Domain: slashdot.org
Stories and comments across the archive that link to slashdot.org.
Stories · 37,380
-
US House Votes 397-0 To Oppose UN Control of the Internet
An anonymous reader writes "The U.S. House of Representatives voted 397-0 today on a resolution to oppose U.N. control of the internet. 'The 397-0 vote is meant to send a signal to countries meeting at a U.N. conference on telecommunications this week. Participants are meeting to update an international telecom treaty, but critics warn that many countries' proposals could allow U.N. regulation of the Internet.' The European Parliament passed a similar resolution a couple weeks ago, and the U.N. telecom chief has gone on record saying that freedom on the internet won't be curbed. However, that wasn't enough for U.S. lawmakers, who were quite proud of themselves for actually getting bipartisan support for the resolution (PDF). Rep Marsha Blackburn (R-TN) said, 'We need to send a strong message to the world that the Internet has thrived under a decentralized, bottom-up, multi-stakeholder governance model.'" -
US House Votes 397-0 To Oppose UN Control of the Internet
An anonymous reader writes "The U.S. House of Representatives voted 397-0 today on a resolution to oppose U.N. control of the internet. 'The 397-0 vote is meant to send a signal to countries meeting at a U.N. conference on telecommunications this week. Participants are meeting to update an international telecom treaty, but critics warn that many countries' proposals could allow U.N. regulation of the Internet.' The European Parliament passed a similar resolution a couple weeks ago, and the U.N. telecom chief has gone on record saying that freedom on the internet won't be curbed. However, that wasn't enough for U.S. lawmakers, who were quite proud of themselves for actually getting bipartisan support for the resolution (PDF). Rep Marsha Blackburn (R-TN) said, 'We need to send a strong message to the world that the Internet has thrived under a decentralized, bottom-up, multi-stakeholder governance model.'" -
Richard Stallman: 'Apple Has Tightest Digital Handcuffs In History'
jrepin points out a discussion with Richard Stallman in which he talks about how the Free Software movement is faring in light of companies that have been successful in the long term with very different principles, like Microsoft and Apple. Stallman had this to say: "I would say the free software movement has gone about half the distance it has to travel. We managed to make a mass community but we still have a long way to go to liberate computer users. Those companies are very powerful. They are cleverly finding new ways to take control over users. ... The most widely used non-free programs have malicious features – and I’m talking about specific, known malicious features. ... There are three kinds: those that spy on the user, those that restrict the user, and back doors. Windows has all three. Microsoft can install software changes without asking permission. Flash Player has malicious features, as do most mobile phones. Digital handcuffs are the most common malicious features. They restrict what you can do with the data in your own computer. Apple certainly has the digital handcuffs that are the tightest in history. The i-things, well, people found two spy features and Apple says it removed them and there might be more. When people don’t know about this issue they choose based on immediate convenience and nothing else. And therefore they can be herded into giving up their freedom by a combination of convenient features, pressure from institutions and the network effect." -
City of Heroes Reaches Sunset, NCsoft Paying the Price
KingSkippus writes "At midnight Pacific on Saturday, December 1, NCsoft shut down the City of Heroes servers for the final time. Since announcing the closure, a group of players has been working hard to revive the game by getting attention from the gaming press, recognition from celebrities such as Sean Astin, Neil Gaiman, and Felicia Day, and assistance from fantasy author Mercedes Lackey. Meanwhile, NCsoft has been drawing negative publicity, including a scathing article about the shutdown from local news site The Korea Times, noting that the game was earning $2.76 million per quarter and that 'it is hard to comprehend what NCsoft means when they say they closed it for strategic reasons.' NCsoft's stock price has fallen over 43% since the announcement in August, almost 30% below its previous 52-week low, right when investors were counting on the success of the recently launched Guild Wars 2 to help boost the company." -
Book Reviews: Lockpicking Books From Deviant Ollam
benrothke writes "It is well known that the password, while the most widespread information security mechanism, is also one of the most insecure. It comes down to the fact that the average person can't create and maintain secure passwords. When it comes to physical locks, the average lock on your home and in your office is equally insecure. How insecure it in? In two fascinating books on the topic, Deviant Ollam writes in Practical Lock Picking, Second Edition: A Physical Penetration Testers Training Guide and Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks that it is really not that difficult. When it comes to information security penetration tests done on the client site, the testers will most often have permission to be inside the facility. On rare occasions, the testers need to find alternative means to gain entrance. Sometimes that means picking the locks." Keep reading to learn if you'll be picking locks soon. Practical Lock Picking, 2nd ed. / Keys to the Kingdom author Deviant Ollam pages 296 / 256 publisher Syngress rating 9/10 reviewer Ben Rothke ISBN 978-1597499897 / 978-1597499835 summary Two excellent books on the fundamentals of lockpicking All of the information in the books is long known to professional locksmiths. For those whose responsibilities include physical security, it is hoped that they are at least at the level of the locksmiths, and have designed their physical security plant accordingly.
Ollam is a member of The Open Organization Of Lockpickers (TOOOL), a group whose goal is to advance the general public knowledge about locks and lock picking. TOOL'S mantra is that the more that people know about lock technology, the better they are capable of understanding how and where certain weaknesses are present. This makes them well-equipped to participate in sport picking endeavors and also helps them simply be better consumers in the marketplace, making decisions based on sound fact and research. In these books, Ollam stays true to that mantra.
The two books have some overlap. Practical Lock Picking is meant as a beginners guide to lock picking, and is intended to be a hands-on guide with hundreds of pictures and diagrams.
Ollam writes in a clear-cut and systematic manner, describing all of the details needed. Nearly every page includes pictures and diagrams to illustrate the point. In 6 easily readable chapters, Ollam covers the core areas needed to gain a comprehensive understanding of the topic of lock picking. By the end of the book, you won't be a locksmith or even close. But for those that have locksmithing in their blood, or want to get greater insights, the book will be a great resource that will help them get there.
Chapter 1 starts the book on the fundamentals of pin tumbler and wafer locks; which are two of the most common types of locks in use. Ollam notes that while there are a multitude of lock designs on the market today produced by many different manufactures, the bulk of these locks are not in widespread use. With that, he notes that if the reader can understand the basics of just a few styles of locks, he is confident that the reader should be open top open with great east at least 75% of the locks they are likely to encounter, and even more as you become more skilled with them.
After the introduction, chapter 2 gets into the basics of lock picking and how to exploit weaknesses that most locks have. Many of these weaknesses are due to errors in the manufacturing process, which the book details. Information security guru has observed that "security is a tax on the honest majority". He writes that security often does not keep that bad guys out. Similarly, insecure physical locks will do little to keep the bad guys out, which Ollam so persuasively writes about.
In chapter 5, Ollam details what he terms quick-entry tricks, which is done via shimming, bumping and bypassing. Lock bumping has gotten a lot of media exposure in the last few years, but has been around for nearly 100 years. Specifically, it is a pin tumbler lock picking technique using a special bump key. Not that there is a universal bump key that can open all locks. Rather the bump key must correspond to the lock in question. Ollam shows that if one has such a key, many of these locks can quickly be compromised.
The book closes with an appendix that provides a list to the types of tools and toolkits necessary to pick locks.
After completing Practical Lock Picking, one should check out Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks, which is a great follow-on reference.
The main difference between the two is that the latter provides a lot of details on impressioning, which is a covert technique to create a usable key for a lock without picking the lock or taking it apart, in addition to some other types of more sophisticated attacks.
Chapter 2 of the book is on soft medium attacks and is particularly fascinating. Ollam writes of mold-and-cast attacks, which is a technique of opening a lock by covertly copying a legitimate key by making a cast of it in a soft material, then using it to imprint and fabricate a working key. Such a technique was used in real-life and detailed in the 1979 movie The First Great Train Robbery. Ollam writes how the movie was very true to the methods and technology available at that time, when the train robbery occurred in the 1850's.
The chapter walks the reader through the Quick-Key duplication kit method, in which most common key forms can be replicated with the kits molding and casting forms. The kit Ollam references is for the serious student of the craft, as it costs over $700- and can only be purchased from a firm in Germany.
Chapter 3 on master-keyed systems is particularly interesting as Ollam shows how a master key privilege escalation attack can often be easily done. Master-key systems make the logistics of granting access easier. But with that ease of use, comes the potential for abuse, as that single key will now have global access to the physical site.
Ollam writes that dedicated attackers who have the ability to spend a bit of time will often have the ability to compromise the code for the top master key (the one with the most access privileges) in nearly all master-keyed systems, even with only a small amount of preliminary information and a small number of blank keys.
In the same way that passwords often provide very little network security, Keys to the Kingdom shows that much of the security provided by physical locks is an illusion, given the ease at which these keys can be manipulated and copied.
Practical Lock Picking, Second Edition: A Physical Penetration Testers Training Guide is a great introduction to the topic of lock picking, while Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks takes that base knowledge and builds upon.
For those who perform physical penetration testing, these two books will prove to be invaluable. For those that simply want to understand what their locks are and aren't doing, they will find these to be a fascinating read.
Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.
You can purchase Practical Lock Picking, Second Edition: A Physical Penetration Testers Training Guide and Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
Book Reviews: Lockpicking Books From Deviant Ollam
benrothke writes "It is well known that the password, while the most widespread information security mechanism, is also one of the most insecure. It comes down to the fact that the average person can't create and maintain secure passwords. When it comes to physical locks, the average lock on your home and in your office is equally insecure. How insecure it in? In two fascinating books on the topic, Deviant Ollam writes in Practical Lock Picking, Second Edition: A Physical Penetration Testers Training Guide and Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks that it is really not that difficult. When it comes to information security penetration tests done on the client site, the testers will most often have permission to be inside the facility. On rare occasions, the testers need to find alternative means to gain entrance. Sometimes that means picking the locks." Keep reading to learn if you'll be picking locks soon. Practical Lock Picking, 2nd ed. / Keys to the Kingdom author Deviant Ollam pages 296 / 256 publisher Syngress rating 9/10 reviewer Ben Rothke ISBN 978-1597499897 / 978-1597499835 summary Two excellent books on the fundamentals of lockpicking All of the information in the books is long known to professional locksmiths. For those whose responsibilities include physical security, it is hoped that they are at least at the level of the locksmiths, and have designed their physical security plant accordingly.
Ollam is a member of The Open Organization Of Lockpickers (TOOOL), a group whose goal is to advance the general public knowledge about locks and lock picking. TOOL'S mantra is that the more that people know about lock technology, the better they are capable of understanding how and where certain weaknesses are present. This makes them well-equipped to participate in sport picking endeavors and also helps them simply be better consumers in the marketplace, making decisions based on sound fact and research. In these books, Ollam stays true to that mantra.
The two books have some overlap. Practical Lock Picking is meant as a beginners guide to lock picking, and is intended to be a hands-on guide with hundreds of pictures and diagrams.
Ollam writes in a clear-cut and systematic manner, describing all of the details needed. Nearly every page includes pictures and diagrams to illustrate the point. In 6 easily readable chapters, Ollam covers the core areas needed to gain a comprehensive understanding of the topic of lock picking. By the end of the book, you won't be a locksmith or even close. But for those that have locksmithing in their blood, or want to get greater insights, the book will be a great resource that will help them get there.
Chapter 1 starts the book on the fundamentals of pin tumbler and wafer locks; which are two of the most common types of locks in use. Ollam notes that while there are a multitude of lock designs on the market today produced by many different manufactures, the bulk of these locks are not in widespread use. With that, he notes that if the reader can understand the basics of just a few styles of locks, he is confident that the reader should be open top open with great east at least 75% of the locks they are likely to encounter, and even more as you become more skilled with them.
After the introduction, chapter 2 gets into the basics of lock picking and how to exploit weaknesses that most locks have. Many of these weaknesses are due to errors in the manufacturing process, which the book details. Information security guru has observed that "security is a tax on the honest majority". He writes that security often does not keep that bad guys out. Similarly, insecure physical locks will do little to keep the bad guys out, which Ollam so persuasively writes about.
