## Archive for October, 2006

### Chin Chun Hock

Somebody forwarded me an article on Wikipedia. Actually as of today, the article contains 4 sentences:

Chin Chun Hock was the first Chinese man to settle in Seattle. He arrived in 1860 and was employed as a domestic worker. By 1868, Chin Hock had founded a general merchandising store, The Wa Chong Co., at the foot of Mill Street. He owned the Eastern Hotel which housed the first Asian workers in Seattle.

Well, that’s not very satisfying. There is more to be known, but how to find it? True, there is likely stuff at the Wing Luke Asian Museum in Seattle and in the archives of the University of Washington, but it would be too much trouble to get at those for a lunchtime-project. Let’s just dig around.

### price of security

All this talk of “in real life, we accept managed insecurity” has got me thinking about the question of how much security is actually worth to people. People pay some “appropriate” amount for security by buying alarms, paying for antivirus software, buying locks and whatever. How much should be paid? Is there a model for this behavior? Here is a not even half-baked look:

Suppose your thing is worth $$D$$ dollars (to everyone, for simplicitiy) and the probability of it getting stolen/destroyed is $$p_0$$. Let’s actually make $$p$$ a function of how much you pay for security, so $$p(S)$$. This function is, say, monotonically decreasing in $$S$$ with $$p(0)=p_0$$. Then the worth of $$S$$ security dollars is $$(p(0)-p(S))D$$. I guess you should not pay for security when $$S>(p(0)-p(S))D$$, and you should aim for $$S^*=\arg\max_S{(p(0)-p(S))D-S}$$ when you should pay.

 Another question altogether is how should security services be priced? They should probably be priced such that $$(p(0)-p(S))D=S$$, but are they? No idea.

So far so good. At this point, I’m taking a digression because I am reminded of my bicycle. It’s a piece of junk but I lock it. Next to a nice bike. Even better if the nice bike has a worse-looking lock – although that doesn’t happen usually. My bicycle never gets stolen. This happens with recommendations for securing computers, too. Often there is advice to hide unused ports, leave small footprint, make yourself less of a target, etc. As long as it takes less effort to get more from somewhere else, you are somewhat secure, although you really aren’t. So there is the idea of competitive influence in the security problem.

So let’s say your neighbor also has a thing worth $$D$$ dollars and $$S’$$ is thrown into security for it by your neighbor. Now if you don’t pay more than your neighbor for security, it’s like you haven’t paid at all. Define a new function $$p’(S)=p(0)$$ for $$S\leq S’$$ and $$p’(S)=p(S)$$ for $$S>S’$$. Then you should aim for $$\tilde{S}^*=\arg\max_S{(p(0)-p’(S))D-S}$$ when it is nonnegative. Now it is really possible to lose no matter what. Although it is possible to have $$S^*=0$$ as the solution previously, that would have been a result of particularly poor security service. This is different. Depending on what your neighbor does, you may have no way to get more security for your thing.

Of course, your neighbor would normally aim for the optimal point, as would you. So you both could try to outbid each other until you hit the next $$S$$ larger than $$S^*$$ where $$(p(0)-p(S))D-S=0$$. This would be the competitive equilibrium. But then what’s the point? Both of you could do just as well by not paying anything for security – like leaving all (equally nice) bikes unlocked. but that would be a cooperative equilibrium, which won’t happen in reality.

However, it isn’t that simple. If we think about how a security service is able to decrease the probability of a thing getting stolen/destroyed, we (or I) get a headache, so that’s it for now. This may be revisited.

### Csiszar & Korner

Imre Csiszar and Janos Korner are two Hungarians with very Hungarian names. But more importantly, they wrote a thrilling page-turner called, Information Theory: Coding Theorems for Discrete Memoryless Systems. It is a book most difficult to obtain. It seems that the book has been out of print ever since the day it was in print. Academiai Kiado of Budapest and Academic Press of New York (same thing?), I’m looking in your general direction(s). Hmm. I wonder if the cost structure of running a printing press is akin to that of running a chip foundry?

Anyway, forget the publishers. There is one copy in the library, permanently checked out, on hold, or requested. Almost never seen in online stores, it sells for several times the list price when scalper123 occasionally trots it out on YahooMazonBay. Worst of all, nobody has bothered to make and distribute a pdf of it for the good of the masses. Er, wait, I mean, nobody has bothered to make a Fair Use copy for personal use.

