List of Archived Posts
2008 Newsgroup Postings (10/05 - 10/24)
- Blinkylights
- illegal naked short selling
- Credit Card Security
- VMware Chief Says the OS Is History
- Wachovia Bank web site
- Houses
- Houses
- Credit Card Security
- The end of the baby boomers, US bonds maturing, and then what?
- Homebanking authentication methods: what's being used by your bank?
- Does anyone read the Greater IBM Connection Blog?
- Browser Security UI: the horns of the dilemma
- The human plague
- What risk of possible data leakage do you see for your organization?
- Blinkylights
- Financial Crisis - the result of uncontrolled Innovation?
- Is Information Security driven by compliance??
- what will be a wow feature in a credit card
- Once the dust settles, do you think Milton Friedman's economic theories will be laid to rest
- What's your view of current global financial / economical situation?
- Is the Credit Cruch a boost for Virtualization?
- Old XDS Sigma stuff
- What risk of possible data leakage do you see for your organization?
- Old XDS Sigma stuff
- Nonviolent Activists Are Now Terrorists
- What are the Black Swans for IT Security?
- SOX (Sarbanes-Oxley Act), is this really followed and worthful considering current Financial Crisis?
- Blinkylights
- Does anyone get the idea that those responsible for containing this finanical crisis are doing too much?
- Signposts on the US Government's Trail of IT Failures
- Signposts on the US Government's Trail of IT Failures
- The human plague
- How much is 700 Billion Dollars??
- Signposts on the US Government's Trail of IT Failures
- The human plague
- The human plague
- VMware Chief Says the OS Is History
- The human plague
- The human plague
- The human plague
- Signposts on the US Government's Trail of IT Failures
- The human plague
- The human plague
- The human plague
- The human plague
- The human plague
- Anyone still have access to VMTOOLS and TEXTTOOLS?
- Will cards with PayPass (from MasterCard) be using CHIP & PIN in the future?
- The Univac 110x Architecture Still Lives
- Discussions areas, private message silos, and how far we've come since 199x
- Old XDS Sigma stuff
- Why are some banks failing, and others aren't?
- Why is sub-prime crisis of America called the sub-prime crisis?
- Old XDS Sigma stuff
- Discussions areas, private message silos, and how far we've come since 199x
- Virtual
- Virtual
- Virtual
- Everyone is getting same deal out of life: babyboomers can't retire but they get SS benefits intact
- Virtual
- Biometric Credit cards
- Discussions areas, private message silos, and how far we've come since 199x
- Would anyone like to draw a diagram of effects or similar for the current "credit crisis"?
- Discussions areas, private message silos, and how far we've come since 199x
- In your experience which is a superior debit card scheme - PIN based debit or signature debit?
- Can the financial meltdown be used to motivate sustainable development in order to achieve sustainable growth and desired sustainability?
- Open Source, Unbundling, and Future System
- Invitation to Join Mainframe Security Guru Group
- Blinkenlights
- Blinkenlights
- What happened in security over the last 10 years?
- Why is sub-prime crisis of America called the sub-prime crisis?
- Euro value
- Addressing Scheme with 64 vs 63 bits
- Would anyone like to draw a diagram of effects or similar for the current "credit crisis"?
- In light of the recent financial crisis, did Sarbanes-Oxley fail to work?
- Blinkenlights
- PDP-1 Spacewar! program internals
- Who murdered the financial system?
- What emerging risks are exposed with a shift from paper to electronic retail payments?
- Can we blame one person for the financial meltdown?
- How security audits, vulnerability assessments and penetration tests differ?
- Greenspan testimony and securization
- Chip-and-pin card reader supply-chain subversion 'has netted millions from British shoppers'
Blinkylights
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Blinkylights
Newsgroups: alt.folklore.computers
Date: Sun, 05 Oct 2008 19:21:32 -0400
re:
http://www.garlic.com/~lynn/2008n.html#28 Blinkylights
http://www.garlic.com/~lynn/2008n.html#101 Blinkylights
oops, that first (illegal naked short selling) URL was supposed to be:
A Wikipedia Conspiracy and the Wall Street Meltdown
http://news.slashdot.org/news/08/10/05/201205.shtml
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
illegal naked short selling
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: illegal naked short selling
Newsgroups: alt.folklore.computers
Date: Sun, 05 Oct 2008 20:39:08 -0400
re:
http://www.garlic.com/~lynn/2008n.html#28 Blinkylights
http://www.garlic.com/~lynn/2008n.html#101 Blinkylights
http://www.garlic.com/~lynn/2008o.html#0 Blinkylights
posts from spring of 2007 mentioning reference to illegal naked short
selling
http://www.garlic.com/~lynn/2007j.html#74 IBM Unionization
http://www.garlic.com/~lynn/2007j.html#75 IBM Unionization
after running across reference similar to one mentioned in this post
http://www.garlic.com/~lynn/2008k.html#4 dollar coins
CRAMER REVEALS A BIT TOO MUCH
http://www.nypost.com/seven/03202007/business/cramer_reveals_a_bit_too_much_business_roddy_boyd.htm
talking about illegal naked short selling.
other posts ...
http://www.garlic.com/~lynn/2008k.html#1 dollar coins
http://www.garlic.com/~lynn/2008k.html#9 dollar coins
http://www.garlic.com/~lynn/2008k.html#25 IBM's 2Q2008 Earnings
http://www.garlic.com/~lynn/2008k.html#31 SEC bans illegal activity then permits it
http://www.garlic.com/~lynn/2008k.html#44 SEC bans illegal activity then permits it
http://www.garlic.com/~lynn/2008n.html#23 Michigan industry
http://www.garlic.com/~lynn/2008n.html#25 Blinkylights
http://www.garlic.com/~lynn/2008n.html#31 Blinkylights
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Credit Card Security
Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Credit Card Security
Date: October 5, 2008
Blog: Financial Security
re:
http://www.garlic.com/~lynn/2008n.html#90 Credit Card Security
and
http://www.linkedin.com/answers/finance-accounting/financial-regulation/FIN_FRG/333069-2064487
note that there was a rather large (POS) chipcard rollout in the
earlier part of this decade/century in NE US .... but it turned out to
be a yes card ... which may contribute to some of the
skepticism/reluctance ... misc. past posts mentioning
yes card
http://www.garlic.com/~lynn/subintegrity.html#yescard
about the same time there was a different, large chipcard deployment
targeted for the online consumer pc (internet) market ... along with
distribution of "free" serial-port card readers. there was enormous
consumer installation problems with the serial-port reader (lots of
BSOD and/or re-installs from scratch). The pervasiveness of the
serial-port installation problems then contributed to effectively
abandoning the effort and a rapidly growing opinion that chipcards
weren't practical in the consumer PC market.
Some indepth postmortem analysis indicated that the problems were with
the serial-port installation ... as opposed specifically with the
chipcard operation (but it was too late to undo the spreading
impression about chipcards not being practical in the consumer
market).
Part of this demonstrated the adage about fleeting institutional
knowledge. In the 95/96 timeframe, there were several presentations
that a major motivation for online banking moving from the dedicated
dialup operations of the 80s to the internet in the mid-90s was the
significant support costs associated with dedicated serial-port modem
installations. one bank, at the time, claimed that they were having to
support over 60 different drivers as well as handle significant
customer support calls. With move to internet ... this was all
offloaded to ISPs which could amortize the support across all a
consumer's online activity (and growing motivation to include support
as part of original PC).
oh, and about the time of the rapidly spreading impression that
chipcards weren't practical in the consumer (home) pc market ... all
the activity associated with the EU FINREAD effort seemed to
evaporate.
http://www.garlic.com/~lynn/subintegrity.html#findread
And, as mentioned previously ... the x9a10 financial standard activity
was required to support ALL retail payments in the x9.59 financial
standard ... i.e. at least both POS and online/internet.
http://www.garlic.com/~lynn/x959.html#x959
past posts discussing serial-port (card reader) problem
http://www.garlic.com/~lynn/2002m.html#37 Convenient and secure eCommerce using POWF
http://www.garlic.com/~lynn/aadsm23.htm#43 Spring is here - that means Pressed Flowers
http://www.garlic.com/~lynn/aadsm23.htm#50 Status of SRP
http://www.garlic.com/~lynn/aadsm27.htm#34 The bank fraud blame game
http://www.garlic.com/~lynn/aadsm27.htm#58 On the downside of the MBA-equiped CSO
http://www.garlic.com/~lynn/2007n.html#60 Poll: oldest computer thing you still use
http://www.garlic.com/~lynn/2007n.html#65 Poll: oldest computer thing you still use
http://www.garlic.com/~lynn/2007n.html#66 Poll: oldest computer thing you still use
http://www.garlic.com/~lynn/2007n.html#75 Poll: oldest computer thing you still use
http://www.garlic.com/~lynn/2007n.html#78 Poll: oldest computer thing you still use
http://www.garlic.com/~lynn/2007u.html#11 Public Computers
http://www.garlic.com/~lynn/2008j.html#56 WoW security: now better than most banks
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
VMware Chief Says the OS Is History
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: VMware Chief Says the OS Is History
Newsgroups: alt.folklore.computers
Date: Mon, 06 Oct 2008 08:35:33 -0400
Steve O'Hara-Smith <steveo@eircom.net> writes:
These people impress me more
http://www.nanosolar.com/economic.htm
Roll to roll processing spraying photovoltaic ink onto metal
foil.
re:
http://www.garlic.com/~lynn/2008n.html#76 VMware Chief Says the OS is History
http://www.garlic.com/~lynn/2008n.html#85 VMware Chief Says the OS is History
Flexible Silicon Solar Cells; Thin but efficient solar cells use
one-tenth the silicon of conventional cells.
http://www.technologyreview.com/energy/21467/
from above:
Arrays of the cells have about a 12 percent efficiency. The Illinois
researchers increased the arrays' power output by about two and half
times by adding concentrators in the form of a layer of cylindrical
microlenses. The best solar cells on the market convert more than 20
percent of the sunlight that falls on them into energy.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Wachovia Bank web site
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Wachovia Bank web site
Newsgroups: microsoft.public.security
Date: Mon, 06 Oct 2008 10:19:44 -0400
re:
http://www.garlic.com/~lynn/2008n.html#96 Wachovia Bank web site
http://www.garlic.com/~lynn/2008n.html#100 Wachovia Bank web site
recent article from this morning:
Browser Security UI: the horns of the dilemma
https://financialcryptography.com/mt/archives/001050.html
which references ("ISPs doing MITMs on their customers"):
http://blog.wired.com/27bstroke6/2008/04/isps-error-page.html
and example:
http://www.sslshopper.com/article-phishing-with-ev-ssl-certificates.htm
in all this description ... CAs are actually "certification authorities"
... i.e. they are certifying information. Frequently this has been
twisted to "certificate authorities" ... because of the frequent focus
on selling digital certificates (which is just a representation of the
information that they are certifying).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Houses
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Houses
Newsgroups: alt.folklore.computers
Date: Mon, 06 Oct 2008 10:42:55 -0400
D.J. <jollycamper72@cableone.net> writes:
She and I grew up in a small town in Texas. Not many liberals
there. Must have been the Klan influence. Women didn't get good paying
jobs there. Maybe differet influences in the other towns we lived in
in several states, my dad was in the Army, but not many women had good
paying jobs.
when we were doing HA/CMP product
http://www.garlic.com/~lynn/subtopic.html#hacmp
we had various contracts for marketing information. one was a female
that did a lot of subcontract work for dataquest (& then gartner after
they purchased dataquest). one of the things she was very good at was
surveys ... including telephone technology surveys.
she characterized a lot of the south (including texas) as having large
percentage of "good ole boys" ... the amount of information extracted
increased significantly when she adopted a "cheerleader" persona.
somewhat, in return i got a cameo role in a expensive marketing survey
hired by the executive heading up the boca PC division. The contract
called for a several hr (video taped) roundtable of the top dozen
experts in silicon valley discussing the future of the PC business.