In chapter 5, Ollam details what he terms quick-entry tricks, which is done via shimming, bumping and bypassing. Lock bumping has gotten a lot of media exposure in the last few years, but has been around for nearly 100 years. Specifically, it is a pin tumbler lock picking technique using a special bump key. Not that there is a universal bump key that can open all locks. Rather the bump key must correspond to the lock in question. Ollam shows that if one has such a key, many of these locks can quickly be compromised.
The book closes with an appendix that provides a list to the types of tools and toolkits necessary to pick locks.
After completing Practical Lock Picking, one should check out Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks, which is a great follow-on reference.
The main difference between the two is that the latter provides a lot of details on impressioning, which is a covert technique to create a usable key for a lock without picking the lock or taking it apart, in addition to some other types of more sophisticated attacks.
Chapter 2 of the book is on soft medium attacks and is particularly fascinating. Ollam writes of mold-and-cast attacks, which is a technique of opening a lock by covertly copying a legitimate key by making a cast of it in a soft material, then using it to imprint and fabricate a working key. Such a technique was used in real-life and detailed in the 1979 movie The First Great Train Robbery. Ollam writes how the movie was very true to the methods and technology available at that time, when the train robbery occurred in the 1850's.
The chapter walks the reader through the Quick-Key duplication kit method, in which most common key forms can be replicated with the kits molding and casting forms. The kit Ollam references is for the serious student of the craft, as it costs over $700- and can only be purchased from a firm in Germany.
Chapter 3 on master-keyed systems is particularly interesting as Ollam shows how a master key privilege escalation attack can often be easily done. Master-key systems make the logistics of granting access easier. But with that ease of use, comes the potential for abuse, as that single key will now have global access to the physical site.
Ollam writes that dedicated attackers who have the ability to spend a bit of time will often have the ability to compromise the code for the top master key (the one with the most access privileges) in nearly all master-keyed systems, even with only a small amount of preliminary information and a small number of blank keys.
In the same way that passwords often provide very little network security, Keys to the Kingdom shows that much of the security provided by physical locks is an illusion, given the ease at which these keys can be manipulated and copied.
Practical Lock Picking, Second Edition: A Physical Penetration Testers Training Guide is a great introduction to the topic of lock picking, while Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks takes that base knowledge and builds upon.
For those who perform physical penetration testing, these two books will prove to be invaluable. For those that simply want to understand what their locks are and aren't doing, they will find these to be a fascinating read.
Ben Rothke is the author of Computer Security: 20 Things Every Employee Should Know.
You can purchase Practical Lock Picking, Second Edition: A Physical Penetration Testers Training Guide and Keys to the Kingdom: Impressioning, Privilege Escalation, Bumping, and Other Key-Based Attacks Against Physical Locks from amazon.com. Slashdot welcomes readers' book reviews -- to see your own review here, read the book review guidelines, then visit the submission page. -
James Cameron Spills the Details From His Deep Dive
gbrumfiel writes "James Cameron has released the first batch of scientific results from his historic dive in March to bottom of the Mariana trench and an earlier series of test dives in the New Britain Trench. The Mariana Trench dive was the deepest by a human since 1960. Some of the most interesting results came from trips to the seafloor made by robotic vehicles built by Cameron's team. At the bottom of the trench, one of those robots found bizarre carpets of microbes coating rocks, that scientists say may have implications for the origins of life on Earth and other planets." -
Microsoft Surface Struggles to Ship A Million Units
zacharye writes "While some see potential in Microsoft's Surface tablet, most industry watchers appear to have written off the device at this point. Orders were reportedly cut in half following a slow launch, and Microsoft's debut slate has been hammered time and time again by reviewers and analysts. The latest to pile on is Boston-based brokerage firm Detwiler Fenton, which estimates that when all is said and done, Microsoft will have sold fewer than 1 million Surface tablets in the slate's debut quarter." Still better than 25,000. -
Microsoft Surface Struggles to Ship A Million Units
zacharye writes "While some see potential in Microsoft's Surface tablet, most industry watchers appear to have written off the device at this point. Orders were reportedly cut in half following a slow launch, and Microsoft's debut slate has been hammered time and time again by reviewers and analysts. The latest to pile on is Boston-based brokerage firm Detwiler Fenton, which estimates that when all is said and done, Microsoft will have sold fewer than 1 million Surface tablets in the slate's debut quarter." Still better than 25,000. -
Report Warns That Censorship Will Not Stop Terrorism
concealment writes "The report evaluates the challenge of curbing online radicalization from the perspective of supply and demand. It concludes that efforts to shut down websites that could serve as incubators for would-be terrorists — going after the supply — will ultimately be self-defeating, and that 'filtering of Internet content is impractical in a free and open society.' 'Approaches aimed at restricting freedom of speech and removing content from the Internet are not only the least desirable strategies, they are also the least effective,' writes Peter Neumann, founding director of the International Centre for the Study of Radicalisation at King's College London and the author of the report." -
Google's Schmidt: Patent Wars Harm Startups
Nerval's Lobster writes "Former Google CEO Eric Schmidt opened up to The Wall Street Journal in a Dec. 4 interview. Among the topics covered: the status of his company's ongoing patent war with Apple, as well as its attempts to make the Android mobile operating system more of a revenue giant. In Schmidt's mind, startups have the most to lose in the current patent wars: 'There's a young [Android co-founder] Andy Rubin trying to form a new version of Danger [the smartphone company Mr. Rubin co-founded before Android]. How is he or she going to be able to get the patent coverage necessary to offer version one of their product? That's the real consequence of this.'" -
Over 1000 Volunteers For 'Suicide' Mission To Mars
New submitter thAMESresearcher writes with a few updates on Mars One: "The Dutch company Mars One is organizing a one way mission to Mars 2023. In a press release that came out today, they say they have over a thousand applicants already. In the press release they also mention that they are now a not-for-profit Foundation. It sounds ambitious, but they have a Nobel prize winner, an astronaut, and several people from NASA on their board." The actual selection process starts early next year. -
Disney Switching To Netflix For Exclusive Film Distribution
An anonymous reader writes "When Disney films leave the theater and head for TV, they currently go through the Starz channel first. That's going to change in 2016. Disney has signed a deal to give Netflix the first crack at its animated and live-action films. Even if you're not a fan of either company, this is a bit of a big deal; Disney is ditching a traditional pay-TV service in favor of online streaming. (It also includes properties from the recent Lucasfilm deal.) The article wisely points out that pay-TV in general isn't in danger until the live sports situation changes, but this is a big step away from the status quo." -
Android Rules Smartphones, But Which Version?
Nerval's Lobster writes "Google Android's dominance of the smartphone space has been reinforced by a new IDC study that places its market-share at 68.3 percent, well ahead of iOS at 18.8 percent. But which version of Android is most preferred by users? A new set of graphs on the Android Developers Website offers the answer to that question: 'Gingerbread,' or Android versions 2.3 through 2.3.7, dominates with 50.8 percent of the Android pie. 'Ice Cream Sandwich,' or versions 4.0.3 through 4.0.4, is second with 27.5 percent, with the latest 'Jelly Bean' build at 6.7 percent. As demonstrated by that graph on the Android Developers Website, there are a lot of devices running a lot of different versions of Android out there in the ecosystem, all with different capabilities. In turn, that could make it difficult for Google to deliver 'the latest and greatest' to any customer that wants it, and potentially irritates those customers who buy a smartphone (particularly a high-end one) expecting regular upgrades." Here's how Slashdot readers using Android break down: 31.0% Jelly Bean, 31.5% Ice Cream Sandwich, 0.7% Honeycomb, 22.8% Gingerbread, 4.3% Froyo, 1.1% Eclair, 0.05% Donut, 0.02% Cupcake, 8.5% unknown. Looks like you folks are ahead of the curve. iOS breaks down like this: 67% iOS 6, 28.6% iOS 5, 3.2% iOS 4, 0.5% iOS 3, 0.7% unknown. (These numbers include more than just phones, of course.) Overall, our iOS traffic (8.74%) is higher than our Android traffic (6.75%). Windows Phone and BlackBerry both clock in at about 0.2%. -
The Rise of Feudal Computer Security
Hugh Pickens writes "In the old days, traditional computer security centered around users. However, Bruce Schneier writes that now some of us have pledged our allegiance to Google (using Gmail, Google Calendar, Google Docs, and Android phones) while others have pledged allegiance to Apple (using Macintosh laptops, iPhones, iPads; and letting iCloud automatically synchronize and back up everything) while others of us let Microsoft do it all. 'These vendors are becoming our feudal lords, and we are becoming their vassals. We might refuse to pledge allegiance to all of them — or to a particular one we don't like. Or we can spread our allegiance around. But either way, it's becoming increasingly difficult to not pledge allegiance to at least one of them.' Classical medieval feudalism depended on overlapping, complex, hierarchical relationships. Today we users must trust the security of these hardware manufacturers, software vendors, and cloud providers and we choose to do it because of the convenience, redundancy, automation, and shareability. 'In this new world of computing, we give up a certain amount of control, and in exchange we trust that our lords will both treat us well and protect us from harm (PDF). Not only will our software be continually updated with the newest and coolest functionality, but we trust it will happen without our being overtaxed by fees and required upgrades.' In this system, we have no control over the security provided by our feudal lords. Like everything else in security, it's a trade-off. We need to balance that trade-off. 'In Europe, it was the rise of the centralized state and the rule of law that undermined the ad hoc feudal system; it provided more security and stability for both lords and vassals. But these days, government has largely abdicated its role in cyberspace, and the result is a return to the feudal relationships of yore,' concludes Schneier, adding that perhaps it's time for government to create the regulatory environments that protect us vassals. 'Otherwise, we really are just serfs.'" An anonymous reader provides a contrary opinion:
"The proposed analogy is wrong. Rather than feudal lords being replaced by a semi-accountable, presumably representative government, asking the government to take over would be going back to the having just AT&T as the sole provider of telecommunications, with private ownership of phones prohibited. It would be a reversion from an open and competitive market (where those who fail to provide security can be abandoned freely, the exact opposite of a feudal situation where serfs were forbidden to leave their masters and breaking oaths of obedience would lead to hit series on HBO) to a single "provider" which cannot be abandoned or ignored.
Monopolies, in general, suck, and without an external force to shore them up, they tend to be short lived. I remember when Lotus and WordPerfect and dBase were "unassailable", and people were wondering if the government should force these companies to be more "competitive" somehow. Then it was Windows, and particularly Explorer, that was going to control the world because "no one could compete". Now it's Google and Apple. Either these companies actually provide the security they promise, or they lose business to someone who will. The fear of the "feudal lords" failing to offer the security they promise is a false one, because they have no actual hold if they fail to deliver the goods.
