Rayne

1 2 3 7

Software Is Not Capital if You’re Not a Software Company

PikettyCapital_coverThe Economist trumpets Thomas Piketty’s Capital and his theory, r > g, has had its first serious rebuttal, glowing like a proud parent over graduate student Matthew Rognlie’s work.

Note this bit:

Mr Rognlie mounts three main criticisms of these arguments. First, he argues that the rate of return from capital probably declines over the long run, rather than remaining high as Mr Piketty suggests, due to the law of diminishing marginal returns. Modern forms of capital, such as software, depreciate faster in value than equipment did in the past: a giant metal press might have a working life of decades while a new piece of database-management software will be obsolete in a few years at most. This means that although gross returns from wealth may well be rising, they may not necessarily be growing in net terms, since a large share of the gains that flow to owners of capital must be reinvested.

Emphasis mine.

Most commercial software used by corporations, including the example of database-management software, is licensed. Users are licensees, not owners.

Software doesn’t necessarily obsolesce, either. I’ve worked for businesses using software that was as much as twenty years old. Small businesses, in particular, can continue to run well on old accounting software, provided they don’t need highly granular reporting.

What does become obsolete is the hardware. If software no longer runs on an older system, or if it is no longer serviced by the licensor (ex: Windows XP), the licensee has simply reached the limit of the license.

This includes upgrades by software manufacturers for reasons of security improvements: if users don’t upgrade for improved security, they’re outside the limits of the license.

The only entities that might be able to claim software is capital are software companies. This might not even be the case if capital is limited to the licenses they’ve granted and claimed as assets — any accountant, tax attorney or IP attorney want to respond to this?

The confusion about software’s nature probably lies in our accounting and tax systems, which may treat software as an amortizable intangible asset. (Feel free to correct me in comments as I am not an accountant, nor a tax preparer, nor a tax attorney.)

But most commercial software remains a licensed product.

Companies are also moving toward “software as a service” (SaaS), provided a license to access software on software providers’ systems. Microsoft’s Office 365, Google Apps, Salesforce.com are examples of SaaS. There are even further reductions in companies’ need for investment in hardware when subscribing to “infrastructure as a service” and “platform as a service,” like IBM, Amazon, and other technology companies offer.

These are contracted services — definitely not rapidly depreciating capital assets.

What exactly does Rognlie mean by “modern forms of capital” when his understanding of software is flawed?

I haven’t looked deeply at the rest of the arguments Rognlie offered as a rebuttal to Piketty’s theory. This bit checked me short, giving me concerns about his remaining points addressing returns on wealth, and on distribution of net capital income.

Mapping Treasure: Looking Beyond the Yield of Traditional Insider Trading

Money by Kevin Dooley via Flickr

[graphic: Money by Kevin Dooley, via Flickr]

A former SAC hedge fund manager, who cooperated with law enforcement, avoided a prison sentence this week after the FBI’s investigation into insider trading found criminal activities. It’s a rather typical story in which persons unfairly benefited from information they would not otherwise have access to outside their work as traders. Six persons were ultimately convicted in connection with this case.

A fresh spin on insider trading also made news this week, when the SEC filed a lawsuit against two Capital One fraud investigators who made 1800 percent on their investment over three years, based on their use of a Capital One credit card user database.

The two investigators, Bonan Huang and Nan Huang, grew an investment of $147,300 to $2.8 million based on thousands of searches across a database comprised of credit card customer transactions. Noting the volume of use of credit cards at a particular fast food company, they bought and traded the company’s stock based on this data.

Over time they made similar stock trades based on transactional volume and other publicly available news about three different companies.

Had the database been one for sale by a company rather than their employer’s proprietary database, the Huangs would have been lauded as investment rock stars. But because the method they used “misappropriates confidential information for securities trading purposes, in breach of a duty owed to the source of the information,” the two men are being sued for insider trading.

The Huangs’ trading experience gives pause when one considers the value of metadata, and of the data breach at JP Morgan Chase this past year.