I cleared participation with our direct executive report ... and
dataquest agreed to garble my introduction at the start of the round
table.
misc. past references:
http://www.garlic.com/~lynn/2002k.html#55 Moore law
http://www.garlic.com/~lynn/2005t.html#21 What ever happened to Tandem and NonStop OS ?
http://www.garlic.com/~lynn/2007g.html#81 IBM to the PCM market
http://www.garlic.com/~lynn/2007h.html#0 The Perfect Computer - 36 bits?
http://www.garlic.com/~lynn/2008d.html#60 more on (the new 40+ yr old) virtualization
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Houses
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Houses
Newsgroups: alt.folklore.computers
Date: Mon, 06 Oct 2008 14:25:32 -0400
Anne & Lynn Wheeler <lynn@garlic.com> writes:
when we were doing HA/CMP product
http://www.garlic.com/~lynn/subtopic.html#hacmp
we had various contracts for marketing information. one was a female
that did a lot of subcontract work for dataquest (& then gartner after
they purchased dataquest). one of the things she was very good at was
surveys ... including telephone technology surveys.
she characterized a lot of the south (including texas) as having large
percentage of "good ole boys" ... the amount of information extracted
increased significantly when she adopted a "cheerleader" persona.
re:
http://www.garlic.com/~lynn/2008o.html#5 Houses
and for a real challenge ... we also had her do ha/cmp technology
classes in tokyo.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Credit Card Security
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Credit Card Security
Date: October 6, 2008
Blog: Financial Security
re:
http://www.garlic.com/~lynn/2008n.html#90 Credit Card Security
http://www.garlic.com/~lynn/2008o.html#2 Credit Card Security
and some recent chipcard news ... somewhat along the lines of the
yes card problems:
Oyster card hack details revealed
http://news.bbc.co.uk/1/hi/programmes/click_online/7655292.stm
Boffins (finally) publish hack for world's most popular smartcard
http://www.theregister.co.uk/2008/10/06/mifare_hack_finally_published
note that a lot of the EU chipcards grew out of the environment in the
80s when telecom was significantly more expensive than in the
states. the EU chipcards weren't initially billed as a security issue
... but enabled doing offline transactions (usually referred to as
"stored value" of one kind or another) and represented overall less
expensive alternative to the high telco costs in europe.
in the early 90s, "magstripe" online "stored value" cards were
introduced in the US ... since they were significantly less expensive
than the EU alternative chipcards (a lot of these now show up as store
brand cards and/or "gift" cards).
About the same time, EU also started to see a significant decline in
telco costs (sometimes in conjunction with the proliferation of the
internet) ... greatly changing the online/offline chipcard economic
trade-off. A lot of the chipcard reaction was to try and increase the
feature/function provided by chipcards (as part of justifying their
expense). This also tended to further increase their costs ... as well
as complexity (which tends to adversely impact integrity and
security).
A possible alternative approach was to leverage online transactions
and reduce the feature/function in the chipcard ... purely
concentrating on addressing security (it is possible to aggressively
reduce cost while increasing security via less complexity).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
The end of the baby boomers, US bonds maturing, and then what?
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: The end of the baby boomers, US bonds maturing, and then what?
Date: October 6, 2008
Blog: Risk Management
supposedly it increases the number of retirees by something like a
factor of four times ... and the following generation is only a little
over half as large ... that increases the ratio of retirees to workers
by a factor of something like eight times.
there are several professions that are claiming that cutting their
numbers in half has all sorts of far reaching effects.
An obvious case is health and medical profession specializing in
geriatrics (since the ratio of patients to workers is also likely to
change by factor of eight times)
A year or so ago, there was program that the number of oil field
development projects were only possibly 2/3rds the expected level
(given the demand) ... the explanation was that such projects take 7-8
yrs and with expected retirements, there weren't going to be enough
experienced personal to complete more projects.
there are also claims that the following generation ... besides being
only half as large, also has a lower avg education level (which seems
to have been in downward slope for 30 some yrs) ... which implies that
they will be much less competitive in a global economy.
some number of critical infrastructures were developed, built and
supported by baby boomers. the retirement of those baby boomers is
periodically listed as one of the top risks faced by those critical
infrastructures.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Homebanking authentication methods: what's being used by your bank?
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Homebanking authentication methods: what's being used by your bank?
Date: October 7, 2008
Blog: Information Security
there are two parts ... the bank authenticating you and you
authenticating the bank.
SSL has somewhat been seen as bank authentication ... but because of
various deployment issues going back to the start, there are lots of
short comings.
Browser Security UI: the horns of the dilemma
https://financialcryptography.com/mt/archives/001050.html
dynamic pages aren't really a countermeasure (for bank impersonation)
since it is actually easier for an attacker to mount a MITM-attack
than creating a bogus website with static pages (simple approach is to
take some form of proxy code and slightly modify it for purpose of
MITM-attacks) ... part of old thread discussing such MITM attacks
http://www.garlic.com/~lynn/aadsm26.htm#28 man in the middle, SSL
There have been all sorts of attempts to improve on client/customer
authentication. Part of the problem is that "static" data is extremely
subject to phishing (and MITM) attacks. Back in the 60s when i first
started using passwords ... I only had a very few. Kindergarten 101
security requires a unique password for every unique security domain
(as countermeasure against cross-domain attacks) ... but the
proliferation in the number of such environments means that everybody
has large scores or hundreds of "somthing you know" pin/password
authentication (creating a huge security human factors problem with
being able to keep them all straight).
An attempt was made to deploy hardware tokens/chipcards in the earlier
part of this decade/century for the consumer home PC market. The
problem was that part of the program also involved distributing
serial-port card readers ... which resulted in enormous customer
installation and support problems ("BSOD", reinstalls of
system/machines from scratch, large number of customer calls). The
magnitude of the problems basically resulted in abandoning the effort
and a rapidly spreading opinion that chipcards weren't practical in
the customer market segment.
In depth, after action studies attributed the problems to serial-port
installations but was too late to head off the rapidly spreading view
that chipcards weren't practical in the consumer market. It also seem
to contribute to EU FINREAD effort appearing to evaporate ... even
though many of the FINREAD readers weren't serial-port ... misc. past
posts mentioning EU FINREAD activity
http://www.garlic.com/~lynn/subintegrity.html#finread
This is an example of fleeting institutional knowledge. There were
several presentations in the 95/96 timeframe about big factor in the
move from the dial-up home banking programs from the 80s to the
internet (even tho it was generally viewed as less secure). This issue
was huge consumer support problems again with serial-port ... in this
case for modems. Some institutions claimed that they had well over 60
different software drivers supporting in-house dial-in operations
... and also had huge consumer support issues with configuration
problems. Migration to internet and online service providers
... eliminated all those costs for the individual institutions (being
able to amortize across the whole consumer online experience and
helping motivate support being incorporated as part of standard
products)
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Does anyone read the Greater IBM Connection Blog?
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Does anyone read the Greater IBM Connection Blog?
Date: October 7, 2008
Blog: Greater IBM
In the late 70s and early 80s ... i got blamed for online computer
conferencing on the internal network ... misc. past posts mentioning
the internal network
http://www.garlic.com/~lynn/subnetwork.html#internalnet
which was larger than the arpanet/internet from just about the
beginning until possibly summer of '85.
recent post to ibm-main (originated on bitnet ... unv. network from
the 80s ... using similar technology to that used for the internal
network)
http://www.garlic.com/~lynn/2008m.html#35 IBM THINK original equipment sign
above reference has picture of desk ornament commemorating 1000th node
on the internal network (from 1983).
other archived stuff from greater ibm:
http://www.garlic.com/~lynn/2008j.html#74 Are we approaching a "tipping point" with regard to business travel?
http://www.garlic.com/~lynn/2008k.html#59 Happy 20th Birthday, AS/400
http://www.garlic.com/~lynn/2008m.html#88 Sustainable Web
http://www.garlic.com/~lynn/2008n.html#50 The Digital Dark Age or.....Will Google live for ever?
http://www.garlic.com/~lynn/2008n.html#60 Costing for IT Services
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Browser Security UI: the horns of the dilemma
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Browser Security UI: the horns of the dilemma
Date: October 8, 2008 10:29 AM
Blog: Financial Cryptography
re:
https://financialcryptography.com/mt/archives/001050.html
My oft repeated comments were that we had signoff on the webserver to
payment gateway ... but we couldn't dictate the webserver to browser
.... and almost immediately, merchants found that SSL cut webserver
thruput 85-95% and so they dropped back to just using SSL with a
payment/checkout button.
so the latest in this
Google's Obfuscated TCP
http://it.slashdot.org/it/08/10/08/0025258.shtml
Obfuscated TCP
http://code.google.com/p/obstcp/
However, SSL was to address two issues
1) validating that the website you think you are talking to, is the
website you are talking to
2) hide information
The big problem with conditioning endusers to clicking on buttons from
unvalidated sources ... is the validating part is broken.
SSL required the end user understand the relationship between the
webserver they thought they were talking to and the corresponding URL
... and then the browser SSL code provided the assurance between the
URL and webserver they were talking to. With the checkout/pay paradigm
button clicking (provided from a non-SSL validated source), the
paradigm degenerated to the webserver is whatever webserver that it
claimed to be (since an unvalidated source was providing the URL, not
the enduser from validated source).
recent related threads:
http://www.garlic.com/~lynn/2008n.html#96 Wachovia Bank web site
http://www.garlic.com/~lynn/2008n.html#100 Wachovia Bank web site
http://www.garlic.com/~lynn/2008o.html#4 Wachovia Bank web site
http://www.garlic.com/~lynn/2008o.html#9 Homebanking authentication methods
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
The human plague
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The human plague
Newsgroups: alt.folklore.computers
Date: Wed, 08 Oct 2008 14:18:12 -0400
it is not just the pres; congress approval numbers have been running
about 1/3rd that of the pres.
http://www.garlic.com/~lynn/2008j.html#73 lack of information accuracy
Congressional Performance; Congressional Approval Falls to Single Digits
for First Time Ever
http://rasmussenreports.com/public_content/politics/mood_of_america/congressional_performance/congressional_performance
there have also been claims that recent congress had the lowest
attendence record in the history of the country ... and one of the
lowest legislative activity
http://www.garlic.com/~lynn/2007v.html#20 Education ranking
CSPAN on sunday had a guest that claimed that the financial industry had
contributed $250m to congress the session that repealed Glass-Steagall
... and the financial industry has contributed $2b to the current
congress (that recently passed the $700b bailout bill, with those voting
for the bill receiving an avg of 45percent more from the financial
industry, than those voting against) ... recent post
http://www.garlic.com/~lynn/2008n.html#99 Blinkylights
related:
http://www.garlic.com/~lynn/2008k.html#71 Cormpany sponsored insurance
http://www.garlic.com/~lynn/2008m.html#49 Taxes
http://www.garlic.com/~lynn/2008m.html#50 Taxes
http://www.garlic.com/~lynn/2008m.html#87 Fraud due to stupid failure to test for negative
repeatedly over the past several months, there have been statements
"calling the bottom" to the current economic downturn (supposedly
based on previous similar events). the current situation
differentiates itself with so much institutional fabrication since
2001. there is danger that because of the confidence crisis (since
there is such an enormous trust issue because of the pervasiveness of
the fabrication), that things continue on down past 2001 reset point
(including the housing market, financial institutions, as well as
equity markets).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
What risk of possible data leakage do you see for your organization?
Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: What risk of possible data leakage do you see for your organization?
