Friday, February 03, 2017

Constitutional secession without amendment or war 

I've figured out a tricky way to do it - it will surely work for border states; interior states not so clear.  Call the process Territorial Reversion and Release.  Here's how it would work.  Redraw the borders, converting 99% or less of the state to a territory, and leaving a tiny remnant to retain the un-secedable state identity.  The remnant doesn't even have to be contiguous with the other 47, as Alaska and Hawaii have proven already.  Then give the territory its freedom.

There are precedents for each of these steps.  Redrawing state borders happens occasionally without any fanfare, for example when a border is defined by a river and the river changes course.  The majority of the land in California could be redrawn to become Eastern Guam, for example.  One of the military bases could become the capital of the remnant State of California.  China Lake Naval Air Weapons Station, at 4500 square kilometers in size, is larger than Rhode Island.  Camp Pendleton is the California base with the most people, though -- China Lake is mostly bombed-out desert.

Then you give the Territory of Guam its freedom.  Freeing territories happens all the time, equally without fanfare, because those territories are usually parts of the US that we don't have much interest in anyway.  The biggest release that I can think of is the Philippines, which were acquired by the US following the US victory in the Spanish-American War, and released as an independent country in 1946.  Once Greater Guam has been given its independence, it can change its own name to New California, and dispose of the Island of Guam as it wishes.  It could even lease the airbase there back to the US for additional income.

In a similar process, Texas could combine with Puerto Rico or the Virgin Islands.  Fort Hood could become the new capital of Texas, although it might be more sensible to the have Panhandle with Amarillo or the Big Bend and El Paso become New Texas, adjacent to New Mexico.  The hardest part would be Texans' ornery, uncooperative nature, which would make them averse to joining forces with another territory to achieve a common goal.  The New Texas Republic would probably want to keep Puerto Rico as a subject territory itself, just out of spite.

Thursday, December 29, 2016

Predictions - mostly long term 

'Tis the season... Here are a couple:

All pundits are wrong, some are useful.  The great industrial designer Raymond Loewy had a phrase for how it's necessary to moderate your views in order to maintain an audience, yet stay "edgy" and interesting: MAYA - Most Advanced Yet Acceptable.

Pundits like to make short-term predictions, and assert them with vast confidence.  These are long term, and uncertain.  Students of mathematical chaos know that the only thing that is certain is that conditions will diverge from their current state faster and faster.  Even how fast they diverge is uncertain in today's world.

Nevertheless, demographics and economics are destiny.  Unless the GOP changes its approach to Mexico and immigration, hispanic populations will continue to grow faster than anglo groups, and Texas will become purple, then blue, and due to its 36 electoral votes, Donald Trump may be the last Republican president for a long, long time.   One wildcard move might be to switch allocation of electoral votes from winner take all to proportional allocation.

Decarbonization of the energy ecosystem continues. It's been ongoing for a long time, but an improvement path that doubles the cost-effectiveness of renewable power every 8-10 years is incomprehensibly slow for the typical news consumer, until some threshold is passed and suddently everything is different.  We're just about at that tipping point.

Fracking has lowered the cost of natural gas so much that it's half the cost of gasoline and diesel fuel per BTU equivalent, and is displacing them on some long haul routes - on a road trip over the holidays I passed a UPS truck that was running on compressed natural gas.  The low price of natural gas is also driving the extinction of coal-fired electric power plants.  EPA regulations requiring expensive pollutant removal can be fought in Congress and legislatures, but lower prices require fighting petroleum companies - a much tougher opponent.

IEEE Spectrum, a magazine directed at electrical engineers, who should not be easily spun in their area of their expertise (although the article's comments suggest otherwise), reports that "According to the venerable financial advisory firm Lazard Ltd. Thanks to falling costs and rising efficiency, reports Lazard in an analysis released in September, utility-scale installations of solar panels and wind turbines now produce power at a cost that's competitive with natural gas and coal-fired generating stations—even without subsidies."

The University of Texas at Austin Energy Institute released an interactive US map of the Full Levelized Cost of Energy for various technologies, with county by county resolution.  It shows that for a large portions of the US, wind and solar are already cheaper than fossil fuel and nuclear sources.  Don't like their numbers?  You can plug in your own rates and see how the boundaries move.

I grew up with "our friend the atom" and the prediction that in the future, electricity from nuclear power will be "too cheap to meter".  I recently realized that this promise has come true, except that it's for rooftop solar power.  The nuclear furnace has simply moved 90 million miles away.  That's close enough for me.

Thursday, December 01, 2016

Follow the money: Or, Corporate mission motivations for security among the big 5 internet companies 

SF writer & design theorist Bruce Sterling calls them "the stacks": Facebook, Amazon, Google, Apple, and Microsoft. Giant tech companies that are competing to own your digital life.  These are companies for which the phrase "the X way of life" potentially makes sense.  (It's very hard to make a pronouncable acronym out of any permutation of AAFGM.  The best I can do is FAGAM.)

They all have to be secure to a certain degree, and they all do a pretty good job.  But some of them have a corporate mission that gives them comprehensive motivation to weaken the security that they provide in certain ways that they might consider minor, but that you or I might consider important. Here's a simple table that lays out those missions and their implications for security and privacy.

Company: Facebook
Hardware: None
Software: Facebook.com
Revenue source: advertising
Mission: connecting people together as a means to show them ads
Security implication: they will harvest and organize anything they can find out about you, and use that information to present you with targeted ads.  They may sell categories of people to advertisers, but the details that they know about you are their competitive advantage, so they will work to keep that a trade secret. However, trade secret protection efforts don't extend to government requests for information when they're accompanied by warrants, subpoenas, National Security Letters, or similar lawful demands.

Company: Amazon
Hardware: Kindle e-reader, Amazon Fire tablet (phone discontinued), Echo (how do you describe this?), Dash (pushbutton ordering), Amazon TV webTV box (is this still being produced?)
Software: amazon.com
Revenue source: retail "catalog sales", distribution for other retailers, music, video, advertising
Other businesses: Amazon Web Services, the original cloud server platform, bigger than all its competitors combined.
Mission: making it easier to buy more stuff from them
Security implication: they will harvest and organize anything they can find out about you, mainly from your purchasing and search/browsing history, in order to present you with compelling opportunities to buy more stuff. They may sell categories of people to advertisers, but the details that they know about you are their competitive advantage, so they will work to keep that a trade secret. However, trade secret protection efforts don't extend to government requests for information when they're accompanied by warrants, subpoenas, National Security Letters, or similar lawful demands.

Company: Google
Hardware: Android phones, Chromebook/Chromebox web PCs, Google Home (like Echo), Android Wear smartwatch, Nest smart thermostat, Chromecast webTV box
Software: google.com search, maps, YouTube, Gmail, Google Play app store for Android & Chrome, etc.
Revenue source: advertising, limited royalties from Android & download fees from the Play store, royalties from movie and music views/listens
Other businesses: Google Cloud, lots of high-profile research projects that may never pan out
Mission: "organize the world's information" and deliver ads to people who use that organization
Security implication (1): they will harvest and organize anything they can find out about you mainly from your search/browsing and purchase history, in order to providers with more effective ads. They may sell categories of people to advertisers, but the details that they know about you are their competitive advantage, so they will work to keep that a trade secret. However, trade secret protection efforts don't extend to government requests for information when they're accompanied by warrants, subpoenas, National Security Letters, or similar lawful demands.
Security implication (2): Android phones, on the other hand, are not sold to you by Google(*); they're provided by cellular carriers. These carriers don't get any value from the information on the phone - a phone is simply a vehicle to sell cellular service.  If you buy an insecure phone from a cellular phone store, the carrier will still get the same amount of money. Even if the customer becomes unhappy with security issues, the damage goes to the phone brand, not to the carrier brand. Patching security defects is  simply a cost with very little benefit.
Security implication (*): Unless you buy an unlocked phone directly from the phone manufacturer. For phones other than Google Nexus or Google Pixel, the hardware manufacturer can still shift the blame for problems to the OS provider, i.e. Google, so their motivation to fix software security defects is less.
Security Conclusion: if you must get an Android phone, get an unlocked Google phone directly from Google.

