2013-01-30

Those Facebook Q4 results

At the time of writing, Facebook is down about 3.5% in after-hours trading, bouncing up and down as investors try to work out how they feel about the FB Q4 2012 results. I've had a look through, and can sympathise - I can't make my mind up either.

The main takeaway I get from the FB results is that revenue is up, $5.1bn for 2012 compared to $3.7bn for 2011, but it's costing them a lot more to get that revenue; costs of $4.5bn were much greater than $2bn last year. From the breakdown, cost of revenue was proportionately slightly down, but marketing + sales and "general admin" way more than doubled from 2011 to 2012, and R+D at $1.3bn was up by a factor of 3.6, which is huge. What does Facebook buy with its R+D money? It's talent - this is almost certainly mostly compensation: salaries and share allocations. Share-based compensation expense in R+D jumped from $114mm to $843mm. They've doubtless got a lot more engineers, and they're having to pay them well in a thriving Silicon Valley market. Zuckerberg announced on the earnings call that FB intends to hire more engineers in 2013 and in 2012 added 1,419 employees to the previous 3,200 employees; nearly 50% growth already. If you're paying your average engineer $200K in salary and benefits, which seems low for Bay Area salaries, that's $280 million you've just added to your annual payroll. And the problem with adding a lot of employees is that it's a recurring cost - you can't easily shrink wages, and if you start to fire significant numbers of them then you're going to alarm the markets.

Something else I find interesting for its absence is information on how much FB is spending on building and running its data centers. Reasonably solid estimates based on power usage placed them at 180,000 servers in mid-2012, up sharply from an estimated 30,000 in 2009. That's still a lot less than Google's estimated 1 million (based on the same methodology) but it must be a serious draw in power and maintenance, not to mention capital expenditure. From a first glance through the figures though, it doesn't look like they're now spending a lot of money in that area. If you figure a single server costs you $1500 (guess) and you put, say, 20,000 in a building (I don't know if FB has 9 data centers but that sounds about right) then that's $30 million on servers plus probably twice that in associated infrastructure (say, a round $100 million per data center) and you figure on writing off that cost over 5 years, that's $180 million per year for the nine data centers.

I can understand FB putting all this money into obtaining talent - they want to find the next big thing, monetise mobile, find new markets. To keep their shareholders happy, however, they're going to need to show some impressive results fairly soon. This is not the dot.com boom any more. On the other hand, they have 600 million users using FB in some way every day; quantity has a quality all of its own.

This, obviously, is not investment advice. I have no idea what I'm doing. You'd be mad to pay any attention to me. Do your own diligence, seek out a paid professional, etc.

Caribbean warez for all

Due to a trade dispute with the USA, Antigua may be setting itself up to provide warez to US citizens for a modest fee, without actually breaking the law. The previously lucrative gambling industry ran into problems when the US enacted anti-offshore-gambling laws. Now, temporarily freed of international copyright obligations, Antigua is declaring its intention to run a business selling films and music to US citizens for profit, being able to trouser all the cash and not compensate the rights owners. Nice job if you can get it.

Bit of a problem: look at Antigua's prices for home internet. "High speed" (3Mbps) will cost you $629 East Caribbean, or about £150. Per month. Even allowing for a good bit of price gouging and monopoly abuse by Cable and Wireless, that signals a rather limited connection to "the Internet" - in this case, the key metric is the bandwidth available from Antigua to the shores of the USA. Antigua has a population of about 85,000. Let's assume 20,000 households, and 10,000 of them have an Internet connection of 1.5Mbps for about £80/month, and C+W have a contention ratio of 50:1 (so a 1.5Mbps pipe will be shared by 50 houses). Then you can satisfy domestic demand with 300Mbps of bandwidth. Double that to allow for businesses, and I reckon you're looking at just over half a gig (600Mbps) of fiber to the island. Note that this is bits per second, not bytes per second.

Downloading a movie at a reasonable rate (say, a 5Mbps stream) will quickly eat up that capacity. If you max out Antigua's entire bandwidth, you'll be able to serve 120 customers concurrently, and 2GB (bytes, not bits) of movie download will take 16,000/5 = 3200 seconds, or just under an hour. You'll be able to serve around 2900 movies per day. If you're lucky, you'll make $1/movie. You could make this work a lot better by caching popular movies States-side, but of course the copyright lawyers will shut down USA-based caching servers in no time.

Antigua will be lucky to clear $1 million in profit in the course of a year like this, even assuming no legal or infrastructure troubles. Of course, I may be off in my estimates of their available bandwidth - but I'd be surprised if I'm undershooting by a factor of 10. It also wouldn't be unimaginable for the major movie studios to pressure Internet peers to blackhole certain traffic from Antigua...

2013-01-29

In defence of cats

The feline haters are getting organised: they now have an article in Nature Communications (registered media only) arguing that cats are merciless killers and should be put on a leash:

Cats are one of the top threats to US wildlife, killing billions of animals each year, a study suggests. The authors estimate they are responsible for the deaths of between 1.4 and 3.7 billion birds and 6.9-20.7 billion mammals annually.
Well, heck, let's not do any maths on this, Rebecca Morelle from the BBC. Let's just quote the press release verbatim. Heaven forfend that we actually perform any journalism.

Being less lazy than Ms. Morelle, let us assume we have one domestic cat to every household in the USA; it's not going to be exact, but the right ballpark as many cat owners have multiple cats. That's about 100 million cats, and a buttload of wrecked next-door gardens. If they averaged 1 victim a day, that's 36 billion victims. The authors therefore are complaining about cats killing at a rate of 0.1 birds per day and, say, 0.6 mammals per day. I mean, this is not extravagant - you're talking a bird every couple of weeks. Frankly, I don't think most of these cats are trying. A cat who previously owned me used to waste 2-3 mammals and 1 bird per day, and those were only the ones whose remnants I found.

I should confess an interest at this point - I am a cat person (I wash in my own saliva) and can't stand the eager-to-please dependency of dogs. I actually appreciate cats' inclination to hunt and kill mice and rats. For that, I'm fine with them taking the occasional bird or rabbit. While we're here, I'm doubtful about the cats blamed for squirrel deaths - squirrels are nimble, wary and vicious little bastards, and it would have to be a pretty hard cat to kill squirrels successfully in any great numbers. Birds have a massive advantage over cats in being able to fly - although I'm sure the cats are working on that deficiency - and so many birds caught by cats were stupid to descend to the cat's level and likely had it coming.

To give you an idea of the angle of the article, author Pete Marra appears to work in the Migratory Bird Center of the Smithsonian Conservation Biology Institute. I'm guessing he quite likes birds. But, Pete, how many birds are there in the USA? Best guess is 10-20 billion. Life expectancy of songbirds in the USA is under a year so cats are by no means the primary killer of birds - maybe 20% of bird fatalities are due to cats. Presumably many of these are the incautious or stupid ones. We should also note how sparsely populated the USA is; there are vast swathes of land that have very few humans and even fewer cats, but plenty of birds. There's no danger of birds going extinct through cat predation.

So, Dr. Marra, where now?

Dr Marra said: "We hope that the large amount of wildlife mortality indicated by our research convinces some cat owners to keep their cats indoors and that it alerts policymakers, wildlife managers and scientists to the large magnitude of wildlife mortality caused by cat predation."
I wouldn't be surprised if this chap was a vegan, judging by the self-righteous aversion to creature mortality he displays. But no, Dr. Marra, we will not be putting bells on our cats. We will not be locking our cats in the house. We will let our cats do what they will, controlling pests and culling the weak and sick from the bird population.

And when the collapse of civilisation comes, as it surely must, Dr. Marra's most likely fate is to disappear under a pack of hungry cats intent on chewing his face off. No more than he deserves.

2013-01-28

Spontaneous clean-out of the Civil Service?

A very promising prospect in the Grauniad today: two thirds of senior civil servants are considering quitting:

The poll (pdf), conducted by the FDA union (formerly known as the First Division Association) also found that almost one in four Whitehall staff in the top three grades of the service want to leave their jobs immediately.
To which the only response can be: "so why don't they?" The top four grades are Perm Sec (including admirals, generals, air chief marshals), Director General, Director and Deputy Director; it seems that they exclude Perm Secs from this survey. There are 35 Permanent Secretaries and 200 "top" civil servants which probably account for the Perm Secs and most of the Directors General; there are about 3500 people in the 3 grades below Perm Sec. That's 900 senior civil servants wanting to leave immediately, and 2000+ considering quitting. (The numbers also imply, if there are 150 Directors General, that the number of people in each grade multiplies by around 4 for each level below.)

But where would they go? We're in a recession, and the traditional destinations for senior civil servants (quangos, NED positions in banks, consulting firms) are being rather squeezed. I suspect that most of those wanting to leave will be angling for early retirement, hoping to get at least something of a payoff for leaving 3-5 years before their due date. And why shouldn't they? If you're in sub-average health and not anticipating a promotion, retiring early is a good plan; you take your maximum lump sum, accept the slightly reduced annuity because you don't anticipate collecting it for many years, and go off doing whatever you enjoy for the next few years. And good luck to you!

