2015-04-30

You can't be too careful - car crashes

The class of systems with high distributed costs and focused but inadequate benefits is going to have another member: auto-calling police in the event of a car crash:

In the event of a crash, the device calls the E.U.'s 911 equivalent (112) and transmits to authorities important information including location, time, and number of passengers in the vehicle. An in-car button will also be installed in all vehicles. The eCall requirement will add an estimated $100 to the price of a car.
$100 on each (new) car sold: so how many new cars are sold in the EU each year? About 14 million in 2012. So this measure will cost $1.4 billion, and maybe $150 million in the UK. What's the benefit?
Each year nearly 26,000 people are killed in the E.U. by car crashes. This new device is estimated to reduce that number by 10 percent, saving 2,600 lives annually, by cutting down emergency response time by as much as 60 percent.
The cost of a life for purposes of safety varies by country and mode of transport, but let's take $1 million as the average. Given the quoted statistics, $2.6 billion saving (though optimistic, probably lower) comprehensively dwarfs $1.4 billion cost (though also optimistic, probably higher). Why isn't this a slam-dunk decision?

The problem is twofold: a) zeroing cost for lives saved, and b) the assumption of 10% saving. Let's consider each in turn.

If an injury is potentially fatal but not actually fatal due to timely intervention, it's almost always due to either early suppression of severe blood loss, or timely (within 1-2 mins) clearing of obstructed airway. The latter isn't relevant due to emergency service response times, so we only consider the former. This injured person will still need emergency treatment followed by several days of hospital care, and quite possibly follow-on care of injuries, rehab, and in some cases reduced lifetime tax payments due to reduced earnings and disability payments, so you're looking at order of $100K average costs. That's still not really significant.

However, consider a typical case where a life is saved: a car driver has an accident in the countryside when no-one is around. His car calls 112 and so the police (not the ambulance service initially, because they are too stretched to respond to wild goose chases) respond to his location. Seeing the crash they call for an ambulance which arrives 10-30 minutes before it would have otherwise arrived due to a passer-by report - people tend to notice a crashed car with no emergency services around it. He would have died due to shock (depletion of oxygen to the critical organs due to blood loss / asphyxiation / traumatic damage to heart and lungs) but the ambulance got there in time to oxygenate him and transport to hospital. Just how common is this?

Fatal road accidents rarely happen on remote roads - unsurprisingly, they happen where there are many more cars and roadside obstructions to run into. If an accident happens where passers-by are prevalent, this system doesn't help at all since nearly all passers-by have mobile phones. So we're only looking at a small fraction - 5% is optimistic - of accidents. The press release assumed 10%, so the benefit has already halved and is perilously close to the cost.

But bleeding to death is not a common cause of death from road accidents for drivers/passengers. Much more likely is traumatic head injury, which tends to kill them right there in the car. Unsecured drivers/passengers fly through the windscreen, or secured drivers/passengers bang their head against the car frame. This kills instantly, or in a few minutes. Another mechanism is the "third collision" where the car bangs into a tree (collision 1), the driver bangs into their seatbelt (collision 2) and then the free-hanging organs like lungs, heart bang into the drivers chest, or their blood vessels bang into ligaments that cheesewire them (collision 3). If you're in this situation and your aorta (the major blood vessel coming out of the heart) is damaged you can expect a 60%-80% chance of death no matter how quickly you get to the hospital.

Therefore, before we stick the European population with an extra $1 billion of annual costs, why don't we conduct a limited experiment introducing this requirement into a single country which is similar to another country in road crash death rates to see what effect, if measurable, this measure has? Or is the notion of trade-offs too alien to the EU?

2015-04-23

Journos writing about trading and high-speed computing

I have to admit, this amused me - the Daily Mail trying to write about high-frequency trading:

Suspected rogue trader Navinder Sarao lived in his parents' modest home because it gave him a split-second advantage worth millions of pounds, it was claimed yesterday.
His family's semi-detached house in suburban West London is closer to an internet server used by one of the major financial exchanges, giving him a nanosecond advantage over rivals in the City.
[...]
Sarao, 36, was dubbed the 'Hound of Hounslow' after it emerged he lived at home with his parents, despite allegedly making £26.7million in just four years of dealing from their home.
And yet you'd think that renting a small flat in Slough and paying for Internet access there would have improved his speed advantage; at a cost of about £50K for four years, that would have been a bargain. Why, it's almost as if the Daily Mail journalists had no idea what they were talking about....