Company: Apple
Hardware: iOS phones & tablets, MacOS/OS X notebook & desktop PCs, Apple Watch smartwatch, Apple TV webTV box
Software: iTunes music & video, Beats Audio, iCloud services:mail, calendar, etc.;  Apple app store for iOS & OSX, etc.
Revenue source: sales of devices, royalties from iTunes purchases & app store purchases, Beats subscriptions
Other businesses: none
Mission: produce products with "insanely great" design and quality, via a closed ecosystem in which those products "just work".  This mission has been losing energy in recent years.
Security implication: the only one of the Stacks in which business interests are fully aligned with consumer interests.  The only one which doesn't make any money by selling customer information. Apple has made security an explicit brand differentiator.  Nevertheless, Apple can collect significant amounts of customer information in the course of providing a superlative user experience, from sources like iCloud, Apple Mail and Maps, and Siri.  As with the other stacks, Apple is motivated to keep details about the content and analysis of this information a trade secret.  However, trade secret protection efforts don't extend to government requests for information when they're accompanied by warrants, subpoenas, National Security Letters, or similar lawful demands.

Company: Microsoft
Hardware: Surface hybrid tablet/PC, Surface Studio desktop, XBox gaming system, various peripherals
Software: Microsoft Windows, Microsoft Office, Microsoft Office 365, Windows app store
Revenue source: royalties from preloaded system & other software, enterprise & individual licenses for games, Office and other installable software, enterprise & individual subscription revenue from Office 365 etc., advertising on Bing & other cloud products
Other businesses: Bing search, Azure cloud, enterprise software including Windows Server, SQL Server, Microsoft Dynamics, etc.
Mission: maintain market dominance as the largest "software company"
Security implication (1): They will exploit their near-monopoly position in the OS space to drive user behavior to their other products and services, including advertising. They will harvest and organize anything they can find out about you via Bing, Cortana and other means, and use that information to present you with targeted ads.  They may sell  categories of people to advertisers, but the details that they know about you are their competitive advantage, so they will work to keep that a trade secret. However, trade secret protection efforts don't extend to government requests for information when they're accompanied by warrants, subpoenas, National Security Letters, or similar lawful demands.
Security implication (2): Microsoft's enterprise customer base demands security and has the technical expertise to recognize when they're not getting it, so Windows 10 Enterprise Edition is potentially the most secure OS ever fielded in large scale. (Linux fans will disagree, but they're quite wrong, in more ways than most of them can imagine.) Consumers don't have the expertise to perform detailed security management, and are cost sensitive, so Windows Home Editions are configured less securely, and are missing key security features  such as Bitlocker and TPM support.
Security conclusion: if you must get a Windows PC, get a business PC with a Pro or Enterprise Edition of Windows, and make the effort to turn on the security features and configure them effectively.

Wednesday, September 21, 2016

Russian robot makes break for freedom 

Twice!  Another robot is arrested in a political demonstration..  Or should that be "awareness impaired robot wanders off aimlessly, but is soon rescued" ?

As someone who's had near exposure to age-related dementia and runaway children I suspect the latter.

Monday, August 29, 2016

Which countries would fit inside of Texas? 

Texas is a big state.

Wednesday, August 10, 2016

Insecure boot for Windows 

  1. If you don't own the hardware "secure root of trust" and the encryption keys that it contains, it's not your computer.
  2. Many vendors still don't include a hardware security module (TPM) in consumer PCs.
The Register's headline says most everything else that needs to be said:

Bungling Microsoft singlehandedly proves that golden backdoor keys are a terrible idea

Tuesday, August 09, 2016

more causes of stagnation 

Economists are puzzled why macroeconomic growth seems to have slowed to about half the rate that it was over most of the twentieth century.  They have lots of ideas, but don't seem to be able to grasp the notion that there may be no single cause -- economic growth, and its faster or slower rate, may be a multifactorial phenomenon.

Here's a simple hint for any economists who may read this about how to deal with multifactorial problems.   Consult with statisticians for technical details and more clarity.

When you examine a noisy complex phenomenon, you'll have many possible factors contributing to it.  Each factor is correlated with the phenomenon to a greater or lesser degree, and Each factor is correlated with each of the others.
As a first approximation, assume that each factor contributes linearly to the the phenomenon.  The statistical framework for this is called the "general linear model".  In possibly excessively simple terms, the square of the correlation coefficient between the factor and the phenomenon is the "variance accounted for" by the factor.  When you have enough factors to account for 100% of the variance, you've completed your model of how the phenomenon is composed.

Or you could use factor analysis to discover how the factors are related.

I don't understand why economists aren't doing something like this already.

Statistical preliminaries aside, I have two ideas about why this slowdown occurs  that I haven't seen discussed.

The complexity barrier of economic systems is being reached. Here's how this works: total growth is a battle between forces for growth and forces against growth. Both of these are accelerated by economies of scale and diseconomies of scale.  For normal sectors, the existence of fixed costs and per-unit costs and unit-based revenue lead to growth with economies of scale.  In industries with network effects and technology feedback, such as information technologies, you can have exponential, accelerating growth.  However, in material industries, at some point resource limitations begin to kick in and unit cost increases with scale, even with sustainable resources.  With unsustainable resource needs, costs grow hyper-exponentially as the proportion of resources used grows ever-closer to "all of it".  This is what "peak oil" activists rant about, for example.  Substitution effects and technological advances can offer an escape from these limits, as solar and wind energy replace fossil fuels, and hydraulic fracturing makes new oil resources available.

In evolutionary systems, there is another source of exponential increases in costs.  Evolutionary systems grow in scale and complexity because "there's always room at the top".  Growth in scale is limited by the allometric square-cube ratio, where the costs of maintaining a 3-dimensional body grow as the cube of its size, while the amount of support and resources needed to sustain it grow only as the square of the size.  Systems composed of networks, e.g. brains and ecosystems and economic systems are limited by the exponential "combinatorial explosion" in the size of the state space of the system needed to be searched in order to find an effective functional process, in comparison with the diameter of the network.

The financialization and servicization of the economy is adding less than the dematerialization and globalization of the economy is taking away.  Here's an example.  In a recent interview with Barron's, the CFO and CEO of HP Inc. explained that the company's PC business has infinite return on invested capital.  If this were a conventional economy, that would mean that any additional investment of a few dollars in capital should create enormous profits.  Yet their PC business is barely profitable and is sustained by huge cash flows.  For HP, a large ROIC is the result of not investing, rather than an incentive to invest.

[I need to reboot my PC.  More on this soon]
[original post 2016-08-09]
[update 2016-08-27: added more on complexity]

Sunday, July 17, 2016

Why I'm not upgrading to Windows 10 

I tried...  Actually, I tried three times and succeeded once, I think...

I have two Windows PCs, an HP Envy x360 hybrid notebook/tablet that came with Windows 8.1, and an HP Pavilion that came with Windows 7 and Microsoft Media Center.  Media Center is a TV tuner and DVR.  Since I have a rooftop antenna and live in a large metro area, I get something like 75 broadcast channels.  I've cut the cable/satellite TV cord and never looked back.  The only cable channel I miss is Speed TV and its Formula 1 races.  I have a Roku player which gives me so many free movies that I don't even subscribe to NetFlix or Hulu any more.

The Envy has worked fine with Win8, but it developed severe power management problems after its first Windows 10 upgrade, to the point where it wouldn't even boot.  It was going to take a return to the factory to get it fixed, but I finally tried a Windows 8 factory software restore, which wiped out all my data (I have backups) but magically fixed the problem.  

Six months later, hoping that HP and Microsoft had found and fixed some firmware bugs behind the scenes, I took the upgrade offer once again.  This worked even more smoothly than the first attempt, and seems to have succeeded fairly well.  The system still has problems shutting down when I close the lid, and staying down after I do a manual Sleep.  I'll put it to sleep in the evening, and when I come back in the morning, it's on and running hot.  Sometimes a Shutdown won't complete and I have to do a hard halt by holding the power button down.  These kinds of problems happen every few days.  It's been a month and a half since the upgrade, and the trend seems flat.  As long as the problems don't get worse, I can live with this.
I like the Windows 10 user interface, but I rarely use Tablet Mode, even with the screen folded back.

