Friday, November 25, 2011

Crisis averted: no need for oral surgery

You know the story about the man who goes into hospital for an examination of his left knee and ends up having his right leg amputated? That nearly happened to me, albeit on a much smaller scale.

The story starts about a month and a half ago when I went to the dental clinic for a routine checkup. The only thing that the dentist could find that needed treatment was the wisdom tooth on the left upper hand side (let's dispose with technical terms such as maxilla and mandible). I was surprised as I thought that I had had all my wisdom teeth extracted; it turns out that I had the teeth on the right hand side extracted but not on the left. The tooth was decaying and as there was no corresponding tooth on the lower side (the jaw), the dentist thought it best that the tooth be extracted. 

She tried to take x-rays of the offending tooth but because of its position, she wasn't able to get a good picture, so she sent me to get a panoramic x-ray of my teeth. This I did, which I returned to the clinic; then I waited for the expert to decide whether the extraction could be performed in the clinic or in hospital (both of my children have had wisdom teeth extracted in the oral surgery department of the hospital).

Yesterday I kept my appointment with the expert; he looked at the x-ray and saw a wisdom tooth embedded on the lower left hand side, at 90 degrees to the rest of my teeth: a perfect case for surgical extraction. He wrote an explanatory note for the surgeon at the hospital and sent me on my way. Outside, I was stunned for a few moments until I recalled that my regular dentist had sent me for a panoramic x-ray because she couldn't get a good picture of the decayed tooth. If she could see the tooth then it couldn't be embedded!

I went back to the expert and explained why I had been referred to him in the first place. He consulted my dental notes, saw what my dentist had written and confirmed that he had indeed been looking at the wrong tooth. Instead of an operation, I needed a relatively simple extraction, which he could do in half an hour. Crisis averted.

He still thinks that the embedded tooth should be extracted, but as long as it's not causing any problems, there's no real need to do so. Dentists are divided on whether such teeth should be extracted as a manner of course. The surgical extraction of the wisdom tooth on the upper right hand side some 25 years ago caused me many after-affects, including low blood pressure for a few years. That's not something that I will willingly undergo again if there is no real acute cause.

Sunday, November 20, 2011

Two spy novels

Despite having invested in a Kindle, I found myself ordering two real books a week ago, as either there aren't Kindle versions available yet or the Kindle version is more expensive.

First off was the third book by Stella Rimington in her Liz Carlyle series, "Illegal action". The basis of this book was more to my liking that the previous ones: Liz has been transferred to Counter-Intelligence (i.e. working against the Soviet threat) from Counter-Terrorism. As an old cold warrior, I much prefer the deviousness of the Soviets. I can't put my finger on the exact cause, but all the way through the book, I kept feeling unsatisfied. As I have pointed out before, Rimington is no literary stylist and seems to write by the numbers (at five sixths of the way through the book, there will be a huge twist in the story which changes one's entire outlook). There are always a few chapters in which the main character of the chapter is referred to solely as "He" or "She", meaning that Rimington is describing someone's actions but that she doesn't want the reader to guess who that person is. I won't reveal the detail for this book, but it wasn't too hard to figure out who the mystery person was. At the end of the book, I found myself so unimpressed that I decided probably not to bother buying any more books in this series. A shame, because a better writer could have done so much more with the story elements.

On the other hand, "The Trinity Six" by Charles Cumming was the real thing. Dense, intriguing and cerebral, this is a worthy successor to Le Carre, mixing fact with fiction almost seamlessly. I've read most of the books listed in the 'bibliography' at the end, so the the historical parts of the story were very familiar. Cumming's anti-hero, Dr Sam Gaddis, does come over as slightly too resourceful for an academic, but that only makes for a better story. He is also a tad too trusting during at least the first half of the novel; I would have thought that someone as well versed in all things Russian would have been more suspicious. Presumably I had an advantage over Gaddis in that I could read what other characters in the book were doing when they were not interacting with him, and so I was able to identify his babysitter well in advance. I also found the fact that Gaddis repeatedly was able to slip under the Russians' radar unbelievable. Maybe they too have lost their touch since the end of the cold war.

Looking back on the story (and this is one that deserves a second and third read, without doubt), it occurs to me that the focus of the story changes in a subtle manner about half way through: the sixth man becomes abandoned and someone else takes his place as being the the book's raison d'etre. The sixth man essentially becomes a red herring.

I hope that Cumming's other book, "A Spy by Nature" is of a similarly high quality. I note that Cumming was approached to join MI6 but turned them down.

