Ellie Asks Why Annex

Mild science, tech news, stories, reviews, opinion, maps and humor

03 June 2014

If he were a spy

Is Jacob Applebaum a U.S. government employee?

He gets a huge salary from Tor and jets around the world more lavishly than celebrities and movie stars. His home is chic, minimalist but opulent per Rolling Stone. He writes for the Wall Street Journal, see WSJ pointillist author portrait. He posed with semi-automatic firearms in Iraq in 2008. He parties ALL the time and
jacob applebaum poses with Knuth 2008
...he is the apple of Donald Knuth's eye.
The question doesn't really seem to follow from the details, Ellie?

Granted. I thought Tor was a US government project. It is a former US government project. I was trying to be discreet, and not ask if he were a spy. That would be indiscreet, so I said "employee" instead.

He has more fans and cart blanche globally than, well, I don't even know who to compare with him. He is like the Larry Ellison or Eric Schmidt of crypto fandom, but without any visible means of support. I don't see his name on the cryptography research server IACR as an author, nor any ACM nor IEEE scholarly journals, not even the Financial Cryptography conference. ioerror is, well, to make an analogy, like the subversive version of Google's Jared Cohen. ioerror is the cool kids' hero, so to speak.

Martin Strohmeier
I saw him speak in front of the cream of the crop of the world's academic security researchers (and me) last fall at CCS in Berlin. I sure got the impression that he resonated there quite well. I don't know that much more about him though. He partied like everyone else, just a tad bit more paranoid.

Ellie Kesselman

He speaks all over the world! If there's a political uprising or controversy, ioerror is boots on the ground, at the scene, but not in the U.S.A. He is like the rock star of crypto, except he isn't affiliated with a company, nor a university, nor anyone like the Berkman Center at Harvard or Wikileaks or EFF. But he always has lots of trappings of material success, nice clothes, hordes of women etc. That is atypical, for security researchers, no?

23 May 2014

Message of the market

Joe Saluzzi tried to get the word out. He really did make a good faith effort. This was one of his numerous appearances on Bloomberg, Fox Business News, CBS etc. The mainstream news media did not ignore him. He was interviewed for about 10 minutes in each station's Manhattan studio. Each appearance was broadcast live. Receiving that much air time is unusual.

The temporal backdrop for this interview was particularly good. I enjoyed watching the market tickers running across the screen. They were triple stacked, and occupied a lot of screen real-estate! The results of a New York State election were reported around the 5 minute mark. I am no longer familiar enough with the NY-NJ-CT area to gauge the significance, but phrases like, "concedes the election" are portentous.


Joe Saluzzi of Themis Trading comments on problems with the market, 30 June 2009

I've followed Sal Arnuk, @ThemisSal on Twitter, since 2012. He is Joe Saluzzi's business partner at Themis Trading. That isn't how I found this video. Rather, I was reading an Amazon book review, about one of Ernest Chen's algorithmic trading books. That led me to R. Ryley's Message of the Markets blog.

The following excerpt is from an anonymous comment on Ryley's blog post, faithfully reproduced here under Creative Commons License by-NC-ND and replete with all-cap's
Anonymous 
YES. THIS IS THE MOST IMPORTANT NEWS CLIP IN THE PAST SIX MONTHS. THE THEFT OF GOLDMAN SACHS' MICROSECOND TRADING CODE HAS FURTHER REINFORCED THIS MAN'S COMMENTS... [Such] CODE CAN BE USED TO UNFAIRLY MANIPULATE THE MARKET IN A WAY THAT GIVES AN UNFAIR ADVANTAGE TO WHOMEVER POSSESSES IT... THEN FACTOR IN THAT 49% OF MARKET ACTIVITY IS PROGRAM [trading], WE KNOW THAT THE IMPACT...IS MATERIAL. IN OTHER WORDS, MANY MARKET PARTICIPANTS, INCLUDING RETAILERS, ARE BEING CHEATED.

In retrospect, it doesn't seems so strange.

I am not certain, but believe that Anonymous refers to the circumstances that led to former Goldman Sachs programmer Sergey Aleynikov's conviction in 2011.

13 May 2014

The Cleveland Fed Drawing Board goes silent

I find Cleveland to be the most friendly* of the 12 Federal Reserve districts. They do a lot of community outreach work, and have a good research department.

The Federal Reserve Bank of Cleveland is the headquarters of the U.S. Federal Reserve System's Fourth District. The district is composed of Ohio, western Pennsylvania, eastern Kentucky, and the northern panhandle of West Virginia.

