Some more Satellite Risks

Back in 2009 I posted on the risk of GPS satellite positioning system degrading over the next few years, both in terms of coverage and accuracy, due a decrease in the number of operational satellites. This risk was the main finding of an audit performed by the Government Accountability Office (GAO), where Monte Carlo simulations predicted that the number of operational satellites would fall below the threshold required to provide positioning at agreed service levels. In short, too many satellites that were approaching, or had passed, their expected operational life were being relied on to continue functioning in the absence of replacements. Engineers know that satellites have very finite operational lifetimes, and at some point will simply stop working and start drifting.

And one significant satellite did just that  last month, as reported by the Economist for example. The satellite in question was Envisat, one without GPS responsibilities thankfully, launched in 2002 to provide a wide range of environmental data which it has delivered handsomely in the terabyte range. It is a critical primary source of data for scientists, providing continuous observations until contact was lost last month. The European Space Agency has formally announced that the mission of Envisat has been completed, and successfully so, after celebrating it’s tenth year of operation when only five were expected – both from an engineering and funding perspective.

So Envisat was living on borrowed time, five years of it or 100% additional mission time, as the GAO report on the GPS satellite constellation was asserting. The Economist article goes on to name some culprits in the case of Envisat, with governments being allocated the lion’s share due to lack of funding. Both NASA and ESA are unwilling to sure up their Earth-observation programs without additional government guarantees.

There is another risk beyond the loss of service provided by Envisat or GPS satellites, and that is additional space debris created by these satellites once they stop functioning. It is estimated that Envisat will orbit the Earth for the next 150 years before being drawn down into its atmosphere. During this time it will be at risk from colliding with other existing space debris, breaking into smaller pieces upon impact, producing even finer debris. This is known as the Kessler Syndrome, proposed by NASA scientist Donald J. Kessler in 1978, who commented on the Envisat demise as follows

It seems ironic that a satellite intended to monitor the Earth’s environment is at risk from the space environment and is likely to become a major contributor to the debris environment.

Orbital debris and the collisions that may result from its presence, are a significant risk for NASA. There is a 180-page  report on this topic which, apart from the specific subject matter, contains many useful risk principles and guidelines.

Chrome headed to be #1 Browser

Business Insider recently reported that Chrome is now the number 1, or near number one browser of choice, and its popularity has come as the expense of IE as shown in the chart below

The data set is based on statistics collected by StatCounter, and is probably not reliable for specific figures but sufficiently reliable for showing trends – in this case, that Chrome is stealing market share mainly from IE and somewhat from Firefox. In any case, a significant amount of internet traffic is now being funneled through the Chrome security model. The previous browser prediction that I posted on, that Firefox would overtake IE by Christmas 2012, agrees quite well with the data set above.

Crypto from Tesco

You can now order the new Block Cipher Companion book from Tesco’s, just published this month. I have seen an earlier draft and the text is very detailed and comprehensive, as you would expect from authors of this caliber.

Xobni becomes Smartr

I recently posted about the reads on my Scribd collection, and one of the most frequently read is the master’s thesis by the founder of Xobni (inbox spelt backwards) called How to Organize Email. There is a new version of this software called Smartr for Gmail and you can watch a video on its features.

Yoda Pie Chart - there is no Try

Love it, from Flowing Data.

150,000 reads of my Scribd documents

I have uploaded about 200 documents to Scribd over the last few years and the number of reads has just passed 150,000. You can see the categories here. The top 5 documents, each with over 3000 reads each are

• A Data Centric Security Model (almost 6,000 reads)
• The Core Components of the Entrust PKI v5
• BA IT Security Awareness presentation.
• How to Organize Email
• How much is enough? A Risk Management Approach to Computer Security

The Other Binomial Expansion

From this collection of creative exam answers.

SHA post as SPAM magnet

Don’t ask me why but a lot of SPAM has accrued, and keeps accruing, at this May 2009 post on SHA-1. Apart from the common penis enlargement references, some of the other SPAM is quite long and seems to be playing on some quirk of SEO. Fine.

Fibonacci Pigeons

This just made me laugh.

These aren’t the key management systems you are looking for

This is a nice presentation on enterprise key management issues from Anthony Stieber given at the 2nd IEEE (KMS 2010) Key Management Summit. The main message is that KMS is tricky and don’t roll your own. By the way if you are looking for examples of Powerpoint that breaks all the rules for good presentations, then you will find them here.

Also there is a very polished and informative presentation from Chris Kostick of E & Y on an enterprise key management maturity model, and below is a comprehensive diagram on the life-cycle management of keys.

Liability for Risk Decisions

I am currently in-between positions, somewhat happily, and are casting my net of interest a bit wider than my traditional roles in IT Security and Risk. One position that caught my eye from a global reinsurer in town was the role of Earthquake Expert within their Natural Catastrophe department (or Nat Cat in insurance lingo). I really don’t have any specific background in this area but I sometimes entertain the idea that I can transfer hard-learnt crypto math skills into a numerate role like this one which calls for extensive modeling and prediction. You also think that this might be a nice and cozy niche area to ply your trade as a specialist, holding something of a privileged position.