And accidentally leave the pdf on an unprotected public server. (Please?)

Well, that was last week, and this is now. I am to this day amazed that Kazoo Books still had one (1) old, used, but perfectly good copy at list price. I wrote “had.” Good service and fast delivery, too. No fraud committed against me despite there being a phone transaction with a credit card. Highly recommend. Wait, this isn’t eBay, why am I writing this?

### A little Markovian problem

Here it is:

A has a fair coin and B has a fair coin. They flip coins together, but only keep track of their own sequences of heads and tails. A stops if the sequence “HHT” appears. B stops if the sequence “HTH” appears. Which player is more likely to stop first?

### remote payment security

Credit cards. Epitome of security by obscurity? It isn’t even much obscurity. Whoever gets a hold of a card or makes a mental image of it can pretty much do anything until the account is suspended. I guess banks run fraud-detection algorithms, but still they, and therefore we, absorb the cost of fraud. Fighting fraud: it’s what Paypal says it spends its R&D dollars on.

Credit card number, name, billing address, expiration date are informational, so I don’t know how they have come to be used as “secrets” for a secure transaction. Seems like a terrible idea. Then there is the 3-digit CVV code. Would somebody mind explaining its utility to me? How does 3 more digits prevent fraud? (They are on the card just like the front-side numbers and they also must be disclosed during a transaction.)

There exists technology, but little infrastructure, for authenticating and trusting the remote host (or person — phone orders are even worse). For online transactions, banks have come up with at least two augmentations to the standard procedure to try to plug the hole. One involves password verification directly with the bank’s web site. Another is to issue single-use credit card numbers. Four soundbites ensue: Inelegant! Ad hoc! Not standardized! Unsatisfactory!

But this is moving in the right direction.

Many are grossly concerned with computer security and wireless channel security. Some are paranoid to the degree that nothing short of provably secure is acceptable for transmitting a few worthless bits that in reality nobody cares about. But we seem to settle for the foundational insecurity that underlies any kind of current remote payment using credit cards. Apparently managed insecurity is accepted, even if it deals with money, about which people should actually care. That’s a strange social phenomenon.

### troll and trolling

Wikipedia says:

In Internet terminology, a troll is a person who enters an established community such as an online discussion forum and intentionally tries to cause disruption, most often in the form of posting inflammatory, off-topic, or otherwise inappropriate messages

What is a troll in Chinese? I don’t think there is a term. Wikipedia’s “in other languages” sidebar offers up 小白 for troll, but that just means idiot or annoyer, someone with a thick skin or someone who doesn’t get it; so no, that’s not exactly a troll. It doesn’t capture the aspect of intention and the not infrequent subtlety of trolling. The article on 小白 itself is hilarious. It’s obvious the usage is restricted to Taiwan.

Mainland and overseas Chinese BBS are full of subtlety to begin with, for reasons not worth mentioning at this moment. Maybe every Chinese is a native troll. Certain Chinese history points to training in – ah nevermind, I’m trolling. However, a subset of more benign trolling behavior seems to elicit more condemnation on these Chinese BBS and have terms associated with them. For instance: posting off-topic messages and inappropriate messages can take the form of 刷屏 or repeated re-posting, or posting in multiple sub-forums. Posting a stream of emoticons or other useless messages (to readers) such as 顶, 批, 阅, 路过 to increase the number of posts by one is known as 灌水. The meaning of 灌水 has expanded to include, in some cases, posts that are not just useless, but specifically useless for ongoing rational discussion. Since a post that elicits 灌水 behavior is known as a 坑 and somebody who writes such is engaging in 挖坑, then 挖坑 may yet emerge as the logical equivalent of trolling (verb). It has been used in that sense already.

Still no word for troll (noun), though 坑王 is a good candidate.

### What is this “blog”

…you speak of… what, do I write to myself? I only have 100MB.

First post and already TeX can be rendered. I stole the idea from fakalin.

$$\int_{0}^{1}\frac{x^{4}\left( 1-x\right) ^{4}}{1+x^{2}}dx = \frac{22}{7}-\pi$$