Cracked, inSecure and Generally Broken

On testing and causal statements

2013-05-23T09:54:00.001+10:00

Always unintended consequences.

Whenever we start going down a path of implementing policy we need to think about the consequences. This is both the seen and the unseen.

It is perhaps most importantly the unseen. We cannot say that an intervention has achieved the best outcome and that is better than something when we have not actually compared it. This means when we look at a risk reduction process in information technologies or implement new economic policy or for that matter any other intervention we need to investigate it fully.

In business, good project managers and more importantly portfolio managers will investigate the various results and compare these against what is in effect a null hypothesis. That is they will compare a sample project against the status quo. When doing this we need to also contemplate all the alternatives. This is where many people fail.

More importantly when we are doing correlational studies and investigations that do not allow for experimentally controlled trials (this is gold standard double-blind testing), it is critical that we investigate causation in a rigorous process.

Austin Bradford Hill (1897-1991), was a British medical statistician whose great contribution to science was to leave us with a set of minimal conditions that are required to establish a causal relationship between two events. Hill's criteria has become the basis of modern epidemiological research. It is one of the mainstay methodologies that I use in my research both in evaluating economic effects and when investigating malicious software and other security controls. In particular it is useful in evaluating the human aspects of information security and risk. It is not just epidemiology but other fields such as economics that can benefit from this approach.

Hill's criteria is the basis of good scientific research where we are seeking to establish a causal relationship amongst social phenomena and in particular ones where we cannot engage in controlled trials. In some instances it is in fact better than a controlled trial as the process of creating a controlled trial changes the environment and creates a bias in many of the results. Although it is true that this controlled trial has provided the best answer to a particular problem is not always true that we are investigating the same problem. One example would be looking at studies of irrationality. The University controlled trials testing the reactions of students generally biased the results. In selecting risk trials for instance we take selective forms of risk that bias the results towards male or female risk takers in the study. Later studies have now shown that these original studies into irrationality have been the result of poor methodology with both women and men exhibiting similar levels of risk. What was demonstrated is that the forms of risk taking differ between men and women but overall the levels of risk a similar.

If we are to make a claim that population growth results in poverty or that capitalist governments cause poverty in developing nations or even that Keynesian spending results in the long-term growth them to be scientific in our approach we need to demonstrate causal relationship. Hill's criteria provides one of the ways in which we can do this.

For example, as an economic investigation we can formulate a strategy and hypothesis based on welfare based systems such as a guaranteed minimum wage.

It seems a good process and we have created a safety net. Again an issue is that we are also not thinking of the unseen events. This is what will occur if there was no welfare. In starting such a welfare system, the differential incentive to work decreases. This is not hard to explain.

Basically it is not poverty but a differential between income that people see as the greatest disparity. Even in Western nations where there is no need to be poor and in fact where most of the poor are wealthier than the middle-class 100 years ago what we see is a desire for more against those others in society.

So, the end result of such a policy is to have more people enter welfare. The result, those earning need to pay more for the increased welfare state. Less incentives for productive work. The differential decreases further making welfare more attractive and incentive's more onto state support. The result more welfare... A degrading cycle of creating more and more welfare.

This takes us back to Hill's criteria. Here we have nine criteria to measure any correlation effects against. These are:

A temporal relationship where the cause always precede the outcome. If there is some factor that is believed to cause an event and this must always necessarily precede the event. This first criteria is the most critical and essential of all of Hill's criteria. If this one is not true then that we have a correlation alone and no causal effect.
Next we need to consider the strength of the relationship. This is a statistical measure of the strength where the factors are highly related. We can look at the Pearson number for correlation as a means of testing this value.
Next there is a effect response relationship. This is a measure of input. As we increase the amount of one factor the other must also increase. For instance if we put more time into training people in security awareness then naturally for this to be causal in relationship we would have to have improved security. The improvement is not required to be linear and we may find that each incremental expense returns less but it must return something more than it would've if it wasn't there.
The fourth relationship is consistency. The results need to be replicable and repeatable. They should apply in different population groups and samples.
Next we look at plausibility. The association that we are purporting to exist needs to be supported by a valid theoretical basis. There needs to be some phenomena that can act in a manner that causes the result or event.
The sixth criteria is that we consider alternative explanations. Many so-called scientists fail here. They just assume a relationship matches with their understanding. It may be true that we can dismiss many arguments out of hand as they have already been investigated and shown to be false, but this does not mean that we do not consider alternative explanations. We must always consider multiple hypotheses prior to making any conclusion a about a causal relationship between events we seek to explain and investigate.
Experimental evidence is also important. Even though we cannot expect to completely re-create an event we should be able to implement an appropriate experimental regime that supports our causal argument.
Next there is a requirement that the causal effect is specific. This is one of the weaker criteria and we can demonstrate causal effects without it. The absence of specificity does not negate a causal relationship but the existence of specificity between associations does add additional support to the existence of a causal relationship. Here is important to always examine specific causal relationships with in a larger systemic environment.
Lastly we have coherence. Ideally any association we are purporting to exist should fit within the body of existing theory and knowledge. Their are ways of course to introduce new theory and Thomas Kuhn referred to these changes to the excepted theoretical basis of science as a “paradigm shift”. To reject the existing theretical basis of science we need to have a particularly good and strong proof and evidence supporting our new claim of causality.

The third of Hill's criteria, the effect response relationship is one that seems to be missing in much of the so-called science we see. For instance in carbon studies we should see a related increase in atmospheric CO2 leading to corresponding increase in global temperatures (all other things being equal). We should also see a corresponding and commensurate decrease in global temperatures as atmospheric CO2 levels decline. This is been something that is rarely investigated enhance which still relegates much of the climate study to pseudoscience.

In a couple of my publications for instance we looked at the effects of economic sanctions on criminal groups involved cyber crime. Two of these papers are:

“Criminal Specialization as a Corollary of Rational Choice” (2012)

and

“Territorial Behavior and the Economics of Botnets” (2012)

In demonstrating the economic effects of a policy designed to reduce cyber crime we need to investigate all of Hill's criteria. In this instance what we find is that cyber criminals are rational actors. Like most other people in society when they're acting individually they act in their own rational interest. When they are offered opportunities that provide better returns for low risk they will take these over the antecedent of a poor return or one with high risk.

Of course the current answer to this and the mainstay of many Keynesian economists that propagate government circles is to argue that what is rational for the individual may not be rational for society as a whole. They argue that irrationality comes of collective rationality.

Of course what they are saying is not that the collected actions of the many are in fact irrational but that people choose things that they did not desire. This is a typical political fallacy that is designed to appear scientific. Many economists make very poor scientists.

This is of course rational and itself. For when we see government favoring Keynesian aligned big government economics and rewarding those who support the idea of big government we also see incentives given by government to those who promote big government. So the individual behavior of these rational economists is to support in irrational policy itself. It is of course rational to support a biased policy when you gain from it at the expense of others.
What could be termed irrational is a libertarian policy that exists with little support and certainly none from government. As a libertarian one has to fight harder and do more. But here it again comes to what is a subjective value. When comparing rationality we need to look at the values of the individual. In my case my greatest value is freedom and that cannot be given through big government and subjugation. In this case economic constraints and an acceptance of lower benefits comes at the cost of upholding one's values.
One further part of this rant is that we need to start excepting that it is not irrational to hold one's values. In fact the only rational choice is to uphold one's values. In this we start to see where one's values lie.

What is trust anyway?

2013-05-22T12:20:00.001+10:00

Ongoing education

In a typically Keynesian short-term policy the Australian government has implemented a plan to cut educational programs[1]. In this latest shortsighted plan the government has announced that it will be proceeding with a plan to cap all tax deductions for self-education expenses to only $2000 per annum. The idea is that by reducing deductions the government will be able to maintain a steady rate of income while still having people engage in further education. The idea is that those who are planning to undertake degrees or other further education will continue to do so at an equal rate regardless of the tax implications.

The flaw in this line of thinking was demonstrated by Frédéric Bastiat in his 1850 essay, "That which is seen and that which is unseen" and has come to be known as the parable of the broken window.

Here we see that which is seen in the government's policy. We see that people engage in further education and use a tax deduction to help fund this endeavor. The government has not looked beyond the short-term in their strategy. They make the assumption that educational levels will remain the same even as the effective cost of education rises. They're problems here as well. The cost to the user a further education is the net cost after the deduction has been made.