Sunday, November 13, 2011

Relieving the pressure

I wrote a few days ago about waking up every morning and feeling anxious about the finance exam, which will take place in another 25 days. I found the perfect solution - I sat down and solved some of the questions from previous exams.

The lecturer pointed out a few questions from previous papers; these were so old that there was no printed solution, which actually is a good thing as one can't cheat. I solved about 80% of the questions correctly, and asked her (the lecturer) on Friday about the points which I wasn't sure about. I'm going to sit down either tonight and tomorrow night and resolve the questions, thus reinforcing the techniques which I need. She will demonstrate how to solve the questions on Tuesday and I want to be super-prepared.

I point out that during the Marketing course, we 'solved' the same exam question again and again until we had it down perfectly and could reproduce the answer from memory. There, the answer took five pages of A4 paper, filled with writing. Solving a finance question is much shorter.

It has become clear what the tactics are: first of all, one has to find the cost of capital which to be used, which is the weighted cost of equity and debt (WACC). There are two ways of calculating the cost of equity and two ways of calculating the cost of debt; in both cases there is one simple method (SML) and one slightly more complicated method (dividends and yield to maturity). I knew the simple methods but wasn't too familiar with the more complicated methods; this has now been rectified.

Then one has to lay out a cash flow table. This isn't complicated but it can be finicky. Once the cashflow is known along with the cost of capital, then one can calculate the net present value (NPV). These are the basics of every question.

The questions which will be answered on Tuesday have the same characteristic in that one has to compare two projects with different lengths. In these cases, it's not enough to calculate the NPV; one also has to calculate the average cost per year. It's not correct to divide the NPV by the number of years that the project runs; one has to perform another calculation on the NPV in order to calculate the annual payment. The lecturer tells me that one will still be able to calculate which project is better if one performs simple division, but that the figure won't be right.

One question was about two machines, one having a life time of four years and the other seven. Another question was about renewing the parquet floor of a basketball court (four and eight years); this latter question can also be solved by changing the cash flow so that there is a second investment after five years. Put simply, which is better - investing $1,000 in a washing machine which will last eight years, or $600 in a washing machine which lasts four years and will then have to be bought again? 

Once one has finished with these questions, the examiners always twist the knife a little and change the scenario. How would the washing machine answer change if there is 3.5% annual inflation? What would happen if the more expensive washing machine lasts nine years instead of eight?

As one can easily get confused about inflation, I think it wise to note a few things here. One can either work with nominal figures (no adjustment for inflation) or real figures (adjusted for inflation), although of course one has to know whether the figures are nominal or real. Rule of thumb: unless otherwise explicitly noted, all figures are nominal. Thus, if we have to pay $600 for a washing machine now and there is 3.5% annual inflation, then in four years time we will have to pay 600 X 1.035 X 1.035 X 1.035 X 1.035 = $668.5; this is the figure than one puts into the cash flow whilst leaving the cost of capital unchanged. The other way of doing this is by leaving the price at $600 and reducing the cost of capital by 1.035 to the power of four, but this seems to be less intuitive even though mathematically it is exactly the same.

Anyway: the pressure is relieved and I am confident.

Kindle arrives

I received my Kindle on Friday lunchtime. At first, I thought that I was missing a cable, but it turns out that the power cord is one of those new-fangled dual-function cables which serves as both USB and power cable. My first act upon arriving home was to connect the Kindle to mains electricity via the USB charger.

After a few hours, I became inquisitive as to whether the Kindle was fully charged (apparently not) and whether I could use it. After a fair amount of scratching my head and looking at web sites, I was just about to write to a technical support site when I noticed another post in which someone wrote about having problems turning the Kindle on. "One has to turn the Kindle on?", I asked myself. I then had a close look at the user guide (which is on the web and on the Kindle, but of course I couldn't access the Kindle version yet) and discovered that there is a recessed power button. I pressed the button and the Kindle came to life. I laughed for about five minutes.

Once I crossed this minor hurdle, I saw fairly quickly how to use the controls. There are still some things which I haven't learnt yet but I'm sure that I'll catch on quickly. I connected the Kindle to my computer and loaded all the books which I have stored in preparation for this great event. Then I was indeed able to read books.

Two observations: one can sort the books by title, by author or by last loading date. It would be more useful if I could sort by last access date. I will have to see whether this is possible.

Secondly, most books - even if they were originally PDF files - converted well and are readable. It seems that the PDFs aren't as navigatable as the MOBI files, as they are lacking chapters. I had converted the PDF text to my current MBA course to MOBI and looked at this on the Kindle. When the text was pure text, then it was easily readable, but tables and formulae came out in a wrong format and are useless. Reading the finance text was very difficult, so I think I'm not going to bother with this again. On the other hand, my next MBA course will be 'Negotiation', and I imagine that this will be mainly text so it should be readable.

