A couple weeks ago, I went to a talk on Securing Databases in the Cloud. The speaker was Mike Frank from Gazzang, a company that sells software to help with the exact problem he was speaking about: the risks with open source software tools and cloud hosting. The talk felt like a slightly awkward mix between promotion and education, but there was enough education that I got some good stuff out of it.

I know the importance of security and am quite fanatic about having proper security practices and aiming towards zero trust policies anywhere possible. I still managed to pick up a few new things, including considering anew the security implications of cloud-based hosting.

The most striking question that Mike brought up and which caused me pause was about virtual images. Hosting on AWS is extremely popular, and users have the perception of having a dedicated server. Most of my attention when thinking about security before went to security within the server (data architecture and encryption of data in the database) rather than security of the overall server image. Mike brought up the scenario of your AWS image, a virtual machine sitting somewhere in memory and disk, and an engineer somewhere having access to that virtual image and being able to do anything with it. How do you protect yourself in that scenario? Coming from that perspective, it made it obvious that security end-to-end and zero trust even of the (virtualized) hardware layer is important.

During the talk, Mike spoke about encrypting data within MySQL, PostgreSQL, Drizzle, and NoSQL databases Cassandra and MongoDB. Mike is Director of Products at Gazzang and prior to that, he was one of the senior product managers for MySQL both under Sun Microsystems and Oracle. He clearly knew his stuff.

Below are my notes from the talk.

1. Huge security risks out there. A new AWS instance spun up will get attacked (attempted) within minutes.

2. Non-obvious stuff that's important to protect:

• DB config files, log files, data directory
  
• Application source code
  

3. Ways to protect:

• Linux firewall
  
• AES 256, SHA 256, RSA
  
• OpenSSL
  
• mcrypt
  
• ecryptfs
  
• dm-crypt
  
• Cloud provider's firewall and security
  
• Encrypted cloud storage
  
• Encrypted file system
  
• Access control restrictions
  

4. Key management options:

• In database (less ideal)
  
• OS kernel key ring
  
• Outside database
  

5. Always use SSL for transport security

6. Database encryption functions for data at rest. Keys on outside key store.

7. Gazzang's product is ezNcrypt. How they solve it:

• On disk seamless encryption
  
• Keys stored outside DB
  
• Provide secure environment to run MySQL, Apache, PHP
  
• Handle ACLs
  
• Towards zero trust
  

8. Good article out there on issues with PCI compliance in the cloud

9. Gazzang built on top of ecryptfs

• They added keys and access controls
  
• All files are AES-encrypted so files stolen (like if AWS hacked) are worthless
• Performance hit of encryption: 1% hit on transactions per second and latency.
• Single passphrase and salt or RSA key for system
• Each file encrypted with separate key which master key can access. This allows changing the master key without re-encrypting all data (that's smart).
• Can also use their product to do PHP and perl encryption.

This is my first blog post about food! Though it's somewhat off topic from my regular reading notes and entrepreneurship musings, it's something I care a lot about. Especially dessert (the most important part of a meal). [I did a research project about crêpes in Southern France during college!]

I'll keep this blog post short in contrast to the portion sizes at The Griddle Cafe. Saying that this place is ridiculous is an understatement. The portions are so enormous that I was doing bicep curls with the takeout boxes of leftovers that I couldn't finish.

This is the type of place where you go with a group of six and order just one dish and have more than enough food.

As a chocoholic, I ordered the Black Magic pancake. Its menu description is perfect: "Disbelief will possess you as you're pulled under the spell of our crushed Oreo-filled flapjacks! Topped with whipped cream and Oreo cookie pieces." The only part they leave out is that you get THREE enormous pancakes (like falling off the edges of the plate, probably 10" in diameter each, 1/2" thick each). It's Oreo and chocolate overload, and I could barely finish one pancake myself. For me, the sign of a good restaurant is the presence of chocolate pancakes on the menu. (I'm collecting places around me that have them as it's somewhat rare!)

The other pancake they're famous for is the Red Velvet, which was equally insane (it was literally Red Velvet cake in the form of a pancake).

With such delicious and huge portions, the pricing is quite reasonable. The place has an old-style counter feeling, and it gets really busy, so you have to find the right time (like between meals or at the start of meals) to avoid the rush.

I can't wait to go back again (and have leftover breakfast to eat for a week thereafter).

I thoroughly enjoyed reading the book Sleights of Mind: What the Neuroscience of Magic Reveals about Our Everyday Deceptions by Stephen L. Macknik and Susana Martinez-Conde. I just finished it recently, and as a hobbyist magician and someone equally interested in psychology and neuroscience, it was an incredibly engaging read. I saw the book on display at the Skirball Museum store after seeing the Harry Houdini exhibit there (which was a really cool anniversary surprise I got!).