A student engaged in a part-time Masters degree such as a MBA or one of the various Masters degrees in applied information technology that are offered will generally pay between $6,000 to $10,000 per annum in fees with between $2,000 and $6,000 in textbooks and other supplementary material. At present all of this is deductible meaning that the average postgraduate student working while studying part-time can gain around one third of this expense back.

As such, the total cost of a Masters degree to the student comes to between $16,000 and $32,000. After the government’s policy takes effect the actual cost to the student will be in the range of $23,000 and $47,000. This makes the cost of doing Masters level education in a technical field between $7,000 and $15,000 more expensive. This is clearly an imposition of additional costs against people who many times already struggling to justify taking further education.

People do generally see this aspect of the policy and justify it by stating how those doing these degrees will earn more money. There are several problems with this argument as well. A well-known basis of the economy is supply and demand. As the cost of the product is altered the demand for it decreases. Here we are increasing the cost of education. The natural consequence of this increase is a decrease in the demand for education. In the flow on effect from increasing the cost of educating our nation we have in fact lower the number of people who will take degrees because the marginal benefits obtained will be decreased.

A key factor of all of this which has been neglected is that universities are predominately government-funded in Australia. However, postgraduate studies such as MBA programs and technology programs are only partially funded or in some instances actually run as profit centers the other parts of the university. When a student undertakes postgraduate education and university they are already paying the government. In not allowing the tax deductibility for education the government has in effect implemented regime of double taxing.

If we start looking at the broken window effect and the results that come from this policy we see that the government actually reduces the amount it will collect from taxes in the long run.

In reducing the demand for university courses the government is in effect changing the economic outcome they seek to promote. The unseen effects of capping taxable expenses start with the fact that fewer students will be paying for existing university costs many of which go to fund undergraduate courses. This then results in fewer undergraduate courses and not just a lower uptake of postgraduate courses.

This is not just a slippery slope argument but one that comes from the rational analysis of the unseen effects. Reducing demand for university courses results in fewer people taking courses within a university. Fewer students mean less income. A lower income means that the government needs to provide a greater level of funding to universities. The perverse effect of attempting to collect more money from the reduction of educational expenses that can be claimed is that the government actually needs to spend more to maintain the existing level of courses being offered.

What about trust?

The real difficulty comes in courses such as information technology and management technology. An executive MBA in information systems or a more technical information technology degree require up-to-date knowledge. A career in these fields does not end when one has gained a qualification. Education is an ongoing requirement in information technology.

This is particularly true when it comes to risk and security. They have been numerous security incidents in the press over the last couple years. Our own government, the same one cutting educational allowances has been touting the need to train information security professionals. In fact it has been argued that one of the primary needs that is not being met within the Australian economy is the provision of security and risk professionals in information technology.

For the online economy to grow we need to be able to trust the underlying systems. To do this we need trained professionals who understand risk and can help defend against cyber crime and cyber terror. This is a dynamic field which changes on a daily basis. New attacks a new defenses offer a consistently moving target that requires the information security professional to update their skills on a regular basis.

At the same time that we are calling for more trained security professionals and more places in universities we are increasing the cost and hence driving potential students away from this field of study. Information risk is a field that requires constant training. Not only do the software and hardware platforms change on a regular basis but so do the attacks against our systems. In the past decade we have moved from Windows 2000 to Windows XP to Windows Vista to Windows 7 and now Windows 8. At the same time we've seen a move from desktop systems to cloud-based infrastructure and mobile tablet applications.

To maintain skills within this field requires constant reeducation learning. To attract new people into this field and to maintain those who already here means that we should incentivize people to want to be a part of the solution. In making education more expensive we drive people away from educationally expensive occupations such as information technology, medicine, science, engineering, and all of the things that drive a modern economy.

If we want to create a vibrant and innovative economy, we need to be able to trust the infrastructure that it is based on. To do this, we need to allow those in this economy to develop the skills they need.

What is occurring overseas

In the United States, the need for a consolidated program designed to teach cyber security is well publicized[2]. To achieve this end information security practitioners need to be involved in constant education and adult learning programs. Like many other professions, information security is a dynamic field that changes from month to month and a failure to maintain the necessary skills moves the advantage to the criminal. Without a secure and trusted base as a foundation for electronic commerce Australia does not have the future. This is a message that is clearly been missed by the Australian government.

The economy is founded on trust in the electronic economy requires the implementation of acceptable security levels that are designed to minimize risk in order to function. This is not a static playing field. In game theory we would call it a predator prey model. It evolves over time with the cyber criminals becoming better at what they do and thus requiring consistent incremental improvements in the amount of security delivered by businesses. This risk function becomes affordable when there are sufficient numbers of trained professionals. That is, the supply of educated security professionals is sufficient to meet the need.

When the cost of education goes up the amount that professionals in this field earn decreases. This is a rational decision. Security professionals remain security professionals because they earn an adequate level of income. That income is not the pretax amount that the amount that they take home and can actually spend.

The Australian position[3] seems to be one aimed at protecting school children and little more.

The current policy is certainly one that has been designed with short-term thinking in mind. It is a set of policies that are designed to collect revenue in the short term at the expense of growth and capital development. So while we have acknowledged need to implement effective risk practices and secure our commercial systems, it is government policy to undermine the very foundation that this desire is built upon. It is government policy to make it more difficult and more costly for both individuals and businesses to engage an employee risk professionals.

Information technology in general is not an economic ill that needs to be punished as the government seems to believe in the implementation of the current policy strategies. In fact, we should be promoting applied education and not seeking to tax it more. It only when we incentivize correctly that we have good outcomes. In punishing those wanting to learn the government has created a policy platform designed to move Australia from being the clever country to a has been.

Rise in cyber attacks in Australia

Is only weeks ago that the Sydney morning Herald[4] reported on the rise in cyber attacks against Australian companies and the need for increased vigilance. This followed the 2012 Cyber Crime and Security Survey Report, commissioned by national computer emergency response team CERT Australia and conducted by the University of Canberra which stated the need for increased training and the announcement in January this year where Prime Minister Julia Gillard announced that CERT Australia would soon be part of a new Australian Cyber Security Centre, which aims to develop a comprehensive understanding of cyber threats facing the nation.

Australia may be on the offensive in creating a cyber threat tracking Center but at the same time we have decided to make education more expensive and reduce the supply of qualified security professionals to industry. It is astounding how government can state the need to increase education in cyber security whilst simultaneously reducing the number of future qualified professionals through taxation policy.

So, although the Commonwealth government has vowed to combat cyber crime[5] the actual policy they are implementing is one where fewer professionals will be available to do this.

"We are in a period of consolidation and we need to get the most value out of every dollar expended," Ms Gillard said.

Yet at the same time we going to reduce the number of dollars available. Instead of incentivizing people towards effective means, we have removed the incentives in a petty grab for short-term political gain at the cost and expense of the economic growth of this country. At the same time that the government is giving lip service to the need to implement security controls and acknowledged the marked increase in criminal activity against our online economy they have removed any incentive for people to engage in this activity.

Cyber crime cost the Australian economy between $1.5 and $2 billion in the 2011/2012 tax year. Yet the answer to this is a decision to disincentivize professionals who may wish to enter or stay in this field. What we are in fact seeing are the increases in incentives to move away from Australia to other economies that actually want educated people. The current 25-28% yearly increase in cyber attacks will only increase further as we take funding away from this profession.

Number of cyber security experts that Australia will be needed by 2015

The Federal Government spent a little under $500 million on cyber security in 2011-12. A large percentage of this going to the ongoing education and training of individuals. The majority of this money was spent on people working in this area. Maybe we can see this as a drive to centralize further taking security professionals away from industry in making them part of government in an expanded public service. This of course increases the cost to the economy while also increasing government spending. Worst of all, it does nothing to make business more secure.

It has been estimated that India would require about 500000 cyber security experts by 2015[6]. At the same time it is been estimated that we will require at least 20,000 more trained risk and security professionals by 2015 in Australia if we are to maintain a robust trusted online economy. This figure is expected to exceed a need to train 50,000 additional personnel before 2020. These figures of course based on CERT and government estimates in predominately focus on government needs so the actual figure is likely to be far higher.

Unlike counties such as India, USA, and UK, The Australian government has no strategy to compact the threat

Whilst we give lip service to information security needs, the Australian government has a policy of promoting the need that removing the incentives. Any economist will tell you that this is a strategy that cannot work. At the same time the government acknowledges the growth in cyber attacks and the need to train people both inside the government as well as in business it has increased the cost of maintaining the required levels of education for those in this field. The results of such a policy is simple and easy to understand. If we reduce the benefits we reduce the incentives.