The principal benefit a company gets in hiring a senior civil servant is an inside track into the department's commercial and legal practices. If you want to negotiate the labyrinthine acquisition processes of the department in order to sell your high-priced but user-hostile software, or work out how to write documentation to ensure your pharmaceuticals get prompt approval then a senior member of the department may come in handy. However, you have to look at bang-per-buck; instead of hiring a Director, you may well be better off recruiting more junior but well-informed members of the department who are current in the practice of the rules and regulations, rather than the "big picture" guys at the top whose usefulness will quickly expire. This is not how the article sells it, of course:

According to Dave Penman, the FDA's general secretary, the survey shows that the government is facing "an exodus of talent" from the public to the private sector if the economy picks up.
I think the word "talent" does not mean what Mr. Penman thinks it means. As a career civil servant from the Inland Revenue and DWP and PCS union organiser, he's never had a job which poor performance would have put at risk. Now he's on the TUC General Council. I think it safe to say that the responsible spending of taxpayer money is not foremost on his mind.

Now, of course, we ask "cui bono?" - who wanted this story to appear and so briefed Observer investigations editor Rajeev Syal on the survey? I expect this is one step in the Civil Service angling to reverse their pay freeze. "Prime Minister, we are losing experienced senior civil servants hand over fist - we must raise pay and improve conditions to retain the hard-won experience and leadership." Since the Government doesn't seem to be able to influence Civil Service appointments as a result of the Civil Service's political "neutrality", however, all it means is that the positions will be filled by "more of the same". There is no shortage of Civil Servants willing to go for promotion boards, and the Buggin's Turn aspect of promotion ensures that "seniority" (age in place) still counts for a lot. Any board for a Top 200 position would be implicitly considering "is this person One Of Us?".

Interestingly, the current Head of the Home Civil Service, Bob Kerslake, is a mathmo from Warwick University and a chartered accountant - a break from the economics / law / Classics background of his predecessors. I wonder if he's run the numbers and realises what's coming down the pipe for Civil Service numbers, pay and pensions?

2013-01-27

Time for the reign of clouds?

Ex-Google bod Dave Girouard writes of what business owners should consider when thinking of moving their operations into the cloud:

...one of the chief conundrums of cloud computing: you are powerless to fix a problem, and entirely dependent on somebody you can’t see, hear or yell at, to fix it. People hate that.
Girouard's perspective is interesting as he's a gamekeeper turned poacher; used to lead the Google Apps team whose entire raison d'être is cloud service hosting; he's now leading a startup and a customer of cloud services. So why does he think that a firm should host itself in the cloud?

He quotes and refutes three common arguments against cloud hosting:

  1. "These big outages mean we should keep things in house"
    Most company in-house IT firms have no idea of the availability they actually provide. When you are trying to measure anything better than about three 9s (99.9% availability - fewer than 10 minutes downtime per week, or 1 in 1000 queries failing) you need to have a really good way of measuring availability from a user's point of view, which generally means several user-emulating bots probing the system and reporting on errors. The scale at which cloud hosting operates means that they have a much better idea of how close to, say, four 9s they are running at. Of course, they won't be able to measure directly any interruptions in the network between the cloud and an individual client, but they will have profiling of normal client activity and be able to spot unexpected traffic drop-off.
  2. "I need somebody to talk to when a service interruption occurs"
    This is what really bugs me. When things go wrong in a company, and they will, the worst possible thing the affected workers can do is to badger the IT department with "when will it be fixed?" questions. As soon as the relevant infrastructure team recognises and acknowledges the problem, the best thing that the affected workers can do is to plan how to work around the outage, and eread the communications from the infra team that provide updated information on the scope and expected length of the outage. Repeatedly emailing or phoning to them is not going to help, no matter how diligent you wish to appear to your boss.
    One approach I've seen work well is for the infra team to designate one person to manage comms - respond to all incoming email, forward any critical information to the infra team actually solving the problem, and compose and send updates to the affected teams at designated times. The infra team may also designate a second member as a fixer-at-will to be given to affected teams for help with workarounds while the actual problem is not yet fixed.
  3. "Cloud is OK for non-critical applications with non-sensitive data"
    Encryption is cheap. Encryption is (relatively) easy. Use HTTPS and only your employees and the hosting company sysadmins will be able to see your data. Encrypt critical information before sending, and the problem is solved - and as a side benefit, many fewer of your employees will have access to the secret data, if you do it correctly.

The most obvious argument against cloud is "what happens if the network between us and our cloud service provider is down / congested?" Clearly you have to be careful about your choice of ISP, and identify multiple redundant routes to your cloud service provider. This is an extra expense and hassle, but it may well still be worth it. Of course, it significantly increases the importance of building an IT department that can plan, build, measure and maintain network connectivity; this is harder to do, and harder to recruit for, than just paying Microsoft / Cisco / IBM for bundles of "enterprise" software and installing it on expensive hardware.

Girouard won't make any friends in IT with this though:

Further, this confused IT leader thinks his team can manage a service more reliably than a company whose entire existence depends on its ability to do so. To put it bluntly, Google has assembled the greatest collection of computer science talent in the world. Similarly Amazon has a multi-year lead in delivering compute power by the drop [...] Your IT organization simply doesn't rate at this level.
But it's (somewhat) true. Really good IT people don't generally stick around company IT departments very long; there are other, more tempting and lucrative gigs e.g. contracting. And if you rely on hire-at-will fire-at-will contractors for most of your IT department expertise, what exactly are your objections to cloud hosting? The number of times I've seen a single-point-of-failure IT admin depart, or threaten to depart, and leave his manager and teammates scrambling...

It will be interesting to see how the expertise profile and size of IT departments in companies migrating to cloud services will change. I expect quite a few false starts, but eventually an IT department's job (and an important one) will be focused around network connectivity rather than providing email, storage and distributed computing services.

2013-01-25

How to run a political campaign like you want to win

The Obama campaign wrote a document "Inside the Cave" documenting their perception of the reasons that their online campaign was (unarguably) so much more successful than Romney's "Project Orca" team.

For me, the key takeaways that emerge from the presentation on why they won:

  • Four times as many resources, people, targets than the GOP campaign;
  • A massive focus on analytics, which the GOP apparently ignored;
  • Recruiting individual credentialed tech staff rather than political wonks and entire corporations (Microsoft in the case of the GOP) for the technology campaign;
  • Pitching technical jobs as undesirable ("It won't pay very well. The hours are terrible ... Most people who come to work here will take a pay cut.");
  • Dynamic daily reallocation of campaigning resources based on per-state simulations;
  • Daily calling of a large number of randomised voters in key states with short questionnaires to obtain data to feed the simulations;
  • Tracking "persuadeability" for voter groups to determine whether it was worth trying to convince them to switch/stay with voting intent;
  • Use of off-the-shelf open-source software such as R for stats analysis;
  • Tracking and categorising Twitter accounts to gauge reaction to local and national political events;
  • Greater online fundraising (which I don't think was a big deal - the campaign was going to spend money whether or not it had it, since it would backstopped by the major unions and private contributors);
  • Using the mail subject line "Hey" (which I'd bin out of hand, but then I wasn't a USA election voter...)
  • Invoking Michelle Obama's name in an email would reduce the amount raised by it;
  • Never mind gut feeling for selecting strategy - use hard data;
  • Allow people to store credit card info on central website but donate from mobile views via a button click, facilitating "drunk donation";
  • Multi-step pages for donations were less off-putting than single-page large forms;
  • Recruit experienced devs from major Silicon Valley social media companies (Facebook, Twitter, Google);
  • Developing tools earlier in the campaign cycle than they actually did would have improved their campaign efficiency;
  • Prepare and drill for the worst (major regional outages) so that when it happens you won't have problems, and you'll have a runbook telling you what to do so you just have to react, not try to problem-solve;
  • Use large-scale hosting and content distribution (AWS, Akamai) to obtain well-managed distributed hardware and robust connectivity so you only have to worry about your apps;
  • Program backends in Python and associated frameworks (Django, Flask) for rapid development
  • Strong presence on social media posting frequent and interesting (reshareable) content;
  • Target heavy online and TV ads spend in key states, age, gender, racial sectors.

I don't think it's too much to say that Obama's "Project Narwhal" spanked Romney's "Project Orca" in terms of efficiency and efficacy. Orca appears to have been a relatively traditional software and system development, using major technology vendors and consultants rather than dedicated individuals, and produced the result that anyone who has worked with large companies on a business-critical system has experienced - farce. This is ironic, as Orca typifies the Big Government approach to solving a problem, whereas Narwhal was a very libertarian project - find motivated people, give them a cause and let them work out what to do. It appears that any major companies involved in Orca quickly ran for cover after Romney's defeat; no surprise there.

Cameron and Miliband should be taking notes if they actually intend to win the next UK election. Following in the steps of Narwhal would seem to be critical to winning the social information war that modern elections are becoming.

Piers on Piers

Piers Morgan's Twitter Profile quote:

One day you're the cock of the walk, the next a feather duster.
Oh, Piers, don't sell yourself short. You'll always be a cock to us.

Blame the markets, why not?

