Ellie Asks Why Annex

Mild science, tech news, stories, reviews, opinion, maps and humor

31 July 2014

Cassandra Is Sooooooo Correct

Nihon Cassandra is more of a stock market investor than macroeconomics type. In other words, she isn't really into bonds. In her own charming words,
So long as my distribution is skewed-right, and the tail not overly kurtotic, I am sanguine.
Recently, Cassandra excoriated herself for failing to predict our current global macroeconomic malaise, specifically, the odd lack of self-preserving behavior by those who have the most to lose. I think she is being unnecessarily harsh, as she understands far better than many others do, even now.

It was a close call. From September 2007 through 2010, the masters of financialization escaped ruin by the skin of their teeth. Saving the system, at public risk and expense, was useful to asset holders, e.g. the AIG crowd, Goldman Sachs and friends, Stevie Cohen, Walmart family scions, Icahn, Einhorn, Pritzkers, Koch brothers, Larry Ellison, Larry and Sergei Google, Mark Z, Jeff Bezos, Bill and Melinda, other much less publicly known owners of nation-sized yet privately owned wealth.

Looking backward at Peak Inequality


Cassandra expected that the excesses leading up to the 2008 financial crisis, e.g. over indulgence in luxury goods, real estate and high-end everything, would be known later as "Peak Inequality". If the authorities were to bail out highly-levered asset-owners (enriching them further in some cases e.g. the notorious AIG bonuses payments), Cassandra expected that the State would promptly devise a way to recapture most of this taxpayer-funded largess.  In return, a modicum of social stability, sustained by an orderly market economy, would be assured.

In the aftermath, the Federal Reserve and fiscal policy makers would realize how fragile consumption was. They would not raise taxes nor cut government spending precipitously. Bad actors would fall from grace. Attitudes would change. All of us would feel chastened, and act accordingly.

In other words, prevent a nationwide populist revolt due to massive betrayal of public interests.

Trade recommendation for the integrity market: Sell calls


Cassandra, and I, expected that the 0.1% of the 0.1% would have been grateful. They were not. They are not now. Integrity is a market for perma-bears. Various practices associated with rapacious greed, including regulatory and legislator capture, have continued unabated. Inequality continues its incessant rise. Economic recovery is scant, yet deficits grow absurdly. Political divisiveness spreads. There is no end in sight to the public loss of confidence in,
  • elected government and
  • due process as a consistently effective means of fairly resolving disputes
Since Cassandra has clearly-stated content re-use rules, I recommend that you navigate over to her blog, and read her post directly. Focus on the final six paragraphs, and don't forget to read the comments.

* I question the usefulness of higher marginal taxes or changes to capital gains taxes. Tax laws have power over the "poorer wealthy". It does little good to raise taxes on small businessmen, physicians and others whose income is between $100,000 and $1,000,000 (net worth between $100,000 and $5,000,000). The real control of capital is concentrated among those with one or more magnitudes of order greater assets than that.

03 June 2014

If he were a spy

I looked for answers on Quora, a question-and-answer website.

Is Jacob Appelbaum a U.S. government employee?


He gets a huge salary from the Tor Project but mostly jets around the world, more lavishly than celebrities and movie stars. His home is chic, minimalist but opulent according to Rolling Stone. He writes for the Wall Street Journal, even has a WSJ pointillist author portrait. He posed with semi-automatic firearms in Iraq in 2008. He parties  ALL the time.

jacob appelbaum poses with Knuth 2008
The question doesn't really seem to follow from the details, Ellie?

Granted. I thought Tor was a US government project. It is a former US government project. I was trying to be discreet, and not ask if he were a spy. That would be indiscreet, so I said "employee" instead.

Jacob has more fans and cart blanche globally than, well, I don't even know who to compare with him. He is like the Larry Ellison or Eric Schmidt of crypto fandom, but without any visible means of support. I don't see his name on the cryptography research server IACR as an author, nor any ACM nor IEEE scholarly journals, not even the Financial Cryptography conference. ioerror is, well, to make an analogy, like the subversive version of Google's Jared Cohen. ioerror is the cool kids' hero, so to speak.

Martin Strohmeier
I saw him speak in front of the cream of the crop of the world's academic security researchers (and me) last fall at CCS in Berlin. I sure got the impression that he resonated there quite well. I don't know that much more about him though. He partied like everyone else, just a tad bit more paranoid.

