2015 Resolutions

Happy New Year!

I really love making resolutions for the new year. The new year’s celebrations can feel over-hyped, and cliche, but I think there’s really something to be said for having ritual “reset” button on parts of your life. Just like Lent, or ritual fasting, new year’s resolutions are a way to step back and find ways to improve yourself, even if they are tiny steps.

Aside from my personal goals, which you can read about here: http://agrainofwalt.blogspot.com/, I have some professional goals too. Here’s what I’m shooting for in 2015:

  • Submit 2 journal articles
  • Write 2 blog posts per month:
    • 1 will be a review and discussion of a journal article that I’ve read
    • 1 will be about some interesting science-y thing that I’m interested in
  • Use the “git” version control system for all my code
  • Update my home page
  • Diversify my passwords

Allow me to elaborate on each of these.

Submit 2 journal articles

As all scientists know, publications are the currency of our profession, whether we like it or not. I haven’t been as productive in this area as I would like, but this year I have a lot of “low hanging fruit” to harvest. Most of my dissertation research is currently un-published, and there is at least one article I can get from that.

A second article will hopefully come out of my work at University of Miami with Prof. Brian Mapes. We’ve been working on this idea of estimating the “Lagrangian” moisture tendency of columns of air in an “Eulerian” framework. The Lagrangian tendency is the tendency you calculate from following a fluid element, or in this case a column of air in the Tropics. The idea might sound complicated, but in practice our approach is very simple and elegant. Hopefully people will find this study a novelty, but we’ll have to wait and see what the reviewers think.

Write 2 blog posts per month

I like writing blog posts, and I like having them to look back on, but they are so time consuming! Writing is something that I’ve never been very good at, so I need all the practice I can get. Plus, writing about my ideas helps me develop them.

I got inspired to start writing blog posts on papers I read from my buddy Mike Pritchard. For his Ph.D. he published a series of web pages on papers for the literature review of his dissertation. Initially, this was only to help him remember what he’d read and put it in context to other papers, but he ended up getting a lot of traffic to his site when people would search for those papers. A blog is the perfect for this kind of thing. Creating new posts and searching through old posts is pretty straightforward, and easy to integrate into a professional website. I hope this is something that can catch on in future generations of scientists.

The best part about this goal is that it’s quantifiable!

Use Git

I’ve been having some serious issues with the hundreds of files and thousands of lines of code that I write when I’m doing research, and I’m pretty sure that I’m not alone. Perhaps the biggest issue is that I don’t have a good way to synchronize my work across 5-6 Mac and Linux machines. This includes

  • scripts to do large calculations
  • scripts to analyze data
  • System Configurations (like a “.bashrc” file)
  • function libraries to modularize code (and shorten it!)
  • Large data files (gigabytes and sometimes terrabytes)

It turns out Git, along with github.com, is a great solution for everything except large data files. When I first started looking into this It seemed like overkill for a solo researcher, like myself, and to some extent it is. I probably won’t ever use the advanced features that most private sector programmers will use, like branching. I also probably won’t ever collaborate with someone in such a way that we are all working on the same batch of code.

All I need is something to sync code across lots of machines, and Github works great as a central repository of simple text files. I also love being able to use “diff” to compare how files have changed. Even as a solo researcher, I often forget what changes I’ve made, so this is going to come in handy.

Another important aspect of changing the way I do things is that my file and folder structure needs to be homogenous across all machines. This has always been hard for me. On my macbook I have a “Research” folder, which contains various folders for projects. Each of these folders has both code AND data. On the various servers and super computers that I use to do the bulk of calculations I also have a “Research” folder, but the data is often on some other mounted volume. This leads me to hard code my data directories differently on different machines.

BUT, I recently realized how to fix this problem! I realized that even if data is stored on some other mounted volume, I can “link” to it with symbolic links! In other words, I can make a “Data” directory in each of my home directories, and it doesn’t matter whether it’s an actual folder or just a soft link to another folder. So now all my code can reference this “Data” folder in the same way, no matter where it is! I can also do a similar thing with the atmospheric models that I work with.

Screen Shot 2015-01-03 at 4.59.26 PM

Update my home page

This one is pretty simple. I’ve realized that I my home page is a bit wordy, so I’d like to update it. Finding a better picture of myself would be nice too :-/. I might also make a separate “Research” page where I can elaborate on all the stuff I’m interested in doing research on.