Mark Serwotka, general secretary of the PCSU, is not keen on the markets:

But what are the markets? Who comprises them and why are they so powerful? I didn't vote for them and I doubt you did either – yet they apparently have the power to dictate policies to elected governments and, in the case of Italy, to even select the government.
Well, Mark, you and your members don't have to worry about markets because your pensions are paid directly by the Government, no matter what the markets do. However, for all the other employed people whose salaries pay for your pensions, their pension savings rise and fall according to how well the funds in which they are invested perform. Those funds aim to maximise revenue (we hope) by investing in companies and countries whose prospects appear rosy, and pull money out of the entities which appear to be heading for a fall.

I'm guessing that Serwotka does not intend for this article to become a Nassim Taleb discourse on performance of fund managers relative to passive trackers, and indeed it does not:

...the myth that the public sector caused the crash was allowed to develop, and the dangerous conclusion allowed to take root that hacking back the public sector would solve the crisis.
Huh? I've read the Guardian, Telegraph and Daily Mail since 2007 and can't remember anyone blaming the public sector for the 2008 crash. I thought it was fairly well-established that the crash was caused by a) American mortgage lenders lending to bad risks, b) stupid American and European banks exposing themselves to those bad risk mortgages via structured products and CDOs, and c) a flip-flop let-them-fail/OMG-bail-out-everyone approach by governments. The public sector's cost has been steadily rising over time, but has not jumped in such a way as to cause a crash.

The problem the public sector faces, Mark, as you well know but appear to have omitted in your argument, is that employment and retirement costs are steadily rising while Government income - tax, basically - is falling. Even if you fired 50% of current public sector employees, you would still have to pay extremely expensive redundancy costs, way above the statutory amounts paid by the private sector, and be on the hook for their pensions which accumulate far more quickly than private sector pensions and have no pre-funded component - each year's pension payments come directly out of Government income.

It appears that Mark is not keen on privatisation either:

Entire industries – from the railways and telecommunications, to gas, electricity and water – were taken out of collective public ownership. This transferred power over them from the ballot to the wallets of a few, the directors and shareholders who have extracted billions from them.
This may be news to you, Mark, but the public did not have any control over nationalised industries. They ran as monopolies, able to charge what they liked and subject to at best vague regulation by inept regulators. British Telecom was privatised in 1984, forced to submit to competition, and waits of weeks for telephone installation were forced down drastically. For sure, privatisation of services which retain monopolies is not likely to result in much improvement - look at the profits of the ROSCOs which lease rolling stock to the train operators in the UK - but privatising BT was one of the best things that the Government did in recent years. The constant pressure of competition resulted in rapid growth of ADSL provision around the UK; can you imagine the pre-privatisation BT ever deploying a new network at that speed?

Serwotka is afraid of privatisation squeezing out his public-sector membership; it's that simple. He is a rent seeker for public sector unions, and he does his job very well. However, that doesn't mean that the taxpayer should bow to his whims. When Mark says

When what we really need is to assert our democracy over the tyranny of the markets, in the interests of the many.
you should substitute "a few million public sector workers" for "we" and "the many", and "tens of millions of people whose pensions depend on the growth of private sector companies" for "the markets".

2013-01-23

Social media - HP doing it right

Prolific and stylish blogger Anna Raccoon was lamenting her experiences trying to get an HP printer to talk to her Mac, an experience comparable with deciphering Linear-A:

I've spoken to 17 different technical gurus, and a few extra at Apple. Every one of them paid the minimum rate for whichever country they were in, everyone of them believing they are doing a decent days work, and every one of them utterly useless.
Let me say that this is not 1000 miles from my own experience trying to get an HP laser to talk to my Apple hardware - it's about 50% reliable on wireless connecting at best, and 100% on USB connection but only if connected before a reboot. So you should think seriously about whether wrestling with HP drivers is really what you want to do, though the printer hardware itself seems pretty good and has held up well.

But what's this? Not a day later, HP contact Anna out of the blue:

I’ve just had a charming gentleman, Keith Schneider from 'Executive Customer Relations' (sounds good anyway!), on the phone from sunny California, who assures me that they will produce a French HP Laserjet expert with perfect English who will phone me at home within 24 hours and sort the problem...
Wow. Given California is 9 hours behind France, and so Mr. Schneider only got to work about 5 hours ago if he's an early riser, that's not bad going. Keith Schneider, if you're reading this, you should give a bonus to the social media trawler who spotted this blog post, realised its importance and escalated to you. It's raised HP several notches in my eyes, and I assume many others.

Now if you could do something about the semi-trained baboons who write your drivers, I'd be even happier.

Jay Leiderman's short-sightedness

Jay Leiderman, attorney for Anonymous (how does that work?) and Lulzsec, writes in the Guardian that distributed denial of service attacks should be regarded as "speech" and thus worthy of First Amendment protection:

A reported 10,000 protesters around the world took to the internet with a protest method known as DDoS (distributed denial of service) – the functional equivalent of repeatedly hitting the refresh button on a computer. With enough people refreshing enough times, the site is flooded with traffic, slowed, or even temporarily knocked offline.
Sounds nasty. Does it cause any damage?
No damage is done to the site or its backing computer system; and when the protest is over, the site resumes business as usual.
Well, the site can't process legitimate customers. So its operators lose money. And the site monitoring will page the company's sysadmins. Who will have to spend hours managing, firefighting, blocking IPs, rebalancing and restoring the site's normal operation. Probably out of hours, at overtime. So the company has to spend money. And maybe the high traffic causes logs to fill up a disk partition and the site to lose logging or transaction information. But no computer actually explodes in a red-hot ball of fire, so no "damage" has been caused.

One person jumping up and down on a wooden bridge is just fine. A hundred people jumping up and down on a wooden bridge in concert can eventually cause timbers to crack, and the bridge to require expensive repairs. But that's OK, because it's just free speech - people are enjoying how springy the bridge is.

One person asking for a glass of water from Starbucks is normal business. A hundred people saturating the Starbucks queue and asking for a glass of water when it's their turn to be served will drive away legitimate customers, tank the store's profitability for that day and wreck their employee's chance of a performance bonus. But that's OK, because it's just free speech - people are thirsty.

One person occupying a table in a vegan restaurant and ordering a hamburger is slightly obnoxious. Twenty people doing this displaces all the restaurant's legitimate customers, aggravates the staff and kills takings for the evening. But that's OK because it's just free speech - people have the right to ask for a hamburger, as the restaurant has a right to refuse to provide one.

Now let's talk technology. Jay Leiderman believes that people hitting the refresh button on their browser at a co-ordinated time is free speech. How about running a little batch script that makes the same HTTP GET request every couple of seconds? Surely the intent is the same. How about running a batch script that listens for commands from a central server and sends HTTP GET requests to specific URLs on command? Surely the intent is the same. How about the person who runs the central server and sends the commands to all the clients - surely they are merely making use of the service that each user installing the script has provided? Congratulations Jay Leiderman, you're well on your way to legitimising botnets.

So how does Jay defend this disruption?

True, customers of the site are temporarily inconvenienced, but democracy is often messy and inconvenient. Moreover, the voice of your fellow citizen should always be worth slowing down to hear for a moment.
Really, Jay? What, specifically, are they saying? If I go to Paypal to pay for something bought on eBay (God forbid) and Paypal isn't responding, how should I know why it isn't responding? How do I know what the DDoS perps are trying to say beyond "we don't like Paypal"? It's not very specific speech, is it?
Thousands of PayPal protesters said, via their protest speech in DDoS form: "I want to make a donation to WikiLeaks; I'll take up my bandwidth to do that, then I'll leave. You'll make money, I'll feel fulfilled, everyone wins."
Wow, Jay. You can really pull information out of silence. I'm impressed. What was John Cage saying in 4'33"? With those kind of skills, you should be a literary critic, not a lawyer (although a certain parasitism characterises both professions).

Incidentally, if you operate an online service and don't have some frontend checking of traffic-per-IP spikes, you probably should. If you see an IP start to request many purchases per minute within the space of a few minutes, it's time to start putting that IP to the back of your request queue. I suspect Jay Leiderman would not appreciate you redirecting those DDoS requests to www.leidermandevine.com, his appreciation for "free speech" notwithstanding. Though I do wonder what he would think they were saying.

2013-01-22

New York wants bankers paid better

This is why George Osborne isn't whining about bank bonuses:

The amount of money Wall Street sends to Albany [New York state capital] (in personal and business income taxes and capital gains) declined from more than $12 billion in 2008 to less than $9 billion last year, and is almost certain to fall again, given last week's bonuses. In percentage terms, the Street used to account for 21% of all state revenue; today, the number is 13% and sliding.
If you pressure banks to cut bonuses, that will show up in your city / state / national accounts as a corresponding decrease in tax revenue. And for a state (New York) or country (London) heavily dependent on financial services revenue, that is not something that's going to be easy to swallow.

HR by the numbers

A fascinating post on Slate about how Google HR applies engineering principles to its job:

After crunching the data, Carlisle found that the optimal interview rate—the number of interviews after which the candidate’s average score would converge on his final score—was four. "After four interviews," Carlisle says, "you get diminishing returns." Presented with this data, Google's army of engineers was convinced. Interview times shrunk, and Google's hiring sped up.
That rings true with me. The banks in particular are notable for grilling candidates with ten or more interviews, often back-to-back in a single day. The implication from these findings - and remember, Google has engineering offices all over the globe, so it's not just confined to the West Coast hippies - is that the only benefit of this interviewing approach is as a rite of passage or test of endurance, because it sure doesn't seem to be optimised for finding people whom interviewers agree are suitable. You'd think that a bank would value the time of its interviewers more.

