Archive for April, 2009

A lot of other countries who are small economies compared to the USA or China, industrialised, and heavily dependent on foreign trade have a government policy of keeping a substantial local ownership stake in important businesses or important technologies. This may or may not be held by the State. Examples of such so-called “core investor strategies”; Austria, France.

If the post-Thatcher game of running a permanent and large current account deficit reintermediated through a huge financial sector, which is then expected to export financial services derived from this task, really is over, should the UK be doing something similar, and what would be your strategy for making such decisions? I recall Dominique Strauss-Kahn (I think) saying that he couldn’t understand why the British had let the DNA sequencer activities of Amersham International, at the time the market leader, be sold to the US; I’ve also read somewhere that the French general staff consider sovereignty to be a function of R&D spending.

I reckon that if we start disbursing cash to industry (and the European Investment Bank loan to Jaguar-Land Rover shows that’s happened), we ought to take equity stakes in the companies in question, so as to build up a base of interesting technologies. Yes, this makes me an unreconstructed social democrat; I think that’s a feature.

But even if you object to capital being allocated by the State, you can hardly suggest that it shouldn’t be allocated at all. And, as I said back in October, with no financial sector there’s only one game in town. And further, what else are we going to do? So that’s the Harrowell option.

I think it’s fair to say that Foxtons won’t be on anybody’s list. I have a plan for them as well. A tower of redundant fake-graffitied fake-Minis, in Trafalgar Square, toppled by a screaming mob beating them with their shoes. The Harrowell option remains open!

definition

CCTV Camera: a device that detects police misconduct and informs its operator by turning the screen black.

the local rag

Ironic to think of it now, but before the police were filmed beating the shit out of Ian Tomlinson and assorted members of the public, there was some sort of media push on against “citizen journalists”, the Internet, Google, etc, and in favour of Good Old Local Newspapers. Well, there must be some explanation for every Lloyds-rated columnist taking up the theme at once. Surely the producer of Wire doesn’t have quite that degree of journalistic influence?

That statement now seems to have become inoperative, as they say. I thought this article of Stephen Moss’s was one of the least objectionable and most contentful of the genre, even if he does seem to blame bloggers for “lost relatives” at one point.

A couple of points. To start with, it’s worth trying at least to distinguish individual phenomena from general ones. Essentially, the newspapers (mostly US ones) that have bitten the dust did so for one simple reason; too much leverage.

It’s arguable that we’ve lived through an era which can be most simply characterised as the Leverage Jihad; anything that could be levered-up with more debt was leveraged, and then quite frequently again, and sometimes again, to the greater profit of the owners of the sliver of actual equity capital involved and the greater risk of society in general, notably through the banks who were lending the vast amounts of Other People’s Money required. Leverage always has two effects; increased return on capital, and increased operational gearing. Any hit to cashflow can kill; any hit to valuation can wipe out the owners and leave the bank sitting on a huge paper loss as well. This is actually far less unique in financial history than I make it sound; J. K. Galbraith remarked that in every era some men discover leverage and decide that they possess financial genius.

So we shouldn’t assume there was something terribly wrong with newspapers, when in fact it may have been the model of ownership and mode of financing that is the problem, just as it was for property, banking, and retail. Note that literally every failure Moss discusses decided to save money by doing less reporting; they did this in order to help service the debts their owners took out to become levered-up newspaper tycoons. That in turn should suggest some options about how to fix shaky papers. It’s worth remembering that the current model of a newspaper grew up in a world where the expensive bit was production; now it’s turning into one where the assets walk out of the door.

Another one is that the spread of big city papers into places that weren’t usually served by them was a consequence of the property binge, and hence of the Leverage Jihad. Everywhere with a railway line that could, on the best possible day, with the most charitable assumptions, get you to London in 90 minutes developed a building or ten like this one near the station. Again, this is self-limiting.

(If you think that’s grim, check out the details.)