Fed Reserve building in Cleveland, Ohio
Main office in downtown Cleveland since 1923

The Cleveland Fed building was designed by architects Walker & Weeks. The building is considered an historically significant piece of architecture. I like how it looks too. Apparently, few know much about the art and architecture of the building, not even in Cleveland!

24 November 2013

Bitcoin in the limelight: Questions for buyers and investors

DDoS attacks manipulate vulnerable markets

The vulnerable market was the Mt. Gox Bitcoin exchange. In April 2013, Mt. Gox was overwhelmed by DDoS. The point, the company speculated, was to destabilize Bitcoin and fuel panic-selling. After driving market prices down, the attackers can then rush in and buy Bitcoin at the lower price. Obviously, this isn't fair.

Life isn't fair but Bitcoin must be

Life may not be fair in general, but securities and currency markets require fairness and avoidance of market manipulation in order to function. Without it, they will die. Trust is essential. Apparently, Mt. Gox was robust enough to withstand this volatility. The attackers were fortunate. In their pursuit of unfair profits, they are taking a selfishly short-term view. DDoS attacks could destabilize Mt. Gox, or any other entity that serves a similar purpose. If that happens often enough, or in sufficient size, it will undermine credibility in Bitcoin.

Mt. Gox wasn't uniquely vulnerable. In the past few months, there were other DDoS related Bitcoin extortion incidents. BTC-China was brought down in September 2013, and BIPS, a European payment provider, experienced a DDoS attack two days ago, on 26 November 2013.

Regulation and volatility

Using DDoS for extortion is possible due to Bitcoin's lack of fraud control measures, which would usually be imposed by regulatory requirements. Of course, market manipulation and extortion are possible even when there are regulations! (I suspect that if one wanted to, one could DDoS forex exchanges.) Regulation and law enforcement is partly responsible for discouraging such behavior. Market participants' own self-restraint and willingness to obey the rules is equally important.

Bitcoin's current price volatility is very high. That is unsurprising for a new financial product. Volatility isn't inherently bad, but it should be caused by normal market activity, not manipulation due to DDoS-facilitated extortion. Bitcoin price volatility will need to diminish to no more than 25% in order for it to function as a viable currency.

Structural boundaries

If I were to trade or invest using Bitcoin, my first question would be, "What are the boundary values?"
  • The number of Bitcoins is fixed at 21 million.
  • Are there are price levels that have any contextual meaning, i.e. are associated with limits? For example, stock prices are always greater than or equal to zero. For fixed income markets, negative interest rates should not be possible. Is there a scenario where Bitcoin could ever have a negative value?
  • Are there are vagaries of the block chain that would cause short term price or volume discontinuity?
  • What about market dominance due to collusion? That can happen in many markets, especially commodity markets. There are scholarly articles that establish a floor beyond which Bitcoin can no longer function, specifically, if there is collusion of selfish miners such by a Bitcoin mining pool.

Ebullience

The financial press and even well-known information security personalities seem to be caught up in the thrill of Bitcoin. The odd aspect is that some don't seem to distinguish between good news and bad, as with Mt. Gox.

The excitement is infectious. Perhaps it is a means of escape from interminable and usually dreary economic news, as well as the powerlessness most of us feel about monetary policy and government in general.

25 October 2013

Account hijackers

If a message originates from a familiar name or email address, its likelihood of making it through spam filters is greater.

Google described their efforts to minimize harm to users due to email account hijacking:
"Our security team...saw a trend of spammers hijacking legitimate accounts to send their messages. [We developed] a system that uses 120+ signals to...detect whether a log-in is legitimate, beyond just a password."
Less than 1% of spam emails make it into a Gmail inbox.

chart Google Gmail accounts compromised since 2010 decreased to nearly zero
Legitimate Gmail accounts blocked for sending spam versus time

The number of compromised accounts decreased by 99.7% since 2011. That's impressive, for a sustained reduction! How does Google avoid false positives? I am so curious about the specific details of their filtering rules!

The blog post was written in March 2013. It is remarkable that the same methods continue to be effective, as Gmail spam-attackers would perceive this as a new challenge to be overcome.

120 Signals


I suspect that Google's methods are analogous to those used by the U.S. Department of Health & Human Services' Centers for Medicare & Medicaid Services (CMS) in detecting medically unlikely edits (MUEs). MUEs can be accidental, due to claim coding or data entry errors. MUEs can also be deliberate, when there is fraudulent intent, e.g. by filing for more services, or for more expensive services. Regardless of intent, MUE identification reduces paid claims error rates.