Google have something called PiLab ("people and innovation lab") that seems to be dedicated to running HR experiments on Google engineers and interviewees. They seem to be ruthlessly data-driven, and I'm reminded of the maxim "Talk is cheap, show me the code". I wonder how many HR organisations that I've encountered would handle that kind of demand for proposals backed by (relatively) hard data and stats. I suspect most of the would be curled up weeping under their desks by the time the engineers were dissecting the ludicrously unfounded stats in the second paragraph of their report.

They even determined that good managers, defined by those getting good 360-degree rankings, make a measurable difference to their teams:

When analysts compared the highest- and lowest-performing managers, they found a stark difference—the best managers had lower attrition rates (meaning fewer people left their teams), and their teams were much more productive across a range of criteria.
Of course, with that knowledge, the trick is finding and hiring or promoting people who are going to be those good managers; there's always the risk that a whiff of power might make an otherwise engaging and competent recruit go psycho.

The more mischievous part of me wonders how many of the facts put out by Google in this article are true, and how many are false (or, more likely, "true but misleading") to get Facebook, Cisco, Apple, IBM et al to run down blind alleys in their own recruiting/HR practices...

2013-01-21

The perils of principality

Guardian journalist (deputy fashion editor) Hadley Freeman is branching out; fresh from a fawning column on Obama's inauguration, she chooses a similarly royal figure as her next subject - Captain Harry Wales, aka Prince Harry:

No matter how many times he insists he is just a normal soldier, and no matter how many members of his squadron are trotted out to parrot the line, the fact remains he is royal and his presence there arguably – as many have pointed out previously, including Harry – puts his fellow soldiers in danger.
Harry's part of the UK Apache contingent, Hadley. They have been top of the Taliban target list ever since their deployment in 2007. Apaches are hated and feared by the Taliban - see for instance the book "Apache" by UK AH-64 pilot Ed Macy. Having Prince Harry in Bastion or cruising around the sky in an AH-64 is not going to make the Apache crew any more of a priority target than they already are. The Taliban would like nothing better than to kill an Apache crew, or better yet capture them and film them having their head slowly sawn off. I'm sure that if they caught Harry rather than J. Random other Apache pilot it would be an extra frisson for them, but that doesn't make it any more likely to happen. They would have to be exceptionally lucky with a heavy machine gun or RPG, or be in luck when an Apache suffers a serious mechanical failure far from base.

Hadley's take on Captain Wales is fairly clear:

The nation's eyes will collectively remain unbatted at the revelation from Captain Simon Beattie, Captain Wales's commander, that his charge is "pretty forward on the banter". No word on whether that banter includes racist terms such as "Paki" and "raghead", as it did three years ago in reference to one of Harry's then Sandhurst colleagues.
Ah yes, the racially prejudiced and colonial UK monarchy. Now we see where you're coming from, Hadley. No doubt you're waiting with baited breath for a UK version of Bradley Manning to leak UK Apache gun camera tapes showing Captain Wales mercilessly gunning down Afghan civilians.

I perhaps ought to take up commentary on fashion, since I'm clearly at least as well informed on that topic as Hadley is in matters military.

Whither universal benefits?

I agreed with more than the usual fraction of a John Harris article today: his argument that universal benefits should stay universal actually had something approaching good points in it. In the current climate of discussions about what benefits we should means-test or remove to save money, Harris points out the problems with that approach:

As the child benefit fiasco proves, means-testing and selectivity cost huge amounts of money and governmental effort. In stigmatising help and demanding engagement with a labyrinthine machine, selective benefits often fail to reach the people they are meant for (which is why over 25% of kids entitled to free school meals don't get them, and the means-testing of winter fuel payment would be dangerous).
He's spot on. The child benefits change was particularly demented; the oft-quoted case where two parents both earning £X,000 keep their child benefit, but the stay-at-home mother and her partner who earns £(X+10),0000 get nothing, makes absolutely no sense. The reason it was proposed was a consequence of existing bureaucracy; the tax system has no real concept of a "household" and thus making any benefits change relating to household income would either rely on people's innate honesty - stop sniggering at the back - or require a massive, expensive and likely terribly unpopular re-engineering of the taxation system. Thus we are landed with another government-sourced taxation distortion (very high marginal tax for earners with children between £50K and £60K), and now there's precedent for it I expect other benefits to be means-tested in the same way.

Of course, Harris doesn't really address the flip side of universal benefits - they're rather expensive. The Guardian's excellent visual guide to Government spending points at £12bn in child benefit and £30bn in personal tax credits per year. If you want to reduce child benefit / tax credit spending, limit it to two children. No distortions, as easy to administer as the current system. Job done. Of course, this won't go down well with families of 3+ children. But let's remember there's no money left. We can't afford our current spending. We're about at the peak of what we can tax without being Laffered. Spending on state pensions (£74bn) is only going to go up.

Something Harris skips lightly over is the NHS, a great example of universal benefit. It costs £100bn annually (plus £7bn if you include its pension scheme). So every taxpayer, say 30m of them, has to find £3,300 to cover themselves. But they also have to cover non-taxpayers - the elderly, children and the non-working - so that's nearly £7K in taxes just to cover the running costs of the NHS. With the increasing fraction of elderly patients requiring expensive residential care for degenerative diseases and conditions, that too is only going to go up, and sharply. The Dilnot Commission report on residential care proposed capping care costs at £35K, though the Government is now talking about nearly double that limit as life expectancies and the costs of caring continue to rise.

Universal benefits are simple to administer and not generally distorting, far superior to means tested benefits, but that's not why they are threatened. They are threatened because:

  • the pay-as-you-go pensions model is far too close to a pyramid/Ponzi scheme, so that promised payments that seemed affordable 40 years ago are anything but;
  • improvements in nutrition and healthcare mean that people are living longer and thus living long enough to suffer from expensive-to-treat diseases and afflictions; and
  • public jealousy at high earners is putting pressure on politicians to make choices that make little economic sense (e.g. means testing for child benefit, winter fuel allowance etc.).
And yet, if we measure a society by anything it should be by the way it treats those who cannot look after themselves - the impoverished elderly, the seriously mentally ill, those crippled by disease or injury who simply cannot work. How are we going to afford the care these people need, if we have to provide the same care to everyone else?

This is not to say that Harris's article is all on solid ground. Case in point:

Funny, too, that such high-ups as George Osborne bemoans "taxing people on low incomes to pay for the child benefit of those earning so much more" when, as he must know, a progressive taxation system ensures that this has never actually happened.
If you could actually save £2bn in child benefit this way, you could direct that tax saving to increasing the threshold at which people start paying income tax. Thus, since we are currently paying child benefit to high earners, we are losing the opportunity to tax less people on low incomes. George Osborne is - in this case - right.

2013-01-20

Post-crisis in Algeria?

The bloody siege at Amenas in Algeria is over, and five alleged kidnappers have been taken alive. I believe that the Algerian authorities have a "robust" approach to prisoner rights, and right now the kidnappers are likely wishing they'd been shot instead. Anyway, the dust is settling on the action with 23+ hostages and around 30 kidnappers dead. What was this all about, and what does it forecast of future terrorist activity in the Maghreb?

The siege was clearly targeted at Western governments; reports seem consistent that the kidnappers left the Algerian staff more or less alone and concentrated on the Western staff as hostages. What gives a little more colour to that view, though, comes from blogger Wretchard writing about Filipino engineer and hostage Ruben Andrada:

With detcord wrapped around his neck and caught in the gunbattle between the Masked Brigade and Algerian forces, he regarded his chances of survival as doubtful. Andrada retreated into that classic Filipino attitude: "bahala na". He thought 'leave it to God' as bullets kicked up the ground around him.
It's odd that a Filipino would be regarded as Western - except, of course, it's not the "country of nationality" that the hostage takers care about. Filipinos are predominantly Christian - 90% of the population, and most of those are Catholic. The kidnappers weren't targeting "Westerners", they were targeting "non-Muslims".

The assault itself was the classic Russian model - go in, slaughter the bad guys, try not to kill hostages if you can help it, but never mind if some of them get hit. Taking prisoners is strictly optional, which is why I was surprised that five kidnappers appear to have survived - I wonder if this group was based away from the gas plant as a support/escape element and was detected and ambushed by the Algerian forces suddenly enough that fighting wasn't really an option. There will be any amount of explicit and implicit blame placed on the Algerian forces in the next few weeks, but really they did exactly as they were supposed to. Algeria doesn't want attacks like this to happen, especially not around its revenue-producing gas plants. It wants to make plain to any attackers that no deals are made, that Algeria won't hesitate to go in shooting, and that holding hostages won't really slow down any attack. From now on, any Western kidnapping in Algeria will likely be by really badly-informed small-scale terrorist / criminal groups (and therefore relatively easy to manage). Jihadi attacks will be aiming to shoot-and-scoot or suicide-bomb, not hold hostages and hang around. Both of these situations are much easier to manage than a hostage siege, and generally less expensive in destruction to industrial facilities.

