Notes on Securing Cloud Databases 07/30/2011
 A couple weeks ago, I went to a talk on Securing Databases in the Cloud. The speaker was Mike Frank from Gazzang, a company that sells software to help with the exact problem he was speaking about: the risks with open source software tools and cloud hosting. The talk felt like a slightly awkward mix between promotion and education, but there was enough education that I got some good stuff out of it. I know the importance of security and am quite fanatic about having proper security practices and aiming towards zero trust policies anywhere possible. I still managed to pick up a few new things, including considering anew the security implications of cloud-based hosting. The most striking question that Mike brought up and which caused me pause was about virtual images. Hosting on AWS is extremely popular, and users have the perception of having a dedicated server. Most of my attention when thinking about security before went to security within the server (data architecture and encryption of data in the database) rather than security of the overall server image. Mike brought up the scenario of your AWS image, a virtual machine sitting somewhere in memory and disk, and an engineer somewhere having access to that virtual image and being able to do anything with it. How do you protect yourself in that scenario? Coming from that perspective, it made it obvious that security end-to-end and zero trust even of the (virtualized) hardware layer is important. During the talk, Mike spoke about encrypting data within MySQL, PostgreSQL, Drizzle, and NoSQL databases Cassandra and MongoDB. Mike is Director of Products at Gazzang and prior to that, he was one of the senior product managers for MySQL both under Sun Microsystems and Oracle. He clearly knew his stuff. Below are my notes from the talk. 1. Huge security risks out there. A new AWS instance spun up will get attacked (attempted) within minutes. 2. Non-obvious stuff that's important to protect:
6. Database encryption functions for data at rest. Keys on outside key store. 7. Gazzang's product is ezNcrypt. How they solve it:
9. Gazzang built on top of ecryptfs
Add Comment Ridiculousness of Griddle Cafe 07/28/2011
 This is my first blog post about food! Though it's somewhat off topic from my regular reading notes and entrepreneurship musings, it's something I care a lot about. Especially dessert (the most important part of a meal). [I did a research project about crêpes in Southern France during college!] I'll keep this blog post short in contrast to the portion sizes at The Griddle Cafe. Saying that this place is ridiculous is an understatement. The portions are so enormous that I was doing bicep curls with the takeout boxes of leftovers that I couldn't finish. This is the type of place where you go with a group of six and order just one dish and have more than enough food. As a chocoholic, I ordered the Black Magic pancake. Its menu description is perfect: "Disbelief will possess you as you're pulled under the spell of our crushed Oreo-filled flapjacks! Topped with whipped cream and Oreo cookie pieces." The only part they leave out is that you get THREE enormous pancakes (like falling off the edges of the plate, probably 10" in diameter each, 1/2" thick each). It's Oreo and chocolate overload, and I could barely finish one pancake myself. For me, the sign of a good restaurant is the presence of chocolate pancakes on the menu. (I'm collecting places around me that have them as it's somewhat rare!) The other pancake they're famous for is the Red Velvet, which was equally insane (it was literally Red Velvet cake in the form of a pancake). With such delicious and huge portions, the pricing is quite reasonable. The place has an old-style counter feeling, and it gets really busy, so you have to find the right time (like between meals or at the start of meals) to avoid the rush. I can't wait to go back again (and have leftover breakfast to eat for a week thereafter). Notes on Sleights of Mind 07/26/2011
 I thoroughly enjoyed reading the book Sleights of Mind: What the Neuroscience of Magic Reveals about Our Everyday Deceptions by Stephen L. Macknik and Susana Martinez-Conde. I just finished it recently, and as a hobbyist magician and someone equally interested in psychology and neuroscience, it was an incredibly engaging read. I saw the book on display at the Skirball Museum store after seeing the Harry Houdini exhibit there (which was a really cool anniversary surprise I got!). What I most enjoyed about the book was the tone of the authors in portraying human experience as a cognitive illusion created by our brain to promote our survival. Magicians are the cowboys that hack into our brain and mess with that illusion. How awesome is that? I recently saw The Matrix again for the first time after about 4 years of not seeing it (I had seen it about 3 times before that), and this book had an eerie resemblance in its main lessons about the brain and the simulation of reality that it creates for our experience. The connection to magic was amazingly delicious icing on top of that cake. I also enjoyed some of the philosophical discussions, which reminded me of an event I went to a while ago at the Center for Inquiry on magic, science, and skepticism. Below are my main notes on the book. I'm leaving out a lot of detail with respect to effect secrets for obvious reasons. ;) Even so, this is one of my longest blog posts due to the number of interesting things I learned (and how much I enjoyed the book). Introduction