Well I was disabused of any such notion this week when I read this week of six Italian scientists and a former government official are being put on trial for the alleged manslaughter of the 309 people who died in the 2009 L'Aquila earthquake in Italy.

The seven defendants were members of a government panel, called the Serious Risks Commission (seriously), who were asked to give an opinion (or risk statement) on the likelihood that  L'Aquila would be struck by a major earthquake, based on an analysis of the smaller tremors that the city was experiencing over the previous few months. The panel verdict delivered in March stated that there was "no reason to believe that a series of low-level tremors was a precursor to a larger event". A week later the city suffered an earthquake of magnitude 6.3 on the Richter Scale, denoting a “strong quake”.

The crux of the case against the scientists is that they did not predict the strong quake coming to L'Aquila to allow a proper evacuation of its inhabitants. The defense rebuttal is simply that such a prediction is impossible, and they cannot be held accountable for this unreasonable expectation. The scientists cannot be expected to function as a reliable advanced warning system. The international scientific community has weighed in to support the defendants with a one-page letter from the American Association for the Advancement of Science, which supported the scientists by saying that there is no reliable scientific process for earthquake prediction, and they should not be treated as criminals for adhering to the accepted practices of their field.

Recently people were evacuated from New York City as precaution to the impact of Hurricane Irene. The hurricane passed by New York causing far less extensive damage than expected, and yet there were still complaints from residents about being asked to leave their homes “unnecessarily”. It seems that authorities cannot win in these matters unless they can predict the future accurately.

PageRank Increment for No Tricks

Every now and again I run this blog through the free Website Grader tool which measures your site on a variety of criteria, hoping to lure you for a more thorough paid analysis. The tool used to report a PageRank value, and No Tricks seemed to be stuck at 3 for quite a few years. The site now uses there own page ranking metric, which reported a value higher than 3. I was overjoyed and eagerly confirmed that the “true” PageRank metric had also increased from 3 to 4, representing some form of “exponential” improvement since the scale is logarithmic. I can now claim that the No Tricks site has gone from being of “low importance” to being of “medium importance”. Fine, I’ll take it.

Incidentally, I wrote a short introduction to the mathematics of PageRank a few years back, with a security spin.

Jesus and spending a trillion dollars

Amit Agarwal at Digital Inspiration has put together some information on just how big the number one trillion actually is, in human-sized terms. We have heard a lot about trillions of dollars in the context of credit crisis and, more recently, in the debate over the US budget deficit. Not to mention that Facebook recently reported that their total number of page views has passed the one trillion mark.

Agarwal started by reporting the following Biblical metaphor

If you start spending a million dollars every single day since Jesus was born, you still wouldn't have spent a trillion dollars by today.

And in terms of a diagram, Agarwal starts with takes a single 100 dollar US bill, and represents larger values as

Extending further, a trillion dollars then requires a football field of space, as shown below, with our human-sized man dwarfed in the bottom left corner.

Can you win the lottery too many times?

Last year I posted on The Fabled 25 Sigma Event, referring to a quote from David Viniar, then CFO of Goldman Sachs, who was attempting to describe the magnitude of the movements in the financial markets. Mr. Viniar probably did not fully understand the implications of what he was saying, since a 25 sigma event translates into a phenomenon occurring once every 10^{135} years - a period of time that we have yet to see even a fraction of. Several researchers at the business school of the University College Dublin gave another interpretation of how unlikely this event was by stating that it equates to winning the UK lottery more than 20 times in a row.

Winning the lottery 20 times does seem very unlikely. Recently a woman won the Texas lottery for the fourth time in the last 10 years or so, accumulating prize money of  just over 20 million USD, and is being scrutinized by the press for potential fraud. There is a lot of suspicion about the luck of Joan Ginther (pictured below) and her winning streak. Googling on “4 time lottery winner” produces pages of articles on Ginther’s supposed luck.

Nathaniel Rich ran an interesting 4-page story in the August issue of Harper’s magazine, where he visits the small Texas town of Bishop to look at the lone town store where three of the winning tickets were purchased. Rich spoke to enough mathematics professors beforehand to determine that the odds of an individual winning four times by pure luck are extremely low indeed, about 10^{-24}, or a practical impossibility (still “far more likely” than a 25 sigma event though). The alternate scenarios are (1) an inside job potentially amongst the state lotteries and their suppliers (2) cracking the parameters of the psuedo-random number generator for selecting the winners, and (3) dumb luck, or increasing your odds of winning by buying many tickets. The most likely answer seems to be a combination of (2) and (3).

The local town people are going with scenario 3 or just ascribing it to pure luck outright, as there is a strong (American) belief that everyone can be a winner. Getting back to those 25 sigma events, it seems then that no one would actually be able to win the UK lottery over 20 times as they would be suspected of foul play, and likely to find themselves arrested way before that many wins. Perhaps Mr. Viniar should have been arrested for his remarks.

An unexpected business model for Angry Birds

Rovio, the company that developed Angry Birds, recently announced at the Techcrunch Disrupt conference that they are now selling more than one million Angry Birds T-shirts and toys each month. That’s after 350 million downloads of the game. What a business model, if they were intending it, and a movie deal is apparently in the works as well. Oh yes, and a theme park. So it seems it is possible to use a mobile game as the basis to leverage the creation of real world profits.