Jesuit missionaries.</p>
<p>Establishing motivation and opportunity would still make for a weak legal case, as Joseph admits (though he does go into much greater detail than I’m able to here). That said, I find it an interesting way to think about the question, and a reasonable to way to think through other questions like it.</p>
Mon, 11 Feb 2019 21:30:08 +0000
http://alxmjo.com/the-case-for-transmission
http://alxmjo.com/the-case-for-transmissionDefense Against the Dark Arts: Week 6<p>This week’s lectures focused on network security, threats, and defenses. The presenters were Geoffrey Cooper and Ram Venugopalan, both researchers at McAfee.</p>
<!--more-->
<h3 id="definitions">Definitions:</h3>
<ul>
<li><a href="https://en.wikipedia.org/wiki/Robustness_principle">Robustness principle</a>: Machines connected to a network should follow standards whenever sending, but should accept malformed messages as long as the meaning is clear. This lends itself to robustness because it encourages senders to only send proper messages, but it allows receivers work with less-than-perfect messages.</li>
<li><a href="https://en.wikipedia.org/wiki/Zero-day_(computing)">Zero-day vulnerability</a>: A vulnerability that is unknown to those who would want to prevent it, but may be known to someone who would want to exploit it. In concrete terms, it’s like accidentally (and unknowingly) leaving your house unlocked.</li>
<li><a href="https://en.wikipedia.org/wiki/Honeypot_(computing)#Honey_nets">Honey net</a>: Like a honey pot, but in the form of a network. Meant to attract nefarious actors and malware.</li>
<li><a href="https://en.wikipedia.org/wiki/Quarantine_(computing)">Quarantine</a>: Isolating suspicious software, connections, or users.</li>
</ul>
<p>Returning to the robustness principle, this definition by Jon Postel provides a good summary.</p>
<blockquote>
<p>“TCP implementations should follow a general principle of robustness: be conservative in what you do, be liberal in what you accept from others.” - Jon Postel</p>
</blockquote>
<p>The presenters point out that the robustness principal made the internet what it was today, but it also presents vulnerabilities since hosts on a network are encouraged to accept a lot of things, even if they don’t perfectly conform to standards.</p>
<h3 id="defining-expected-and-unexpected-behavior">Defining expected and unexpected behavior</h3>
<p>If you know what you’re network is supposed to do, it’s possible to identify unexpected (and potentially malicious) behavior. A firewall can be a means of establishing expected behavior and blocking unexpected behavior.</p>
<p>I’ve found that much of the design and explanation of computer security is related to military theory, and network security is no different. The presenters described a network security strategy centered on zones, defense in depth, and taking advantage of a demilitarized zone.</p>
<ul>
<li><a href="https://www.kwtrain.com/blog/network-security-zones">Network security zones</a>: Separating a network into sections and applying different security rules to each. For example, a network might be more suspicious of email that originates from outside the organization.</li>
<li><a href="https://en.wikipedia.org/wiki/Defense_in_depth_(computing)">Defense in depth</a>: Setting up a variety of defenses in layers such that if a malicious actor makes it past one defense they will be caught by another. Interestingly, the presenter from a previous week (one, I believe) casually mentioned that some organizations are moving away from this strategy. I’m curious to know what they’re moving toward.</li>
<li><a href="https://en.wikipedia.org/wiki/DMZ_(computing)">Demilitarized zone</a>: The part of a network which faces the outside world. Part of a defense in depth strategy.</li>
<li><a href="https://en.wikipedia.org/wiki/Firewall_(computing)">Firewall</a>: Identifies known good traffic and rejects everything else.</li>
<li><a href="https://en.wikipedia.org/wiki/Intrusion_detection_system">Intrusion detection system</a>: The opposite of a firewall. Instead of allowing known good traffic and blocking everything else it identifies bad traffic and blocks it.</li>
</ul>
<h3 id="types-of-attacks">Types of attacks</h3>
<ul>
<li><a href="https://en.wikipedia.org/wiki/Man-in-the-middle_attack">Man in the middle</a>: Wherein a malicious actor intercepts internet traffic either to capture and use elsewhere or to modify and resend.</li>
<li><a href="https://en.wikipedia.org/wiki/Denial-of-service_attack">Denial of service</a>: Prevents a server or host from serving legitimate requests by flooding it with superfluous requests. These attacks have been expanded into distributed denial of service attacks in which many machines are used to constantly make requests of a particular server or host.</li>
</ul>
<h3 id="network-reconnaissance">Network reconnaissance</h3>
<p>The presenters covered the two types of network reconnaissance, active and passive.</p>
<h4 id="active">Active</h4>
<p>Active reconnaissance involves doing things like looking for vulnerable ports on a machine or employing a tool like NMap. This means actively engaging with the machine or network, sending packets, etc.</p>
<p>One strategy the presenters spoke about was using a so-called “slow-scan,” in which this scan is done randomly over a period of time to make it more difficult to track and defend against.</p>
<h4 id="passive">Passive</h4>
<p>Passive reconnaissance involves observing the packets that are in transit across a network without creating or sending packets. This style of reconnaissance would be more difficult to track and defend against.</p>
<h3 id="tools">Tools</h3>
<p>The presenters covered several network analysis tools, including:</p>
<ul>
<li><a href="https://en.wikipedia.org/wiki/Nmap">NMap</a>: Maps a network by sending packets and observing responses.</li>
<li><a href="https://en.wikipedia.org/wiki/Wireshark">WireShark</a>: A packet analyzer or sniffer. Allows the user to observe the packets that are traveling on a network or machine.</li>