Ch. 7: The Indian rope trick (memory illusions)
When Medicine Kills 07/21/2011
When medicine kills View more presentations from Max Mednik. This is a talk I gave at UCLA for our first-year communications class. It was inspired by stories I heard from my parents as well as my own personal experience watching my wife go through medical school. You can check out the PowerPoint via SlideShare below. Libby Zion was an 18-year-old freshman girl who had just started attending college in New York in 1984. She was admitted to the hospital with a high fever, and the only physicians who saw her that night were doctors in training known as residents, who had been working close to 36 hours straight and were busy with dozens of other patients. There were medical errors committed along the way, and within 24 hours of being admitted to the hospital, Libby was dead, and her family was mortified. Our current system of medical education is extremely suboptimal and urgently needs to change for the benefit of both patients and doctors. Why should you care about this problem that is rarely discussed? Sooner or later, you and your family are bound to get sick, and your lives will be in the hands of physicians out of your control. For instance, I’ve learned from my wife who is a medical student that June is the most dangerous month to go to the hospital because all of the residents and med students are brand new and are getting their first chance to “treat” real patients. The main counterarguments that aim to keep the medical training system as it is are a tradition of hazing new doctors, keeping costs down by employing fewer doctors, and allowing doctors to have continuity of care for patients without switching off too much, but I will demonstrate from the perspective of patients and doctors that these benefits are not worth their extreme costs. Though some changes have been made to reduce doctor hours to 80 per week with no more than 36 hours in a shift, further changes are still necessary because the problems for patients and doctors remain severe. The current medical training system is extremely dangerous for the patients it is ultimately trying to serve. When you consider the biggest causes of death on an annual basis (according to an Institute of Medicine report), the top four are the usual suspects: heart disease, cancer, stroke, and respiratory disease. But what’s shocking is that the fifth worst cause of death is medical errors, accounting for almost 100,000 deaths each year and costing our economy almost $20 billion, more than diabetes and Alzheimer’s. While most of the other causes of death are natural and hard to avoid, medical errors are by definition preventable. Research studies have shown that well-rested residents outperform tired residents on memory skills, interpretation of scans, and monitoring of patients, and doctors attribute more than half of their mistakes to sleep deprivation and having too many other tasks to do. In addition, a recent study in Nature magazine showed that after 24 hours of wakefulness, cognitive function deteriorates to a level equivalent to having a 0.10 blood alcohol content, 25% higher than the legal limit for driving. If we don’t let people drive their cars at that level, why are we letting them operate on our loved ones? But driving is not the only serious problem for doctors; in fact, it is just one of several severe risks the current medical education system presents for doctors just like it does for patients. According to an article in Academic Emergency Medicine, ER residents are seven times more likely to have a motor vehicle accident due to falling asleep at the wheel during their residency than before it. Not only are doctors physically in danger with the current system, they are also mentally suffering and losing their caring attitude towards patients. A recent New York Times article compared the suicide rates of doctors with the general population. The article showed that the suicide rate was 40% higher for male doctors and a staggering 130% higher for female doctors than general population. The most concerning piece of evidence, though, related to the training system’s effects on doctors comes from a study that reviewed real journal entries of residents. One journal entry stuck out but was representative of many other entries just like it: “It’s 1:00am, and I'm ready to go to bed when there's a code blue. Probably a nice man with a loving wife and concerned children, but I don't want him to live if it means I don't sleep. I just want to sleep.” It goes without saying that if the sleep deprivation is bringing individuals who swore the Hippocratic Oath to such a desperate, inhumane mental state, something is terribly wrong with the training system. Therefore, in order to produce better outcomes for patients and help lower the thousands of deaths due to medical errors like Libby Zion’s as well as to create more safety and caring attitudes for doctors, we need to improve the medical training system by reducing the number of hours doctors work and increasing the amount of supervision. There is plenty of demand to go to medical school, so it is simply about hiring slightly more doctors. There will already be plenty of need for more doctors with universal healthcare coverage and increased healthcare demand. What all of you can do about this important issue is to help publicize the problem and get the word out about it, such as through blogs and talking to any journalist friends you might have. In addition, by writing to your Congressmen and voting on issues related to medical training, you can help to change the system one day. But until that time, don’t go to the hospital in June.  