The role of government in this arena is making sure that companies are held accountable for broken promises, that they pay the costs for data loss and security breaches. ... The government should not be determining what security is acceptable, because governments and regulations cannot possibly keep up with ever-changing realities." -
The Rise of Feudal Computer Security
Hugh Pickens writes "In the old days, traditional computer security centered around users. However, Bruce Schneier writes that now some of us have pledged our allegiance to Google (using Gmail, Google Calendar, Google Docs, and Android phones) while others have pledged allegiance to Apple (using Macintosh laptops, iPhones, iPads; and letting iCloud automatically synchronize and back up everything) while others of us let Microsoft do it all. 'These vendors are becoming our feudal lords, and we are becoming their vassals. We might refuse to pledge allegiance to all of them — or to a particular one we don't like. Or we can spread our allegiance around. But either way, it's becoming increasingly difficult to not pledge allegiance to at least one of them.' Classical medieval feudalism depended on overlapping, complex, hierarchical relationships. Today we users must trust the security of these hardware manufacturers, software vendors, and cloud providers and we choose to do it because of the convenience, redundancy, automation, and shareability. 'In this new world of computing, we give up a certain amount of control, and in exchange we trust that our lords will both treat us well and protect us from harm (PDF). Not only will our software be continually updated with the newest and coolest functionality, but we trust it will happen without our being overtaxed by fees and required upgrades.' In this system, we have no control over the security provided by our feudal lords. Like everything else in security, it's a trade-off. We need to balance that trade-off. 'In Europe, it was the rise of the centralized state and the rule of law that undermined the ad hoc feudal system; it provided more security and stability for both lords and vassals. But these days, government has largely abdicated its role in cyberspace, and the result is a return to the feudal relationships of yore,' concludes Schneier, adding that perhaps it's time for government to create the regulatory environments that protect us vassals. 'Otherwise, we really are just serfs.'" An anonymous reader provides a contrary opinion:
"The proposed analogy is wrong. Rather than feudal lords being replaced by a semi-accountable, presumably representative government, asking the government to take over would be going back to the having just AT&T as the sole provider of telecommunications, with private ownership of phones prohibited. It would be a reversion from an open and competitive market (where those who fail to provide security can be abandoned freely, the exact opposite of a feudal situation where serfs were forbidden to leave their masters and breaking oaths of obedience would lead to hit series on HBO) to a single "provider" which cannot be abandoned or ignored.
Monopolies, in general, suck, and without an external force to shore them up, they tend to be short lived. I remember when Lotus and WordPerfect and dBase were "unassailable", and people were wondering if the government should force these companies to be more "competitive" somehow. Then it was Windows, and particularly Explorer, that was going to control the world because "no one could compete". Now it's Google and Apple. Either these companies actually provide the security they promise, or they lose business to someone who will. The fear of the "feudal lords" failing to offer the security they promise is a false one, because they have no actual hold if they fail to deliver the goods.
The role of government in this arena is making sure that companies are held accountable for broken promises, that they pay the costs for data loss and security breaches. ... The government should not be determining what security is acceptable, because governments and regulations cannot possibly keep up with ever-changing realities." -
Toward An FSF-Endorsable Embedded Processor
lkcl writes about his effort to go further than others have, and actually have a processor designed for Free Software manufactured: "A new processor is being put together — one that is FSF Endorseable, contains no proprietary hardware engines, yet an 800MHz 8-core version would, at 38 GFLOPS, be powerful enough on raw GFLOPS performance figures to take on the 3ghz AMD Phenom II x4 940, the 3GHz Intel i7 920 and other respectable mid-range 100 Watt CPUs. The difference is: power consumption in 40nm for an 8-core version would be under 3 watts. The core design has been proven in 65nm, and is based on a hybrid approach, with its general-purpose instruction set being designed from the ground up to help accelerate 3D Graphics and Video Encode and Decode, an 8-core 800mhz version would be capable of 1080p30 H.264 decode, and have peak 3D rates of 320 million triangles/sec and a peak fill rate of 1600 million pixels/sec. The unusual step in the processor world is being taken to solicit input from the Free Software Community at large before going ahead with putting the chip together. So have at it: if given carte blanche, what interfaces and what features would you like an FSF-Endorseable mass-volume processor to have? (Please don't say 'DRM' or 'built-in spyware')." There's some discussion on arm-netbook. This is the guy behind the first EOMA-68 card (currently nearing production). As a heads ups, we'll be interviewing him in a live style similarly to Woz (although intentionally this time) next Tuesday. -
Wiki Weapon Project Test-Fires a (Partly) 3D-Printed Rifle
MrSeb writes "In its continuing mission to build a 'Wiki Weapon,' Defense Distributed has 3D printed the lower receiver of an AR-15 and tested it to failure. The printed part only survives the firing of six shots, but for a first attempt that's quite impressive. And hey, it's a plastic gun. Slashdot first covered 3D-printed guns back in July. The Defense Distributed group sprung up soon after, with the purpose of creating an open-source gun — a Wiki Weapon — that can be downloaded from the internet and printed out. The Defense Distributed manifesto mainly quotes a bunch of historical figures who supported the right to bear arms. DefDist (its nickname) is seeking a gun manufacturing license from the ATF, but so far the feds haven't responded. Unperturbed, DefDist started down the road by renting an advanced 3D printing machine from Stratasys — but when the company found out what its machine was being used for, it was repossessed. DefDist has now obtained a 3D printer from Objet, which seemingly has a more libertarian mindset. The group then downloaded HaveBlue's original AR-15 lower receiver from Thingiverse, printed it out on the Objet printer using ABS-like Digital Material, screwed it into an AR-57 upper receiver, loaded up some FN 5.7x28mm ammo, and headed to the range. The DefDist team will now make various modifications to HaveBlue's design, such as making it more rugged and improving the trigger guard, and then upload the new design to Thingiverse." Sensible ammo choice; 5.7x28mm produces less recoil than the AR-15's conventional 5.56mm. I wonder how many of the upper's components, too, can one day be readily replaced with home-printable parts — for AR-15 style rifles, the upper assembly is where the gun's barrel lives, while the lower assembly (the part printed and tested here) is the legally controlled part of the firearm. -
Wiki Weapon Project Test-Fires a (Partly) 3D-Printed Rifle
MrSeb writes "In its continuing mission to build a 'Wiki Weapon,' Defense Distributed has 3D printed the lower receiver of an AR-15 and tested it to failure. The printed part only survives the firing of six shots, but for a first attempt that's quite impressive. And hey, it's a plastic gun. Slashdot first covered 3D-printed guns back in July. The Defense Distributed group sprung up soon after, with the purpose of creating an open-source gun — a Wiki Weapon — that can be downloaded from the internet and printed out. The Defense Distributed manifesto mainly quotes a bunch of historical figures who supported the right to bear arms. DefDist (its nickname) is seeking a gun manufacturing license from the ATF, but so far the feds haven't responded. Unperturbed, DefDist started down the road by renting an advanced 3D printing machine from Stratasys — but when the company found out what its machine was being used for, it was repossessed. DefDist has now obtained a 3D printer from Objet, which seemingly has a more libertarian mindset. The group then downloaded HaveBlue's original AR-15 lower receiver from Thingiverse, printed it out on the Objet printer using ABS-like Digital Material, screwed it into an AR-57 upper receiver, loaded up some FN 5.7x28mm ammo, and headed to the range. The DefDist team will now make various modifications to HaveBlue's design, such as making it more rugged and improving the trigger guard, and then upload the new design to Thingiverse." Sensible ammo choice; 5.7x28mm produces less recoil than the AR-15's conventional 5.56mm. I wonder how many of the upper's components, too, can one day be readily replaced with home-printable parts — for AR-15 style rifles, the upper assembly is where the gun's barrel lives, while the lower assembly (the part printed and tested here) is the legally controlled part of the firearm. -
Wiki Weapon Project Test-Fires a (Partly) 3D-Printed Rifle
MrSeb writes "In its continuing mission to build a 'Wiki Weapon,' Defense Distributed has 3D printed the lower receiver of an AR-15 and tested it to failure. The printed part only survives the firing of six shots, but for a first attempt that's quite impressive. And hey, it's a plastic gun. Slashdot first covered 3D-printed guns back in July. The Defense Distributed group sprung up soon after, with the purpose of creating an open-source gun — a Wiki Weapon — that can be downloaded from the internet and printed out. The Defense Distributed manifesto mainly quotes a bunch of historical figures who supported the right to bear arms. DefDist (its nickname) is seeking a gun manufacturing license from the ATF, but so far the feds haven't responded. Unperturbed, DefDist started down the road by renting an advanced 3D printing machine from Stratasys — but when the company found out what its machine was being used for, it was repossessed. DefDist has now obtained a 3D printer from Objet, which seemingly has a more libertarian mindset. The group then downloaded HaveBlue's original AR-15 lower receiver from Thingiverse, printed it out on the Objet printer using ABS-like Digital Material, screwed it into an AR-57 upper receiver, loaded up some FN 5.7x28mm ammo, and headed to the range. The DefDist team will now make various modifications to HaveBlue's design, such as making it more rugged and improving the trigger guard, and then upload the new design to Thingiverse." Sensible ammo choice; 5.7x28mm produces less recoil than the AR-15's conventional 5.56mm. I wonder how many of the upper's components, too, can one day be readily replaced with home-printable parts — for AR-15 style rifles, the upper assembly is where the gun's barrel lives, while the lower assembly (the part printed and tested here) is the legally controlled part of the firearm. -
Facebook Users Voting On Privacy, Instagram, Other Issues
Nerval's Lobster writes "Facebook is letting users vote on changes to its Data Use Policy and Statement of Rights and Responsibilities (Facebook users can vote via this link). The company will also host a live Webcast to answer questions at 9:30 AM PST. One section of Facebook's revamped policies insists that the network can share information with its family of companies. This apparently applies to Instagram, the photo-sharing service acquired by Facebook earlier this year. Under the terms of the provision, Facebook can store 'Instagram's server logs and administrative records in a way that is more efficient than maintaining totally separate storage systems.' Facebook is also clarifying its language surrounding affiliates, as well. As long as Facebook continues to exist in its current form, these debates over its privacy rules will almost certainly continue to crop up on a semi-regular basis. The challenge for Facebook executives is how to best maintain that delicate dance between their need for revenue, advertising firms' desire for effective marketing campaigns, and users' rights to privacy. They run a corporation — but at moments, it also starts to resemble a messy democracy." -
News Corp's The Daily iPad App Shutting Down On December 15
An anonymous reader writes with news that, as predicted, the iPad only newspaper The Daily failed. From the article: "The goal of The Daily was to provide a modern spin on the news cycle by delivering world news draped in a multimedia experience. In other words, The Daily devoted a lot of resources towards adding photos, video, and touch controls to news stories that would otherwise be static. ... It was announced today that The Daily will be closing up shop on December 15 after failing to rake in the dough." -
Vega Older Than Thought: Mature Enough To Nurture Life
sciencehabit writes about new estimates of Vega's age giving hope that any planets it might have are old enough to harbor life. From the article: "Shining just 25 light-years from Earth in the constellation Lyra, Vega is the fifth brightest star in the night sky. In 1983, astronomers discovered dust orbiting the star, suggesting it had a solar system, and Carl Sagan chose to make Vega the source of a SETI signal in his 1985 novel Contact. At the time, Vega was thought to be only about a couple hundred million years old, probably too young for any planets to have spawned life. Since then, however, estimates of Vega's age have increased to between 625 million and 850 million years old. So suitable planets have probably had sufficient time to develop primitive life." With improvements in telescopes allowing detection of the rough atmospheric composition of exoplanets on the way, this could be pretty exciting. -
Even Capped Prediction Markets Can Be Manipulated
Slashdot regular contributor Bennett Haselton writes "My last article on prediction markets contained an erroneous assumption, one whose implications are far-reaching enough that they deserve their own article. (And if you read to the end, I'm offering $100 to be split between the readers who submit the best alternative solution or the best counter-argument to the points made here.)" Read below for the rest of Bennett's thoughts.In my last article, I wrote:
There could be rules and safeguards to prevent abuses of the system (rules that could be imposed by U.S. law, even if they're not enforced by overseas betting markets), such as not allowing individuals to bet more than $500. (This is already enforced by the Iowa Electronic Markets.) That's small enough to stop individual bettors from trying to manipulate the market through enormous wagers (although they might find ways to do that anyway). It's also small enough that it wouldn't be worth it for any one individual to try and influence a political outcome just to win a bet. You could try to enlist your friends to help you place a collective $10,000 bet on a single outcome, but the more people you rope into your coalition, the greater the chances of someone (a) turning you in for violating the betting laws, or (b) taking the $500 you lent them, and then refusing to pay it back if they win their portion of the wager.
There's an error here, but one subtle enough that even all the commenters (with no shortage of the usual snark) missed it. To begin with, consider what happens if two different betting markets are taking bets at different odds for the same event.