It will be interesting to see where the next hostage-taking occurs. I'm assuming Mali is now quite a hard target as Westerners are alerted to danger. I wonder if Morocco and Tunisia will be the next target, or perhaps further afield in Nigeria if Boko Haram can be persuaded to up their current game of blowing up churches, providing logistical support for better-trained and more determined jihadi from the Maghreb.

Caterpillars wise to avoid China

I enjoyed reading the entertaining tale of how Caterpillar bought into Chinese firm ERA Mining Machinery in June last year but has just discovered - oops! - that subsidiary Siwei is worth, in essence, nothing. They are taking a $580m write-off from a $653m total investment. That's got to sting. It seems that Siwei's actual inventory and presented accounts may not have been in complete agreement.

Of course, it's easy to be wise after the event. However the story from Caterpillar makes one wonder how hard it would have been to be wise before the event too:

A member of the Caterpillar board during the course of the Siwei deal told Reuters the board was distracted at the time by a larger transaction and paid relatively little attention to the Siwei acquisition.
I'm not making this up. So a $650m acquisition didn't warrant actual attention to the company being acquired. Wow. I wish I had that much money to burn on a whim. Caterpillar's 2012 Q3 results show a quarterly profit of $1.7bn on revenues of $16bn, so the write-off could be a little under 10% of annual profit - not company-ending, but surely nothing to sneeze at.

Whenever I see a major Western industrial nation blowing its trumpet about a big investment in China, I have to wonder when the other shoe is going to drop. Looks like it didn't take long in the case of Caterpillar.

2013-01-19

The Laffer curve in tobacco tax

It turns out that if you can keep your tobacco tax low when all around you are raising theirs, you'll be quids in, my son:

"At $4.35 per pack, New York State's cigarette excise tax rate is by far the highest in the nation and 31% to 63% higher than surrounding states, making cross-border purchases lucrative," Calvin said. "Tribal stores continue to sell cigarettes to non-Indian customers tax-free in defiance of New York State law, and there is a steady flow of smuggled product from Virginia and other distant, low-tax states."
60% of all New York smokes are smuggled in, thereby bringing in zero tax for the state. Near-neighbour New Hampshire taxes at $1.78 per pack and suffers a 26% smuggling rate - except that's smuggling out of the state after being bought there... From every 100 packs consumed in NYC, the state raises $174, but from 100 packs consumed in NH, the state raises $178. Smuggling is a complete no-brainer; assuming the average New Yorker lives 1.5 hours drive from a state that sells cigarettes at NH rates, the 3 hour round trip in a reasonably-sized car would cost about 2/3 of a tank of gasoline, say $40-$50. Assume a value of time of $20/hour, and two people, making $120. So they just have to get a $170 return on their purchase, with the cost differential being $2.50 per pack. That's 68 packs.

It's clear that if NYC raises taxes further, its cigarette tax income will drop further. Who's going to bet that they won't be that stupid, though?

This should be a lesson for the UK Government. I view the claims of reduced consumption rates of smuggled cigarettes with deep scepticism. There's illegally smuggled tobacco and then there's tobacco brought back for "personal" consumption that's then stretched to family, friends, the guys in the pub... The cases of tobacco smugglers bringing back hundreds of kilos into the country are proof that there's a sizeable demand for cheap tobacco in this country.

2013-01-17

Mali and Algeria - a new elephant trap?

With the bloody mess at the Algerian Amenas gas facility and the French intervention in Mali in the news, I thought I'd have a look see what was actually going on since I now despair of getting meaningful data from the news. In particular, why are the French so concerned that they're taking unilateral military action?

The prior history of Al Qaeda in the Maghreb and Ansar Dine bears reading. The Maghreb is north-west Africa, more or less, but Mali is the base for AQIM. Mali itself is south-west of Algeria - and yes, I had no idea until I consulted a map. Ansar Dine and AQIM initially helped the Tuareg MNLA in northern Mali ("Azawad") in their fight against the government, but have now turned on the MNLA and pushed them out of the cities they'd taken together in northern Mali. Ansar Dine appears to be primarily Muslim Tuareg in composition. The Mali kind-of-government (post-coup) asked for French help as it had no real ability to fight a conflict like this for Azawad, even though MNLA have now aligned themselves with the Mali government against Ansar Dine/AQIM.

AQIM seems to have ambitions beyond merely extending its territory. Bungled 2009 experiments in using bubonic plague imply that it's looking at Western population centres as a target for their brand of jihad.

Clearly there is widespread concern about AQIM establishing a base across more than 50% of Mali. 700,000+ square km of desert territory is a lot of space to hide - more than the total area of Afghanistan, to give you some comparison. Nigeria and Chad have pledged substantial forces to oppose the rebellion, giving you some idea about how worried they are about the problem - operating a significant military force overseas on an open-ended commitment is an expensive proposition.

The Amenas hostage-taking is significant as it is claimed to be a protest against French involvement in Mali and Algerian complicity in the military operations. Note that it's in eastern Algeria, well away from Mali but close to Libya, implying that AQIM have substantial mobile military forces in western Libya. The attackers can't have expected to walk away from the situation; this was almost certainly sold as a suicide mission. The Algerian government said early on that it would not negotiate, which presumably was the expected reaction. So why conduct the operation? I can only imagine that the intent was to discredit the Algerian government in the eyes of European citizens following a bloody rescue operation; blame most of the deaths on Algeria, reduce Western military support for the government, and take (say) southern Algeria at their leisure.

Mitt Romney failed pretty completely against Obama, but to his credit he raised the issue of Mali back in October, way before anyone in the media was noticing:

Romney used Mali as an illustration of the rise of Al Qaeda, trying to make the point that the world has gotten less safe during the administration of President Obama because terrorist groups have been allowed to flourish in places like Mali. Obama countered that Al Qaeda has been decimated during his administration.
Oops! Clearly not decimated in the Maghreb, quite the contrary.

Still, I'd be fascinated to learn what French intelligence has been telling Hollande that has made him take the political risk of intervening in Mali. If he's that concerned, perhaps we should all be.

2013-01-16

Executive orders - solutions looking for problems

The list of 23 executive orders relating to gun control has come out of the White House, and it's a doozy. Let's look at each and see how it addresses the problems of a) mass shootings and b) inner-city gun violence.

  1. Issue a Presidential Memorandum to require federal agencies to make relevant data available to the federal background check system.
    Irrelevant - no evidence that background checks affect mass shootings.
  2. Address unnecessary legal barriers, particularly relating to the Health Insurance Portability and Accountability Act, that may prevent states from making information available to the background check system.
    Irrelevant - see above.
  3. Improve incentives for states to share information with the background check system.
    Irrelevant - see above.
  4. Direct the Attorney General to review categories of individuals prohibited from having a gun to make sure dangerous people are not slipping through the cracks.
    Irrelevant - no evidence that people known to be dangerous are allowed to hold guns.
  5. Propose rulemaking to give law enforcement the ability to run a full background check on an individual before returning a seized gun.
    Irrelevant - no evidence that shooters have previously had a seized gun returned.
  6. Publish a letter from ATF to federally licensed gun dealers providing guidance on how to run background checks for private sellers.
    Mostly irrelevant - though probably a good idea on its own.
  7. Launch a national safe and responsible gun ownership campaign.
    Worth a try - though probably about as effective as any government campaign.
  8. Review safety standards for gun locks and gun safes (Consumer Product Safety Commission).
    Irrelevant - no evidence that breaking into gun safes or picking gun locks is a problem.
  9. Issue a Presidential Memorandum to require federal law enforcement to trace guns recovered in criminal investigations.
    Stupendously irrelevant - and probably very expensive, generating swathes of gun-tracing bureaucracy.
  10. Release a DOJ report analyzing information on lost and stolen guns and make it widely available to law enforcement.
    Probably irrelevant though no harm in it.
  11. Nominate an ATF director.
    WTF? I mean, seriously?
  12. Provide law enforcement, first responders, and school officials with proper training for active shooter situations.
    Good idea as long as this isn't pushing unproven wishful thinking and isn't mandatory.
  13. Maximize enforcement efforts to prevent gun violence and prosecute gun crime.
    Nonsense on stilts - anyone think law enforcement is just idly letting gun crime happen. Goodness only knows what directives this will be used to push.
  14. Issue a Presidential Memorandum directing the Centers for Disease Control to research the causes and prevention of gun violence.
    Maybe interesting though it depends whether the CDC is implicitly directed to produce a predetermined result, or if it can actually do real research and publish the results no matter how inconvenient for the administration's narrative.
  15. Direct the Attorney General to issue a report on the availability and most effective use of new gun safety technologies and challenge the private sector to develop innovative technologies.
    Pointless - there's already an active market in gun safety, how is government interference going to help?
  16. Clarify that the Affordable Care Act does not prohibit doctors asking their patients about guns in their homes.
    Good idea - although worrying that the ACA may reasonably be interpreted this way. Which idiot drafted it and which idiot signed it in this form?
  17. Release a letter to health care providers clarifying that no federal law prohibits them from reporting threats of violence to law enforcement authorities.
    Good idea - with the above caveats.
  18. Provide incentives for schools to hire school resource officers.
    Pointless pork - how will these "resource officers" prevent gun deaths?
  19. Develop model emergency response plans for schools, houses of worship and institutions of higher education.
    Moderately good idea though really it's just "call 911, shoot back if you can, run if you can, barricade if you can't shoot or run." Wonder how much it'll cost.
  20. Release a letter to state health officials clarifying the scope of mental health services that Medicaid plans must cover.
    Maybe helpful in some areas but with the scope to be mostly irrelevant to the actual problem.
  21. Finalize regulations clarifying essential health benefits and parity requirements within ACA exchanges.
    Completely irrelevant - smuggling more ACA changes through.
  22. Commit to finalizing mental health parity regulations.
    Potentially helpful but in practice probably irrelevant.
  23. Launch a national dialogue led by Secretaries Sebelius and Duncan on mental health.
    Must - resist - self - oh, whom am I kidding? Public wringing of hands, unlikely to make any difference.