Date: October 9, 2008
Blog: Information Security
In the mid-90s we got involved in the X9A10 financial standard working
of the financial infrastructure for *ALL* retail payments (credit,
debit, stored-value, POS, face-to-face, internet, etc).
One of the interesting side-effects of the X9A10 financial standard
working group being given the requirement to preserve the integrity of
the financial infrastructure for all retail payments, which resulted
in x9.59 standard
http://www.garlic.com/~lynn/x959.html#x959
... was besides the ALL obvious stuff, including POS and internet
... also had to be considered was things like metro transit gates.
As a part of that we developed a framework for security proportional
to risk as parameterised risk management.
From basic 3-factor authentication ... lots of past posts
http://www.garlic.com/~lynn/subintegrity.html#3factor
• something you have
• something you know
• something you are
So the idea was the same chipcard would effectively handle x9.59
transaction as single factor something you have (say at metro
transit turnstyle w/o PIN) .... but would also operate the same way
when the infrastructure required arbitrary two (or more) factor
authentication ... i.e. x9.59 transaction with base something you
have chipcard ... but could also work with one or more additional
authentication factors (based on amount at risk).
The other part of the x9a10 financial working group *ALL* was
framework for supporting a person-centric paradigm ... as opposed to
strictly an "institutional-centric" paradigm (each institution issuing
a card). This required that the same chipcard not only operate highly
secure for one or more authentication factor x9.59 financial
transactions (potentially even same chipcard with a large number
different financial institutions accounts) ... but the same chipcard
could be easily used for things like ISP internet login authentication
and physical door access authentication (w/o requiring institutional
loading/personalizing the chip).
Finally, the chip would be form-factor and transport agnostic (POS,
transit, internet); the same chip-core would work with contact and
contactless ... and also as embedded chip in things like PDAs and/or
cellphone.
so, as part of meeting the X9A10 *ALL* requirement, frameworks for
• simultaneously support multiple authentication factors
• simultaneously support multiple different environments
• simultaneously support multiple form-factors
• simultaneously support very high security at very low cost,
as well as very low power and very fast.
various aspects show up as part of the AADS chip strawman
http://www.garlic.com/~lynn/x959.html#aads
recent related thread:
Credit Card Security
http://www.linkedin.com/answers/finance-accounting/financial-regulation/FIN_FRG/333069-2064487
and
http://www.garlic.com/~lynn/2008n.html#90 Credit Card Security
http://www.garlic.com/~lynn/2008o.html#2 Credit Card Security
http://www.garlic.com/~lynn/2008o.html#7 Credit Card Security
Another part of X9A10 effort was detailed, end-to-end, threat and
vulnerability studies. Another aspect of security proportional to
risk was that in much of the current paradigm, information from
previous transactions (skimming, data breaches, security breaches,
etc) can be used by crooks for fraudulent transactions. The issue is
that the value of the information to the merchant is basically some
percent of the profit from the transaction; however, the value of the
information to the crook is the account balance &/or credit
limit. This can mean that the crook can afford to outspend (attacking
the system) the merchant (defending the system) by factor of 100
times. The scope of the problem is further compounded by some studies
showing that up to 70percent of identity theft involves insiders.
X9.59 didn't do anything about preventing such information leakage,
but it tweaked the paradigm so that the information was useless to the
crooks (i.e. could no longer be used for fraudulent transactions). We
periodically commented that in the current paradigm, even if the
planet was buried under miles of information hiding encryption, it
still wouldn't be able to prevent information leakage.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Blinkylights
Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Blinkylights
Newsgroups: alt.folklore.computers
Date: Thu, 09 Oct 2008 10:30:44 -0400
related to ... long-winded, decade old post mentioning many of the
current problems:
http://www.garlic.com/~lynn/aepay3.htm#riskm The Thread Between Risk Management and Information Security
in the S&L crisis period, citibank "discovering" the risk in ARMs and
then getting out of the mortgage market.
the following is analytics related as opposed to all the fiddling and
fabrication that went on ...
http://www2.marketwire.com/mw/mmframe?prid=441535&attachid=850879
"In 1973, Wm. Mack Terry and his colleagues at the Bank of America in
San Francisco introduced the world's first matched maturity transfer
pricing system," added Dr. Donald R. van Deventer, Kamakura Chairman and
Chief Executive Officer. "Over the last 35 years, the concept has been
increasingly refined and modified to incorporate the best practice
calculations embedded in KRM Version 7.0. Best practice transfer pricing
calculations would have made it clear that neither Bear Stearns nor
Lehman Brothers had more than a marginal chance of survival when funding
30 year sub-prime mortgage loans with thirty day borrowings. Board
members can and should demand clarity of disclosure on the total risk of
an institution and the contribution of each business unit and
transaction to total risk. This capability is available now, and
Kamakura has been gratified that so many institutions have reached out
to Kamakura for best practice risk analytics during the current crisis."
... snip ...
past posts mentioning Kamakura:
http://www.garlic.com/~lynn/2007v.html#25 Newsweek article--baby boomers and computers
http://www.garlic.com/~lynn/2008.html#66 As Expected, Ford Falls From 2nd Place in U.S. Sales
http://www.garlic.com/~lynn/2008.html#70 As Expected, Ford Falls From 2nd Place in U.S. Sales
http://www.garlic.com/~lynn/2008b.html#12 Computer Science Education: Where Are the Software Engineers of Tomorrow?
http://www.garlic.com/~lynn/2008c.html#21 Toyota Sales for 2007 May Surpass GM
http://www.garlic.com/~lynn/2008c.html#87 Toyota Sales for 2007 May Surpass GM
http://www.garlic.com/~lynn/2008g.html#64 independent appraisers
http://www.garlic.com/~lynn/2008j.html#29 dollar coins
http://www.garlic.com/~lynn/2008n.html#56 VMware Chief Says the OS Is History
http://www.garlic.com/~lynn/2008n.html#69 Another quiet week in finance
the stories are that even the best of analytics wouldn't have been able
to head off the current problems ... because the books were being
fiddled to allow extremely risky actions that appeared to boost the
bottom line ... as means of inflating executive compensation.
misc. past references:
http://www.garlic.com/~lynn/2008f.html#76 Bush - place in history
http://www.garlic.com/~lynn/2008g.html#52 IBM CEO's remuneration last year ?
http://www.garlic.com/~lynn/2008g.html#66 independent appraisers
http://www.garlic.com/~lynn/2008h.html#42 The Return of Ada
http://www.garlic.com/~lynn/2008m.html#96 Blinkylights
http://www.garlic.com/~lynn/2008m.html#99 Blinkylights
http://www.garlic.com/~lynn/2008n.html#3 Blinkylights
http://www.garlic.com/~lynn/2008n.html#15 Blinkylights
http://www.garlic.com/~lynn/2008n.html#49 VMware Chief Says the OS Is History
http://www.garlic.com/~lynn/2008n.html#52 Technology and the current crisis
http://www.garlic.com/~lynn/2008n.html#53 Your thoughts on the following comprehensive bailout plan please
http://www.garlic.com/~lynn/2008n.html#56 VMware Chief Says the OS Is History
http://www.garlic.com/~lynn/2008n.html#65 Whether, in our financial crisis, the prize for being the biggest liar is
http://www.garlic.com/~lynn/2008n.html#69 Another quiet week in finance
http://www.garlic.com/~lynn/2008n.html#72 Why was Sarbanes-Oxley not good enough to sent alarms to the regulators about the situation arising today?
http://www.garlic.com/~lynn/2008n.html#78 Isn't it the Federal Reserve role to oversee the banking system??
http://www.garlic.com/~lynn/2008n.html#80 Why did Sox not prevent this financal crises?
http://www.garlic.com/~lynn/2008n.html#82 Fraud in financial institution
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Financial Crisis - the result of uncontrolled Innovation?
Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Financial Crisis - the result of uncontrolled Innovation?
Date: October 9, 2008
Blog: Organizational Development
The "problems" possibly are mostly
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
Subprime = Triple-A ratings? or 'How to Lie with Statistics
http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
GAO has been doing database of corporate restatements. Basically
financials are inflated, the bonuses taken on the inflated statements
and possibly later the financials are restated ... but the bonuses
aren't forfeited.
A lot of it is leveraging the lack of transparency as part of fiddling
the books.
Toxic CDOs had been used two decades ago during the S&L crisis to
obfuscate underlying values.
Getting triple-A rating on toxic CDOs allowed unregulated mortgage
originators to continue funding their operations and unload all the
mortgages they could possibly write ... w/o needing to pay any
attention to loan quality. Then lots of institutions and retirement
funds would snap up these supposedly "safe", triple-A rated toxic
CDOs.
Speculators taking advantage of things like no-documentation, 1-2
percent intro, interest only mortgages ... basically could treat the
home owner market like the unregulated 1920s stock market.
long-winded, decade old-post discussing many of the current problems,
including needing visibility in CDO-like instruments
http://www.garlic.com/~lynn/aepay3.htm#riskm The Thread Between Risk Management and Information Security
note that the subprime loans (no-documentation, no-down, 1-2percent
intro rate, possibly interest only payments) were supposedly for
low-income, first time home buyers. However, studies are claiming that
at least 61percent of such loans went to people that would have
otherwise qualified for normal loans ... heavily suggesting
speculators were taking advantage of the offerings. Also there have
been huge price spike in segments of the home owner market not
normally associated with low-income, first-time home buyers ... again
suggesting heavy speculation activity.
Last spring there was a business school article that claimed something
like 1000 executives are responsible for 80% of the current crisis
... and it would go a long ways towards fixing the problem if the
gov. could figure how they could loose their job.
Example of fiddling financial statements was freddie in 2004 was fined
$400m for $10b inflation in financial statements. The CEO was replaced
... but allowed to keep tens of (hundred?) millions. A few weeks ago,
Warren Buffet said that he was largest stockholder in freddie in the
2000-2001, but got completely out because of their accounting
practices.
article from today
Expert: Flawed corporate watchdog methods helped fuel economic crisis
http://www.news.uiuc.edu/news/08/1009corporations.html
another item/quote from today:
"Best practice transfer pricing calculations would have made it clear
that neither Bear Stearns nor Lehman Brothers had more than a marginal
chance of survival when funding 30 year sub-prime mortgage loans with
thirty day borrowings."
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Is Information Security driven by compliance??
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Is Information Security driven by compliance??
Date: October 9, 2008
Blog: Information Security
we had been asked to help wordsmith cal. state electronic signature
legislation ... misc. past posts
http://www.garlic.com/~lynn/subpubkey.html#signature
some of the other participants were heavily into privacy issues and
had done detailed, in-depth customer surveys. They found the top,
number one issue was identity theft, and the 2nd was "denial of
service" (by institutions and gov. using personal information).
A big part of identity theft was crooks acquiring information (data
breaches and security breaches) and being able to perform
fraudulent financial transactions ... which was getting little or no
attention (little public connection between the breaches and the
resulting fraud). This appeared to be the motivation for the
cal. state breach notification legislation ... hoping the publicity
would result in corrective actions.
Also, in the mid-90s we had been asked to participate in the x9a10
financial standard working group which had been given the requirement
to preserve the integrity of the financial infrastructure for all
retail payments ... which resulted in the x9.59 financial standard.
http://www.garlic.com/~lynn/x959.html#x959
Part of the effort involved, detailed, end-to-end, threat and
vulnerability studies.
Part of the issue here (related to data breaches) was something from
kindergarten security 101, security proportional to risk. Majority
of the data breaches has involved financial transaction
information. Part of the issue, is the value of the information to
merchants is some percent of profit off the transaction; however the
value of the information to the crooks is the account balance and/or
credit limit. The result is that the crooks can frequently outspend
the merchants by a factor of 100:1 attacking the system (as the
merchants can afford spend on defending the system).