I don't have any problems with Win7 on the Pavilion, but decided to try the upgrade offer before it expired.  A few steps into the process, the system kindly announced that Windows Media Center is not supported on Windows 10.  Sorry, Cancel. The backout process worked smoothly.  The display for this system is a 55" HDTV, which has its own tuner, but I really need the DVR capability in Windows Media Center.

I guess I'll stay with Win7 for this system until something breaks or a major change in capability arises that needs new hardware.  I used to replace my PC every two generations, but there's nothing revolutionary on the horizon these days.  "The Machine" from HP Labs is pretty revolutionary, but the project has gone quiet recently, and Meg Whitman has replaced Martin Fink as CTO and director of HPE Labs, suggesting that he wasn't meeting his promises for progress on heir number one R&D project.  The potential of memristor is enormous, but trying to get it into a cost-effective commercial product may have been more difficult than it appeared.

Friday, June 24, 2016

Why the bad guys win 

The US NIST has released a draft of SP 800-179, Guide to Securing Apple OS X 10.10 Systems for IT Professionals: A NIST Security Configuration Checklist, It's 65 pages long, with 10 appendices adding another 48 pages.

There's no doubt that these are useful, important configuration parameters that have to be set correctly in order to exclude attackers from their targets.  But how many professional system admins are going to follow these guidelines, and make intelligent, threat-sensitive decisions on which ones to modify, and then reliably apply them to all the OS X systems under their control?  I don't think very many -- a sysadmin's first job is to keep the systems ruining, and most IT managers are under such budget pressure that they barely provide enough resources to accomplish this task.  Operational security such as this kind of configuration management is far too often left as a secondary task, performed to satisfy the justifiable professional pride of the admins.

Security advocates have been pushing the concept of "secure out of the box" for more years than I can remember any more.  Why are these settings not the defaults?  I blame the customer. If security isn't important enough to that security issues lead to more lost sales than the cost of securing the product, the product won't ship in a secure configuration except in the easy aspects.

Wednesday, February 17, 2016

What's the next step to greatness for Hewlett Packard Enterprise? 

Short answer:  spin off HPE Services and the HP security products, then move into IoT for building and manufacturing systems. Recognize the HPE's mission is to provide smart infrastructure for enterprises.  (Not "intelligent infrastructure" for software reasons described below.)

Update, 25 May 2016: HPE announced that it was spinning out its services division, which would merge with CSC.  Phase 1 complete.

Update, 9 March 2016: Trend Micro finally sent out a "Welcome to Trend Micro TippingPoint" email to its new customers.

Before The Hewlett-Packard Company split into HP Inc. and Hewlett Packard Enterprise, pundits were unable to recognize all the different things that the company did: they called it a "PC and printer company", and since "PC's are doomed", HP was also.  Now that the split has occurred, it's HP Inc. that's doomed, and HPE has already become invisible, except to a few specialists.

There are really two parts to this problem.  First, are they really doomed?  Second, can either one of them ever become great again?   "Doomed" in this context really means shrinking to a size where they will be purchased by another company -- chapter 7 bankruptcy with dissolution of assets almost never happens for corporations any more.  Big companies like HPQ and HPE can survive by shedding unprofitable assets for a long time.  Even after purchase, brands can stay around for a long time.  When HP merged with Compaq in 2003, the Compaq brand stayed around for at least ten years afterwards.  Both companies have decade-long contracts with organizations like government agencies that will produce revenue for many years regardless of what happens to the company's big picture.   If they're doomed at all, their doom will take the form of a long, slow fading away.

Can they achieve greatness again?  We need to understand what makes a great company to answer that.  A company has three constituencies: its customers, its employees, and its investors.  To be great, a company has to be great in the eyes of all three.  Customers want great products.   Employees want to build great products, but they also need great pay scales and great working conditions.  Investors want great profits.  A company also needs a compelling mission in order to pull these factors together into a coherent picture.   When HP was an instrumentation company, its mission was clear.  The mission of HP Inc. is coming into focus, while the mission of Hewlett Packard Enterprise remains very muddy and hard to characterize beyond "buy the stuff that we make and the things that we can do for you".

There's a chicken and egg problem here: it takes great employees to build great products; customers produce great revenue from great products, which allows management to support great employees and to return great results to investors.  It's an unstable dynamic system, which is seeded by investments and can grow in a virtuous cycle, or drain into a vicious cycle of deterioration.  It's also an open system, with strong exogenous influence from global economics and technological successions.  As global companies, both HP's have been battered by the global economic downturn of the great recession and by "currency headwinds" as the US recovers faster than the rest of the world. In the face of a leaky boat in a storm, throwing furniture overboard may buy some time to fix the leaks, but a boat without furniture is no longer great transportation.

The common control parameter on all three aspects of greatness is net profit.  Not necessarily profit margin per unit sold, but profit per employee and profit per share.  Profit per unit sold can be low as long as there are economies of scale in production and delivery.   These are obtained by delivering great products that "everyone" wants, and by focusing on simplification and sharing of product capabilities in order to obtain amplification of the effect of great components resulting in effective scaling without loss of attractiveness.  Both HP's produce more individual products and services than they can count, and this represents an absence of focus that prevents effective scaling, causing their margins to be lower than they could be.   Large catalogs can be effectively scaled by employing the principles of hierarchical decomposition that are second nature in software architecture, but the top levels of the hierarchy can't be coordinated without a coherent mission.

Of course the PC that represents HP Inc. isn't doomed, any more than Apple is doomed after posting the most profitable quarter by any company in history.  Ironically, the people who are writing those doom stories are writing them on PC's and they have no plans to change.  Anyone who thinks that you can get any significant work done on a phone, or even a tablet, is out to lunch, and it's probably a three-martini lunch as well.   Nor is HPI's other branch, printing, doomed, despite decades of hype for the "paperless office".   Ink on paper still has advantages in legibility in bright sunlight, long term information stability, and low power consumption that are unmatched by any existing technology.  People are still going to be taking books to the beach instead of tablets or even e-Readers for a long time. There are technologies in existence in various labs that may change this in the next ten years for the handheld device, but it will take many decades for ambient imagery, that is package labels and signage, to become active and ink-free.  In any case, HP Inc. has a plan for entering and dominating a new, highly hyped market, namely 3D printing with its Multijet Fusion technology.   Execution errors are always a possiblity, but an HP that has market-leading positions in notebook and desktop PCs and PC displays, and consumer printers and industrial digital printers in 2D and 3D promises a growth trajectory that could be compared to the HP of the 1960s through 1980s without embarrassment.

Hewlett Packard Enterprise has a tougher problem.  They are burdened with a four-part strategy with two and a half weak components.  The four parts are a server hardware line ranging from small business servers to supercomputers and HP's own NonStop brand of mainframe, an enterprise networking business with significant capability in campus wireless networks, a disjointed security portfolio, and a large services division whose mission is to pull it all together.

Just like the PC is doomed, the server and company-managed datacenter is doomed, except for the small market in the highest-end mainframes and supercomputers, displaced by cloud computing providers, which are dominated by Amazon Web Services with Microsoft Azure and Google Cloud Services following at a long distance, and a bunch of small companies that will be losers in an ecosystem where Metcalfe's law operates.  HP Labs has a project for a revolutionary computer architecture called The Machine, which if it succeeds, will put the final nail in the coffin of the storage media industry, which is already being disrupted by the displacement of rotating disk media by solid state flash memory.  HPE's enterprise systems division gets a large portion of its profit from their 3PAR storage unit, and will be disrupted as much as anyone by this technology transition.