People do not decide to work in a difficult job that requires long hours unless they are rewarded for their efforts. The government policy of telling us we should do this out of the goodness of our hearts does not work.

At a time when we desperately need to develop more cyber security expertise, the Government has capped self-education expanse claims at $2K

A strategy of deincentivizing people in making education more expensive is a strategy designed to destroy an industry. We have to ask at this point whether the government is intentionally attacking the economy or if they think we're too stupid to notice. Maybe this is the desire in making education more expensive. A land of sheep that does not complain is the only outcome in a land where education is penalized.

Australia is already a prime target for cyber terrorist because of we have a growing online economy and the lack of foresight by the government will ensure we become more of target

In research (Wright, 2011) published in 2012[7] it was demonstrated how cyber criminals think and act rationally.

In increasing the chances of being caught or making an attack more difficult the cyber criminal earns less. The economic incentive provided through having more vulnerable networks that have not been secured by adequately trained individuals means that more cyber attacks will occur.

We can see from this that the government has incentivized criminals at the cost of the economy. In typical short-term thinking the government has sacrificed the future of the country for political gains. Education is a long-term investment unfortunately politics is not.

Criminals may be rational but it seems that the political system is formed through irrationality. Instead of thinking through the consequences of decisions the government has chosen to act without thinking. This of itself shows the need for education.

References

Wright, C. S. (2011). Criminal Specialization as a corollary of Rational Choice. Paper presented at the ICBIFE, HK, China.

[1] http://www.smartcompany.com.au/economy/055542-budget-2013-deductions-for-self-education-expenses-to-be-capped-at-just-2000.html

[2] http://www.dhs.gov/shaping-future-cybersecurity-education-and-workforce-development

[3] http://www.dbcde.gov.au/online_safety_and_security/cyber_security

[4] http://www.smh.com.au/it-pro/security-it/rise-in-cyber-attacks-on-australian-businesses-20130218-2em94.html

[5] http://www.abc.net.au/news/2013-01-23/gillard-national-security-strategy/4480448

[6] http://www.rediff.com/business/slide-show/slide-show-1-tech-universities-to-arm-india-to-fight-cyber-attacks/20130509.htm#1

[7] http://ebooks.asmedigitalcollection.asme.org/content.aspx?bookid=408&sectionid=38787998

Finding Graphite

2013-05-20T19:37:00.001+10:00

In the making of a pencil we have many different ingredients to consider, but the first of these we all know is the mainstay of the “lead” used in the item. This is not actually lead, but a graphite mix. I will cover other ingredients (such as the clay) in later posts.

The properties of graphite are listed below.

Hardness	Associated Minerals	Streak	Colour	characteristics	Luster	Field Indicators
1 - 2	quartz calcite micas iron meteorites tourmalines	black gray to brown/ gray	black, silver	thin flakes are flexible but inelastic, mineral can leave black marks on hands and paper, weakly conducts electricity	metallic to dull	softness, luster, density and streak.

For our exercise, the quality of the graphite is not so important. It is a common mineral, but one that is not found in quantity as a good pure source. This does not stop us finding it, but can make processing more difficult. For instance, graphite can be found in quartz. This is not uncommon, but quartz is an extremely hard mineral and mining graphite from a quartz deposit would be extremely hard work.

Lucky for us, graphite floats in water. So even if we have a deposit in another material (and we hope not one as hard as quartz) we can pound the mix into a powder and the graphite will float on water (were most other materials will sink).

But where do we find it?

If we are seeking a graphite deposit, we need to start looking for large deposits of felspar, mica, quartz, pyroxene, rutile, pyrites, and apatite. These minerals are commonly found with graphite. For our pencil we do not care to much about the quality and amorphous graphite will suffice. This is found in shale, slate, sandstone, quartz and limestone based rock formations.

I have included a number of images of graphite from http://minerals.net to aid in the determination of a piece of graphite. Graphite is grey to black in tone. Most of the time it has a shiny metal gloss and will smudge easily. If it is graphite, it should feel a little greasy to the touch and is in fact used as a dry lubricant. Molybdenite looks similar to Graphite but is heavier. The easy test is that this does not smudge as Graphite does.

GRAPHITE PHOTOS

Furthermore, graphite will make a mark on paper. In determining whether a rock happens to be graphite, start with a dark grey to black rock you have found in a limestone or shale area (and others as noted above) . Try and scratch it with your fingernail. Graphite is soft and will scratch easily.

For those of use who are close to a limestone cliff it is not too difficult to find graphite. It takes time and you need to mine into the rock, but at least limestone is nowhere near as hard as quartz.

With a good hammer and pick (which we have to make another time) we should be able to find a suitable quantity of graphite for one pencil in only 8 cubic meters of mined limestone. The main reason for this (even though we have more than enough for a single pencil is to account for the chance of finding a suitable deposit as well as having a large enough deposit to actually process).

The rate at which one mines will vary based on the strength of the person, the tools and the difficulty posed in the ground itself. In my case, I am a large 6’ male with good upper body strength. I needed to repair the picks at the end of this exercise but did complete 12 cubic meters of excavation. The blisters account for the exercise and it is not one I plan again.

This is basically a pit 2 meters in each direction. This was a 12 day exercise (and replaced going to gym and boot camp for a couple weeks of vacation). I cannot say I am far from the best miner but I am am also far from the worst. The main part to remember is that we are trying to find graphite deposits and as such the rock needs to be pounded rather finely.

Once we have sorted the deposits with some graphite (or at least a black substance in the limestone) we can pound and grind it to a powder. This is cast into water and left to settle for a few nights. The graphite will remain on the top floating as a the limestone sinks.

So, for two (2) weeks work and a total of 124.5 hours effort I was able to gain 328grams of low grade fine graphite powder. As a pencil generally contains between 1.001 - 1.067 gram of graphite we have a sufficient amount of graphite for just under 300 pencils in 124.5 hours of work. So far, in just extracting one raw material (without accounting for the wear on the tools we had to make) we have spent far more than we could have through trade.

In our exercise we will not measure cost and value in money. We will do this in time. This process will cover the finding, the extraction and even the tool making. In this, we are lucky to assume the knowledge is all available (as it is for us in the age of simple access to information). Just think how difficult and more time consuming this would have been if it was done using a library.

We also have the luxury of having food and shelter. Imagine if you also had to make and maintain a shelter and find food at the same time you have been looking for a suitable deposit of rocks.

I was lucky in this. I had a property where I could do this excavation with only a 1.2 km walk each morning whilst carrying 24-30 kg of tools. Not all areas are in metamorphic deposits and this would have been more difficult if I needed to walk further afield or to have mined in quartz.

Graphite time measurement – 0.415 hours per pencil

We will continue to investigate another part of the process next time. Just remember how amazingly complex a modern economy really is each time you look at a pencil and try to think what it takes to make a computer.

References:

Chesterman, Charles W. (1997) National Audubon Society Field Guide to North American Rocks and Minerals. Chanticleer Press, New York.
Klein, Cornelis & Hurlbut, Cornelius (1993) Manual of Mineralogy. John Wiley & Sons, New York.

The dumb country

2013-05-15T08:29:00.001+10:00

The Australian government hates people like me. Educated ones.

They love to say we are the smart country, but no longer. The Commonwealth government has capped the educational expenses at $2,000 per annum that can be deducted.

This means that anyone doing an MBA, a PhD or some other form of education whist working has to have to full tax costs associated with their education. The end result will be less education. We can expect fewer scientists, fewer people doing post grad studies and a general decline in the standard of living in the country.

You can argue that there is a cost and this is skewed. For instance, I spent and claimed $56,000 in educational expenses last tax year for the two degrees I was undertaking (my second PhD and a Masters). What you would be missing is that I could do this study without the structure. In having a doctorate, you learn how to research. I just like to have the structure of the University.

Next, I am actually paying the University that money. As the University IS a government institution, the amounts I am paying to do a full fee course are actually going to the federal government. In effect, taxing one such as myself who has done a working post graduate degree is double taxation.

The end result and the unintended consequences of this will be a lowered uptake of education. Then, less educated people are easier to control…

For more, see:

http://www.smartcompany.com.au/tax/055096-business-protest-capping-self-education-expenses-at-2000.html

On Trust and Risk

2013-05-14T15:29:00.001+10:00

Security matters, but not so we can eliminate all risk, but so we can have trust. Even if we could eliminate nearly all risk (we cannot ever remove risk entirely) we would have to ask whether it was worth it to do so.

Risk IS quantifiable.