2015-04-02

Active attack on an American website by China Unicom

I wondered what the next step in the ongoing war between Western content and Chinese censorship might be. Now we have our answer.

"Git" is a source code repository system which allows programmers around the world to collaborate on writing code: you can get a copy of a software project's source code onto your machine, play around with it to make changes, then send those changes back to Git for others to pick up. Github is a public website (for want of a more pedantic term) which provides a repository for all sorts of software and similar projects. The projects don't actually have to be source code: anything which looks like plain text would be fine. You could use Github to collaborate on writing a book, for instance, as long as you used mostly text for the chapters and not e.g. Microsoft Word's binary format that makes it hard for changes to be applied in sequence.

Two projects on Git are "greatfire" and "cn-nytimes" which are, respectively, a mirror for the Greatfire.org website focused on the Great Firewall of China, and a Chinese translation of the New York Times stories. These are, obviously, not something to which the Chinese government wants its citizenry to have unfettered access. However, Github has many other non-controversial software projects on it, and is actually very useful to many software developers in China. What to do?

Last week a massive Distributed Denial of Service (DDoS) attack hit Github:

The attack began around 2AM UTC on Thursday, March 26, and involves a wide combination of attack vectors. These include every vector we've seen in previous attacks as well as some sophisticated new techniques that use the web browsers of unsuspecting, uninvolved people to flood github.com with high levels of traffic. Based on reports we've received, we believe the intent of this attack is to convince us to remove a specific class of content. [my italics]
Blocking Github at the Great Firewall - which is very easy to do - was presumably regarded as undesirable because of its impact on Chinese software businesses. So an attractive alternative was to present the Github team with a clear message that until they discontinued hosting these projects they would continue to be overwhelmed with traffic.

If this attack were just a regular DDoS by compromised PCs around the world it would be relatively trivial to stop: just block the Internet addresses (IPs) of the compromised PCs until traffic returns to normal levels. But this attack is much more clever. It intercepts legitimate requests from worldwide web browsers for a particular file hosted on China's Baidu search engine, and modifies the request to include code that commands repeated requests for pages from the two controversial projects on Github. There's a good analysis from NetreseC:

In short, this is how this Man-on-the-Side attack is carried out:
1. An innocent user is browsing the internet from outside China.
2. One website the user visits loads a JavaScript from a server in China, for example the Badiu Analytics script that often is used by web admins to track visitor statistics (much like Google Analytics).
3. The web browser's request for the Baidu JavaScript is detected by the Chinese passive infrastructure as it enters China.
4. A fake response is sent out from within China instead of the actual Baidu Analytics script. This fake response is a malicious JavaScript that tells the user's browser to continuously reload two specific pages on GitHub.com.

The interesting question is: where is this fake response happening? We're fairly sure that it's not at Baidu themselves, for reasons you can read in the above links. Now Errata Security has done a nice bit of analysis that points the finger at the Great Firewall implementation in ISP China Unicom:

By looking at the IP addresses in the traceroute, we can conclusive prove that the man-in-the-middle device is located on the backbone of China Unicom, a major service provider in China.
That existing Great Firewall implementors have added this new attack functionality fits with Occam's Razor. It's technically possible for China Unicom infrastructure to have been compromised by patriotically-minded independent hackers in China, but given the alternative that China Unicom have been leant on by the Chinese government to make this change, I know what I'd bet my money on.

This is also a major shift in Great Firewall operations: this is the first major case I'm aware of that has them focused on inbound traffic from non-Chinese citizens.

Github look like they've effectively blocked the attack, after a mad few days of scrambling, and kudos to them. Now we have to decide what the appropriate response is. It seems that any non-encrypted query to a China-hosted website would be potential fair game for this kind of attack. Even encrypted (https) requests could be compromised, but that would be a huge red arrow showing that the company owning the original destination (Baidu in this case) had been compromised by the attacker: this would make it 90%+ probable that the attacker had State-level influence.

If this kind of attack persists, any USA- or Europe-focused marketing effort by Chinese-hosted companies is going to be thoroughly torpedoed by the reasonable expectation that web traffic is going to be hijacked for government purposes. I wonder whether the Chinese government has just cut off its economic nose to spite its political face.