How will the Affordable Care Act impact existing processes for detecting MUEs, and for setting benchmarks? CMS does not disclose its MUE criteria for the same reasons that Google will not reveal details about their 120 signals.

Continuous improvement is a part of life, for email-spam account hijackers, Google and the fraud detection team at the Centers for Medicare and Medicaid Services.

I wrote a post about health care, with a much more Ellie-centric theme, a few years ago. That was when I worked as statistician for ACCCHS, Arizona's state-administered Medicaid/Medicare program, monitoring program performance and quality of care.

11 March 2013

Compressed data for prayer, anagrams and digital rights management

I found an oddly contemporary-looking New York Times article that is in fact, quite vintage for the Internet. It begins with a review of a most peculiar e-commerce company:
doing business with Newprayer.com may require a leap of faith.
- Compressed Data: Beaming Prayers to God's Last Known Residence
via The New York Times Online, 31 August 1999.

Example of ecommerce in 1999
Last known location of the divine is
easier to find than this website
Image provided courtesy of archive.is
The Internet Fraud Watch for the National Consumers League was deluged with complaints about fraud on the Net, having received 7,700 last year and 6,000 through the first six months of 1999.
If they only knew what was to follow, in less than ten short years.

Digital rights management


The next article was about a new "pact" between Adobe and Xerox, to address the needs of companies
...seeking a way to prevent the rampant piracy that has plagued the digital music industry from overtaking digital publishing. The technology, called Content Guard, is to be announced at the Seybold 21st Century Publishing Conference in San Francisco.
When was the last Seybold 21st Century Publishing Conference, I wonder? Not for awhile. The proposed approach seems so straightforward! It would be
integrated... with Adobe's existing PDF format for distributing documents on line... publishers that have agreed to adopt the technology, include Thomson Learning, the National Music Publishers Association, and Haymarket Publications, a European business publisher.

Java


Content Guard was expected to be superior as a form of digital rights management software, as it was
based on an industry standard: Java, an Internet programming language developed by Sun Microsystems.
I just received my n-th zero day patch for Java last week. Yet Java lived up to this part of its promise, and still does:
The flexibility of Java would allow users to read Xerox protected documents [and non-Xerox protected documents too] on various types of software operating systems using any of the standard Web browser programs.
I don't think Adobe had fully enabled the following functionality in PDF's viewed with Adobe Reader until much later; I have rarely seen it used, even though it is available:
Publishers, corporations or individuals could specify who had access to the document, set a time frame for protection and even designate the type of authentication (like a password or a fingerprint) needed to read the document.
Adobe introduced these features in 2009, with the exception of fingerprint authentication for most of us, for digital signatory and general purpose security rather than digital rights management purposes.

Anagrams for free


I'll end on a more positive note, rather than gloomy nostalgia. The wonders of natural language processing were just emerging into the larger population.
The letters that form the name Boeing can be rearranged to spell "big one." Time Warner can be converted to "mean writer." And the title of Rupert Murdoch's sexy London tabloid The News of the World is an anagram for "tender, hot flesh -- wow." These are just a few of the possibilities in business anagrams, a game being played by office workers throughout the English-speaking world.
The language in the following paragraph caught my attention for several reasons. First, the exact and accurate wording, to "contact the server", would be uncommon now in a daily newspaper.
To play, contact the Internet Anagram Server at www.wordsmith.org/anagram, which provides immediate answers, or another site called Anagram Genius Server at www.anagramgenius.com/server.html, which gives a more considered response and replies by e-mail after a few minutes or hours, depending on traffic volume.
Then there's the reminder of the absence of web apps, as the requested anagram is sent by e-mail, in minutes. Or hours.
At no charge, these sites will attempt to create anagrams from any word or phrase, not just company names. But somehow there's a special mischievous thrill...
Emphasis mine. If you want to find out what that thrill is, read the New York Times article, linked above. I only hope that the New York Times will remain extant, rather than joining so many worthwhile news and information services, preserved for us only through Internet archives.

I'm sorry. I tried. Gloom won.

25 December 2012

Summer days and nights of 2009

This video was recently featured on the HPC Wire YouTube channel. It is an animation of the summer weather of 2009, as only super computers can do! HPC refers to "High Performance Computing". Cray was one of several contributors to the project. I still think of Cray as THE super computer developer, though those days are probably past.


What's so special here?


A recent HPC Wire article about climate change explained why simulation at such a fine resolution (7-kilometer) was so difficult, because it required:
a special allocation of computing time on the Athena supercomputer at the National Institute for Computational Sciences (NICS)... For six months, the entire 18,048-core system was at the disposal of the team. Among the results ... were simulations that represented boreal summer climatology at 7-kilometer resolution
Notice shifting cloud cover and precipitation in shades of gray scale during the summer months of 2009. The quality is exceptional.

