How A-Bomb Testing Changed Our Trees
Back in the 1950s, the Americans, the British, the French and the Russians tried to impress each other by “testing” atomic weapons. This involved blowing up multi-megaton bombs in the air in remote places, but the explosions didn’t stay local.
This is an interesting tale of Carbon-14 created by our “activity”. Carbon-14 in the trees, Carbon-14 in Human DNA. This is allowing the study of cell life, etc..
I am not sure where to take this other than to tell you all about it!
Posted in The police in Meghalaya have decided that an ID requirement will reduce electronic crime.
Superintendent of Police (Shillong) Claudia A Lyngwa said strict directives have been issued to cyber cafés and CTCs in running their centres.
‘’Every visitor to a cyber café should produce an authenticated photo identity card (ID) like passport, college ID, PAN Card, election card, driving license or office ID,'’ Ms Lyngwa told UNI here today.
…
The cyber café owner have also been instructed to maintain a daily ‘in and out’ register with details mentioning the time of logging in and logging off for each visitor with name and address, she informed.
The SP said that licensed cyber café will also have to maintain a physical log book of users to be filled in by the user.
Ms Lyngwa said, ‘’cyber café should not have fully enclosed cubicles which isolate a computer user from other users.'’ The café will also have to maintain an Internet Protocol allocation/access log allocated to which machine when a blog of IP addresses used directly on different machines.
I’m ignoring the implicit falsehood that privacy somehow equates to insecurity.
Instead, I’m wondering what percentage of Indian cyber cafes are licensed? I’d be willing to take a bet that the number is fairly small.
Compliance with the law will be a tax on the law-abiding, making them less competitive and effectively driving more of the business to unlicensed providers–just what India, a country with massive street-level corruption problems does not need.
I know it seems obvious, but when attempting to solve a problem, the solution should not to create incentives that make both the original problem as well as tangential problems worse.
Hiring the head of risk for a failed investment bank to assess bank soundness seems a bit through the looking glass, don’tcha think? Even if he’s the best thing to happen to risk management since the invention of gambling, this going to be a tough sell on the credibility front any way you slice it.
In a move that is sure to put to rest the notion that there are no second acts in American life, former Bear Stearns chief risk officer Michael Alix has landed a job in the office of the Federal Reserve charged with assessing the safety and soundness of domestic banking institutions.
We suppose that Alix at least has plenty of experience with unsound banking institutions. He was the chief risk officer of Bear Stearns from 2006 until 2008. So, basically, he was the guy on the mast charged with yelling “iceberg” just before the titantic introduced its bow to a floating hunk of ice. Prior to that he ran credit risk management for Bear from 1996 to 2006, Jon Keehner at Bloomberg points out. That worked out just great.
Sometimes words almost fail me.
In many respects, this is similar to the people who hire (hopefully) former computer criminals as if they somehow know more about protecting networks just because they have hands-on experience with how not to do it.
In both cases, however, one of the bigger deterrents for many would-be miscreants, whether of the white collar or other more traditional criminal activities is the future deterrent of being forever unwelcome in what would otherwise be a chosen career or passion. This is part of why it is not illegal or even gauche to discriminate against convicted criminals in employment matters. By overlooking this bias at higher levels, it erodes respect for it at lower levels, which in turn reduces its deterrent effects (which are already minimal due to discounting) further down the ladder.
It doesn’t matter how good Alix supposedly was at his job. When you’re the CRO of a bank that fails due to poor risk practices, you should be a pariah, plain and simple. At least Nick Leeson paid his debt to society, which is more than Michael Alix will ever be able to say.
Update: More good commentary from Mark Thoma at Economist’s View on this one:
It seems that as chairman of the Securities Industry Association’s risk management committee, Alix was also an important part of the effort to convince regulators that investment banks didn’t need to hold nearly as much capital as their commercial bank brethren. Here’s a letter he wrote to the Federal Reserve’s board of governors in August 2003…
This, we now know, didn’t work so well, either.
But my favorite thing I found in my rooting around was Alix’s June 2004 House testimony on the topic of Basel II. One of the reasons investment banks should be allowed to use more leverage, he said, was because of the protective qualities of mark-to-market accounting…
This, we now know, not only didn’t work so well, but is also, we’re told, causing a lot of the problems we’re having.
Look, I don’t envy the position the New York Fed is in. I have the luxury of not having to go out and hire people who 1) deeply understand the operations of finance firms, and 2) are willing to take a job in the public sector. At the same time, I’m guessing I’m not the only person a little squinty-eyed over this one. …
No, Mark, you’re not.
Understanding how your environment’s controls are designed can be a very helpful thing. Consider this developer talking aboutgetting Chromium to work on Linux.
