Filed under Old

Share Your Pictures with kevlarkitten.com


Problem

You need to quickly share images with your friends. Not all of your friends use the same chat programs, social networks, etc.

Solution

kevlarkitten.com runs to the rescue.

It works like this: you upload an image and set an expiration period. You then get a special web address. Before the image expires, it can be seen through this address. After the image expires, it's gone forever.

It's very fast, simple to use and 100% hassle-free. You don't need to login or anything! And only the persons who know the link can see the picture.

History

Many months ago I wanted to learn a web framework, just to learn how it works. Then I just implemented a project I had had in mind. I had a domain which I wasn't using, so I put it up at kevlarkitten.com and told a few of my friends about it to get some beta testers.

A few days later, another friend was asking me "what's the best way to just quickly get you guys these pictures of a potential new office space I'm looking at". I pointed him to the site and he sent us several image links for our amusement. Success!

The site has been up for some time now, so it should be somewhat bug-free. A wider audience is very welcome. If the site makes your life easier, very good.

Note

Huge image sizes are not supported. If you that bothers you, try resizing the image - I think in normal use you won't get such problems. I might implement support for very huge pictures later, but given that I pay for bandwidth, it's not a really high priority for me :P

kevlarkitten.com - it purrs

Qt4.6 Example: Game of Life


As there was occasional downtime at work, I used that time to teach myself the simply wonderful Qt framework. With kind permission of SonyEricsson Mobile Communications I am allowed to release the source.

Example image with trails enabled

Here's a simple Game of Life simulator program implemented in Qt. Download source.

Some example world configurations (use File/Open): example.gol, slurp2.gol, trash.gol and turbine.gol.

Features

  • Toroidal 2-dimensional Conway's Game of Life
  • Moore and von Neumann neighbourhoods
  • Trails mode (UI bling)
  • Load and save world (XML)
  • Edit mode - draw your own pattern
  • Different colours e.g. invert mode
  • Save image
  • Import world from 80x50 black and white PNG image
  • Settings menu

Build it

Qt 4.6 is needed.

Unpack, then go to the folder and:

qmake make

Then run the resulting GameOfLife binary.

It's been tested under Symbian 9.4, Windows and Linux. Works OK, although in Symbian some of the file dialogs were laid out funnily, it ran "mostly OK" anyway.

Note: The doc/ folder contains an UML diagram of the design/structure. It's not really anything fancy, but in case you're wondering about why something is the way it is, it's probably good to check that first.

License

This source code is placed into public domain. Feel free to use it for learning, poke it and see what happens, change it, extend it, etc. Developing it helped my understanding of Qt, maybe it'll do the same for you. Have fun!

If you do anything interesting with it, please drop a comment with a link!

Does HFT Behaviour Amplify via Stigmergy?


Back in late June, I was discussing algorithmic trading and HFT (high-frequency trading) with some friends. A sudden realization hit me, and I realized exactly why I've had this nagging idea that wide-spread HFT usage is fundamentally a bad idea due to the weird market behaviour it most likely leads to.

Here's a cleaned up mail I sent, with some links added. What do you think?

There is a major problem with HFTs and fast algorithmic trading and markets due to full computerization (no human in the loop) and the massive speed obtained through those methods. This time, I don't mean the obvious application of HFTs doing front-running.

Here I use the definition "HFT agents" to be any instance of an HFT/algorithmic trading algorithm running somewhere. Basically a computer reading and writing to the market.

So: I see the dynamics such that HFT agents both observe and influence the market. Yet they are part of that market as well. As they trade, they also influence each other (although indirectly)! And they do trading at such speed, that there is bound to be kind of "resonances" amplifying whatever direction was taken originally - sort of like everyone nudging the same direction a little bit. I think that this kind of system must be unstable.

Human traders can't jump in and fix up the situation as they can't keep up with the speed. So, in essence we get either flash bubbles or flash crashes. All this because the HFT agents actions influence each other, they end up modifying each other's algorithms through application of stigmergy when they modify the market (=they modify the environment they're in and read their own and others modifications as input to their algorithms).

It's like the synchronizing of fireflies (see the video and read Strogatz's book "Sync" for details), they adapt to each other until everyone blinks in unison. Except here the synchrony is a kind of "stochastic resonance" leading to spikes + valleys.

With slower trading the quick peaks and valleys even out, of course we still get bubbles and crashes over a longer period. But the same bubble/crash-creating phenomenon is at play, this time much quicker.