Suppose CappedEx, a futures exchange that limits each user to betting $500, is publishing 4:1 odds of an Obama victory. If you bet $40 that Obama will win and he wins, you get paid $10 (from other users on the exchange), but if he loses, you pay out $40. Meanwhile FreedomEx, an exchange that has no betting limit for any user, is publishing 6:1 odds for Obama winning. Bet $60 on Obama, and you get $10 if he wins, but pay $60 if he loses. On both markets, of course you can bet in the other direction as well.
What do you conclude from this? That the un-capped FreedomEx probably has more accurate odds, and that as James Surowiecki (author of The Wisdom of Crowds) said, betting limits "make [the markets] less accurate" and "real money is what makes it work"? Or that CappedEx, with its safeguards against manipulation, is more reliable, and FreedomEx is being manipulated by someone trying to change the reported odds of their favored candidate winning? Or that there is simply some random fluctuation in the odds as reported by various markets, so they'll naturally diverge at times?
The correct answer is: you should stop wasting time "concluding" things, and get online as soon as possible and make bets in both markets, because if they're allowing bets to be placed at different odds, you can guarantee yourself a profit.
Make a $50 bet in CappedEx on Obama to win (4:1 odds), and a $10 bet in FreedomEx on Romney to win (1:6 odds). If Obama wins, you win $12.50 in the CappedEx market and lose your $10 in FreedomEx, for a $2.50 profit. If Romney wins, you lose $50 in the CappedEx market but win $60 in FreedomEx, for a $10 profit. With a little algebra, you can show that any time the two markets allow you to place bets at different odds ratios, you can make a guaranteed profit by picking a ratio somewhere in the middle (in this case, the two ratios were 1:4 and 1:6, so we picked 1:5) and making separate bets in the two markets in opposite directions, for amounts in that ratio. (A commenter on the Marginal Revolution blog describes exactly how he made an almost risk-free profit through this kind of "pure arbitrage play". He said it was "almost" risk free because of other factors like currency conversion fluctuations.)
Now, any time a good is trading for a lower price in market A than it is in market B, and the costs of shifting the good between the two markets is negligible, traders will start to buy the good in market A and re-sell it for a profit in market B (the traditional definition of "arbitrage"). This increases demand in market A (driving the price up) and increases supply in market B (driving the price down) until the price difference disappears. In the same way, any time two prediction markets have different "market odds" for the same event, as arbitrage players lock in guaranteed profits by placing opposite bets in the two markets, the market odds in the two markets will converge toward each other until the gap is negligible. This is true even if one of the markets has a cap on what people can invest or how much they can stake on any particular outcome.
For Intrade, there couldn't be a worse time for someone to be pointing this out, but it seems logically inescapable: As long as there is a prediction market anywhere in the world that allows unlimited wagering on a particular outcome, all other prediction markets (whether they are capped or not) can be manipulated indirectly, by playing a large wager in the non-capped market. I was wrong to say that you would have to "enlist your friends" to place bets in the capped market, building a large coalition of market-manipulators (and hoping that none of them would rat you out for using them to circumvent wager-limiting rules). By placing a large wager in the non-capped market, and shifting the market odds there so that they're different from the odds in the capped market, you can indirectly "enlist" all the users in the capped market, to place arbitrage bets and make a guaranteed profit. When this happens, the odds in both the capped market and the non-capped market will shift, as the gap between them narrows -- which means you have manipulated the market odds in the capped market, without ever going near it yourself.
In this case, why have caps on the amounts wagered in prediction markets at all? (The Iowa Electronic Markets have a maximum investment balance of $500, and a 2008 paper, "The Promise of Prediction Markets, authored by several prominent economists, advocated the creation of prediction markets with a maximum investment of $2,000.) Presumably the cap is not to prevent unlucky investors from losing their life's savings, since the law already allows multiple ways to do that, by betting on volatile stocks in the stock market. And it won't stop market manipulation, if the capped market can still be manipulated by using another non-capped market as a proxy. Robin Hanson, Professor of Economics at George Mason University and one of the co-authors of the 2008 paper, candidly told me that the cap was just a matter of selling the idea: "As a practical matter, many people's comfort with such markets increases when there is a cap, so they are more likely to accept the proposal with a cap. So it makes one seem more reasonable to propose a cap, if one can get most of the benefits one wanted from such a system that has a cap, relative to one without it."
So is there a solution to the manipulation problem? Actually, is it even a problem? Robin Hansen and Ryan Oprea wrote another paper arguing that manipulators can improve prediction markets, by subsidizing the existing players in the markets and rewarding them for paying attention. (If a "manipulative" bet causes a sudden shift in the reported odds, opportunistic investors can place bets essentially wagering that the odds will return back to their previous level.) Economist Alex Tabarrok makes the same point here. This opportunism also means that the market shift caused by a manipulative bet usually corrects itself within a few minutes.
Presumably, if more people start to take prediction markets seriously, the incentives to manipulate them would increase. As Tabarrok adds, "prediction markets have truly arrived when people think they are worth manipulating". At the same time though, as more people start to take prediction markets seriously, presumably they'll attract more actual users, and since the amount of money required to shift the market is proportional to the amount already invested by everyone else, this means it will require larger amounts of money to shift the market odds to the same degree.
So these economists all seem to think that prediction market manipulation is a good thing, and that the prediction markets themselves are an even better good thing even when they can be manipulated, but now I'm not so sure. If people do think that market odds are worth manipulating, presumably the point is to create a self-fulfilling prophecy: People think that Romney's chances have gone up, so they become more incentivized to support him and vote for him, and soon his chances actually have gone up (although possibly not to the full extent of the boost in the manipulated market odds, so the manipulator may still lose money). If you can boost Romney's market odds even for a few minutes just by spending a few tens of thousands of dollars, how much would it cost to sustain the higher odds for several hours -- and what if those hours were at a crucial time in the election or in the news reporting cycle?
What if, contrary to my last assumption, people start to take prediction markets seriously enough to be influenced by them, but the prediction markets don't see a proportionate influx of actual investors and money -- so the cost of manipulating them remains about the same? IF prediction markets gain more influence in people's actual voting decisions, BUT those markets don't see an influx of new users, AND an election is close enough that the market odds could make a difference depending on when they're reported, AND someone spends enough to sustain the manipulated odds during crucial periods during the election... Well, that's a lot of assumptions you have to grant, but individually they're quite plausible -- and if all of them hold true, you could change the outcome of a presidential election for just a few million dollars spent on the prediction markets.
And in fact, if you successfully swung the election, you'd actually win all the wagers you had just placed -- which means that now rich manipulators can throw their election to their preferred candidate, and make a bundle. It also means that all those opportunists who usually act to "correct" the market odds deviations, by taking your free money when you start placing manipulative bets, could realize that your bets might actually change the outcome, and would decline to take your money -- which in turn means it would be even cheaper for manipulators to change the outcome, creating a self-reinforcing cycle. If smart bettors see that once a behemoth starts the market moving, the behemoth will probably win, they'll just get out of its way and clear an easier path.
The same kind of trick wouldn't normally work on the stock market -- if you're wealthy enough that you can increase the share price of a stock by buying enough of it to shift the market, then when you try to reap your profits by unloading the stock, the price will drift back down as you're selling it off. (Or if your purchases do manage to create a self-fulfilling prophecy -- your infusion of cash into the company enables them to realize their plans and become a genuine success -- well, then you're just a successful angel investor, more power to you.) But a presidential election prediction market would be analogous to a stock where if you can keep the price artificially inflated for several crucial hours on November 6th, 2012, then the price becomes permanently locked in at that point and you can sell it off for a profit, regardless of the value of the underlying company.
So, according to my own reasoning, this idea that I was so gung-ho about a few days ago, could not only be used to create a type of financial instrument that rewards manipulation more perversely than anything we've ever seen, but could also let a Saudi prince pick the next leader of the free world on a bet.
I'm not sure if there's a solution. I'm not a libertarian so I was never in favor of prediction markets as a matter of "personal liberty"; I was in favor of them because they're useful insofar as they can harness the wisdom of crowds to convey important information. But if they can be manipulated to influence real-world events, is it worth it?
In keeping with the theory that money does motivate people to think harder about such things, I'm once again offering $100 to be split between the readers who email me the best-argued solutions to this problem -- or the best counter-argument to any point I've made here. Put "prediction markets" in the subject line. If your submission wins a portion of the award, you can either claim the money for yourself, or to be donated to a preferred charity in your name. (I reserve the right to pay out less than the allotted $100 if there aren't enough worthy submissions, but that didn't happen last time.) Any sufficiently valuable comments are eligible even if they're not strictly counter-arguments or suggested alternatives, and I'll post a follow-up article summarizing what people send in. You can't make as much off of me, as you could have made by taking some market manipulator's intentionally losing bet on Intrade that Romney was going to win the election, but at least it's legal.
-
Even Capped Prediction Markets Can Be Manipulated
Slashdot regular contributor Bennett Haselton writes "My last article on prediction markets contained an erroneous assumption, one whose implications are far-reaching enough that they deserve their own article. (And if you read to the end, I'm offering $100 to be split between the readers who submit the best alternative solution or the best counter-argument to the points made here.)" Read below for the rest of Bennett's thoughts.In my last article, I wrote:
There could be rules and safeguards to prevent abuses of the system (rules that could be imposed by U.S. law, even if they're not enforced by overseas betting markets), such as not allowing individuals to bet more than $500. (This is already enforced by the Iowa Electronic Markets.) That's small enough to stop individual bettors from trying to manipulate the market through enormous wagers (although they might find ways to do that anyway). It's also small enough that it wouldn't be worth it for any one individual to try and influence a political outcome just to win a bet. You could try to enlist your friends to help you place a collective $10,000 bet on a single outcome, but the more people you rope into your coalition, the greater the chances of someone (a) turning you in for violating the betting laws, or (b) taking the $500 you lent them, and then refusing to pay it back if they win their portion of the wager.
There's an error here, but one subtle enough that even all the commenters (with no shortage of the usual snark) missed it. To begin with, consider what happens if two different betting markets are taking bets at different odds for the same event.
Suppose CappedEx, a futures exchange that limits each user to betting $500, is publishing 4:1 odds of an Obama victory. If you bet $40 that Obama will win and he wins, you get paid $10 (from other users on the exchange), but if he loses, you pay out $40. Meanwhile FreedomEx, an exchange that has no betting limit for any user, is publishing 6:1 odds for Obama winning. Bet $60 on Obama, and you get $10 if he wins, but pay $60 if he loses. On both markets, of course you can bet in the other direction as well.
What do you conclude from this? That the un-capped FreedomEx probably has more accurate odds, and that as James Surowiecki (author of The Wisdom of Crowds) said, betting limits "make [the markets] less accurate" and "real money is what makes it work"? Or that CappedEx, with its safeguards against manipulation, is more reliable, and FreedomEx is being manipulated by someone trying to change the reported odds of their favored candidate winning? Or that there is simply some random fluctuation in the odds as reported by various markets, so they'll naturally diverge at times?
The correct answer is: you should stop wasting time "concluding" things, and get online as soon as possible and make bets in both markets, because if they're allowing bets to be placed at different odds, you can guarantee yourself a profit.
Make a $50 bet in CappedEx on Obama to win (4:1 odds), and a $10 bet in FreedomEx on Romney to win (1:6 odds). If Obama wins, you win $12.50 in the CappedEx market and lose your $10 in FreedomEx, for a $2.50 profit. If Romney wins, you lose $50 in the CappedEx market but win $60 in FreedomEx, for a $10 profit. With a little algebra, you can show that any time the two markets allow you to place bets at different odds ratios, you can make a guaranteed profit by picking a ratio somewhere in the middle (in this case, the two ratios were 1:4 and 1:6, so we picked 1:5) and making separate bets in the two markets in opposite directions, for amounts in that ratio. (A commenter on the Marginal Revolution blog describes exactly how he made an almost risk-free profit through this kind of "pure arbitrage play". He said it was "almost" risk free because of other factors like currency conversion fluctuations.)