This is a statement like many others that is true, not always in the ways we assume, but it is true none the less.

We can always measure risk. This does not make a difference what field you are referring to, risk is a quantifiable metric.

The problem is not if we can measure risk, but how and with what results. These results come to:

reliability,
precision, and
accuracy.

These are not the same, but each has a bearing on how well we report on risk. The first of these, reliability comes down to whether we can repeat the same results again when we do an experiment. It refers to an ability to have either or both precision and/or accuracy stay within predictable bounds.

Precision is how true we are to the mark each time we make a risk measurement. This is, how close to the real value we lie and in effect it comes to the level of variance we have. We can actually be imprecise with the mean value right on the bulls-eye and results that have a large variance or spread. This would be centered on the expected mean on average but with results that vary widely.

Accuracy is how close we are to the mean or other value we see as the measure of risk. We can say it is a measure of how close we are to the bulls-eye.

To have a good measure of risk, we need to aim for both precision as well as accuracy. It is also important t5hat we can reliably have a measurement that we can have others examine and produce.

Qualitative measures of risk.

There are always people who will tell you that risk cannot be measured. What they are really saying in effect is that risk cannot be measured using a scientific process and is an art.

There are reasons that people hold these views. Some have the idea that metrics are not possible and that only skilled people can create a metric. The flaw in this argument is that this is a form of metric and it is one that can be measured and tested. When we look at the results of how risk comes out over time, we see that the art based approach does not work well.

In science, we make predictions and the ultimate test of these predictions is the result that the real world delivers over time.

Risk can be measured. In doing so, we hold those making predictions to account. We can start to measure the actual predictions made. Is a system secure, well time does tell and in checking the “predictions” of risk and security people against time we can make measurements.

In making models, we also see how well we model a system and the feedback from inaccuracy and imprecision allows us to improve over time.

Next time somebody states to you that risk cannot be measured, remember it is. Think instead what they are telling you is that they do not want to have their ability tested in case they come up short.

Are the poor exploited?

2013-05-12T08:51:00.001+10:00

In 2012, the US trade with Sub-Saharan Africa (SSA) came to a total of $48 billion [1] as a combination of both imports and export to the nations. This was mostly in the form of machinery and other capital equipment that could (if increased) help the African people develop. The trade with Africa accounts for a little less than 1.4% of the overall US trade to the world.

We see this in the figure below.

Notice, for all of the resources in Africa, they are insignificant and if all trade to SSA stopped overnight (incl. South Africa), the US would hardly notice it.

Overall, in 2012, the US GDP was $14.99 Trillion . Of this, only a small amount comes through trade with “poor” countries. This is the issue, a lack of trade and not exploitation.

Overall, the GDP from Africa as a whole (incl. the oil nations and South Africa) is tiny when compared to the USA. We see this below.

The entire African continent does less than the US. Not as we have seen through trade based exploitation, there is not enough trade, but through a lack of markets.

Next time you hear that the poor are exploited, know that it is through their own leaders and failed political systems and not through trade. It is trade that could help them no longer be poor.

GDP is not the best measure of trade and growth for a number of reasons I will not address here, but it is sufficient.

[1] http://www.agoa.gov/build/groups/public/@agoa_main/documents/webcontent/agoa_main_003964.pdf

Models and Science

2013-05-10T14:09:00.001+10:00

We love to make simplified models. We still use Newtonian models and there is reason. They work most of the time. Even these fall over and we cannot calculate a generalised three body problem of gravitational attraction as put forth by Newton now. If we tried this using Relativistic equations, well we do not have the computational power with all the computer systems on earth and a few lifespans to do that.

Back in 1887, mathematicians Ernst Bruns and Henri Poincaré demonstrated an elegant generalised system that offered proof showing that there is no general analytical solution for the three-body problem when defined using by algebraic expressions and integrals. This does not say that one could not exist, but that it cannot be completed using the mathematics we have at our disposal.

In this, they demonstrated that the motion of three bodies is generally non-repeating, except in special cases. Right now (and as last I know of) we have a total of 16 specific solutions to the three-body problem. The last 13 of these only in the last year (http://arxiv.org/abs/1303.0181).

These are great and have a wonderful purpose, but we need to remember the world is bigger and more complex than we can understand.

Models are just that. When we lose sight of this, we start to lose sight of what we can achieve.

Many models of reality are based on Euclidian space (geometry). The Friedmann–Lemaître–Robertson–Walker metric is an exact solution of Einstein's field equations of general relativity. From it and the general relativistic formula, we find that space is only approximately flat. A good approximation for most purposes, but flat it is not. To really model the world, we have to start with CAT(k) spaces, Hadamard spaces, and constructs such as Hilbert spaces in the Quantum mechanical world.

For the most part, the error rate is small and the calculation cost is such that we use a classical model. This does start to fail in modern applications. For example, the time system on the GPS we need to us a relativistic calculation as the time difference experienced is significantly affected by the differential velocity of the Earth to the satellite. The result would be a large error that continued to grow with the use of a classical model.

Science is all about models. We like to believe we can know it all, but this is most like something that will always lie outside our grasp.

For more on Hilbert Space see:

http://www.math.kun.nl/~landsman/HSQM2006.pdf

http://econ.la.psu.edu/~hbierens/HILBERT.PDF

...

Making a pencil

2013-05-08T14:03:00.001+10:00

Back in 2007 I talked to Tim Taylor of McAlester. I wrote to him at the time on my plans to make a pencil. At that time I wrote:

I have been told that you have a lecture where you state that there is a high likelihood that there is no person who could make a pencil from scratch.

I would like to put myself forward as the exception for you. I have been called an academic junkie, but I have studied all that is required to do this and also other skills. I learnt how to make charcoal using a medieval clay burner last year. I learnt iron smelting and blacksmithing over a decade ago. Woodwork is a hobby. I have qualifications in Organic Chemistry – so the rubber is easy.

Although I agree that this is not generally useful knowledge, it does help drive home the point of where we are and what society (and yes the economy) really means.

I could have a pencil produced in under 6 months from start to finish if I dedicated my time and was in an iron or bronze rich area. At my current rate it is unlikely that anyone would pay me my current rate, but I do believe that I could manufacture from scratch at least 8000 pencils pa continuously from the point of being setup after 9-12 months – assuming somebody else takes care of food.

I do understand that I will still not make my own pencils however, not only is the quality poor, but the cost is excessive.

I was wrong at that point in thinking I could have completed a pencil and gained the knowledge in something so simple in only six more months (and with my existing knowledge built over a decade). I was not wrong in being able to make a pencil from scratch.

In learning this, I have learnt to smith, to make tools and smelt and many arts that have been neglected by many people.

I have grown my own understanding of many topics and at the root it is other technologies that have allowed me to comprehend a simple item such as a humble pencil.

Tim had stated at the time in an early email:

Thanks for your charming note. The pencil example is from a famous (to teachers of economics) essay written back in 1958. If you want to check it out, it's available on the web at <http://www.econlib.org/LIBRARY/Essays/rdPncl1.html>.

When I'm citing the noone-can-make-a-pencil example in a classroom context, I sometimes(but not always) say: "OK, there's probably someone who can prove me wrong out there -- some professor of metallurgy or chemistry who has an offbeat set of personal hobbies." But in roughly 20 years of using this example, you are the first one to call me on it! When I next use the example, I'll have to be sure to add that I've heard from one person who can do it. This will lead naturally into the next major subject of the introductory class, which is comparative advantage, and why it wouldn't make economic sense for you to do it. So you see, for a teacher, everything is grist for the mill.

At that point I could make a pencil, but not from first principles. This required learning all of the following skills to an adept level:

carpentry,
forestry
geology
mining
mineral processing
black smiting (and I am no artist)
Coking
Making bricks
Steel work
and so many things it is not funny. Wait to see the publication.

I ended up doing the standard HB composition.

Graphite 68%-wt, Clay 26%-wt, Wax 5%-wt

My beneficiation process is extremely rudimentary but it does work. Making a screen is not a simple process in itself and is one that modern methods can easily improve on the efforts of one person.

I started with a "Gesner pencil" and slowly gained the level of skill to progress to the Nicholas-Jacques Conte version. In this, the speed of discovery has been amplified and made less expensive through the growth of the Internet. YouTube has a remarkable number of How-Too videos that have accelerated this process and changed the dynamics of the exercise.

I also needed to use other resources. Mixing graphite in a kiln sounds easy, and as my ex-wife had a kiln for pottery, it was. Making a kiln was a separate exercise. Moving from an electric kiln to a Raku pottery kiln I make myself was a large step. Even here I cheated. I made Forty three bricks before I decided to use the other hundred or so from a commercial maker. If I had to make all the bricks I would have needed more time and effort.