One example follows. There are surely other ways also, given that there is a big diversity in the algorithms.

  • HFT agents x and y scans the market. Some condition c holds (e.g. break in 30 day SMA).
  • HFT agent x triggers first and does whatever (sell/buy orders etc.), changing the market conditions.
  • HFT agent y might do the same action immediately after x, reacting to condition c or action of x (stigmergy comes into play). This "boosts" the direction, be it up or down.
  • Now imagine thousands of these agents. Some might react to the amplified direction signal (e.g. drop in price) further amplifying the system.
  • Result: flash crash / flash bubble

As long as there would be an overall balance of HFT trading strategies such that some are bearish and some are bullish, we would not see nearly as much volatility. But as it is now, the balance is tilted and therefore I think insane volatility is inevitable.

Note: Sometime after the mail exchange, the Zero Hedge blog blogged about a paper from Reginald Smith examining similar ideas. It is a very interesting article that makes the paper more accessible.

Can the Cloud Do No Evil?


Update: This was written long before Edward Snowden's revelations were mainstream. Already then there was an uneasy feeling about all the information and "the cloud".

The Google Chromium OS is open sourced.

In the world of Chromium OS, applications will be web apps. Access to the applications will be through the web browser. The web apps live in the cloud, i.e. in a bunch of servers somewhere in the Internet.

Do you trust the cloud?

In light of this, let's talk about cloud computing. More specifically, let's talk about the security and privacy trade-offs of non-cloud and cloud computing.

Do you trust the cloud?

In the non-cloud scenario, i.e. your Linux PC, your Windows desktop, your Apple laptop, whatever, your data is stored locally. You run applications locally. You do not need Internet access to do something. As the data is stored locally, access to your data can therefore be achieved by breaking into your computer.

In the cloud scenario, such as Google Chromium OS, your data lives inside the Google servers somewhere, inside the cloud. You need Internet access. You're more protected in the device side: if someone breaks into your computer, you can restore a clean system easily and your data will persist elsewhere, unchanged.

It is exactly this "elsewhere" which is the problem.

In the cloud scenario, you have zero visibility about how your data gets used. This is because you have zero visibility and zero control about who gets access to the data - whether it is advertisers who examine your behavior patterns and personal data you store (with or without your consent), or whether it is more powerful entities such as governments (yours or another country's).

Today you'll be marked if you're a lunatic and converse with other lunatics to, say, purchase hundreds of kilograms of fertilizer and diesel fuel with plans to kill a lot of people with bombs. What about tomorrow? Supporting a certain political party will get you into trouble? Investigating government corruption raises a flag? Speaking against an unfair, exploitative corporation will trigger an alarm? Will thinking differently simply make you vanish?

If you represent a company, and valued trade secrets go into the cloud in the form of documents, mails and spreadsheet data, how can you be sure that the information will not be leaked to your competitors? How can you ensure that your trade negotiation strategy is not made known to the other party? How can you ever again win business-wise in anything important, if the other party already knows everything?

It is easy to dismiss this line of thinking as some sort of a silly slippery slope argument, but I would not dismiss the argument so easily myself. Why? Well, once an entity is empowered with:

  • knowing what you search (example: Google Search)
  • knowing what you read and where you surf (Google Ads)
  • knowing where you live (geolocating your IP address)
  • knowing who your friends are (GMail, Google Wave, especially the invites when those services are launched)
  • knowing your voice communications (GTalk)
  • owning all of your data (Chromium, coming soon!)

that entity may or may not use these capabilities to your detriment, whether you're a private individual or someone representing a corporation.

It all boils down to this question: do you trust the cloud - can the cloud do no evil?

Clouds

So, going back to the original question: is the security of the non-cloud scenario worse than the cloud scenario? It depends. If one disregards data security and privacy issues for a while, then the security model presented by Google Chromium OS is, in fact, better. Life will be harder for viruses, trojans, and so on, on the client side. All in all, keeping secure on the client side will be less hassle for the normal user.

It will take less effort for someone (criminal or curious) to compromise your laptop and your data than to compromise the cloud/Google servers. However, the cost of compromising your data will drop dramatically for someone who is a friend of Google or who can somehow leverage Google - mostly this means other big businesses or, rather, various governments.

Given that the data confidentiality and privacy is the real issue, what about encryption of user data? This can only work if no plain-text data goes to the cloud as an input for some computation (such as data entry to a spreadsheet cell). If plain-text data does go to the cloud, then encryption will be irrelevant - the data is already in clear inside the cloud.

