The World Wide Web Consortium (W3C) is standardizing over 100 specifications for the open web, in at least 13 working groups. The CSS Working Group alone is in charge of 50 specifications. This does not include work on Unicode, HTTP and TLS.
I read an article the other day, Pentagon to merge information networks. The following section caught my eye in particular,Defense Department leaders have decided that the best way to protect sensitive information from cybercriminals and internal leaks is to consolidate its 15,000 networks into a single “joint information environment.” JIE is a set of security protocols — which the Pentagon calls a single security architecture…Although the JIE is not a “program of record” with its own funding line, it will be financed under the Pentagon’s $23 billion cybersecurity budget. Leading the massive network integration effort is the Joint Staff, U.S. Cyber Command and Defense Information Systems Agency [DISA].
— via National Defense Magazine, 13 September 2013
Computing Reviews is the Association for Computing Machinery (ACM) publication review website. It isn’t scholarly journal peer review, but rather, book reviews and critique of trends and new developments in computer science and computing applications.
DDoS attacks manipulate vulnerable markets
The vulnerable market was the Mt. Gox Bitcoin exchange. In April 2013, Mt. Gox was overwhelmed by DDoS. The point, the company speculated, was to destabilize Bitcoin and fuel panic-selling. After driving market prices down, the attackers can then rush in and buy Bitcoin at the lower price. Obviously, this isn’t fair.
Life isn’t fair but Bitcoin must be
Life may not be fair in general, but securities and currency markets require fairness and avoidance of market manipulation in order to function. Without it, they will die. Trust is essential. Apparently, Mt. Gox was robust enough to withstand this volatility. The attackers were fortunate. In their pursuit of unfair profits, they are taking a selfishly short-term view. DDoS attacks could destabilize Mt. Gox, or any other entity that serves a similar purpose. If that happens often enough, or in sufficient size, it will undermine credibility in Bitcoin.
Mt. Gox wasn’t uniquely vulnerable. In the past few months, there were other DDoS related Bitcoin extortion incidents. BTC-China was brought down in September 2013, and BIPS, a European payment provider, experienced a DDoS attack two days ago, on 26 November 2013.
Regulation and volatility
Using DDoS for extortion is possible due to Bitcoin’s lack of fraud control measures, which would usually be imposed by regulatory requirements. Of course, market manipulation and extortion are possible even when there are regulations! (I suspect that if one wanted to, one could DDoS forex exchanges.) Regulation and law enforcement is partly responsible for discouraging such behavior. Market participants’ own self-restraint and willingness to obey the rules is equally important.
Bitcoin’s current price volatility is very high. That is unsurprising for a new financial product. Volatility isn’t inherently bad, but it should be caused by normal market activity, not manipulation due to DDoS-facilitated extortion. Bitcoin price volatility will need to diminish to no more than 25% in order for it to function as a viable currency.
If I were to trade or invest using Bitcoin, my first question would be, “What are the boundary values?”
- The number of Bitcoins is fixed at 21 million.
- Are there are price levels that have any contextual meaning, i.e. are associated with limits? For example, stock prices are always greater than or equal to zero. For fixed income markets, negative interest rates should not be possible. Is there a scenario where Bitcoin could ever have a negative value?
- Are there are vagaries of the block chain that would cause short term price or volume discontinuity?
- What about market dominance due to collusion? That can happen in many markets, especially commodity markets. There are scholarly articles that establish a floor beyond which Bitcoin can no longer function, specifically, if there is collusion of selfish miners such by a Bitcoin mining pool.
The financial press and even well-known information security personalities seem to be caught up in the thrill of Bitcoin. The odd aspect is that some don’t seem to distinguish between good news and bad, as with Mt. Gox.
The excitement is infectious. Perhaps it is a means of escape from interminable and usually dreary economic news, as well as the powerlessness most of us feel about monetary policy and government in general.
If a message originates from a familiar name or email address, its likelihood of making it through spam filters is greater.
Google described their efforts to minimize harm to users due to email account hijacking:
“Our security team…saw a trend of spammers hijacking legitimate accounts to send their messages. [We developed] a system that uses 120+ signals to…detect whether a log-in is legitimate, beyond just a password.”
Less than 1% of spam emails make it into a Gmail inbox.
The number of compromised accounts decreased by 99.7% since 2011. That’s impressive, for a sustained reduction! How does Google avoid false positives? I am so curious about the specific details of their filtering rules!
The blog post was written in March 2013. It is remarkable that the same methods continue to be effective, as Gmail spam-attackers would perceive this as a new challenge to be overcome.