Early days yet, but the machine seems promising.

Wednesday, November 09, 2011

Feeling the pressure

My exam in finance will take place in four weeks (and one day), theoretically plenty of time to become even more acquainted with the material. Despite this, every morning I awake with the emotion of anxiety running through my body.

Every week there is a lecture on Friday morning and a 'practice session' on Tuesday evening, in which the lecturer goes over previous exam questions and solves them. Yesterday evening was the first time that I attended such a session, and noted that there was almost 100% attendance. The first question which the lecturer chose to solve covered about 60-70% of the curriculum, so obviously it was a good choice. 

I haven't attended these sessions for a few reasons; first of all, I can manage quite well on my own to solve the questions (although a bit of help will go a long way!), and secondly I imagine that the pace of these sessions is quite slow. It wasn't quite as slow as I had thought that it would be but I still had plenty of time in which to twiddle my thumbs and progress within the question (which is really a scenario with five or six questions to be solved) before the lecturer caught up.

She has given us a few more questions to do as homework; I am going to work on these on my own and hopefully finish them before Friday's lecture (it depends how much time I will have to devote to them). If the homework goes ok, then I won't bother attending next week. We have the answers to all the questions so I'm not dependent on 'handing in the homework' in order to see how well I have done. Of course, the temptation exists to read the answer before attempting the question, but the value of doing so is negative - the idea is to learn how to solve the questions and not particularly to solve them.

I will definitely go over the exam questions which she solved last night as it is important to get into the habit of solving them, to recognise which fact means what, which details can be ignored and which are very important.

Apparently the lecturer had provided in a previous session an analysis of subjects and in which exams they had occurred. I don't like playing 'exam lotto' very much as it can be dangerous. Even so, it is clear that certain subjects such as cash flow (the most basic concept), CAPM and risk in a company which has two separate divisions are going to appear in the exam.

Unfortunately for me, there are quite a few sub-questions which require writing about theoretical models as opposed to calculating values. I imagine that most people find the written material easier to regurgitate as opposed to the numbers, but I'm inclined the other way.

Friday, November 04, 2011

User defined menus

In our weekly meeting today, the Occupational Psychologist raised the possibility of adding user defined menus to her management program. At first I demurred, as the menu is something which is fixed at compile time, but later I figured out a way in which to implement this.

Fortunately, I have already defined a table ('progs') in the program which lists all the forms which I use to track program usage. To this table I added two new fields: the option's name in Hebrew, as it appears in the main menu, and a flag to show whether this is indeed an option which appears on the main menu. Then I added to the form which adds data to the above table fields so that I could mark the required forms.

The next stage was to define a table ('usermenu') which contains the data regarding the user defined menus: an id, the user's internal id number, the menu option's program number and the display order of the option. Then I defined a pair of forms which allow the user to maintain a list of her options, to set the order and to add/remove items.

I haven't gone into much detail regarding the above because it's all fairly straight forward. The challenging part was figuring out how to read the table and turn the entries into real menu entries at run time. Creating menu entries at real time is not difficult, but connecting a random menu entry to the correct event handler (what should the program do when the new option is clicked) is the crux of the matter.

I handled (sorry about the pun) this by finding the pre-defined event handler for the menu option and copying its event handler into the new menu option. For example, if there is an entry in the 'usermenu' table for the program 'DoDockets', then the function FindOption, which appears in the code below, traverses the fixed menu structure looking for a menu item whose caption is 'DoDockets'. The function exits when the match is found, and this menu item's event handler is copied.

The program knows that it is to add the dynamic entries to a main menu whose name is mnUser.
procedure TMainForm.FormShow(Sender: TObject);
 item, original: tmenuitem;
 menucaption: string[31];

 Function FindOption (const s: string): TMenuItem;
  found: boolean;
  i: integer;
  tmp: tmenuitem;

  found:= false;
  i:= -1;
  while not found do
   begin // traverse main menu
    inc (i);
    tmp:= mainmenu1.items[i].find (s);
    if tmp <> nil then
      found:= true;
      result:= tmp

// handle user defined menu
 with qUserMenu do
   params[0].asinteger:= user;
   while not eof do
     menucaption:= fieldbyname ('hebrew').asstring;
     original:= FindOption (menucaption);
     item:= TMenuItem.Create (self);
     item.caption:= menucaption;
     item.OnClick:= original.OnClick;
     mnUser.Insert (fieldbyname ('disporder').asinteger, item);
I think that this is a really neat piece of code. It occurred to me when I was documenting this that I could add hot keys to the dynamic menu options: F1 would activate the first option, F2 the second, etc. At the moment, the F keys have been assigned to what I thought were the important options but the importance changes as time goes by.