Now, any time a good is trading for a lower price in market A than it is in market B, and the costs of shifting the good between the two markets is negligible, traders will start to buy the good in market A and re-sell it for a profit in market B (the traditional definition of "arbitrage"). This increases demand in market A (driving the price up) and increases supply in market B (driving the price down) until the price difference disappears. In the same way, any time two prediction markets have different "market odds" for the same event, as arbitrage players lock in guaranteed profits by placing opposite bets in the two markets, the market odds in the two markets will converge toward each other until the gap is negligible. This is true even if one of the markets has a cap on what people can invest or how much they can stake on any particular outcome.
For Intrade, there couldn't be a worse time for someone to be pointing this out, but it seems logically inescapable: As long as there is a prediction market anywhere in the world that allows unlimited wagering on a particular outcome, all other prediction markets (whether they are capped or not) can be manipulated indirectly, by playing a large wager in the non-capped market. I was wrong to say that you would have to "enlist your friends" to place bets in the capped market, building a large coalition of market-manipulators (and hoping that none of them would rat you out for using them to circumvent wager-limiting rules). By placing a large wager in the non-capped market, and shifting the market odds there so that they're different from the odds in the capped market, you can indirectly "enlist" all the users in the capped market, to place arbitrage bets and make a guaranteed profit. When this happens, the odds in both the capped market and the non-capped market will shift, as the gap between them narrows -- which means you have manipulated the market odds in the capped market, without ever going near it yourself.
In this case, why have caps on the amounts wagered in prediction markets at all? (The Iowa Electronic Markets have a maximum investment balance of $500, and a 2008 paper, "The Promise of Prediction Markets, authored by several prominent economists, advocated the creation of prediction markets with a maximum investment of $2,000.) Presumably the cap is not to prevent unlucky investors from losing their life's savings, since the law already allows multiple ways to do that, by betting on volatile stocks in the stock market. And it won't stop market manipulation, if the capped market can still be manipulated by using another non-capped market as a proxy. Robin Hanson, Professor of Economics at George Mason University and one of the co-authors of the 2008 paper, candidly told me that the cap was just a matter of selling the idea: "As a practical matter, many people's comfort with such markets increases when there is a cap, so they are more likely to accept the proposal with a cap. So it makes one seem more reasonable to propose a cap, if one can get most of the benefits one wanted from such a system that has a cap, relative to one without it."
So is there a solution to the manipulation problem? Actually, is it even a problem? Robin Hansen and Ryan Oprea wrote another paper arguing that manipulators can improve prediction markets, by subsidizing the existing players in the markets and rewarding them for paying attention. (If a "manipulative" bet causes a sudden shift in the reported odds, opportunistic investors can place bets essentially wagering that the odds will return back to their previous level.) Economist Alex Tabarrok makes the same point here. This opportunism also means that the market shift caused by a manipulative bet usually corrects itself within a few minutes.
Presumably, if more people start to take prediction markets seriously, the incentives to manipulate them would increase. As Tabarrok adds, "prediction markets have truly arrived when people think they are worth manipulating". At the same time though, as more people start to take prediction markets seriously, presumably they'll attract more actual users, and since the amount of money required to shift the market is proportional to the amount already invested by everyone else, this means it will require larger amounts of money to shift the market odds to the same degree.
So these economists all seem to think that prediction market manipulation is a good thing, and that the prediction markets themselves are an even better good thing even when they can be manipulated, but now I'm not so sure. If people do think that market odds are worth manipulating, presumably the point is to create a self-fulfilling prophecy: People think that Romney's chances have gone up, so they become more incentivized to support him and vote for him, and soon his chances actually have gone up (although possibly not to the full extent of the boost in the manipulated market odds, so the manipulator may still lose money). If you can boost Romney's market odds even for a few minutes just by spending a few tens of thousands of dollars, how much would it cost to sustain the higher odds for several hours -- and what if those hours were at a crucial time in the election or in the news reporting cycle?
What if, contrary to my last assumption, people start to take prediction markets seriously enough to be influenced by them, but the prediction markets don't see a proportionate influx of actual investors and money -- so the cost of manipulating them remains about the same? IF prediction markets gain more influence in people's actual voting decisions, BUT those markets don't see an influx of new users, AND an election is close enough that the market odds could make a difference depending on when they're reported, AND someone spends enough to sustain the manipulated odds during crucial periods during the election... Well, that's a lot of assumptions you have to grant, but individually they're quite plausible -- and if all of them hold true, you could change the outcome of a presidential election for just a few million dollars spent on the prediction markets.
And in fact, if you successfully swung the election, you'd actually win all the wagers you had just placed -- which means that now rich manipulators can throw their election to their preferred candidate, and make a bundle. It also means that all those opportunists who usually act to "correct" the market odds deviations, by taking your free money when you start placing manipulative bets, could realize that your bets might actually change the outcome, and would decline to take your money -- which in turn means it would be even cheaper for manipulators to change the outcome, creating a self-reinforcing cycle. If smart bettors see that once a behemoth starts the market moving, the behemoth will probably win, they'll just get out of its way and clear an easier path.
The same kind of trick wouldn't normally work on the stock market -- if you're wealthy enough that you can increase the share price of a stock by buying enough of it to shift the market, then when you try to reap your profits by unloading the stock, the price will drift back down as you're selling it off. (Or if your purchases do manage to create a self-fulfilling prophecy -- your infusion of cash into the company enables them to realize their plans and become a genuine success -- well, then you're just a successful angel investor, more power to you.) But a presidential election prediction market would be analogous to a stock where if you can keep the price artificially inflated for several crucial hours on November 6th, 2012, then the price becomes permanently locked in at that point and you can sell it off for a profit, regardless of the value of the underlying company.
So, according to my own reasoning, this idea that I was so gung-ho about a few days ago, could not only be used to create a type of financial instrument that rewards manipulation more perversely than anything we've ever seen, but could also let a Saudi prince pick the next leader of the free world on a bet.
I'm not sure if there's a solution. I'm not a libertarian so I was never in favor of prediction markets as a matter of "personal liberty"; I was in favor of them because they're useful insofar as they can harness the wisdom of crowds to convey important information. But if they can be manipulated to influence real-world events, is it worth it?
In keeping with the theory that money does motivate people to think harder about such things, I'm once again offering $100 to be split between the readers who email me the best-argued solutions to this problem -- or the best counter-argument to any point I've made here. Put "prediction markets" in the subject line. If your submission wins a portion of the award, you can either claim the money for yourself, or to be donated to a preferred charity in your name. (I reserve the right to pay out less than the allotted $100 if there aren't enough worthy submissions, but that didn't happen last time.) Any sufficiently valuable comments are eligible even if they're not strictly counter-arguments or suggested alternatives, and I'll post a follow-up article summarizing what people send in. You can't make as much off of me, as you could have made by taking some market manipulator's intentionally losing bet on Intrade that Romney was going to win the election, but at least it's legal.
-
Even Capped Prediction Markets Can Be Manipulated
Slashdot regular contributor Bennett Haselton writes "My last article on prediction markets contained an erroneous assumption, one whose implications are far-reaching enough that they deserve their own article. (And if you read to the end, I'm offering $100 to be split between the readers who submit the best alternative solution or the best counter-argument to the points made here.)" Read below for the rest of Bennett's thoughts.In my last article, I wrote:
There could be rules and safeguards to prevent abuses of the system (rules that could be imposed by U.S. law, even if they're not enforced by overseas betting markets), such as not allowing individuals to bet more than $500. (This is already enforced by the Iowa Electronic Markets.) That's small enough to stop individual bettors from trying to manipulate the market through enormous wagers (although they might find ways to do that anyway). It's also small enough that it wouldn't be worth it for any one individual to try and influence a political outcome just to win a bet. You could try to enlist your friends to help you place a collective $10,000 bet on a single outcome, but the more people you rope into your coalition, the greater the chances of someone (a) turning you in for violating the betting laws, or (b) taking the $500 you lent them, and then refusing to pay it back if they win their portion of the wager.
There's an error here, but one subtle enough that even all the commenters (with no shortage of the usual snark) missed it. To begin with, consider what happens if two different betting markets are taking bets at different odds for the same event.
Suppose CappedEx, a futures exchange that limits each user to betting $500, is publishing 4:1 odds of an Obama victory. If you bet $40 that Obama will win and he wins, you get paid $10 (from other users on the exchange), but if he loses, you pay out $40. Meanwhile FreedomEx, an exchange that has no betting limit for any user, is publishing 6:1 odds for Obama winning. Bet $60 on Obama, and you get $10 if he wins, but pay $60 if he loses. On both markets, of course you can bet in the other direction as well.
What do you conclude from this? That the un-capped FreedomEx probably has more accurate odds, and that as James Surowiecki (author of The Wisdom of Crowds) said, betting limits "make [the markets] less accurate" and "real money is what makes it work"? Or that CappedEx, with its safeguards against manipulation, is more reliable, and FreedomEx is being manipulated by someone trying to change the reported odds of their favored candidate winning? Or that there is simply some random fluctuation in the odds as reported by various markets, so they'll naturally diverge at times?
The correct answer is: you should stop wasting time "concluding" things, and get online as soon as possible and make bets in both markets, because if they're allowing bets to be placed at different odds, you can guarantee yourself a profit.
Make a $50 bet in CappedEx on Obama to win (4:1 odds), and a $10 bet in FreedomEx on Romney to win (1:6 odds). If Obama wins, you win $12.50 in the CappedEx market and lose your $10 in FreedomEx, for a $2.50 profit. If Romney wins, you lose $50 in the CappedEx market but win $60 in FreedomEx, for a $10 profit. With a little algebra, you can show that any time the two markets allow you to place bets at different odds ratios, you can make a guaranteed profit by picking a ratio somewhere in the middle (in this case, the two ratios were 1:4 and 1:6, so we picked 1:5) and making separate bets in the two markets in opposite directions, for amounts in that ratio. (A commenter on the Marginal Revolution blog describes exactly how he made an almost risk-free profit through this kind of "pure arbitrage play". He said it was "almost" risk free because of other factors like currency conversion fluctuations.)
Now, any time a good is trading for a lower price in market A than it is in market B, and the costs of shifting the good between the two markets is negligible, traders will start to buy the good in market A and re-sell it for a profit in market B (the traditional definition of "arbitrage"). This increases demand in market A (driving the price up) and increases supply in market B (driving the price down) until the price difference disappears. In the same way, any time two prediction markets have different "market odds" for the same event, as arbitrage players lock in guaranteed profits by placing opposite bets in the two markets, the market odds in the two markets will converge toward each other until the gap is negligible. This is true even if one of the markets has a cap on what people can invest or how much they can stake on any particular outcome.
For Intrade, there couldn't be a worse time for someone to be pointing this out, but it seems logically inescapable: As long as there is a prediction market anywhere in the world that allows unlimited wagering on a particular outcome, all other prediction markets (whether they are capped or not) can be manipulated indirectly, by playing a large wager in the non-capped market. I was wrong to say that you would have to "enlist your friends" to place bets in the capped market, building a large coalition of market-manipulators (and hoping that none of them would rat you out for using them to circumvent wager-limiting rules). By placing a large wager in the non-capped market, and shifting the market odds there so that they're different from the odds in the capped market, you can indirectly "enlist" all the users in the capped market, to place arbitrage bets and make a guaranteed profit. When this happens, the odds in both the capped market and the non-capped market will shift, as the gap between them narrows -- which means you have manipulated the market odds in the capped market, without ever going near it yourself.
