We’ve been assured again and again that RFID passports are secure. When researcher Lukas Grunwald successfully cloned one last year at DefCon, industry experts told us there was little risk. This year, Grunwald revealed that he could use a cloned passport chip to sabotage passport readers. Government officials are again downplaying the significance of this result, although Grunwald speculates that this or another similar vulnerability could be used to take over passport readers and force them to accept fraudulent passports. Anyone care to guess who’s more likely to be right?
It’s all backward. Insecurity is the norm. If any system — whether a voting machine, operating system, database, badge-entry system, RFID passport system, etc. — is ever built completely vulnerability-free, it’ll be the first time in the history of mankind. It’s not a good bet.
Once you stop thinking about security backward, you immediately understand why the current software security paradigm of patching doesn’t make us any more secure. If vulnerabilities are so common, finding a few doesn’t materially reduce the quantity remaining. A system with 100 patched vulnerabilities isn’t more secure than a system with 10, nor is it less secure. A patched buffer overflow doesn’t mean that there’s one less way attackers can get into your system; it means that your design process was so lousy that it permitted buffer overflows, and there are probably thousands more lurking in your code.
Diebold Election Systems has patched a certain vulnerability in its voting-machine software twice, and each patch contained another vulnerability. Don’t tell me it’s my job to find another vulnerability in the third patch; it’s Diebold’s job to convince me it has finally learned how to patch vulnerabilities properly.
Human Behavior
This Time It’s Not Different
From MarketWatch:
SAN FRANCISCO (MarketWatch) — The liquidation of a big hedge fund or investment-bank trading portfolio is wreaking havoc in some parts of the hedge-fund business, according to managers and investors.
Black Mesa Capital, a hedge-fund firm that uses computer models to track down investment ideas, said that at least one large hedge fund or investment bank is liquidating “massive” trading portfolios, according to a letter the Santa Fe, N.M.-based firm sent to investors Wednesday.
The warning is causing disruptions and triggering big losses among other so-called market-neutral hedge funds, Black Mesa said in its letter, a copy of which was obtained Thursday by MarketWatch.
“Clearly, something is amiss in the markets that few in our strategy, if anyone, have experienced before,” Black Mesa’s managers, Dave DeMers and Jonathan Spring, wrote. DeMers declined to comment Thursday.
The firm’s hedge fund, which has about $1.9 billion in long positions and $1.9 billion in short positions, was down roughly 7.5% this month through Aug. 7. Those losses could grow to as much as 10% for August so far, Black Mesa noted.
I love this quote: ‘Clearly, something is amiss in the markets that few in our strategy, if anyone, have experienced before.’
Something unanticipated is always amiss in the markets in these situations. That’s how these situations happen.
We’re Rats, So We Race
A New York Times article [via Instapundit] titled, “In Silicon Valley, Millionaires Who Don’t Feel Rich” explores why many people with assets and sometimes incomes in the millions who live in Silicon Valley don’t feel particularly rich. One paragraph gets to what I consider the heart of the effect.
But many such accomplished and ambitious members of the digital elite still do not think of themselves as particularly fortunate, in part because they are surrounded by people with more wealth — often a lot more.
You Are The First Responder
The tragedy in Minneapolis of a few days ago underlines something I have written about before and will no doubt have to write about again. I never really thought about it much until Katrina hit and I saw the images that all of you saw. Those were images of people standing in what seemed like endless lines for food and water or to be evacuated.
Pathological Personalities
Continuing with my re-posting from my old blog: in case anyone thought I was being a little harsh on Academics in that last post, go read the Mobius Stripper’s description of her interactions with her first advisor, the Eccentric Genius. Here, I’ll excerpt a little from the comments:
Jess – ah, the dread of meeting with the advisor. I don’t think mine bad-mouthed me behind my back – my EG was a man of few words, whose MO was to stare at me for long periods of time whenever I asked a question. He might have been thinking that I was an idiot; he might have been thinking about his (unrelated) research. Hell, he might have been thinking about what he was going to have for dinner. Who knows? I sure didn’t.
Just who taught that jerk that this was a way for one human being to communicate with another, especially a subordinate? I’ll tell you who. Every teacher or peer who ever excused his rudeness because he was brilliant. Every administrator and department head who excused poor behavior because they didn’t want him to go somewhere else. A grad school colleague of mine (a former Marine) used to be fond of saying, “if you can’t be smart, be nice”, but in Industry, smart is necessary but not sufficient if you want to get ahead. In the Academy, it’s necessary and sufficient. Hence we get Eccentric Geniuses who could have also grown a real human personality, but missed the opportunity because of the special environment in which they operate. And lest you think that MS’s experience rare, I’d say that this kind of interpersonal interaction is well within one standard deviation from the mean that I have observed in the Academy. Well within.