When Chromium was first announced in the beginning of September I was very surprised that it was a Windows only application given that WebKit is very much cross platform. The past few weeks I have been spending a little bit of time here and there hacking on the source code and thought I would write an update for those who are interested on the status of the native port of Chromium on Linux.
On day one you could checkout the source code on Linux and you could build some things. Of course all that you were building were some object files, nothing more, not even Webkit was being built. There was no test application, no linking and no Chrome.
From what I can tell nearly all of the development for Chrome was done on Windows in Visual Studio. There is even a c# tool that can be found in the sources. This lead to the case where the normal course of action when something didn’t build on Linux was to just disable it. So by the time that the release was made nearly nothing was being built. I am also pretty sure that the Chromium port was entirely different then the Android port
Starting with the glue directory I went file by file fixing the compiler errors. Developed in Windows there was fun fixes such as the Windows “String.h” include that was not used, but caused build breakage on non-Windows platforms. Many patches later a lot more builds and Linux. Linux is part of the build farm so as each file was fixed and enabled it became one more file that Windows developers could not break or their change would be reverted.
Once he gets the code to the point it will compile under Linux, he then uses the controls that exist in the software quality process to prevent the mainline Windows developers from checking in code that undoes his work on the Linux port. This is why automated software quality tools are generally a Good Thing.
Courtesy of a commenter at slashdot, source of all truly geeky wisdom, comes UNIX Russian Roulette:
[ $[ $RANDOM % 6 ] == 0 ] && rm -rf / || echo “You live”
(not that `rm -rf` is truly Russian Roulette, more like Russian Kneecapping)
Happy Friday, Everyone!
Something that I think we all know, but I had never really broken out as a coherent thought:
There are many risks which “everyone” acknowledges need to be reduced (and cannot easily be avoided), but which no one wants to accept. Of course, usually no one wants to pay to mitigate or transfer the risk, either.
Risks that are stuck in this particular form of Limbo are accepted, and no one should be allowed to claim otherwise.
Those who are not willing to either formally accept the risk or write the check to reduce it, are just contributing to the intellectual dishonesty that perpetuates the problem.
My personal favorite example of this problem is database encryption, especially for Personal Information. People inevitably claim to agree that “this must be done,” since that provides a certain degree of Get Out Of Jail Free Card, at least for notifications, but no one ever writes the check or provides the people to make it happen.
I’m suspect that you, dear reader, could also provide a few examples of your own.
According to the New York Times, I personally was a significant contributor to the current financial crisis ravaging the world economy. No, they don’t name me by name, but they do blame a capital adequacy calculation called “Value at Risk,”, along with an accused bias of risk managers in general for enabling the current crisis.
From the article:
We’ve had some bad days lately, and it turns out Bear Stearns, Lehman Brothers and maybe some others bet far too much. Their quants didn’t save them.
I called some old timers in the risk-management world to see what went wrong.
I fully expected them to tell me that the problem was that the alarms were blaring and red lights were flashing on the risk machines and greedy Wall Street bosses ignored the warnings to keep the profits flowing.
Ultimately, the people who ran the firms must take responsibility, but it wasn’t quite that simple.
In fact, most Wall Street computer models radically underestimated the risk of the complex mortgage securities, they said. That is partly because the level of financial distress is “the equivalent of the 100-year flood,” in the words of Leslie Rahl, the president of Capital Market Risk Advisors, a consulting firm.
But she and others say there is more to it: The people who ran the financial firms chose to program their risk-management systems with overly optimistic assumptions and to feed them oversimplified data. This kept them from sounding the alarm early enough.
Why do I feel blamed? Because I was the guy who actually wrote the code that the bank ran each night to calculate our VaR report and which the risk managers used to determine capital adequacy.
First off, I’ll add a caveat here, which is that I haven’t worked directly in capital markets risk management in almost ten years. Secondly, I’ll confess that I always insisted I was “just the programmer” when the discussions really got hairy–I wasn’t going to argue too much against a bunch of quants with doctorates in any or all of Mathematics, Statistics, Physics, and Economics. In general, though, their models produced what I felt was a reasonably accurate picture of VaR for our Foreign Exchange Derivatives business at the time.
That’s not to say there wasn’t pressure to produce less conservative risk estimates–traders have a “risk limit” which dictates how much money they can potentially lose at any given time. Since risk correlates to reward (through volatility–see Black-Scholes for more), that also put an upper limit on how much they could effectively earn in profit, and from that bonus. A good meta-metric of whether the models were suitably conservative was whether or not the traders were complaining about their inability to take risk: if they weren’t complaining, the models weren’t conservative enough.
Regardless of the complaints, Risk Management and the quants generally stood firm. Most of the quants were former academics, and viewed the accuracy of their models as a pursuit of truth. I was caught in the middle, with traders trying to tell me that “there’s no risk here!” for some position they wanted to take, but which the models said was too risky.