(There are methods to do computation on encrypted data, for example fully homomorphic encryption. With such technology, one could build a web app where the cloud/server-side learns nothing of the data itself, but the cloud could still provide, for example, a spreadsheet program.)

All in all, it's a trade-off. It depends on what you as the user value most and where your priorities lie. For the record, I'm not trying to argue that Google is bad, or that Google Chromium OS is an overall bad development. I'm saying that all trade-offs (security or otherwise) must be weighed in whole, together with their impacts, and the likelihoods of different impacts, to reach a good conclusion in order to make an informed judgment.

For this reason, I want to see more discussion about the overall security issues, especially the question about what exactly is the level of confidentiality and privacy of user's data in the cloud computing paradigm. I'd like to see Google raise these issues too.

Eat Flaming Death, Simian Descendants! (Part 2)


Continued from part 1...

Big badaboom

If an asteroid larger than a certain threshold hits the Earth, not much will be normal anymore. It will take tens to hundreds of years to recover from such an impact.

What can we do? How could we protect ourselves?

First, we can't protect against asteroids unless we detect them first. After detection, we could then attempt deflection of the asteroid through various technological means available to us.

As detection is the first step of being able to survive an asteroid hit, surely we have someone on it? So who is doing the detection now - are governments and supranational entities like UN doing it 24/7, with budgets running up to hundreds of millions of euros per year? Not really. We're talking about small-scale operations running on very small budgets.

Asteroids which move about close enough to Earth to potentially impact it are also known as NEOs, or "Near-Earth Objects".

For example, University of Arizona runs the Spacewatch. Canada is planning a 2010 launch of a microsatellite which can track NEOs. NASA coordinates a NEO observing program and funds other tracking programs (like the aforementioned Spacewatch). The European Space Agency (ESA) is also running a small special program.

Other than NASA, in a smaller scale ESA and soon the Canadian Space Agency (CSA), it looks like it is mostly private people and astronomers (both career and hobbyist) who fund and/or conduct the tracking efforts and keep the discussion alive.

For example, one notable private organization is The Planetary Society (disclaimer: I'm a member). They're an organization of private people who are interested in space exploration and who want to establish permanent human presence outside of planet Earth. The Planetary Society also conducts effective lobbying in getting these points heard by the (mostly) US (but also international) deciders.

As for NEOs, The Planetary Society approach is threefold: fund researchers who discover and track asteroids (through the Gene Shoemaker NEO Grant program), lobby for increased NEO research funding, and stimulate the development of possible ways to avoid an asteroid disaster (e.g. via the B612 Foundation).

Other than the presented projects and some others, I'm not aware of other major efforts (if you know of any, please post a comment - thanks).

Part 1 talked about cost-effectiveness of asteroid protection. The estimated spending by USA has been around $4 million USD per year for detection efforts - for other countries, even less. However, even in the USA, no money is directly allocated for actually acting against an asteroid threat, should one be detected. As a result, mitigation efforts consist mostly of theoretical discussion of various methods which could be used. An exception is the B612 Foundation who are trying to change the situation by attempting a practical demonstration whereupon they will alter the trajectory of an asteroid. Their target time-wise is to do it by the year 2015.

The situation simply demands more money to improve both the detection and the protection efforts.

For example, the (quite tiny) 4 m diameter meteoroid called 2008 TC3, which recently hit a desert in Sudan, was detected only 19 hours before impact. Although it was identified and tracked, which was an achievement in itself, an early warning 19 hours before simply does not leave time to do anything.

We know for sure that there are big rocks out there, many of which are headed our way. One example is 99942 Apophis, which will pass close to Earth in 2029. At one point in time, it was even believed to impact Earth in 2029, then later the impact date was moved in 2036, but these estimates were later refined even more, and currently the impact probability is very low.

However, it's really is just a matter of time before an asteroid slams into Earth. This threat is real. It is not something imagined like a threat from country X or organization Y. Take your shoes off when you board an airplane, but don't peek at the skies, mmkay.

The bottom line is: money is not an issue (like Mr. Matheny argued, see part 1); technology is not (overwhelmingly) an issue - it's simply about the will to do something about it. As long as we're stuck on this one planet with all our eggs in one basket, we should be vigilantly scouting for the rocks and prepared to act quickly when the time comes. Preparing for a known, real, tangible threat is simply smart from a survival point of view.