Disqus - Latest Comments for esjewett

Re: New Study Suggests Police Shoot Whites More Frequently Than Blacks

esjewett — Mon, 11 Jul 2016 11:13:15 -0000

The reporting on this is pretty terrible, it seems. I believe the result was an answer to the question "does race play a role in the frequency of shootings once a person has been stopped by the police". And indeed, it seems (in a very restricted data set, so likely not generalizable) to find that it doesn't play a large role. But what about *stops*? Race certainly plays a role in how often someone is stopped, so it's completely false to argue that this says anything about shootings *in general*. It says something about how likely someone is to be shot *once they are stopped*. It's a conditional probability.

Attribution: @tressiemcphd's discussion brought this aspect of the reporting to my attention.

Re: What Can You Say When Your P-Value is Greater Than 0.05?

esjewett — Fri, 04 Dec 2015 09:23:12 -0000

Yes, I'd agree with your response to the issue in the sense that the treatment of p-values described is irresponsible. I just don't think the solution is to stick to a pre-determined significance level threshold as a hard-and-fast rule. That approach probably makes the long term problem worse because it allows people to go along thinking that their understanding is sufficient. The solution is for people using and reading p-values to understand what p-values and significance levels actually mean and treat them accordingly.

Or I suppose we could go the route of certain journals that will not be named and ban p-values and confidence intervals entirely. :-)

However, when it comes down to it, I would think that if we looked at these studies where p-values are treated in this fast-and-loose manner without understanding of their true meaning, we would find major design errors that have larger effects than the p-value treatments. Things like multiple-testing without correction are rife in many fields and in industry, and often have effects larger than the difference between 0.05 and 0.12 in p-value, for example. I wonder what % of those studies have a statistician as an author? Likely lower than average!

Re: What Can You Say When Your P-Value is Greater Than 0.05?

esjewett — Thu, 03 Dec 2015 15:07:53 -0000

Hmmmm. I agree with the general critique, but not the prescription. What's the difference between a p-value of .04999 and a p-value of .05001? The answer of this blog seems to be that one is significant at a 5% level and one is not. But while technically true, that is grossly misleading. A more helpful answer for anyone looking at these 2 p-values is that in almost all circumstances they should be treated as equivalent because they express two indistinguishable probabilities along with a gentle reminder that responsible scientists err on the side of concluding non-significant results unless there is an imbalance in the consequences of type 1 and type 2 error.

The solution here is for people to learn that correctly calculated p-values are a description of the probability of our observation under the null-hypothesis. Interpreted as a probability, they are very informative. Interpreted as an arbitrary number that we need to be lower than another arbitrary number for reasons having to do with tradition and publication regimes, not so much.

Re: Unsustainable Museum Data - Matthew Lincoln

esjewett — Wed, 28 Jan 2015 12:49:16 -0000

Yes, Github has really become a destination, so from that perspective it makes a lot of sense to host data there. I don't knock it. There aren't really any better tools available that I'm aware of at the moment, and that's unfortunate. I'm a little behind on the development of LOD/RDF versioned data-stores at the moment, so maybe that provides an option?

From my perspective as a developer working on browser-based data exploration and visualization tools (Palladio mostly, at the moment), I'd just settle for better interoperability at this point, meaning better CORS support on things like API endpoints and map tile-set servers, and more use of standard API data-access conventions, whether that is something as structured as SPARQL or as simple as a hosted folder of CSV files.

Re: Unsustainable Museum Data - Matthew Lincoln

esjewett — Tue, 27 Jan 2015 16:02:21 -0000

There are all kinds of really interesting questions and hard problems here.

I do admit to my jaw hitting the floor when I realized that these institutions are using Github in this manner. It's very interesting that a system designed for handling relatively small text files can hold up under this kind of use case. In general I do think an approach based on distributed source code management systems like Git is an excellent model for handling versioned updates to databases. I wonder if any of these institutions are starting to see limits to the amount of data that can be handled in this way.

Regarding APIs, I tend to think the underlying issue is a lack of data systems that handle these types of problems in a manageable and versioned way (specifically the transformation from raw form in a database table or another form, through various transformation logic, and into an API presentation). Providing a snapshot of the representation of the data on either end of this chain, either as a flat-file dump (the pre-image) or by crawling the API (the post-image) is a start. But what we also need is the transformation logic - in other words the API code, any backing application logic, and if we are dealing with a presentation application the transformation logic embedded in the consuming application. And this all needs to be in version-related packages so that we can determine for any given point in time what raw data was being processed by what transformation logic and exposed by what API code. Then we need it all in a nice package that is easily deployed by a researcher. Simple, right? :-)

I think the example of use of Git for data versioning is illustrative that we're actually getting to a point where we have enough excess computational power available that very expensive problems like versioning are becoming tractable at certain scales, so that's nice. Now we need to create usable solutions.