<li><a href="https://en.wikipedia.org/wiki/Ping_(networking_utility)">Ping</a>: Allows a user to test the reachability of a host on a network.</li>
</ul>
<h3 id="prevention">Prevention</h3>
<p>The presenters didn’t go into too much detail regarding protecting against network-based attacks, but they did mention a few things that I thought were interesting.</p>
<h4 id="public-key-cryptography">Public key cryptography</h4>
<p>I first became interested in <a href="https://en.wikipedia.org/wiki/Public-key_cryptography">public key cryptography</a> after watching <a href="https://www.youtube.com/watch?v=GSIDS_lvRv4">this video</a> from Computerphile and a corresponding <a href="https://www.youtube.com/watch?v=M7kEpw1tn50">video</a> from Numberphile. I won’t attempt an explanation here. Suffice to say that this is a hugely important part of the modern internet.</p>
<h4 id="response-rates">Response rates</h4>
<p>If a host is constantly making requests on a server in a way that may hinder serving requests from other users, one strategy is to slow down the response rate in an exponential fashion. In other words, the first request might be served immediately, the second request after two seconds, the third after four seconds, and so on.</p>
<h4 id="false-data">False data</h4>
<p>The basic idea here is to knowingly provide inaccurate data to a potential malicious threat in order to mitigate the threat.</p>
Mon, 11 Feb 2019 19:06:03 +0000
http://alxmjo.com/dada-week-6
http://alxmjo.com/dada-week-6Defense Against the Dark Arts: Week 5<p>The presenter for this week’s lectures was Aditya Kapoor, a malware researcher who was employed by Intel. He’s now at <a href="https://threatvector.cylance.com/en_us/contributors/aditya-kapoor.html">Cylance</a> working on security research.</p>
<h3 id="rootkits">Rootkits</h3>
<p>A <a href="https://en.wikipedia.org/wiki/Rootkit">rootkit</a> is a sophisticated form of malware which allows code to infiltrate and run on a machine without being detected. Rootkits gain a level of access that is normally not permitted. This can be used to provide different types of malware access to a machine.</p>
<p>The central strategy in defending against rootkit attacks is to prevent their installation in the first place because once they’re on a machine, they’re very difficult (perhaps impossible) to track down.</p>
<h3 id="agony">Agony</h3>
<p>The Agony lab involved observing the behavior of a particular rootkit sample called Agony. Part of Agony’s functioning depends on <a href="https://en.wikipedia.org/wiki/Hooking">hooking</a>, which is the process of intercepting some sort of communication on a machine and processing the result. The example that the presenter used was a thief stealing a product as it was being shipped from one place to another. In Agony’s case, the communication that it is hooking into is the API.</p>
<p>A key part of rootkits, as mentioned above, is obfuscation. In the Agony sample, there’s a file being hidden that is not visible to the user, nor to anti-virus software. Using a tool called <a href="https://resources.infosecinstitute.com/tuluka/">Tuluka</a>, the presenter was able to restore the file that was hidden by “rewinding” the series of events.</p>
<h3 id="threads">Threads</h3>
<p>The discussion on threads was mostly review for me (thanks to previous courses in this program), but there was a definition of the term that I liked. A thread, the presenter said, is the smallest unit of execution on a machine. Threads are important when discussing rootkits because the rootkit will employ a thread to accomplish its goal. As such, it’s important to be able to identify which thread among those currently running on a machine is associated with a rootkit.</p>
<h3 id="process-hacker">Process Hacker</h3>
<p>For this lab, the presenter demonstrated the use of a tool called <a href="https://processhacker.sourceforge.io/">Process Hacker</a>. It’s similar to the Windows application Process Explorer, but has an important difference: it allows the inspection of the virtual memory associated with a process.</p>
<p>The malware that we investigated in this lab was called <a href="https://en.wikipedia.org/wiki/Zeus_(malware)">ZBot</a> (or Zeus), which is a trojan that can be used for logging keystrokes.</p>
<h3 id="live-kernel-debugging">Live kernel debugging</h3>
<p>This demonstration showed how to inspect the memory and assembly instructions while using a debugger like WinDbg. The tool that the presenter used also allows modifying memory via manual entry. I was not familiar with this feature before this lecture.</p>
<p>This modification of memory was important for this particular example because it allows erasing links to the malware code. Once that code was no longer referenced in the kernel, it will no longer be called. After this modification Tuluka shows that the infection no longer exists. That said, if the malware is running on another thread then it can be repatching what you’re patching, presenting a race condition.</p>
Thu, 07 Feb 2019 14:26:14 +0000
http://alxmjo.com/dada-week-5
http://alxmjo.com/dada-week-5What the Ancient Indians Knew<p>In the eighth and ninth chapters of <em>The Crest of the Peacock</em>, George Gheverghese Joseph turns his attention to the mathematical history of India.</p>
<!--more-->
<h3 id="numeracy-without-numbers">Numeracy without numbers?</h3>
<p>Is it possible to prove that a culture was <a href="https://en.wikipedia.org/wiki/Numeracy">numerate</a> without seeing their numbers? Such is the case (and question) with the <a href="https://en.wikipedia.org/wiki/Indus_Valley_Civilisation">Harappan civilization</a>, which occupied the Indus Valley of modern Pakistan from 3000 to 1500 B.C. Because the Harappan script remains undeciphered, it’s impossible to know what represents a number and what might be a letter or word, or even whether the symbols represent a written language at all. So are there clues of their numeracy?</p>
<p>Joseph suggests that two discoveries are indicative of the mathematical achievements of the Harappan people:</p>
