...

Saturday, September 25, 2010

Debian 22

It's been a long time since I've written a Debian article. Well it's been a long time since I've written anything! Well, today I'm going to jump back onto the wagon with a quick tutorial to get your Linux system joined to an Active Directory Domain.
This article assumes that the Active Directory Domain is already fully functional. This is some background information for reference before we get started:
Domain Name: syraxius.ath.cx
Domain Controller Name: dc01.syraxius.ath.cx
Domain Controller IP: 192.168.1.2/24

We'll have to first synchronize our clocks with the Kerberos server. Like most authentication schemes, this is crucial. In this case, we'll make use of the already-installed NTP daemon which can function as both an NTP server and client. We'll modify the configuration file by typing:
nano /etc/ntp.conf

Scroll down to any of the servers section, and add your DC into the list:
server 192.168.1.2

Now, do a restart of the NTP server:
/etc/init.d/ntp restart

You should be able to see your DC listed when you type:
ntpq -p

We'll have to find some way to allow our Debian system to authenticate with an Active Directory server. This is accomplished through the Kerberos protocol. We'll install Kerberos through:
apt-get install krb5-config krb5-users

When prompted for the Kerberos server and the Administrative server for the realm, we'll use the FQDN of our Domain Controller, which is dc01.syraxius.ath.cx.

The settings are stored in the file called /etc/krb5 just in case things doesn't work out. The information you entered is under the "[realms]" section. The default realm can also be changed in the "[libdefaults]" section.

To test if our Kerberos implementation works, use the command:
kinit Administrator

kinit is a binary found in krb5-user package. This requests a logon for the user "Administrator". If no error messages occur, use the following command to check for a ticket:
klist

Now if everything's fine, you can move on. At this point we'll install Samba and Winbind:
apt-get install samba winbind

winbind is a component of samba which allows UNIX systems to be full members of an Active Directory domain. Winbind shares the configuration file of samba, which is /etc/samba/smb.conf.

After installing, we'll modify the /etc/samba/smb.conf file. The first thing we'll look out for is the workgroup. The workgroup is the Netbios name of the domain. So if I'm using syraxius.ath.cx for the domain, we'll type:
workgroup = SYRAXIUS

At this point we'll need to add a line to specify the realm. This is required when we attempt to join the domain. To do this, we'll simply type:
realm = SYRAXIUS.ATH.CX

Scroll down to the Authentication section and you'll find the line "# security = user". Add a new line to use ADS (Active Directory Service) like this:
security = ads

Directly below the domain master parameter is the UID mapping parameters. Simply uncomment them:
idmap uid = 10000-20000
idmap gid = 10000-20000
template shell = /bin/bash


We'll also have to allow winbind to enumerate the users and groups. Uncomment the below lines:
winbind enum groups = yes
winbind enum users = yes


You can also allow usershares by uncommenting the usershare section below. Usershares allow non-root users to create share definitions. We'll ignore this one for now.

Save the file and attempt to join the domain using the command:
net ads join -U Administrator

Restart winbind and samba and you should be able to use winbind to list the users and groups using:
wbinfo -u
wbinfo -g


You are still not able to do anything other than list users. If you want to log into the system with the accounts, you'll need to modify the /etc/nsswitch.conf file to look outside of the local databases. To do this, modify the file as shown:
passwd: files winbind
group: files winbind
shadow: files winbind


Next, we'll have to modify the AAA settings of the system to use winbind as well. The files to modify are:
/etc/pam.d/common-account
/etc/pam.d/common-auth
/etc/pam.d/common-session

For account, we'll add the line above the current rule:
account sufficient pam_winbind.so

Do the same for auth and session, changing the "account" keyword to "auth" and "session" accordingly. At this point you should be able to log into the system by using the domain\username convention. For example, to log into the Administrator account, simply use syraxius\Administrator as the username.

Notice that you're dumped to the root folder of the system once you're logged on. We'll now work on creating the user home folders. First, we'll modify the /etc/samba/smb.conf and add the following line below "template shell":
template homedir = /home/%D/%U

%D is substituted with the domain name (SYRAXIUS) and %U will become the user's name. However, the configuration isn't complete yet as you'll need the folder to exist first. This can be done automatically using pam_mkhomedir.so. We'll modify /etc/pam.d/common-session and add the following lines above all rules:
session required pam_mkhomedir.so skel=/etc/skel umask=022

Now you're done! But if of course, there is still some stuff that we can do. If you do not want to use the domain\name notation when logging in, simply add this line in /etc/samba/smb.conf below the "winbind enum" parameters:
winbind use default domain = yes

Now you have a domain-joined Linux computer!

Wednesday, September 8, 2010

Psychology 02

Study the following optical illusion:

Now, if I were to tell you that the color of the tiles at A and B are the same, you wouldn't believe me.

However, once I add in a bridge to connect the two tiles, the fact is obvious:


However, if you look at the original picture again, the illusion comes back. Even though you consciously know that the shades are the same, your brain still tells you that they are different.