Metadata can offer a volume of transactional activity, though it will not disclose the value of a transaction. Imagine smartphones indicating they are being used at particular devices – point-of-sale devices – at any retailer, from fast food to hard lines. An uptick in overall activity at a specific retailer indicates greater volume of business, the data fresher than that reported in a 10-Q report filed publicly with the SEC. What could an investor do with this kind of data? One could imagine success not much different than the Huangs experienced, provided they also understood other publicly available information about the retailers under observation. Continue reading

Russia’s Sabre-Rattling: Not Just Bluster About Banks and Ukraine Unrest


Last Friday, CNBC interviewed Andrey Kostin, CEO of Russia’s second largest bank, following the EU’s decision to extend economic sanctions against Russia, ostensibly to punish Russia for hostilities against Ukraine. Kostin’s comments were combative.

“You know, we have quite a strong opinion on sanctions. Sanctions, in other words, is economic war against Russia. Economic war will definitely have and will have very negative implications on the Russian economy, but more than that it will have very negative implications on the political dialogue and on security in Europe. And who wants to live in a less secure world? I think nobody. I think it’s the wrong way to treat Russia like this. I think it will never to lead to any other consequences as to less stability and less secure Europe.” [sic]

“”You can’t treat any country like this. You know you can’t say, if you behave rightly, that’s a small [weep*] for you, if you behave wrongly, that’s a big [weep*] for you.’ That’s not a dialog, that’s a threat. … I think we should talk. I mean, politicians should talk, like business men. Business men do talk, and they are interested in working together. …”

In short, Russia feels the sanctions are warfare, and they want to deal. They’d really like the asymmetric attack on finance to stop short of terminating Russian banks’ access to SWIFT (the impact of which WaPo spells out).

But the banks’ discomfort with the sanctions and continued incursions against Ukraine aren’t the only signs of Russian belligerence. By year end, there had been forty events characterized as “close military encounters” during 2014, according to European Leadership Network, a non-partisan, nonprofit think tank. Continue reading

Superb Owl Types: Check in Here for NotAllFootBall

Yeah, me, too — I can’t do football tonight. Once the Detroit Lions and the Green Bay Packers were knocked out of the running, I didn’t have a horse in the race any longer and couldn’t muster the whatev to bother following the limp ball debacle.

Instead of watching the game, I’m going to knock something off my To-Be-Watched List this evening. At the top is television series Black Mirror, Season 1, produced by Channel 4 in the UK. It’s been a while since I watched some speculative/sci-fi television, and I’ve heard a LOT of great things about this series from people whose opinions I respect.

Season 1 is available via YouTube; Seasons 1 and 2 are available to stream now on Netflix.

If you’re not watching the Super Bowl, what are you doing this evening (or very early morning on the other side of the dateline)?

Expectations of Light Ahead

640px-Julaftonen_av_Carl_Larsson_1904

This painting by Swedish painter Carl Larsson, dated 1904, depicts a Christmas Eve gathering. Family members present are not giddy but quietly enjoying the prospect of the feast they will share, set out before them. Snow falls outside in the growing dark as candle and fire light fills the space within. The picture is illuminated as well by the serving girl’s soft smile – she and what she bears, created by human hands, are as important and warming as the light within the room.

Tonight in my household we are making Swedish cookies from a recipe left to us by a departed family member. We laugh over happy memories we shared with them, and now make new memories over this messy communion flavored with cinnamon, sugar, and too much butter. The fun and memories are as important as the cookies themselves; they create the foundation for decades of holidays yet to come.

I hope you are also someplace warm and happy tonight, enjoying pleasant memories and making more. Do something joyful, whether for yourself or others, even if you are alone. Embrace the expectation of increasing light in the days ahead.

And I wish Marcy and Mr. Wheel, Jim, bmaz, Ed, their families, and all the rest of the Emptywheel crew and community a very happy and peaceful Christmas.

