This time I manged to publish a new version of my speermint thesis-like I-D in time. Phew. Spending time in trains is sometimes the best way for me to focus on a single subject. That used to be easier; now with 3G on the phone I can connect to the Internet while riding trains which provides ample fodder for distractions. Anyway, …

This update isn’t so much an update on the existing text, but instead adds a few new sections. Whereas the old text just analyzes the problem-space and lays out some generic principles, the additional text now provides a vision on what the solution could look like. As a bonus, I also discuss a few design mistakes I saw in various other documents.

Feedback is welcome.

[Update: My slides for the IETF session are here. Thanks to Alex for standing in for me. This pdf contains the comments I added to help Alex. ]

Getting kmail on Ubuntu to open links in firefox

This is one of the simple things which required more searching than I expected. I note the solution here in the hope that it is helpful to the next person searching for an answer.

The problem:

We’re running plain Ubuntu installations (gnome) with Kmail (for Kolab). Clicking on links in emails opens a shell window with Lynx and not Firefox.

The fix:

Most of the search hits I found advised me to use kcontrol and go to “KDE Components -> Component Chooser”. Well, that option isn’t enabled in the Ubuntu version of the KDE packages. As I don’t run the KDE panel, the suggested solution doesn’t work either.

The solution is contained in these bug tracker messages:

sudo apt-get install kde-systemsettings
kcmshell defaultapplication

Sometimes I miss the times of simple configuration files.

Statistics and the Wall Street crash

I stumbled on an article about Nassim Taleb’s book “The Black Swan” recently. Quick summary: It’s very easy to make mistakes when applying the mathematical theory of statistics to the real world. Not everything in the world can be described as independent random variables with clearly defined properties.

So whenever you put real money behind your statistical reasoning, you better be really sure that your calculations are correct and that all the preconditions regarding applicability of the theory are met.

Furthermore, the rare event you are tempted to ignore (the “this won’t happen in my lifetime” syndrome) may have such bad results that you just shouldn’t discount it.

All this reminded me a bit of what I wrote 12 years ago in my master thesis on Pseudorandom Number Generation:

Classic statistical tests examine if the test statistic does not deviate from its expected value too much. If we are only interested in the expected outcome of a similar simulation problem, such one-level statistical tests are all we need in order to be confident about the accuracy of the simulation.

On the other hand we might be interested in the distribution of the simulation’s outcome. For this goal hitting the expected value is not enough, the variance of the result is now important, too. Thus we will demand the same behaviour from the test statistic, too.

Let us illustrate this principle with an example. We want to test the well known strategy of doubling the ante in a game of roulette. It is supposed to guarantee winning the initial ante and works like this: If we do not win in the first round (and therefore win twice the ante) the ante is doubled for the next round. If this round is won, we get back four times the initial ante while we invested three times the initial ante resulting in a net win of one ante. In case of bad luck we double the ante again hoping for eight times the ante for an investment of seven. As we hope that we will finally win before our capital is drained a net win seems to be certain.

In order to simulate this we need random numbers to determine whether we will win the current bet. The probabilities are 18/37 for winning and 19/37 for losing each round, respectively. It seems to be natural to use the lengths of runs as a test statistic to test our source of PRN for its fitness to simulate a real roulette table. The probability that the maximal run length in 500 tries is greater than 15, is smaller than all usual values for α, so according to the corresponding statistical test we should reject all sequences where such runs do occur.

When we now run the simulation with these prescreened sequences we will never ever experience a loss as long as we have enough money for 15 steps of doubling the ante. Thus we should conclude that the strategy works. As we know, this is not true. So what went wrong with our simulation ?

The statistical test considered it equally important whether the sequence in question was “well-behaved” or not, whereas the simulation assigned completely different weights to those cases. Thus the area that the test considered to be insignificant (smaller than α) played a major role in the simulation (more than 1/2).

There are some other cases of simulations where we are not so much interested in the average case, but in the extreme ones. Consider for example all those safety measures in power plants or other machinery where a rare sequence of occurrences might lead to catastrophic results. When simulating these security systems one must not a priori exclude unusual sequences.

Please note that the distinction between level-1 and level-2 tests (tests which test the distribution of the results of a level-1 test) is arbitrary. The test statistic of a level-2 test is just another function of the underlying set of PRN, too.

Debian Lenny: / on LVM2 on dm_crypt on raid

This is just Google-fodder:

If you use the lenny (beta2) installer to setup a system which uses / on LVM on dm_crypt on raid, then the first reboot fails with something like “cannot find LVM volumes”. After a few minutes you get dumped into a busybox shell.

Getting the system to boot

Run cryptsetup luksOpen /dev/md1 md1_crypt (or md0, depending on your setup). Exit busybox and the system should boot through. Then …

Fixing this for good

It seems to be that this Wiki page still applies. Thus you have to create a line in /etc/crypttab containing (in my case md1)

md1_crypt /dev/md1 none luks

and run update-initramfs -u to update the initrd.

That’s it.