Vision is one of the best things human do. Vision takes up more of the brain's resources than anything else. Apart from necessary motor functions, vision is the most active skill we use daily.

Looking back at the optical illusion question raises a question: If we can make such predictable, consistent and reproducible mistakes even in vision, what about all the other processes that goes through our mind?

Optical illusions can be seen as a metaphor for human rationality. Can we be sure that we do not make the same revealing mistakes we do in vision when we make financial decisions? Like how optical illusions trick our vision, cognitive illusions can trick our thinking just as well.

However, cognitive illusions are more difficult to present. Refer to the following chart:


This is an actual data collected by a 2003 Science paper. What's presented here in the chart is the various percentage of people in different countries in Europe who opted to participate in an organ donation program.

From the diagram, we can clearly see that countries on the left and right are on opposite ends in terms of participation. The first thing we'd assume is that there must be some sort of cultural differences. However, upon further observation, you'll realize that Denmark is actually culturally similar to Sweden, but we have very different results. The same applies to Germany and Austria, Netherlands and Belgium, and UK and France.

A great concept is demonstrated here. What actually caused the great variation between the countries is the form used to gather the data. For the countries on the left, the form says:

"Check the box if you want to participate in an organ donation program",

on the other hand, countries on the right has:

"Check the box if you don't want to participate in an organ donation program".

In both cases, most of the boxes were not checked.

It is hard to believe that such "forms" can actually influence our decision making so much, because we feel like we have the driver seat of our lives. When you do things in your daily lives, you get to do things according to your own decisions. But are those truly your own decisions, or the decision of someone who designed your "form"?

Now, a standard rational economist would argue that most people do not care about their organs because it is something that takes place after they die. The cost of lifting the pencil to check the box is higher than the possible benefits that they can gain from it.

Dan Ariely, a behavioral economist, believes instead that people care too much. For most people, making the decision of donating your organs is so complex that they do not know what to do. Because they do not know what to do, they would pick whatever was chosen for them.

This effect not only applies to the general population, but it also applies to professionals as proven by a paper by Redelmeier and Schaefer. There are two groups of physicians and they are given a case study each. For the first group, the case study goes:

"There is an eighty-year-old patient suffering from pains in his right hip. You decided a few weeks ago that none of the medications are working, so you referred the patient for operation to have his hip replaced. Yesterday, you reviewed the case and you found out that you haven't tried ibuprofen. What do you do?"

Well, all of the physician suggested to delay the operation and try ibuprofen, which is good. Now, the second group is given the following case:

"There is an eighty-year-old patient suffering from pains in his right hip. You decided a few weeks ago that none of the medications are working, so you referred the patient for operation to have his hip replaced. Yesterday, you reviewed the case and you found out that you haven't tried ibuprofen and piroxicam. What do you do?"

Now, the problem suddenly becomes complex. Now you have two medications to try out - do you carry on with the planned operation, or do you pull the patient back? If you actually pull the patient back, which medication do you try first? Ibuprofen or Piroxicam? Suddenly, with just one extra decision to make, carrying on with the operation seemed to be a much simpler task. Most of the physicians then chose to let the patient go through hip replacement.

Now, no physician would tell you that: "Oh, I have three decisions to make: Ibuprofen, Piroxicam, and Hip Replacement. I choose Hip Replacement". However, once something is set as the default, it has a huge power on whatever people end up choosing.

Another example brought up by Dan Ariely is this: Suppose that you were given a choice of going to Rome, or going to Paris. All expenses paid. Both destinations have their own culture and so on, so they get almost equal amounts of votes.

However, once you add a third, inferior choice to the mix, things start to change. Suppose that the third choice would be a trip to Rome, all expenses paid except that breakfast is not served and you would have to pay for it yourself. At first, this may seem like it does nothing, but what this actually does is that the addition of the inferior choice actually makes Rome with all expenses paid a superior choice, even over Paris.

Dan Ariely also conducted another experiment in MIT involving subscription. Students were given this subscription form:

1) Web Subscription $59
2) Print Subscription $150
3) Print and Web Subscription $150

The results were that the Web Subscription is the least popular at 16% while the Print and Web Subscription took the other 84%. Nobody chose the standalone Print subscription.

Well we would think - If nobody chose the Print subscription, we can then eliminate it from the list. A second group of students were given this form:

1) Web Subscription $59
2) Print and Web Subscription $150

Now, results became radically different! The Web Subscription now gathered 68% of the students, while the Print and Web Subscription dropped to 32%. The option in the middle was useless in the sense where nobody chose it, but it's not useless in helping people make decisions. The presence of the middle option made the combo option a fantastic deal.

The general idea is that we do not know our preferences that well, and because of that, we are susceptible to external forces such as these. This force works not only in general decision-making, but also in our natural human instincts. A fine example is how we choose our partners.