Ellie Kesselman
He speaks all over the world! If there's a political uprising or controversy, ioerror is boots on the ground, at the scene, but never in the U.S.A. He is like the rock star of crypto, except he isn't affiliated with a company, nor a university, nor the Berkman Center at Harvard or EFF.

He always has lots of trappings of material success, nice clothes, hordes of women etc. Look at this! The Sheik, Emir Appelbaum, Doha fashion victim". That is atypical, for security researchers, isn't it?

Martin Strohmeier
As for academic papers, many of these independent researchers can't be bothered to go through the long publishing processes in academia but prefer to present their work at hacker conferences such as Defcon, Black Hat, C3 etc. Looking through Google Scholar such an example would be "MD5 considered harmful today" presented at 25c3. The authors later published at CRYPTO 2009, a top tier security conference.

Besides those, he got his name on a USENIX Security Workshop paper and a Communications of the ACM article (Lest we remember), solid outlets.

Ellie Kesselman
Matthew Green, Mikko Hypponen and IBM'er Craig Gentry, who figured out homomorphic encryption, presented at CRYPTO 2013 rump session (maybe 2011?), aren't feted like ioerror.

Martin Strohmeier
Hypponen had a talk at that same CCS last fall, he's quite prolific, too. There are bigger security superstars still, Bruce Schneier comes to mind. It's never totally clear to me what makes someone an Internet superstar in any field, to be honest. Especially those Social Media gurus.

One thing I know though: Appelbaum is an extremely good orator (haven't really followed his Internet activity but if he's everywhere that's surely explaining his popularity). Speaking engagements are something that brings in quite some money for many people. At the very least you're being paid the travel cost to quite often pretty amazing destinations.

Ellie Kesselman
Hello from Qatar! Horse back riding in Giza. Dr. Evil's glass walled data center in Sweden? Maybe you're right. He's the apple of Knuth's eye.

Martin Strohmeier
Ha ha. Good find. That reminds me that Knuth is back here next week. Should put that in my calendar.

Got it!

jacob wearing tshirt with seal and a girl next to him

He works for the NSA or wore NSA t-shirts.
vingette photo of jacob
Look at that seal!

Martin Strohmeier

That's the EFF's more accurate version on his shirt: :)


EFF parody seal including AT&T

I assembled a triptych of Jacob subjugating, imperialist style ;o) a brave young woman with his rear end. It is having a chilling effect on all who behold it on Twitter, much more so than would any mere organ of the state like the NSA. I probably should delete it, but I want to share with someone.

Shield your eyes!


23 May 2014

Message of the market

Joe Saluzzi tried to get the word out. He really did make a good faith effort. This was one of his numerous appearances on Bloomberg, Fox Business News, CBS etc. The mainstream news media did not ignore him. He was interviewed for about 10 minutes in each station's Manhattan studio. Each appearance was broadcast live. Receiving that much air time is unusual.



Joe Saluzzi comments on problems with the stock market

The temporal backdrop for this interview was particularly good. I enjoyed watching the market tickers running across the screen. They were triple stacked, and occupied a lot of screen real-estate! The results of a New York State election were reported around the 5 minute mark. I am no longer familiar enough with the NY-NJ-CT area to gauge the significance, but phrases like, "concedes the election" are portentous.

I've followed Sal Arnuk, @ThemisSal on Twitter, since 2012. He is Joe Saluzzi's business partner at Themis Trading. That isn't how I found this video. Rather, I was reading an Amazon book review, about one of Ernest Chen's algorithmic trading books. That led me to R. Ryley's Message of the Markets blog.

The following excerpt is from an anonymous comment on Ryley's blog post, faithfully reproduced here under Creative Commons License by-NC-ND and replete with all-cap's
YES. THIS IS THE MOST IMPORTANT NEWS CLIP IN THE PAST SIX MONTHS. THE THEFT OF GOLDMAN SACHS' MICROSECOND TRADING CODE HAS FURTHER REINFORCED THIS MAN'S COMMENTS... [Such] CODE* CAN BE USED TO UNFAIRLY MANIPULATE THE MARKET IN A WAY THAT GIVES AN UNFAIR ADVANTAGE TO WHOMEVER POSSESSES IT... THEN FACTOR IN THAT 49% OF MARKET ACTIVITY IS PROGRAM [trading], WE KNOW THAT THE IMPACT...IS MATERIAL. IN OTHER WORDS, MANY MARKET PARTICIPANTS, INCLUDING RETAILERS, ARE BEING CHEATED.

