We read many stories on the net where folks claim that the current financial crisis could have been avoided with more or better use of technology.     This is expected, as software companies and IT professionals will often try to piggy-backtheir business development strategy on the “crisis of the day” to sell more goods and services.    Honestly, in this current situation, the main technology that we needed was simple, accurate financial models.

For example, in the chart above, the US economy was doing quite well with US federal funds rates low.   Housing prices in the US were skyrocketing and there was a concern about inflation.    There was an understandable concern the sustainability of that economy.

So, in perhaps one the most ill-advised Federal Reserve actions of many decades, the folks at the helm of the Fed decided to raise their lending rates around 500 percent over a two year period.

As we all know, primarily because of the action by the Fed, the world faces perhaps the worst economic disaster in modern times, while the US Executive Branch and the Congress fight over how to spend $700 Billion taxpayer dollars to inject liquidity into the markets to try to head off a global financial disaster.

It is amazing to me that the US Federal Government, or their advisors, does not have simple financial models with cause-and-effect analysis such as:

• Homeowners with adjustable rate mortuages will not be able to make payments;and
• Housing prices will fall dramatically; then
• Homeowners will default on loans where the collateral is much less than the asset value, and
• Banks will suffer great losses, and
• Lending will come to a halt, then
• Banks will collapse, then
• Wall Street will exit the markets in panic
• … and more trouble….. !!

There are and continue to be a lot of discussion and opinions about how risk management needs improvement. and I agree.   We will also read folks talk about how technology can be used to help solve this problem, including CEP/EP and related software (see also Capital Market CEP Fantasy Land). However, as much I would be pleased to see more CEP/EP applications and use cases, I do not believe that event processing technology is really very useful to solve the core problem of the current financial crisis.

The core problem is, seemingly, that our “financial experts” do not even have simple models that will illustrate what will or could happen when you raise the fed lending rates 500 percent in two years in an economy pregnant with adjustable rate mortgages.

To me, this does not appear to be rocket science.  The negligence by the US Federal Reserve and their advisors is astonishing.

A 24-year-old convert to Islam has been sentenced to 35 years in prison for plotting to set off hand grenades in a crowded shopping mall during the Christmas season.

But I thought "weapons of mass destruction" was reserved for nuclear, chemical, and biological weapons.

He was arrested in 2006 on charges of scheming to use weapons of mass destruction at the Cherryvale Mall in the northern Illinois city of Rockford.

Like the continuing cheapening of the word "terrorism," we are now cheapening the term "weapons of mass destruction."

And, as with the AT&T deal, Bell's Internet customers get unlimited access in Starbucks's stores. The deal starts up immediately, as Bell is the current operator. AT&T is transitioning to running Starbucks in the U.S., taking over by the end of 2008 from T-Mobile.

Back to CEP and EPTS, there are folks who appear to believe they may define “CEP” by the current use cases from self-described CEP vendors. Frankly speaking, I am puzzled by the bottom-up approach.

The bottom-up approach is a bit like saying “We have a lot of prototype rockets being built, so let’s define the future of space travel based on the prototypes!”

It really makes little sense, at least to me, to attempt to define CEP based on what the current generation products (self-described CEP products) are capable of doing.   

From my persective, it would be more beneficial to customers to define the types of complex events (and situations) businesses need to detect in real-time and match the technologies and solution architectures to detect those events, in real-time, with high confidence.

A lot of this “top down thinking” has been already done.

IT businesses need to detect operational threats and problems, and be able to pinpoint, with very high accuracy, where the problem is in a complex network, for example.  This problem remains mostly unsolved with a very low signal-to-noise ratio.

Also, most businesses would like to detect fraud and other criminal activity on their network before the activities adversely impacts their business.   This problem remains unsolved for most companies.

Scientific researchers seek models of weather, epidemiology, and so much more; and they need event processing solutions to obtain situational knowledge into current events and predict future ones.  We know how difficult predicting the weather can be!

Folks on the ground need to model urban traffic as events and design better event-driven traffic models and solutions.

The list of important event processing challenges we face go on and on.  

While I see some merit in the bottom-up approach, it is better for users to define what are practical “complex event” related problems and then look for the solutions, vs. define the solution and then look for the problem.

From a strategic perspective,  self-fulfilling CEP use case studies are interesting, but they hould not limit the vision, definition, and future of processing complex events; and be careful of use case fallacies.

In fact, it’s not just great artists like Mr. Lucas and I starting up old projects, our honourable colleagues wearing the black hats have got the same idea. We have new victims reporting in, rumours abound of an auth system compromise at Citi, the Ombudsman is backlogged with months of disputed withdrawal cases, and some like Alain Job are even going to court.