Ritter, Steve (October 15, 2001). "Pencils & Pencil Lead". American Chemical Society.

Ritter’s paper was essential to this exercise. It started the process of discovery. The part I have not replicated in a natural manner and could not is the sourcing of the knowledge, something like the pencil we take for granted. I have never met Steve Ritter, but owe a debt of gratitude to him and hundreds of people posting on blogs, webpages and lastly via video on YouTube.

Tight now, I am starting to write this on a computer connected to the Internet. The pencil was something I could copy. A piece of 18th century technology. What I could not ever hope to do is to replicate all the knowledge required for a pencil in a single life span without the aid of technology.

So, even now we have something more to add to the process.

I am writing this process up now. I have spent a little over 12 years researching pencils and once I have finished the publication, I shall put them to rest.

Radical Abundance: How a Revolution in Nanotechnology Will Change Civilization...

2013-05-07T16:38:00.001+10:00

Radical Abundance: How a Revolution in Nanotechnology Will Change Civilization...

Or the author has lost the plot.

I was told to read this book by Philippe van Nedervelde. It would show me the error in my ways in believing in scarcity. The author, K. Eric Drexler has not really come a long way from his 1986 book. He has changed some terms and added the information revolution.

He is right in somethings. The technology he speaks of is around a corner, but not one as close as he proposes. Just as it was not in the book of the 80's where we should all be in abundance. He is again wrong for the same reasons.

One area is an assumption of wants and needs based on today's systems. We know of many materials that will remain expensive. The introduction of the techniques in the book will change society, but they will not remove scarcity.

First, we have to remember that the elements that make many of the items the author talks of will become more and not less scarce. Even common elements such as lithium will become more in demand. Far more than they are now as we move to more advanced materials. This is an increased scarcity, not a removal of economics, a need for more price controls through a market.

Next, we have a remarkable range of new materials. Even assembled on the nano scale, these will not all be manufactured quickly. There will be both time and material limits in the creation of new good.

The author even states how we will progress to control the unknown and unpredictable. He does make a large unscientific flaw here that many now in big data do, he has confused correlation with causation. We remain a long way to understanding the cause of many relationships and the "solutions" are not ones that provide a causal effect.

In adding these technologies, we need to also consider that lower costs in currently difficult to create products will make these mainstream, but at a cost. It will also allow expensive materials. But it will not remove scarcity.

I have more to read, I am just on Chapter 8. But I do not see much better coming from the author.

So far, it is an updated and still wrong version of his work from the 80's. If you take it as a list of great new technology and forget the silly biases and failure to see that new technology brings new challenges, it is ok. But I would not spend money on it (though I did).

On consensus.

2013-05-06T10:15:00.001+10:00

I hear a lot about consensus these days.

I am told that “climate science” is “solved” as we have a consensus. I am told that science is about consensus.

Well, consensus has nothing to do with truth. One hundred people who believe a lie do not make the results of a single experiment different. Many people together do not make truth.

For example. Last year I set a question that was particularly difficult. It went to university review. 80% of the students got this question wrong, but they mostly got it wrong in the same way. This is, 70% of the class came up the the same wrong answer. So, the question was reviewed. It was difficult, but the class did choose incorrectly.

That is consensus. The class was in consensus. They saw the question as solved even though the answer was right.

Science is not about consensus. It is about empirical evidence and proof.

To quote:

[The hallmark of empirical progress is not trivial verifications: Popper is right that there are millions of them. It is no success for Newtonian theory that stones, when dropped, fall towards the earth, no matter how often this is repeated. But, ] so-called 'refutations' are not the hallmark of empirical failure, as Popper has preached, since all programmes grow in a permanent ocean of anomalies. What really counts are dramatic, unexpected, stunning predictions: a few of them are enough to tilt the balance; where theory lags behind the facts, we are dealing with miserable degenerating research programmes.

Climate science or climate magic?

2013-05-05T11:40:00.001+10:00

In the pseudo-science of climate change theories are fabricated only in order to accommodate known facts.

To be a science, we need to be able to create models that predicted a something new. In climate, this would be to determine the weather, sea temperature and other aspects of climate 10 or even 20 years in advance based on a set of input variables. Right now, we cannot do this and have no clear part to be able to do so.

Climate pseudo-science has in its course of flip flopping models generated many eminently futile prophecies, yet we are still to see a model that makes an accurate prediction. In the 1970’s, it predicted the coming ice age. In the 90’s the global sea level rise of the 2010 era. The pseudo-science camp has been vocal, bold and stunning, but ultimately, they have miscarried any attempt to create a model that has actually worked.

There is one certainty we have with the climate. It changes. We know this as we live in a world where climate has changed from ice ages to heat waves, and all without the help of humanity.

To be a science, climate pseudo-science needs to make a mart in the sand. To make a model and predict, not the past, but the future.

No science…

2013-05-05T08:29:00.001+10:00

Some reading a couple people here need... There is a vast distinction between science and the so called mysticism that some people ascribe to the pseudo science that has continued into this modern time.

"so-called 'refutations' are not the hallmark of empirical failure, as Popper has preached, since all programmes grow in a permanent ocean of anomalies. What really counts are dramatic, unexpected, stunning predictions: a few of them are enough to tilt the balance; where theory lags behind the facts, we are dealing with miserable degenerating research programmes." [1]

Science predicts and can be tested. To have science, you do not speculate, you set up a path to test a hypothesis and you gather evidence to support or refute it, but it is never proven. All that occurs is that we create better models of the Universe.

Newton was not "wrong". Even now, his theory of gravity is used for many calculations over Relativity even though we know that Relativity is a better and more accurate model.

Why?

The Newtonian calculations are simpler. Even though we can obtain more accurate results when using the Relativistic Newtonian formula, the Newtonian one suffices for many things. We only need to use the more accurate (and more difficult) equations when it is warranted. For instance, in satellite deployment the time drift from the velocity differential is sufficient to make vast errors in the GPS system. These need to be calculated relativistically. That stated, all we use to place a man on the moon is Newtonian calculations.

More, we often choose to use the lower grade older model as it IS better. We know that Newton was approximately correct and that Einstein was closer to the truth, but we cannot always measure the accuracy to a sufficient level to warrant the changes. Sometimes, we cannot calculate all the variables in the model we know to represent the best model of truth as we know it and the only option is to use the older model.

Science is a process of modelling the "truth". This is not who made the Universe. It is not is there something "before" time [2]. It is reality as we perceive it. Kurt Gödel in 1931 with his incompleteness theorems demonstrated mathematically that only the simplest of arithmetic calculations can be complete.

Science is a model of the world. We create better models over time, and we replace some models and keep others with reminders of their inconsistencies even know we know they are not "true". The reason comes when they offer a solution.

Science is an incomplete model. We do not solve it and we cannot make a hypothesis scientifically about things we cannot test.

What it does offer is a means to see through mysticism and pseudo science.

Formally, Gödel's theorem states, "To every -consistent recursive class offormulas, there correspond recursive class-signs such that neither ( Gen ) nor Neg( Gen ) belongs to Flg(), where is the free variable of " (Gödel 1931).

[1]. http://www2.lse.ac.uk/philosophy/about/lakatos/scienceandpseudosciencetranscript.aspx
[2]. By definition there can be no "before" to the start of the Universe as time is a function of the Universe. It there is a prior to the universe and something that we have "derived" from - it is not a function of time per se.
[3]. http://www.amazon.com/Incompleteness-Proof-Paradox-Godel-Discoveries/dp/0393327604

For the CSG opposition

2013-05-03T15:57:00.001+10:00

You do realize that…

Dairy cattle produce around 450 L of methane per day [1]. In a standard farm, the quantities of methane, the main CSG gas at issue. A darling downs dairy farm can have up to 10,000 cattle. For the most part, smaller farms have 500-1,000 head. A standard is generally keep 2 livestock units/ ha (conservative with some managing 2.5 lu/ha).

We will look at a 1,000 head. In a standard operation, there is a concentrated 450,000L of methane produced in dairy farming a day. This is concentrated at the milking shed.

There is generally fewer than one well for each of several farms of this size. For this exercise, we will just review the single one with a well against that farm. This is the worst case scenario and hence the one most likely to be used in argument.