In retrospect, it doesn't seems so strange, e.g. US Taxpayers Pay For SEC to Arrange Early Release of Data to High Speed Trading Firms.

* I am not certain, but believe that Anonymous refers to the circumstances that led to former Goldman Sachs programmer Sergey Aleynikov's conviction in 2011.

13 May 2014

The Cleveland Fed Drawing Board goes silent

I find Cleveland to be the most friendly* of the 12 Federal Reserve districts. They do a lot of community outreach work, and have a good research department.

The Federal Reserve Bank of Cleveland is the headquarters of the U.S. Federal Reserve System's Fourth District. The district is composed of Ohio, western Pennsylvania, eastern Kentucky, and the northern panhandle of West Virginia.

Fed Reserve building in Cleveland, Ohio
Main office in downtown Cleveland since 1923

The Cleveland Fed building was designed by architects Walker & Weeks. The building is considered an historically significant piece of architecture. I like how it looks too. Apparently, few know much about the art and architecture of the building, not even in Cleveland!

24 November 2013

Bitcoin in the limelight: Questions for buyers and investors

DDoS attacks manipulate vulnerable markets

The vulnerable market was the Mt. Gox Bitcoin exchange. In April 2013, Mt. Gox was overwhelmed by DDoS. The point, the company speculated, was to destabilize Bitcoin and fuel panic-selling. After driving market prices down, the attackers can then rush in and buy Bitcoin at the lower price. Obviously, this isn't fair.

Life isn't fair but Bitcoin must be

Life may not be fair in general, but securities and currency markets require fairness and avoidance of market manipulation in order to function. Without it, they will die. Trust is essential. Apparently, Mt. Gox was robust enough to withstand this volatility. The attackers were fortunate. In their pursuit of unfair profits, they are taking a selfishly short-term view. DDoS attacks could destabilize Mt. Gox, or any other entity that serves a similar purpose. If that happens often enough, or in sufficient size, it will undermine credibility in Bitcoin.

Mt. Gox wasn't uniquely vulnerable. In the past few months, there were other DDoS related Bitcoin extortion incidents. BTC-China was brought down in September 2013, and BIPS, a European payment provider, experienced a DDoS attack two days ago, on 26 November 2013.

Regulation and volatility

Using DDoS for extortion is possible due to Bitcoin's lack of fraud control measures, which would usually be imposed by regulatory requirements. Of course, market manipulation and extortion are possible even when there are regulations! (I suspect that if one wanted to, one could DDoS forex exchanges.) Regulation and law enforcement is partly responsible for discouraging such behavior. Market participants' own self-restraint and willingness to obey the rules is equally important.

Bitcoin's current price volatility is very high. That is unsurprising for a new financial product. Volatility isn't inherently bad, but it should be caused by normal market activity, not manipulation due to DDoS-facilitated extortion. Bitcoin price volatility will need to diminish to no more than 25% in order for it to function as a viable currency.

Structural boundaries

If I were to trade or invest using Bitcoin, my first question would be, "What are the boundary values?"
  • The number of Bitcoins is fixed at 21 million.
  • Are there are price levels that have any contextual meaning, i.e. are associated with limits? For example, stock prices are always greater than or equal to zero. For fixed income markets, negative interest rates should not be possible. Is there a scenario where Bitcoin could ever have a negative value?
  • Are there are vagaries of the block chain that would cause short term price or volume discontinuity?
  • What about market dominance due to collusion? That can happen in many markets, especially commodity markets. There are scholarly articles that establish a floor beyond which Bitcoin can no longer function, specifically, if there is collusion of selfish miners such by a Bitcoin mining pool.

Ebullience

The financial press and even well-known information security personalities seem to be caught up in the thrill of Bitcoin. The odd aspect is that some don't seem to distinguish between good news and bad, as with Mt. Gox.

The excitement is infectious. Perhaps it is a means of escape from interminable and usually dreary economic news, as well as the powerlessness most of us feel about monetary policy and government in general.