<ol>
<li>Cubic stones of uniform size and weight which were in use across hundreds of years. Taking one stone of 27.584 grams as a standard, the remaining stones form a series with the sizes 0.05, 0.1, 0.2, 0.5, 2, 5, 10, 20, 50, 100, 200, and 500. These stones might have been used as the weights of a scale.</li>
<li>Shells and other materials which were marked with consistent gradations. These may have been used to measure length, like a ruler.</li>
</ol>
<p><img src="http://alxmjo.github.io/images/harappa-weights.jpg" alt="harappan weights" />
<em>Cubic weights made from chert discovered in what is now Pakistan. Photo courtesy Harappa.com.</em></p>
<p>Perhaps the findings above, which were unearthed as part of archeological investigations, are simply the product of coincidence. Then again, these units of measurement have been found throughout the former Harappan territory, which stretched hundreds of miles, and across 500 years of their civilization. It seems plausible that these measurement devices are the remnants of a standardized system of weight and measure, which would have been dependent on a numerate society.</p>
<h3 id="geometry-in-service-of-religion">Geometry in service of religion</h3>
<p>The <a href="https://en.wikipedia.org/wiki/Vedic_period">Vedic period</a>, which spanned approximately 1500 to 500 B.C., followed that of the Harappan civilization. The Vedic religion is now seen as a precursor to Hinduism, or as an ancient part of the Hindu religion itself.</p>
<p>Ritual played an important part in the religion, particularly the fire worship, or <a href="https://en.wikipedia.org/wiki/Agnicayana"><em>Agnicayana</em></a><strong></strong> ritual. The preparation for this ritual involved the creation of sacrificial altars with specific shape and dimension which were said to please their gods.</p>
<p>Needless to say, achieving these requirements would’ve created a strong incentive for geometric exploration and learning, especially since some of the altar designs were quite intricate, like the <em>Mahavedi</em>, which contained within it the shape of a falcon. According to Joseph, “Its base had to be constructed to precise dimensions if the sacrifice was to bear fruit.”</p>
<p>The prescriptions for altar construction, which come from the <a href="https://en.wikipedia.org/wiki/Shulba_Sutras">Sulbasutra texts</a>, also show early knowledge (though no formal proof) of the <a href="https://en.wikipedia.org/wiki/Pythagorean_theorem">Pythagorean theorem</a>, Pythagorean triples (right triangles whose sides all have integer lengths), and of approximating square roots to a high degree of precision. For example, they were able to approximate √2 to five decimal places.</p>
<h3 id="the-modern-trifecta-place-value-decimal-and-zero">The modern trifecta: place-value, decimal, and zero</h3>
<p>Here are the three main entities of <a href="https://en.wikipedia.org/wiki/Arabic_numerals">our number system</a>:</p>
<ul>
<li><strong>Positional:</strong> Position determines value, i.e. <strong>2</strong>0 ≠ <strong>2</strong></li>
<li><strong>Decimal:</strong> Places represent powers of ten, i.e. 23 = (2 x <strong>10</strong><sup>1</sup>) + (3 x <strong>10</strong><sup>0</sup>)</li>
<li><strong>Zeros:</strong> To denote absence, i.e. 304 = (3 x 10<sup>2</sup>) + (<strong>0</strong> x 10<sup>1</sup>) + (4 x 10<sup>0</sup>)</li>
</ul>
<p>As I’ve discussed in <a href="http://alxmjo.github.io/posts#MathHistory">previous posts</a>, these entities have existed individually at different points in history in different parts of the world. The Mayans, for example, used a positional system with zero, but used base 20 instead of base 10. The Egyptians, on the other hand, had a symbol for zero but did not use it in a positional sense. None of this to say that these three entities are required or ideal. After all, you could literally build the pyramids without having all three.</p>
<p>The earliest record we have of a positional, decimal system which employed zeros as a place value likely comes from the <a href="https://en.wikipedia.org/wiki/Bakhshali_manuscript">Bakshali manuscript</a>, which was found in present-day Pakistan. Some parts of the manuscript date to the third century while others date to the tenth, leading historians to believe that the manuscript was assembled over a long period of time. Numbers which appear similar to those found in the Bakshali manuscript have been found as far east as Sumatra and present-day Vietnam. They date to the same period as the manuscript, at which time these regions were under the culture influence of India.</p>
<h3 id="solve-for-dot-and-color">Solve for dot and color</h3>
<p><a href="https://en.wikipedia.org/wiki/Aryabhata">Aryabhata</a>, the Indian mathematician born in the fifth century, employed a positional number system in his works. And while he did not use a symbol for zero, <a href="https://en.wikipedia.org/wiki/Aryabhata#Place_value_system_and_zero">some have argued</a> that his awareness of the properties of the number can be inferred from his work.</p>
<p>While the Bakshali manuscript mentioned above contained some early algebra, it wasn’t until until the time of Arybhata that it came to flourish. An interesting feature that sets the math from this period apart from others was that mathematicians began to employ letters for unknown quantities, just as we do today. They also apparently used the dot as an unknown, and even the word <em>varna</em>, which translates to “color” or “class.”</p>
<h3 id="word-problems">Word problems</h3>
<p>One thing I haven’t talked about in these posts but which I find interesting is the lyrical nature of the problems recorded in ancient manuscripts. Rather than simply laying out something along the lines of “2x = 6, solve for x”, the writers lay out quite a scene. Here’s one example, attributed to Aryabhata:</p>
<blockquote>
<p>O maiden with beaming eyes, tell me, since you understand the method of inversion, what number multiplied by 3, then increased by three-quarters of the product…</p>