A services business is an impediment to greatness, because it is so dependent on massive quantities of people.  These people are continually subject to being displaced by automation and other economies of scale, which cloud computing is driving to occur at a faster rate than ever before.  Un-automated people are a burden on profit margins.  The stresses on the morale of services employees continually fighting to not be below the line when the workforce reduction trimmer makes its next pass turns the employee's goal into mastering the internal politics of the company rather than solving customers' problems, which is a distraction that impairs productivity and blocks the achievement of greatness.  This is not only a problem for HPE Services; IBM, Wipro, Tata and other computer services companies have the same problem.  IBM's problems have been written about in depth by people such as Robert X. Cringely.

So the next big move for HPE is to spin off HPE Services somehow.  But without some other compensating move, the remainder of HPE will be below critical size for greatness, leaving it with the fate of other remnants of once-great computer companies that are still somehow surviving, like Cray, SGI, and NCR.

What else can HPE do?  One move is to strengthen its enterprise networking and security businesses. Networking capabilities continue to grow faster than Moore's Law, and enterprise campus networking will remain a field full of gaps waiting to be filled for the foreseeable future.  The wired LANs threading throughout buildings will be displaced by wireless LANs or 5G cellular microcells, but need for physical onsite infrastructure means that there is no company like Amazon on the horizon able to undercut every other competitor on price and offer more sophisticated services at the same time.

Stronger enterprise networking is not a significant enough change to compensate for the loss of a services division, but it provides a hint to a worthwhile direction.  Underneath the wireless future of office networking is the automated control of the buildings that support those offices, that is, the HVAC, lighting, and security systems.  These are part of the trendy, explosively growing Internet of Things environment.  HPE could achieve significant product synergies by acquring a building management systems company such as Johnson Controls, and optimizing their management and security to work with HP networking infrastructure.  Johnson Controls itself is probably inappropriate at this time due to its pending merger with Tyco and their investment in legacy systems, but a smaller, more progressive company in the same area would offer a strong foothold in the IoT space for HPE to build on.

The next step in IoT development beyond building management would be factory systems management refreshment.  Manufacturing SCADA systems worldwide are notoriously old and insecure, and need to be upgraded to modern capabilities.  HP is known for its ability to drive and implement open standards; manufacturing IoT is small enough for HP to have a significant impact on it, rather than being a passive recipient of server orders from giant companies like General Electric that have already announced their intention to focus on IoT as a key portion of their corporate strategy.

I haven't mentioned software in this discussion, because HP has always been at its heart a hardware company.  HP's forays into software-dominated businesses have almost invariably been failures.  Autonomy and Palm are notorious failures by HP; does anyone even remember Mercury Interactive?   Software companies need a critical mass of executives who understand programming and programmers, and an HR department that can structure compensation and benefits structures that correspond to programmer and software architect design skills and workstyle needs.  Trying to combine the hardware engineering culture with the software development culture is an almost impossible task, and the culture clash friction will be an impediment to greatness.  Because of its low manufacturing costs, success in a software business is dominated by Metcalfe's Law, which implies that there will be only a few huge successes in any area, and a long tail of also-rans that will inexorably fade away.   Solutions that are tied to hardware are immune to attack by free software, since the free software reduces the market equilibrium cost of the hardware-based solution, rather than reducing its price.

I haven't mentioned security, because security is an attitude, not a solution.  There isn't a unified security market or security industry.  Security remedies only exist because of security failures somewhere else.  In fact, you could say that "for every product or solution, there is a corresponding security product or solution".   Yes, this applies to security products themselves -- we call the corresponding security response to failures of security solutions "defense in depth".  In other words, there is no possibility of a comprehensive, coherent security portfolio -- there are only a bunch of partial, point solutions.    Trend Micro announced last October that they would buy HPE's TippingPoint intrusion prevention system product line, although there's been no followup news four months later.  In order to bring more coherence to its solution portfolio, HPE needs to either acquire a full-range security company (doesn't seem likely to me) or get rid of the remainder of its security products, ArcSight and Fortify.   Like there is "no silver bullet", there's no single path to security greatness -- greatness in security is a side effect of greatness elsewhere.  HPE's path to greatness doesn't want sideshows.

As with HP Inc., Hewlett Packard Enterprise has severe challenges in execution along its return to greatness plan.  Even assuming perfect execution, successful strategies for HPE are very hard to imagine.  This is one of them.

Friday, February 12, 2016

Why Windows 10 could be the most secure mainstream OS 

Because of Isolated User Mode and Device Guard.  Start by remembering that kernel bloat is an insidious disease.  I'm not going to expound here on why kernels should be kept as minimal as possible, and separated by hardware protection from all other functions, just take that as a basic premise.

In the beginning, there was no separation between user processes and kernel processes.  MS-DOS and early versions of Windows are examples of this, as well as the first 9 versions of Apple's OS.Separation of kernel mode from user mode famously begain with MULTICS, with 8 "rings" of protection.  Unix, as a simplification of MULTICS, has only user mode and kernel mode. Windows NT introduced separation between user mode and kernel mode into the Microsoft world, while OS X introduced it to the Apple world.  OS X incorporated the Mach microkernel, which put device drivers in hardware-separated space.  For a long time OS X was the most secure kernel of any mainstream OS.  But Apple succumbed to the temptation of kernel expansion, and its kernel is now as bloated as any.

Windows after NT, like Unix and Linux, was always a fat kernel.  But Windows is less secure than Linux because users normally have admin access, which allows a malicious user process to install malicious into the kernel.  Once the malicious process is in the kernel, it can steal passwords and other secrets, and thanks to a weakness in Active Directory and Kerberos, can use them to move onto other systems in an enterprise using a technique called "pass the hash".   With pass the hash, the malicious code doesn't even need to wait until some user actually types a password, but can use the stored, encrypted password at any time.

Now, with Device Guard, device drivers are signed and isolated, so that a malicious driver can't be installed, and even if it's installed, its code can't get into the kernel in order to steal passwords and other secrets.

Isolated User Mode is even better.  It takes the stored, encrypted passwords and moves them out of the kernel, and into a hardware-isolated space.  Documentation on IUM is hard to come by, but there is a very good series of videos on Microsoft's channel9 video site where it is explained by Dave Probert.  Videos are usually pretty inefficient at communicating technical stuff,  but in the absence of white papers, these are pretty good.

Part 1: Isolated User Mode
Part 2: Isolated User Mode Processes and Features 
Part 3: More on Process and Features

Thursday, January 28, 2016

The Zeroth Law of markets with effective competition 

This is the one that market "analysts" never tell you about.   In a market with effective competition, prices fall to meet the cost of production.  Barring conspiracies to fix prices (explicit cartels, or implicit "gentleman's agreements"), there's always someone who is willing to trade profit margin for market share, leading to the famous joke "we'll lose money on every unit, but make it up on volume".  Unfortunately I've worked for companies that acted like this in real life.

The result is that you can tell how efficient a market is by how close the average participant is to bankruptcy.   Post-deregulation airline companies have a good example of this.  I've seen claims that since deregulation in 1978 the air transport industry as a whole has still not made a cumulative profit.

Financial economics has a very influential concept called the "efficient market hypothesis" which suggests that trying to pick stocks that beat the whole market is always going to fail over the long run.  The fact that there are many industries where nearly every participant is profitable provides clear evidence to me that the EMH is basically false.  But an academic economist can have a quite successful career exploring all the myriad ways that markets can fail to be efficient.

Thursday, January 14, 2016

The second law of unregulated market self-destruction 

The first law being "Unregulated markets destroy themselves" via monopolies, cartels, or other phenomena that result in price fixing and breakage of the price setting and production regulating functions of supply and demand.

The second law (okay, it's technically a hypothesis or conjecture at this point, but I'm confident about its correctness) is more complex. "Unregulated market economies destroy themselves" via a process whereby monopolism leads to concentration of wealth in high income brackets, and financialization of wealth management in contrast to invest leads to emptying of the middle class and corresponding loss of demand.  Loss of demand leads to lower prices, which creates a deflationary and recessionary death spiral.

If this sounds much like the situation that a lot of the world is in these days, and the "great malaise" that Joseph Stiglitz is writing about, that's not an accident.