27 October 2013

Paleo specie

This is BB Billosaur, a ceramic piggy bank for paper currency. He is made by Le Mouton Noir & Co. Le Mouton Noir is located in New York City. I am not surprised (I miss it there).

The store owners describe their motivation:
For many years we have followed the heard like a flock of sheep. Working hard, learning and growing, we have never let go of our dream. The black sheep finally wakes up and steps forward to have some fun.

Meet bb billosaur a ceramic piggy bank
Billo-saurus!

BB Billo seems difficult to resist: A paper currency-only porcelain piggy with holes down his back emulating a Stegosaurus-like Mohawk, made by black sheep!

25 October 2013

Account hijackers

If a message originates from a familiar name or email address, its likelihood of making it through spam filters is greater.

Google described their efforts to minimize harm to users due to email account hijacking:
"Our security team...saw a trend of spammers hijacking legitimate accounts to send their messages. [We developed] a system that uses 120+ signals to...detect whether a log-in is legitimate, beyond just a password."
Less than 1% of spam emails make it into a Gmail inbox.

chart Google Gmail accounts compromised since 2010 decreased to nearly zero
Legitimate Gmail accounts blocked for sending spam versus time

The number of compromised accounts decreased by 99.7% since 2011. That's impressive, for a sustained reduction! How does Google avoid false positives? I am so curious about the specific details of their filtering rules!

The blog post was written in March 2013. It is remarkable that the same methods continue to be effective, as Gmail spam-attackers would perceive this as a new challenge to be overcome.

120 Signals


I suspect that Google's methods are analogous to those used by the U.S. Department of Health & Human Services' Centers for Medicare & Medicaid Services (CMS) in detecting medically unlikely edits (MUEs). MUEs can be accidental, due to claim coding or data entry errors. MUEs can also be deliberate, when there is fraudulent intent, e.g. by filing for more services, or for more expensive services. Regardless of intent, MUE identification reduces paid claims error rates.

How will the Affordable Care Act impact existing processes for detecting MUEs, and for setting benchmarks? CMS does not disclose its MUE criteria for the same reasons that Google will not reveal details about their 120 signals.

Continuous improvement is a part of life, for email-spam account hijackers, Google and the fraud detection team at the Centers for Medicare and Medicaid Services.

I wrote a post about health care, with a much more Ellie-centric theme, a few years ago. That was when I worked as statistician for ACCCHS, Arizona's state-administered Medicaid/Medicare program, monitoring program performance and quality of care.

11 March 2013

Compressed data for prayer, anagrams and digital rights management

I found an oddly contemporary-looking New York Times article that is in fact, quite vintage for the Internet. It begins with a review of a most peculiar e-commerce company:
doing business with Newprayer.com may require a leap of faith.
- Compressed Data: Beaming Prayers to God's Last Known Residence
via The New York Times Online, 31 August 1999.

Example of ecommerce in 1999
Last known location of the divine is
easier to find than this website
Image provided courtesy of archive.is
The Internet Fraud Watch for the National Consumers League was deluged with complaints about fraud on the Net, having received 7,700 last year and 6,000 through the first six months of 1999.
If they only knew what was to follow, in less than ten short years.

Digital rights management


The next article was about a new "pact" between Adobe and Xerox, to address the needs of companies
...seeking a way to prevent the rampant piracy that has plagued the digital music industry from overtaking digital publishing. The technology, called Content Guard, is to be announced at the Seybold 21st Century Publishing Conference in San Francisco.
When was the last Seybold 21st Century Publishing Conference, I wonder? Not for awhile. The proposed approach seems so straightforward! It would be
integrated... with Adobe's existing PDF format for distributing documents on line... publishers that have agreed to adopt the technology, include Thomson Learning, the National Music Publishers Association, and Haymarket Publications, a European business publisher.

Java


Content Guard was expected to be superior as a form of digital rights management software, as it was
based on an industry standard: Java, an Internet programming language developed by Sun Microsystems.
I just received my n-th zero day patch for Java last week. Yet Java lived up to this part of its promise, and still does:
The flexibility of Java would allow users to read Xerox protected documents [and non-Xerox protected documents too] on various types of software operating systems using any of the standard Web browser programs.
I don't think Adobe had fully enabled the following functionality in PDF's viewed with Adobe Reader until much later; I have rarely seen it used, even though it is available:
Publishers, corporations or individuals could specify who had access to the document, set a time frame for protection and even designate the type of authentication (like a password or a fingerprint) needed to read the document.
Adobe introduced these features in 2009, with the exception of fingerprint authentication for most of us, for digital signatory and general purpose security rather than digital rights management purposes.