So part of x9.59 financial standard was to slightly tweak the paradigm
and make the information useless to crooks (doing nothing to prevent
the data breaches, but eliminating the motivation for the data
breaches)
somewhat related answer to this question
Financial Crisis - the result of uncontrolled Innovation?
http://www.linkedin.com/answers/management/organizational-development/MGM_ODV/335924-10127581
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
what will be a wow feature in a credit card
Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: what will be a wow feature in a credit card
Date: October 9, 2008
Blog: Credit Card Professionals
in the mid-90s, we had been called in to work on the x9a10 financial
standard working group which had been given the requirement to
preserve the integrity of the financial infrastructure for all retail
payments. this resulted in the x9.59 financial standard
http://www.garlic.com/~lynn/x959.html#x959
a lot of this was making x9.59 payment method agnostic (credit, debit,
stored-value) as well as format agnostic, extremely lightweight, very
low power, very fast, and very high security (use for broad range of
transactions values from very low to very high ... at POS, internet,
and even transit turnstyle).
Part of this was somewhat creating a framework for security
proportional to risk that we called parameterised risk management
.... which included allowing the same operation to work with multiple
different numbers of authentication factors.
From 3-factor authentication model ... lots of past posts
http://www.garlic.com/~lynn/subintegrity.html#3factor
• something you have
• something you know
• something you are
so that a very indexpensive, very high security, form-factor agnostic
contactless hardware token could work within the time and power
constraints at a transit turnstyle (w/o a pin or password) or for
low-value transactions at POS ... and effectively the same operation
and hardware token work for wide variety of higher value transactions
(which might require pin, password, and/or biometrics) at POS and/or
on the internet.
Another part of this ALL requirement was framework to tweak the
paradigm to allow person-centric operation ... as opposed to
institutional-centric paradigm (where a person might get a unique
hardware token from every institution that they had dealings
with). This allows a person to have a single (or very few) hardware
tokens that satisfies all authentication requirements for a broad
range of different kinds of transactions and values.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Once the dust settles, do you think Milton Friedman's economic theories will be laid to rest
Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Once the dust settles, do you think Milton Friedman's economic theories will be laid to rest
Date: October 9, 2008
Blog: Government Policy
On sunday, CSPAN had guest on that said that the financial industry
contributed $250m to congress in the session that repealed
Glass-Steagall (Glass-Steagall had been passed in the wake of the '29
crash to keep the safety & soundness of regulated banking separate from
highly risky, unregulated investment banking). PBS program going into
some detail about the repeal:
The Wall Street Fix
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet/
and also that the financial industry contributed $2b to congress in
the most recent session that saw the passage of the $700b bailout
(supposedly those that voted for received 45percent more than those
that voted against).
Much of the current problems is the lack of transparency and
visibility allowing a lot of fiddling, fabrication and fudging the
books.
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
Subprime = Triple-A ratings? or 'How to Lie with Statistics'
http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
Toxic CDOs had been used two decades ago in the S&L crisis to
obfuscate underlying values and sell stuff that otherwise wouldn't
have likely sold.
Being able to get triple-A ratings on toxic CDOs allowed unregulated
mortgage originators to continue to fund their operations and also
unload all the mortgages they could write w/o having to pay any
attention to quality. There was little motivation not to write,
no-documentation, ARMs with 1-2percent intro rates and interest only
payments. Speculators could snap these up and basically treat the home
owners market like the unregulated 1920s stock market.
Then there were a large number of institutions and retirement funds
buying up these supposedly safe triple-A rated toxic CDOs.
and article from today:
Lehman Failure Seen as Straw Which Broke Credit Market's Back
http://www.financetech.com/news/showArticle.jhtml?articleID=211100066
but there is also the whole crisis & trust confidence in institutions
... in part because of the financial statement fiddling and
restatements ... but also because of trust issues in rating services.
older article
The Fed's Too Easy on Wall Street
http://www.businessweek.com/investor/content/mar2008/pi20080318_697440.htm?chan=top+news_top+news+index_businessweek+exclusives
from above:
"The Federal Reserve continues to bail out major financial
institutions without imposing meaningful conditions to improve their
conduct and performance," complains Peter Morici, professor at the
Smith Business School at the University of Maryland.
Here's a staggering figure to contemplate: New York City securities
industry firms paid out a total of $137 billion in employee bonuses
from 2002 to 2007, according to figures compiled by the New York State
Office of the Comptroller. Let's break that down: Wall Street honchos
earned a bonus of $9.8 billion in 2002, $15.8 billion in 2003, $18.6
billion in 2004, $25.7 billion in 2005, $33.9 billion in 2006, and
$33.2 billion in 2007.
... snip ...
now part of the $700b presumably is to replenish the $137b that wall
street sucked out of the infrastructure as their reward for
contributions to creating the current problem
two weeks ago one of the tv business news shows had a representative
from one of the rating companies to discuss downgrades they were
giving some companies. the host spent much of the show trying to get
the guest to admit to being responsible for the crisis (because of all
the triple-A ratings they had given toxic CDOs).
the triple-A rated toxic CDOs allowed enormous speculation in the home
owner market ... plot avg home prices back to 1970 and avg home prices
as a percent of avg salary also back to 1970s. Both plots show an
enormous ugly speculation pimple/boil starting earlier in this decade
that is only about half-way deflated. Nominally the deflation of the
ugly speculation pimple/boil would reset back to 2001 level. However
the loss of confidence in so many institutions might continue the
downward spiral past the 2001 reset point (the crisis confidence is
also evident in credit and equity markets)
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
What's your view of current global financial / economical situation?
Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: What's your view of current global financial / economical situation?
Date: October 9, 2008
Blog: Economics
On sunday, CSPAN had guest on that said that the financial industry
contributed $250m to congress in the session that repealed
Glass-Steagall (Glass-Steagall had been passed in the wake of the '29
crash to keep the safety & soundness of regulated banking separate from
highly risky, unregulated investment banking). PBS program going into
some detail about the repeal:
The Wall Street Fix
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet/
and also that the financial industry contributed $2b to congress in
the most recent session that saw the passage of the $700b bailout
(supposedly those that voted for received 45percent more than those
that voted against).
Much of the current problems is the lack of transparency and
visibility allowing a lot of fiddling, fabrication and fudging the
books.
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
Subprime = Triple-A ratings? or 'How to Lie with Statistics'
http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
Toxic CDOs had been used two decades ago in the S&L crisis to
obfuscate underlying values and sell stuff that otherwise wouldn't
have likely sold.
Being able to get triple-A ratings on toxic CDOs allowed unregulated
mortgage originators to continue to fund their operations and also
unload all the mortgages they could write w/o having to pay any
attention to quality. There was little motivation not to write,
no-documentation, ARMs with 1-2percent intro rates and interest only
payments. On the home owner market side of these triple-A rated,
toxic CDOs, Speculators could snap these up and basically treat
the home owners market like the unregulated 1920s stock market.
On the other side of these triple-A rated, toxic CDOs, there
were a large number of institutions and retirement funds buying up
these supposedly safe triple-A rated toxic CDOs.
Long-winded, decade old post discussing many of the current problems,
including need for visibility into CDO-like instruments
http://www.garlic.com/~lynn/aepay3.htm#riskm The Thread Between Risk Management and Information Security
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Is the Credit Cruch a boost for Virtualization?
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Is the Credit Cruch a boost for Virtualization?
Date: October 9, 2008
Blog: Enterprise Software
For the past 20 yrs or so there has been increasing leveraging of
dedicated computers for specific applications. The hardware (and other
related) costs were trade-off against expensive and scarce human
expertise that would have required getting a large number of different
applications to gracefully co-exist on a single computer. After 20 yrs
of this approach, there are massive numbers of installed computers
running at 5-10 percent utilization.
This has created an enormous opportunity to leverage racks, grid, and
virtualization to frequently achieve 10:1 consolidation in the total
number of computers (and in some cases, 10:1 consolidation in the
number of an institution's datacenters). Virtualization allows for
significant consolidation with little or none of the scarce expertise
that would have been required using more traditional consolidation
technologies.
This is also a "green" play ... representing a corresponding
significant reduction in power & cooling (in addition to cost
savings).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Old XDS Sigma stuff
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Old XDS Sigma stuff
Newsgroups: alt.folklore.computers
Date: Thu, 09 Oct 2008 13:57:54 -0400
Al Kossow <aek@spies.com> writes:
The real problem was software. SDS was in reactive mode to their customers
well into the 70's for software on the Sigma. There are design specs for
timsharing back to 1966, but it took them four or five years to finally ship
UTS, which put them in the center of the 1970 recession trying to sell big
timesharing systems.
They finally came up with a pretty decent system a few years later with the
renamed CP-5, but by then Xerox had essentially killed them.
The systems that Sigmas ended up in were what became the supermini segment
in the mid-late 70's. Both BART and the DC METRO used Sigmas for train control,
NASA used one for Saturn V data collection, etc. This fits in with the market
segment that the 900 series sold into.
In the early to mid 70s, I got called in to some number of customers to
make presentations ... marketing against sigma7s ... i don't remember
all the details but supposedly local marketing team was beating sigma7s
in mixed-mode timesharing benchmarks (w/vm370).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
What risk of possible data leakage do you see for your organization?
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: What risk of possible data leakage do you see for your organization?
Date: October 9, 2008
Blog: Information Security
re:
http://www.garlic.com/~lynn/2008o.html#13 What risk of possible data leakage do you see for your organization?
recent study ... another take on the "inside" scenario:
Study: 80% of Organizations Suffer Breaches, Most From the Inside
http://www.darkreading.com/document.asp?doc_id=165612
Majority of the data breaches that are making the press, have been the
kind involving financial transaction information that crooks can use
to make fraudulent transactions.
Another aspect of the X9A10 financial standard, in-depth, end-to-end,
threat and vulnerability study was the dual-use nature of the breached
information. The transaction information is needed for executing the
transaction and a variety of ancillary of business processes, but also
contains the information crooks leverage for performing fraudulent
transactions. As a result, there are diametrically opposing, dual-use
security requirements .... on the one hand, the information has to be
generally available for all the business processes ... and on the
other hand the information must be kept completely confidential and
never divulged (nominally not even presenting the information in order
to perform a transaction).
The diametrically opposing security requirements has led us to
periodically observe that even if the planet was buried under miles of
information hiding encryption, it still wouldn't be able to stop the
information leakage.
This also part of the paradigm tweaking done in the x9.59 protocol
... to eliminate the dual-use nature of the information (and also
eliminate the motivation for the majority of the breaches).
http://www.garlic.com/~lynn/x959.html#x959
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Old XDS Sigma stuff
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Old XDS Sigma stuff
Newsgroups: alt.folklore.computers
Date: Thu, 09 Oct 2008 15:11:52 -0400
Al Kossow <aek@spies.com> writes:
I just put up a competitive analysis document under
http://bitsavers.org/pdf/sds/sigma/memos
which compares CP-V and TSO
re:
http://www.garlic.com/~lynn/2008o.html#21 Old XDS Sigma stuff
CERN had made a presentation at SHARE circa 1974 on competitive analysis
of TSO and vm370/cms. Internally, copies of the report were classified
"confidential - restricted" ... basically available on a need-to-know
basis only ... so as to limit the information to employees (about how
badly TSO compared).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Nonviolent Activists Are Now Terrorists
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Nonviolent Activists Are Now Terrorists
Newsgroups: alt.folklore.computers
Date: Thu, 09 Oct 2008 15:34:49 -0400
Nonviolent Activists Are Now Terrorists
http://www.schneier.com/blog/archives/2008/10/nonviolent_acti.html
we've constantly heard the same refrain over the yrs trying to apply
RDBMS technology to real-world information.