But what I would like to know is what, precisely, was achieved by shooting down the BBC’s plans for a major expansion of local news? A source who was familiar with it claims the newspapers’ lobby didn’t like it because it was so good. At the most, this seems to have delayed the crisis by a couple of months; with so many papers stretched to the bone by leverage and puffed up with temporary property-boom ad money, the crunch had to come sooner or later. So now, we face the prospect of neither newspapers, nor BBC Local.

Self-satirising ID card madness. So they’ve actually got as far as issuing some significant contracts. We’ll begin by noting that one of them has gone to CSC, last seen introducing the joy of Cerner software to the NHS National Programme for IT. But much more to the point, what is this talk about using the Chip-and-PIN infrastructure?

This is an insanely stupid idea, and is probably explained by the fact that someone has realised that there are no biometric readers, nobody wants them, there are no plans for how to deploy them, and the totality of Government thinking on the subject can be summed up as “private sector ponies!”

We already know that the system, although more secure than the old one, is quite fallible and has been successfully attacked. We further know that there are even merchant terminals in circulation with unauthorised GSM radios in them that send messages to numbers in Pakistan. It is also true that the UK version of EMV doesn’t provide two-factor authentication because the PIN is stored on the card. This means that someone preparing a fake card who could steal bank card PINs could also steal National ID ones and make the card work in a reader.

The importance of this cannot be overstated. The primary mechanism of authentication is not the one the makers say is the primary one, it’s the one that gets used the most. There are currently several million EMV terminals; there are zero biometric ones. Further, the biometric technologies involved have high failure rates; EMV has well over 99 per cent uptime and even higher exactitude. Therefore it will be used and the biometrics won’t, so a rational attacker won’t worry about the biometrics unless they really have to.

In fact, because of the false positive issue, the biometrics will be gainsaid by the EMV. Think about it. As a checker, you will with mathematical certainty encounter regular false positives. (You’ll also encounter false negatives, but you won’t know about them.) However, you will only very rarely encounter a real positive. Therefore, if a biometric check doesn’t match, you will believe it to be a false alarm, and you will very probably ask the person presenting it to enter their PIN.

Also, the government seems to have abandoned the idea of doing direct biometric-to-database checks and instead wants to authenticate a biometric held on the card to the user, like looking at the photograph on a passport. This means that it is much easier to fool anyway, because the card can be altered to match the user. But adding an additional “check” which is in fact easier to fake means that this is more likely to work.

A fundamental problem with EMV is that there is no out-of-band verification of the transactions. You have to trust the card reader, and there is no obvious way of verifying it. Personally, I always turn it over and look under it because all the hardware attacks I’ve read about involve drilling a hole through the back, but if the remote management interface has been left with the password set to “password” this won’t help me at all.

Various efforts to improve this exist; there are systems that send an encrypted message to an application on your mobile phone to get your authorisation, so that if someone else is trying to spend your money, you’ll get unsolicited authorisation requests, and if a card reader is actually a fake you *won’t* get an authorisation request and your bank won’t pay.

But this doesn’t exist in the UK, so the government is suggesting integrating what it thinks is the gold standard of identification into a significantly weaker security system; it’s in the nature of security that the weakest link determines the strength of the whole.

Now here’s the self satirising bit. As before with the old bank card system, the banks have been trying to pretend that EMV is infallible and that anyone who loses money is a fraud. The test case that will probably end this madness is coming right up, at the same time as the government wants to use the system for ID cards!

I note that no-one has yet anonymously accused Ian Tomlinson of an indictable offence in a national newspaper. Are our standards in truly shameful, underhand, repellent duplicity slipping?

However, a lot of Tories who were OUTRAGED about Sir Ian Blair‘s term as Commissioner of the Metropolitan Police seem to be…how can I put this? frit about criticising the police now that The Chief is essentially a Tory appointee.