What I most enjoyed about the book was the tone of the authors in portraying human experience as a cognitive illusion created by our brain to promote our survival. Magicians are the cowboys that hack into our brain and mess with that illusion. How awesome is that?

I recently saw The Matrix again for the first time after about 4 years of not seeing it (I had seen it about 3 times before that), and this book had an eerie resemblance in its main lessons about the brain and the simulation of reality that it creates for our experience. The connection to magic was amazingly delicious icing on top of that cake.

I also enjoyed some of the philosophical discussions, which reminded me of an event I went to a while ago at the Center for Inquiry on magic, science, and skepticism.

Below are my main notes on the book. I'm leaving out a lot of detail with respect to effect secrets for obvious reasons. ;) Even so, this is one of my longest blog posts due to the number of interesting things I learned (and how much I enjoyed the book).

Introduction

• Book written by muggles (non-professionals) on magic
  
• First book on neuroscience of magic
  
• Why so vulnerable to sleights of mind?
  
• All secrets online; no major giveaways.
  
• Authors neurosurgeons
  
• Research on awareness
  
• Attended conference on visual illusions
  
• Sponsored illusionoftheyear.com contest (2011 winner shows change blindness)
  
• Moved conference to Las Vegas
  
• Realized magic is visual science and decided to study it
  
• Painters developed science of occlusion
  
• Neuroscience experiments clunky because subject can figure out
  
• But magic show subjects always fall for trick
  
• Scientists worked to learn magicians' techniques
  
• Friends with James Randi
  
• Met Teller, Mac King
  
• Humans have hardwired system of attention that can be hacked
  
• Magicians hack it
  
• Arthur Clarke: "Any sufficiently advanced technology is indistinguishable from magic."
  
• The best magic show in earth is happening in your brain right now
  
• Traveled world to study magicians and even developed own show and presented it at the Magic Castle
  

Ch. 1: The woman in the chameleon dress

• Tomsoni changing assistant dress white to red using visual illusion
  
• Brain constructs reality is based on what it expects, not what it sees
  
• Humans are the result of an epic journey of evolution
  
• Brain is an amazing prediction machine
  
• Create simulation of reality in head (consciousness)
  
• You're blocking out most of what is happening around you right now
  
• Difference between psychological principles and neuroscience explanations that discuss anatomy
  
• Visual system starts with photoreceptors in eyes converting light to electrical impulses
  
• Key ability is way to see contrast
  
• Fill in scenes based on context and actually change the image based on what you expect
  
• Eye resolution only 1MP each
  
• Richness of visual experience is an illusion created by your brain
  
• Magicians take advantage of contrast detection
  
• Take advantage of after images
  
• Black art method
  
• Blacklight and black sheets against black background
  
• Camouflage

Ch. 2: The secret of bending a spoon (why magicians watch their angles)

• Learned ambitious card routine
  
• The trick that fooled Harry Houdini after seeing it 3 times
  
• Dai Vernon fooled Houdini with this
  
• Sleight means cleverness from Norse
  
• Center of vision: can only have good resolution in center of field of view (miss details in periphery)
  
• Occlusion and perspective fool you
  
• Uri Geller spoon bending, mindread
  
• James Randi debunked
  
• Amodal completion: assume object full even when partially occluded
  
• Good continuation (Gestalt)
  
• Brain constantly making up its own reality even with no input
  
• Why solitary confinement is punishment
  
• Charlatans and psychics steal money (always illusion)
  

Ch. 3: The brother who faked a dome (visual art)

• Artists invented visual science before scientists
  
• Magicians created cognitive illusions like artists made visual illusions
  
• Linear perspective
  
• Color paling
  
• Trompe l'oeil
  
• Artist painted cuppola without physical dome
  
• Grand canal in Venetian hotel
  
• Fake sky that changes color
  
• Markus Cornelis Escher drew visual illusions
  
• Impossible staircase
  
• Vision can process only one part of staircase at time
  
• Small gradual errors along staircase hidden
  
• Global perception impossible; only local
  
• Op art movement: optical art
  
• Enigma painting: illusory motion
  
• Illusion starts in eye, not brain
  
• Mona Lisa smile enigmatic
  
• Smile can be seen only when look away from mouth
  
• Peripheral vision integrates cheeks into mouth when look at eyes; when look at mouth, don't see shadows and smile
  