Coffee addicts (Millennium trilogy)

Here's a paragraph which I filched from the New York Times book review about the Millennium trilogy:

But these transparently “activist” moments are forgivable, as is the pathological coffee drinking, a tic that recurs so relentlessly that I don’t think Larsson realized it was a tic. A thought on this subject: Many of the Larsson faithful subscribe to a belief that the author’s premature death was not of natural causes. He had been threatened in real life by skinheads and neo-Nazis; ergo, the theories go, he was made dead by the very sorts of heavies who crop up in his novels. But such talk has been emphatically dismissed by Larsson’s intimates. So let me advance my own theory: Coffee killed him. If we accept that Blom­k­vist is, in many respects, a romanticized version of Larsson, and that Blomkvist’s habits reflected the author’s own, Larsson overcaffeinated himself to death. Of course, the cigarettes and junk food to which both men are/were partial couldn’t have helped, either.

Not being a coffee drinker myself, I tend to ignore people's coffee consumption in the same way that I tend to ignore the amount they smoke. I point out that "The time traveler's wife" also has coffee addicts and I lazily assumed that this was an American habit (not that the Millennium trilogy is American). I have often wondered why in the film "You've got mail", Tom Hanks and Meg Ryan frequently drink tea (a British habit) but not coffee.

Thursday, November 03, 2011

The thousand-dollar penalty for reusing passwords

This is from a computer orientated newsletter which I received this morning. There is some personal relevance which I will mention at the end.

The thousand-dollar penalty for reusing passwords
Right-click here to download pictures. To help protect your privacy, Outlook prevented automatic download of this picture from the Internet.
Woody Leonhard By Woody Leonhard

You can find no end of advice on creating strong passwords, using clever tricks, stats, mnemonics, and such.

But all too frequently we (and I include myself in this rebuke) tend to reuse little passwords at what we think are inconsequential sites. It's a big mistake — here's why. This story is true. As the admonition goes: only the names have been changed to protect the innocent.

I live in a small town a couple of hours away from a big city we'll call Metropolis. There are several daily newspapers in Metropolis, and one of the largest (let's call it the Daily Planet) boasts a very nice website. The people who create and maintain the Daily Planet site are excellent designers and programmers — but they aren't security experts.

One of Metropolis's citizens is a regular guy named, oh, Joe. He's pretty good with computers, and he knows enough to use strong passwords on bank and stock-market sites. But Joe just got hacked — and bilked in a most unexpected way.

Using simple passwords for unimportant sites
The Daily Planet's website, like most big newspaper sites, lets its readers set up accounts for a variety of services. For example, subscribers can receive e-mail notifications about important breaking-news stories. They also need an account to comment on editorials and to submit photos for the newspaper's photo-judging contest. About 25,000 people have accounts.

Years ago, Joe signed up for a Daily Planet account, using JoeKewl as his user name and for his e-mail address. And because the Daily Planet site should not have posed any real security issues — no sensitive personal information was at stake — he used an easy-to-remember password he frequently employed for such occasions: 12345678.

At some point, Joe's Daily Planet account fell into disuse; he rarely thought about it. Meanwhile, the Daily Planet's website admins were focused on online publishing, applying their energy on search-engine optimization and site layout with a bit of SQL Server and PHP on the side. They knew about security but weren't terribly worried about hackers. Their thinking was: Who in their right mind would want to steal sign-in data for people commenting on news stories?

A new black-hatter beats a site's security
But there was a who — a self-styled password cracker residing in a completely different country. Someone driven to show his hacking moxie by cracking a Web server. He acquired a free version of Havij (more info), a SQL Injection hacking tool with a "user-friendly GUI and automated settings and detections, to make it easy to use for everyone, even amateur users," according to the IT Security Research & Penetration Testing Team's Havij 1.15 user manual. He watched the YouTube video and went through the Havij tutorial — and soon knew how to run a SQL injection attack.

The cracker didn't really care what website he cracked; he was simply looking for a site with simple sign-up routines. Eventually, he discovered that the Daily Planet's website fit the bill nicely. Within a couple of hours, the cracker had figured out how to access the Daily Planet's reader database. He was able to crack only one of the four SQL tables at the site, but that netted him 5,200 user records. He got really lucky because (and this is key — no pun intended) the Daily Planet's site stored user data in the clear — none of it was encrypted.