Diversify my Passwords

This last one is sort of a personal goal as well, but I thought it would be good to include here. I have the problem where I have nearly a hundred passwords to keep track off, but I reuse about 10 passwords for everything. Even though I have a good system for remembering my passwords, I have trouble coming up with new ones.

I started thinking about this when I saw this comic from xkcd.com:

password_strengthI think this idea of “pass-phrases” instead of “pass-words” makes a lot of sense, and many other people do too. There’s even been some research on this idea that is summarized in this TED talk by Lorrie Faith. However, this is a very contentious issue among security professionals. They can’t even agree on what the problem is! Most will say that people choose passwords that are too easy to guess, and they reuse a few passwords instead of having many divserse passwords. Other people, such as this guy, think that people should reuse passwords, but use a password manager to make their passwords secure.

As Lorrie Faith mentions, her research found that although pass-phrases like “correcthorsebatterystaple” are generally stronger than pass-words, they aren’t necessarily easier to remember. Since they involve so many characters, users tend to make more mistakes typing them out, and stringing random words together doesn’t ensure that the order of those words is memorable. Personally, I find pass-phrases easy enough to memorize, especially if you keep a document of mnemonic devices, such as little codes or hints.

I also think having a system that makes all your passwords “similar” makes having lots of diverse passwords easier. Lorrie mentions a nice example in which each password takes the form:

[noun]   [verb]   [adjective]   [noun]

I think an even better strategy for memorable passwords is to categorize your nouns. For example, let’s say the password form was:

[verb]   [north american land mammal]   [adjective]   [type of coniferous tree]

So some examples might be:

  • RunningBearSmellyPine
  • SkiingMooseTinyRedwood
  • SwimmingBeaverBlueCedar

You might not remember any one of these all the time, but having a theme that runs through most or all of your passwords would be very helpful when trying to decipher a clue that you left for your future self.

So, my last goal this year is to come up with such a system, and update all my passwords in hopes of feeling a little better about the security of my data.


3 thoughts on “2015 Resolutions

  1. Hank Roberts

    I quit reusing passwords when I read that — once any single password is compromised — the thieves search for other sites that have your _email_ in their less well protected records and try the compromised password on those. Apparently it’s quite easy to do that.

    So i use a unique ‘throwaway’ email to register at any site I distrust — Sneakemail is one good provider. (Then if I get spam to that email I know that site’s database has been sold or stolen and cancel it)

    So combining a unique email and a unique password is belt-and-suspenders. Not perfect; what is?

    You might want to look into either a home-computer-based password tool (“Password Wallet” is one I use) or one that lives in the cloud (“LastPass” is one) — either of those can be used from any or all of the devices you may have (PW works standalone, if you might want to give someone else an individual password; LastPass doesn’t even wake up until you connect online). Both can generate complicated unique passwords.

    That means I never could remember my password for anything if I didn’t have my computer or phone or PDA handy to look it up.

    But then again, the only times I might need my passwords when I wasn’t actually able to get online would be
    (1) when the NSA or kidnappers had me tied up in the basement demanding them, or
    (2) when I was incapacitated and my heirs needed them.

    For the latter, I give them a fairly frequently backed up copy of the database, suitably protected.
    Of course then I’m relying on _their_ having a secure password for _that_ ….

    1. Walter Post author

      That’s a very interesting strategy to use all those different emails, but it seems like it could easily become hard to manage.

      1. Hank Roberts

        It’s impossible unless you use a password manager.
        But once a scammer gets one password on one site, they can search for the net and find anywhere else you used that same email, and try that same password.
        With a password manager there’s some hassle (most of them will detect the login/password field and try to fill it automagically _if_ you enable that feature). At worst you click in the login field, then click in the userid of the manager — then click in the password field, and click in the password field of the manager, to fill them. That way at least you don’t automatically send your userid and password to something that’s not the right place where it might be recorded. And again, with unique email and password for each site, at least that’s contained.

        I’m sure there are better ways, this is just the best cautionary approach I’m aware of.


Leave a Reply

Your email address will not be published. Required fields are marked *