• Leaning tower illusion
  
• Rotating snakes illusion
  
• Some stationary patterns initiate illusory motion
  
• Standing wave of invisibility illusion
  

Ch. 4: Welcome to the show (cognitive illusions)

• Pickpocket Apollo Robbins
  
• Magic of Consciousness Symposium
  
• Patter one of most important tools
  
• Hold direct or divide attention
  
• Continually touching while asking questions and giving commands
  
• Grab wrist then squeeze creates tactile afterimage
  
• Adaptation: senses adapt and we forget soon after initial sense
  
• Magicians masterminds of cognitive sensations
  
• Attention: taking possession by mind of one of various trains of thought; implies withdrawal from others
  
• Attention cannot be divided
  
• Cocktail party effect allows your name to be heard across room
  
• Not clear how brain affects attention
  
• Eye movement circuits orient attention spotlight
  
• Magicians control attention and eyes like marionettes
  
• Overt and covert attention
  
• Head fake in sports to direct attention to wrong place
  
• Joint attention of both attention and eyes
  
• Correct eye contact is looking left eye to right eye (to not cross)
  
• Theory of Art and Magic Workshop
  
• Misdirection
  
• Localize subjects attention to specific frame
  
• Big move covers small move
  
• Doves draw attention
  
• First action keeps attention; second less focused
  
• Over the top corny jokes keep more attention
  
• Time misdirection: secret method done at different time than when key attention
  
• Habituation: repeat moves innocently then change method
  
• Less activity in brain when habituated to stimulus
  
• Tricks embedded in natural actions
  
• Action with no purpose suspicious
  
• Inform the motion
  
• Decoy actions
  
• Mirror neurons
  
• Your mind has its own virtual eye, ear, body: virtual simulation of actions in mind's body
  
• Help understand actions of others
  
• Same neurons active when watching action as doing it
  
• Autism: deficit in joint attention, not looking at people's faces
  
• Magicians rely on joint attention to manipulate people's joint attention
  
• Failure to fall for magic tricks and social misdirection could be indicator of autism
  

Ch. 5: The gorilla in your midst (more cognitive illusions)

• Personal space
  
• As far as brain concerned, personal space part of your mind's body
  
• Saccades: eye jerk movements
  
• Fixations: moments between saccades
  
• Neurons designed to detect change so must keep changing eye locations
  
• Neurons by default fire slowly (adapt to save energy)
  
• Smooth pursuit: Smooth eye movement only when teaming moving object
  
• Differentiate between smooth eye movements and saccades to control attention
  
• Fast linear gesture vs. moving arc which keeps attention
  
• Visual perception suppressed during saccades
  
• Magicians know things about attention scientists do not
  
• Overt misdirection: draw eyes to area of false interest
  
• Covert misdirection: draw attentional spotlight away but without moving eyes
  
• Inattentional blindness
  
• Change blindness: failure to remember what just seen
  
• Founder of Madrid school of magic using psychology
  
• Gorilla video
  
• Brain suppresses distractors most during difficult task
  
• Multitasking is a myth
  
• Eye tracking shows that visual attention controls seeing, not eyes -- can miss details even in eye focus
  
• Situational awareness: heightened awareness of all details around you
  
• Serial awareness, not parallel
  
• Magicians split attention to multiple places so you get distracted
  
• International Conference on Art and Science
  
• Miguel Angel Gea Spanish magician
  
• Change blindness tricks
  
• Won't notice gradual changes if have abrupt interruption in between
  
• Things slowly change without our awareness (aging)
  

Ch. 6: The ventrilloquist's secret (multisensory illusions)

• World Championship of Magic by FISM
  
• Magic Olympics
  
• Max Maven mentalist
  
• Foley artists
  
• Food tastes better when hear sounds
  
• Puff of air from "p" and "b" sounds help you understand language
  
• McGurk effect: eyes can fool ears
  
• Brain quickly merges conflicting signals
  
• Senses cross activated
  
• Phantom limb
  
• Synesthesia (hello Moonwalking with Einstein!)
  
