Monthly Archives: January 2006

Hedged Cats

It seems catastrophe bonds aren’t the only way to hedge a cat. According to BusinessWeek, hedge funds are directly insuring catastrophes:
Collectively, though, hedge funds have huge sums available for catastrophe protection. That means much more hedge money is likely to flood in if rates remain high. Among the funds that have already entered the sector are Kenneth C. Griffin’s Citadel Investment Group in Chicago, George Soros’ Soros Fund Management, HBK Investments in Dallas, and Louis M. Bacon’s Moore Capital Management.

How Hedge Funds Are Taking On Mother Nature, by Peter Coy, BusinessWeek, 16 January 2006

This is partly a result of Hurricane Katrina in 2005. The article says it is different than what happened after Hurricane Andrew, the previous most costly hurricane, in 1992.

Why do hedge funds do this? Continue reading

United States of Microsoft

Richard Forno, a principal consultant for KRvW Associates and a former senior security analyst for the House of Representatives, believes that Microsoft is a threat to national security. The White House, Congress, and Department of Defense all run Windows and send and receive e-mail on MS Exchange Server—exploitable Microsoft products that offer a “target-rich environment for malicious code.”

Microsoft vs. Computer Security Why the software giant still can’t get it right. By Adam L. Penenberg Slate Posted Monday, Jan. 9, 2006, at 1:10 PM ET

Golly, I wish somebody had thought of that sooner, like maybe Dan Geer about two years ago. Continue reading

Liberty Is Security

In this age where every terrorist action seems to be met by politicians and the public rushing to clamp down on the liberty of people who had nothing to do with it, my mantra is Benjamin Franklin’s comment:

They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety.

Well, recent research demonstrates old Ben was more right than that statement would indicate:

One method to attenuate [suicide bombers], then, is to target dangerous groups that influence individuals, such as Al ­Qaeda. Another method, says Princeton University economist Alan B. Krueger, is to increase the civil liberties of the countries that breed terrorist groups. In an analysis of State Department data on terrorism, Krueger discovered that “countries like Saudi Arabia and Bahrain, which have spawned relatively many terrorists, are economically well off yet lacking in civil liberties. Poor countries with a tradition of protecting civil liberties are unlikely to spawn suicide terrorists. Evidently, the freedom to assemble and protest peacefully without interference from the government goes a long way to providing an alternative to terrorism.” Let freedom ring!

Murdercide Science unravels the myth of suicide bombers By Michael Shermer, Scientific American January 2006.

Not only does curtailing civil liberties not assist much in the short term with catching terrorists, in the long term it actually breeds terrorists. After all, terrorism isn’t about religion, or poverty, or even nationalism: it is about politics. The politics of civil liberties.

Continue reading

Software Patent Reform?

Does it take IBM to organize software patent reform? It’s IBM spearheading a move to assist the US PTO and inventors in looking up prior art, using open source methods.

I suppose it shouldn’t be surprising that IBM is involved in this, given that they file more patents every year than anybody else. See also the book, Rembrandts in the Attic..

I hope this movement succeeds. It would be nice for software patents to be more useful than they are, which would mean less cluttered with junk that never should have been let in the door.


Another Voice Within the Islamic World

Often I wonder why what mostly appears in the press from the Muslim world appears to be either business as usual (the hajj is starting now) or the latest threat from some extremist or other, or of course the press’s favorite angle on either of those (hotel collapses during hajj or terrorists kill x people). All those things are legitimate news, and I’m glad that ordinary things do go on as usual. But where are the voices opposing the extremists?

Here’s one, from Iran. Former president Mohammed Khatami says:

Since the aggressive voice within the Islamic world is very loud today, and the poser circles in the west, too, try to further aggrandize it, we need to clarify that there is another voice within the Islamic world," Khatami was quoted as saying.

"In order to clarify which version of Islam we are talking about, there is no need to represent a nation, or a government, but we need to clarify that our voice is clearly heard in the Islamic world and accepted," he said.