I suspect that Google’s methods are analogous to those used by the U.S. Department of Health & Human Services’ Centers for Medicare & Medicaid Services (CMS) in detecting medically unlikely edits (MUEs). MUEs can be accidental, due to claim coding or data entry errors. MUEs can also be deliberate, when there is fraudulent intent, e.g. by filing for more services, or for more expensive services. Regardless of intent, MUE identification reduces paid claims error rates.
How will the Affordable Care Act impact existing processes for detecting MUEs, and for setting benchmarks? CMS does not disclose its MUE criteria for the same reasons that Google will not reveal details about their 120 signals.
Continuous improvement is a part of life, for email-spam account hijackers, Google and the fraud detection team at the Centers for Medicare and Medicaid Services.
I wrote a post about health care, with a much more Ellie-centric theme, a few years ago. That was when I worked as statistician for ACCCHS, Arizona’s state-administered Medicaid/Medicare program, monitoring program performance and quality of care.
he date was March 1998. The Internet was at a critical decision point, as the U.S. government considered what infrastructure should be privatized, how to share or cede responsibility to other nations and how to transition to an e-commerce based future over the following decades.
IANA (the Internet Assigned Names Authority) was a U.S. government run entity at that time. The following are some of the more interesting portions of Robert E. Kahn’s testimony to the House Science Subcommittee on Basic Research on the subject of Internet Domain Names, on 28 March 1998.
I found an oddly contemporary-looking New York Times article that is in fact, quite vintage for the Internet. It begins with a review of a most peculiar e-commerce company:
doing business with Newprayer.com may require a leap of faith.
– Compressed Data: Beaming Prayers to God’s Last Known Residence
via The New York Times Online, 31 August 1999.
The Internet Fraud Watch for the National Consumers League was deluged with complaints about fraud on the Net, having received 7,700 last year and 6,000 through the first six months of 1999.
If they only knew what was to follow, in less than ten short years.
Digital rights management
The next article was about a new “pact” between Adobe and Xerox, to address the needs of companies
…seeking a way to prevent the rampant piracy that has plagued the digital music industry from overtaking digital publishing. The technology, called Content Guard, is to be announced at the Seybold 21st Century Publishing Conference in San Francisco.
When was the last Seybold 21st Century Publishing Conference, I wonder? Not for awhile. The proposed approach seems so straightforward! It would be
integrated… with Adobe’s existing PDF format for distributing documents on line… publishers that have agreed to adopt the technology, include Thomson Learning, the National Music Publishers Association, and Haymarket Publications, a European business publisher.
Content Guard was expected to be superior as a form of digital rights management software, as it was
based on an industry standard: Java, an Internet programming language developed by Sun Microsystems.
I just received my n-th zero day patch for Java last week. Yet Java lived up to this part of its promise, and still does:
The flexibility of Java would allow users to read Xerox protected documents [and non-Xerox protected documents too] on various types of software operating systems using any of the standard Web browser programs.
I don’t think Adobe had fully enabled the following functionality in PDF’s viewed with Adobe Reader until much later; I have rarely seen it used, even though it is available:
Publishers, corporations or individuals could specify who had access to the document, set a time frame for protection and even designate the type of authentication (like a password or a fingerprint) needed to read the document.
Adobe introduced these features in 2009, with the exception of fingerprint authentication for most of us, for digital signatory and general purpose security rather than digital rights management purposes.
Anagrams for free
I’ll end on a more positive note, rather than gloomy nostalgia. The wonders of natural language processing were just emerging into the larger population.
The letters that form the name Boeing can be rearranged to spell “big one.” Time Warner can be converted to “mean writer.” And the title of Rupert Murdoch’s sexy London tabloid The News of the World is an anagram for “tender, hot flesh — wow.” These are just a few of the possibilities in business anagrams, a game being played by office workers throughout the English-speaking world.
The language in the following paragraph caught my attention for several reasons. First, the exact and accurate wording, to “contact the server”, would be uncommon now in a daily newspaper.
To play, contact the Internet Anagram Server at
www.wordsmith.org/anagram, which provides immediate answers, or another site called Anagram Genius Server at
www.anagramgenius.com/server.html, which gives a more considered response and replies by e-mail after a few minutes or hours, depending on traffic volume.
Then there’s the reminder of the absence of web apps, as the requested anagram is sent by e-mail, in minutes. Or hours.