Nearly all of these are irrelevant to the stated problems of gun violence and mass shootings. Several look like vehicles to smuggle through unrelated legal changes. The good ideas should be very cheap to implement, as long as the federal government can avoid piling onto them and generating additional bureaucracy.

This is why executive orders are generally a bad idea (I hope the UK government is taking notice). The lack of scrutiny means that the resulting directives are at best useless and at worst actively malevolent.

2013-01-15

Outsourcing strategies

I'm torn between horror and admiration at this story: the software developer who outsourced his job to China.

As it turns out, Bob had simply outsourced his own job to a Chinese consulting firm. Bob spent less that one fifth of his six-figure salary for a Chinese firm to do his job for him. Authentication was no problem, he physically FedExed his RSA token to China so that the third-party contractor could log-in under his credentials during the workday. It would appear that he was working an average 9 to 5 work day. Investigators checked his web browsing history, and that told the whole story.
OMG. Words do not suffice.

On the one hand, this is useful information for his employer; instead of paying Bob $200K+ and providing physical office space for him, they could just pay the Chinese $50K and have them deliver their work electronically. On the other hand, can you imagine the attraction for the Chinese Ministry of State Security of having full access to the network of a major "U.S. critical infrastructure company"?

Had I been the boss of this company, I would have called Bob into my office and congratulated him on his entrepreneurial spirit. I would then have clubbed him over the head, fed his body to pigs, pulled the plug on my entire network, rebuilt it from the ground up with new hardware and software, and given the CIA, NSA and FBI full access to the original network to do with what they wanted. I would also have given my HR department and Bob's management chain 48 hours to respond to the accusation that they were completely ineffectual in assessing and supervising the performance of personnel, and fired anyone unable to produce a reasonable excuse.

This just goes to show that your security is only as good as your least trustworthy and most ingenious employee.

First thoughts on Facebook Search

Initial thought: "thank heavens they're fixing the search function, it sucks beyond the telling."

Facebook, sensibly, are restricting their search space to Facebook itself, plus shared content. Presumably they will crawl external pages that users share, index significant terms, and allow Facebook Search (hereafter FBS) to direct users to the shared page. Their indexing task is therefore relatively predictable; they just have to index each post/album annotation/check-in as it is made. Since these are small text items, it's not a massive incremental burden to bear.

The interesting part is the privacy aspect:

Over 3 per cent of Facebook's CPU time is spent on sorting out privacy, Zuckerberg says.
Interesting: suppose that your are friends with X, he posts about something and later un-friends you. Presumably you shouldn't find his posts when you search? Or can you find the posts that he makes while you are friends, but not afterwards? Whatever FB plumps for, you know that someone isn't going to like it. But it makes sense; when you generate a view of FB posts, the most important privacy aspect is whether you are allowed to see each post from the point of view of FB's privacy policy.

Search is not a massive change for FB. All that they are doing is making the Search: bar work reasonably well, by which I mean "much, much better than currently", plus doing some natural language processing on queries to identify significant entities (places people check-in, user friend names and transitive relationships.) The interesting question for shareholders is "how does FBS add to the bottom line." It's not obvious, which is why FB stock dropped 2.74% after the announcement.

The Search function could occupy a lot of FB CPU time. As an active FB user, at best I'd use search 2 days a week. If there are 500 million active FB users, which is an over-estimate, that's 1bn FBS queries per week - or 1600 searches per second. That's a lot of hardware that FB will have to devote to searching; for something that has no obvious commercial value, it's a big drain on FB resources. Since Google does 4.7b searches per day, Facebook will have to build out 3% of Google's search hardware just to service these queries. Google has about 900,000 servers, so Facebook needs 27,000 additional servers (plus power and networking infrastructure) for no obvious financial return.

Time to sell FB? I think so. (Disclaimer: I do not hold FB stock, or any options on it; do your own diligence; if you take investment advice from a pseudonymous blog then you must be nuts.)

Goldman Sachs has no testicles

...is the only conclusion to draw from today's announcement that they are not going to pay deferred bonuses after April 1st to avoid an extra 5% in tax:

The Bank of England governor told MPs he regarded such attempts as "depressing".
Further pressure was being exerted behind the scenes by the Treasury minister, Sajid Javid, who spoke to Goldman bankers to seek assurances that the bonuses from 2009, 2010 and 2011 would not be delayed.
The conversation that Goldman Sachs should have had with Mervyn was as follows:
MK: You shouldn't defer payment to avoid tax, that would be bad publicity.
GS: But completely legal?
MK: Yes
GS: And we're going to get slammed from every corner of the media when our comp allocation and results come out, no matter when we pay the bonuses?
MK: Yes
GS: And you're talking about a decrease in tax paid from 65.8% to 60.8%?
MK: Yes
GS: You can fuck right off.
Lordy. If you're going to be rapacious capitalists, at least do it properly. The conversation with Javid should have been shorter - indeed, the final response of GS would have sufficed.

Let's also remember that a wave of firings is an annual occurrence at these places:

Sanford Bernstein analyst Brad Hintz predicted average pay per employee at Goldman would rise from around £238,000 to £260,000 after a wave of redundancies.
That's several thousand jobs gone, just like that. No whining, just time to find a new gig (and hope that you'll lose no more than 20% of your base pay, and forget about a bonus).

Needless to say, the Opposition knows an opportunity for risk-free posturing when it sees one:

The shadow Treasury minister, Chris Leslie, predicted that the bonus season being launched by Goldman this week will be "very lucrative for thousands of bankers" as a result of the cut to the top tax rate.
I think he omitted "not to mention the Treasury" by accident. What do you think?

BAE Systems and Facebook - a match made in heaven

In my Facebook page today (yes, yes, admonishments taken) in the Sponsored links column, I was served the usual tedium of adverts but one caught my eye. "BAE Systems is hiring!" Well, they've got a couple of aircraft carriers and a few Astute subs to build, so I'd hope they're looking for good mechanical and electrical engineering talent. Quite how Farcebook picked me as a likely advertising target, who knows - perhaps that's why FB stock took a 2.74% bath today - but what caught my eye was the thumbnail picture. A smiling young Afro-Caribbean engineer in overalls - female persuasion.

Now I'm sure BAE Systems has a good number of female engineers in the UK. My top-end guess is 30% of the workforce. But the number of Afro-Caribbean female engineers is going to be tiny relative to the workforce size. So why are they using that as their hook? Anyone in engineering knows that engineers of Afro-Caribbean background are rare as hen's teeth. Against that, of course, is the natural result of aggressive filtering - those I know are almost invariably extremely good at their jobs and unwilling to put up with bullshit or sub-standard teaching.

Anyhow, curiosity piqued I click on the ad - and what do I get?

Firefox cannot find the server at wwwbaesystems.jobs.
Yes, whoever set up this ad campaign spent lots of time ensuring the image displayed was appropriate diverse and gender-friendly, but didn't actually give it anything approaching a valid URL. OK, so I try www.baesystems.com/jobs and get "The page you were looking for has moved or no longer exists.". Nice one.

What I think they were trying to point to was www.baesystems.com/careers which does exist as a redirect to /careers-rzz. Checking the UK careers page I don't see any Afro-Caribbean faces, but I do see very prominent pictures of women in overalls and goggles.

Let's look at BAE Systems' Women in Engineering article:

"Becoming an engineer really happened by accident," says Jayne Bryant. "I had seen my older sister struggle to get a job as a mathematics teacher and though I really loved the subject, I looked at accountancy and computer science instead.
"GEC Marconi had started a course for aspiring Software Engineers and they were located just five miles up the road from me. What's more, they were offering to pay you for doing it, unlike accountancy, so that's what really made my mind up!
Wow, way to big up the value of an engineering degree, BAE Systems - your top (female) engineering was a frustrated accountant who fell into software engineering by accident!

I do have a point with all this, I hope. BAE Systems, one of the biggest engineering firms in the UK, is trying to recruit female and minority engineers with a stereotypical "hey, look at the women and minority women in these pictures!" campaign, but can't take the time to ensure that the campaign even sends the interested parties to a valid URL. If this is the best they can offer to attract female engineers, I lose all hope.

Getting women into engineering starts way before they start looking for jobs as a B.Eng/M.Eng graduate. They need to be doing the right A-levels (Maths with mechanics, Physics) before they can even consider doing engineering. Guess what - half of the UK co-educational schools have no girls studying Physics. FFS. If BAE Systems is serious about wanting female engineers, and it should be, this is where they need to be intervening - talking to Year 10/11 students in the schools near BAE Systems sites about engineering as a career. This is true in spades for ethnic minority female engineers, by which I mean Afro-Caribbean, Hispanic, and Caucasian.