Gary's audiobooks are extremely hilarious, filled with so much energy and personality that really rubs off on you. After enjoying Crush It, I decided to give his latest, The Thank You Economy, a shot. It did not disappoint. It seemed to be somewhat of an extension to Crush It in that it focused on social media marketing. However, it took it one step further and one level deeper by honing in on the concept of customer engagement and WOWing customers, a la Zappos. It made the bold prediction that companies who do not fully embrace a customer-centric culture will be extinct within 5 years. I did enjoy Crush It as a book more. CI seemed way more specific about actual actions and recommendations, while TTYE was more about trends and philosophy. Just like with CI, in the audio version of TTYE, Gary went off script many times, which were often my favorite little bits of the entire experience, updating the readers based on what has gone down since the book went to press and adding in various ad libs and funny non sequiturs. Below are my main notes and takeaways. I do think Gary's right in his predictions, and my personal philosophy has always been to treat others (especially anyone who's a "customer") as critically important. Finding unique ways to wow them like Gary has written is a great way to show this respect. Preface
Ch. 1: How everything changed except human nature
Ch. 4: From the top, instill the right culture
Part 4: Thank You Economy in action Ch. 9: Knowing where people want to go
Part 5: How to win in the Thank You Economy: Care
Notes on The Power of Less by Leo Babauta 07/16/2011
 A quick read (listen) that I enjoyed was The Power of Less by Leo Babauta. It was quite similar to The 4-Hour Workweek and Getting Things Done in its essence, though it was a bit less extreme and less detailed in its methodologies (this was both good and bad). I honestly found the book a bit too general/high-level as it tried to cover a very wide range of topics. The best parts were when the author wrote of his own personal experience and used specific details of life changes he made and how he went about that. The takeaways I liked best were applying constraints/limits to all aspects of life and choosing the 1-3 big, challenging tasks each day that are required to move towards one's long-term goals, rather than simply doing what's easy and taking care of low-hanging fruit. Introduction
Ch. 1: Why less is better
Ch. 3: Choose the essential and simplify
Part 2: In practice Ch. 7: Simple goals and projects
Ch. 9: Simple time management
Notes on Nudge by Thaler and Sunstein 07/14/2011
 I recently finished listening to the audio version of Nudge by Richard Thaler and Cass Sunstein. It was an enjoyable book, though it did have a majority of its background sections in common with other psychology books I've recently read having to do with natural biases and irrational decision-making. What I did like about this book was how it applied some basic principles to various areas of life, including managing money, saving for retirement, reaching health goals, and societal issues likes social security and organ donation. I think some of the suggestions in the book have a lot of weight, and I hope we implement them in the future. I also liked their philosophy of libertarian paternalism, as it gels with some of my own personal thoughts on how choices and systems should be designed: giving people the right to choose but helping to "nudge" them in the right direction. Intro: The cafeteria
Part 1: Humans and Econs Ch. 1: Biases
Ch. 6: Save more tomorrow
Ch. 10: Prescription drugs
Ch. 13: Improving education
Ch. 16: Ideas
Suzanne Nora Johnson on Leadership 07/12/2011
 I had the true pleasure of hearing Suzanne Nora Johnson address my leadership class taught by former Mayor Riordan. She spoke of leadership, courage, and what has allowed her to succeed in business and philanthropic initiatives. I especially enjoyed hearing about her personal philosophies and which thinkers she takes to heart. Johnson started her career as a lawyer and has worked in a variety of fields, including finance in the private and public sectors. In 2006, Forbes named her in its list of the 100 Most Powerful Women in the world. Most notably, Johnson worked as Vice Chairman of Goldman Sachs as Head of Global Marketing, from which she retired in 2007 to work on solving international problems. She now is Chairman of The Global Council on Financial Risk and on the boards of many large institutions including Pfizer, the Broad Foundation, and the Carnegie Institute. Johnson grew up in Chicago and had a large family with many first cousins. She went to USC and from there applied to law school. She clerked for a judge in the South to broaden her perspective and went on to practice law in New York for a couple years. She knew her goal longer term was to eventually work at the World Bank, so she applied to three investment banks to gain experience. That's what brought her to Goldman Sachs, where she eventually led the team to restructure emerging market debt. Compare and Contrast Johnson structured her talk by contrasting similar and often confused concepts.