</blockquote>
<p>Here’s another, taken from the <a href="https://en.wikipedia.org/wiki/Mah%C4%81v%C4%ABra_(mathematician)">Ganita-sara-sangraha</a>:</p>
<blockquote>
<p>One night in spring, a certain young lady was lovingly happy with her husband on the floor of a big mansion…</p>
</blockquote>
<p>If you’re curious about how this ends up as a math problem, well, you’ll just have to use your imagination.</p>
Thu, 31 Jan 2019 23:49:48 +0000
http://alxmjo.com/ancient-india-math
http://alxmjo.com/ancient-india-mathDefense Against the Dark Arts: Week 4<p>This week’s lecture was given by Brad Antoniewicz, another security expert from McAfee. And while previous presenters have been on the defense side of security, Mr. Antoniewicz is on the attack side. In other words, his job is to to try to find vulnerabilities in systems rather than try to protect against them. Two sides of the same coin, obviously, but it’s worth pointing out.</p>
<!--more-->
<h3 id="hacking">Hacking</h3>
<p>Every presenter has offered their own, slightly different definitions of terms. Here’s how this week’s presenter describes hacking: manipulating software to expose vulnerabilities.</p>
<p>He breaks this down into two main types of exploits:</p>
<ul>
<li><strong>Software exploits:</strong> Manipulating software to gain access, as in taking advantage of a stack overflow.</li>
<li><strong>Configuration exploits:</strong> Taking advantage of a setting or configuration, like a weak password or a disabled firewall.</li>
</ul>
<p>A major caveat that the presenter begins with is this: think before acting. Governments, universities, businesses, and other organizations take hacking very seriously. The stuff he goes onto describe gets people into legal and other types of trouble, and so one should be thoughtful about what they’re doing and what the consequences might be.</p>
<h3 id="trends">Trends</h3>
<p>This lecture was originally delivered in 2015. At that time, Mr. Antoniewicz said that previously, hackers tended to focus on the perimeter surrounding an organization’s technical assets, like its website or network firewall. Organizations have responded by “hardening” that perimeter, which has result in hackers increasingly targeting the interior of an organization’s systems. This method of attack takes a variety of forms, and includes practices such as <a href="https://en.wikipedia.org/wiki/Phishing">phishing</a>, <a href="https://en.wikipedia.org/wiki/Social_engineering_(security)">social engineering</a>, etc.</p>
<h3 id="windbg">WinDbg</h3>
<p>WinDbg is a debugger built for Windows which operates similarly to <a href="https://en.wikipedia.org/wiki/GNU_Debugger">GDB</a> on Unix and Unix-like systems.</p>
<p>Based on the examples provided by the presenter, using WinDbg is similar to using GDB on Unix. One starts by setting a breakpoint at the beginning of execution of a program or block of code and then pausing execution to inspect memory, assembly instructions, and so on. Much of the discussion of assembly was familiar thanks in part to the <a href="http://alxmjo.github.io/osu-cs271-class-report">assembly</a> class I took at Oregon State.</p>
<h3 id="metasploit">Metasploit</h3>
<p><a href="https://en.wikipedia.org/wiki/Metasploit_Project">Metasploit</a> is an open-source tool which is used for <a href="https://en.wikipedia.org/wiki/Penetration_test">penetration testing</a>, which is undertaken to evaluate the security of a particular network. It’s used for aiding professionals, but is available to anyone and can be used for nefarious purposes.</p>
<h3 id="labs">Labs</h3>
<p>There were two labs (or lab-like modules) in this week’s presentations. I’ve broken them up into two parts.</p>
<h4 id="part-a">Part A</h4>
<p>The first part focused on <a href="https://en.wikipedia.org/wiki/Stack_overflow">stack overflows</a>, which occurs when a process tries to use more space than was allocated to it. In addition to causing a program to crash because of bad code, a stack overflow can be used as an exploit in a strategy called stack smashing. This refers to the process of forcing a stack overflow to exploit the result. This is generally done with a very long string as input. If the underlying code attempts to use more space than was allocated for that string, then a stack overflow can result.</p>
<p>Controlling the stack allows someone to control the entire state of the program. For example, overwriting a return address would allow someone to change the course of the execution of a program and pass control to a new location.</p>
<h4 id="lab-b">Lab B</h4>
<p>The other location that programs use to store data is called the <a href="https://en.wikipedia.org/wiki/Memory_management#HEAP">heap</a>. Like the stack, the heap can be exploited to allow other code to be executed.</p>
<p>One way that this is done is to take advantage of a so-called “use after free” vulnerability. This process is based on the following steps:</p>
<ol>
<li>Free an object</li>
<li>Replace the object with your own</li>
<li>Position your shellcode where it will be executed</li>
<li>Use the object again</li>
</ol>
<p>The example that the presenter provided involved using a browser and JavaScript. The key to this vulnerability is the fact that browsers are having to process JavaScript (which is not compiled) rather than compiled binaries (like those used for C++ and other compiled languages).</p>
Tue, 29 Jan 2019 23:17:26 +0000
http://alxmjo.com/dada-week-4
http://alxmjo.com/dada-week-4Good Mathematicians Use Counting Rods<p>In my previous posts on <em>The Crest of the Peacock</em> by George Gheverghese Joseph, I summarized the mathematical developments of several <a href="http://alxmjo.github.io/math-before-math">pre-Colombian American cultures</a> and of the <a href="http://alxmjo.github.io/egypt-mesopotamia">Egyptian and Mesopotamian</a> cultures.</p>
<p>In the case of the former, it was clear that the math that developed there did so in isolation. In the case of the latter, we can trace clear connections with the West. China, where the book next turns its focus, is more ambiguous.</p>