Sunday, January 03, 2016

The new evolution slogan 

Darwin's original slogan, "Survival of the fittest" is confusing: "fittest" means something quite different from athletic capability, and "survival" has nothing to do with longevity.  Here's something significantly better:

Selective differential replication.

or in a somewhat longer form:

Natural selection of spontaneously varied different heritable characteristics.

It's amazing how difficult it is to condense the key concepts down into three or four (or 8) words, and how slippery that optimal combination of words is even when you've found it.   I've been searching for this phrase for years, and have forgotten it at least once even after discovering it.

Saturday, September 19, 2015

US crude oil exports and global security strategy 

In the U.S., export of crude oil is currently prohibited, and there is an ongoing debate about whether that rule should be changed.  The success of hydraulic fracturing in opening up new supplies of oil has driven the domestic price of oil below the global price, and oil producing companies are laying off employees left and right because oversupply has driven the price below the cost of production.  Those companies see a global market with higher prices, and are frustrated that they are not allowed access to it.

But if oil companies are able to sell globally at a higher price, that will reduce domestic supplies, and increase domestic prices, which will be bad for oil consumers, and bad for the domestic economy, so the politically sensitive regulators in charge of the export rule are would not be inclined to change it as long as they place the interests of voters ahead of the interests of oil company lobbyists.

So, what are the interests of US citizens, and can they be aligned with the interests of the oil companies?

The geopolitical argument for keeping the no-export rule is that the US gets mired in Middle Eastern troubles because we're dependent on foreign oil imports from countries like Saudi Arabia.  The sheikdoms and kingdoms in that region are as far from democracy as it is possible to get, and they support extremist religious ideologies like Wahabism that lead to war and terrorism.  But they have lots of oil, which we need and our European friends need, so we have to be nice to them.

If the US didn't need to import oil, the US could leave them alone to fight among themselves, and stop sending our troops and munitions to be killed and destroyed there.  So we shouldn't permit oil to be exported until the US achieves energy independence, and exports should be limited to only the excess after first satisfying 100% of US demand.

A longer term view suggests a different conclusion.  Allowing US oil to contribute to the global oil market will increase global supplies and reduce global prices.  This will reduce oil income to Mideast oil-producing states, and decrease their ability to finance their jihadist projects.  It will also increase domestic fuel prices, making renewable energy more attractive.  Increased demand for renewable electricity accelerates the technology-driven reduction in the price of renewable electricity.  Renewable energy is already cheaper than fossil energy in some regions of the US, and its adoption is being held back by regulatory shenanigans from coal and oil producers and by generation companies who are seeing their old power plants become uneconomical and major customers go away, never to return. Until room-temperature superconductors are discovered, there is no global market for electricity, and renewable energy is non-exportable.  Converting the world from oil to renewable electric power is good for both the environment and for US national security.   Lifting the no-export rule will accelerate this transition.

In the broadest analysis, civilization is at risk from deterioration in four areas:
Lifting the no-export rule helps with 3 of these four areas, so everyone should be for it, not only oil companies.

Monday, September 07, 2015

The Water Knife 

Paolo Bacigalupi's latest novel deserves a tweak to the old movie poster tagline "Ripped From Tomorrow's Headlines!"  Hollywood agents should be all over this property. Suppose James Bond worked for the South Nevada Water Authority instead of the British Government, in a landscape ranging from lawless slums matching those of Lagos or Mumbai to self-sufficient Chinese-built arcologies that would match any Bond villain's lairs in scale and luxury.  With Bond Girls who are not mere eye-candy: one a Pulitzer Prize winning journalist, the other am orphan Latina teenager with a .44 magnum pistol.

Not enough explosions, terrorists or smartphones, but plenty of gunfire, narco gangs and amputations in a world where Mad Max would feel right at home.  Refugees from Texas are a running joke.   It's all to realistic an extrapolation from today's incendiary political rhetoric and denial of the possibility that the 200-year drought that eliminated the previous civilization in the Southwestern US a thousand years ago could come again.   What will happen to your precious water rights then?   If Cadillac Desert serves as a precedent, it will take more than lawyers to keep the actual wet stuff flowing towards its rightful owners. The Water Knife don't need no double-0 license to do his work.

Saturday, August 08, 2015

Why tech is always a bubble 

Ten years ago, at the height of the previous big tech bubble, economist William Nordhaus developed a model of retention of benefits from innovations with the startling result that only about 4% of the value ends up in the creators' pockets. His paper "Schumpeterian Profits and the Alchemist Fallacy" captures his analysis. Alas, like too many economics studies, it's written up as "theory first, data afterwards". (Rhymes with that remark by the Red Queen in Alice in Wonderland). Nevertheless, it's a useful antidote to the hype coming from the Silicon Valley venture capital community about "unicorn" companies like Uber.

Tuesday, May 12, 2015

Cyber Incident Timeline 

Not every incident, of course, just the famous ones, in a nice interactive timeline.

Saturday, March 07, 2015

Seven ways the United States will end 

Political pundit Matthew Yglesias has a long essay in Vox arguing that American Democracy is Doomed, maybe not today, maybe not tomorrow, but inevitably.  Yglesias doesn't go into details of the precise mechanism of collapse, although there are two sidebars that look at some of the options. Dylan Matthews lays out a sequence of events in which the presidency becomes more and more powerful, achieving the reality of right-wing rhetoric of "dictatorial executive powers" while still remaining elected, and where Congress degenerates into little more than a rubber stamp for executive decrees. Ezra Klein predicts that the current mess will continue to deteriorate, but everyone will just muddle through, making minor changes that alter the functional trajectory so that it never reaches a point of total collapse.

These scenarios don't begin to cover the range of different ways that the US could come to an end.  In particular, they ignore the role of the states, which are much more diverse and effective than  journalists steeped in Washington gridlock can imagine.  Here's a list of ways this could happen.

Constitutional Dissolution

The Constitution provides for several ways that we could get to a situation where there's an official legally arrived-at declaration that "The United States of America no longer exists".

  1. Constitutional Convention.  Article V allows for two-thirds of both houses of Congress or two-thirds of the states to call a convention to decide on amendments to the Constitution.  No limits on the quantity or content of the amendments are given, except that a state may not be deprived of its representation in the Senate.  The legality of an amendment that completely eliminates the entire Senate could be problematic, but in an environment where such an amendment could be ratified you could be skeptical that anyone would care about such a fine point.  A constitutional convention would have the power to completely rewrite the document and give the country an entirely new form of government, or to make any number of lesser changes.
  2. Congressionally-initiated individual amendments.  This is the way that the 17 amendments since the Bill of Rights have been accomplished.  Article V again prescribes that two-thirds of both houses of Congress shall propose the amendments, There's nothing in the Constitution preventing the proposal of a single amendment consisting of the text that "Articles I through VII of this Constitution are hereby repealed."  Since there are 7 articles in the Constitution, that would be everything except the Preamble.
  3. A Secession amendment.  The legal basis for the Civil War was that there is no provision in the Constitution to allow for exit from the Union. Politicians from one state or another occasionally threaten to secede from the Union.  Texans are famous for believing that as a condition for joining the United States in 1845, Texas reserved the right to later split itself into up to 5 states.  There are dozens of more or less well-organized secession movements across the country.  But you can tell whether they're serious or not by whether they are reaching out to other states for support of an amendment to make their rhetoric legal, since that amendment would need to be ratified by three-fourths of the states.  None of them are.
  4. De-facto secession. Since the replacement of the Articles of Confederation by the Constitution the issue of how much the federal government can override decisions by individual states has been contentious. Although Section 10 of Article I of the Constitution requires Congressional approval for any formal Compact between states, in the 20th century the coordination of virtual oligopolies among airlines, phone companies, and other industries without any explicit collusion between executives has developed into a fine art.  States could begin to informally coordinate their laws with each other in areas where they do not conflict with Federal laws, and agree to link them together in much the same way as the National Popular Vote agreements link the behavior of individual states' Presidential electoral votes together. These linkages would form a virtual regional government encompassing multiple states, and when enough states began to participate in such a virtual government, their legislatures could coordinate the policies of their respective Congressional delegations to provide Federal approval of formal Compact agreements permitting the creation of armies and the negotiation of treaties with foreign powers, becoming a new country to everyone in the world except the remaining portions of the legacy United States. 