One original contributor to the phantom case histories has just been hit by a second phantom withdrawal five years on and is chalking up another case in the files. While her new phantom is a bread-and-butter skim incident (a magstripe clone used in the far east), amongst this mass, true phantoms — the real mystery cases — are on the rise too. Two new victims with whom I have been corresponding very kindly offered to fund the hosting for the revamped site.

Let’s consider one of these mysteries. The McGaughey case has been reported in the media in Northern Ireland: dozens of withdrawals taking place over four weeks, totaling almost five thousand pounds, all within a ten mile radius of the McGaughey’s home. Summarised that way it looks like a classic first party fraud (couple short on cash withdraw money, then deny it later). But no-one in the family is short on cash, the McGaugheys look after their card details carefully, and have solid alibis at the time of many of the withdrawals, and the interlocking pattern of real and disputed withdrawals is such that any third party would have a hard time taking and returning the card (whether covertly or in collusion with the McGaugheys). No-one appears to have either the means or the motive.

Unusually the bank has been very cooperative, providing logs from their authorisation system (BASE24), including all of the cryptograms, input data and transaction parameters covering the affected transactions. Everything turns on the Application Transaction Counter (ATC), an on-card counter which increments with every transaction initiated. If an EMV chip can be fully cloned (secret keys and all), then it will have to submit an ATC value when transacting, and if used in parallel with the real card, it won’t be long before the same number pops up twice in the auth system, or large gaps in the sequence appear. The McGaughey’s ATC sequence appears to interlock perfectly: clearly the original card was used?

Of course logs can be misinterpreted (Badger) or even faked, auth systems may not work as expected, and customers may lie and cheat following all sorts of agendas; just around the corner the missing piece of the jigsaw may lie, which reveals the truth behind the case. And there is the totally separate matter of who should suffer the loss in the interim, whilst the truth remains unclear. Liability for disputed withdrawals is the most hotly contested issue of all.

phantomwithdrawals.com can’t do much more for the McGaugheys, but it can bear witness. Documenting the incidence of phantoms and the experiences of customers disputing them adds much needed transparency to the process, and helps researchers and experts seek out the really interesting cases.

Maybe we can lift the lid and discover the truth behind the “phantom menace” — everyone is united in that goal at least — but let’s also hope that Episode 2: Attack of the Clones has not yet started shooting!

Mike.

Delta's competitors with broadband interest, like Alaska, Southwest, and American, each have a different plan of attack. Alaska will test service soon with Row 44, which uses Ku-band satellite access, albeit with higher speeds and far lower costs, the company says, than Boeing's doomed Connexion service. Row 44 touts their over-water ability, critical for Alaska, which flies plenty of routes to the great northern state and to Mexico. A test is what's scheduled; not deployment.

Southwest did some deal with Row 44, but nothing further has been forthcoming. Summer's almost over, and we haven't heard more about the "four aircraft" mentioned in the linked press release.

American has the most fully formed plan, but they, too, are testing Aircell's service, and will shortly launch service on 15 trans-continental 767-200s, flying largely routes among SFO, LAX, JFK, and Miami. The company said in the past that they would decide on fleet deployment after the pilot stage.

I shouldn't forget Virgin America, which planned Internet access as part of a set of already-deployed in-flight networked services, but they have under a couple dozen planes at the moment, so they're not a real competitor except on a few routes. Their launch date hasn't been set.

Delta's announcement makes it clear that air-Fi is coming soon, and will likely change how business travelers plan trips. If you can get productive work done during a flight, that changes the financial equation of the trip's cost, and your time out of the office. Pair in-flight Wi-Fi with a cell data card, and you may curse the fact that you're always connected.

One of my favorite banks in Thailand is K-Bank. With K-Bank I can simply walk up to an ATM machine and pay a mobile phone bill, purchase mutual funds, buy insurance, or transact an ever-growing list of services payable at the modern and sleek K-Bank ATM.

For example, tomorrow I fly to Chiang Mai in Northern Thailand and found K-Bank’s service amazingly better than in the US. For example, I booked my flight as usual (over the phone, but could have used the Internet) and told the reservation agent I was going to pay by ATM. He simply gave me a PayCode and told me I had three hours to go to the ATM and enter the PayCode to perfect my reservation.  I also got the PayCode via SMS.  This gave me the time I needed to make sure I had booked the perfect boutique hotel in Chiang Mai, the Fern Paradise.

Then, I went out into the beautiful Thai weather and completely my airplane reservation at the ATM machine; which also printed out a receipt with my flight details and reservation number.

It sometimes amazes me how much further advanced some services are in Thailand compared to the US. To me, it feels more secure not to use an on-line payment center or give out my credit card details over the phone. I can simply book a ticket, take a PayCode, and complete the transaction at a nice modern, shiny, K-Bank ATM machine.