Sony, Hacked: It’s Not One Massive Breach – It’s More Than 50 Breaches in 15 Years

Cybersecurity_MerrillCollegeofJournalismEver try to follow an evolving story in which the cascade of trouble grew so big and moved so fast it was like trying to stay ahead of a pyroclastic flow?

That’s what it’s like keeping up with emerging reports about the massive cyber attack on Sony. (Granted, it’s nothing like the torture report, but Hollywood has a way of making the story spin harder when it’s about them.)

The second most ridiculous part of the Sony hack story is the way in which the entertainment industry has studiously avoided criticizing those most responsible for data security.

In late November, when the hacker(s) self-identified as “Guardians of Peace” made threats across Sony Pictures’ computer network before releasing digital film content, members of the entertainment industry were quick to revile pirates they believed were intent on stealing and distributing digital film content.

When reports emerged implicating North Korea as the alleged source of the hack, the industry backpedaled away from their outrage over piracy, mumbling instead about hackers.

The industry’s insiders shifted gears once again it was revealed that Sony’s passwords were in a password-protected file, and the password to this file was ‘password.

At this juncture you’d think Sony’s employees and contractors – whose Social Security numbers, addresses, emails, and other sensitive information had been exposed – would demand a corporate-wide purge of IT department and Sony executives.

You’d think that anyone affiliated with Sony, whose past and future business dealings might also be exposed would similarly demand expulsion of the incompetents who couldn’t find OPSEC if it was tattooed on their asses. Or perhaps investors and analysts would descend upon the corporation with pitchforks and torches, demanding heads on pikes because of teh stoopid.

Nope.

Instead the industry has been tsk-tsking about the massive breach, all the while rummaging through the equivalent of Sony Pictures’ wide-open lingerie drawer, looking for industry intelligence. Reporting by entertainment industry news outlets has focused almost solely on the content of emails between executives.

But the first most ridiculous part of this massive assault on Sony is that Sony has been hacked more than 50 times in the last 15 years.

Yes. That’s More Than Fifty.

Inside Fifteen Years. Continue reading

Reagan? No, Regin — Yet Another [GCHQ] Intelligence Malware

Recently, computer security firm Symantec reported discovery of another intelligence-gathering malware, dubbing  it “Regin.”

What’s particularly interesting about this malware is its targets:

  • It infected computers in Afghanistan, Austria, Belgium, India, Iran, Ireland, Mexico, Pakistan, Russia, Saudia Arabia;
  • At 48% of total infections, the largest group of targets were private individuals and small businesses.

Please do read Symantec’s blog post and its technical paper on Regin to understand how it works as well as its targets. Many news outlets either do not understand malware and cybersecurity, or they get facts wrong whenever major malware attacks are reported. Symantec’s revelation about Regin is no different in this respect.

Independent.ie offers a particularly exceptional example distorting Symantec’s report, claiming “Ireland is one of the countries worst hit globally by a dangerous new computer virus that spies on governments and companies, according to a leading technology firm.”

If by “worst hit,” they mean among the top four countries targeted by this malware? Sure. But only 9% of the infections affected Irish-based computers, versus 28% of infections aimed at Russian machines, and 24% affecting Saudi machines. The Independent.ie’s piece reads like clickbait hyperbole, or fearmongering, take your pick.

What wasn’t addressed by the Independent.ie and numerous other outlets, including those covering the tech sector are some fundamental questions:

  • What assets or activities might the targeted countries have in common that would make them targets of a single intelligence operation organized by one or more nation-states?
  • What are so many private individuals and small businesses targeted by this malware, in contrast to other malware-based intelligence-collection operations seen to date?

The Guardian came closest to examining these issues, having interviewed researchers at computer security firm F-Secure to ask the origins of the malware. As of 24-NOV-2014, the firm’s Mikko Hypponen speculated that the US, UK, and/or Israel were behind Regin’s development and deployment.