Anagrams for free


I'll end on a more positive note, rather than gloomy nostalgia. The wonders of natural language processing were just emerging into the larger population.
The letters that form the name Boeing can be rearranged to spell "big one." Time Warner can be converted to "mean writer." And the title of Rupert Murdoch's sexy London tabloid The News of the World is an anagram for "tender, hot flesh -- wow." These are just a few of the possibilities in business anagrams, a game being played by office workers throughout the English-speaking world.
The language in the following paragraph caught my attention for several reasons. First, the exact and accurate wording, to "contact the server", would be uncommon now in a daily newspaper.
To play, contact the Internet Anagram Server at www.wordsmith.org/anagram, which provides immediate answers, or another site called Anagram Genius Server at www.anagramgenius.com/server.html, which gives a more considered response and replies by e-mail after a few minutes or hours, depending on traffic volume.
Then there's the reminder of the absence of web apps, as the requested anagram is sent by e-mail, in minutes. Or hours.
At no charge, these sites will attempt to create anagrams from any word or phrase, not just company names. But somehow there's a special mischievous thrill...
Emphasis mine. If you want to find out what that thrill is, read the New York Times article, linked above. I only hope that the New York Times will remain extant, rather than joining so many worthwhile news and information services, preserved for us only through Internet archives.

I'm sorry. I tried. Gloom won.

25 December 2012

Summer days and nights of 2009

This video was recently featured on the HPC Wire YouTube channel. It is an animation of the summer weather of 2009, as only super computers can do! HPC refers to "High Performance Computing". Cray was one of several contributors to the project. I still think of Cray as THE super computer developer, though those days are probably past.


What's so special here?


A recent HPC Wire article about climate change explained why simulation at such a fine resolution (7-kilometer) was so difficult, because it required:
a special allocation of computing time on the Athena supercomputer at the National Institute for Computational Sciences (NICS)... For six months, the entire 18,048-core system was at the disposal of the team. Among the results ... were simulations that represented boreal summer climatology at 7-kilometer resolution
Notice shifting cloud cover and precipitation in shades of gray scale during the summer months of 2009. The quality is exceptional.

I appreciated that the production group chose NOT to use any music, nor narrative, during this 1 minute, 38 second animation. I wish that were more common, especially for brief, well-annotated videos like this!

Climate change perception v. evidence-based reality


I read a rather comprehensive technical paper that should be enough to convince anyone that something has changed, for the worst, in the Earth's climate: Distributions and Trends of Death and Destruction from Hurricanes, 1900–2008, Willoughby, H. (Jan 2012); Nat. Hazards Rev., 13(1), 57–64. This led to some thoughts that I wrote up, regarding climate change and New York City's physical infrastructure, in light of the recent storm, Sandy.

Finally, I find it difficult to ignore the odd perception gap between climate change denialists and the growing body of climate change evidence. I found an analysis of that discrepancy and its possible cause from an unexpected source: An article in Nature, "Why we are poles apart on climate change" by a Professor of Law, at Yale University School of Law. He wrote something a few months prior to this, a bona fide scholarly journal article, which had some distressing conclusions which I think are correct, though I don't exactly understand the cause, see The polarizing impact of science literacy and numeracy on perceived climate change risks Kahan et. al. (Apr 2012); Nature Climate Change 2, 732–735:
Members of the public with the highest degrees of science literacy and technical reasoning capacity were not the most concerned about climate change. Rather, they were the ones among whom cultural polarization was greatest.

HTML5 video


If possible, try to view this in full screen mode for optimal effect. The video supports up to 720p.

I suggest trying the YouTube HTML5 player. It is in beta, but works well, and has been available for nearly a year. Most videos seem better when viewed with HTML5 instead of Adobe Flash, whether YouTube or Vimeo. There is less of the dreaded "Flash Crash", although they can get laggy. I always enjoy the comparison!