Re: A change management lesson with Uber and AirBnb

esjewett — Tue, 08 Oct 2013 20:39:28 -0000

I take your point, and I agree with the overall point of the blog. But your example perpetuates a damaging myth that is very common in tech circles: that the rules and regulations hindering AirBnB and Uber are outmoded and no longer have a justification.

I see this when you say, "facing rules that have been built for a constrained context that does not exist anymore", or "everyone praises their model - except the leaders of the industries they’re removing the dust from", or "it makes everyone sad – except the ones they are challenging".

None of these statements are true (though there is a grain of truth in the first). They all reflect the view that these regulations no longer protect anyone but the industries that they regulate, which is simply false in both the AirBnB and the Uber case. These regulations still protect lots of people, and these people would be (and in the case of AirBnB are being) hurt.

Do the regulations need to be updated to better fit the present situation but still serve their legitimate purpose? Of course. Should they be completely rescinded because they no longer have a legitimate purpose? No.

In any case, again, I agree with your overall point, but the choice of example was poor and assumes things about public policy that are not the case.

Re: A change management lesson with Uber and AirBnb

esjewett — Tue, 08 Oct 2013 11:22:32 -0000

This blog kind of enrages me, but I'll try to get over it. Let me explain the reason though: The blog assumes that the rules AirBnB and Uber are struggling against are just stupid relics of a bygone era that have no place in our modern world.

But in reality, many of these rules (while imperfect) are in place for very good reasons that are still valid. NYC and other municipalities have seen documented cases (and many undocumented reports) of abusive landlords evicting tenants and essentially turning zoned residential spaces into unlicensed hotels. This practice and the less obviously bad practice of reducing quality of life in building through partial conversion to hotel space have real effects on real people. Uber, meanwhile, flouts the nondiscrimination rules that licensed taxi companies must abide by. Again, real people lose access to a necessary service so that the iPad set can get their fancy rides.

I'm not saying that Uber and AirBnB are bad. I think they are good and we should work hard to make a place for them in the regulatory landscape around these services while maintaining quality of life of people affected by them as much as possible.

But wouldn't you say that a responsible change manager should work to understand the rules he or she is working against rather than assuming that the rules are bad simply because they obstruct that person's conception of progress? That would be responsible change management.

Re: Two Thirds of New Mobile Buyers Now Opting For Smartphones

esjewett — Sat, 14 Jul 2012 03:11:46 -0000

Odd. In the chart above, RIM Blackberry (9%) is shown with over half the area of Apple (34%). It seems that the chart is incredibly inaccurate. What is the point of using a chart at all if it doesn't reflect the data?

Re: The Perils of Criticizing Black Studies

esjewett — Wed, 09 May 2012 03:03:45 -0000

"virtually every blogger I know and respect seems to have come down on the Chronicle's side and everyone I know and don't respect so much has come down on Riley's side."

This is an egregious misrepresentation of the sequence of events. Here's what happened, as I saw it from my rather distantly removed spectator's seat:

1. Chronicle published the aforementioned blog.

2. Outrage.

3. Chronicle: No problem here. (This response included several tweets from one @chronicle_amy that were pretty insulting to those who were pointing out the problem.)

4. More outrage.

5. Chronicle: We believe in a diversity of opinions and don't see a problem with the blog. We invite you to go and comment on the blog if you disagree. (This response was delivered in the form of an editor's note on the Brainstorm blog.)

6. Yet more outrage, starting to point out that not only did the Chronicle display epically bad judgement in posting the original blog, but it also clearly doesn't understand the criticism being leveled. This outrage took the form of a direct reponse from the PhD students involved, another response from the professors of said students, and several more responses from academics as well as other bloggers at the Chronicle condemning the publication of the original blog as well as the Chronicle's response to date.

7. Nothing.

8. The Chronicle fires Riley and issues a non-apology apology.

9. I'm not sure what happened/s next.

My point is that during steps 1-7, the Chronicle's side *was* Riley's side. In my pretty uninformed opinion, the Chronicle has handled this horribly, up to and including firing Riley. The blog never should have been published, but once it was and the mistake was realized, the Chronicle should have given a real apology, possibly taken down the blog, instituted better editorial controls for its blogs, and moved on. People like Riley might be a problem for discourse in America, but the problem here was the Chronicle, pure and simple. I'm pretty sure the Chronicle still doesn't get it.

Re: SAP's HANA and "the Overall Confusion"

esjewett — Sun, 29 May 2011 05:42:09 -0000

SAP is certainly pushing HANA as a revolution in computing itself, at least with regards to data processing. This is certainly not true, as you point out.