As of the video embedded above, Hypponen firmly says the UK’s intelligence entity GCHQ is behind Regin, in particular the malware’s invasion of a Belgian telecom network (see video at 07:20). Continue reading

Plane Meets Plow: The Curious End of Total S.A. CEO Christophe de Margerie

[Photo tweeted by @Enel_Aire, post time stamped 2014-10-21 at 09:45 (time zone unknown)]

[Photo tweeted by @Enel_Aire, post time stamped 2014-10-21 at 09:45 (time zone unknown)]

Forgive my skepticism about the accident Monday night that took the life of Christophe de Margerie. CEO of French oil and gas company Total S.A. We’ve been told by enough analysts that several target countries, including Russia, are under siege, though these experts don’t refer to this openly as asymmetric warfare. The recent and ongoing drop in petroleum prices threatens cash inflows to those countries whose economies rely on oil revenues — Russia and Iran among them. The death of an oil industry executive isn’t unexpected given the amount of money in play; people die daily for far less cash.

Not as much as Moscow, mind you, but we get snow where I live in flyover country USA. Any time between mid-October and mid-April we can expect some frozen precipitation. A blizzard in October isn’t unheard of — we had one 17 years ago this week, in fact. I’ve lived with six months of snow per year for most of my life.

Which is why the photo here of the crash site looks sketchy to me.

Early reports indicated the plane carrying de Margerie hit or was hit by a snowplow driven by a drunken operator, in poor visibility. It’s not clear exactly which hit the other based on different accounts across the internet. A Russian reconstruction video furnished to Le Figaro shows the plane’s wing clipping a vehicle upon landing — but the video exerts more effort on the fire and smoke than it does on the initial impact. Note in this second video of the plane after the crash during daylight hours that the wing which hit the plow as characterized in the video is missing.

At least one article claimed debris was spread 200 meters by the plane after impact. Perhaps the wing was in that debris, but it’s not reflected in the Russian reconstruction video. A more recent report said the snowplow was parked on the runway.

Ultimately, what we see is a plane that flipped over — either tipped over by the force of a plow, or flipped over after impact.

And no snow. This particular photo is rather pixelated, but it doesn’t reflect reduced visibility due to snowfall. There’s no snow in the second video link above, though visibility has worsened. Continue reading

JPMorgan’s Form 8-K to Investors: We’ve Been Hack-Mapped!

EW-blog_JPM-5DayChart_03OCT2014JPMorgan’s Form 8-K filed on Thursday with the Securities and Exchange Commission advises:

On October 2, 2014, JPMorgan Chase & Co. (“JPMorgan Chase” or the “Firm”) updated information for its customers, on its Chase.com and JPMorganOnline websites and on the Chase and J.P. Morgan mobile applications, about the previously disclosed cyberattack against the Firm. The Firm disclosed that:

• User contact information – name, address, phone number and email address – and internal JPMorgan Chase information relating to such users have been compromised.

• The compromised data impacts approximately 76 million households and 7 million small businesses.

• However, there is no evidence that account information for such affected customers – account numbers, passwords, user IDs, dates of birth or Social Security numbers – was compromised during this attack.

• As of such date, the Firm continues not to have seen any unusual customer fraud related to this incident.

• JPMorgan Chase customers are not liable for unauthorized transactions on their account that they promptly alert the Firm to.

The Firm continues to vigilantly monitor the situation and is continuing to investigate the matter. In addition, the Firm is fully cooperating with government agencies in connection with their investigations.

According to ZDNet, a forensic security firm suggests the bank’s users’ accounts are now at greater risk of compromise and that password changes and two-factor authentication should be implemented to address the risk.

However, the 8-K’s wording indicates a different security risk altogether as the users’ passwords and Social Security numbers are not compromised.

The disclosure of information compromised combined with earlier reporting about the breach more closely matches a description of that collected by National Security Agency’s TREASURE MAP intelligence collection program. TREASURE MAP gathered information about networks including nodes, but not data created by users at the end nodes of the network. The application delineated the path to the ends. and physical ends, not merely virtual ends of the network. Continue reading

Treasure Map: It’s About Location, Not Gold

Der Spiegel and The Intercept published collaborative reporting this weekend on another Snowden document — this one referring to a National Security Agency program named TREASURE MAP.