I've often claimed that original relational/sql implementation System/R
... misc past posts
http://www.garlic.com/~lynn/submain.html#systemr
had effectively made performance trade-offs ... for silver bullet
application ... financial transaction processing. Basically account
record with prestructured and uniform, homogeneous information regarding
all the entries (significantly reduced per account record processing
... if it could be assumed that all information about each entry was
uniform).
there is also frequently a significant upfront effort to come-up with
some sort of semi-generalized uniform definitions for the tables ...
which then frequently also requires enormous justification to change
&/or add-to the table structure defintions (with frequent quotes of
18m-36m elapsed time cycle for such efforts).
The stronger implication is that all sorts of valuable information may
get contorted and/or discarded because the original effort hadn't
anticipated all possible future cases.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
What are the Black Swans for IT Security?
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: What are the Black Swans for IT Security?
Date: October 9, 2008
Blog: Information Security
Nonviolent Activists Are Now Terrorists
http://www.schneier.com/blog/archives/2008/10/nonviolent_acti.html
we've constantly heard the same refrain over the yrs trying to apply
RDBMS technology to real-world information.
I've often claimed that original relational/sql implementation
System/R ... misc past posts
http://www.garlic.com/~lynn/submain.html#systemr
had effectively made performance trade-offs ... for silver bullet
application ... financial transaction processing. Basically account
record with prestructure and uniform, homogeneous information
regarding all the entries (significantly reduced per account record
processing ... if it could be assumed that all information about each
entry was uniform).
there is also frequently a significant upfront effort to come-up with
some sort of semi-generalized uniform definitions for the tables
... which then frequently also requires enormous justification to
change &/or add-to the table structure definitions (with frequent
quotes of 18m-36m elapsed time cycle for such efforts).
The stronger implication is that all sorts of valuable information may
get contorted and/or discarded because the original effort hadn't
anticipated all possible future cases.
At the same time I was involved in doing some of the System/R
implementation ... I also got involved in doing a similar kind of
implementation which didn't require the uniformity and
prestructuring. In recent yrs, I've gone thru several
re-implementations from scratch and have used it for a number of
things like my RFC index
http://www.garlic.com/~lynn/rfcietff.htm
and various merged glossaries and taxonomies
http://www.garlic.com/~lynn/index.html#glosnote
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
SOX (Sarbanes-Oxley Act), is this really followed and worthful considering current Financial Crisis?
Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: SOX (Sarbanes-Oxley Act), is this really followed and worthful considering current Financial Crisis?
Date: October 10, 2008
Blog: Financial Regulation
Much of the current problems is the lack of transparency and
visibility allowing a lot of fiddling, fabrication and fudging the
books.
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
Subprime = Triple-A ratings? or 'How to Lie with Statistics'
http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
Toxic CDOs had been used two decades ago in the S&L crisis to
obfuscate underlying values and sell stuff that otherwise wouldn't
have likely sold.
Being able to get triple-A ratings on toxic CDOs allowed unregulated
mortgage originators to continue to fund their operations and also
unload all the mortgages they could write w/o having to pay any
attention to quality. There was little motivation not to write,
no-documentation, no down payment ARMs with 1-2percent intro rates and
interest only payments. Speculators could snap these up and basically
treat the home owners market like the unregulated 1920s stock market.
Then there were a large number of institutions and retirement funds
buying up these supposedly safe triple-A rated toxic CDOs.
Previously, home owner market was indirectly regulated, mortgages were
originated by regulated institutions that kept the mortgages on their
books ... so there was significant motivation to pay attention to
mortgage quality.
Long-winded, decade old post discussing many of the current problems,
including need for visibility into CDO-like instruments
http://www.garlic.com/~lynn/aepay3.htm#riskm
Last spring there was a business school article that claimed something
like 1000 executives are responsible for 80% of the current crisis
... and it would go a long ways towards fixing the problem if the
gov. could figure how they could loose their job.
GAO has been doing database of increasing number of financial
restatements. Basically the financials are fiddled in a number of ways
to inflate them and executives get bonuses on the inflated
financials. Later, the financials may be restated but the bonuses
aren't forfeited.
Example of fiddling financial statements, freddie in 2004 was fined
$400m for $10b inflation in financial statements. The CEO was replaced
... but allowed to keep tens of (hundred?) millions. A few weeks ago,
Warren Buffet said that he was largest stockholder in freddie in
2000-2001, but got completely out because of their accounting
practices.
article from yesterday:
Expert: Flawed corporate watchdog methods helped fuel economic crisis
http://www.news.uiuc.edu/news/08/1009corporations.html
and different item/quote from yesterday:
"Best practice transfer pricing calculations would have made it clear
that neither Bear Stearns nor Lehman Brothers had more than a marginal
chance of survival when funding 30 year sub-prime mortgage loans with
thirty day borrowings.."
... snip ...
and article from today:
Lehman Failure Seen as Straw Which Broke Credit Market's Back
http://www.financetech.com/news/showArticle.jhtml?articleID=211100066
but there is also the whole crisis & trust confidence in institutions
... in part because of the financial statement fiddling and
restatements ... but also because of trust issues in rating services.
two weeks ago one of the tv business news shows had a representative
from one of the rating companies to discuss downgrades they were
giving some companies. the host spent much of the show trying to get
the guest to admit to being responsible for the crisis (because of all
the triple-A ratings they had given toxic CDOs).
another article
The Fed's Too Easy on Wall Street
http://www.businessweek.com/investor/content/mar2008/pi20080318_697440.htm?chan=top+news_top+news+index_businessweek+exclusives
from above:
"The Federal Reserve continues to bail out major financial
institutions without imposing meaningful conditions to improve their
conduct and performance," complains Peter Morici, professor at the
Smith Business School at the University of Maryland.
Here's a staggering figure to contemplate: New York City securities
industry firms paid out a total of $137 billion in employee bonuses
from 2002 to 2007, according to figures compiled by the New York State
Office of the Comptroller. Let's break that down: Wall Street honchos
earned a bonus of $9.8 billion in 2002, $15.8 billion in 2003, $18.6
billion in 2004, $25.7 billion in 2005, $33.9 billion in 2006, and
$33.2 billion in 2007.
... snip ...
now part of the $700b presumably is to replenish the $137b that wall
street sucked out of the infrastructure as their reward for
contributions to creating the current problem
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Blinkylights
Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Blinkylights
Newsgroups: alt.folklore.computers
Date: Fri, 10 Oct 2008 10:16:29 -0400
Anne & Lynn Wheeler <lynn@garlic.com> writes:
the following is analytics related as opposed to all the fiddling and
fabrication that went on ...
http://www2.marketwire.com/mw/mmframe?prid=441535&attachid=850879
"In 1973, Wm. Mack Terry and his colleagues at the Bank of America in
San Francisco introduced the world's first matched maturity transfer
pricing system," added Dr. Donald R. van Deventer, Kamakura Chairman and
Chief Executive Officer. "Over the last 35 years, the concept has been
increasingly refined and modified to incorporate the best practice
calculations embedded in KRM Version 7.0. Best practice transfer pricing
calculations would have made it clear that neither Bear Stearns nor
Lehman Brothers had more than a marginal chance of survival when funding
30 year sub-prime mortgage loans with thirty day borrowings. Board
members can and should demand clarity of disclosure on the total risk of
an institution and the contribution of each business unit and
transaction to total risk. This capability is available now, and
Kamakura has been gratified that so many institutions have reached out
to Kamakura for best practice risk analytics during the current crisis."
... snip ...
re:
http://www.garlic.com/~lynn/2008o.html#14 Blinkylights
from today:
Lehman Failure Seen as Straw Which Broke Credit Market's Back
http://www.financetech.com/news/showArticle.jhtml?articleID=211100066
but there is also the whole crisis & trust confidence in institutions
... in part because of the financial statement fiddling and
restatements ... but also because of trust issues in rating services.
past posts mentioning GAO database of increasing number of financial
restatements (basically various fiddling to inflate financials to inflate
executive bonuses, later financials may be restated but bonuses
not forfeited)
http://www.garlic.com/~lynn/2008j.html#64 lack of information accuracy
http://www.garlic.com/~lynn/2008k.html#20 IBM's 2Q2008 Earnings
http://www.garlic.com/~lynn/2008n.html#2 Blinkylights
http://www.garlic.com/~lynn/2008n.html#28 Blinkylights
http://www.garlic.com/~lynn/2008n.html#37 Success has many fathers, but failure has the US taxpayer
http://www.garlic.com/~lynn/2008n.html#53 Your thoughts on the following comprehensive bailout plan please
http://www.garlic.com/~lynn/2008n.html#56 VMware Chief Says the OS Is History
http://www.garlic.com/~lynn/2008n.html#69 Another quiet week in finance
http://www.garlic.com/~lynn/2008n.html#72 Why was Sarbanes-Oxley not good enough to sent alarms to the regulators about the situation arising today?
http://www.garlic.com/~lynn/2008n.html#74 Why can't we analyze the risks involved in mortgage-backed securities?
http://www.garlic.com/~lynn/2008n.html#80 Why did Sox not prevent this financal crises?
http://www.garlic.com/~lynn/2008n.html#82 Fraud in financial institution
http://www.garlic.com/~lynn/2008o.html#15 Financial Crisis - the result of uncontrolled Innovation?
http://www.garlic.com/~lynn/2008o.html#26 SOX (Sarbanes-Oxley Act), is this really followed and worthful considering current Financial Crisis?
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Does anyone get the idea that those responsible for containing this finanical crisis are doing too much?
Refed: **, - **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Does anyone get the idea that those responsible for containing this finanical crisis are doing too much?
Date: October 11, 2008
Blog: Economics
Last sunday, CSPAN had guest on that said that the financial industry
contributed $250m to congress in the session that repealed
Glass-Steagall (Glass-Steagall had been passed in the wake of the '29
crash to keep the safety & soundness of regulated banking separate
from highly risky, unregulated investment banking). PBS program going
into some detail about the repeal:
The Wall Street Fix
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet/
and also that the financial industry contributed $2b to congress in
the most recent session that saw the passage of the $700b bailout
(supposedly those that voted for received 45percent more than those
that voted against).
Much of the current problems is the lack of transparency and
visibility allowing a lot of fiddling, fabrication and fudging the
books.
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
Subprime = Triple-A ratings? or 'How to Lie with Statistics'
http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
Toxic CDOs had been used two decades ago in the S&L crisis to
obfuscate underlying values and sell stuff that otherwise wouldn't
have likely sold.
Being able to get triple-A ratings on toxic CDOs allowed unregulated
mortgage originators to continue to fund their operations and also
unload all the mortgages they could write w/o having to pay any
attention to quality. There was little motivation not to write,
no-documentation, no down payment ARMs with 1-2percent intro rates and
interest only payments. Speculators could snap these up and basically
treat the home owners market like the unregulated 1920s stock market.
Then there were a large number of institutions and retirement funds
buying up these supposedly safe triple-A rated toxic CDOs.
Previously, home owner market was somewhat indirectly regulated,
mortgages were originated by regulated institutions that kept the
mortgages on their books ... so there was significant motivation to
pay attention to mortgage quality.
Plot avg. home prices back to 1970 as well as avg. home prices as
percent of avg. salary ... there is a unique ugly speculation
pimple/boil inflating in the early part of this decade ... which has
only about half-way deflated. The ugly speculation pimple/boil also
contributed to significant over building, the over supply may result
in downward spiral continuing down past the 2001 reset point.
Long-winded, decade old post discussing many of the current problems,
including need for visibility into CDO-like instruments
http://www.garlic.com/~lynn/aepay3.htm#riskm
Last spring there was a business school article that claimed something
like 1000 executives are responsible for 80% of the current crisis
... and it would go a long ways towards fixing the problem if the
gov. could figure how they could loose their job.