Taking the high values (which are uneconomical, unsustainable and not supported) of leakage, we have a figure in the order of 75,000L/Yr loss from a well based on standard figures of production rates. Although this figure is high and could be termed a cause for alarm by those opposing CSG, it is in itself on the high estimate of reality in a situation where a complete loss of pipe integrity occurs.

Extrapolated, the CSG production accounts for 0.046% of the methane produced in a 1,000 head dairy farm.

So, if CSG gas is an issue from gas leakage, then we have to remember that cows actually do more damage and are less safe. In fact, the cattle are resulting in 21.93 times more release of the so called toxic substances.

The simple answer is property rights. Yes, some people are silly and will stop you using the land. Others who are not so risk adverse (and foolish) will take the money and allow mining.

The answer, property rights should be supported and we all win.

[1] http://www.ncbi.nlm.nih.gov/pubmed/8567486

[2] http://www.aplng.com.au/pdf/factsheets/Coal_seam_gas_production_and_the_Great_Artestian_Basin.pdf

Today's manifesto...

2013-05-02T16:36:00.001+10:00

I AM going to innovate and CREATE like it or not.

I will produce.

I do not care that you are afraid of change, that you fear new things and that you see a future that you cannot understand as bad.

I will make a solution to problems you have not even thought of and I will do it without YOUR or any state's permission! I will create things that make your ideas fail as I will not refuse to stop producing. I will not live off or accept welfare and I will not offer you violence. You will have to use violence against me to make me stop however.

I will create and make the world better whether or not you try and stop me and those like me.

I am producer. I build, I create and I trade. I do not take handouts. I do not beg. I learn, I contract and I do all I can to better the society I am in.

I am producer. I bare the weight of society and create the wealth that all others live on. I am not equal, for nobody is. I know I will never be as good as others in all things, I know I cannot beat other's in all things, but I also know I can do something others cannot. That is my specialty, whatever this is and it will change month to month, year to year as all around me changes forcing me to work!

I am producer, the only alternative is parasitic and I will not accept this.

Dave Kleiman

2013-04-30T07:28:00.001+10:00

Last night a good friend of mine passed away. He is a friend to many people.
Dave Kleiman was more than a friend. For the last decade or so we've sparred verbally as friends about many topics in security and digital forensics. Dave tempered many of my wacky ideas and provided the grounding to make them come to fruition.
We did many things that people would consider out there. It was with Dave that I took an electron microscope and tested the theory of whether you could recover data from an overwritten hard drive. This was long and time-consuming project that ate 18 months of my life. It was Dave’s support that allowed me to finish it. Dave was my sounding board and in some ways my muse. Whenever I became stuck Dave would help me step through the issues until we came up with a solution.
Dave was my person on the ground for DoD research contracts.
Dave shared many of my secrets and I some of his. He knew me better than most people, better than nearly any other.
Mostly and most importantly Dave was my friend.
When I thought that my cancer had come back it was Dave who offered me strength. When my marriage broke down, it was Dave who offered a shoulder. Dave and I are a long way apart physically but I was always close to him and he always had a part of my heart.
It was Dave's Vistomail account that allowed me to start some of my more radical ideas. We helped fund long-distance communications with our talks that would go for hours. We discussed anonymity and ways to both forensically recover data as well as means to ensure non-recovery.
The world was a better place with Dave in it. Every time I came back injured I remember Dave's strength. Dave was a remarkable man. Whenever I was in pain I would think of him. There are few people who would hop out of their wheelchair , board a plane and skydive. That was the type of man Dave was.
He was a man. He was a Vet and knew what it means to serve.
Dave was strong, Dave is resilient and Dave had a large heart. In the decade and a half I've known Dave I've come to love him.
Anyone who knew Dave, knew a friend.
Dave will be sorely missed.

Is Bitcoin volatile?

2013-04-29T14:27:00.001+10:00

Well yes, it is a small new currency right now. But this does not mean that it has no value.

Let us look at Gold and the $US. Not actually Bitcoin, but it is what we see as value like it or not.

We can see the massive drop in value. Some may not understand this, but Gold does have a value more than those who claim all it comes form is being a “goldbug”.

Remember we also have the cash settlement rates to consider.

Or even the rates, taking this makes the dollar seem a little out there.

So, yes, the price and purchase power of Bitcoin varies. There is a mean and a value that can be shown over time, but in this, some actions and the detractors will attack it allowing for arbitrage opportunities.

These attacks on it make opportunities for the supporters and cost the people seeking to devalue it. So, simple answer, it is just as good as the dollar but getting better every day.

Why Bitcoins?

2013-04-28T12:10:00.001+10:00

The question for today is why do we need a fixed supply monetary standard like gold. Gold would be the ideal in some ways excepting that physical quantities of gold can easily be seized by government. This is the reason for Bitcoin. Bitcoin is modeled on a gold-based system and not in interventionist gold a system. It mirrors Murray Rothbard's 100% gold standard but in a manner that is technologically superior and provides the required system for the coming technological changes.

We are entering an era of intellectual property. As I've written previously there will be predominately intellectual property in our economy. The basis of manufacturing and life as we know it will become one based on the transfer of data.

Their are many detractors on gold as a standard. What most of them do agree is that gold remains one of the best forms of currency in international transactions. This remains one of its primary uses.
Again, the difficulty comes from the necessary requirements and moving gold and the ability of sovereign governments to manipulate these movements.

Bitcoin is an ideal international currency transaction medium. It mirrors gold but also alleviates many of the primary issues associated with gold.

The world of the future will be one of hyper globalism. A small scale programmer in Kenya with limited capital resources will be able to compete for market share with the largest international corporations. The only way to do this is to have a decentralized fixed currency system.

This is what Bitcoin is.

Is hording really an issue with bitcoin?

2013-04-27T16:29:00.001+10:00

One of the fundamental arguments posed against Bitcoin is that it is deflationary in nature. The misinformed argument made by many prominent government economists is that this will result in hording. That is, individuals will irrationally stockpile large amounts of bitcoins as a cash balance.

This is a perfectly common but flawed understanding of money. The entire nature of hoarding as a concept is flawed in itself.

One of the early issues becomes clear when you start to investigate why people hold any cash at all. There is no money circulation as many people falsely suppose all there is comes from a transfer of commodities. Money in any form is a commodity subject to supply and demand like any other.

Where money itself differs as a commodity is in its use as an exchange medium.

Holding money is not in itself irrational. In a perfect risk-free world there would be no need to hold any cash balance. If we could predict payments with perfect certainty there would be no need to hold any cash. The argument on hoarding is one I will expand on in coming days. It is analogous to an argument that investing in unused capital of any type is bad. If we take vacant land is an example and compare it to gold we can use the same arguments that are falsely used to justify the concept of hoarding.

So, what exactly happens when an individual holds a wallet of bitcoins and decides not to spend. Once we called the saving but let us look at it from the eyes of those who see hoarding. Have we really stopped the economy? For that matter what is the economy? The simple answer here is that the economy is the sum of human interactions. When we choose to spend money on conspicuous consumption goods now because that aids the economy we are in fact falling prey to a variation of the "broken window fallacy". We are consuming capital and not creating it.

Holding a quantity of bitcoins is no different to an investment in land. Yet we do not run around calling land holders hoarders. In holding our money and saving in what we could call delayed gratification we are in fact guiding society and what we call the economy into delivering goods that we want more. In choosing to wait until a better option is available we have decided to tell the producers that create our economy that they are not delivering the goods we require. That is the difference that these people who say we are hoarding fail to comprehend. We vote with our purchases. We decide the structure of society when we spend our money. In saving our money we have delayed expenditure. This is either due to a risk decision where we want to ensure our future well-being and prosperity or a decision to wait until there is a better option. Neither is hoarding.

If individuals do hold a quantity of bitcoins what is the effect?

Simply put, the quantity of money in the system being used will determine the value of goods. Remember, like all money bitcoins are simply a commodity. The value of a Bitcoin is based on the demand for a Bitcoin. This equates to the purchasing power of each Bitcoin. If an individual hordes their supply as some would term this but people like myself would call saving then the result is that the amount of expenditure will change. Those with a desire for goods now will still purchase goods. The argument that deflation of the currency means that people will hold currency is flawed outside of the notion of investment and savings. An individual can choose to put their money into land in the hope that that land will increase in value over time. There is no difference to maintaining a holding a bitcoins. If we save funds we are putting aside money so that we can consume at a later date or when a better option becomes available.

