This is Don Turnblade's Typepad Profile.
Join Typepad and start following Don Turnblade's activity
Join Now!
Already a member? Sign In
Don Turnblade
Recent Activity
Simon Willison, Any numbers on error rates if the programmer manages more or less than 20,000 lines of Code? First guess: 58 to 74 bugs in that 20,000 lines of code. Odds the 20,000 lines are defect free: Trace (1.9e-29) Ave_bugs = 20,000 lines of code * 0.0033 professional blunder rate = 66 Sigma_bugs = sqrt(20,000 * 0.0033 * (1 - .0033)) = 8.1 Defect_free = (1-.0033)**20000 = 1.9e-29
A Slightly more realistic level of Dancing Bunny Security Controls: The model may be imperfect, but it does illustrate the level of thought that needs to be put into the Security Measures that one does put in place. Half the companies in the USA have 19 or less people in them. If one Dancing Bunny Install per year is the toxic line of concern, then we need less than 1 in 19 installs of the Dancing Bunny to be successful. 1/19 >= (1-R)**N N >= 15.8 Security Measures. In the case of Wrong headed or Even Felony levels of ability and determination to do harm by installing the Dancing Bunny, things get a bit tougher. Plausible estimate of the Mistake Rates of a Trained Professional, M=0.33%. Plausible estimate of the Felony Rate per year in the USA, F=0.01% The good news is that these odds are low enough we have to take into account the possibility that a Professional Blunder or a Felony just may not take place in any single year. Odds of No Blunder for a 19 Person team, (1-.0033)**19 = 93.9% Odds of No Felony for a 19 Person team, (1-.0001)**19 = 99.8% But, In the case of a Blunder or Felony, the security measures to prevent the Install of the Dancing Bunny need to be rather serious. Professional Blunder: 1/19 >= (1-.0033)**N, N>=890.8 Security Measures needed to prevent the Dancing Bunny Install. Felony Case: 1/19 >= (1-.0001)**N, N>=29442.9 Security Measures needed to prevent the Dancing Bunny Install.
Toggle Commented Feb 8, 2011 on The Dancing Bunnies Problem at Coding Horror
Maybe we cannot make the Odds zero. But, we can shrink them substantially. On Average, 114 security layers between an honest user and a Dancing Bunny should reduce the odds of success to only 1 person on the entire Internet. As a simple model lets take the odds that an honest person would commit a trivial, unaccountable crime at about 17% -- See Freakonomics for odds of white-collar honesty with bagels. Take R as .17. Then, take N as the number of security barrier a user must circumvent in order to get the Dancing Bunny. No for a tiny bit of binomial theorem, ("with many cheerful facts about the square of the hypotenuse.”) 1 = 1**N = ((1-R) + R)**N Let K be the times the user successfully reaches the Dancing Bunny. Then, the odds of a Dancing Bunny Install, DBI, are as follows. DBI = N! / (K! * (N-K)!) * (1-R)**(N-K) * R**N Lets assume that even one download of the Dancing Bunny is toxic. K needs to be zero as a goal. For K=0; DBI = (1-R)**N Then, N is the number of security barriers that need to be in place to make the odds of Successfully Downloading the Dancing Bunny less than 1 person on the entire Internet. Assume the Internet has 1.7 Billion users that are all honest but otherwise tempted to download the Dancing Bunny. 1 / 1,700,000,000 = (1 - .17)**N N is approximately, 114, security measures between the honest but tempted user and that Dancing Bunny Install. To be honest, that is a lot of security steps. But, I think it illustrates that the Dancing Bunny Install problem is impossible. Or in classic Matrix Lines, “while assiduously avoided, it is not without a measure of control.” – the Architect.
Toggle Commented Feb 8, 2011 on The Dancing Bunnies Problem at Coding Horror
Don Turnblade is now following The Typepad Team
Feb 8, 2011