GAO has been doing database of increasing number of financial
restatements. Basically the financials are fiddled in a number of ways
to inflate them and executives get bonuses on the inflated
financials. Later, the financials may be restated but the bonuses
aren't forfeited.
Example of fiddling financial statements, freddie in 2004 was fined
$400m for $10b inflation in financial statements (in spite of
SOX). The CEO was replaced ... but allowed to keep tens of (hundred?)
millions. A few weeks ago, Warren Buffet said that he was largest
stockholder in freddie in 2000-2001, but got completely out because of
their accounting practices.
recent article
Expert: Flawed corporate watchdog methods helped fuel economic crisis
http://www.news.uiuc.edu/news/08/1009corporations.html
... and recent quote (from different source):
"Best practice transfer pricing calculations would have made it clear
that neither Bear Stearns nor Lehman Brothers had more than a marginal
chance of survival when funding 30 year sub-prime mortgage loans with
thirty day borrowings.."
... snip ...
Is this akin to Cal. electrical power crisis buying electricity on
"spot" market and no provisions for long-term infrastructure
investment?
and more recent article
Lehman Failure Seen as Straw Which Broke Credit Market's Back
http://www.financetech.com/news/showArticle.jhtml?articleID=211100066
but there is also the whole crisis & trust confidence in institutions
... in part because of the financial statement fiddling and
restatements ... but also because of trust issues in rating services.
a couple weeks ago one of the tv business news shows had a
representative from one of the rating companies to discuss downgrades
they were giving some companies. the host spent much of the show
trying to get the guest to admit being responsible for the crisis
(because of all the triple-A ratings they had given toxic CDOs).
older article from last spring:
The Fed's Too Easy on Wall Street
http://www.businessweek.com/investor/content/mar2008/pi20080318_697440.htm?chan=top+news_top+news+index_businessweek+exclusives
from above:
"The Federal Reserve continues to bail out major financial
institutions without imposing meaningful conditions to improve their
conduct and performance," complains Peter Morici, professor at the
Smith Business School at the University of Maryland.
Here's a staggering figure to contemplate: New York City securities
industry firms paid out a total of $137 billion in employee bonuses
from 2002 to 2007, according to figures compiled by the New York State
Office of the Comptroller. Let's break that down: Wall Street honchos
earned a bonus of $9.8 billion in 2002, $15.8 billion in 2003, $18.6
billion in 2004, $25.7 billion in 2005, $33.9 billion in 2006, and
$33.2 billion in 2007.
... snip ...
now part of the $700b presumably is to replenish the $137b that wall
street sucked out of the infrastructure as reward for their
contribution creating the current crisis
so there was wide spread systemic greed in several parts of the
infrastructure that had disastrous interaction.
there is some character of a "Winnie-the-Pooh" metaphor in all this
... basically pooh bear disavows all responsibility for irrational
behavior around honey ... explaining that he is a bear of no brain at
all.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Signposts on the US Government's Trail of IT Failures
Refed: **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Signposts on the US Government's Trail of IT Failures
Newsgroups: alt.folklore.computers
Date: Sat, 11 Oct 2008 14:56:07 -0400
Anne & Lynn Wheeler <lynn@garlic.com> writes:
Nonviolent Activists Are Now Terrorists
http://www.schneier.com/blog/archives/2008/10/nonviolent_acti.html
we've constantly heard the same refrain over the yrs trying to apply
RDBMS technology to real-world information.
re:
http://www.garlic.com/~lynn/2008o.html#24 Nonviolent Activists Are Now Terrorists
Signposts on the US Government's Trail of IT Failures
http://www.ecommercetimes.com/story/must-read/64704.html
from above:
Why can't the U.S. government get its IT shop in order? A look at some
of the reasons large IT projects fail in the private sector goes a long
way toward explaining what may be causing so many government-funded
undertakings to go south
... snip ...
and recent item for different topic drift:
Asia trumping US on science R&D; Federal funding for research has been
falling in real terms. Is the nation's economic edge at stake?
http://features.csmonitor.com/innovation/2008/10/09/asia-trumping-us-on-science-rd/
misc. past posts mentioning modernization/re-engineering IT efforts
w/problems
http://www.garlic.com/~lynn/2002g.html#16 Why are Mainframe Computers really still in use at all?
http://www.garlic.com/~lynn/2003m.html#13 Cost of patching "unsustainable"
http://www.garlic.com/~lynn/2004l.html#49 "Perfect" or "Provable" security both crypto and non-crypto?
http://www.garlic.com/~lynn/2005.html#37 [OT?] FBI Virtual Case File is even possible?
http://www.garlic.com/~lynn/2005.html#48 [OT?] FBI Virtual Case File is even possible?
http://www.garlic.com/~lynn/2005b.html#3 [OT?] FBI Virtual Case File is even possible?
http://www.garlic.com/~lynn/2005c.html#17 [Lit.] Buffer overruns
http://www.garlic.com/~lynn/2005h.html#13 Today's mainframe--anything to new?
http://www.garlic.com/~lynn/2005j.html#13 Performance and Capacity Planning
http://www.garlic.com/~lynn/2006o.html#9 Pa Tpk spends $30 million for "Duet" system; but benefits are unknown
http://www.garlic.com/~lynn/2007e.html#52 US Air computers delay psgrs
http://www.garlic.com/~lynn/2007i.html#38 John W. Backus, 82, Fortran developer, dies (Actually, Working under the table!)
http://www.garlic.com/~lynn/2007o.html#18 Flying Was: Fission products
http://www.garlic.com/~lynn/2007o.html#23 Outsourcing loosing steam?
http://www.garlic.com/~lynn/2007o.html#43 Flying Was: Fission products
http://www.garlic.com/~lynn/2007u.html#19 Distributed Computing
http://www.garlic.com/~lynn/2008h.html#6 The Return of Ada
http://www.garlic.com/~lynn/2008h.html#50 Microsoft versus Digital Equipment Corporation
http://www.garlic.com/~lynn/2008m.html#41 IBM--disposition of clock business
http://www.garlic.com/~lynn/2008m.html#45 IBM--disposition of clock business
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Signposts on the US Government's Trail of IT Failures
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Signposts on the US Government's Trail of IT Failures
Newsgroups: alt.folklore.computers
Date: Sun, 12 Oct 2008 09:04:46 -0400
jmfbahciv <jmfbahciv@aol> writes:
For the same reason the Air Force couldn't make a functional airplane.
Do you remember the one-pluses that turned a design from a sleek
useful fighter into a clumsy, overly complicated (thus lots of down
time) monster?
re:
http://www.garlic.com/~lynn/2008o.html#29 Signposts on the US Government's Trail of IT Failures
at least boyd managed to undo some of that (for f15 & f18) as well as do
an alternate (f16). .. misc. past boyd posts
http://www.garlic.com/~lynn/subboyd.html#boyd
and then was involved in f20 ... larger numbers of less expensive f20
that were much less complicated and required much less service per hrs
flown ... met the requirement more often than small numbers of much more
complicated f16s. misc. past posts/threads mentioning f20:
http://www.garlic.com/~lynn/94.html#8 scheduling & dynamic adaptive ... long posting warning
http://www.garlic.com/~lynn/2002c.html#14 OS Workloads : Interactive etc
http://www.garlic.com/~lynn/2002d.html#1 OS Workloads : Interactive etc
http://www.garlic.com/~lynn/2002d.html#2 OS Workloads : Interactive etc
http://www.garlic.com/~lynn/2004g.html#4 Infiniband - practicalities for small clusters
http://www.garlic.com/~lynn/2004n.html#27 Shipwrecks
http://www.garlic.com/~lynn/2005d.html#45 Thou shalt have no other gods before the ANSI C standard
http://www.garlic.com/~lynn/2006g.html#13 News Release
http://www.garlic.com/~lynn/2006n.html#43 MTS, Emacs, and... WYLBUR?
http://www.garlic.com/~lynn/2007i.html#3 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007i.html#4 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007i.html#6 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007i.html#7 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007i.html#8 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007i.html#10 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007i.html#25 Latest Principles of Operation
http://www.garlic.com/~lynn/2007o.html#40 EZPass: Yes, Big Brother IS Watching You!
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
The human plague
Refed: **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The human plague
Newsgroups: alt.folklore.computers
Date: Sun, 12 Oct 2008 09:35:58 -0400
jmfbahciv <jmfbahciv@aol> writes:
What is more interesting is who are these people going to blame when
Bush isn't in the office.
I heard on the news a couple days ago that banks were caught between
a rock and a hard place; they had a choice: either hand out loans
to people who could not pay or get sued by the government for racism
violations. Barney Franks keeps giving speeches in this state that
the banks will still be forced to issue loans to people who cannot
pay them.
law of unintended consequences
nominally subprime were targeted at low-income 1st time home owners
... however, no-documentation, no-down ARMs with low 1-2 percent intro
rate and possibly interest only payments were snapped up by speculators
... one study found 61% of subprime loans went to those that would
otherwise qualify for normal loan.
the speculators caused huge inflation in home market prices ... in
segments of the market that you wouldn't find low-income, first time
home owners. plot avg home prices as well as avg home prices as percent
of avg income back to 70s. current is unique, ugly, speculation
pimple/boil starting in earlier part of this decade and has only been
about halfway deflated. the enormous speculation also caused over
building (speculation creating appearance that demand was much greater
than actually existed). the resulting oversupply further depresses
market and may result in downard spiral of prices to continue past 2001
reset point.
then there is the significant systemic greed and interactions with other
parts of the infrastructure.
quote cited from
http://www.garlic.com/~lynn/2008o.html#14 Blinkylights
http://www.garlic.com/~lynn/2008o.html#27 Blinkylights
Best practice transfer pricing calculations would have made it clear
than neither Bear Stearns nor Lehman Brothers had more than a marginal
change of survival when funding 30 year sub-prime mortgage loans with
thirty day borrowings.
... snip ...
and then systemic interaction with credit freezing up
Lehman Failure Seen as Straw Which Broke Credit Market's Back
http://www.financetech.com/news/showArticle.jhtml?articleID=211100066
but there is also the whole crisis & trust confidence in
institutions ... in part because of the financial statement fiddling
and restatements ... but also because of trust issues in rating
services ... especially with a lot of institutions and retirement
funds "snapping" up the supposedly safe, triple-A rated toxic CDOs.
GAO has been doing database of increasing number of financial
restatements (in spite of SOX). Basically the financials are fiddled
in a number of ways to inflate them and executives get bonuses on the
inflated financials. Later, the financials may be restated but the
bonuses aren't forfeited.
The home owner market would nominally be somewhat indirectly regulated
because regulated banks would be making loans from deposits and would
keep them on the books. The number of subprime loans that they would
nominally be able to make would be limited by the regulators (somewhat
like limit on CRA funds).
However, unregulated mortgage originators could leverage the triple-A
rating on toxic CDOS to fund their operations and provide subprime
loans to any and all comers w/o regard to qualifications (subprime
loans having huge demand with speculators planning on flipping the
property before the rate reset).
a couple weeks ago one of the tv business news shows had a
representative from one of the rating companies to discuss downgrades
they were giving some companies. the host spent much of the show
trying to get the guest to admit to being responsible for the crisis
(because of all the triple-A ratings they had given toxic CDOs).
a business school article from last spring estimated that 1000
executives are responsible for 80percent of the current crisis and
that it would go a long way towards fixing the problem if the
government could figure out how they could loose their jobs.
another article from last spring:
The Fed's Too Easy on Wall Street
http://www.businessweek.com/investor/content/mar2008/pi20080318_697440.htm?chan=top+news_top+news+index_businessweek+exclusives
from above:
"The Federal Reserve continues to bail out major financial
institutions without imposing meaningful conditions to improve their
conduct and performance," complains Peter Morici, professor at the
Smith Business School at the University of Maryland.