Yes, in the top-talent engineering roles for women, white, Hispanic and Afro-Caribbean women are under-represented, and Chinese and Indian women are over-represented. So it's nothing innate to the female mind that limits entry to engineering. We need to look at the devotion to education that Chinese and Indian parents have and hand to their children, and find some way to propagate that to students of other ethnicities.

Update: as of January 21st, this advert was still appearing, and the link was still broken. Fantastic.

2013-01-14

Negotiation vs posturing - the US debt limit

It looks as if I'm going to have to order more popcorn for 2013. The financial to-and-fro in the USA is providing near-non-stop entertainment. The latest round of catfighting is regarding the paltry hard limit of $16.4tn on the US debt, which the USA has already hit and is conducting temporary measures to avoid increasing - but come February the limit of temporary work-arounds is reached, and the USA cannot spend itself into debt any more until the debt ceiling is raised.

Is it just me, or does anyone else think that the BBC is a little light on investigative journalism in its piece on the matter?

He [Obama] demanded that Republicans in charge of the House of Representatives approve a rise in the federal government's authority to borrow money to pay existing obligations - without seeking policy concessions in return.
[...]
"The full faith and credit of the United States of America is not a bargaining chip. And they [Republicans] better decide quickly because time is running short," Mr Obama said.
Did you notice the mismatch? Obama is claiming that if the debt limit is not extended (because the Republicans control Congress, and could block a debt limit extension) then the USA is going to fail to pay its bills, and that will be All The Fault Of The GOP. Except - well, except for Section 4 of the 14th Amendment to the Constitution of the United States:
The validity of the public debt of the United States, authorized by law, including debts incurred for payment of pensions and bounties for services in suppressing insurrection or rebellion, shall not be questioned. But neither the United States nor any State shall assume or pay any debt or obligation incurred in aid of insurrection or rebellion against the United States, or any claim for the loss or emancipation of any slave; but all such debts, obligations and claims shall be held illegal and void.
Legally, the implication of this (according to legal scholars greater than I) is that debt payments have the first claim on US government spending:
Last I checked, pretty much every appropriations bill starts with a statement equivalent to this (from HR 6091, the appropriations bill for Interior last year): "Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled, That the following sums are appropriated, out of any money in the Treasury not otherwise appropriated, for the Department of the Interior, environment, and related agencies for the fiscal year ending September 30, 2013, and for other purposes, namely:..."
To my reading, that says that the money is only appropriated if there is money in the Treasury that isn't already appropriate. Since the 14th Amendment requires that we pay our debts, the appropriations for debt servicing would have to go to the front of the line. Anything after that would purely be on the basis of what money is available in the Treasury.
So there's no danger of the USA actually defaulting on its debt, since debt payments go to the head of the line. It's the spending after that which is the problem.

The US tax take is currently about 60% of its spending, so the effect of this restriction would be that the US would have to immediately cut its expenditure by 40%. Now, this is going to result in horrible cuts to entitlements (Social Security, Medicare, Medicaid), defence, and "discretionary" spending is really going to get it in the shorts, but the US government will not default on its debt no matter what the President claims.

One wonders what the BBC's Washington correspondent believes his job is, if not to do some basic journalism on the claims of politicians.

Chinese export forgery - cui bono?

It seems that the Chinese export figures may not be entirely congruent to reality:

UBS economists led by Hong Kong-based Wang Tao pointed to a "quite obvious discrepancy" in the growth of China's exports to Taiwan and South Korea and those economies' reported imports from China in recent months, even as historically they have tracked each other well.
But to what end? Why would China exaggerate its export figures? Whom are they trying to fool?

It appears that there is an active trade in fake-exporting goods in order to benefit internal economy participants:

Shenzhen Global offers customs clearing and other freight services including a "one-day tour," Lin Yongtai, a manager with the company in the city bordering Hong Kong, said in a telephone interview.
For a fee of 1,000 yuan ($161) per vehicle per day, the company will drive trucks into warehouses in bonded zones, where cargo must clear customs, so that businesses can obtain a refund of value-added tax on the "export" of their products or boost sale prices for goods that carry the cachet of being imported.
Note that this doesn't seem to be economic fraud perpetrated at the level of the State; rather, the skewed export figures appear to be at least partially generated by many small-scale fraudulent not-really-export activities. Businesses are paying intermediaries to gain an "export" credential for their goods, which in turn gives them some economic benefit in terms of tax relief or misleading origin of goods. This reminds me strongly of the UK VAT carousel fraud that was so profitable a few years ago.

What's worrying is the scale of this fraud, being able to move Chinese export figures sufficiently to make the figures obviously wrong. One has to wonder whether the Chinese government can actually exert any meaningful control over the economy they have encouraged; they can certainly arrest, try and jail/execute a few sacrifical goats, but if the government's stability is predicated on control of the economy then the only question is how long the government can keep all the plates spinning on their poles.

2013-01-13

Comp season, break out the popcorn

This week is banking bonus week and the Daily Mail is carefully working itself (and its readership) into a froth of rage, hyperbole and errors:

...staff at Goldman Sachs are expected to reward themselves(1) £8.3 billion in bonuses(2) on Wednesday. The American investment bank, which employs 5,500 staff in the UK, will be the first to unveil its telephone number-sized(3) rewards – an average of £250,000 a person(4) – as part of the latest round of bonus updates.
Taking them in order:
  1. Hopefully obviously, it's not the case that every banker sticks his or her grubby paws into a barrel full of dollars and pulls out what he or she likes. The Goldman Sachs partners will allocate the available bonus pool between the divisions; each division's partners will then allocate most of what they have around their profitable traders, and the remnants get handed down the management chain, shrinking as they go. The only way a "banker" can determine his own bonus is to threaten to leave if he doesn't get at least $X, and in today's banking job market the number of people who can make that threat effective are few.
  2. The "bonus" pool is actually total compensation - you have to take away what people are actually paid as a salary before you can start to dole it out in cash bonuses, shares, and deferred shares.
  3. Taking a typical phone number of 01234 567890, that looks like $1.2bn (if we are generous and assume the DM is referring to the original dollar figure rather than the UK equivalent). I rather doubt even the top partner is going to get 10% of all compensation to himself.
  4. There will be very few people with a total compensation around £250,000. The troops in the trenches making up most of Goldman Sachs' 32,600 headcount will get much less than £100,000 in total compensation; they'll be lucky to get a bonus of 25% of their salary. Not peanuts, to be sure, but less than half the average. Those earning above £250,000 will mostly be managing directors, partners and perhaps very senior vice presidents. Best guess is that there are around 2000 MDs and partners.

I particularly treasure the Daily Mail reader comments on this:

The US government gave them huge amounts of money with no recourse. So what happened there and now that they are making losts of money how is the US taxpayer going to get some of it back. Its absolutely Obscene. What sort of INSIDE deals were being done in US government. Seriously.
- EUSSR, London, 13/1/2013 17:28
Yes, I'd imagine the US government is gnashing its teeth at only getting a 22% (annualised) profit on its enforced loan to Goldman Sachs. The fiends!

What I don't expect to see is any comment about Goldman Sachs profits and bonuses from a certain G. Osborne. Assume the DM is correct in the figure of £8.3 billion total comp, and given 5000 people in London, that's £1.3bn in pay to be taxed. Assuming a conservative average tax take of 50% (50% top level income tax + 2% ee NI + 13.8% er NI == 65.8% marginal tax over £150K, so 50% average over all employees seems low if anything) the Treasury will see a total of £650 million in tax from London-based Goldman Sachs employees this year. Toss in JP Morgan, Barclays, Lloyds into the mix and I would think Mr. Osborne is going to keep his mouth shut about the evil bankers.

2013-01-12

Turning the tables on Morgan

It's one of my personal weaknesses that occasionally I watch Piers "smug" Morgan on his CNN show, but the other night I got to see him receive a dose of his own medicine. US conservative Ben Shapiro, who looks about 18 years old (28, apparently) took Piers to task over his approach to debating gun control; he ran rings around Morgan, courteously yet firmly pointing out that if you want to stop killings then banning handguns makes more sense than banning assault weapons:

Shapiro: This is what I wanted to ask you, Piers, because I have seen you talk about assault weapons a lot, and I have seen Mark Kelly talk about assault weapons. The vast majority of murders in this country that are committed with guns are committed with handguns, they are not committed with assault weapons. Are you willing to ban handguns in this country, across this country?
Morgan: No, that's not what I'm asking for.
Shapiro: Why not? Don't you care about the kids who are being killed in Chicago as much as the kids in Sandy Hook?
Morgan: Yes, I do.
Shapiro: Then why don't you care about banning the handguns in Chicago?
Morgan: We'll come to that.
Oddly, Morgan never came to that. The kindest thing we can say about Morgan's motivation in wanting to ban assault weapons is that he realises a handgun ban isn't going to happen, and an assault weapon ban is probably the only law change with a chance of passing. Of course, its actual effect is open to debate - the Federal Assault Weapons Ban of 1994 didn't have any effect that the CDC could detect.