 Extra-constitutional Dissolution

  1. Successful secession. Some die-hard Southerners still argue that the Army of the Confederacy could have won the war if only a few blunders like Pickett's Charge at Gettysburg had been avoided.  After a few dozen years of the kind of Washington gridlock that Yglesias decries and the election of a feckless president rather than the great one that we had in Abraham Lincoln, the outcome of some new secession attempt might be something like "just let them go".
  2. De-facto dictatorship becomes official.  At some point the Imperial President that Dylan Matthews envisions can decide that he's had enough of this pussyfooting around and pretending to defer to Congress, and declare himself President For Life, or even Emperor. This sequence of events has happened more times than any but the most compulsive historian can count, and dates back to at least the takeover of the Roman Senate by Julius Caesar in 49 and 48 B.C.
  3. Military coup.  During the chaos surrounding the attempted assassination of Ronald Reagan in 1981, at a White House press conference immediately after the incident while Vice President George Bush was incommunicado aboard Air Force Two, Secretary of State General Alexander Haig was asked "who's in charge?".  Haig responded, "I am in control...here."  Until the Vice President finally arrived in Washington, at least in the mind of General Haig, the Constitutional order of succession had been suspended, and a strong military personality appeared to believe that he had taken over the country.  A few hours later, word emerged that Reagan had not been so severely injured that formal transfer of Presidential powers to the Vice President according to the rules laid out in the 25th Amendment to the Constitution had been necessary.  For those of us who had seen the movie or read the book "Seven Days in May", it was a scary moment.

Thursday, January 01, 2015

The world is not falling apart 

At the new year, the media are full of stories about how awful the past year was.  It's well known that good news doesn't sell ads as well as bad news, so it's important to maintain your perspective with information such as this article by Steven Pinker and Andrew Mack.

Sunday, August 10, 2014

past singularities 

I came across a post by Cosma Shalizi listing some evidence that the Industrial Revolution qualifies as a technological singularity.  Shalizi has a very good list of criteria that should be satisfied in order for a singularity to be recognized.   As someone who did research in cell biology and in social sciences at different times long ago, I think there are a lot more in the history of life on the planet.  Here's a list of candidates -- most of Shalizi's criteria are met by each one.  Note that when I say "discovery" I mean discovery by "selfish genes" or "memes" that spontaneously replicate and are naturally selected for, not by individuals.
  1. The sequestration of molecular replication in membrane-bounded cells
  2. The switch from storage of genetic information in RNA sequences to its storage in DNA sequences.
  3. The discovery of photosynthesis by the ancestors of cyanobacteria.
  4. The discovery of the rules for cellular differentiation, adhesion, and migration that led to multicellular organisms
  5. The discovery of backwards development by deuterostomes that led to internal skeletons rather than exoskeletons  Not saying that arthropods are bad, just that endoskeletons are better at growing big.  Deuterostome development certainly leads to other severe problems.
  6. [not saying anything about all the mass extinctions that led to mammalian domination of land animal life]
  7. The discovery of learning by imitation rather than individual trial and error
  8. The invention of controlled fire
  9. The discovery of information storage and retrieval from conspecifics by means of reverence for tribal elders, via "old wives' tales"
  10. The discovery and institutionalization of marketplaces
  11. The invention of writing
  12. The first industrial revolution
  13. The second industrial revolution of information technology, robotics & biotechnology
  14. The third technological revolution of controlled ecological engineering
Somebody should write a book.  Not me, I have other books to write.

Sunday, July 13, 2014

Android device encryption 

The description for Android 3.0 at https://source.android.com/devices/tech/encryption/android_crypto_implementation.html implies that only /data is encrypted. Two questions:

  1. What about / and other filesystems?
  2. Has anything changed with Android 4?

Sunday, April 13, 2014

Capital in the 21st Century 

Universally acknowledged to be An. Important. Book.
Reviewed by Paul Krugman.
Summarized by Matthew Yglesias.
Brad DeLong collected 12 early reviews by economists.
Econospeak has a succinct, balanced description for the politically inclined of Piketty for Dummies

Summary summary: when economic growth slows down, people who own capital still grow in wealth, while people who only produce labor, don't get any richer.   I haven't read the book myself (yet), so I don't know if the author has discovered these two facts:
  • "A rising tide lifts all boats" but  leaky boats don't rise as quickly, and their owners have to spend more time bailing than sailing.
  • The rich get richer faster.  They have access to expensive financial advice, and fancy high yield financial instruments that less wealthy people don't have the entry fees for.  They can afford to participate in higher yielding, higher risk investments because they can purchase complex hedging products that reduce their exposure to potential losses. (Update: Robert Solow recognizes this in his review in The New Republic.)
Typical conservative reaction: "Cool! anyone can become a billionaire!  It's Easy!".   Typical liberal reaction: "We must tax the rich more aggressively!"

What nobody has any ideas how to do: raise the growth rate of global economies, when resources are becoming harder to obtain, and processing them into valuable goods creates pollution, and can be done by robots in any case, i.e. by using capital rather than some wage-producing processes.

Saturday, November 02, 2013

Moore's Law for solar power 

Internet entropy strikes again!  The original version of this important article is gone from the Scientific American website:

• Ramez Naam, The Moore’s Law of solar energyScientific American guest blog, 16 March 2011.

However, even without having to invoke the Wayback Machine, there's a copy at IEET.

Update (9 April 2014):  The Telegraph declares victory. That is, the tipping point where solar power without any subsidies is cheaper than all forms of fossil fuel, has already been passed in 19 global regions, according to Deutsche Bank.

Update 2 (June 2014): The v7 edition of the Lazard Levelized Cost of Energy study, dated August 2013, indicates that by 2015 (next year!) utility-scale solar plants will have a lifetime ROI greater than fossil-fueled plants in 6 of the 10 largest US metropolitan areas.  In the light of this transformation, in late May, Barclays "downgrades the entire electric sector of the U.S. high-grade corporate bond market".

Monday, October 28, 2013

Tradeoffs in Cybersecurity 

The ever-insightful Dan Geer made a very interesting talk at the UNC Charlotte Cyber Security Symposium earlier this month.  He's put the text up on his website.  Anyone who's concerned abut the tension between cybersurveillance and civil liberties should read it and understand it.

His final paragraphs summarize his argument:
The total surveillance strategy is, to my mind, an offensive strategy
used for defensive purposes.  It says “I don’t know what the
opposition is going to try, so everything is forbidden unless we
know it is good.”  In that sense, it is like whitelisting applications.
Taking either the application whitelisting or the total data
surveillance approach is saying “That which is not permitted is

The essential character of a free society is this: That which is
not forbidden is permitted.  The essential character of an unfree
society is the inverse, that which is not permitted is forbidden.
The U.S. began as a free society without question; the weight of
regulation, whether open or implicit, can only push it toward being
unfree.  Under the pressure to defend against offenders with a
permanent structural advantage, defenders who opt for forbidding
anything that is not expressly permitted are encouraging a computing
environment that does not embody the freedom with which we are
heretofore familiar.
This is the latest corollary of the basic law of strategy attributed to Carl von Clausewitz 195 years ago, that the defender needs to be successful hundreds of times (in cyberwarfare, hundreds of millions of times), while the attacker needs to be successful only once.  In order to be totally effective at defense, one must have totalitarian control over the environment and all the actors within it.

Or, as Benjamin Franklin put it 250 years ago:
They who can give up essential liberty to obtain a little temporary safety, deserve neither liberty nor safety.