For companies that limit themselves to the SAP ecosystem when considering their IT landscape, HANA may be revolutionary, but I think (or perhaps I just hope) that not many IT and business groups limit themselves in this way :-) I have definitely seen some shops moving towards analytical DBMSes for their reporting datamarts, whether those are dedicated MOLAP stores (MS Analysis Services), columnar MPP disk-based ADBMSes like Vertica or Sybase IQ, or in-memory columnar MPP stores like Exasol and Paraccel.

If companies are only aware of the technology that SAP is offering and not the overall ecosystem, then they are at a high risk of overestimating the value of the technology on offer and possibly making bad comparative TCO decisions. I guess the question is how best to stay aware of the technology available in the overall ecosystem. Entering a client relationship with a technical analyst firm might be the best option for companies that are trying to start developing this sort of more general view.

Re: SAP's HANA and "the Overall Confusion"

esjewett — Sun, 29 May 2011 05:26:33 -0000

Thanks for the comment Vijay. I think you're right, especially because the existence of that many live systems implies that a significant number of people have become familiar with HANA outside the inner circle of SAP's own HANA experts.

Has SAP shared information on how many customers have gone live (to production) with a HANA-based system? My understanding was that the customers talking at #sapphirenow were discussing prototype systems, but I may have misunderstood that.

Re: SAP's HANA and "the Overall Confusion"

esjewett — Sun, 29 May 2011 05:22:23 -0000

I completely agree. In private and small conversations SAP is very clear about what HANA really is and that it does not directly address the issues you talk about. You can even get people to admit that HANA is not the best option in all situations :-) But in the keynote-style presentations this is not clear, and these presentations are what most people see. I think it's for this reason that questions like the ones answered here are being asked by a lot of customers.

Re: University of Chicago Shows off its Automated Library

esjewett — Mon, 16 May 2011 11:40:48 -0000

Agree on browsing. Of course, what everyone forgets to mention is that browsing is not lost. My understanding is that section of the library is going to house books that were mostly in off-site warehouse storage before now, so they were not browsable. The Reg's impressive stacks will remain intact and browsable :-)

Re: A tour of testing with an SAP focus (in the end)

esjewett — Wed, 06 Apr 2011 04:39:54 -0000

Hi Tim,

I haven't moved on exactly - still struggling with many of the same issues :-) I have realized that at least in BI it is a much bigger problem than just SAP software. I try to use these principles as much as possible on my projects, but from both a cultural and tool-set perspective most projects aren't ready to adopt these methods.

What is your experience with trying to push the idea of a Continuous Delivery model for SAP projects?

Ethan

Re: ZFS+rsync = Time Machine in the Cloud

esjewett — Sat, 19 Mar 2011 08:24:09 -0000

This is a great start. I'd like to keep an eye on development. You say above that development is proceeding on the public Github page, but I don't see it there. Am I missing something?

Re: The Age of the Political Sting

esjewett — Fri, 11 Mar 2011 04:36:49 -0000

Sort of off topic, but what's the deal with the RSS feed? A few articles have been truncated in the feed over the last few days. Is there any way to make sure that doesn't happen in the future?

Re: Musing about semantics in BI

esjewett — Wed, 02 Mar 2011 04:28:59 -0000

Greg, thanks for taking the time to provide a thoughtful response. I agree with you on the DW/OLAP/BI mish-mash. I've given up on trying to differentiate the three as most people use them interchangeably, and indeed the concepts to which they refer overlap more or less. Throw "analytics" into the mix and you've got yourself a real confusion :-)

I think what you are getting at in the rest of your comment is a little bit different from the focus of my post. You are talking about specific representations (in this case government mandated formats) of semantically integrated data. Meanwhile, I am talking about the structures we use to implement semantic integrations on top of the formats used to store this data, preferably with decent performance and at a reasonable cost in effort.

Part of the difference is embedded in your use of "syntax" here. I think it is confusing the syntax of programming languages using to generate semantic representations ("syntax errors") and the syntax or rules of a mandated format (XBRL syntax). This is confusing because XBRL provides both a syntax (defined as an XML format, I believe) and a semantics (tagging rules).

To a certain extent I think we can separate questions of semantic and syntactic representations of data. There is always a syntax, or format, but I think usually it is advantageous to conceptualize a semantic representation coming first and then layering syntax on top of that semantic representation, though indeed we often go through multiple iterations of this layering cycle.

Re: What Would A Sane Airport Security System Look Like?

esjewett — Sun, 21 Nov 2010 06:31:26 -0000

Classy. Real classy.

Let me break it down for you: I think almost any kind of list like this doesn't actually improve security. I have no idea why that makes you think that I am scared or a "sheeple".

Re: What Would A Sane Airport Security System Look Like?

esjewett — Fri, 19 Nov 2010 12:55:10 -0000

And what happens when a terrorist gets on the "can fly" list?