What really made the interview, though, was that Shapiro had brought along a copy of the Constitution to (metaphorically) beat Morgan over the head with. Morgan proceeded to display contempt for that Constitution:

Morgan: You come in, you brandish your little book, as if I don't know what's in there --
Shapiro: My little book? That's the constitution of the United States. It's our founding document, Piers.
Morgan: I know what it is, your constitution.
Shapiro: Do you really?
Morgan: I have been debating this for a long time.
Shapiro: Then you should read the 2nd Amendment again.
Go read the whole interview if you haven't got time to see the video, it was quite the entertainment.

Piers Morgan, as Shapiro accurately noted, came into the USA with the perspective that he knows better than Americans how their country should be run, and views the Constitution as an annoying impediment to making everything work as well as it does in Britain.

Today, US author Brad Thor (whose books, while entertaining, make Tom Clancy's look intellectual) took to his Twitter account with a rather good idea:

I'm looking for a TV channel in UK to host the Brad Thor chat show which I'll use to actively push for abolition of the monarchy. @BBCWorld?
Even as a foreigner, I'm sure the British will not criticize me 4 wanting to do-away w/ the monarchy. It's a relic anyway, right? #Forward!
On my UK chat show, I'll call anyone who disagrees w/ my opinions stupid & absurd. The Brits need to come into 21st C. I will lead them!
On my UK chat show, I will tell everyone that we don't have a monarchy in America - not really - and therefore the U.K.'s should be ended.
I can't wait to get the first guest on my UK chat show so I can say, "You Brits, ...sitting there with that little Magna Carta of yours..."
I would pay a large, large sum of money (say, my TV licence fee) to see this show on the BBC.

2013-01-11

Nokia: security, we've heard of it

Perhaps, given Nokia's plummeting market share, this isn't such big news - but it's certainly a big deal. It seems that when Unisys engineer Gaurang Pandya analysed traffic from the "Xpress" browser on Nokia phones, the results weren't what he expected:

From the tests that were preformed, it is evident that Nokia is performing Man In The Middle Attack for sensitive HTTPS [secure Web connection] traffic originated from their phone and hence they do have access to clear text information which could include user credentials to various sites such as social networking, banking, credit card information or anything that is sensitive in nature. In short, be it HTTP or HTTPS site when browsed through the phone in subject, Nokia has complete information unencrypted (in clear text format) available to them for them to use or abuse.
What Nokia is doing is, instead of sending web traffic directly from the phone to the required website (Google, Facebook, Amazon etc.) it's redirecting the traffic to its proxy computers at browser.ovi.com and using that information to compress and speed up the connection from the proxy to the destination web site. This is all very laudable. The problem is, it's doing this with secure traffic as well as regular traffic.

A brief digression here. When your web browser connects securely to Google, how does it know it has reached Google and not some other site pretending to be Google? Go to https://www.google.com/ and look at the bar in your browser. There should be a padlock there; click on the padlock in most sensible browsers to reveal more information about how your browser knows this is Google. In essence, Google has "signed" a short note saying "hey, I'm really www.google.com" and sent it back to you. The signature involves heavy maths, but works in much the same way as a very-hard-to-forge written signature. But how do you know that's really Google's signature - after all, you don't know Larry Page's writing from Bill Gates's writing? Well, someone else (a certificate authority, in this case "Thawte SGC CA") has signed Google's signature and said "yes, this is Google's real signature". Your browser has a list of the signatures of the very small number of CAs out there, so can check that Thawte's signature is valid, and hence that Thawte really has verified that you are looking at Google's signature.

Right, so what's going on with Nokia? When your Xpress browser connects to Nokia's proxy instead of google.com, the proxy can't return a valid Google signature to the browser. The proxy establishes a secure connection with Google, but the signature for that connection isn't valid for the connection starting from your browser. Well, it turns out that Nokia's browser completely ignores the fact that it's getting the wrong certificate for the connection.

What's the implication of this for users? Anyone using Xpress for secure connections (think credit card data, secure searching, medical records, online banking) has their sensitive data completely on Nokia's proxy computers, and is totally reliant on Nokia not maliciously or accidentally storing, transmitting or exposing it.

So what does Nokia say about subverting browser security?

"The compression that occurs within the Nokia Xpress Browser means that users can get faster web browsing and more value out of their data plans," a spokesperson said, in an email sent to TechWeekEurope.
You see, it was done with the "best intentions"...
"Importantly, the proxy servers do not store the content of web pages visited by our users or any information they enter into them. When temporary decryption of HTTPS connections is required on our proxy servers, to transform and deliver users' content, it is done in a secure manner.
Well yes. Until someone within Nokia or some external cracker compromises your single-point-of-failure server. At that point all secure connections from all Xpress browsers to all secure sites worldwide are completely vulnerable and can be captured in clear by the crackers.

Nokia used to make good phones, but they have always suffered from "not invented here" syndrome, and this attempt to "improve" secure web connections is so drastically demented that, I have to say, they deserve to die.

[Hat tip: The Reg]

Lowering already submarine expectations

Talk about damning with faint praise: the new Russian Borei class submarine "Yuri Dolgoruky" is safer than the "Kursk". You remember what happened to the "Kursk", right?

The consensus on the time-line of the casualty, as per the other military vessels in the area, is though settled at two explosions occurring within a time-gap of two minutes between them. The impact of both explosions ranged in the trinitrotoluene(TNT) force scale, with the first explosion releasing around 100-250 kg worth of TNT force and the second releasing about 3-7 tons of TNT force.
118 Russian sailors died, most likely to problems with torpedo fuel. But the "Yuri Dolgoruky" is safer, because...?
Russia's Vesti TV news says the Yuri Dolgoruky's escape capsule can accommodate the whole crew and float to the surface in an emergency.
Um. So all 107 sailors just have to get from wherever they are (in a submarine so badly damaged that it cannot surface) into the escape capsule, then hope that the damage is not so bad that a) the capsule is blocked from decoupling from the submarine, b) that the capsule's structural integrity is not compromised and c) that the Russian shipyards' engineering expertise is good enough to make a large and complex escape capsule system work the first time that it is used under disaster conditions. Frankly, I'd feel a lot better about the idea if the sub had 3 or more capsules, distributed along the ship, making it more likely that at least some sailors could get off the damaged vessel.

Let me say that I think this capsule is actually a good idea and may well save some lives if things go badly for a Borei class submarine. But comparing it to the situation of the "Kursk" is less than flattering, and disrespectful of the 118 dead sailors. If a 3000kg-equivalent explosion happened on a Borei class submarine, what chance is there that any escape mechanism would help?

2013-01-10

On the notion of public trust

This article on DCI Casburn trying to sell phone-tapping investigation information to the News of the World is one of the most appalling things I've read recently - not for the writing style (so much) as for what a senior police officer is prepared to do for a relatively small amount of money:

The reporter on the News of the World who took the call, Tim Wood, wrote an email to more senior colleagues, detailing what he claimed had been said. It was the crown's [sic] main evidence against Casburn.
It read: "PHONE TAPPING. A senior policewoman ... who claims to be working on the phone-tapping investigation wants to sell inside info on the police inquiry. [...]"
Oopsie. Bang goes her claim of a public-interest defence. It's not the first time a casual email has landed someone in the clink, but it's instructive that today it's someone else's casually-written email which has sunk Mrs. Casburn.

So what's going to happen to her?

Mr Justice Fulford warned Casburn, a mother of three, that she faced an immediate custodial sentence and the Metropolitan police said she had "betrayed the service and let down her colleagues". But Patrick Gibbs QC, her counsel, asked the judge to take into account the fact that Casburn was in the process of adopting a child.
[...]
Casburn will be sentenced later. Her barrister said he would be seeking a suspended sentence. She is of previous good character and has a flawless disciplinary record.
Her barrister can seek all he likes. A pending child adoption is not a get-out-of-jail-free card. If a child's moral welfare is an important consideration of adoption, what sort of example does it send for the child to be adopted by a greedy duplicitous woman who abuses the trust placed in her by the public for personal financial gain? A DCI outside London earns £50K-60K depending on experience, and you can add on another £5K or so for London; what was she expecting from the NotW? And how, being a DCI involved in counter-terrorism operations, could she expect this money to not create a paper trail and raise eyebrows? Perhaps she's just not a very good DCI, promoted for reasons other than competence.

By the way, has the Guardian adopted "mother of X" as its version of the Daily Mail's "homeowner of a £XXX,000 semi" pointless personal adjunct? How does having 3 children bear on her guilt, culpability or detention prospects?

Frankly I hope that a 5 year sentence is at the low end of what Casburn can expect (in addition to losing her pension). I'm also hoping, but without much expectation of success, that the superiors who repeatedly promoted her will be getting their judgement very carefully scrutinised; I would like to know what it was about her service in the child protection unit that resulted in her repeated promotion and moving into counter-terrorism (what the hell is the connection between the two?) beyond having a pair of boobs. It certainly wasn't any competence in the world of electronic communications.

It's possible I sound somewhat harsh. However I view this as such a fundamental and stupid breach of trust by a senior public official that I can't see anything other than a substantial jail sentence offering sufficient deterrence to others thinking of doing the same thing. If she gets a suspended sentence, it's a clear message that sitting down to pee is a licence to break the law and abuse public trust with relative impunity. If you value the public service of women, this is a message that may not stand.