<!--more-->
<p>We know there was considerable transmission of goods between East and West. In addition to making possible the trade of goods, <a href="https://en.wikipedia.org/wiki/Silk_Road">the Silk Road</a> also made possible the spread of culture, and even <a href="http://www.sciencemag.org/news/2016/04/how-europe-exported-black-death">disease</a>. Unfortunately, the transmission of ideas is much harder to trace than the transmission of goods, so we’re left wondering who influenced whom, and how.</p>
<h3 id="rod-numerals">Rod numerals</h3>
<p>There were several numeral systems active in China, but the one I’ll focus on here is rod numerals, which date to around the second century B.C., or perhaps earlier. The numeral system itself appears to have grown out of the practice of using counting rods for calculation. These were small pieces of ivory and bamboo, and were arranged in columns from right to left, each representing increasing powers of ten. This made the counting rods a place-value decimal system of numeration.</p>
<p><img src="http://alxmjo.github.io/images/heng-zong.png" alt="zong heng" />
<em>Taken from The Crest of the Peacock by George Gheverghese Joseph.</em></p>
<p>Rather than using the same set of symbols for each place, however, the Chinese alternated a different (though similar) set of symbols for neighboring places. In other words, units, hundreds, ten thousands (and so on) used one set (zongs) while tens, thousands, hundred thousands (and so on) used another (hengs). This focus on opposing or alternating entities may have been rooted in the Chinese philosophy of <a href="https://en.wikipedia.org/wiki/Yin_and_yang">yin and yang</a>, but this is just conjecture.</p>
<p>Negative numbers were denoted with red counting rods, and fractional parts were divided from integral parts with a vertical line.</p>
<p><img src="http://alxmjo.github.io/images/chinese-numbers.jpg" alt="chinese numerals" />
<em>A few numbers written in heng zong numerals. Note that the rods in each column are oriented similarly. This probably wasn’t a mistake, as it would help ensure that numbers were arranged in the proper place.</em></p>
<p>While it is less ambiguous than the Egyptian and Mesopotamian systems, some problems remained. For example, how would one differentiate between the numbers 12 and 1002 without a symbol for zero? In this situation, a space was used to represent the “empty” columns.</p>
<p>It’s important to point out that the counting rods were used primarily to <em>calculate</em> <strong></strong>numbers, unlike the quipu of the Inca, which were used to <em>record</em> numbers.</p>
<p>There’s no conclusive proof that this place-value decimal system influenced other traditions outside of China, but the author does point out that the methods employed by the Persian <a href="https://en.wikipedia.org/wiki/Muhammad_ibn_Musa_al-Khwarizmi">Al-Khwarizmi</a> were “almost identical to the Chinese procedure.” The central issue with this theory rests in explaining how a system that depended on the manipulation of physical objects (counting rods) was adapted into a system that existed only in writing.</p>
<p><a href="https://en.wikipedia.org/wiki/Laozi">Lao Zi</a>, the Chinese philosopher active in the 5th century B.C., is credited with the phrase “good mathematicians don’t use counting rods,” but based on the following, you might come to disagree.</p>
<h3 id="magic-squares-magic-circles-and-other-magic">Magic squares, magic circles, and other magic</h3>
<p>A magic square is an arrangement of numbers 1 through n in a square such that each row, column, and diagonal add up to the same number. Here’s an example:</p>
<p><img src="http://alxmjo.github.io/images/magic-square.png" alt="magic square" />
<em>The squares are filled with the numbers 1 to 9 and each row, column, and diagonal add to 15.</em></p>
<p>They originated in China around the second century B.C. before spreading to India, the Middle East, and other parts of the world. They can be created according to formulae, and Yang Hui, writing in the 13th century, expanded the process of creating magic squares to the orders of 3, 4, and 5 (meaning a square with 5 numbers on each edge). He then went on to describe the creation of magic squares of orders up to 10, though the book notes that these descriptions were incomplete. Nowadays we know that there exists no upper limit on the size of magic squares. The current record (<a href="vhttp://www.recordholders.org/en/records/magic.html">according to one website</a>) for a printed square is 3,559 x 3,559 and contains 12,666,481 numbers.</p>
<p>Yang Hui also described several <a href="https://en.wikipedia.org/wiki/Magic_circle_(mathematics)">magic circles</a>, which are an arrangement of numbers such that each number lying on a series of concentric and overlapping circles, plus the circle’s diameter, adds to the same number.</p>
<p>The ability of Chinese mathematicians to create these magic squares speaks to a strong grasp on computation, no doubt aided by their employment of counting rods. However, this facility with counting rods may have held back other advancements. I’ll get to that shortly.</p>
<h3 id="jiu-zhang">Jiu Zhang</h3>
<p>Also known as <em><a href="https://en.wikipedia.org/wiki/The_Nine_Chapters_on_the_Mathematical_Art">The Nine Chapters on the Mathematical Art</a></em>, the Jiu Zhang is described by Joseph as “one of the oldest and certainly the most important of the ancient Chinese mathematical texts” and probably comes from around the first century A.D. It’s laid out as a series of problems and covers a variety of topics, including:</p>
<ul>
<li>Addition, subtraction, multiplication</li>
<li>Manipulation of fractions</li>
<li>Geometry, in which π is estimated to be 3</li>
<li>Calculating the volumes of different solids</li>
<li>A formula for finding square and cube roots</li>
<li>Solving two equations with two unknowns</li>
<li>Matrix manipulation</li>