Re: Case of the Mondays Rant?

esjewett — Sun, 07 Nov 2010 04:48:22 -0000

OAuth-signed requests (from OAuth 1.0a) can potentially replace the cookie use-case without sending normal requests over SSL (with the signing secret sent over SSL). Twitter does this for its API, for example, but browsers don't generally implement support for OAuth, so it's not possible to replace cookies for browsing in this way.

Re: Case of the Mondays Rant?

esjewett — Fri, 05 Nov 2010 13:48:27 -0000

No problem, confusion is fine. I'll admit my sentence was just a tad over-complicated :-)

I think the difference is that pretty much everybody knows how secure a padlock is (not very). Similarly most everyone has a feeling for more or less how secure SSL is (pretty secure). But most service providers have pretty much misled their users about how secure access without SSL is, and there is a lot of confusion out there among even very technical users.

I know, for example, that it didn't occur to me that a site using partly SSL/TLS and partly non-encrypted communication would be totally vulnerable to cookie snooping because they usually use the same cookies for secure and insecure access. I know now because Github blogged about it. Firesheep was the reason for that discussion, and Firesheep has made it painfully clear to a lot of people exactly what is protected and what is not.

Yeah, it's a dick move, but people have been trying to make the point without being dicks for a decade, and it's been a failure. It's refreshing to see someone make the point to users and service providers successfully.

Re: Case of the Mondays Rant?

esjewett — Fri, 05 Nov 2010 12:13:44 -0000

No, I meant what I wrote. I'm supportive of the Firesheep creator's tactics. As you say, service providers have known about this issue for a decade (longer actually) and done nothing.

Heck, you should have seen the discussions going on among the creators of WRAP and OAuth 2 less than a year ago! Many of these people are key employees of these very service providers, and many were arguing for recreating cookies and allowing transmission over insecure channels because the current cookie implementations were 'secure enough'. They argued that recommending short-lived tokens (which cookies were supposed to be, but their lives predictably enough got longer and longer) would provide adequate security. Of course, short-lived tokens do almost nothing against this type of exploit.

Many service providers are now doing something, which is more than we could say 1 year ago for most everyone but Google and financial institutions. Github is blogging about it, which is edifying.

Just so that you can sleep a little less soundly at night, keep in mind that being on a private network yourself does little against these types of attacks. Sure, no one can sniff the cookie on coffee-shop wifi, but your request gets routed through a large number of servers before it reaches it's destination, any of which can grab your cookie. This is true even if you are using a VPN, unless your VPN endpoint happens to be in the service provider's data center.

The only end-to-end protection is SSL/TLS.

Re: Case of the Mondays Rant?

esjewett — Fri, 05 Nov 2010 09:01:59 -0000

Interesting post.

While I am usually very supportive of advocates for a notify-first-release-later approach to security vulnerabilities, in this case I'm actually supportive of the Firesheep creator's tactics. This particular cookie vulnerability is so well known and so widespread that anyone who really wanted to exploit this vulnerability already had extensive tools at their disposal allowing them to do so.

The only thing that notifying companies of existing vulnerabilities does is make them aware of the issue and give them time to fix it. In this case, these websites were already well aware of the issue and have done nothing to fix it. (The notable exception is GMail, which turned on SSL by default in January.) Releasing Firesheep had one primary affect: It created a massive publicity storm that *finally* made consumers aware of how easy it was to steal their data if they weren't using SSL/TLS.

This publicity storm has in turn resulted in companies finally evaluating the security of their un-protected cookie-based infrastructures. I don't see how that would have happened any other way. Smart people have been yelling about this for years to no avail. If Firesheep had been created 2 years ago, we would be two years closer to this not being a problem.

Re: What does SAP mean by "In-memory"?

esjewett — Wed, 27 Oct 2010 16:32:29 -0000

I'll admit to being a bit skeptical about this take. I don't see RAM in its current state becoming a primary storage medium for applications that require guaranteed persistence of writes (ok, 99.99%+ guaranteed persistence :-). In these use-cases, RAM will continue to be a cache for all realistic purposes. Indeed, it may be a cache that gets nearly 100% of the use, but there will continue to be an underlying storage stratum that can provide a better persistence guarantee and writes will still need to be committed to the underlying medium before concluding a write-transaction.

Eventually we'll see a storage medium that can give a persistance guarantee similar to hard-disks with access speeds similar to RAM, but we aren't there yet.

With regards to SAP's solutions, which were the focus of this piece, RAM is most certainly used in the manner described: as a cache - albeit a cache that contains 100% or nearly 100% of the data-set, but still a cache.

Re: How to get Johnson built

esjewett — Fri, 24 Sep 2010 07:06:29 -0000

I really don't recall, but I think I tried it and it did not work.