That’s not what happened in the current financial crisis that has been on-going for well over a month now (and will continue, albeit at a lower level of intensity for even longer to come). What happened here is called “Risk Layering,” where each party involved in the transaction convinces themselves that they have transferred their risk to some other counterparty. The risk doesn’t cease to exist, it just ceases to be accounted for. Risk is reduced by mitigation or avoidance. Ignoring and Layering only move it elsewhere.
In this case, the risk built up until reality finally came along and knocked the participants down. That’s not a failure of risk management as a discipline, but rather a failure of risk takers to utilize the available tools. So don’t blame the quants or the folks like myself who translated their wisdom into C, PERL and Java. That’s managing the blame, not the risk.
As I was walking back from voting this morning, a discussion of electronic voting came up. I think that the word Risk was never brought up when these systems were designed. Or maybe it was?
Lets build the next Amazon.com using electronic voting machines.
By some form of batch or manual entry the store information, pricing, etc. gets entered into all the machines people will use.
When it is your turn to use the machine you authenticate yourself to a person who directs you to a machine.
You enter your information into this machine and place your order which is stored on the machine.
Sometime later in the day a person removes the data from the machine and sends it to be processed.
The retailer does not really know what was entered into the machine. You have no idea if you entered the right information. You have no idea if the order actually was received, got processed, and you have no idea if your order will ever ship.
I think we can do better!
Note: My scan type paper ballot was not all that good either. Seems that they mis-printed one of the ballot items so you got a second paper that told you what the real wording is and you voted yes or no to that new wording; long and sad sigh. Well at least there is a partial paper trail and no hanging chads.
» Site R
I’m not sure if this Wired News story about how to visit a top-secret nuclear site makes me feel better or worse about my own day-to-day challenges.
The first rule of Site R is: You do not talk about Site R. Or, as the security guidance about the Pentagon’s nuclear war bunker (AKA Raven Rock Mountain Complex, or RRMC), states: “Avoid conversations about RRMC with unauthorized personnel.” The other two rules of Site R are: “Do not confirm or deny information about RRMC to reporters or radio stations,” and “Do not post RRMC information on Internet web pages.”
We might suggest a fourth rule: do not send information about RRMC to reporters working on a travelogue about nuclear weapons.
…
But our interest in Site R was piqued by an announcement that was posted in 2006 on the website of the Defense Threat Reduction Agency (DTRA), the Pentagon’s nonproliferation agency.
…
If Site R is so gosh-darn secret, why did they post this notice, and more importantly, how did we get our grubby little mitts on documents relating to this conference, including an an informational overview, a “Welcome Package”, an agenda, security guidance for attendees, and a schedule of shuttles to Site R (which we are not posting)? Cunning subterfuge? A Deep Throat inside the mountain? A Freedom of Information Act request?
Sadly, we just asked for them. We e-mailed the contact person for the conference, provided our affiliation, and asked for the conference materials. We did say “please.”
Welcome to my life. If the Pentagon can’t keep people from posting information about Top Secret sites which only have value if they are complete secrets (Yeah, right!) on the Internet or disclosing it to journalists, what chance do I have?
Actually, I could excerpt and comment on pretty much the entire article, but they do a good enough job you should just read it for yourself. They discuss the obsolescence of bunkers both as a countermeasure (”if it’s not a secret, what good is it? A modern thermonuclear warhead would destroy it in an instant.”) and as a a base of operations for emergency response operations:
Are bunkers good for combating terrorism? Probably not. As the nation learned on September 11, what you want in the event of a terrorist attack is information: immediate, accurate and unfiltered. Site R, where government workers are stripped of their personal cell phones and PDAs, is arguably the worst place to be.
In fact, based on the conference agenda, the bunker is a problem in search of a solution:
So, what do bunker managers do at meetings like this? Judging from the conference agenda, they look for things to worry about: pandemics; electromagnetic pulse weapons; and biological attacks. But as one item on the agenda hinted — “Tunnel Collapse Briefing” — possibly the most dangerous threat to life in the bunker is the bunker itself.
This article is like a parable of the entire IT & IT Security industries. Even the people who supposedly know how to keep secrets don’t. We have tools that are only effective if they are a secret, but which we then must publicize so they can act as a deterrent. Much of the time, we are running around trying to find problems which match the solutions we have available, and even when we manage to get them up and running, we spend inordinate amounts of time trying to keep them from failing and taking the whole place down with themselves.
It’s only encouraging insofar as realizing you have a problem is the first step to fixing it.
To all my stateside bretheren and sisteren, it’s Election Day. If you haven’t already done so, go vote. Now. The Internet will still be here when you get back.