<li>Solving systems of linear equations</li>
<li>Pursuit problems</li>
</ul>
<p>Pursuit problems involve those in which one is asked to calculate something like when a train leaving San Francisco at 70 miles per hour will cross paths with a train leaving Chicago at 65 miles per hour. Perhaps some solace can be taken in the fact that this sort of problem has been troubling students the world over for the better part of 2,000 years.</p>
<p>In the case of matrix manipulation, the author writes that this development may have been a natural outgrowth of the use of counting rods, since the same methods don’t show up in other cultures until the advent of modern math. Conversely, the reliance on these same techniques may have also inhibited other developments, like that of abstract algebra.</p>
<p>A similar point the author makes in this section is that while the <em>Jiu Zhang</em> was revolutionary for its time, it may have also held future Chinese mathematicians back. Joseph writes:</p>
<blockquote>
<p>Its influence on the Song mathematicians of the thirteenth century was perhaps even counterproductive, since they were obliged to refer to it, just as some of today’s academics routinely cite standard authorities to make their work “respectable.”</p>
</blockquote>
<h3 id="pythagoras-in-china">Pythagoras in China</h3>
<p>The Pythagorean Theorem, which describes the relationship between the sides and hypotenuse of a right triangle, is credited to the ancient Greek of the same name. But many cultures discovered this relationship independently, including in China, where it is known as the Gougu Theorem. A visual proof for the theorem dates to around 300 A.D.</p>
<h3 id="slicing-pi">Slicing pi</h3>
<p>Liu Hui, writing in the third century A.D., achieved an estimate of π accurate to the thousandths place (3.1416) using polygons of known perimeter inscribed inside of circles. A couple hundred years later, Zu Chongzhi and his son Zu Ghengzhi calculated π to the seventh decimal place, a level of accuracy that stood for hundreds of years. Unfortunately, their methods of calculation are unknown.</p>
<h3 id="what-makes-a-good-mathematician">What makes a good mathematician?</h3>
<p>As I wrote above, Lao Zi said “good mathematicians don’t use counting rods.” My first response to this statement was absolute disagreement (hence the title of this post). There can be little debate that counting rods facilitated computation and helped push Chinese mathematics forward.</p>
<p>But what if Lao Zi was actually saying that good mathematicians look <em>beyond</em> counting rods (and computation). What if the definition of a good mathematician was simply one who was capable of abstraction?</p>
<p>There are hints of this world beyond computation in calculus, and even more in linear algebra. Indeed, I’ve grown to love math as an adult largely because I’m focusing more on abstraction and less on computation. And I think a big part of that is that abstraction, not computation, is the core of mathematics.</p>
Mon, 28 Jan 2019 14:46:47 +0000
http://alxmjo.com/ancient-chinese-math
http://alxmjo.com/ancient-chinese-mathFrom Egyptian Frustums to Babylonian Sexagesimal<p>Before diving into the mathematics of the ancient Egyptians, here’s an important question: Were they African? Let’s check a map:</p>
<p><img src="http://alxmjo.github.io/images/egypt-africa.gif" alt="egypt in africa" /></p>
<p>Ah, OK.</p>
<!--more-->
<p>The third chapter of <em><a href="https://press.princeton.edu/titles/9308.html">The Crest of the Peacock</a></em> by George Gheverghese Joseph, which focuses on the mathematical developments of the Egyptian empires, starts with that important, and often-ignored point.</p>
<p>Does it matter from a mathematical perspective that much of our mathematical tradition originated in Africa? I don’t know. But the implications on our general understanding of the world are huge. If I were teaching a class on these subjects, this would be one of the first points I’d bring up.</p>
<p>Now to the math, in which we’ll be compressing several thousand years of human development and many kingdoms into “Ancient Egypt” and “Mesopotamia.”</p>
<h3 id="math-of-ancient-egypt">Math of Ancient Egypt</h3>
<p>Ancient Egyptians wrote on papyrus, a thick, plant-based paper. Unfortunately, papyrus degrades over time and so much of what likely existed at the time of the ancient Egyptians has been lost. However, a few important pieces remain.</p>
<h4 id="the-ahmes-and-moscow-papyri">The Ahmes and Moscow Papyri</h4>
<p><a href="https://en.wikipedia.org/wiki/Rhind_Mathematical_Papyrus">The Ahmes Papyrus</a>, also known as the Rhind Papyrus (because it was owned at one time by a man named Alexander Rhind) may have been used as a teacher’s manual. It has been dated to approximately 1550 B.C.E.</p>
<p><img src="http://alxmjo.github.io/images/ahmes-papyrus.jpg" alt="ahmes papyrus" />
<em>A portion of the Ahmes Papyrus. It measures 13 inches tall and nearly 16 feet long.</em></p>
<p><a href="https://en.wikipedia.org/wiki/Moscow_Mathematical_Papyrus">The Moscow Papyrus</a>, so-called because it is currently housed there, dates to around 1850 B.C.E.</p>
<p>Much can be gleaned from the Ahmes and Moscow papyri. The ancient Egyptians:</p>
<ul>
<li>Used a ciphered, non-place value, decimal numbering system.</li>
<li>Were aware of the concept of zero but did not use it as a place value.</li>
<li>Made extensive use of unit fractions like ½, though avoided non-unit fractions like ¾ (though ⅔ apparently saw wide use).</li>
<li>Practiced rhetorical (rather than symbolic) algebra. This entailed a sequence of steps to solve a problem, but no operators such as +, -, etc.</li>
</ul>
<p>The unit fractions part is interesting because the ancient Egyptians did not use printed currency. As such, one might be paid for labor in the two most common goods of transaction: bread and beer.</p>