Long-Term Philosophy
Notes on Moonwalking with Einstein 07/10/2011
 When I heard the Dean of UCLA Anderson mention Moonwalking with Einstein, I was caught off guard. The title was definitely unusual, and I had no idea what it was about. I knew it was about memory and psychology, and I figured it was worth a shot. I was definitely in for a treat. The book follows the story of the author, who was a journalist in his twenties and got randomly into the "memory training circuit" and decided to give the techniques a shot by trying to see how well he could improve his memory. He ended up doing quite well: winning the US Memory Championship and making a lot of deep friendships with Mental Athletes (MAs) around the world. The book was a really fun read, and I definitely learned a lot about memory and the history of memory techniques. In addition, I loved the philosophical discussions about the role of memory and how important it is to develop and cherish it for our human nature. It's also inspired me to look into a lot of the primary sources mentioned within it and to perhaps try to train myself similar to how the author did. The only question is when I can find the time to do that.... Below are my main notes on the text. I definitely recommend this book to anyone interested in psychology, memory, and general displays of awesomeness and freakish nature. Ch. 1: The smartest man is hard to find
The Story of Larabar 07/08/2011
 During my Enterprise and Venture Initiation class at UCLA Anderson, we heard a really "delicious" story of the founding and sale of Larabar. The founder Lara Merriken came to speak to us, and it didn't hurt that she brought free samples. Here are some of the most memorable takeaways and key points from her story. On inspiration Lara got the idea for her product in the spring of 2000 while hiking. She calls it her "intuitive moment" when she hungered for a healthy and delicious snack bar made of all natural ingredients. The rest is history. On starting Lara set out on a mission to create her signature bar with only six ingredients with household names: real fruit, nuts, and spices -- raw, vegan, and gluten-free. She was able to strike the perfect balance between health and taste and sustain it to reaching $20 million in sales in 2006. The day after she got the idea, she bought a Cuisinart and started experimenting at home. She even did some "customer development" from the beginning: she brought test batches to her friends and got great feedback; people starting asking her to buy them from her when they didn't get enough samples. When she made her first packaging, she realized she needed a name. No one could come up with a good name, and her friends already identified the bars with her personality, so they just said she should name it after herself. That's when Larabar was born. The first 500 bars were all made by hand. By 2003, they got the bars into a few Colorado stores and were delivering each batch themselves, handmade in Lara's kitchen by her staff of friends. Her first hire was her dad as COO, and she hired others whose titles were "do anything" (from shipping to answering phones to baking). Lara raised $150,000 from friends and family by word of mouth. She sent a simple business plan to people who helped her test the product, and she cared about having investors who believed in the idea for the long run. On expansion As they expanded to selling 40-50 million bars per year, they established numerous manufacturing partnerships and networks. In doing this, quality were her top priority. There was even a time when one batch of their bars got contaminated and a customer complained of finding something non-edible inside the bar. Lara talked to the customer personally, admitted fault, and pulled an entire batch from the shelves, being upfront with her customers and working hard to prevent this from occurring again. When Lara started selling at Whole Foods and other larger retailers, she personally did the sales in the aisles and got feedback from real shoppers. She found it critical to negotiate with Whole Foods so that she could control the distribution of her product for quality purposes, and she managed to do this as her bar was the only one of its kind at the time and selling out continuously. On perseverance Her biggest challenges at the start were finding manufacturers and persuading suppliers that her business was viable. She explained how it took tremendous faith and luck to get through some of those tough times when deals fell through or quality issues came up. Her advice to entrepreneurs is to "stay true to your vision, surround yourself with people who support you, don’t fear risks, and persevere because anything is possible and you can make it happen.” On selling Lara was approached numerous times about selling her business. When she decided she would entertain the idea, she flew out to meet with two companies. One company treated her almost disrespectfully, showing little hospitality and not giving her a sense of trustworthiness and passion for her business. This company, though, was offering her more money than the other company's offer. The other company -- General Mills -- took a different approach. They showered her with lavish hospitality, including an entire banquet table of healthy foods upon her arrival and a lot of passion for her business and her vision. She immediately felt at home and understood -- that this company "got" her essence and was on board to take it to the next level. She ended up selling of course to General Mills in 2008, which has allowed her to continue to be involved with shaping the product's trajectory but has taken care of expanding distribution and running day to day operations. Conclusion Overall, I greatly enjoyed hearing Lara's story, and I liked how she stayed true to her ideals and ethics throughout the growth of her business. | About Max Mednik
Max is an avid entrepreneur and student of life. He is a graduate of Stanford and founder of Ridacto and AMA Capital. He is a member of the business school class of 2012 at UCLA Anderson. He lives in Los Angeles with his family and spends his free time enjoying his many hobbies and interests.  ArchivesJanuary 2012 CategoriesAll SubscribeConnectFollow Me on Twitter  Connect on Facebook   Shazam Tags |
RSS Feed