The argument that hoarding will result fails to take existing reality into account. Right now an individual with excess capital has a choice of spending or investing. This investment can be done in a risk-free rate as it is known in treasury bonds and money is tied up for a period of time. Individuals are not interested in the amount of money they have. That is a common flaw. They are interested in the purchasing power that they maintain. The amount of Bitcoin in the market will determine the exchange value of those bitcoins and hence the purchasing power.

Having the ability to print more bitcoins does not create wealth.

As we've seen, the government's ability to print money also does not create wealth. The amount of money may change but all this does is change the distribution of goods. Increasing a perception of risk in society results in a different distribution of capital. The uncertainty associated with financial markets is the problem. People should be saving and people should engage in delayed gratification. The reason they do this should be to create a greater capital base not to consume for the sake of the arbitrary notion of "economy". Remember, the economy is nothing but people.

In choosing not to spend now we make a choice that shape society. Some people say that in saving for something better we are hoarding. I'll give another analogy. In this I will ask is it better to go out for a small meal at McDonald's every night or to save and go out to a good restaurant a couple times a month? In both cases we can be spending just as much. What it comes down to is not a question of hoarding it one of subjective choice. It is an argument not of hoarding of some individuals saying that others don't live right. It is an argument of paternalism and telling others how they should live their life.

When an individual saves them money be that bitcoins or dollars the economy continues. The amount of wealth available is a function of capital goods. If one individual saves them money then all goods become less expensive for all other individuals. Not only does the saver in delaying gratification hedge their own risk and stop the need to rely on charity but they also make life easier for those who are consuming at the moment.

When we say we need to have particular sectors protected such as the car industry in Australia what we're saying is that the jobs of car workers are far more valuable than other jobs. What we're saying is these small community interest groups should be favored over the rest of society. What we're doing is in fact diminishing the economy. If we stop miss allocating funds protecting unwanted services what we end up doing is helping the market to align to the things people actually desire. Not those things selective individuals tell us we want when we in fact don't.

The argument of hoarding is one of subjective measures of judgment and risk. It is party A telling party B that their choices are wrong. It comes down to one individual attempting to determine what another should be doing. It is not using valid methods of persuasion but rather attempting to misinform and deceive other individuals into believing that what they are doing is wrong and what they are being told by another is right. It is not informed persuasion but rather deception.

There is no such thing as hoarding. That our differences in the individual risk appetite of individuals. Some of us want to save and not have to rely on government or charitable handouts later in life. To do this we need savings. Rather than conspicuous spending now we seek a delayed gratification where we don't need to rely on others for charity.

A diatribe on Bitcoin, Trust and the economy of security

2013-04-27T11:00:00.001+10:00

The most marketable goods are what becomes the media of exchange.

The statement above has held true for all time. When exploring the history of money and barter it was not cows and chickens that were exchanged. The farmer with an excess of chickens would exchange first for grain, butter or some other divisible good. Grain could be divided into small parcels. These parcels could be used to trade for other objects. It is impractical to think that anything larger than a small village engaged in social barter long-term. What would've actually occurred is the use of improvised currency.

This started with divisible used goods. In Rome, salt was commonly used and forms the basis of our word today for earning. That is, salary.

Salt was ideal as a form of early currency. It was divisible into small amounts, did not degrade quickly and started as something people could trust. It was easy to taste salt and tell the quality.

As value increased salt became insufficient. The quantity of salt was too large. It was also too easy to lose. A rainstorm could literally liquidate your holdings. Slowly over time other sources of wealth came to replace early currency's such as salt. Gold is perhaps the best known of these. It is easily divisible and does not degrade over time. It has a use in jewelry and has been highly valued through the entirety of written history.

Supply and demand however has increased the value of gold. Gold has uses in electronics and jewelry even today but it's true use is a form of wealth measurement. This value is increased many times it's consumption value as it is in demand as a form of saving. Although gold is mined it is also consumed. The demand for gold is increasing for many reasons but one is fairly simple, you cannot print gold.
This is of course a powerful aspect of gold. The hidden tax of inflation cannot be hidden. The government cannot decide to increase the monetary supply and devalue a nation's wealth. Yes, the arguments abound that the central banks control currency or not the government but remember in the US it was Pres. Obama who took an additional $1 trillion for his own spending experiments. The result of this was a severe drop in the US currency value. The US dollar which was worth far more than the Australian dollar is now on par. The reality of this is that the US government took the wealth of the entire country and taxed it away. The international purchasing power of a US citizen has been drastically reduced. The result is every US citizen has less money. Their houses are worth less, their investments are worth less, they are less wealthy.

The reality, government has taxed them outside of Congress or anything they decided to vote for. The reality is a theft in a massive scale but one that has been hidden, overlooked and somehow blamed on commerce and business. Commerce and business of course being the engine the funds and powers the country but which is also denigrated.

So the question is what the hell does this have to do with bitcoins and trust?

If you asked this I will say is a good question. It is a fundamental aspect of what bitcoins are achieving. The key to currency is trust. That's it, nothing special no more. The US dollar is not a promise of anything of value. Since the US dollar has been taken off the gold standard the US dollar is a promise of the US dollar. What this means is that if you go up to the treasury and hand them one US dollar they will hand you back a US dollar. This may be the same US dollar or it may be a different one. That is the extent of state-based promises in regard to currency. Basically, there is nothing to trust.

We've seen this again and again. States change leadership. Even when leaders are selected they do not do what they are selected to do. Here in Australia we have a choice of two parties. One a Labour Party who will lead us into a deficit that they have created. The other the conservative coalition who will promise to spend us into a deficit. We have a choice. A choice of who waste our money better. But is that really a choice at all. When given a choice of Mickey Mouse or Donald Duck as our leader I don't see that we have a choice at all.
Bitcoins are like gold in many ways that I am not going to detail on this post. What matters is that government cannot degrade the currency. They cannot print more. They cannot steal the wealth of the nation for the half cocked ideas they tout without a clue of the effects.

Here in Australia we have an opportunity to be the breadbasket of Asia. Commercially speaking supporting the commercialization of agriculture make sense. This is not the idea of handouts to farmers, it is the idea of allowing large-scale industry farming. Automated systems based on technology with highly educated people managing farms. This is an idea based on cutting subsidies and spending less. It is one where we don't continue to pay car workers who are economically inefficient and who drain money from the entire society to produce inferior quality products. It is one where the most competitive forces win.

Bitcoins can be trusted for the simple fact that government cannot print more. It is not a central authority that creates trust. It never has been. Money did not develop because of the benevolent government. Money was created by merchants and commercial entities as a means of engaging in trade. It was not a benevolent government who created money but rather a despotic government who monopolized and continues to monopolized the means and supply of money following a hostile takeover. Yes a hostile takeover. Quite simply put money existed well before government. Trust in the currency existed without government. We have been fed a lie designed to make us believe that we need a benevolent central body telling us what to do. We do not nor did we ever.

For this reason and for the reason that bitcoins cannot be created at will, we can trust virtualized currency more than that issued by governments.

This brings us back to the initial statement of this post. The most marketable goods will always become the primary media of exchange. Right now Bitcoin is in the early phases of adoption. A limited number of markets are available but they are growing. It is a currency that is infinitely divisible allowing for small trades across borders. This is important. More so than many people realize.
We are entering an era of intellectual property.

There will be no traditional manufacturing in years to come. This is a big and even bold statement but it is one based on fact. Automated systems are becoming cheaper, faster and better. In just a few years they will exceed the best capabilities of the most skilled artisans and they will do this at a cost less than the lowest unskilled wage. 3-D printing remains at the stage computers were in the 70s and 80s. Robotics remain at a similar level. What people seem to forget is that all of these technologies gain in capability every year exponentially. The skills of individuals, even artisans increase slowly if ever. The best development a human can do is linear. Over time any exponential system exceeds a linear one. In my lifetime manufacturing and automated systems will produce more at a better quality in the lower price than any human could ever hope to achieve.

What people can offer is simply intellectual. We design and we create, it is our strength.

The result will be a world of intellectual property. Technologies such as 3-D printing as well as others I cannot even imagine and services will be the foundation of society. Manufacturing will not be. Even agriculture will be a technology. The romanticized ideal of the farm family has had its day. The agricultural corporation running automated devices will exceed the output in production of even the best farmer.

This is a world that needs a means of transacting engaging across borders. Intellectual property can be distributed instantaneously across the Internet to any place as it is needed. Your production device at home, the future intellectual child of today's 3-D printing technology, will create a new cup as you need it. It will replace your shoes, your swimsuit, your computer tablets, the thing that passes for your phone with its visual display across your retina. All of these will be printable at home. To do this will require base materials and intellectual property.