I appreciated that the production group chose NOT to use any music, nor narrative, during this 1 minute, 38 second animation. I wish that were more common, especially for brief, well-annotated videos like this!

Climate change perception v. evidence-based reality


I read a rather comprehensive technical paper that should be enough to convince anyone that something has changed, for the worst, in the Earth's climate: Distributions and Trends of Death and Destruction from Hurricanes, 1900–2008, Willoughby, H. (Jan 2012); Nat. Hazards Rev., 13(1), 57–64. This led to some thoughts that I wrote up, regarding climate change and New York City's physical infrastructure, in light of the recent storm, Sandy.

Finally, I find it difficult to ignore the odd perception gap between climate change denialists and the growing body of climate change evidence. I found an analysis of that discrepancy and its possible cause from an unexpected source: An article in Nature, "Why we are poles apart on climate change" by a Professor of Law, at Yale University School of Law. He wrote something a few months prior to this, a bona fide scholarly journal article, which had some distressing conclusions which I think are correct, though I don't exactly understand the cause, see The polarizing impact of science literacy and numeracy on perceived climate change risks Kahan et. al. (Apr 2012); Nature Climate Change 2, 732–735:
Members of the public with the highest degrees of science literacy and technical reasoning capacity were not the most concerned about climate change. Rather, they were the ones among whom cultural polarization was greatest.

HTML5 video


If possible, try to view this in full screen mode for optimal effect. The video supports up to 720p.

I suggest trying the YouTube HTML5 player. It is in beta, but works well, and has been available for nearly a year. Most videos seem better when viewed with HTML5 instead of Adobe Flash, whether YouTube or Vimeo. There is less of the dreaded "Flash Crash", although they can get laggy. I always enjoy the comparison!

03 December 2012

MintChip denouement

The Royal Canadian Mint is the official mint of the Canadian government. In March 2012, the Royal Mint announced that it would discontinue all future production of penny coins. A week later, the Toronto Star ran a news story, in which the Royal Mint introduced the first national digital currency in North America, the MintChip.

A Royal Canadian Mint spokesman provided the following description:
MintChip doesn’t plan to link to a person’s bank account or credit card information. And unlike BitCoin, a peer-to-peer hosted digital currency with a fluctuating value, MintChip is simply a new way to exchange Canadian dollars. Plus, it’s backed by the Canadian government. 
The MintChip doesn't satisfy criteria for what I would consider a bona fide currency. Rather, it seems more like a type of electronic payment network for the Canadian Dollar.

Golden prize


A rather intriguing contest, MintChip Challenge was announced in the same Toronto Star article. MintChip Challenge was an app developer contest sponsored by the Royal Canadian Mint, with top prizes to include the equivalent of CAD 50,000 of gold bars and coins, in gold bullion, i.e. 99.99% gold.

The top comment on the Toronto Star article offered this suggestion:
Did you know that one of the leading proposals for how to use MintChip is for purchasing bitcoin? Because of the irreversibility of MintChip transactions, this would solve a lot of issues. See paragraph 6 of MintChip Misses the Point of Digital Currency via Forbes.
MintChip Challenge generated much excitement. The 500 entry spots were filled in merely four days! Prize winners were to be announced on 25 October 2012.

What's up with MintChip? 


The official website hasn't provided much information. I was curious. Erstwhile gAt0mAl0 was curious too:
So what happened with MintChip – Canada’s digital currency? It has disappeared into the Bermuda Triangle of digital currency holes – a news blackout. 
The denouement of MintChip Challenge was distinctly anticlimactic. gAt0mAl0 explains more about the Canadian MintChip, and Bitcoins too. Alternatively, you may prefer to explore gAt0's rather impressive Bitcoin Mind map chart, featured in his prior post, Bitcoin and Forex Trading which I enjoyed much more than the entire MintChip mess, from start to muted finish.

04 August 2012

Craft work

This ornate butterfly is an anti-maccassar. It is one of many in a set of Lepidoptera-themed craft work. Clicking on the image will take you to the rest. It is not my work. I can knit. Poorly.
Crochet decoration
Crocheted butterfly
Although the image description says "crochet", I think this resembles embroidery or needlework, as it is so finely detailed. It is beautiful, especially those curled antennae.

Anti-maccassars are those little covers on the arms rests and backs of chairs. They aren't doilies. I tried to find a less arcane sounding word, to no avail. Alternative word suggestions are welcomed as comments!