In this case, why have caps on the amounts wagered in prediction markets at all? (The Iowa Electronic Markets have a maximum investment balance of $500, and a 2008 paper, "The Promise of Prediction Markets, authored by several prominent economists, advocated the creation of prediction markets with a maximum investment of $2,000.) Presumably the cap is not to prevent unlucky investors from losing their life's savings, since the law already allows multiple ways to do that, by betting on volatile stocks in the stock market. And it won't stop market manipulation, if the capped market can still be manipulated by using another non-capped market as a proxy. Robin Hanson, Professor of Economics at George Mason University and one of the co-authors of the 2008 paper, candidly told me that the cap was just a matter of selling the idea: "As a practical matter, many people's comfort with such markets increases when there is a cap, so they are more likely to accept the proposal with a cap. So it makes one seem more reasonable to propose a cap, if one can get most of the benefits one wanted from such a system that has a cap, relative to one without it."
So is there a solution to the manipulation problem? Actually, is it even a problem? Robin Hansen and Ryan Oprea wrote another paper arguing that manipulators can improve prediction markets, by subsidizing the existing players in the markets and rewarding them for paying attention. (If a "manipulative" bet causes a sudden shift in the reported odds, opportunistic investors can place bets essentially wagering that the odds will return back to their previous level.) Economist Alex Tabarrok makes the same point here. This opportunism also means that the market shift caused by a manipulative bet usually corrects itself within a few minutes.
Presumably, if more people start to take prediction markets seriously, the incentives to manipulate them would increase. As Tabarrok adds, "prediction markets have truly arrived when people think they are worth manipulating". At the same time though, as more people start to take prediction markets seriously, presumably they'll attract more actual users, and since the amount of money required to shift the market is proportional to the amount already invested by everyone else, this means it will require larger amounts of money to shift the market odds to the same degree.
So these economists all seem to think that prediction market manipulation is a good thing, and that the prediction markets themselves are an even better good thing even when they can be manipulated, but now I'm not so sure. If people do think that market odds are worth manipulating, presumably the point is to create a self-fulfilling prophecy: People think that Romney's chances have gone up, so they become more incentivized to support him and vote for him, and soon his chances actually have gone up (although possibly not to the full extent of the boost in the manipulated market odds, so the manipulator may still lose money). If you can boost Romney's market odds even for a few minutes just by spending a few tens of thousands of dollars, how much would it cost to sustain the higher odds for several hours -- and what if those hours were at a crucial time in the election or in the news reporting cycle?
What if, contrary to my last assumption, people start to take prediction markets seriously enough to be influenced by them, but the prediction markets don't see a proportionate influx of actual investors and money -- so the cost of manipulating them remains about the same? IF prediction markets gain more influence in people's actual voting decisions, BUT those markets don't see an influx of new users, AND an election is close enough that the market odds could make a difference depending on when they're reported, AND someone spends enough to sustain the manipulated odds during crucial periods during the election... Well, that's a lot of assumptions you have to grant, but individually they're quite plausible -- and if all of them hold true, you could change the outcome of a presidential election for just a few million dollars spent on the prediction markets.
And in fact, if you successfully swung the election, you'd actually win all the wagers you had just placed -- which means that now rich manipulators can throw their election to their preferred candidate, and make a bundle. It also means that all those opportunists who usually act to "correct" the market odds deviations, by taking your free money when you start placing manipulative bets, could realize that your bets might actually change the outcome, and would decline to take your money -- which in turn means it would be even cheaper for manipulators to change the outcome, creating a self-reinforcing cycle. If smart bettors see that once a behemoth starts the market moving, the behemoth will probably win, they'll just get out of its way and clear an easier path.
The same kind of trick wouldn't normally work on the stock market -- if you're wealthy enough that you can increase the share price of a stock by buying enough of it to shift the market, then when you try to reap your profits by unloading the stock, the price will drift back down as you're selling it off. (Or if your purchases do manage to create a self-fulfilling prophecy -- your infusion of cash into the company enables them to realize their plans and become a genuine success -- well, then you're just a successful angel investor, more power to you.) But a presidential election prediction market would be analogous to a stock where if you can keep the price artificially inflated for several crucial hours on November 6th, 2012, then the price becomes permanently locked in at that point and you can sell it off for a profit, regardless of the value of the underlying company.
So, according to my own reasoning, this idea that I was so gung-ho about a few days ago, could not only be used to create a type of financial instrument that rewards manipulation more perversely than anything we've ever seen, but could also let a Saudi prince pick the next leader of the free world on a bet.
I'm not sure if there's a solution. I'm not a libertarian so I was never in favor of prediction markets as a matter of "personal liberty"; I was in favor of them because they're useful insofar as they can harness the wisdom of crowds to convey important information. But if they can be manipulated to influence real-world events, is it worth it?
In keeping with the theory that money does motivate people to think harder about such things, I'm once again offering $100 to be split between the readers who email me the best-argued solutions to this problem -- or the best counter-argument to any point I've made here. Put "prediction markets" in the subject line. If your submission wins a portion of the award, you can either claim the money for yourself, or to be donated to a preferred charity in your name. (I reserve the right to pay out less than the allotted $100 if there aren't enough worthy submissions, but that didn't happen last time.) Any sufficiently valuable comments are eligible even if they're not strictly counter-arguments or suggested alternatives, and I'll post a follow-up article summarizing what people send in. You can't make as much off of me, as you could have made by taking some market manipulator's intentionally losing bet on Intrade that Romney was going to win the election, but at least it's legal.
-
Even Capped Prediction Markets Can Be Manipulated
Slashdot regular contributor Bennett Haselton writes "My last article on prediction markets contained an erroneous assumption, one whose implications are far-reaching enough that they deserve their own article. (And if you read to the end, I'm offering $100 to be split between the readers who submit the best alternative solution or the best counter-argument to the points made here.)" Read below for the rest of Bennett's thoughts.In my last article, I wrote:
There could be rules and safeguards to prevent abuses of the system (rules that could be imposed by U.S. law, even if they're not enforced by overseas betting markets), such as not allowing individuals to bet more than $500. (This is already enforced by the Iowa Electronic Markets.) That's small enough to stop individual bettors from trying to manipulate the market through enormous wagers (although they might find ways to do that anyway). It's also small enough that it wouldn't be worth it for any one individual to try and influence a political outcome just to win a bet. You could try to enlist your friends to help you place a collective $10,000 bet on a single outcome, but the more people you rope into your coalition, the greater the chances of someone (a) turning you in for violating the betting laws, or (b) taking the $500 you lent them, and then refusing to pay it back if they win their portion of the wager.
There's an error here, but one subtle enough that even all the commenters (with no shortage of the usual snark) missed it. To begin with, consider what happens if two different betting markets are taking bets at different odds for the same event.
Suppose CappedEx, a futures exchange that limits each user to betting $500, is publishing 4:1 odds of an Obama victory. If you bet $40 that Obama will win and he wins, you get paid $10 (from other users on the exchange), but if he loses, you pay out $40. Meanwhile FreedomEx, an exchange that has no betting limit for any user, is publishing 6:1 odds for Obama winning. Bet $60 on Obama, and you get $10 if he wins, but pay $60 if he loses. On both markets, of course you can bet in the other direction as well.
What do you conclude from this? That the un-capped FreedomEx probably has more accurate odds, and that as James Surowiecki (author of The Wisdom of Crowds) said, betting limits "make [the markets] less accurate" and "real money is what makes it work"? Or that CappedEx, with its safeguards against manipulation, is more reliable, and FreedomEx is being manipulated by someone trying to change the reported odds of their favored candidate winning? Or that there is simply some random fluctuation in the odds as reported by various markets, so they'll naturally diverge at times?
The correct answer is: you should stop wasting time "concluding" things, and get online as soon as possible and make bets in both markets, because if they're allowing bets to be placed at different odds, you can guarantee yourself a profit.
Make a $50 bet in CappedEx on Obama to win (4:1 odds), and a $10 bet in FreedomEx on Romney to win (1:6 odds). If Obama wins, you win $12.50 in the CappedEx market and lose your $10 in FreedomEx, for a $2.50 profit. If Romney wins, you lose $50 in the CappedEx market but win $60 in FreedomEx, for a $10 profit. With a little algebra, you can show that any time the two markets allow you to place bets at different odds ratios, you can make a guaranteed profit by picking a ratio somewhere in the middle (in this case, the two ratios were 1:4 and 1:6, so we picked 1:5) and making separate bets in the two markets in opposite directions, for amounts in that ratio. (A commenter on the Marginal Revolution blog describes exactly how he made an almost risk-free profit through this kind of "pure arbitrage play". He said it was "almost" risk free because of other factors like currency conversion fluctuations.)
Now, any time a good is trading for a lower price in market A than it is in market B, and the costs of shifting the good between the two markets is negligible, traders will start to buy the good in market A and re-sell it for a profit in market B (the traditional definition of "arbitrage"). This increases demand in market A (driving the price up) and increases supply in market B (driving the price down) until the price difference disappears. In the same way, any time two prediction markets have different "market odds" for the same event, as arbitrage players lock in guaranteed profits by placing opposite bets in the two markets, the market odds in the two markets will converge toward each other until the gap is negligible. This is true even if one of the markets has a cap on what people can invest or how much they can stake on any particular outcome.
For Intrade, there couldn't be a worse time for someone to be pointing this out, but it seems logically inescapable: As long as there is a prediction market anywhere in the world that allows unlimited wagering on a particular outcome, all other prediction markets (whether they are capped or not) can be manipulated indirectly, by playing a large wager in the non-capped market. I was wrong to say that you would have to "enlist your friends" to place bets in the capped market, building a large coalition of market-manipulators (and hoping that none of them would rat you out for using them to circumvent wager-limiting rules). By placing a large wager in the non-capped market, and shifting the market odds there so that they're different from the odds in the capped market, you can indirectly "enlist" all the users in the capped market, to place arbitrage bets and make a guaranteed profit. When this happens, the odds in both the capped market and the non-capped market will shift, as the gap between them narrows -- which means you have manipulated the market odds in the capped market, without ever going near it yourself.
In this case, why have caps on the amounts wagered in prediction markets at all? (The Iowa Electronic Markets have a maximum investment balance of $500, and a 2008 paper, "The Promise of Prediction Markets, authored by several prominent economists, advocated the creation of prediction markets with a maximum investment of $2,000.) Presumably the cap is not to prevent unlucky investors from losing their life's savings, since the law already allows multiple ways to do that, by betting on volatile stocks in the stock market. And it won't stop market manipulation, if the capped market can still be manipulated by using another non-capped market as a proxy. Robin Hanson, Professor of Economics at George Mason University and one of the co-authors of the 2008 paper, candidly told me that the cap was just a matter of selling the idea: "As a practical matter, many people's comfort with such markets increases when there is a cap, so they are more likely to accept the proposal with a cap. So it makes one seem more reasonable to propose a cap, if one can get most of the benefits one wanted from such a system that has a cap, relative to one without it."
So is there a solution to the manipulation problem? Actually, is it even a problem? Robin Hansen and Ryan Oprea wrote another paper arguing that manipulators can improve prediction markets, by subsidizing the existing players in the markets and rewarding them for paying attention. (If a "manipulative" bet causes a sudden shift in the reported odds, opportunistic investors can place bets essentially wagering that the odds will return back to their previous level.) Economist Alex Tabarrok makes the same point here. This opportunism also means that the market shift caused by a manipulative bet usually corrects itself within a few minutes.
Presumably, if more people start to take prediction markets seriously, the incentives to manipulate them would increase. As Tabarrok adds, "prediction markets have truly arrived when people think they are worth manipulating". At the same time though, as more people start to take prediction markets seriously, presumably they'll attract more actual users, and since the amount of money required to shift the market is proportional to the amount already invested by everyone else, this means it will require larger amounts of money to shift the market odds to the same degree.