Then the cracker decided he was hot stuff and wanted to tell the world. So he posted 200 of the stolen records on a public website, claiming he'd post more if enough people subscribed to his Twitter feed. To publicize his accomplishment, he convinced one well-known underground tweeter to send out details about where to find the stolen data.

Using a password once too often spells 'break-in'
This is where I came in. All of this happened in a town not far from where I live. But I caught wind of it only when I checked an underground tweeter account I monitor. By then, the cracker had posted 3,400 user names and more than 300 people had viewed the list. Joe's name was at the top of the list.

One of these 300 visitors soon signed onto a local financial site, using Joe's stolen e-mail address and password. (I won't mention the site by name, but it's an institution in Metropolis.) The password didn't work, so the bad guy clicked the Forgotten Password link. As expected, the financial institution's automatic password-recovery routine offered to e-mail a new password to Joe's Yahoo account.

Next, the bad guy signed onto Yahoo Mail using Joe's e-mail address and entered the password (12345678) he'd stolen from the Daily Planet password list — and sure enough, he got into Joe's Yahoo account. From there, just a couple of clicks gave the bad guy full access to Joe's online financial account.

There are countless other ways Joe could've been compromised, but Joe made the bad guy's job much easier by using the same password for both the Daily Planet and the Yahoo Mail accounts. Joe will most likely get his money back — eventually. But he could have avoided a lot of hassle by simply using a unique, throwaway password for the Daily Planet.

My personal part
As it happens, there was an article in one of the online British newspapers yesterday that so annoyed me that I felt compelled to write an online comment about it. The website demanded that I create a user account; for a change, I decided to use my work email address and a password which is not in use any where else. Thus if the newspaper's web site gets hacked as described above, the email containing a one-off password will be sent to my work email. This password won't allow anyone to access my online bank account. I doubt whether my work email will be hacked either, but that's another story. The 'forgotten password' trick won't work because on the bank's website I use a different email address.

Wednesday, November 02, 2011

The girl who kicked the hornets' nest

Whilst collecting books for my soon to arrive Kindle, I read the electronic version of the above book, which is the third (and final) installment of the Millennium trilogy). I very much enjoyed this, so much so that I went back and reread the first two books. Doing so changed my mind about the series.

My review of the second book had left a slightly sour taste in my mind, and indeed this ends with the words: On the basis of GPF, I can't see myself reading the third part of the "Millenium trilogy", "The girl who kicked the hornets' nest". I would probably see any film made from these stories but I won't be investing any more money or time in these books. Well, there's nothing like consistency in personal decisions.

Again, as I wrote then, These pages give one the (post-reading) feeling that Larsson was making the whole thing up as he went along, and inserted events (or "hooks", as the musician or computer scientist might call them) as they occurred to him. If later events revolve around prior knowledge which is given by these hooks, then the reader feels satisfied, but if the hooks are left unresolved, then the feeling is awkward.

The third book resolved the hooks displayed in the second and so I finished the trilogy in a much better state of mind. Even so, my criticism of the series, that the books needed an editor, is still valid. The third book doesn't seem to suffer so much from this problem, but still there are paragraphs that could easily be excised. It is good that Larsson invents a back story for his characters, even the most fleeting, but most of this material should have remained as reference material for him and not placed in the books. I got the feeling that the entire series could be improved if one paragraph per page were removed.

After having completed the series, I began asking myself what it was all about. The second and third books seem closer to each other (the third is a direct continuation of the second) which deal with Lisbeth Salander's heritage and legal status. Viewed from this aspect, the first book seems strangely out of place - all the business about Harriet Vanger seems to be one giant red herring.

But bearing in mind that the book's original Swedish title was Men Who Hate Women, a different reading is possible. The Vanger story is also about two men who hate women and serves as a story within a story for getting Larsson's point across. The problem is that Larsson writes with a blunt sledge-hammer instead of a sharp lancet.

There are still issues which irk (aside from the writing style). Co-protagonist Mikael Blomkvist sleeps with virtually every female character in the books but no one has any problems with jealousy. Lisbeth Salander can break into any computer in the world and extract knowledge from them, but no one has a problem with this. She even manages to extract illegally a fortune from a corrupt financier in the first book (as we say in Hebrew, he who steals from a thief is protected from the law), but as only Blomkvist knows about this (or rather, he suspects this as he has no real proof), one can gloss over this. The moral of the story is not to save any document of importance on one's computer, or at least, computers which are connected to the Internet.

Maybe one shouldn't dig too deep.