Here's a staggering figure to contemplate: New York City securities
industry firms paid out a total of $137 billion in employee bonuses
from 2002 to 2007, according to figures compiled by the New York State
Office of the Comptroller. Let's break that down: Wall Street honchos
earned a bonus of $9.8 billion in 2002, $15.8 billion in 2003, $18.6
billion in 2004, $25.7 billion in 2005, $33.9 billion in 2006, and
$33.2 billion in 2007.
... snip ...
now part of the $700b presumably is to replenish the $137b that wall
street sucked out of the infrastructure as reward for their
contribution creating the current crisis
so there was wide spread systemic greed in several parts of the
infrastructure that had disastrous interaction.
there is some character of a "Winnie-the-Pooh" metaphor in all this
... basically pooh bear disavows all responsibility for irrational
behavior around honey ... explaining that he is a bear of no brain at
all.
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
How much is 700 Billion Dollars??
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: How much is 700 Billion Dollars??
Date: October 12, 2008
Blog: Risk Management
from last spring ...
The Fed's Too Easy on Wall Street
http://www.businessweek.com/investor/content/mar2008/pi20080318_697440.htm?chan=top+news_top+news+index_businessweek+exclusives
from above:
"The Federal Reserve continues to bail out major financial
institutions without imposing meaningful conditions to improve their
conduct and performance," complains Peter Morici, professor at the
Smith Business School at the University of Maryland.
Here's a staggering figure to contemplate: New York City securities
industry firms paid out a total of $137 billion in employee bonuses
from 2002 to 2007, according to figures compiled by the New York State
Office of the Comptroller. Let's break that down: Wall Street honchos
earned a bonus of $9.8 billion in 2002, $15.8 billion in 2003, $18.6
billion in 2004, $25.7 billion in 2005, $33.9 billion in 2006, and
$33.2 billion in 2007.
... snip ...
now part of the $700b presumably is to replenish the $137b that wall
street sucked out of the infrastructure as reward for their
contribution creating the current crisis
a little topic drift ...
Asia trumping US on science R&D; Federal funding for research has
been falling in real terms. Is the nation's economic edge at stake?
http://features.csmonitor.com/innovation/2008/10/09/asia-trumping-us-on-science-rd/
longer recent/related answer
Does anyone get the idea that those responsible for containing this
finanical crisis are doing too much?
http://www.linkedin.com/answers/finance-accounting/economics/FIN_ECO/340229-20738879
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Signposts on the US Government's Trail of IT Failures
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Signposts on the US Government's Trail of IT Failures
Newsgroups: alt.folklore.computers
Date: Sun, 12 Oct 2008 11:32:04 -0400
krw <krw@att.bizzzzzzzzzz> writes:
The F14 is more in line with BAH's comments, I think. It was
supposed to be the uber-plane. Instead, it was an overcomplicated
brick with engines, designed by congress, that no one else liked.
re:
http://www.garlic.com/~lynn/2008o.html#29 Signposts on the US Government's Trail of IT Failures
http://www.garlic.com/~lynn/2008o.html#30 Signposts on the US Government's Trail of IT Failures
F15 & F18 started out similarly ... and Boyd significantly improved
old reference ... quoting biographies, boyd getting the f15 weight cut in half
http://www.garlic.com/~lynn/2003h.html#57 employee motivation & executive compensation
one of the tactics boyd used was drawing comparisons with the f111
... past thread
http://www.garlic.com/~lynn/2007h.html#68 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007h.html#69 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2007h.html#70 John W. Backus, 82, Fortran developer, dies
as in the above thread, F14 was done prior to boyd's e-m theory of maneuverability
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
The human plague
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The human plague
Newsgroups: alt.folklore.computers
Date: Sun, 12 Oct 2008 12:51:42 -0400
re:
http://www.garlic.com/~lynn/2008o.html#31 The human plague
and
Does anyone get the idea that those responsible for containing this
finanical crisis are doing too much?
http://www.linkedin.com/answers/finance-accounting/economics/FIN_ECO/340229-20738879
http://www.garlic.com/~lynn/2008o.html#28
from today, somewhat more computer related:
The Rise of the (Financial) Machines
http://news.slashdot.org/news/08/10/12/1146231.shtml
from above:
Somehow the genius quants -- the best and brightest geeks Wall Street
firms could buy -- fed $1 trillion in subprime mortgage debt into their
supercomputers, added some derivatives, massaged the arrangements with
computer algorithms and -- poof! -- created $62 trillion in imaginary
wealth.
... snip ...
This assumes that they weren't just trying to purposefully obfuscate
what was going on, i.e.
How Wall Street Lied to Its Computers
http://bits.blogs.nytimes.com/2008/09/18/how-wall-streets-quants-lied-to-their-computers/
Subprime = Triple-A ratings? or 'How to Lie with Statistics'
http://www.bloggingstocks.com/2007/07/25/subprime-triple-a-ratings-or-how-to-lie-with-statistics/
The reports are that the recent Lehman CDS auction, after net settlement
there is less than 2percent actually changes hands (i.e. they sold each
other large numbers of CDS that net'ed nearly to zero).
So do they get commissions for the CDS? ... significantly inflating
bonuses is motivation for fiddling books; Commissions would be
motivation for the large number of CDS sold (which would put it somewhat
in the same league as stock transaction churn ... i.e. trades purely for
the purpose of increasing commissions).
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
The human plague
Refed: **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The human plague
Newsgroups: alt.folklore.computers
Date: Sun, 12 Oct 2008 16:28:46 -0400
so this claims there was only about $1 trillion in actual subprime
http://news.slashdot.org/news/08/10/12/1146231.shtml The Rise of the (Financial) Machines
past posts reference study that found 61 percent of subprime loans
went to people that would qualify for normal loans. first order
approx. then is $390b went to owner-occupied, low-income, first time
owners. However, the study said number of loans ... not amount of
loans. low-income first time owner subprimes were at the low-end of
the home owner market ... not the speculation end where the huge ugly
pimple/boil price inflation happened. that means that possibly $100b
would be more than enuf to outright buy every owner-occupied,
low-income, first-time home owner, non-speculation subprime
mortgage. reference to $300b passed last summer to mitigate mortgages
in trouble:
http://www.garlic.com/~lynn/2008n.html#99 Blinkylights
so of the bailout $1.5trillion and counting ... $100b is possibly more
than enuf to cover that underlying issue ... the rest is to cover the
mess that wall street, public companies, speculators and financial
institutions got themselves into.
there is the upenn business school article from last spring that
mentions possibly 1000 executives are responsible for 80% of the current
financial mess (and it would go a long way to fixing the mess if the
gov. could figure out for them to loose their job).
and recent quote from last week:
"Best practice transfer pricing calculations would have made it clear
that neither Bear Stearns nor Lehman Brothers had more than a marginal
chance of survival when funding 30 year sub-prime mortgage loans with
thirty day borrowings."
... snip ...
I've mentioned the winnie-the-pooh metaphor, on the theory that claiming
bear with no brains at all ... absolves them of any responsibility;
misc. past posts:
http://www.garlic.com/~lynn/2008n.html#3 Blinkylights
http://www.garlic.com/~lynn/2008n.html#14 Blinkylights
http://www.garlic.com/~lynn/2008n.html#33 Blinkylights
http://www.garlic.com/~lynn/2008n.html#37 Success has many fathers, but failure has the US taxpayer
http://www.garlic.com/~lynn/2008n.html#52 Technology and the current crisis
http://www.garlic.com/~lynn/2008o.html#28 Does anyone get the idea that those responsible for containing this finanical crisis are doing too much?
http://www.garlic.com/~lynn/2008o.html#31 The human plague
another metaphor is the emperor's new clothes parable ... being
able to make $1trillion to appear like $62 trillion?
http://www.garlic.com/~lynn/2008o.html#34 The human plague
and
http://news.slashdot.org/news/08/10/12/1146231.shtml The Rise of the (Financial) Machines
http://www.nytimes.com/2008/10/12/opinion/12dooling.html?em The Rise of the Machines
from the above:
Somehow the genius quants -- the best and brightest geeks Wall Street
firms could buy -- fed $1 trillion in subprime mortgage debt into their
supercomputers, added some derivatives, massaged the arrangements with
computer algorithms and -- poof! -- created $62 trillion in imaginary
wealth
... snip ...
which references:
http://edge.org/3rd_culture/dysong08.1/dysong08.1_index.html Economic Dis-equilibrium
past reference to emperor's new clothes parable:
http://www.garlic.com/~lynn/2008j.html#20 dollar coins
http://www.garlic.com/~lynn/2008j.html#40 dollar coins
http://www.garlic.com/~lynn/2008j.html#60 dollar coins
http://www.garlic.com/~lynn/2008j.html#69 lack of information accuracy
http://www.garlic.com/~lynn/2008k.html#10 Why do Banks lend poorly in the sub-prime market? Because they are not in Banking!
http://www.garlic.com/~lynn/2008k.html#16 dollar coins
http://www.garlic.com/~lynn/2008k.html#27 dollar coins
http://www.garlic.com/~lynn/2008l.html#42 dollar coins
http://www.garlic.com/~lynn/2008m.html#4 Fraud due to stupid failure to test for negative
http://www.garlic.com/~lynn/2008m.html#12 Fraud due to stupid failure to test for negative
http://www.garlic.com/~lynn/2008m.html#99 Blinkylights
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
VMware Chief Says the OS Is History
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: VMware Chief Says the OS Is History
Newsgroups: alt.folklore.computers
Date: Sun, 12 Oct 2008 17:00:30 -0400
re:
http://www.garlic.com/~lynn/2008n.html#76 VMware Chief Says the OS is History
http://www.garlic.com/~lynn/2008n.html#85 VMware Chief Says the OS is History
http://www.garlic.com/~lynn/2008o.html#3 VMware Chief Says the OS is History
"Black Silicon" Advances Imaging, Solar Energy
http://tech.slashdot.org/tech/08/10/12/1620212.shtml
SiOnyx Brings 'Black Silicon' into the Light; Material Could Upend
Solar, Imaging Industries Xconomy
http://www.xconomy.com/boston/2008/10/12/sionyx-brings-black-silicon-into-the-light-material-could-upend-solar-imaging-industries/
from above:
... they found that if they blasted the surface of a silicon wafer with
an incredibly brief pulse of laser energy in the presence of gaseous
sulfur and other dopants, the resulting material—which they called
"black silicon"—was much better at absorbing photons and releasing
electrons.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
The human plague
Refed: **, - **, - **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The human plague
Newsgroups: alt.folklore.computers
Date: Sun, 12 Oct 2008 21:35:09 -0400
Carl Flippin <carlf@photocarl.org> writes:
It is irrational to argue that, since the bailout is saving banks from
their own folly, we should refuse to do it. The simple fact is that
the crisis is not only among major investment banks. Commercial paper
is being severly restricted as all the banks pull into their shells
and refuse to have anything to do with credit. If we refuse to do
anything to resolve the crisis, we will be damaging our whole economy
in the process. The bailout is a bitter pill but it's better than
dying.
re:
http://www.garlic.com/~lynn/2008o.html#35 The human plague
lots of it involves highly risky unregulated investment banking. the
idea behind them being unregulated would be that they would have the
complete freedom to take any action they wanted to and be able to
succeed or fail based on those actions (basically an economic survival
of the fitest). basic, fundamental principle of the paradigm was that 1)
they could take any risk they wanted to and 2) they would be allowed to
fail.
there is a fundamental, argument going on frequently referred to as
moral hazard ... allowing unlimited risky behavior with the
consequence of failure ... but then not letting them actually fail
... will encourage worse and worse risky behavior.
because of a whole lot of systemic issues ... including the repeal of
Glass-Steagall (Glass-Steagall had been passed in the wake of crash of
'29 to keep the safety & soundness of regulated banking separate from
the highly risky, unregulated investment banking). detailed discussion
The Wall Street Fix
http://www.pbs.org/wgbh/pages/frontline/shows/wallstreet/
Part of the issue is clearly delineate the risky investment banking
activity from the safety & soundness of regulated banking and provide
aid to bring those areas back to healthy operation (and allow the risky
investment banking activity to succeed or fail on their own avoiding
promoting ever increasing risky behavior and moral hazard).