Just like we purchase intellectual property for movies and videos online now we will purchase and receive instantly goods and manufacturing rights in the future.

This will be from any place on earth. We will purchase from Africa, Asia, Europe, the US and anywhere else instantaneously. Your Nike shoes will not require sweatshop workers in China. They won't require workers at all. The result will be the download of an intellectual property right enabling you to print these things at home. And they will be better quality than you have now. They will be bespoke set to your exact measurement in a way that not even the rich know now.

The question to ask here is whether any existing currency can handle this world of the future. One that will be here in my lifetime and I'm not young. The simple answer is that US currency, the failing Euro, or about anything else you can select as a state currency will not be trusted internationally if at all inside their own borders. The trust in the US dollar has eroded as the country is slowly become more and more interventionist.

What bitcoins offer is a way to instantly distribute payments anywhere in the world quickly and cheaply. They offer a means of distributing intellectual property and selling the rights instantly anywhere in the world.

For those who argue about the need for trust based on the government I would add it is about time that you look at the world we are in and where it is headed. Innovation will change this earth in a way that none of us can comprehend but it is a way that will become based on intellectual property and intangible ideas. All wealth will become intangible at its primary source and foundation. Bits will become the foundation of all society as they already are starting to do, not just movies or music that hard physical goods will derive from ones and zeros.

Right now we can still transact using US dollars and other local currencies but in the future this will become less and less viable. This is the beauty of Bitcoin in this is the uppercut that has remained unseen until now when it is too late. The advances in intellectual property and its inevitable march to consume manufacturing as we know it will require an international currency that can be universally trusted. This is one without any government intervention. There is only one way to do this and no government can centralize it.

Bitcoin is not the only solution but it is the leading one.

Hold fast to your beliefs if you wish and I will place my bet is you did yours. For this is what it is. You may bet on currency controlled by state player and I will bet on something that is decentralized and which cannot be devalued at a whim. A currency that can be trusted by all.

Bet your way and there is a simple way of testing what will occur. It is time. I've placed my bet and it is against all of those who believe that trust requires a central authority. My bet relies on the individual as a collective whole. That we all have value in that society does not need to be ruled centrally through monetary control. In the next couple decades we will see who is right and if I'm wrong my words will be here as a marker and a lesson.

If I'm right...

Sigfind

2013-04-24T12:39:00.001+10:00

The tool “Sigfind” performs a search for a defined hexadecimal value within a defined image or file. We can use this in analyzing digital images to find partitions. There are many reasons for doing this, one would be in finding corrupted partitions.

The tool will find and output the sector where the match was located.

The way it is used is:

sigfind -b 512 -l -o 510 Image.dd

Now, all Windows partitions are the same in many ways. We can find partitions and the MBR as the Hex value 0x55AA always comes in the final 2-bytes of the MBR. This can be corrupted, but it is a good place to start looking.

This is:

The last two bytes of a Microsoft Windows partition are 0X55 and 0XAA
The last two bytes of a Partition Table partition are 0X55 and 0XAA

Using this information, it is possible to recover formatted drives.

Knowing that MBR is located at the start of the drive and that it is a fixed size in non-dynamic drives, we can thus skip the first 510-bytes. Hence run:

sigfind -b 512 -o 510 55AA Image.dd

The output of this command is listed below. I will write more on this another time, but knowing where the partition starts allows us to know where we can start to carve partitions (using the offsets and DD).

$sigfind -b 512 -o 510 55AA Image.dd

Block size: 512 Offset: 510 Signature: 55AA

Block: 0 (-)

Block: 63 (+63) MBR (MS Boot Sectors end in 55AA)

Block: 323836 (+323773)

Block: 820512 (+496676)

Block: 820575 (+63) One of the Partitions

Block: 1026144 (+205569) (Can you say which one?)

Block: 1026207 (+63)

error reading bytes 1048320

Doctor of Information Technology Short Course: Research Methodologies

2013-04-18T15:16:00.001+10:00

Charles Sturt University is offering a FREE short course in research methodologies designed to help you see if a Professional Doctorate is something for you now.

This is a unique IT Doctorate that is applied, flexible and industry relevant. We understand that, studying a Doctorate is a big commitment so this is why we are offering a free short course so that you can decide whether you are ready to take the plunge into the Doctor of IT at Charles Sturt University.

The lectures will be archived for those who cannot make the live session. A certificate will be provided for those who pass the exam following the sessions.

Enrolments are open

7-8.30pm, Thursday 11^th April: Week 1 Webinar: Qualitative and quantitative research methods and techniques in computing

7-8.30pm, Thursday 18^th April: Week 2 Webinar: Quantitative and/or qualitative data collection and analysis techniques

7-8.30pm, Thursday 25^th April: Week 3 Webinar: Limitations of different research approaches

7-8.30pm, Thursday 5^th May: Week 4 Webinar: Presenting and interpreting research findings

7-8pm, Thursday 12^th May: Exam: Online, multiple choice, open book test designed to test knowledge of research Methodologies.

Click here to sign up now.

PayGlove - Pay without a credit card on you

2013-04-16T12:22:00.001+10:00

We have the video linked below.

http://youtu.be/n4y0PiiZzio

Yes, the video sucks.

That is not the point. I am a geek University researcher. In this, we have taken a hi-Call:

Bluetooth talking glove (http://www.hi-fun.com/en/accessori-iphone-ipod-ipad/hi-call/ ) and modified it for NFC access.

The aim was to have a built in payment system linked to PayWave and Google wallet. There are systems based on the phone now. We chose to extend this and use the Bluetooth functionality of the hiCall glove to create a means to just swipe your palm and have a transaction paid for.

The glove has an ability to process hand gestures. We used this function as the means to authorize the transaction. Swipe your palm over the payment pad and touch your fingers together and you link to your Google wallet and payment occurs.

The reactions can be a little unusual at times when people do not see how the payment occurs, but it is an experiment in creating payments built into the individual. In the future, this could be a wrist band or even an embedded chip.

Craig

Choosing security.

2013-04-15T12:59:00.001+10:00

Quite often we see people in academic circles and some of what we would call security purists talking about an ideal world. At times we talk about idealized systems as a replacement for existing ones. A common example is online voting systems. For the most part people talk about a system that has been idealized. The problem is that voting is not ideal now.

When we are talking about idealized systems we have to remember that we are comparing these too real world systems that are already being used. When we hear the arguments about the imperfections in proposed designs we rarely seem to hear what we are comparing them against.

In comparing a system to an idealized maxim when no security flaws are allowed to exist near creating a model of the world that cannot exist. We live in a world of economic constraints. We live in a world of imperfections.

What matters is trust. What we need to achieve is superior security and a level of trust at least comparable to that which we have now. In opening solutions such as a voting process that runs online we enfranchise more people. On the existing paper-based systems we find flaws. What matters is not that a system is perfect but that it is as good as the status quo whilst opening more opportunities to enfranchise people.

Overall, security should be opening opportunities and allowing progress not impeding it. We need to remember that it is better to be more secure than we are now than it is to seek a perfected ideal that we will never reach and never achieve unless we accept some level of risk.

Testing is more than running a tool

2013-04-14T10:08:00.001+10:00

There many uses of testing tools.

There are indeed many benefits as well.

In using automated tools the tester can reduce the effort required to do repetitive tasks. More importantly with many of these simple or repetitive tasks the correct implementation of the tool can actually improve the consistency of the results. This helps provide a standardized testing metric as well.

The problem is that we often have unrealistic expectations of what we can achieve using a tool. Testing tools are no substitute for individual experience. What is required is to use experienced professionals who can improve the economic efficiency of what they are doing using tools. Penetration testing is no different to any other form of information technology testing. What a tool provides is a way to remove these simple repetitive task from the requirements of the tester to run manually. Basically, we want the tester to leverage their expertise as much as possible.

Without due consideration of the following points, the introduction of tools and the use of these in a penetration test can often end up being an expensive waste of time.:

a solid understanding of the system being tested,
the types of vulnerabilities and how to exploit them,
the processes and especially the business processes involved and the relationship between the various systems.

What is required is the development of a rigorous process that incorporates automated tools when necessary to minimize the time but which is founded on manual processes and experience. The reliance on tools takes away from the required level of skill in this type of test. In fact, a poorly thought-out process based on the use of a sophisticated tool alone will really provide good results.

Location

2013-04-13T21:50:00.001+10:00

The next time somebody tells you that location data and social medial are an effective way to analyze things…

Try looking at my facebook, google, foursquare etc data for the day.

Do you really thing GPS is special