• Auditory
  
• Time-space
  
• Mirror touch (sense touch when seeing others touch)
  
• Due to increased crosstalk between brain regions
  
• Senses separate but experience coherent
  
• Some neurons specific, some multisensory
  
• Feature integration system in brain
  
• Rapid patter and sound combos fool
  
• Terry Fator ventriloquist
  
• Ventriloquism means speaking from stomach
  
• Multisensory illusion
  
• Used by shamans and Romans to speak with g-ds
  
• Films are a form of ventriloquism
  
• Flicker fusion
  
• Persistence of vision when frame rate high enough
  
• Phi phenomenon
  
• Stroboscopic effect
  
• Story of mnemonist journalist with synesthesia who remembered details without taking notes
  

Ch. 7: The Indian rope trick (memory illusions)

• Hoax article in journal made up the trick
  
• People still reported seeing it
  
• Unreliability of memory
  
• People believe rope tricks to be true if hear them enough
  
• People confabulate true stories with false ones
  
• Magicians rewrite history when describing steps taken
  
• Misleading info given after event confuses with real story
  
• Suggestions and priming affect memory
  
• Procedural/muscle memory
  
• Declarative memory: semantic and episodic
  
• Semantic is facts
  
• Episodic is events
  
• Each time memory is used it gets stored anew and modified
  
• Flashbulb memories alter them
  
• Memory source confusion
  
• Forcing and then using language to implant false memories of freedom
  
• Crimes of memory, unreliability of eyewitnesses
  
• Mnemonic memory techniques
  
• Peg system
  
• Method of loci/memory palace
  
• Weird and outrageous images on route, interactive
  
• Mention of Joshua Foer
  
• Perils of total recall memory: Woman Who Can't Forget book about woman with perfect memory; too frustrating
  
• Hot reading: look up audience member info ahead of time online and "read mind" to discuss background (all memorized)

Ch. 8: Expectation and assumptions (how magicians makes an ass out of u and me)

• Mac King
  
• When magicians make mistakes, just glide along and reset; no one will notice
  
• When repeat tricks, keep changing method
  
• Theory of False Illusions
  
• Closing all the doors (of explanations) until only explanation is magic
  
• Brain plasticity, increasing predictive abilities
  
• Habituation through synaptic plasticity
  
• James Randi offers $1 million prize for proof of paranormal activity (not collected for 20 years)
  
• Mentalism relies on audience assumptions
  
• Priming: ethnic vs. gender priming affects test scores
  
• Reduce number of actual choices; makes mentalism possible
  
• Combine with priming
  
• Level of a person's bias measured by reaction time to concepts conflicting with their bias
  
• Magicians use bias and priming by giving hint that some method used and then showing it's not
  
• Children harder to deceive because don't have built up biases and predictions
  
• Infants younger than 9 months have little or no object permanence
  
• Infants are statistical learning machines
  
• Study: babies will look longer at impossible events than possible ones
  
• Shows they do have some object permanence concept at 3 months
  
• Theory of Mind: consider others' state of mind
  
• Sally and Anne Doll Test to see if child developed Theory of Mind
  
• Attention comes from inhibitory neurons to remove distractions
  
• Children able to take in more impulses
  
• Children have less structured sense of time
  
• Older children have linear stream of time
  
• Magicians need structure of infallible rules they can break
  
• Magic requires age 5
  
• Younger kids like coin from ear, needle through balloon, animated objects (none requires theory of mind)

Ch. 9: May the Force be with you (the illusion of choice)

• James Randi mentalist
  
• Force and lie when retelling process
  
• Mathematical forces
• One ahead principle: magician stays one step ahead of subject
  
• Flow based on choices so far (remove versus keep)
  
• Confabulate: justify choice in mind
  
• Idea: conduct choice blindness experiments using magic
  
• We are unaware of our unawareness
  
• When forced to swap choices, we will justify our rejected position and confabulate
  
• Cognitive dissonance allows magicians to make subjects feel like make free choice
  
• Free will not truly free
  
• We are always constrained by something
  
• Brain unconsciously choosing, then conscious notices it
  
• May not have free will
  
• Free will is a sophisticated cognitive illusion
  
• Our laughter at times is uncontrollable
  
• We're not in control; just along for the ride
  
• Study: We have patterned electrical brain activity seconds before a decision (electrical activity seconds before predicts decision)
  
• Brain is a correlation machine
  
• 2 effects cause illusion of free will
  
• Agency effect: you ascribe coincidences to your actions and agency; (example: think of someone and they call you at the same time)
  
• Exclusivity effect: can't think of any reason besides the one where you cause action or event; can be influenced very easily by others (example: not wanting to copy others)
  
• Free will is illusion caused by flesh
  
• Conscious will is an illusion, but morality still real
  
• Can a machine read your thoughts?
  