In fact, they seem desperate to defend Sir Paul Stephenson come what may. Observe:

Ian Tomlinson says: April 8, 2009 at 10:32 am. I fought the law and the law won

Post title: Guess What Happened Next. Stay classy, Paul.

I suspect that informing a group of people that someone has died at the hands of the police is an effective field diagnostic test of psychological authoritarianism. But even so, it’s more than telling to look at some of those links and see the degree of fake concern about Jean Charles de Menezes that gets switched off like a tap with the change of partisan allegiance, to be replaced by a horrible victim-bashing rhetoric full of class-symbols (Millwall! Too many kids! Booze!).

The thing that pisses me off about Al-Qa’ida is that they insist on egging the government on. That said, I can’t think of anything more ridiculous than Phil Woolas wanting to have reports of any foreign student who misses ten lectures. I can’t think of many things more ridiculous and contemptible than Phil Woolas anyway, but this drowns the fish.

I should point out that he was on Radio 4 earlier today claiming that “biometric visas” were our first line of defence, because the visas were checked against a watchlist. He didn’t say, mark, that the biometrics were; after all, if they haven’t caught the guy yet, they don’t have his dabs.

Let’s think about it sensibly. I doubt there is a single student in the world who hasn’t accumulated 10 hours of non-attendance during their course of study; even if you reset the limit after every academic year, there will still be an absurd number of false positives. There are 330,000 foreign students in the UK. How many might miss 10 hours of classes in a given year? For some courses, you’d only need a couple of days off sick. An outbreak of freshers’ flu at the right schools could stage a denial-of-service attack on the whole gig. How many reports are they prepared to follow up, to what degree of thoroughness?

Further, and I know this is a pathetic argument long since raped by history, the idea of a university implies a commitment to intellectual freedom and a certain respect for the fact that the students are adults who attend of their free will.

But even if you forget everything else, as a security measure this is quite incredibly cretinous. The threat it is designed to mitigate is that terrorists will pose as students in order to infiltrate the country, or rather that they will actually become students in order to do so. Of course, they may also do this to prepare an attack on some other country. Anyway. If you have registered at a university in order to pose as a student, it’s obviously part of your cover story that you go to lectures. Depending on what you are planning, you might even be hoping to get access to things you need for the attack – information, a good chemical or biological lab, perhaps time on a supercomputer – in which case you’ve got to go to the lab or the library regularly as well.

This is a security measure which is designed to miss anyone who matches the attack profile it’s designed to detect. Further, the more serious, disciplined, and well-organised the attacker, and the more technical and demanding the subject they choose to study – in short, the more dangerous – they are, the less likely it is to detect them. It even provides them with an explicit target number of classes they must not miss. It is quite brilliant in a negative way.

It is especially hilarious that several ministers in the government spent much of their student years plotting, or imagining that they plotted, how to bring about the world revolution. Presumably, they did this between lectures. Or perhaps they didn’t, and in fact they are basing their policy on their own experience; which would explain how little they seem to have learned.

Now I want you all to go and read this outstanding article on the Daily Telegraph‘s real role in world journalism.

Essentially, it’s become a crucial link in the global bullshit cycle. Like the water, nitrogen, and carbon cycles, bullshit circulates around the planet; some actors are bullshit sources and others sinks. The Telegraph‘s role is to receive bullshit from the Republican/wingnut welfare world, which is rather like the depression in Chad whose windblown dust fertilises the Amazon in this model, and print it when other media won’t because it’s too bullshitty.

Once it’s published in London, however, other media can quote it without taking responsibility for it, therefore recirculating surplus bullshit from the UK back into the (shudder) mainstream media. Hey presto, arrant drivel has been converted into serious news. Come to think of it, perhaps I should drop the ecological metaphor; it’s much more like the process of securitising, repackaging, and marketing crappy mortgages.

