A writeup and sample code for Crassword, the authentication system described in my talk at Showmecon 2019, are available.
Slides from Showmecon 2019 (“Redesigning Password Authentication for the Modern Web: The Best Bad Idea You’ll Hear About All Week”) are up on Slideshare.
Thanks to everyone who attended by talk at Showmecon 2018 (“The Sky Isn’t Falling, But the Earth May Be Shifting: How GDPR Could Change the Face of Infosec”). Slides and Irongeek‘s recording of the talk appear below.
- The GDPR can apply to US companies (and other companies outside the European Union) if:
- The US company markets products or services to EU customers,
- The US company monitors what EU residents do while those residents are inside the EU, or
- The US company does business with another company subject to GDPR.
- The regulation’s restrictions on the collection and use of personal data are top-down, and flow from the initial lawful justification of that collection and use. Your justification for a particular type of processing has a significant impact on your compliance burden with respect to that type of processing.
- One of the most important aspects of the lawfulness aspect of the regulation is its definition of consent. Specifically, consent must be affirmative (not passive), and consent must not be a condition for the provision of a service (even a free one).
- The regulation also contains very broad provisions requiring data processing systems to be adequately secured. In stark contrast to, for example, the PCI Data Security Standard, GDPR gives very little specific guidance on what a company’s security program must cover or what controls must be used. Instead, controls must merely be adequate, appropriate and proportionate.
- Among the most important topics to monitor in the news are the outcome of the NOYB.eu litigation, enforcement of the regulation’s security requirements, the scope of a controller’s legitimate interests, and the enforcement of the regulation against companies outside the European Union (especially those without customers in the EU).
This space will eventually hold regular posts about backgammon, programming, infosec and anything else I feel like writing about. Most of the backgammon stuff will come from my own play in tournaments and chouettes at the St. Louis Backgammon Club, as did this position. I am not qualified to give anyone backgammon advice, but I’m hoping that my attempts to understand my own mistakes will prove useful to some readers. I welcome all feedback via cliff [at] cliffsmith.org, including corrections, additions, mockery, and the like.
At a match score of 5-away/5-away, I was recubed to 4 in this position and passed pretty quickly. As it turns out, my CPW is actually 29.35% here, and passing is a -.098 (-1.35% MWC) blunder.
Using the older Kit Woolsey match equity table, White’s take point is 27.1%. If White takes, ownership of the 4 cube doesn’t seem particularly valuable between the fact that Black’s take point is only 15% and how far White has to go before getting within range of a double. (After Black’s worst roll, 21, White is still only about a 52.9% favorite, so White can never redouble right away.)
This position falls into a bit of a donut hole (for a player of my caliber, anyway) in that it isn’t susceptible to easy extrapolation from N-roll positions, nor is it a good candidate for adjusted pip count methods. Keith Count and Isight both make Black’s position seem stronger than it really is. The Isight CPW estimation method overestimates Black’s chances by nearly 3.7%, and Keith says this position is one pip away from being a pass for money.
At the score, the position actually is one pip away from being a pass. Moving any of White’s checkers back one pip or moving any of Black’s checkers forward one pip makes the cube a drop. On the other hand, for money, passing an initial double to 2 would be a massive .230 error, and that’s the important lesson for me.
A little ad hoc fiddling shows that virtually any four checker versus four checker position where the player on roll is one pip behind is a clear take for money, and also a take on a 4 cube at 5-away/5-away. The trailer’s CPW ranges from about 28% to about 34% in these positions. The leader’s distribution has to be quite a bit better in order for the trailer to actually have a pass AtS.
For example, this cube is a bare drop for money (.003), with White’s CPW at 24.24%:
That’s how ugly your position has to be to have a pass with four checkers on each side and a one-pip lead.
As for the 4 cube at 5-away/5-away, we don’t have to do quite that much damage to White’s distribution to make it a pass. In the position below, White’s CPW is 27.08%, and taking is wrong by just .013, or 0.19% MWC:
Of course, if all checkers are stacked up on the ace points, we have the two-roll position, where the player off roll has just 13.89% (exactly 5/36) – a huge pass for money. We can recreate the one-pip difference from the discussion above by moving one checker to the deuce point for the player on roll, and it changes very little. The leader loses just one working double (11), which boosts the trailer’s CPW by less than half a percent.
This raises another important question: how long does the four-checker versus four-checker race have to be before the trailer has a take?
An important principle is that the “length” of one of these super-short races has less to do with the raw pip count and more to do with distribution. Where both players have no gaps, the trailer will have a clear pass.
This is a pass by .160 for money (trailer has 20.24% CPW):
As an aside, observe how messy it gets when you try to manually calculate your CPW by extrapolation from the pure two-roll position. Black has only three working doubles (66, 55 and 44), and he can fail to bear off in two rolls with (a) 21 followed by any 2 or 1 except 22; (b) 31 followed by any non-double 3 or any 1; (c) 32 followed by any 3, 2 or 1 except 22 or 33; or (d) any two aces in a row. White, on the other hand, has four working doubles, but fails to bear off in two with (a) 21 followed by any 2 or 1 except 22; (b) 31 followed by any ace; (c) 32 followed by 21; or (d) any two aces in a row. Good luck doing all those calculations over the board. (By the way, if you haven’t seen them already, the slides from Mochy’s bearoff seminar from Cyprus 2013, are a must-read.)
This is a .021 pass for money (trailer has 23.96%):
If we stack the white checkers on the ace point, making all six doubles winners, White finally has a take for money (.069 take, 26.14% CPW):
This is actually the first position mentioned in this entire post where White can redouble immediately on a 21.
If we give both sides just a single gap, the cube becomes a massive take. Even this position, where White has two gaps to Black’s one and Black is actually two pips ahead, White still has a take by .090:
White’s CPW here is only 23.68%, which means that it’s a take because if Black fails to bear off in two rolls, White will always be able to redouble to 4 (assuming the position isn’t already gin). Move any of White’s checkers back a pip and it’s a clear pass.
A lot of these positions could make useful reference positions, particularly the last three. Simply laying eyes on lot of these positions should also go a long way towards avoiding big cube errors like the one I made this week.