• fMRI research
  
• Not yet well but can in constrained situations
  

Ch. 10: Why magic wands work (illusory correlation, superstition, hypnosis, and flim flam)

• Ouiji board
  
• Satanic control
  
• Superstitious beliefs are illusory correlation
  
• Ideomotor effect: brain sends micro-impulses to muscles
  
• Ouiji cursor moves when group consensus
  
• To prove ouiji false, blindfold users
  
• Observers assume repetitions always same but never are
  
• Human compulsion to find patterns in world even when not there
  
• Illusory correlation is why some believe they are psychic
  
• We don't remember false predictions, times we were wrong
  
• Availability bias
  
• We remember our own actions more than others
  
• Conflict- and surprise-detecting brain areas
  
• Gamblers fallacy
  
• Idea that knowing past can help predict future
  
• Monte Hall problem
  
• Should always switch
  
• Doesn't match intuition
  
• Psychics learn about you before show
  
• Cold reading about reading behavior and making general statements that apply to all
  
• Cold reading teases out info by making statements that act like questions (intonation increases at end of phrase)
  
• Flatter subject
  
• Tell them what want to believe
  
• Hypnosis can work
  
• Hypnosis affects Stroop test
  
• In hypnotizable people, suggestions can change them
  
• 10-15% of people hypnotizable
  
• Placebos work
  
• Paul Zak at Claremont magician and neuroscientist
  
• Oxytocin released when trusting conman
  
• Conman shows you he trusts you which hooks you
  
• Investment fraud: mass emails "accurately" predicting outcomes by trying all variations
  
• Madoff
  
• Illusion of exclusivity
  

Ch. 11: The Magic Castle

• Neuromagicians
• Tryouts to join club
  
• Lack of women in magic
• But in Asia there are
• Judgment criteria
• Good enough to not embarrass Castle
  
• Not going to reveal secrets by accident
  
• Must know timing to demonstrate that know when magic happens
• Categories of magic
  
• Appearance
• Vanishing
• Transposition
• Restoration after destroyed
• Penetration
• Transformation
• Telekinesis, levitation, animation, spoon bend
• Mental or physical feats, mind reading, catch bullet
• Immense practice
• Motor map in brain
  
• New neural connections
• Motor maps increase in size with practice
  
• Functions move from higher level regions to lower level regions as gain expertise
• Magicians perform routine by rote
• Sleight of hand requires making move while making appearance of another
• Analyzed French drop movements scientifically
• Skilled magicians required to make ambiguous hand movements
• Acting is a required skill for magician
  
• Robert Houdin: "the magician is an actor who makes you think he has powers"
• Magicians were famous inventors
• No new tricks since 19th century
• Catching bullet
  
• Mechanical Turk: calculating machine that played chess
• magicians and spies collaborated
• Larger action covers smaller action
• Managing sight lines to do clandestine moves unseen
• Made it to Castle membership

Ch. 12: Will magic go away?

• Great magic not about secrets but about hacking the brain
• Like live music performers, tons of practice required
• Secret (like an entrepreneur's idea) is minimal component
• Exposure of secrets huge violation of group ethical standards
• Magic helps science so should cooperate more
• Should make secrets available for enlightened self interest
• Magic by expert still amazing even if know secret
• Mirror neurons link action and perception
• Get more active the more expert you are when you watch someone else do it
• Learning magic makes you like it more
• Illusions not mistake in brain design but critical to perception system
• When you look at a page in a book indoors and outdoors, it looks exactly the same. But outside 10 million times more bright and different quality of light so look is definitely not the same. 
• Brain runs 2 processes: brightness constancy and color constancy
• Your view of book page thus an illusion
• Visual illusions help you survive in complex world when you exit from the cave
• Cognitive illusions keep you alive
• Use magic to increase rate of cognitive discoveries
• Science will not make magic go away just like sunrise still looks beautiful after understood
  
• Science adds to the experience and enriches it
• Magic manipulates the core of our being
• Brain so easily fooled
• Spotligbt of attention
• Blink vs. Invisible Gorilla (intuition versus rational thinking)
• Both ideas right
• Brain signals can be weak and fuzzy
• Attention serves to change strength of signal
• Reasoning through important in order to direct attention

Epilogue

• Do one thing at a time (multitasking is a myth)
  
• Keep records of important Information immediately after event happens (memories fallible)
  
• When make mistake, move on and don't worry about being noticed (people have very limited attention width)
  
• People will tell you what you want to hear/coldreading (psychic, salesperson); try changing your story, and if the selling points change, they're not being honest
• When negotiating in personal relationships, disarm with charm (magicians' method)
  
• Don't think about something when don't want other person to know; your gaze telegraphs thoughts (eyes control other person's attention)
  
• When deciding, make list of all hard facts and intuitions and consider each one fully, then decide quickly (combining intuition and rational thinking)