The most chilling part of this reporting is a network engineer’s reaction (see here on video) when he realizes he is marked or targeted as a subject of observation. He’s assured it’s not personal, it’s about the work he does – but his reaction still telegraphs stress. An intelligence agency can get to him, has gotten to him; he’s touchable.

The truth is that almost any of us who follow national security, cyber warfare, or information technology are potential subjects depending on our work or play.

The metadata we generate is only part of the observation process; it provides information about our individual patterns of behavior, but may not actually disclose where we are.

TREASURE MAP goes further, by providing the layout of the network on which any of us are generating metadata. But there is some other component either within TREASURE MAP, or within a complementary tool, that provides the physical address of any networked electronic device.

The NSA has the ability to track individuals not only by Internet Protocol addresses (IP addresses), but by media access control addresses (MAC addresses), according a recent interview with Snowden by James Bamford in Wired. This little nugget was a throwaway; perhaps readers already assumed this capability has existed, or didn’t understand the implications:

…But Snowden’s disenchantment would only grow. It was bad enough when spies were getting bankers drunk to recruit them; now he was learning about targeted killings and mass surveillance, all piped into monitors at the NSA facilities around the world. Snowden would watch as military and CIA drones silently turned people into body parts. And he would also begin to appreciate the enormous scope of the NSA’s surveillance capabilities, an ability to map the movement of everyone in a city by monitoring their MAC address, a unique identifier emitted by every cell phone, computer, and other electronic device.

[emphasis added]

In simple terms, IP addresses are like phone numbers — they are assigned. They can be static; a printer on a business network, for example, may be assigned a static address to assure it is always available to accept print orders at a stationary location. IP addresses may also be dynamic; if there’s an ongoing change in users on a network, allowing them to use a temporary address works best. Think of visits to your local coffee shop where customers use WiFi as an example. When they leave the premise, their IP address will soon revert to the pool available on the WiFi router. Continue reading

1 2 3 7
Emptywheel Twitterverse
bmaz @MasaccioEW @michaelwhitney Um, you can root for Wisconsin and the Sparties you know.
1hreplyretweetfavorite
bmaz RT @joshgerstein: Fact NSA kept this internal debate secret, despite being directly asked, undermines new commitment to transparency http:/…
1hreplyretweetfavorite
bmaz @kevinjonheller @armandodkos Well, I do watch The Good Wife, and it is a bit goofy on the law too. But unlike HTGAWM, it's well written.
2hreplyretweetfavorite
bmaz @armandodkos @kevinjonheller I watched one episode. Ugh.
2hreplyretweetfavorite
bmaz @armandodkos @kevinjonheller It is an absolutely horrible and unwatchable show.
2hreplyretweetfavorite
emptywheel @davidcnswanson LOL Was going to do a headline about shells and turkeys. But I already stretch my metaphors enough. @Thomas_Drake1
3hreplyretweetfavorite
emptywheel @DanaHoule Was pretty nice that was against Pitino.
3hreplyretweetfavorite
emptywheel @Thomas_Drake1 Right. If they're going to move under a new shell, have to tell us they're going "cold turkey" so we don't look for new shell
3hreplyretweetfavorite
JimWhiteGNV RT @SeanMcElwee: kinda interesting that the people complaining about "sharia law" are the ones trying to make us live under levitical law
4hreplyretweetfavorite
emptywheel @p2wy Shush. Don't make it easy for them to revoke your license. Don't admit it publicly!
4hreplyretweetfavorite
emptywheel @EricBoehlert FLYOVER RAWKS.
4hreplyretweetfavorite
JimWhiteGNV So if Louisville has lost the game on the scoreboard, are they really out of the tournament since they are coached by an undead?
4hreplyretweetfavorite
March 2015
S M T W T F S
« Feb    
1234567
891011121314
15161718192021
22232425262728
293031