Tuesday, August 06, 2013

Red Plenty -- A dream that failed 

I don't know why there was so much puzzlement about this book when it came out. It's a historical novel, albeit a thoroughly documented one, with 70 pages of notes and references. It's about a period a long time ago and very far away now, the Soviet Union of the 1950s and '60s. It's also a novel of ideas, and the idea is that centrally planned economies can produce a material utopia in which everyone works at what they are good at, and everyone receives everything that they need, without the soul-destroying, self-destructive overshoots of capitalism.

I was in elementary school and high school during this period, and was made to read FBI Director J. Edgar Hoover's book "Masters of Deceit" in order to know how evil communists were. I seemed to be one of the few students who realized that we were being fed propaganda, but I didn't have access to Marx's Capital or even the Communist Manifesto, so I was simply left with the impression that we were supposed to be opposed to commies simply because they were the bad guys, in the same way that the Aggies were the bad guys if you were a UT or OU football fan. This kind of an opposition didn't seem worth destroying the world in a nuclear holocaust for.

In Red Plenty, the characters are simply trying to get by in a rickety, inflexible economy that doesn't really respond to their needs, just like wage-earners in the US. But they have as a secret advantage in the person of Leonid Vitalevich Kantorovich, a real person and a genuine genius, who invented the mathematical method of optimization called linear programming, at about the same time that the American George Dantzig did. Both Dantzig and Kantorovich received the Nobel Prize in Economics for their achievements.

It was linear programming that Soviet economists hoped would push their economic system over the threshold from failure to success, by allowing the myriad of dependencies between all the supplies needed to produce a washing machine or an overcoat or a limousine or a long-range bomber to be identified and coordinated so that every component part was produced in just the right amount without surpluses or shortages that would prevent each end product from being pulled together in just the right quantity needed. In capitalist economies, the coordination problem is solved by a myriad of free markets, but markets lead to profits and profits lead to capitalists, and in the Soviet Union, that could not be allowed. So marketless central economic planning had to be made to work, regardless of the consequences. And the consequences were severe, and even then, economic planning failed.

Red Plenty is a much richer story than can be captured in a few paragraphs - it deserves extended analysis by many authors. And it has received these analyses in an internet symposium by a distinguished team of high-end bloggers organized by the "editors" of Crooked Timber. In addition to some of the usual Crooked Timber contributors such as John Holbo and John Quiggin, it contains essays by economists Brad DeLong and Cosma Shalizi, and writers Ken MacLeod and Kim Stanley Robinson, among 14 others. This amounts to an open review journal study, since in addition to the symposium essays, as a blog each essay was allowed to have comments from any reader who cared to reply. Some of the comments are extremely insightful, though others are extremist, intolerant, and/or uninformed, as blog comments will be.

The highlight of the symposium for me is the essay by Shalizi, who uses computational complexity theory to explain that the planning process itself is simply too big and time-consuming to work in a real economy, even using today's hyperscale computers that are millions or billions of times more powerful than the BESM-6 mainframes available to Kontorovich and his colleagues.

Of course, economic interactions are often nonlinear and would have to be addressed by a generalization of linear programming rather than directly with LP, but while the complexity of mathematical optimization is robust to some kinds of nonlinearities ("convex functions"), many of the nonlinearities in real economies are concave, and the known algorithms for optimizing them are much slower (exponentially slower) than those for linear or convex functions.

Worse than that, in economies that are not planned, such as market economies, it is impossible to predict their future behavior. The reason for this follows from the diagonalization argument used by Goedel and Turing in their proofs of incompleteness and undecidability. As soon as you make a valid prediction about an economy, someone can take that prediction and use it to arbitrage the markets that are predicted, and the money that is involved in exploiting those predictions will affect the market itself, and thus invalidate the predictions. There is quite a bit of interesting research to be done in describing the magnitude of those invalidation effects.

It's not clear that capitalism can be saved from recurring, unpredictable disasters, but we know that the Soviet Union could not be saved. Red Plenty may change your view of that collapse from a triumph of capitalism to that of a tragedy of socialism.

Thursday, August 01, 2013

Visualizing privacy breaches 

David McCandless has created a website titled Information is Beautiful, to help promote better visualizations of information.  One of the pages that his team has created is titled "Worlds biggest data breaches" but lists "selected" incidents, so you can't be sure that it's representative.  These are really privacy breaches involving only personally identifiable information, so the 700,000 secret documents obtained by Bradley Manning and distributed by WikiLeaks aren't shown. Additionally, Information is Beautiful is a visualization team, not a security team, so the page may not be updated with new data in the future.

Nevertheless, the graphic has some quite cool interactive features, like the ability to filter by Method of Leak. This is very useful to a security manager who's trying to decide which kind of breach to focus preventive resources on.  If you can't address all possible risks, you should focus on the ones that are most likely to cause significant losses.  The biggest one is "hacked", but this usually means that the organization's admins were sloppy and didn't follow the security team's directives, thus letting the hackers in.   Breaches of organizations that are doing everything right, are actually quite rare.

Edward Snowden & the NSA 

More noise than signal in the punditocracy, but a few insightful analyses can be found:

I know that there's at least one more analysis of this kind depth out there somewhere, but I can't find it now.

Wednesday, July 31, 2013

Security vulnerabilities in life-critical software 

Nick Schetko has a very nice overview of the problem in the financial website Minyanville, of all places, titled "Pacemakers, Cars, Energy Grids: The Tech That Should Not Be Hackable, Is".   The article mentions air traffic control software and the new generation of vulnerabilities to GPS jamming and spoofing, but doesn't mention aircraft flight control software itself, the stuff that allows "fly by wire" piloting, the scary insecurity of medical care systems such as radiation therapy systems, ICU monitors and drug prescribing and delivery software, and industrial process control systems.   If chemical companies aren't careful, facilities can become weapons of mass destruction instead of mere tragic accidents such as Bhopal and Seveso.

The forgotten history of the other internet 

Nice article from Andrew Russell writing in IEEE Spectrum, "OSI: The Internet That Wasn’t.
How TCP/IP eclipsed the Open Systems Interconnection standards to become the global protocol for computer networking."  You can see some of the reasons for the success of TCP/IP in the article, but the most succinct summary to me remains the slogan "rough consensus and working code".   This principle guarantees the triumph of useful technology over the politico-bureaucratic warfare that too often characterizes processes like ISO standards-making.

Monday, March 25, 2013

It's addictive, why isn't it illegal? 

Modern processed food products, that is.  I just came across a wonderful NY Times article, The Extraordinary Science of Addictive Junk Food, which explains how food manufacturers have tuned their products to be so compelling.   I happen to be one of the victims.  While I can stay away from most processed food products, put me near a bag of anything from the "salty snacks" grocery aisle, and I can't stop until the bag is empty.   Far more insidious than irukandji box jellyfish venom, these products have identified a bug in the biological program that manages human survival that is just as remarkable in the way that they evade the normal defense mechanisms.

Sunday, January 06, 2013

Antifragility: Luck favors the prepared mind 

Nassim Nicholas Taleb gives away the store in this excerpt from his new book at John Brockman's Edge blog.  In an excerpt titled Understanding is a Poor Substitute for Convexity (Antifragility), he lists 7 rules for building a system that can take advantage of black swan events.  Here are the rules:

  1. Convexity is easier to attain than knowledge (in the technical jargon, the "long-gamma" property)
  2. A "1/N" strategy is almost always best with convex strategies (the dispersion property)
  3. Serial optionality (the cliquet property)
  4. Nonnarrative Research (the optionality property)
  5. Theory is born from (convex) practice more often than the reverse (the nonteleological property)
  6. Premium for simplicity (the less-is-more property)
  7. Better cataloguing of negative results (the via negativa property)
Property 2 is the real secret.  Convexity means that given an equal number of wins and losses, the total winnings will exceed the total losses.  Structure the game like this, and you'll go home wealthy.

In information security, this implies that the goal should be to ensure that catastrophic breaches are structurally impossible.  Once you've assured this, you can drive the ongoing the ankle-biter attacks down to a dull roar level that can be tolerated indefinitely.  Network engineers avoid catastrophic failure with techniques like carrier diversity.  Unfortunately, they still mostly allow the Cisco vendor monopoly to continue.