Iran’s Khatami calls for "another voice" in Islamic world (Xinhua) Updated: 2006-01-07 09:22

For that matter, why does this story only seem to be carried on two Chinese news agencies and a couple of middle eastern ones? Does the western press have no interest in a reasonable  voice from the middle east? Maybe it’s too busy carrying the latest not-so-reasonable diatribe from the current president of Iran and ex-president Khatami’s reasonable voice doesn’t fit the current press template for Iran; I don’t know. 

Continue reading

Malaysian Broadband

Malaysia is planning on fast broadband and IT infrastructure, notes James Seng. Malaysia is aiming at broadband in use in 75% of households by 2010.

Meanwhile, the U.S. seems to be heading for control of speed and use of the last mile by a small number of big telcos, with speeds less than a tenth of what Malaysia is aiming for.

James remarks that Malaysia’s plan looks like Korea’s. In other words, like a plan that’s already working in another country.

Funny what can be done when a country decides to actually do something instead of squabbling.


The Wolf in the Image

As an example of how, even though people cry wolf too much, nonetheless sometimes, as in the current the Microsoft WMF vulnerability, the wolf really is at the door, or in this case in the image. Unlike many web-related vulnerabilities, this one doesn’t require the user to do anything to take effect, because it’s an image vulnerability. Internet Explorer (IE) just goes ahead and executes the vulnerability when it sees such an image. Recent versions of Firefox at least ask the user before opening the image, but many users will say yes because it’s an image, and people think images are safe.

Microsoft has not provided a fix, even though this problem has been around for a week or more now. SANS is predicting that Microsoft won’t provide any fix for Windows 98, instead if you want to be safe, you’ll have to upgrade.

Meanwhile, an individual has provided a patch that seems to work, and SANS has tested it and approves.

What does it mean when the world’s largest software vendor can’t release a timely patch to one of the worst-ever vulnerabilities in its software?

Continue reading

Crying Wolf: One Reason People Don’t Pay Attention to Big Risks

Here’s one reason people don’t pay attention to big risks: too many times they’ve heard that things will fall apart in a big way, such as overpopulation as predicted back in 1968 (by which prediction we should have probably 10 billion people on the planet now), and some of the more overblown Y2K predictions; many of these are cataloged in an article by Michael Crichton.
Notice that in 1968, when Ehrlich published his book The Population Bomb, world fertility was already in decline. Ehrlich was thus urging people to do what they had already been doing for about 10 years. It’s not clear whether he knew this or not. But certainly when he said, “The battle to feed all of humanity is over….At this late date nothing can prevent a substantial increase in the world death rate…” he was simply wrong. As you see, after his book appeared the death rate remained flat in developed countries, and it continued to fall for another 10 years in developing countries.
Fear, Complexity, & Environmental Management in the 21st Century Washington Center for Complexity and Public Policy, Washington DC, November 6, 2005, By Michael Crichton
Crichton remarks that Erhlich was merely crying out in desperation to urge what’s already happening. However, Crichton also neglects to mention that a quite significant government initiative, the One-Child Policy in China, was promulgated after Erhlich’s warning and has apparently had a significant effect on population growth in China, which is now expected to peak somewhere around 1.5 billion in about 2025. In other words, China chose to change its demographics to start acting like a developed country before it became one. Crichton also doesn’t mention improvements in food production that weren’t known to be possible when Erhlich wrote. Erlich was in fact wrong in his predictions, but Crichton is also wrong in implying that things would have gone as well if nobody had tried to do anything to change the situation. Continue reading

Sony: Legal Reaction

Michael Geist has some interesting comments about the provisional settlement of one of the lawsuits against Sony for its rootkit DRM.

Perhaps his most important point is that that settlement will only have effect in the U.S., not, for example, in Canada.

This particular suit settlement would require Sony not only to recall all the affected CDs, but also to stop using the software that implemented the rootkit and to disavow the relevant portions of the EULAs. It even would require free music downloads, which would be one of the things Sony was trying to counter with the DRM in the first place. Continue reading