Pumping money into the fissure w/o addressing the underlying systemic
problems may actually accelerate overall infrastructure failure
(i.e. indiscriminate pumping out money doesn't actually mean that it is
doing anything to resolve the crisis).
This is claimed to better directly address the commercial paper credit
crisis (only dealing with "safe & sound" regulated financial
institutions):
Fed to buy commercial paper in bid to jump-start credit
http://www.breitbart.com/article.php?id=081007145358.da2mju5j&show_article=1
another scenario for not indiscriminately pumping money into the breach
Curing the Credit Crisis: A Better Alternative Plan
http://seekingalpha.com/article/97159-curing-the-credit-crisis-a-better-alternative-plan
above talks about not only lehman and bear-stearns
http://www.garlic.com/~lynn/2008o.html#14 Blinklights
http://www.garlic.com/~lynn/2008o.html#15 Financial Crisis - the result of uncontrolled Innovation?
http://www.garlic.com/~lynn/2008o.html#18 Once the dust settles, do you think Milton Friedman's economic theories will be laid to rest
http://www.garlic.com/~lynn/2008o.html#26 SOX (Sarbanes-Oxley Act), is this really followed and worthful considering current Financial Crisis?
http://www.garlic.com/~lynn/2008o.html#27 Blinklights
playing long/short (w/marginal chance of survival) ... but also some
of the banks:
Not only did banks lend long to borrowers, banks borrowed short-term
CP money to buy collateralized residential and commercial
mortgage-backed securities for their own inventories or balance
sheets. Banks paid for these toxic assets by issuing commercial paper:
They thought it was a great borrow-short/lend-long spread play. But
when these short-term loans come due, they can't "roll" them over.
... snip ...
past posts mentioning moral hazard:
http://www.garlic.com/~lynn/2008g.html#64 independent appraisers
http://www.garlic.com/~lynn/2008j.html#71 lack of information accuracy
http://www.garlic.com/~lynn/2008j.html#76 lack of information accuracy
http://www.garlic.com/~lynn/2008k.html#16 dollar coins
http://www.garlic.com/~lynn/2008l.html#51 Monetary affairs on free reign, but the horse has Boulton'd
http://www.garlic.com/~lynn/2008l.html#67 dollar coins
http://www.garlic.com/~lynn/2008m.html#83 Fraud due to stupid failure to test for negative
http://www.garlic.com/~lynn/2008m.html#86 WSJ finds someone to blame.... be skeptical, and tell the WSJ to grow up
http://www.garlic.com/~lynn/2008n.html#0 Blinkylights
http://www.garlic.com/~lynn/2008n.html#3 Blinkylights
http://www.garlic.com/~lynn/2008n.html#65 Whether, in our financial crisis, the prize for being the biggest liar is
http://www.garlic.com/~lynn/2008n.html#69 Another quiet week in finance
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
The human plague
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The human plague
Newsgroups: alt.folklore.computers
Date: Sun, 12 Oct 2008 22:08:23 -0400
re:
http://www.garlic.com/~lynn/2008o.html#35 The human plague
http://www.garlic.com/~lynn/2008o.html#37 The human plague
hot off the press ... mentioned that in 87, wall street leaders stepped
in and took action to help stock market
Wall Street Leaders Missing In Action
http://www.consumeraffairs.com/news04/2008/10/bailout14.html
but ...
In the current crisis, today's Wall Street leaders seem to be hiding,
some behind the restrictiveness of the Sarbanes Oxley Act and others
because they played a role in problem and are ashamed to be seen in
public.
... snip ...
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
The human plague
Refed: **, - **, - **, - **, - **
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: The human plague
Newsgroups: alt.folklore.computers
Date: Mon, 13 Oct 2008 09:10:24 -0400
Morten Reistad <first@last.name> writes:
You need the employees and middle managers to sort things out,
though. They may even have significant raises, because competent bankers are
a rare skillset these days, and the demand has just skyrocketed.
re:
http://www.garlic.com/~lynn/2008o.html#37 The human plague
http://www.garlic.com/~lynn/2008o.html#38 The human plague
in the wake of the S&L crisis, one of the critisms was that in highly
regulated, stable environment, there was no real requirement for
competence to do the job, bankers could get by just performing their
jobs by rote (and so much of the profession became populated by a large
number of people that didn't really know what they were doing). when
faced with new circumstances/conditions ... they didn't have the
understanding to deal with it (somewhat economic surival of the fittest,
where so many had grown up fat, dumb & happy). there is some
relationship to our critism with the (then new) qualitative section
nearly disappearing from original basel-ii draft. This is also somewhat
references to the "winnie-the-pooh" metaphor.
besides the (triple-A rated) toxic mortgage-backed securities (fueled by
the rating agencies giving out all these triple-A ratings) ... there are
all these institutions playing unregulated, risky investment banks
(repeal of Glass-Steagall which was keeping the safety&soundness of
regulated banking separate from the risky unregulated investment
banking); there is the observation that lehman and bear-stearns only had
a marginal chance of survival playing the risky investment banking
long/short game
http://www.garlic.com/~lynn/2008o.html#14 Blinkylights
http://www.garlic.com/~lynn/2008o.html#27 Blinkylights
... but that also applies to a fair number of other financial
institutions.
misc. past posts mentioning basel-ii qualitative:
http://www.garlic.com/~lynn/aadsm25.htm#14 Sarbanes-Oxley is what you get when you don't do FC
http://www.garlic.com/~lynn/aadsm28.htm#61 Is Basel 2 out...Basel 3 in?
http://www.garlic.com/~lynn/aadsm28.htm#66 Would the Basel Committee's announced enhancement of Basel II Framework and other steps have prevented the current global financial crisis had they been implemented years ago?
http://www.garlic.com/~lynn/2003k.html#41 An Understanding Database Theory
http://www.garlic.com/~lynn/2005k.html#23 More on garbage
http://www.garlic.com/~lynn/2005t.html#26 Dangerous Hardware
http://www.garlic.com/~lynn/2006u.html#22 AOS: The next big thing in data storage
http://www.garlic.com/~lynn/2007j.html#0 John W. Backus, 82, Fortran developer, dies
http://www.garlic.com/~lynn/2008.html#71 As Expected, Ford Falls From 2nd Place in U.S. Sales
http://www.garlic.com/~lynn/2008.html#78 As Expected, Ford Falls From 2nd Place in U.S. Sales
http://www.garlic.com/~lynn/2008n.html#15 Blinkylights
misc. past posts mentioning "Wall Street Fix" PBS program on repeal
of Glass-Steagall:
http://www.garlic.com/~lynn/2008f.html#13 independent appraisers
http://www.garlic.com/~lynn/2008f.html#46 independent appraisers
http://www.garlic.com/~lynn/2008f.html#71 Bush - place in history
http://www.garlic.com/~lynn/2008f.html#97 Bush - place in history
http://www.garlic.com/~lynn/2008g.html#2 Bush - place in history
http://www.garlic.com/~lynn/2008g.html#51 IBM CEO's remuneration last year ?
http://www.garlic.com/~lynn/2008g.html#66 independent appraisers
http://www.garlic.com/~lynn/2008h.html#89 Credit Crisis Timeline
http://www.garlic.com/~lynn/2008k.html#36 dollar coins
http://www.garlic.com/~lynn/2008k.html#41 dollar coins
http://www.garlic.com/~lynn/2008l.html#67 dollar coins
http://www.garlic.com/~lynn/2008l.html#70 dollar coins
http://www.garlic.com/~lynn/2008m.html#16 Fraud due to stupid failure to test for negative
http://www.garlic.com/~lynn/2008n.html#53 Your thoughts on the following comprehensive bailout plan please
http://www.garlic.com/~lynn/2008n.html#78 Isn't it the Federal Reserve role to oversee the banking system??
http://www.garlic.com/~lynn/2008n.html#82 Fraud in financial institution
http://www.garlic.com/~lynn/2008o.html#18 Once the dust settles, do you think Milton Friedman's economic theories will be laid to rest
http://www.garlic.com/~lynn/2008o.html#19 What's your view of current global financial / economical situation?
http://www.garlic.com/~lynn/2008o.html#28 Does anyone get the idea that those responsible for containing this finanical crisis are doing too much?
http://www.garlic.com/~lynn/2008o.html#37 The human plague
--
40+yrs virtualization experience (since Jan68), online at home since Mar70
Signposts on the US Government's Trail of IT Failures
From: Anne & Lynn Wheeler <lynn@garlic.com>
Subject: Re: Signposts on the US Government's Trail of IT Failures
Newsgroups: alt.folklore.computers
Date: Mon, 13 Oct 2008 12:17:14 -0400
t-bone@address.invalid (Stan Barr) writes:
Not just the NHS, almost every govt. department computer system has
problems and now they talking about ID cards - it'll never work!
I blame it on the fact that all the people who _really_ know what they're
doing have grown old and retired or got promoted to management.
re:
http://www.garlic.com/~lynn/2008o.html#29 Signposts on the US Government's Trail of IT Failures
http://www.garlic.com/~lynn/2008o.html#30 Signposts on the US Government's Trail of IT Failures
http://www.garlic.com/~lynn/2008o.html#33 Signposts on the US Government's Trail of IT Failures
most of the ID cards are by factions that start out the view that such
things are profit ... and then compromises are made to reduce the costs
... but usually not in the area of profits ... frequently in the area of
security (trying to preserve profit).
we approached it from the inception that it was costs ... in the mid-90s
we made semi-facetious claims that we would take a $500 milspec part and
aggresively cost reduce by 2-3 orders of magnitude at the same time
increasing the integrity and security.
misc. related to aads chip strawman
http://www.garlic.com/~lynn/x959.html#aads
one of the other issues was that the "card" programs tended to be driven
by purely "card" myopic faction (possibly also as part of maximizing
card profit) ... which nominally failed to bother with detailed,
end-to-end, threat & vulnerability analysis (and where cards might
reasonably fit into overall infrastructure). one such was payment
infrastructure that started in europe in the mid-90s ... that managed to
create the yes card fraud opportunity (i.e. in one meeting somebody
made the comment that they managed to spend billions of dollars to prove
that chips are less secure than magstripe)
http://www.garlic.com/~lynn/subintegrity.html#yescard
there was one large deployment where the yes card vulnerability was
explained and they interpreted it as a characteristic of the distributed
cards ... and took action to modify some of the options on the
distributed cards. However, that had absolutely no effect on the threat
... since it involved counterfeit cards "attacking" valid terminals (not
attacks on valid cards).
one of the other problems, we had got on similar technology
track that affected the EPS/UPS RFID chips (make chips smaller and
less complex) ... but with (aads chip strawman) maximizing purposeful
security characteristics (rather than purely least expensive as
possible). a significant issue was that chip manufacturing costs are
basically per wafer ... so cost per chip is number/yield of chips per
wafer. wafers went from 8in to 12in ... to increase chips/wafer.
circuits got smaller ... so chips (with same number of circuits) got
smaller. the problem was that there was technology circuits/wafer bump
for a period where t