Who knows, maybe soon I can select the perfect window seat at the ATM and the receipt will act as my boarding pass!

So another week, another travel nightmare.  This week I am in the DC area for a few days, than flying over to Ohio and then back home.  Staying in the DC/Northern Va area I made hotel reservations through our corporate Expedia account (which is now called Egencia BTW). Though it is fine for airline reservations, I regret it every time I make a hotel reservation on Expedia.  This time I reserved a room at the Virginian Suites. I had never heard of it, but it was only $158, which is really cheap for around here.  It had 3 stars and sounded good, so I booked it.

I arrived tonight and as I pulled up I have to say that I thought I made a good choice. It is a converted apartment building and every room is actually a studio type of apartment. It has free parking and is located near where I have meetings in Arlington. I gave my name at the desk and they had my reservation, looking good!  I was given keys to room 707 and headed on up.  I got to room 707 and tried to open the door.  No luck, the keys didn???t work. After a moment or two of trying to make the keys work, the door opens and the guy who is staying in the room wants to know what I am doing trying to get in. Well I was reminded of an old Robert Schimmel comedy routine and ran away from there as fast as I could. 

I went back down to the desk and told them what happened.  The woman at the desk apologized, she meant to write room 700, not 707.  While I am waiting for her to correct this and issue new keys, I am looking at the schedule of events at the hotel today.  That is when I notice that one of the main events of the day was a someone???s funeral!  Thats right, it seems the hotel is used for funerals in the area.  That just freaked me out.  Now I am getting Six Feet Under deja vu here.  I don???t know, call me squeamish, but I just don???t feel good about staying at a hotel that doubles as a funeral home. To top it off, the Internet access here sucks. It is so slow that I am watching the paint dry.  Maybe I should go down and catch a funeral or two while I wait for a page to load.  In any event, I think this will be the last time I stay here.  I just can???t wait for what the rest of this week brings!

So another week, another travel nightmare.  This week I am in the DC area for a few days, than flying over to Ohio and then back home.  Staying in the DC/Northern Va area I made hotel reservations through our corporate Expedia account (which is now called Egencia BTW). Though it is fine for airline reservations, I regret it every time I make a hotel reservation on Expedia.  This time I reserved a room at the Virginian Suites. I had never heard of it, but it was only $158, which is really cheap for around here.  It had 3 stars and sounded good, so I booked it.

I arrived tonight and as I pulled up I have to say that I thought I made a good choice. It is a converted apartment building and every room is actually a studio type of apartment. It has free parking and is located near where I have meetings in Arlington. I gave my name at the desk and they had my reservation, looking good!  I was given keys to room 707 and headed on up.  I got to room 707 and tried to open the door.  No luck, the keys didn’t work. After a moment or two of trying to make the keys work, the door opens and the guy who is staying in the room wants to know what I am doing trying to get in. Well I was reminded of an old Robert Schimmel comedy routine and ran away from there as fast as I could. 

I went back down to the desk and told them what happened.  The woman at the desk apologized, she meant to write room 700, not 707.  While I am waiting for her to correct this and issue new keys, I am looking at the schedule of events at the hotel today.  That is when I notice that one of the main events of the day was a someone’s funeral!  Thats right, it seems the hotel is used for funerals in the area.  That just freaked me out.  Now I am getting Six Feet Under deja vu here.  I don’t know, call me squeamish, but I just don’t feel good about staying at a hotel that doubles as a funeral home. To top it off, the Internet access here sucks. It is so slow that I am watching the paint dry.  Maybe I should go down and catch a funeral or two while I wait for a page to load.  In any event, I think this will be the last time I stay here.  I just can’t wait for what the rest of this week brings!

• Conduct regular security assessments of Web-based applications. The universities first need to determine how many Web-based applications they have and then make provisions to regularly update their lists of applications.  They then need to develop and implement procedures for regularly conducting security reviews of their critical Web-based applications.

• Develop a university-wide policy and associated procedures for updating Web servers, which are computers that host Web-based applications. Software vulnerabilities are constantly being discovered and publicized, and the universities need to develop or enhance: (1) procedures for identifying vulnerabilities relevant to their Web servers, (2) a timeline for reacting to notifications of newly discovered Web server vulnerabilities, and (3) a process for determining whether to apply a software update, establish another control to address the Web server vulnerability, or accept the risk of not updating the software.
• Ensure that security is built into the process for developing Web-based applications. According to ASU, UA, and NAU officials, none of them have university-wide security standards for developing applications. According to an IT best practice, building security into the development process is more cost-effective and secure than applying it afterwards.
• Provide training to application developers so that they are aware of common Web-based application vulnerabilities and methodologies that can be used to avoid them. None of the universities have a training program that is mandatory for all users and geared toward an individual's role within the university.