<p>In a particularly interesting example from the text, imagine you’re an employer and you need to distribute nine loaves of bread among ten workers. Each worker would receive nine-tenths of a loaf of bread. One way to do this equally would be to cut a tenth of each loaf, distribute the nine-tenth shares to nine workers, and then the nine one-tenth shares to the remaining worker. Needless to say, this last worker may not think this was a fair deal (who likes the heal?).</p>
<p>The Egyptian form of division, strange as may seem to us today, would’ve resulted in the following result: seven workers would receive three pieces, 2/3, 1/5, and 1/30 of a loaf. The other three workers would receive four pieces, two 1/3 pieces, a single 1/5 piece, and a single 1/30 of a loaf. I’m not sure what I’d do with 1/30 of a loaf, but you can see that this would likely appear to be a fairer result in the end, if only because each person’s share would look similar.</p>
<p>This brings up an important point: the number systems and mathematical procedures of a culture are a reflection of the practices of that culture. I wouldn’t want to do calculus using only the tools that the Egyptians had, but then again, they <em>weren’t</em> doing calculus. They were dealing with the trade and distribution of goods in a non-monetary economy. And for that their system made perfect sense.</p>
<h4 id="ancient-egyptian-geometry">Ancient Egyptian Geometry</h4>
<p>The Egyptians were also skilled geometricians. Beyond the proof provided by the towering pyramids which still stand today, we also know that the ancient egyptians also knew how to:</p>
<ul>
<li>Approximate the area of a circle.</li>
<li>Calculate the volume of a <a href="https://en.wikipedia.org/wiki/Frustum">frustum</a> (a truncated pyramid).</li>
</ul>
<p>It has also been proposed that the ancient Egyptians were able to calculate the surface area of a hemisphere, but Joseph is skeptical.</p>
<p>As for the area of the circle, we know now that the ancient Egyptians estimated π to be 3.1605. Pretty close (the real value is 3.1415…), but Joseph also points out that “the Egyptian method is not based on recognizing the dependence of the circumference on the diameter (i.e., on the value of π).” In other words, this was an <em>implicit</em> estimate. The Egyptians did not set out to calculate the value of π.</p>
<h3 id="math-of-mesopotamia">Math of Mesopotamia</h3>
<p>The fourth chapter of <em>The Crest of the Peacock</em> focuses on the mathematics of the region of <a href="https://en.wikipedia.org/wiki/Mesopotamia">Mesopotamia</a>, which was centered on the Tigris and Euphrates rivers of modern day Iraq.</p>
<p>As I wrote last week, a key factor in the development of mathematics in these early cultures was the <em>demand</em><strong></strong> for higher levels of thinking and the <em>resources</em> to achieve them. This is just conjecture on the part of the author and other historians, but the fact that the kingdoms of Mesopotamia relied on large-scale agriculture and irrigation may satisfy both of these requirements.</p>
<p>A calorie surplus, as can be achieved through large-scale, coordinated agriculture, would be required to support a class of scribes. And in order to undertake large-scale agriculture, skills such as measuring crop yields and field sizes must have been important.</p>
<p>The inhabitants of Mesopotamia lived under the Akkadian, Assyrian, and Old Babylonian empires, among others. Hammurabi, well-known for the <a href="https://en.wikipedia.org/wiki/Code_of_Hammurabi">legal code</a> which bears his name, was a leader of the Old Babylonian empire.</p>
<p>Unlike the ancient Egyptians, who wrote on papyrus, the Babylonians used clay collected from river banks as their medium. These tablets could then be dried or fired for longevity, which is part of the reason why they are so much more prevalent today. In addition to clay tablets, they also used small tokens of various shapes and sizes to represent varying amounts of different goods. A cone-shaped token for a small measure of grain, for example, a sphere for a larger quantity, and so on. These tokens could then be pressed into clay tablets to form a kind of business record or receipt.</p>
<p>One can imagine how this system might work well for a small number of items, but once quantities grew large enough it would’ve been useful to have a single symbol to represent multiple items. It’s like keeping score with <a href="https://en.wikipedia.org/wiki/Tally_marks">tally marks</a> – works well enough for soccer, not so well for basketball.</p>
<p>Based on the many tablets found in Mesopotamia, here’s what we know about their mathematics. They:</p>
<ul>
<li>Used a sexagesimal (base 60) counting system expressed with only two symbols, a T-shaped symbol which represented one and an angled symbol which represented ten.</li>
<li>Used place-value numeration.</li>
<li>Did not use a symbol for zero, which led to ambiguity.</li>
<li>Were aware of the properties of the Pythagorean theorem, one thousand years before Pythagoras.</li>
<li>Were also aware of Pythagorean triples, as evidenced by the <a href="https://en.wikipedia.org/wiki/Plimpton_322">Plimpton 322</a> tablet.</li>
<li>Were able to work an equation to find unknown quantities, which is the basis of algebra.</li>
</ul>
<p>This <a href="https://en.wikipedia.org/wiki/Sexagesimal">sexagesimal</a> counting system can be seen today in hour sixty-second minutes and our sixty-minute hours. You’ll also notice it in our description of a circle being made up of 360 degrees.</p>
<p>There are many benefits to such a system, chief among them being the number of terms which evenly divide 60: 1, 2, 3, 4, 5, 6, 10, 12, 15, 20, 30 and 60! Ten, the base of our number system, is only evenly divided by 1, 2, 5, and 10. Sad.</p>
<p><img src="http://alxmjo.github.io/images/bab-nums.jpg" alt="babylonian numerals" />
<em>Several numbers written in Babylonian numerals. Note that the bottom four numbers are written with exactly the same symbols, which indicates a certain amount of ambiguity due to the absence of zero and a <a href="https://en.wikipedia.org/wiki/Radix_point">radix point</a>. This ambiguity may not have mattered much, however, if the correct interpretation of the symbols could be gleaned from the context in which they were used.</em></p>