So these economists all seem to think that prediction market manipulation is a good thing, and that the prediction markets themselves are an even better good thing even when they can be manipulated, but now I'm not so sure. If people do think that market odds are worth manipulating, presumably the point is to create a self-fulfilling prophecy: People think that Romney's chances have gone up, so they become more incentivized to support him and vote for him, and soon his chances actually have gone up (although possibly not to the full extent of the boost in the manipulated market odds, so the manipulator may still lose money). If you can boost Romney's market odds even for a few minutes just by spending a few tens of thousands of dollars, how much would it cost to sustain the higher odds for several hours -- and what if those hours were at a crucial time in the election or in the news reporting cycle?
What if, contrary to my last assumption, people start to take prediction markets seriously enough to be influenced by them, but the prediction markets don't see a proportionate influx of actual investors and money -- so the cost of manipulating them remains about the same? IF prediction markets gain more influence in people's actual voting decisions, BUT those markets don't see an influx of new users, AND an election is close enough that the market odds could make a difference depending on when they're reported, AND someone spends enough to sustain the manipulated odds during crucial periods during the election... Well, that's a lot of assumptions you have to grant, but individually they're quite plausible -- and if all of them hold true, you could change the outcome of a presidential election for just a few million dollars spent on the prediction markets.
And in fact, if you successfully swung the election, you'd actually win all the wagers you had just placed -- which means that now rich manipulators can throw their election to their preferred candidate, and make a bundle. It also means that all those opportunists who usually act to "correct" the market odds deviations, by taking your free money when you start placing manipulative bets, could realize that your bets might actually change the outcome, and would decline to take your money -- which in turn means it would be even cheaper for manipulators to change the outcome, creating a self-reinforcing cycle. If smart bettors see that once a behemoth starts the market moving, the behemoth will probably win, they'll just get out of its way and clear an easier path.
The same kind of trick wouldn't normally work on the stock market -- if you're wealthy enough that you can increase the share price of a stock by buying enough of it to shift the market, then when you try to reap your profits by unloading the stock, the price will drift back down as you're selling it off. (Or if your purchases do manage to create a self-fulfilling prophecy -- your infusion of cash into the company enables them to realize their plans and become a genuine success -- well, then you're just a successful angel investor, more power to you.) But a presidential election prediction market would be analogous to a stock where if you can keep the price artificially inflated for several crucial hours on November 6th, 2012, then the price becomes permanently locked in at that point and you can sell it off for a profit, regardless of the value of the underlying company.
So, according to my own reasoning, this idea that I was so gung-ho about a few days ago, could not only be used to create a type of financial instrument that rewards manipulation more perversely than anything we've ever seen, but could also let a Saudi prince pick the next leader of the free world on a bet.
I'm not sure if there's a solution. I'm not a libertarian so I was never in favor of prediction markets as a matter of "personal liberty"; I was in favor of them because they're useful insofar as they can harness the wisdom of crowds to convey important information. But if they can be manipulated to influence real-world events, is it worth it?
In keeping with the theory that money does motivate people to think harder about such things, I'm once again offering $100 to be split between the readers who email me the best-argued solutions to this problem -- or the best counter-argument to any point I've made here. Put "prediction markets" in the subject line. If your submission wins a portion of the award, you can either claim the money for yourself, or to be donated to a preferred charity in your name. (I reserve the right to pay out less than the allotted $100 if there aren't enough worthy submissions, but that didn't happen last time.) Any sufficiently valuable comments are eligible even if they're not strictly counter-arguments or suggested alternatives, and I'll post a follow-up article summarizing what people send in. You can't make as much off of me, as you could have made by taking some market manipulator's intentionally losing bet on Intrade that Romney was going to win the election, but at least it's legal.
-
The Countries Most Vulnerable To an Internet Shutdown
Sparrowvsrevolution writes "In the wake of Syria's 52-hour digital blackout last week, the networking firm Renesys performed an analysis of which countries are most susceptible to an Internet shutdown, based simply on how many distinct entities control the connections between the country's networks and those of the outside world. It found that for 61 countries and territories, just one or two Internet service providers maintain all external connections–a situation that could make possible a quick cutoff from the world with a well-placed government order or physical attack." -
Interviews: Ask What You Will of Eugene Kaspersky
Eugene Kaspersky probably hates malware just as much as you do on his own machines, but as the head of Kaspersky Labs, the world's largest privately held security software company, he might have a different perspective — the existence of malware and other forms of online malice drives the need for security software of all kinds, and not just on personal desktops or typical internet servers. The SCADA software vulnerabilities of the last few years have led him to announce work on an operating system for industrial control systems of the kind affected by Flame and Stuxnet. But Kaspersky is not just toiling away in the computer equivalent of the CDC: He's been outspoken in his opinions — some of which have drawn ire on Slashdot, like calling for mandatory "Internet ID" and an "Internet Interpol". He's also come out in favor of Internet voting, and against SOPA, even pulling his company out of the BSA over it. More recently, he's been criticized for ties to the current Russian government. (With regard to that Wired article, though, read Kaspersky's detailed response to its claims.) Now, he's agreed to answer Slashdot readers' questions. As usual, you're encouraged to ask all the question you'd like, but please confine your questions to one per post. We'll pass on the best of these for Kaspersky's answers. Update: 12/04 14:20 GMT by T : For more on Kaspersky's thoughts on the importance of online IDs, see this detailed blog posting. -
Interviews: Ask What You Will of Eugene Kaspersky
Eugene Kaspersky probably hates malware just as much as you do on his own machines, but as the head of Kaspersky Labs, the world's largest privately held security software company, he might have a different perspective — the existence of malware and other forms of online malice drives the need for security software of all kinds, and not just on personal desktops or typical internet servers. The SCADA software vulnerabilities of the last few years have led him to announce work on an operating system for industrial control systems of the kind affected by Flame and Stuxnet. But Kaspersky is not just toiling away in the computer equivalent of the CDC: He's been outspoken in his opinions — some of which have drawn ire on Slashdot, like calling for mandatory "Internet ID" and an "Internet Interpol". He's also come out in favor of Internet voting, and against SOPA, even pulling his company out of the BSA over it. More recently, he's been criticized for ties to the current Russian government. (With regard to that Wired article, though, read Kaspersky's detailed response to its claims.) Now, he's agreed to answer Slashdot readers' questions. As usual, you're encouraged to ask all the question you'd like, but please confine your questions to one per post. We'll pass on the best of these for Kaspersky's answers. Update: 12/04 14:20 GMT by T : For more on Kaspersky's thoughts on the importance of online IDs, see this detailed blog posting. -
Interviews: Ask What You Will of Eugene Kaspersky
Eugene Kaspersky probably hates malware just as much as you do on his own machines, but as the head of Kaspersky Labs, the world's largest privately held security software company, he might have a different perspective — the existence of malware and other forms of online malice drives the need for security software of all kinds, and not just on personal desktops or typical internet servers. The SCADA software vulnerabilities of the last few years have led him to announce work on an operating system for industrial control systems of the kind affected by Flame and Stuxnet. But Kaspersky is not just toiling away in the computer equivalent of the CDC: He's been outspoken in his opinions — some of which have drawn ire on Slashdot, like calling for mandatory "Internet ID" and an "Internet Interpol". He's also come out in favor of Internet voting, and against SOPA, even pulling his company out of the BSA over it. More recently, he's been criticized for ties to the current Russian government. (With regard to that Wired article, though, read Kaspersky's detailed response to its claims.) Now, he's agreed to answer Slashdot readers' questions. As usual, you're encouraged to ask all the question you'd like, but please confine your questions to one per post. We'll pass on the best of these for Kaspersky's answers. Update: 12/04 14:20 GMT by T : For more on Kaspersky's thoughts on the importance of online IDs, see this detailed blog posting. -
Interviews: Ask What You Will of Eugene Kaspersky
Eugene Kaspersky probably hates malware just as much as you do on his own machines, but as the head of Kaspersky Labs, the world's largest privately held security software company, he might have a different perspective — the existence of malware and other forms of online malice drives the need for security software of all kinds, and not just on personal desktops or typical internet servers. The SCADA software vulnerabilities of the last few years have led him to announce work on an operating system for industrial control systems of the kind affected by Flame and Stuxnet. But Kaspersky is not just toiling away in the computer equivalent of the CDC: He's been outspoken in his opinions — some of which have drawn ire on Slashdot, like calling for mandatory "Internet ID" and an "Internet Interpol". He's also come out in favor of Internet voting, and against SOPA, even pulling his company out of the BSA over it. More recently, he's been criticized for ties to the current Russian government. (With regard to that Wired article, though, read Kaspersky's detailed response to its claims.) Now, he's agreed to answer Slashdot readers' questions. As usual, you're encouraged to ask all the question you'd like, but please confine your questions to one per post. We'll pass on the best of these for Kaspersky's answers. Update: 12/04 14:20 GMT by T : For more on Kaspersky's thoughts on the importance of online IDs, see this detailed blog posting. -
Interviews: Ask What You Will of Eugene Kaspersky
Eugene Kaspersky probably hates malware just as much as you do on his own machines, but as the head of Kaspersky Labs, the world's largest privately held security software company, he might have a different perspective — the existence of malware and other forms of online malice drives the need for security software of all kinds, and not just on personal desktops or typical internet servers. The SCADA software vulnerabilities of the last few years have led him to announce work on an operating system for industrial control systems of the kind affected by Flame and Stuxnet. But Kaspersky is not just toiling away in the computer equivalent of the CDC: He's been outspoken in his opinions — some of which have drawn ire on Slashdot, like calling for mandatory "Internet ID" and an "Internet Interpol". He's also come out in favor of Internet voting, and against SOPA, even pulling his company out of the BSA over it. More recently, he's been criticized for ties to the current Russian government. (With regard to that Wired article, though, read Kaspersky's detailed response to its claims.) Now, he's agreed to answer Slashdot readers' questions. As usual, you're encouraged to ask all the question you'd like, but please confine your questions to one per post. We'll pass on the best of these for Kaspersky's answers. Update: 12/04 14:20 GMT by T : For more on Kaspersky's thoughts on the importance of online IDs, see this detailed blog posting. -
Interviews: Ask What You Will of Eugene Kaspersky
Eugene Kaspersky probably hates malware just as much as you do on his own machines, but as the head of Kaspersky Labs, the world's largest privately held security software company, he might have a different perspective — the existence of malware and other forms of online malice drives the need for security software of all kinds, and not just on personal desktops or typical internet servers. The SCADA software vulnerabilities of the last few years have led him to announce work on an operating system for industrial control systems of the kind affected by Flame and Stuxnet. But Kaspersky is not just toiling away in the computer equivalent of the CDC: He's been outspoken in his opinions — some of which have drawn ire on Slashdot, like calling for mandatory "Internet ID" and an "Internet Interpol". He's also come out in favor of Internet voting, and against SOPA, even pulling his company out of the BSA over it. More recently, he's been criticized for ties to the current Russian government. (With regard to that Wired article, though, read Kaspersky's detailed response to its claims.) Now, he's agreed to answer Slashdot readers' questions. As usual, you're encouraged to ask all the question you'd like, but please confine your questions to one per post. We'll pass on the best of these for Kaspersky's answers. Update: 12/04 14:20 GMT by T : For more on Kaspersky's thoughts on the importance of online IDs, see this detailed blog posting. -
McAfee Was Not Captured