System architects in other IT areas haven't learned this lesson, either.  They still allow their entire enterprises to be dependent on "monocultures" of products from SAP and Peoplesoft and the like.   Here the herd instinct predominates.  "Nobody ever got fired for buying from IBM" -- if IBM, or ADP, or salesforce.com goes down, everyone else goes down too, and you can't be especially blamed.  But if you had diversified, then your enterprise wouldn't have gone totally down, and you would be positioned to step in while your competitors were struggling or failing, and win big.

Wednesday, December 26, 2012

"Occupy Wall Street" - a pretend revolution 

Best analysis yet: The Baffler, which appears to be a left-wing magazine reincarnated as a "little magazine" published on paper by the MIT Press and online as well, has an insightful analysis titled "To the Precinct Station: How theory met practice …and drove it absolutely crazy" which describes how the OWS "movement" was co-opted by academics who were more interested in "theory" and "community building" than they were in creating an effective, lasting organization that could accomplish the hard work of doing what needed to be done.  In the end, participants in the OWS campout were just in Zuccotti Park for the carnival, fooling themselves about changing the world just as much as conservatives were fooling themselves about the state of the voters in the recent election.

Sunday, October 21, 2012

Top 3 reasons why conservatives hate conservation 

I've been puzzled for a long time why political conservatives are almost universally opposed to any measures to preserve and protect the natural world.  You'd think that the conservative desire to keep things as they are would extend to keeping the great mountains, forests, plains, rivers, and deserts that North America has been blessed with in a pristine state, but it doesn't seem to work that way.   What's really going on?

  1. Inability to distinguish dominion from destruction.  In the Biblical story of creation, when God cast Adam and Eve out of the Garden of Eden, he gave them authority over all the living things of the earth.  Six thousand Biblical years ago, people didn't have the ability to do much more than protect their villages and livestock from large predators such as lions, wolves, and eagles with spears and arrows.  Now we have barbed wire fences that span continents, massive farm tractors that can do the work of 500 horses, and heavy earth-moving equipment that we use to literally move mountains in order to obtain the coal within them.  We can change entire ecosystems, and we do.  Conservatives need to take their Lord's injunction far more seriously, and cast off childish attitudes that they are helpless against the might of natural forces.   If I were God, I'd be asking "What have you done to my garden?  You have killed thousands of kinds of animals that I took care of myself because Noah only had only one Ark, and you have turned vast regions into lifeless deserts, and you are planning to do even more.  I have sent many prophets such as John Muir, but you have not listened.  Woe be unto you!"
  2. Viewing all of nature as a store of resources to be exploited.  Just like "the only good Indian is a dead Indian", the only good land is land that can be farmed or mined, preferably both.  But mining takes preference, regardless of its destruction of agricultural capability.  When I was young, my friends would go swimming in the nearby "stip pits" that had filled with water after they had been mined and abandoned without even restoring the topography back to its original gentle hills.  Before the EPA and related legislation required mining companies to replace their tailings, you could drive on US Highway 40 for a hundred miles through Indiana and Ohio -- the best farmland in the world -- and see nothing but hundred-foot-high ridges of strip mining spoils, with the occasional giant excavator showing its masts above them.  But before it was farmland, those Midwestern plains were tallgrass prairie harboring hundreds or thousands of different species of grasses and insects.  Now that land is planted with genetically modified corn, soybeans, and wheat that is poisonous to insects, and cultivated with "no-till" methods that save fuel used for plowing by saturating the soil with herbicides, so that broadleaf weeds and prairie grasses cannot survive.  The result is mile after mile of a single-species landscape that is held hostage to the patent-protected seed stocks of Monsanto and Pioneer Hi-Bred, and can be catastrophically wiped out by unplanned weather conditions or invasive, pesticide-resistant fungi or caterpillars.   To the conservative, this is good, because it allows those companies to extract higher profit margins today by deferring the cost of damage to future generations.
  3. Nature is the ultimate outgroup. Conservatives are an exclusionist movement.  They want everyone to think like them, and they spend a lot of time arguing about who is a true believer and who is, for example a "Republican in Name Only" and attempting to expel them from their group.  One suspects that if the technique hadn't been invented by the Chinese Communists, that they would be using "self criticism meetings" in order to shape behavior.  Religious groups with their affirmations of commitment serve a similar function in "separating the sheep from the goats", and driving all differences towards the core beliefs, regardless of merit.   Nature, of course, was there first, and it cannot be controlled, directed or shaped.  Whatever your religious or political doctrine, nature will not follow it.  This must not be allowed.  To the conservative ideologue, untamed nature cannot be permitted to have any legitimate status in the community.
Liberal conservationism has its problems with preserving the natural world as well, notably the notion of a "natural state" that can be defined and preserved in stasis forever, notwithstanding that it was created by billions of years of perpetual change, the idea of the "noble savage" untouched by civilization who must be kept ignorant and deprived of its benefits in health and comfort, and the notion of vountary poverty that would save the world if only everyone would give up lighting, heating and air conditioning, and travel.  But that's a different discussion.

Friday, September 07, 2012

DE4 component submodels 

A fragmentary note on a bit of structure transcribed from some scribbling on the whiteboard in my office - food for thought:


Saturday, July 07, 2012

The next 236 years 

Eric Roston at Bloomberg.com asks "Can the U.S. Economy Be Sustained for Another 236 Years?" with a predictably unsatisfactory answer.

I'm sure that in 1888, when the U.S. Census declared the American Frontier to be closed, and there was no more "unoccupied" land left to be taken by the white man, and the US was still in the chaos of Reconstruction from one of the worst civil wars in history, making what's going on in the Middle East now seem like child's play, people were reasonably asking whether the country could survive another 112 years like those that had occurred since 1776.

And the the millennium occurred and those 112 years had been survived with substantial success. The U.S. economy in 2012 with air conditioning, jet airliners, internet video, and electric automobiles, not to mention hedge funds and risk arbitrage, is very different from "civilization as we know it" in 1888.

I have no doubt that the US and its economy will be as different in the year 2248 as an economy of 50 states is different from that of 13 English colonies. There is no doubt that many politicians will continue to be venal, corrupt hacks, as they have been for the past 236 years, but they will probably still have been elected by a majority of voting citizens who will get what they asked for.

Saturday, June 30, 2012

Leaderless movements 

Hugo Dixon of Reuters, in a "Commentary" article there, tries to explain how The Revolution Will Be Organized. The title could be a play on Gil Scott-Heron's classic The Revolution Will Not Be Televised.

I have a brief counter-commentary -- They're both wrong:

"Meet the new boss, same as the old boss." The author and his academic sources don't seem to notice the contradiction in what they're saying. That is, that democratic movements can't succeed unless they are undemocratically organized with a dictatorial head or junta to "knock heads together and get everybody to stick to a plan." Karl Marx believed that there would be a "dictatorship of the proletariat" which would fade away to produce true communism. The Soviet Union's dictatorship did indeed fade away, but it was followed by the pseudo-democratic autocracy of Vladimir Putin, not by communism. The Romans tried electing their "dictator" who would voluntarily step down after the wars were over, but that didn't last long, ending when Julius decided to call himself Caesar and become emperor rather than step down. It's not yet politically or academically respectable to say that all forms of government evolve to become dictatorships or monarchies, so we end up with incoherent articles like this one.

Face it, democracy is hard. It requires the people to elect representatives, not leaders. It requires the people to communicate thoughtfully with those representatives, and the representatives to reasonably and thoughtfully work with each other on common problems. When major political movements are based on the premise that negative campaign ads work better than constructive discussion, that cooperation is evil and that members of other political parties are traitors, democracy will continue to deteriorate.

Social media have the opportunity to bypass power-hungry leaders and allow the people to communicate directly with each other, making it possible for leaderless democratic movements to react and refocus more efficiently and rapidly than ever before, but their technical architecture with centralized software and servers makes them just as corruptible as the old fashioned political machines that used smoke-filled back rooms instead of giant server farms.

This page is powered by Blogger. Isn't yours?