<h3 id="too-much-credit">Too Much Credit?</h3>
<p>Does Joseph give too much credit to the ancient Egyptians and the inhabitants of Mesopotamia? I don’t think so. In fact, I think too little or too much credit is the wrong way to think about it.</p>
<p>The evaluation of the mathematics of these cultures should rest squarely on the shoulders of the mathematics itself. To do this, simply explain what advancements they made and where they spread. That’s the only way to come to a cohesive understanding of who developed what, and that’s exactly what I think Joseph has done.</p>
Wed, 23 Jan 2019 08:00:00 +0000
http://alxmjo.com/egypt-mesopotamia
http://alxmjo.com/egypt-mesopotamiaDefense Against the Dark Arts: Week 3<p>This week’s lectures focused on malware defense, or in other words, how to prevent an attack from occurring in the first place. They were delivered by Craig Schmugar, another engineer at McAfee. While the lectures and labs were interesting, I think that they fell a bit short of this goal.</p>
<!--more-->
<p>Perhaps I misunderstood the intent, but the lectures still focused mostly on identifying and investigating malware rather than protecting against it. Defense was only mentioned in a few parts. Anyway, onto the lectures and lab.</p>
<h3 id="methods-of-attack">Methods of Attack</h3>
<p>The lectures began with a reference to the Happy99 worm, which spread across the internet 20 years ago. According to the presenter, it was the first email worm that achieved wide distribution and infection. It affected tens of millions of people around the world. Besides spreading itself, it did no further damage.</p>
<p>The presenter also spoke about other methods of attack. There was not much new compared to the last two weeks of lectures. One thing that did stick out was malware that changes a configuration (like routing traffic through a proxy) and then deletes itself. It leaves no files (evidence) behind, just a modified URL in the routing table. In this sense it’s a lot like a traditional criminal. The “good” ones cover their tracks.</p>
<h3 id="proposed-solutions">Proposed Solutions</h3>
<p>So what can be done to defend against attacks? Some proposals from the lectures:</p>
<ul>
<li><strong>Education</strong>: If this looks weird, too good to be true, etc., don’t click it.</li>
<li><strong>App store model</strong>: Central clearing house for good software maintained by a single entity (Apple, Google, etc.).</li>
<li><strong>Blocking</strong>: Script blockers, blocking installs, etc. Firewall as network intrusion protection. Even epoxy in USB port.</li>
<li><strong>Defense in depth</strong>: Multiple layers of defense.</li>
</ul>
<p>This is not an exhaustive list, obviously, but it provides some ideas.</p>
<h3 id="yara">yara</h3>
<p><a href="https://virustotal.github.io/yara/">Yara</a> is a pattern matching tool for malware detection. It allows searching for strings and other parameters on a machine. A yara rule might look like this:</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>autorule ExampleRule
{
strings:
$my_text_string = "text here"
$my_hex_string = { E2 34 A1 C8 23 FB }
condition:
$my_text_string or $my_hex_string
}
</code></pre></div></div>
<p>I pulled this directly from the yara docs, which are available <a href="https://yara.readthedocs.io/en/v3.8.1/index.html">here</a>.</p>
<p>For the labs, I used yara on a virtual machine to narrow down to a particular list of files. I was able to search via string. It’s possible to searching for other things besides strings, though, like file size, and to add in conditionals and wildcards.</p>
<h3 id="cuckoo">Cuckoo</h3>
<p>The other tool we explored this week was <a href="https://cuckoosandbox.org/">Cuckoo Sandbox</a> (or just Cuckoo), which is an open-source program which allows automatic analysis of suspected malware. The automatic analysis part is important because of the increase in malware. Consider the following graph, which shows the number of unique malware samples (based on their <a href="https://security.stackexchange.com/questions/38959/what-does-it-mean-by-the-hash-of-a-malware">hash</a>) collected over time:</p>
<p><img src="http://alxmjo.github.io/images/hash-graph.png" alt="hash graph" />
<em>This graph is now pretty outdated, but it shows an exponential gain in the amount of malware over time.</em></p>
<p>The presenter said that one theory for this trend is that anti-virus software is working. As such, malware creators have to keep changing their tactics and methods in order to keep up. It’s like an arms race, with each side continually upping the ante.</p>
<p>Anyway, back to Cuckoo. The program works by taking advantage of an isolated environment (<a href="https://en.wikipedia.org/wiki/Sandbox_%28computer_security%29">sandbox</a>, generally, or virtual machine more specifically) in which to run the suspected malware. The fact that the environment is isolated prevents the suspected malware from affecting or harming other parts of the machine on which it’s run. The effects of the suspected malware are then observed inside the sandbox. The fact that the process is automated is important because it speeds up malware analysis and allows more samples to be investigated in a shorter period of time.</p>
<h3 id="lab">Lab</h3>
<p>Of the four samples that were provided, I found at least one of them to be malware: the file with the signature which begins “068D5B62254D…” According to the <a href="https://home.mcafee.com/virusinfo/virusprofile.aspx?key=4390509">listing</a> on McAfee’s website, this is a trojan designed to steal passwords.</p>
<p>I was able to isolate the malware using the following rule in yara:</p>
<div class="highlighter-rouge"><div class="highlight"><pre class="highlight"><code>rule FindMalware
{
strings:
$a = "MZKERNAL32.DLL"
condition:
$a
}
</code></pre></div></div>
Tue, 22 Jan 2019 23:19:21 +0000
http://alxmjo.com/dada-week-3
http://alxmjo.com/dada-week-3