Originally made in the boom markets of the US, places like Florida (a rich bullshit source if ever there was one) these documents were sold to major banks in London, who categorised them by their likelihood of default and prepared them for resale. To sell, however, they had to all have a top credit rating, which was achieved by assuming that the risk of default on each was independent of the other, and then stuffing in more collateral until the expected value after the average default rate was equal to the face value. The resulting loan sausage, 30% “meat” and the rest rusks, phosphates, and water, was then sold….right back to the banks who bought it in the first place, as it turned out.

Similarly, the Telegraph takes on dodgy news stories, chops them up with some of its reputation, an anonymous source, and a dose of sensationalism, and sells the resulting collateralised drivel obligation (CDO) back to US investors at a profit. Eventually, however, the value of news-style product sourced from people like Michael Ledeen crashed, leaving major US newspapers holding gigantic portfolios of worthless drivel, which eroded their reserves of credibility to the point at which many have gone out of business.

It is widely presumed that the Federal Government will feel obliged to support newspapers deemed systemic, like the New York Times…but one hopes they don’t try buying and rediscounting old scare stories in an effort to resume normal reporting. After all, this was tried in 2002-2003 with catastrophic results.

A little news from the rialto. We’re seeing more and more movements using the name “Sky Cabs”, with either Phoenix Aviation/AVE’s call sign PHW or else 2E. Interestingly, the company of this identity was shut down in Colombo after a horrible accident back in 2000. The matching ICAO code was SCB; we’ve not seen that one. The original Sky Cabs’ small fleet of Antonov-12s went to Silk Way, Santa Cruz Imperial, that Rosetta stone of Viktor Bout companies, or the fire dump.

We’re also seeing something called Euro Atlantic, and Asia Wings; Asia Wings’ ICAO code, AWA, is the call sign of “Atlantic Airlines” of the Gambia, before it was shut down and banned from the European Union. The only known aircraft from Atlantic is An-12 serial number 347109, known at ATI (Aerocom/Jet Line) as ER-ADG and currently S9-KHF at Transliz.

I don’t have any interesting information about Airfreight Aviation, the Russian UAE firm involved in this case, except to say that a truly remarkable number of Russian celebrities are employed in the aviation business there, seeing as their contact is given as Oleg Borisov. A common name, sure, but it’s truly remarkable if you look at all the others.

onwards and upwards

Telling. 29 (Commando) Light Regiment RA haul a 105mm gun by hand up a rock pinnacle in Afghanistan, to a feature called Roshan Tower. Yes, Roshan as in the mobile phone operator.

We can offer you 900MHz GSM service, and some things that go with it, but far from all of them, or we can offer you live artillery rounds; either one remains on offer for a strictly limited period of time, which has yet to be determined. On request, terms and conditions are as much a mystery to us and everyone else as they are to you.

Following on from the last post, we’re unlikely to have funding to dose every school kid in Britain with radioactive markers and fMRI-scan them a term later to see how their neurons are getting on any time soon, even if you could get that past the ethics committee and the Nuclear Dread. So unless someone comes up with a field-expedient diagnostic test, we’ll need some other way of assessing the problem. Which means that this annoyed me.

So some firm decided to try analysing the primary school SAT results better. They broke down the UK into much smaller units than Local Education Authorities or even schools – neighbourhoods of 300 people on average. They then classified them into 24 groups based on demographic and socio-economic indicators, looked at the average results for each group, and arrived at an expected score for each school based on the distribution of those groups in the school’s intake. They then compared the actual results to see which schools were really doing better or worse.

And they got quite a lot of criticism for not using a database of pupils that…wait for it…the government won’t let them use. This is a pity. Ever since Pierre Bourdieu, we’ve been well aware that there is much more to class than money. With all that data, we could do a lot of interesting things; we could, for example, use principal components analysis to establish objectively defined groups and see how well schools are doing that way. We could benchmark them against the Flynn effect, and I suspect quite a lot of schools would turn out just to be tracking the gradual uplift overall. But if we can’t see the data we can’t do anything.