Dan Ariely decided to use two CGI images of males: Tom and Jerry. Again, two groups were tested. The first group had an added uglier version of Tom, and the second group had an added uglier version of Jerry. In the first group, Tom became significantly more popular than Jerry, and in the second group it's the other way round.

In Standard Economics, humans are viewed as such:

"What a piece of work is a man! How noble in reason! How infinite in faculty! In form and moving how express and admirable! In action how like an angel! In apprehension how like a god!" - William Shakespeare (Act II. Scene 2 of Hamlet)

Now, in modern Behavioral Economics, the view of ourselves is not as generous. In fact, humans are viewed plainly as sheep which we can manipulate and herd. Humans are attracted to "Free Lunch", and we should build everything based on it.

In the physical world, we build everything based on our limits. For example, we can't fly, so we build steps to help us up. We can't reach the television from a distance, so we build remote controls. However, in the mental world, we tend to forget our limits. If we can better understand these limits, we can better shape our decisions.

I'll end this article by recommending this book if you would like to know more about Behavioral Economics: Predictably Irrational

Tuesday, September 7, 2010

Psychology 01

There exists a problem known as the Candle Problem, proposed by Gestalt psychologist Karl Duncker to measure cognitive performance. Recognizing the potential of the Candle Problem, Sam Glucksberg used it as a means to test incentive-driven motivation. This led to one of the most robust, and ignored, findings in social science.
In the Candle Problem, participants are given a box of nails and a candle. The objective of the Candle Problem is to attach the Candle to the wall in a way that the wax would not drip to the table.

Many would nail the candles to the wall, and the rest would attempt to attach the candle to the wall horizontally by dripping wax - The correct solution to this problem is to nail the box holding the nails to the wall, then placing the candle on it.

When two large groups of subjects were given this task - one promised a large monetary reward, and the other a small one - the group promised the larger reward took an average of four minutes longer to come up with the correct solution. This is the exact opposite of what one would expect monetary incentives to do.

The Candle Problem was then modified so that the participants were presented with nails already out of the box. With the same incentives given, the group with the larger incentive did significantly better!

There is a mismatch in which what science knows, and what business does. What incentive does is that it narrows the vision. It causes the mind to focus on the goal. In the modified Candle Problem, the incentive allowed the participants to perform very well because the goal was very direct - to nail the box to the wall, and place the candle on it. In other words, when incentives are given, the left brain tends to be more dominant over the right, and critical thinking is discouraged.

However, the original Candle Problem required a peripheral perspective instead of the directed focus. In situations where thinking out of the box is required, incentive only shrouds and blinds. Every single one of us are dealing with our own Candle Problem, and the solution to our Candle Problem is often mystifying and hidden. What we truly need is to do Right Brain thinking, and incentives fail to motivate that.

The Massachusetts Institute of Technology led a series of test in which groups are given incentives for doing a set of games. As long as the games involved purely mechanical skills, incentives did as expected. However, once the games involved even rudimentary cognitive skills, the larger reward led to poorer performance.

This concludes that incentives lead to a NEGATIVE impact on overall performance.

Too many organizations are making decisions based on assumptions that are outdated and rooted more in folklore than science. If we really want performance, the solution is not to entice people with more money, or point a larger gun at them.

Dan Pink, an urban socialist, proposed a new operating system:

Autonomy: The urge to direct our own lives.
Mastery: The desire to get better and better at something that matters.
Purpose: The yearning to do what we do in the service for something larger than ourselves.

Management is the ancient and conventional way of handling people. Management is great traditionally if we want compliance. If we want engagement, self-direction works better.

Atlassian, an Australia-based software company, applies this concept flawlessly. For a few days each year, employees have to comply to Fedex Days. On a Fedex Day, they are given free time off to work on anything other than their projects. A large portion of the company's breakthrough came from this autonomy.

This worked so well that Google adopted it. In the 20 Percent Time scheme, Engineers are given autonomy for 20% of the day over their time and tasks. Things like GMail, Orkut, Google News are all birthed during 20 Percent Time. More than half of the company's productivity comes from the 20 Percent Time.

An even more radical example is the ROWE. ROWE stands for the Results Only Work Environment. In ROWE, people don't have schedules. They show up when they want, and they don't need to show up at the office at all as long as they get their work done. Meetings are optional. In a ROWE environment, productivity goes up, engagement goes up, morale goes up and turnover goes down.

In the mid-1990s, Microsoft came up with an encyclopedia known as Encarta. In Microsoft's model, writers are paid very good money to write and edit thousands and thousands of articles.

A few years later, an open-source encyclopedia with a completely different model surfaced. In this new model, you write articles because it is fun and because you like it. You don't get paid a single cent.

An economist in the 20th century would think that the second model is insane, but this was how Wikipedia was born.

There are two types of motivation: Intrinsic, and Extrinsic. Incentive is part of Extrinsic motivation. Extrinsic motivation is materialistic and short-term. True success comes from Intrinsic motivation. If you want to succeed, you must be given Autonomy, you must be motivated towards true Mastery, and your goal must be driven by Purpose.
<