netbuzz writes "As rumors and news reports of John McAfee's alleged capture circulated widely yesterday – fueled by McAfee's own blog and blogging cohorts – police and other authorities in Belize denied that they had the man in custody and, well, they should have been believed. McAfee surfaced earlier this morning and had this to say in a blog post: 'We are not in Belize, but not quite out of the woods yet.' He also painted a picture of his 'escape' that could have been taken from a bad spy novel." -
Iran Suspends Programmer's Death Sentence
jamaicaplain writes "Reuters reports that 'Iran has suspended the death sentence for a computer programmer convicted on charges of running a pornographic website after he "repented for his actions," his lawyer was quoted as saying on Sunday. Saeed Malekpour, an Iranian citizen and Canadian resident, was arrested in 2008 while visiting relatives in Iran, according to Amnesty International. Although Iranian authorities accused him of running a pornography site, Amnesty has said the charges appear to stem from a software program created by Malekpour that was used without his knowledge to post pornographic images.'" It's not clear if he'll ever be released, however. -
The Foldable Readius Ereader Is Dead
Nate the greatest writes "One of the stranger ereader/smartphone hybrid devices ever to grace the pages of a tech blog is now officially never dead. Polymer Vision, creator of the Readius ereader, has been shut down by its parent company. This company launched in 2004 with the goal of bring an ereader with a foldable 5" E-ink screen to market. They shipped an initial production run of about 100 thousand units before going bankrupt in 2009. Wistron bought the company out of receivership and has been paying to develop the screen tech. PV has made a number of prototypes over the past few years, but they never made it out of the lab. The closest we came to ever seeing one was a render of a smartphone design which could expand to the size of a tablet." -
Julian Assange: "Online Totalitarianism Is Near, Entire Nations Are Intercepted"
dryriver writes "Russia Today's correspondents have visited Julian Assange in the Ecuadorian Embassy in London, where Assange has been holed up for nearly 6 months now. In the 12 minute long interview with RT, Assange has many interesting things to say about privacy, and government data interception in particular. A small excerpt: 'The people who control the interception of the Internet and, to some degree also, physically control the big data warehouses and the international fiber-optic lines. We all think of the Internet as some kind of Platonic Realm where we can throw out ideas and communications and web pages and books and they exist somewhere out there. Actually, they exist on web servers in New York or Nairobi or Beijing, and information comes to us through satellite connections or through fiber-optic cables. So whoever physically controls this controls the realm of our ideas and communications. And whoever is able to sit on those communications channels, can intercept entire nations, and that's the new game in town, as far as state spying is concerned — intercepting entire nations, not individuals. ... So what's happened over the last 10 years is the ever-decreasing cost of intercepting each individual now to the degree where it is cheaper to intercept every individual rather that it is to pick particular people to spy upon.'" -
Interview With Icculus on GNU/Linux Gaming
Via Phoronix comes a link to an interview with prolific GNU/Linux game porter Icculus about the state of gaming on GNU/Linux. Topics include Steam, Windows 8, his experiences trying to push FatELF vs full screen games, and the general state of the game industry. From the article (on the general state of games on GNU/Linux): "It's making progress. We're turning out to have a pretty big year, with Unity3D coming to the platform, and Valve preparing to release Steam. These are just good foundations to an awesome 2013." -
Interview With Icculus on GNU/Linux Gaming
Via Phoronix comes a link to an interview with prolific GNU/Linux game porter Icculus about the state of gaming on GNU/Linux. Topics include Steam, Windows 8, his experiences trying to push FatELF vs full screen games, and the general state of the game industry. From the article (on the general state of games on GNU/Linux): "It's making progress. We're turning out to have a pretty big year, with Unity3D coming to the platform, and Valve preparing to release Steam. These are just good foundations to an awesome 2013." -
Senate Committee Approves Stricter Email Privacy
New submitter DJ Jones sent in good news in the attempts to update privacy rights for stored electronic communication. From the article: "The Senate Judiciary Committee on Thursday approved a bill that would strengthen privacy protection for e-mails by requiring law enforcement officials to obtain a warrant from a judge in most cases before gaining access to messages in individual accounts stored electronically. The bill is not expected to make it through Congress this year and will be the subject of negotiations next year with the Republican-led House." The EFF seems pretty happy with the proposed changes, but notes that the bill also reduces the protections of the Video Privacy Protection Act in order to allow Netflix et al to sell your viewing history. -
Windows XP Drops Below 40% Market Share While Windows 8 Passes 1%
An anonymous reader writes "Just three months ago, we reported how Windows 7 had finally overtaken Windows XP in terms of market share. Now it's time to see how long it takes Windows 8 to succeed its predecessors. Between October to November, Windows XP fell to 39.82 percent while Windows 8 jumped to 1.09 percent." -
Syrian Malware Servers Survive, Then Die
Nerval's Lobster writes "A massive outage knocked Syria's Internet offline Nov. 29 — with the exception of five servers implicated in serving malware earlier this year. But the next day, those five servers went dark as well. Internet analytics firm Renesys suggested late Nov. 29 that those five servers were likely offshore. 'Now, there are a few Syrian networks that are still connected to the Internet, still reachable by traceroutes, and indeed still hosting Syrian content,' the company wrote in a blog post. 'These are five networks that use Syrian-registered IP space, but the originator of the routes is actually Tata Communications. These are potentially offshore, rather than domestic, and perhaps not subject to whatever killswitch was thrown today within Syria.' By the morning of Nov. 30, those five servers went offline. 'The last 5 networks belonging to Syria, a set of smaller netblocks previously advertised by Tata Communications, have been torn down and are no longer routed,' Renesys wrote." CloudFlare has a blog post confirming that the Syrian government was responsible for flipping the switch, contrary to their claims. Meanwhile, Anonymous has started targeting the Syrian government's remaining websites and helping to get communications channels flowing out of Syria. Google is reminding people of its Speak2Tweet service, which lets people post to Twitter through voicemail over still-functioning phone lines. -
Syrian Malware Servers Survive, Then Die
Nerval's Lobster writes "A massive outage knocked Syria's Internet offline Nov. 29 — with the exception of five servers implicated in serving malware earlier this year. But the next day, those five servers went dark as well. Internet analytics firm Renesys suggested late Nov. 29 that those five servers were likely offshore. 'Now, there are a few Syrian networks that are still connected to the Internet, still reachable by traceroutes, and indeed still hosting Syrian content,' the company wrote in a blog post. 'These are five networks that use Syrian-registered IP space, but the originator of the routes is actually Tata Communications. These are potentially offshore, rather than domestic, and perhaps not subject to whatever killswitch was thrown today within Syria.' By the morning of Nov. 30, those five servers went offline. 'The last 5 networks belonging to Syria, a set of smaller netblocks previously advertised by Tata Communications, have been torn down and are no longer routed,' Renesys wrote." CloudFlare has a blog post confirming that the Syrian government was responsible for flipping the switch, contrary to their claims. Meanwhile, Anonymous has started targeting the Syrian government's remaining websites and helping to get communications channels flowing out of Syria. Google is reminding people of its Speak2Tweet service, which lets people post to Twitter through voicemail over still-functioning phone lines. -
Ask Slashdot: Good Linux Desktop Environment For Hi-Def/Retina Displays?
Volanin writes "I have been using Linux for the last 15 years both at home and at work (mostly GNOME and now Unity). Recently, I gave in to temptation and bought myself a Macbook retina 15". As you can read around, Linux still has no good support for this hardware, so I am running it inside a virtual machine. Running in scaled 1440x900 makes the Linux fonts look absolutely terrible, and running in true 2880x1800 makes them beautiful, but every UI element becomes so tiny, it's unworkable. Is there a desktop environment that handles resolution independence better? Linux has had support for SVG for a long time, but GNOME/Unity seems adamant in defining small icon sizes and UI elements without the possibility to resize them." -
Why Microsoft's Surface Pro Could Fail
Nerval's Lobster writes "Microsoft's Surface Pro boasts one feature that could rapidly become an Achilles Heel, especially if Microsoft intends for the device to compete against Apple's iPad and a host of lightweight Google Android touch-screens. In a Nov. 29 Tweet to a customer, the official Surface Twitter feed claimed: 'We expect it [Surface Pro] to have approx. half the battery life of Surface with Windows RT.' That means Surface Pro will have roughly four hours of battery life. That's roughly half the battery life (if not less) of Apple's various iPads, the Samsung Galaxy Tab 10.1, Research In Motion's PlayBook, Hewlett-Packard's now-cancelled TouchPad, and Motorola's all-but-forgotten Xoom. In other words, pretty much every tablet currently on the market. Nor can the Surface Pro compete with other tablets on price. The 64GB version of the device will retail for $899, with the 128GB version coming in a little higher at $999." -
In Calculator Arms Race, Casio Fires Back: Color Touchscreen ClassPad
KermMartian writes "In what seems to be an accelerating arms race for graphing calculator supremacy between Texas Instruments and Casio, the underdog Casio has fired a return salvo to the recently-announced TI-84 Plus C Silver Edition. The new ClassPad fx-CP400 has a massive color touchscreen and a Matlab-esque CAS. Though not accepted on the SAT/ACT, will such a powerful device gain a strong following among engineers and professionals?" -
NPD Group Analysts Say Windows 8 Sales Sluggish
Nerval's Lobster writes "While Microsoft claims it's sold 40 million Windows 8 licenses in the month since launch—a more rapid pace than Windows 7—new data from research firm The NPD Group suggests that isn't helping sales of actual Windows devices, which, in its estimation, are down 21 percent from last year. Desktops dropped 9 percent year-over-year, while notebooks fell 24 percent. 'After just four weeks on the market, it's still early to place blame on Windows 8 for the ongoing weakness in the PC market,' Stephen Baker, vice president of industry analysis at The NPD Group, wrote in a Nov. 29 statement attached to the data. 'We still have the whole holiday selling season ahead of us, but clearly Windows 8 did not prove to be the impetus for a sales turnaround some had hoped for.'" That seems to match the public grumbling of Acer and Asus about early sales. And though these figures exclude Surface sales, the newly announced prices on for new Windows 8 Pro-equipped Surface tablets might not endear them to anyone. Have you (or has your business?) moved to Windows 8? -
Notch Expands On 0x10c, Microsoft and Quantum Computing
eldavojohn writes "Mojang's Marcus Persson (better known as 'Notch') has answered quite a few questions in an interview with PC Gamer about his new game 0x10c. Since its announcement, there's been very few details about game play aside from the DCPU-16 and art tests. But in this interview, Notch has revealed quite a bit about how the game will function and non-final ideas he has for either a monthly fee to play in a 'multiverse' or micropayments. He talks about a custom OS people are working on to load into the game's CPU as well as a an in-game 3D printer that will allow you to make virtual objects. When asked about Kickstarter and his Oculus dev kit, Notch said 'Definitely going to make it work in 0x10c no matter what' and his account of using the Oculus Rift sounds more than promising for the VR Device. When asked about Linux he said, '[Linux] is wonderful. I think we need to have it, and it's a shame that more people, including myself, don't use it. It's gotten easier and friendlier.' When asked about Microsoft he said, 'I use their OS – Windows 7 is an amazing operating system in my opinion and of course there's the Xbox, which I love. I'm sure Bing is going to take off and save them. [Editor's note: Notch is smiling mischievously as he says this.]'" -
Notch Expands On 0x10c, Microsoft and Quantum Computing
eldavojohn writes "Mojang's Marcus Persson (better known as 'Notch') has answered quite a few questions in an interview with PC Gamer about his new game 0x10c. Since its announcement, there's been very few details about game play aside from the DCPU-16 and art tests. But in this interview, Notch has revealed quite a bit about how the game will function and non-final ideas he has for either a monthly fee to play in a 'multiverse' or micropayments. He talks about a custom OS people are working on to load into the game's CPU as well as a an in-game 3D printer that will allow you to make virtual objects. When asked about Kickstarter and his Oculus dev kit, Notch said 'Definitely going to make it work in 0x10c no matter what' and his account of using the Oculus Rift sounds more than promising for the VR Device. When asked about Linux he said, '[Linux] is wonderful. I think we need to have it, and it's a shame that more people, including myself, don't use it. It's gotten easier and friendlier.' When asked about Microsoft he said, 'I use their OS – Windows 7 is an amazing operating system in my opinion and of course there's the Xbox, which I love. I'm sure Bing is going to take off and save them. [Editor's note: Notch is smiling mischievously as he says this.]'"