At no charge, these sites will attempt to create anagrams from any word or phrase, not just company names. But somehow there’s a special mischievous thrill…
Emphasis mine. If you want to find out what that thrill is, read the New York Times article, linked above. I only hope that the New York Times will remain extant, rather than joining so many worthwhile news and information services, preserved for us only through Internet archives.
I’m sorry. I tried. Gloom won.
I found an old sentiment analysis application. It has very unglamorous packaging but a good algorithm under the hood. I ran the Twitter user id’s of the brightest people I know. well, know of, who are active Twitter users. The assessment of “bright” was subjective by me. All are acknowledged experts or advanced degree holders. Maybe half speak English as a second language, but are sufficiently articulate that their “essence”, well, intelligence shines through.
Guess what: It worked! I don’t know if anyone cares about this sort of thing, that really sharp successful people score well on this sentiment analysis indicator. That doesn’t necessarily mean it would have any predictive value. And no one seems to care much about this anyway. But what I’m saying is that most of these people only have okay-ish Klout scores e.g. 40’s. But they’re not trying to use Twitter for any particular social media purpose. Well, I don’t know that with certainty.
Can big data analytic methods be used for comparing Compounded Growth Rate (CGR) for a stock versus the industry median?
So they say
Comparing stock CGR’s with the industry median over time, then filtering those that exceed the median is computationally intensive:
The growth rate has to be calculated not only for every stock in the universe but also for the industry it belongs to. Typically, this kind of analytic takes tens of seconds to compute. The Eikon data cloud – through its proprietary ‘vega effect’ – decomposes the query into data retrieval, data level and application analytics and applies speed and scale to each layer.
This is accomplished by applying techniques such as
… efficient data retrieval algorithms, vectorisation, and parallel processing… the same analysis now takes less than one second to compute.
Such work required 30 seconds or even a minute using Microsoft Excel, 20 years ago. Modern MS Excel might require a full 5 or 10 seconds today…!
For a quick explanation that describes my personal outlook, glance at this recent Canadian Market Research and Intelligence Association (MRIA) post about big data as a phenomenon.
Next, I found an Adelaide commercial law blog that provided a more nuanced assessment of big data. However, it is consistent with the marketing researchers’ outlook, excerpt:
Big Data is somewhat of a misnomer because it is not like standard ICT* spending… it will be run with technical services [for] determining veracity through market sentiment. If an investment bank is trying to determine the initial share price for an IPO they would run trend analysis on similar companies while [gauging] investor sentiment. Big Data used in this way is… a likely competitive advantage for smaller companies.
* ICT is an abbreviation for “information and communications technology”.
The Royal Canadian Mint is the official mint of the Canadian government. In March 2012, the Royal Mint announced that it would discontinue all future production of penny coins. A week later, the Toronto Star ran a news story, in which the Royal Mint introduced the first national digital currency in North America, the MintChip.
A Royal Canadian Mint spokesman provided the following description:
MintChip doesn’t plan to link to a person’s bank account or credit card information. And unlike BitCoin, a peer-to-peer hosted digital currency with a fluctuating value, MintChip is simply a new way to exchange Canadian dollars. Plus, it’s backed by the Canadian government.
The MintChip doesn’t satisfy criteria for what I would consider a bona fide currency. Rather, it seems more like a type of electronic payment network for the Canadian Dollar.
A rather intriguing contest, MintChip Challenge was announced in the same Toronto Star article. MintChip Challenge was an app developer contest sponsored by the Royal Canadian Mint, with top prizes to include the equivalent of CAD 50,000 of gold bars and coins, in gold bullion, i.e. 99.99% gold.
The top comment on the Toronto Star article offered this suggestion:
Did you know that one of the leading proposals for how to use MintChip is for purchasing bitcoin? Because of the irreversibility of MintChip transactions, this would solve a lot of issues. See paragraph 6 of MintChip Misses the Point of Digital Currency via Forbes.
MintChip Challenge generated much excitement. The 500 entry spots were filled in merely four days! Prize winners were to be announced on 25 October 2012.
What’s up with MintChip?
The official website hasn’t provided much information. I was curious. Erstwhile gAt0mAl0 was curious too:
So what happened with MintChip – Canada’s digital currency? It has disappeared into the Bermuda Triangle of digital currency holes – a news blackout.
The denouement of MintChip Challenge was distinctly anticlimactic. gAt0mAl0 explains more about the Canadian MintChip, and Bitcoins too. Alternatively, you may prefer to explore gAt0’s rather impressive Bitcoin Mind map chart, featured in his prior post, Bitcoin and Forex Trading which I enjoyed much more than the entire MintChip mess, from start to muted finish.